From 2b660e363f849776bb9838aa39677cbe1b189e74 Mon Sep 17 00:00:00 2001 From: Harald Pehl Date: Wed, 18 Dec 2024 10:52:39 +0100 Subject: [PATCH 1/8] HAL on OpenShift --- ...12-18-Management-Console-on-OpenShift.adoc | 77 ++++++++++++++++++ .../img/news/hal/add-management-interface.png | Bin 0 -> 73274 bytes 2 files changed, 77 insertions(+) create mode 100644 _posts/2024-12-18-Management-Console-on-OpenShift.adoc create mode 100644 assets/img/news/hal/add-management-interface.png diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc new file mode 100644 index 00000000..b71b4cad --- /dev/null +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -0,0 +1,77 @@ +--- +layout: post +title: "Using the management console on OpenShift" +date: 2024-12-18 +tags: hal management console openshift +author: hpehl +description: How to use the management console for WildFly instances running on OpenShift. +--- + +In this blog post I'd like to show how you can use the management console (aka https://hal.github.io[HAL]) for WildFly instances running on OpenShift. + +== Prerequisites + +The console is an integral part of WildFly and is activated by default when running on-premise. For instances running on OpenShift, the console is not available by default, though. To use the console on OpenShift, you need a WildFly image that meets the following requirements: + +* Management user: + + The management console is protected by default and requires a management user added with the `add-user.sh` script. +* Public route to the management interface: + + The management interface has to be publicly available from the outside. +* Allowed origin: + + The console uses the https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API[fetch API] to talk to the management interface of a running WildFly instance. In an OpenShift environment, the origins of the public route and the management interface itself are different. That's why we need to tell WildFly that it is ok to make requests to the management interface from another origin (see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS[CORS policies] for more details). + +You can build such an image on your own based on the official WildFly images available at https://quay.io/repository/wildfly/wildfly[quay.io/wildfly/wildfly] (see "Extending the image"). Another way is to use the pre-built images from https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly]. These images are mainly meant for HAL development and testing, but already meet these requirements, which makes them suitable for our use case. In particular the images add a management user `admin:admin` and have a list of preconfigured allowed origins. + +To add the allowed origin for the public route, we make use of the https://jmesnil.net/weblog/2024/12/11/a-kubectl-plugin-for-wildfly-jboss-cli/[`jboss-cli`] `kubectl` plugin. This plugin makes it straightforward to connect to a WildFly instance running on OpenShift and execute CLI commands. Please visit https://jmesnil.net/weblog/2024/12/11/a-kubectl-plugin-for-wildfly-jboss-cli/ to find out how to install and use the plugin. + +== Instructions + +The steps below assume you have access to an OpenShift cluster and installed `kubectl` and the `jboss-cli` plugin. + +. Create application ++ +[source,shell] +---- +oc new-app quay.io/halconsole/wildfly +oc create route edge --service wildfly --port 9990 +---- + +. Add allowed origin ++ +Use `oc get pods` to find the name of the pod to connect to and `oc get routes` to get the hostname of the public route to the management interface. ++ +[source,shell] +---- +kubectl jboss-cli -p +---- ++ +Login using `admin:admin` and execute these CLI commands: ++ +[source,shell] +---- +/core-service=management/management-interface=http-interface:list-add(name=allowed-origins,value=https://) +reload +exit +---- + +. Open the management console at `+https://+` and login using `admin:admin`. + +''' + +NOTE: As an alternative to adding the allowed origin, you can also use of the latest online version of the management console available at https://hal.github.io/console. + +Background: The management console is a single-page application (https://en.wikipedia.org/wiki/Single-page_application[SPA]) without any server side dependencies. As such it can run on its own and connect to an arbitrary management interface. The online version of the console makes use of this fact. See https://hal.github.io/documentation/get-started/#standalone-mode for more details. + +. Create the application as above and find the hostname of the public route using `oc get routes`. +. Open https://hal.github.io/console +. Add a management interface to the public route: ++ +Give an arbitrary name, select *https* as scheme, enter the hostname of the public route _without_ https and port *80*: ++ +image::hal/add-management-interface.png[Add management interface] +. Click *Add* and then *Connect* +. Login using `admin:admin` + +== Outlook + +We're currently working on the https://github.com/hal/foundation[next-gen management console]. This version will also support a dedicated variant for OpenShift that will integrate with the OpenShift management console. For more information you can watch the https://www.youtube.com/watch?v=Karu90yDIhs&t=571s[talk] on the next-gen management console from the last https://www.wildfly.org/conference/[WildFly mini conference], get the https://www.wildfly.org/assets/data/conference/202411_wmc_nextgen_console.pdf[slides] or reach out to us in the HAL Zulip https://wildfly.zulipchat.com/#narrow/channel/174373-hal[channel]. diff --git a/assets/img/news/hal/add-management-interface.png b/assets/img/news/hal/add-management-interface.png new file mode 100644 index 0000000000000000000000000000000000000000..3415679a65275150e18bcd2e5912dde69b3c7a18 GIT binary patch literal 73274 zcmeFZXIPWV7B)-~Q4rBBh=7!>0@4)?NC}`QNbkJ_qz3{BgdU0rsHiAaLYH2Hl+Xi+ zih%Tl-jtruA+!K_AI{nPoV~YxzrX8!uk(kCWSE&}t(j-mTK9bq&$Tp^80gsOC@3fx zlpo&Lp`bWXN(b%?0j7S_%rvR7X7{Pa}0TDQj1lh?R}&BU=$4m>bYeK_MgO z<7Q>;Wb4WO$kyJ`1$QYD{``Q zGCoqk05DrmD{dc{vx|q65BSQz#+3qoKmJTWN3Q&Lh=^oE$In3yo|7s4LC zE}m9C!Y&?HkB9j8824>Gtlb^mJRMzKxR1xQdgKcC1YfxVv~&M4xUG-le@A!m_``g_ z5u(Q}qBliui2m!(k3UH%xH`MK>jDn31z)-O->d3zq5mMc{gkn4L7gzf-f`GLkCMz`cM4!Q_tgpjL&O@33AmT!TxAM zPev%axU-SLhNA2_c?!xC|NP!*T5L|&KvxbLQs><>imN$^5cg{c$(QeVboBX9Lj9xxu#k?Jw3z z_+BuDLF9E_vFE?=jRoa?6ZHS9qhhdZsfn8QTkW3~L_VE(T8p}n7$>Rp@)x7tp@dpi zR$sZ=^0Qy$3Fp&K8W8xMUNik{zQYG9Y!mdu1EnwLe{w;{2+JC%bc^xy&)wuHLWJmg zp5BPezL)yXt#dq%`w3u~TAFEpHUsDg*deHzeb?ew9d&5(LgLy#-v4FCQ$R=hY9I3z<|yF$Dg_dm$f4i99z~Wp(yfZHmWsynVvW{;P2pfi0ls zZ6)xljwerGpO%`R+<5z3=-^c`C4xipLz%UN5U! zPf?w!kfj`F%u!4Hk)x45&e{?m5Ptz;(BtyIL(uDu&@u|?6_yt&oJVXep@o41LWywD9?o_BG z?P#61Yt=Wgj_M1VGQIGXF-dz)u7CJ-gTA7gVu0&tjdo|BfSSMDd(qVS`)lcy>SV{+ zz*3|xdLmiU!?~h2!nJ`IU$^#=p0I4c+OXp_>RhhguqbY|y)?YiqreF7&(*9_4y?xN zsMeHsNeSAsah-FZ3rP#yZ{zUnxhq*$I}@#HhO%gI&%tfbvR;N`wOxLEdQLp6+dr3R z&-uiVX!Gvx#~{;12W`qC5zZyg)$O4A@5#S3w856g8xwT$2d31y4W%n1ZHZC-UP@C_pjH?<8TPWVe z&D6+v%zg6-1Sw&KR#W{~){~Y-t5Bn!{py7^doQZ83F5*&w(LSov1r>%SN{HJGjtVs z6a)R5aw$oqseXFV`YG|rfK5x44laH5Ti~pDr*NaMnX_DAr5-F5oveAl`e%(!tGEGk z@9{EfBlX02zO;b8SC?*nTy+m+5dW%1L1#mk%9U}H-6C^v9tEXSPGzC+-G!O?o>Xy+-tKY!(l(PQ_LrlyL2}`8> z1-8zLrunp>6<|AGSVa(VhTfAwWW?B*vU=JU8s#!x`?=$ql4p@9X7|1Se2RBKf1NC1 zzdFvqq)pCfu5dPXESytAe^k|XZ@rakoKCQ4DmLNhki^GQ+&*ug>igvoc;J$%;;PBO zx+TldiL%{|4$-=u$)L%_JD9yW_T0JfNTIT4gh5o=q^8NOZ{4yaA(z^GiCZhRgpwmz zBw84z=?XJ@^qgl56-X4ERE9U4=}ysd#Z)$G%Q=K`SL1JoZ#p>;vV2|Q;(cN>Wx7Qf8kX0xYuaS-h7(ek=f!`1xD};O24@A z3!78*Y`ke#TGYs(|7yd0D;!oJS|waH)|ZyqhRENx@{#MgIT1)&UVkKDh-+8LIeme* zntU)Xr_oX9Jp10g7aNQ4>&jne$jQ0OTs0&s+3?jXQFiI`Sx!| zM@Z4B>#6;ZkmqFAKV6V?@w=lxKRW=4vcqS1k(R5vjk{zQ?&@`Bat0kdPMV4E9)~9c z1q)}BFN1ee-P`$P-E7%?@%gz23vZP;7pX7MK|#0qo2*8AACo7^hiOUP6TTke?BZNY z!{xdCrrmTr;HMB^jCHU6_`?p!(GLyTJ)2xhjdxoVfxwn*joC^su~aHkt7u}77@OK2 zb(QmOqNM%QG5SzpBOQ4c*q5n{?L*ry7`%sV6Yd0O(~{^#s+;m#4sIByL8W9HPNffh zK-J<4R)8~bC#1(sn$57r+_U$A#%uQt6Gl)D`!4ur4K69XjTvV{7J9 z38Ak0MVnJ)9U_~9wX&vt+aEpjI=4Pj#JhM&k;56eTne%5E|oX~jA+A+Q?ft=NnRF^ zuO507S#$OEohy8ewX0@uoW7*1SS828Cn`6!xFHg~YYD4mXl|8nKy;nAb$mPYd7 z>QQpVBAw6CdQ{Lib_z(~-t72kzT_$DXXvvEe~Z28H8e+t;OrU?9UC&E+<{xyZ+`C# z)I)ACLm%C79xC-~7Bn?v-1jRLjn#{sTgZ&+@^xTHX#DX)aHESpLC{u)^}g@)D+zal z{+3zaCjVdaXk!Pw30GL&10X!38`t zDN%AqyU80>zT$eF=nRF3eWb1UtKa{Y4fKpr3111$<`uJ&m+!2=E-7_xGv$?Ljey#Y z>~Cu}hg3|(L)r4$)c6;HxSCh>Zo8O`ISly}XPW=?G&KHF4)E-<2MbB`{90DZ&GnBQ zBZbk=lByOn4DOxqy>A)S5N(SkdqoO&B({#(s=Fi7Ms3x$J)be&X;PIyluh)-fiP)M8h-sp*Ij>_}Iw4*IP(n3US_|AmC>*SdDx2mqUjYmY3WXA^O z-|`^`jgX7IPuC{NN8YdBf_8Kn*uf_XSkrlMH-->9(SHmMaIhTTu}f#9WUq$@v-V8@eQ~k$qqZ z4iRC>cW*gy^74V~&+O!4iiP-%vOKP+K?NKc_X-lTk0Ogs=R8Tl+pD%Fh{CGBhfnBG ziY@OnQ8N}*EdVd;>{+P=ZV0^^$V0DAPz^8Gw$THuht|ElKG6G|=LM`6Pg-EfG1;Mv zvO`e#^(3VrdVl4^MG)+dI@lB&@B@cWpo*J&|}KvEYe zoiGrZPD2^pp}%3wnD_lL|5|!iaU8b3jmmVtNTZn^c>aKvCmiIQ}c5IfzjJ~Fy;M{mO5h>bVtO5y30oOx9NS0Z2T^1?{3eZ!fI zXuURKx=D^zx;9BaSnPH`DE}Z#G`H0M*{m+dzTl)?MuOzERT^U{O`*v%e=W+=;dC~b zlkv!{ry!-RH#reP^slc?Ud}lx(i7x$X3H}HS*bX==dxY4>dbNTEljcQXOh?MjJy%2 zLoZ;4>8XA#Y)t*Ik{>Ii!kA$d$mFBCog0gWfwSxc* z;WBs}Y7J%=H}|{o7c2RDq~kQwIUz7lqSRRBJu*FQEg*6t`f3`TYV7oY8lAa39aCdhczg$)Iq0 z)kYpxDM@Xc;K}X8*MF;qZ|BI*Q5*Rwn7rG%QDCAJ7L6PWWAtpR`T$>@XqdqJo%)u* ztB#DlRcMH^kW5<+h3;GnwG~H=Wk5Ba-er``o6{W9uGlDQ(l%*?d_USsFT%VB3V<3n z_s`R9fteKKL^6us z2F>_A>sZS{X`5R~% zl5(v~DB9-|+?U!mKM!bD>FP zz_Q1yKWF&pBd;Se#|{Lgx+or{yC&c~VowmadFO1B-IdpZV8T}kj=63yc;k1Eu)3PB zq{9sRKbBtDaT~9AOi+`BSzsI)Iz#ta``D+WQx->$Y%7#5e@A`DIopPTFKOaU29%DU+xk#H3_+D|kjMeaKrA$i z7r`@ZalRgxZugk(u-($X%IMdhPJ{AXg8r62VlTi>bEzLXvhXe%5tn~D2l;e+q4z5B z4O}Evr%)I^OUGviifYR#XXdoXEV`K5IC2+5QSsy(-MR42XIz21R^;%n0jy3-9_bl_ z3MN__qFxU%lG>u7T0!0ea^umeB8eB8`bs=rrMMKY!k97~64^KkuW z*%L1@VYMP_BTMAp?LY4`JvA!^ko1_)eZ}1>0?{j9h)91plDNeYWc!kJL-3TL?VQB;RAB8k=x`soOY&SP2k~v4G_b> z%^U2TQ7_L*$E<|nV=XH6nAdcAHh_|HOFhn3(&pp^* zes#k(G3t2r4vD*r@4qLJuu%p>2?iKqfn-C5uaVcV?KG`d+%!<6Bq6~K9NLWIbaedr zLD@iBKadi*zqr0Z=XE)7_xt+1+qL0j(d0p+Y2!9)^3kCOm60Fy0#II@<3dxJ8K1Vy z22q{~{VJeDZ@CNv-LZ8`VGwXPbDP&lT!r3_WK^$wlKI zeV94xT>4z@Hc&LsU&5ZL9m^ufBijB^BFFQ-X`_grD2Q9qRZ(B0;{kc-Tu8i;AOBX$ z)KEvA7sQ|{`$^zN&YXlo#95+xkMp6;rVNOr{YnrwcPc60F(3(se#~O#7Q!y$Q(9~> zpv5?3MMtvitA@S_Q$8GcO1QSk*46Ka7gY6K9WJ-8W(~Sr@HWG@ZWZG%quKf8W9(Sq zMtMBLrZXYDpDmg;g+Ai4`!g6i>wAj#L}K|E03ysQDys9~ZVL%Dx@7>BbB_cUeJ)QF zXwSGKyfweuvEy1UkDOD3%H}(v)e0Ej@dvW1XhQ{RIR4@d{WrIYS9ywAakw_+Vl2W-7mj726E5(otrg}Q7=54}aj%**>JXfq3?vn= zE?IOoM~A%lGU8f2?!I}$`pe5?iERFEXjcsoAogC5;(kZ(%lPdt=6dX_>2_AmBu#t_ zP)ij1yt9+(I9?0i3@XS^$i^o79?T`V1~h8X;jdAr8H?#yc%C&1(xTJgA2JhKEY869 zYs@Dg-SGA8EJH%*;_z>xJAPlQL}~DF&He`U*8T>6@4q?+gM0Hxi>K*M zcXvL;yK6==K0W`}`aI8=^3Vr$R8UU*G;x2-uSs>_lYsr8U$t%zDw}84)OE6B=OiZQ zPOAIn+ERJKs*oiUDy=_!* z95gB}hN(ymbNC^dSXk*?GpK+$EEq7%;2qc-=szM})I9vhmKLJ7DLZWy-~83IpYEw^ zAT|{!kEi`uwHT6nU(yCol`jJkO)^8M6RTIJK z_qEYhOC1AbYcm!AOqy(a8vy{5lKs2?fIWea!iE6f(ji=D@OBe4VASG`Ek3&^tez?} z3|NohTJE7P1jw(xSxyFJ>ZH_lBw~msX=;0W7k5n3egbm%7KxiGa)Bp4DR+SY&nr-ky|O{S-)&nW&hGqCZ? z_~a=B{cZ2P{%bb%=L>sfeD5$a0kaVi2bhgtHuxt$|8!;Uyx7~Axo#v zHMLtLzPb9>UHAue6e16-LvZu;zd<1XHb#CMaI!5*?d$npHF5(sG+F+Fo|5PG2V7KU z$UAfDZ)N|#C*(fI9n5Tb{!RABy7fDJU4Uj75}|JQ^znt775H9~F=F-9-@y$iC&Die5F^djx zTrPt->g-jk7*Z`7W@~e~}0xUeY z7A!>4W3C$D@kS79&9p8XGi@$yJPDqHMWs(n9kb&K8U)e*QM}wPkhh~U>IUy5lK@^R zl5@#x6gCLuY6{x~GS=!OSIqEneSf0#MXIn6cgQhc-FPr7%4rSs@Z^y4yiT_X5GJ*W zx9n?)gOEw#ik^Ek34@_;pV$-@mAxkO$O8L5Bp$cm!AA0>Hq{BvTAjKb{_w zoKM!h(L$%e@%Ynu;`aHH(H@F;&WFG<1f)fMW`T??H|$IR?)O?Dpc=gZcEhOo;N}I& z6DFy_N3LmrIUV~YYs2X_5JJpv~K?%hS8 z05IbO%3URd@f0>yzAWD?Un!5Pm1(NP3n15z^q1A+D;uI@_rHpwcqgv?nbM_a)7yvy z>z~b&x~l)`EU`E9YynZLC`SojRAb+rTH-p1$!9ErN^R{tH3j*5rR(GbD&_!43^42JztwrKuGl+{16M2AF1}0}JW1FCLq} z0@QP!5Ck!fFi@OiYV-C%0QsTgp5}@sq1_9>J2q2B3fmsOi%kOvq;ALRh4+zC!z|KY zpw&j4*qvuj_@rc0L>v5w8?6cPw4j^Xos_KahCe;OfMCrxiz8Qf^l#fLq;v~V8*i;n zP6FzfVLMxBo?TttN^PP4_ON}*6Li5_oRRVlHBZgOx&hpnQm2!R>tJo1l2}mf&H`sv zV11E6Li_r1)ub034#)61=5u^X@Zh+%X_Y3}z%{Zjj`i|9%b%Y~qG2)XvD?dd>G^8D z4uWUvTfd%IX3_}_bI8htM01b6WWD-F=9?vEAl=zpfM0{>fzf76| zKWrU&w<9AhKKuA!cU^-t2!8ZEjHSzQU&Pv&Pd9(3yu!nHN0=k2B$OvpqcLVS&%^TD zyPHR~edNmQv9uQ{rtxH(8Ye&g9R(0eAaLLv+HD1un6Dz!H>-`jDK~JHNiwd2!rt)6 zH9(_5I#?jzA<3z_UnUstUP9g2Ttik%67LL>>m!3} z=eEd!n7QcLfCRdo<~x7BjFwcwQo-<~L*%xNQ#3|d;9#L~KSHs~?%H>8Y0d(L1#_?A&vKuJ?;|KL-*HP1a$o~N zV_n79su~Z4kEo3E=z=8o`i{1oK1g-T?u>a%&uPaq!n*|6!3)=7FyAZy{vNYva7Pm& zgVXF`b1FKo(IxHDT0onBOpRkuSLx|SR7U2G8Sy~iP#ewi$*Xs201z|&RJ*IDE;ZSJ z2x|Hu!7AzEil!|fS;)nj8WK|A1I81im$$msn$Md;6mU)2z62|w#DdxP%XoFoV--ss zz>~$)t*h%Dt&)$ry)8Mr^e#xjyMh3j(>^Ubkt3Ve%SvbYll5y!-qz1^gzpBtbVFf| zz)8G4A9P1pb^4gyW3=SIuD$HpAzZcV-V>VH=Y(pQ^Mo1st$${LVI|mgf*^QN-b5e} zNla=cfCEMXQtI%RjXSU6q7vGjw-$QEN4=990p-}2w0_0*hO>QWtA2qRu8~?c{N+C4 z+cUf+n0@?Ft&W?q@@B*t)*r3RLJv=B%((3Q045qJ26PaC#v~jA z!Laz=h7QiJMB|-zn_be~ZF_(m&EpteY#_|7wJ`3uPO7csnvvExu}nKM9BEWyVzG`N zm{PlEC%Tu+20HF~O(ML>AF1gNMgrl1`Q$q^l}Bq4a-Tw2lTc)mXOIg0rFcJ=Vf06L z!}Q!((sv-#ou4FErT}ZuLLL@}Ym@-+{q~26o_51qdeYcH=d#7w14!=bSpY+D&}d9O z2B3c+3dsC$h-H4?M!WZ_Bx$L9{8%Nm8I*pcS!rXN-#u$Vi)M(+Z|5mq)oBo#0pc?H zfqBhj_7CR&Li)cQ?_1l}_o8)(v~cto@Jqq7?WA}YRp9>eD18;g;t)>8 zXk!@5^5_#oLP=eToU3Qo*N2Q`s75aBRE5OaVzc_Zrb!Jx}3}g&QMf2V1kK%wq*OhNM{9q}>d_E2u zn|E2yMW8SN5;#no)eo)6k58e>@e4Mn$>-uo(H&9zptlIua;TdfV}wZ;fO7m3yMC8k ztk>_`%cRua77smSe@0d$(OakEd0r)G@T2Kq1X938{u`5Tg(zV?`wFFLTRN3)`3zZOz zXCEyBXG}3F!!eEBU9R7Y7?j#Yy{x&TJUYm1X!hM{VzHIAb5QaR{$e5 zOS`V*d^|@eLq`pl07}5RZnAKDTt%?hCaJ(M=0>XakB2q0B_`!kT+1?8Mj@}sUb1RD zn~ufa3b=qFw+XUquCya-E~j$1Pb?oNt^PK91SulD4}4Re<^N=bVLvd-AGRxQBCNaU z%|9ypAN3CR#b<$_;z-Q1`|D5U)Y}!d!m365hVmjY*K>{@=;J)ZYJk*uA6_wGn_zCh z0v>DK%*1cNd#MxCxNv6Ab4S10CBf$AA28;K^V?rSEWWJb0C}`0vVgyS-h40Wv|gXr zc2CCK_eJ1rQ6y*SkG<@dOdW=L>_QVtOl}2{NbwoxZ9s+>Ij_VxCAn!+7|?drZ(2u2 z(?#2|wL21;H*@C;J&$5^D;wBmR_HtpFMi4BeFQ1lcmEs+QWOb=%q$7g1>np9QQ_mG z%%*$w7VbgXuuvZhro6mJ3x7^ju5~@2@Az=P-bxX9H1nkWPrQ@8K>N^ryaMxe#lByMuJ)Qfgq3k!G?lRbeub+7#-Yh{N6p-QsMIPD zbMQX>VV9Vc;gZZi4QtNzI~Tap(ByeJa*f8kn`HhNA-x9;gnY%ytN887pr9b3TKlk_ z;k-6&bEbox&5wjTbZmQ$+OP7Gg%-yuJd|4QhMt`LHi(%i^3`50PWE-=`bfA^K*Xbj zO*M8V+#pgXX9uIdWRBbqWE~fb$u|QsfV>Z@zO_oD>kldi+{;k@xt)AhTME2NQiO}x3)tWsNQ5ukG z=~(Y`$9!%!wr-`>KqEu7e%&D}V>Wx4rFLiND043LyUX;tJBs=+2)Yx%(Bkoc9k(Nq zav@$|PsElWcK=UAO-+9N%IA`iFK>%pzP!(vgh`A-?q4InpHhR05IfSKj874`yzUHu zGVKyYK^AeE3X;m|`>}e`4;yzQlq+kNSkwrvSCdhXXO$aM=Lz&zY65uDa4&BT2iODf z>T?NZ#D|xyw%n#Xp!27l>c4gdf(B9FW(S6zb3Qb$hAb;IZkcqR!97#qJ)|mTv$RUg zKbbtiY1;<}U=hyi*HW%Q9I#*40-jsd`=Pgh!HjCThy_q8Fs9Y(C)hjmQl5T^uyK`KtvQ6t~ z;3^od0I}<-SCqylLfsdtWA!dPMBuL*tBV)2^Wv&?$_SeCP$q{LEWOpN_z4pYoz05U zf%izN!ixz!<1HTp-`y^8*QVRF?2!0`;a~B!^035()Aa+I*TP-vYBSJ^J#_!#5jowz zMiQD^>(WBFZ~KTm2*n&Re$Z>Hu_cU@CX+IX`;A&u+8eYi3bZZaCj5mUKtQbhqCaY? ztj-LqazB>r;FBW0RTqm^{tq&$#_d5VWUB^w*MC%$Y12{9z`W9ScUv{3w}t?&En^oNc)1C@aW~ipm(Gw zjMgaiW|nfy593#hzpdJ=JnLfjU+eaE7SLtArprHD`}v~jHN(v`Vh?UinNsnPzchn4 z-H(*cIpMjiSSid#G~xGLvf7Ji?srRB^E;iun2^6sSX8Y!`|&VhdUk@5c;y67inSx+ zL|8LjokX5vPBfL?cDxb-%{wU7jf>T6dt$<7=wZu~GVj+T49b@*B{nmcSP#bJ@Q_CO zZr9DhOY*r=b#(Z*)gO1$CmHgRgLHLo*G=Y2re&`koar`Ag0v%KZ&wn(X{WVtF**nC zhS#kfnE)#@iY*-@Syj7Ozcef#i))0&8dk1?=i*nTe1HP#@Cp=K%)-y4g4-3*cOZRJ z`1h+9GQjtyMz-{0*8^4IvxF9bnt1AyVpc_0na1l6kI{flucR0N&j@!F2f+L zSBXWT!xf0@6j?|9AFT(HYJ~FTk}7OknM9J%X6_~!+TI?yn%A7XI2H|TY*!;l?XCz7 zt1x5RY)iM5Fnv#%AM3p;CuNUXepHc0_Kl44kak0|@uc%Ayi) zdW(n-qnimZ%%G+**O>ds)(8Vv9RUpmieDYkm z%qQ`AVCckxLF>_!a17lc#PGT( z?m9|k6&#NOPD4^xCerkC^dUKGR^U)X-ImQR z#XV>k4+P9rV)|;`y^2em@U<#PI;V6$2xHr_I2-7jfI{Y9|7xcU`G`ATw2=;o68O_< zigh(QtDtpx)Fj|?!FZUfjUI(^D_`zfbN>eW*$!|*@rA95^i-I{aBOc*g4h`@#Z6%p z3lo#7-}hi1cxti4%>rt-21ytoGcPw*m(`p30z-!LNZ6^)R#I99VHSzkgMz z9pH$M5o)7~?hZRAr8Q_Gu~z7bk-REtfnZxuv7Um`d@{&iS4*|>F1)*p!oWycyarX# z{kiMA`>HWRrRxj-)GkR@Ma2A`|BEM)bkKZiSm7dYVIgT2`w6yis74Zs-=JylA1Is| zqpQ+gskvM-dTDw#-v5Kl?TUJVh8-h}K+V}AHC0K&3WTZ`&1jiFGaH9- zD$x0+0H0VUGPN9%IOPRSy#KsFN#hRVE|`U)AAI(q?E;qP^N3Jk_v zf53c51Awf0;XNdysoq?6sY#{Ht63RA+9qxixl3}uR$AFpFZ5IMkKBu>jX+$g;;k&^L3F3Als=LCEKK@RI_v%ETGVZL-h0hfu=dBjs(8Sw3*}e?_X$<$}**qlG|n z*&>73ZHD1An3=910xa*z>97s` z=D8pGACClF0FcSYPdCa4#<46>eEMUIrtEN*aY0Tbvd=jEYH`kMsin#(^UAY2i1Wtn zhUEm{_73`i3g@x7C~)`~WuTEJ9@pUq?tV=oSctlNEB;_`LME?DFAULqEdlnen~uWd zLOh^7?)$o7>ok=s`HkW8Z@}G*t^e;4G zEKSFd9jZ6Ogrlty8kqPYM*;6(N>by6^P;ju9RVuct^wo9l&94wJCNb%eyAeH(qWiA zsz1r$rFM)p_owYU(ZxIw^gE}n!3ZdBe2hXLP*Nk5E3@px63o345zf(8AaktT8{ECV z4`K6hPYm&&&?Cy~o?b&%w2j6M!>a(!_S*Y*Q&4w|Q;p-Gx%aC{mHeZ2rr=YgTAlun zz%{Qy@LCgfV84_&fh!-2IKFoFc+CMw-+c{ri|Ye|{5td%qLC*!0QFMf1w*sPVY*~9 zD;?SyWJ%U+fxgF0)xi)X)ku;w?h|O3Hf4pDPBtt==2jU+9I-8n&Cp6GSiiNvzXk+4 zGwHx0GO9PN4x4;)I1IkuiNTra4sIOZGoyax*y&&BD_5xKdwXWAz>{o1P*OKprVUf6 z!u1fbHj{n8HJ{i`a!QVby|2EXMFB({#9*Lv%hw+`hzL@Kli`3GrB^9!$zMrwGFy)T z2PFLN_-Wxu##?Aa_#Y%_Pwfe@!KYdvsUia<6Yack4G=QT894GWn^y2=g=e1;O?(=T zNSZL0a!*ade zM)5k)P4S=8Sw^aaZRn}944b>R@nD9dq-qRq34))R+~Ow0)@TK`r|i^C9(H-B7w4F< z4YJ>Wr{YGq*mL`$+FEWF9I^0TAS>;UFkIBC?bm13<~+Jk%`NORAL* zfjiZBQnOCaea88Lb?@q>@dDDrTo@R;zvCp2s-NCXqBzA!{}hbA^^3Id1IX$G5F?(%~x0#fJhHq^Rz0b zHI@wQh6aOKjQ}-1$4K;BpCu;+Xn!;aDy_;}M z(YTZ(nhm1f%yZFT^au)!tpndQW^LxlfE6p$_4sZ9;kYu9$$FNLpT$)K9U2(KeAUT;0)=(8l8R{$goqs}X$h8%$NegSW zBhg2Ee>`hCuyVd_FD}^>{mQM;D)6>T$578)q3?#VeG2nrIaVS`2refS`*HaxsZ#6h)$9!5qq3)#TDmF?Y4Y6%pZ)6>7SigSdYFu){NY;@YJ8%)`vQb|{-wN}7Pz%&y zc%|b|#ForAgmISs&#i(G@m^FFoX+mLRzF(|v^7sL4rv;8`2Cvj7JUiSaY3~d`g-Aa z)EKXB8|>n~85BbY%N&vcwP9~A($`uTmQ2$%7O|K%W^BS=7Wih1uKBGAZ=LJuLBy2@ zg3LZ{K1i9sUrM^dPf-|gl}K&PQE%wf2>jjVgZbxy4c#if`h?vIj=lVT62ETFu1A@P z`bqlPn~{UfGi@=5S9&Q*wGvry7s$dpllJ-?v?x4ipX>nKNZo9HL}Q@eag$XZS5si} zVE_ER%789e(vsdbbgWxP!tDE}9I2|AO!8>Z?swXtMioLr=|_b;2T)xQo=k<9Z#V3y zk!&x-Zi+285i>*g`}@4F(g;Q(MCr(`LR;o4lMI-{ZPVO9EONsiIQ_&J{!E!5mcRvT zOy$EuMoUnT_8aPdb7e<->9Vawis}0rDko9S$~dGh7p&lIcEay({-P<$dq7EV88_g9 zx=3?}_uu`*uBT&KWA!$LA}z6<*OOrO6A$EKlET)51aNc z>Q3GR&V8h=(k`CK)U{Z5(}0M`mUs!xn_Kcrr2Kn#?qGca&$oZ~uDBkO3ihu(hUZfN zzQP3{0**wNDXrT0w)@?6bc(`A-QN@;AV4 z-Op{!|JH&1O-fe@XyppG+hec(2g3O808kYmCst?Xqy6&?{mZ=AV^P?MpziBmh|u!* z0gVz!Kl$>RKk2RiPN{V)UW5M6z@L`le=GREE&9KA@V^Je@o)b>95NM7rz5udyFJDR zb?s}F`|b9Ywio&)h)W~QoujXJO;xYUZTv#edHX(hIc1R~ybHWFi5hQg4Io%>NPO-@ za;TruA^DC}SH>^Ri9-VKRxJyF%}2$X)qbg4hAMK$P!_FEcDl_^kl&J4ck_KSn0x%J zmTbu0TVYFpyea9{8KVtBI59@RC>9%w>1q`Wpqwzg_f(!XPxtOIMKaihd z>YDFzq&aP+lkP+&kO_mG#ktHPpZ_C0_>0TsRhhoNIsw`|pX^N@${U`Ncq~%eJvhNp zW(=vC`)#vsg8m!3=HS;)ZE`h(vU?MU#OK{(-f~^;x9mC}w{UXIe^E=G(-;q2OtvjQ z`2IQpvv%muVDurv6yrTFWFJ@m3mtIhl{bkL@%y!O0NgZ+--Yehl%nIF=;3?J`4QCCYNT{YPHe({4h zZ%t7BMwqF~+pZEL3c|WKpCk^6Z(Iw|KW)j}d71vF!=8ew*o^xE!qWVpr&S|FAREV$ zHn|Lz@B!T_fWdpdR*hYCMO>f-F7L-9raDpMvV)k#FNj;_F$YqGN_Pc;n^fY;e~HEa z8D1EYK1^+7&3iPJdNd_1I{X1)>aDUR-Yo86zKWO@oE+5u>b!Y-IU>!ju7BmIse52c z_dNzx!N3FCY!D4xn?CqOpy%#!r$K^)ZJPzpyEKk`EYa*SCKXO&qHIaR*tT)RCpMR@ z(}e0tSiO!}B?p3u>mzwa=*sL6i_?aY;Fy@0NKr z_S(EPQ1E#yuI2;ea6wV2lY@CH36!)W9PiY=@sn*mVl>DG#v;R3_2;t&59`BLW0w=$ z`!ipU#?^L7M-i}AoN^ORM`r^a$Okf{1lujiv2ZlP4XbIO%L{UpS$Tc)u~z5yxOemG zl^^5r9+B`>hZwrE5pqY*U3q=)Vc#O^fOj-v~t^|DWx;$`2%{?+l`s#ohFIcJwgYV|LYW_>1hJqt)nqpU8gP7|J0jK-afk4v%6 zW}7qi7)_M#2>P+$_TrBUbI_|~Sr2sGV$Ern18=#Sa_RHW2#Qhrv2>* zh?J}0q&~ub29@I3L4RQkuKB8)(q%N~l{Bazo0%7;Fp4~n8!LlFY|_6XU!n=aI-|6Z z2h*Z^>LQu7+ClZMMT{1U3}G!h7QfSB4nLCgv7gq131pJ${6;VPZ=$2tdoy?dx>4|h zxeldv)U9kDZWuhE+3eb#r`1ruMrLkc)&_m3IP;hM`_G5Xdk|vBXxTZK0b?3UoTk>$ z&9v-1Na-uz+Me%sKfqmE-OckIXX`bkZ^?pP_sPzJCB*2dLf7u!_vrDON@PV8k|~uLS39y_ zW|%U8^_ebDtMfQ19AgjT{pnNy?#-BTgH5ncTd|p{{*YVBb(b%IUYS-ws;~`(@xA-1 zqEk{zhnB*XZhTdG-Fs$rdB)~qj_mOj%kD8qJhMt$V4m}^L@W6>OTuqNT;+-m{m_h0 z_5Kg@>2*!sPB%eO0DT`4ha^yCWIvvwCx`}sag2=ctc zHpM`nc7IhACUxa5(W@bVvPl0TfsM#dY~{}raut5EMB*k?YG$i{P&v#&L%vFT>rg5ayn9}vL_Z(FeMxz$^L`-=Y9Uh zDr9412=p<;xoqjlxMRFs3(=!M zsGb`iknos?3!Iy2uM@lV*U0z>4|ws4mY;sQq7*j`L}LUEsV5TBIJqSFU-HG@cyIU2 zWH1^%92=4n2o74zZKraGj|xBA_-w-RooEC3vnT>0{2NX8!=KKAVEJOY+x`@)rR<88 z@o3Y^T!~arU02F&Jb34ey{^YM+M=G8L%U*&;{e=OW}-w8a5NpU)6K!nV;Hm#wGaKj zk&!pWZ!`AWcWt|hsJSS)iUr8{ZD#bn;PE<@Hg@t?8zP?j&2x(Q^w*b5pPKr(sK0-% z8|bb;-hNH$U(g(TY23KATG1&$Ut^6n=_5OuDQ^N{1Sh335{|}U9jC8bqMcD)fmQYs zn;HHy#jfsU=~E*fTpC_gjdyO^`|)#i)p!@NlZfPr+jn4JoF%s6y;B;_uLm=*2;1Hg z`bB`Kco<^0O5K62{U#k%=duDA46DB9o zsZN}y|HZwe|HIx}hefr0@x!Dj2&j}uDkZJL&}kvv%>dHfAzdme5{iJ7poHYmHM9jt z=g=X|P?9n*@Y}<^D)(N0@89q9zTf9O`V0(n=A3=@UTf{OKA+E`rT`jZ@)GjAVktDv z4IB=)`{MfZRYRA(b5n67J0p{qk2a{w?R&qhl=(Y)PJRiC-F_@NVwhOP)J=pFmMPF( z_o}qhOs`mm%@c9nwo;yfdOq>|(n{dK_nKH}r7b~4YeMbI+`Z1do!agjM3vmy2F=L~ z_#asn6K9V~gM;0g9BR`?Y%+{&(lQ)gJ^jOcB0gP8E#zc8_AZQP34=UTpz9b(QFe`! z5aIF9HLh#puD)mKY0y{dlyPpf_;j2fWi z{R--+%Q-FEUR$TW7^;TnI+)vWrqK2N!OCzEou$6<$?tG)9=7#Fj*KB3M-9PHSe$rm zk8O83bYkzV4I_ItJ2WMWef$(KgOn@dMNeI|P^*;7qvHfHIis}om&s{*+JuAuWI!Gp z{h$Hns3ELaieMbg5QO0;iQk}@6RXt994Fq3=su_GywiU#4;xR893(NWkca&th&;_7 z36c?W&b)BM=QP1fJNjACNQT<@7bkK!KWRUu7C~*hLH&9}mTTKSqW@xR{(Y@HQp9-! z{->M{{_t?V-~-BDO<*(qf30QLFnF(Qhc9sYpUnT`TfD&om|4^Kw|7q5@Xz$j0C+FA zECriZ^1mmIat5gsYF@_TUj&Qa!APkGcrPD)cJjx6$1CVL$XR`Tfc--J4|$|A@Se?z zC00}9&tds}QZoaP^Z7#bWcd%{oDT)>*-GLH`TzH%jME^mbHh-|>}Tch#En|5fcNzF zsT;ok!QoO<0bbg7oGU(m7;RhdUjJ|>R>aRL?TM2%SAu8$oa)@r-zblt(FJBy^{T;p z|9gc0KYfJ5WgdUem{bouR)yD-5(n$I1c7?xu<+Fgyx;RA$buZ`UWOni>g$o9g3CAe zLDK&0%=M%rXPt?XL{U}T+$#A%^zm%gP;9U<%m)%;nj@?< zClWZR5Tcr$VcU4CDX_XBDUWDH!Rl5?!vW~qNZa1b@T1)BTQh|xCbX4C5F9S@zCMo` zM@N_a%tjDqajHOqc2-8JJyw43!faCQekWT~H3=~ys`0`Obz_#9SC5HWfl_677;Xj zu-Y%Sx=iu=iT!$&dK;KNmYYQv|8&w#KxMX}_uTmt2O8WXcHV`zI)73(HrW}Y03nQo zd#vd7qYHlzOHeFk6lY&i2;WI%#jiU$^zp<9tI>{tith?}vz$B-vW4$YGaM~gCWERY zU=K&V)`DQ;D*(9x(_NtVTBR(B?&Gdm{~+=DU7%dOKiXiVyiEOtS4WcYD&Syw0Fj%w ziP!E2V`e6@J1z8>J+yvrIu?kSuwhhO_96j=OH&t{EB+0TCse`)1!IX}0cz3|-wj#M zZ%^62q}a~@&@pqM`NiM0G_9-PswpT%LZ3?w;PX^3-|z&yK{N5hnS#go7)@WE+AXzR zAcs3EF4s>E_)S zk?2g+ErX^Ax@pb#$|wwskEuq~KNr4%PDf@tnHj0tIwN1$$(1r8>l+}`LaXvu(3paAwgDU34^D)QDsZ)py`M4x#9ncUEba77M9_aLOQP>7t4j#01#mF`Xg%e|u);5)^vjxIGeGlnyZxfJ&V76% z&QBXr0!jSVYNO~g z%>Xe6kIF~iZc_k1jQfFmucDxE@>&Z&P$&u@W_ho@p{vNd2BcQ{G~J=>?8dLp8d}3~ zLVwZgu!08I!CY~V6_p8>V#W6u_p;o@5J4FN4!Q}>!Kzn9jL0&R+9H4qFnTlP=s834 zM|aJ%nP#R)H=yiH$X1P^;s{do9$*xMfcj3kp*qL5pBrFM{Rmx}j+B&Gy*Dn9?%rR} z2?U$(M}K>pa3@bSkOKxxTZiA&;oe^g^%w0JdEZq9uPlas}C}3rf z`g$M-+IOonT)DZ~Pm9_Pa8-2OB-%U7wdj1aLjFK4upAHvCAtzQ$%`#QXdG*tZPw-X z)e6gW)S6aB>cE0*++H0UA*ks);EjJJGpo7T_9Yeokuj zRwA>oQP8RW<(@>M-UJ5gy78>c`!}o;F^DWbVjlOUWCcALuYk!Qf`gCc?FfC!e$OZy zw+xnARc9bfw;cpDoTC%8CjshUhg!v0)v=cI6?q_P#W4Vht4nCH0)QFL++z5-r$}fQ zD4}kul1HF+TA=N750czB5gjWlkI_OFoqo>uZP>WH4Ooe9xYhS3R1@A$<^`)_gm8U; z2$f$$|3J|cSZ>QCfDD&3{1B9F3sUSAS?!0^LJ7Mt8oAC+Ed%OZyAR2foD%JdpDJ#A z1bnL&f~SxP8BK1cOmAbD2LQOz{G%lJ^ZgzgqU@H7&#wIv&I82I zkzrA0Om$N)CootX5Zug_oMf@tAV>}f`;*j$ka3MHv%4}8cXJ~=N>cpD?2 zsf1q367C06_7ZOnV{EWCdVkk5V6W9^l+JT>Dn#!)PIog#_0@kXh@HqVyDBx`MrWn*^XoRun0PRm;Y)ot!lfcM|4$xUI0 zoYBaSR(pwR?=gC+;OJ)3ORSC+KH8`oriX9a!58w+u(7GHp0Rk1a14-rH_ zzc3DjvnLj7=5)!fh9lpKomI$w8lMosZY}AJn<$c}-7~TZYV|7!<(U*#3Y8S=SPl7t zSLAg;P9GkgsawmO@g}sxXc9XBOB8OoSTjI_Ca=*b)bO*{RqK*#<;>K7{sj2=IDk92%- zhf>x-WV>WQ{qQ4Jbc8e_FJjFxU_UV>1->!*6dv)4oL`Gz1u)j-mPCL!dHO_Vta9!h zVNchyKSL&v`%($Kqyy2(q6HK>%?3d6`sfBhl%xl~K#_3>X3xcn=rTz9*XRS4^Kbn` z_VSQ>FQu9Ln~T%+u2I$$TigjlV$&801C~m8SbN466 z+4jVgD+wtkE3-x8U*#94t(g7b{vi}ycsDYZ*tT{MKBW@GjlXuUohg;|VeE&7cR-7+ zG@@H`nui;s`EDKUcjT~yD=#~rgWuj4nfTJ?+G6|bmUO`__H4@7jta9)Vf=`f(mLEJ zXG`_!AjH&s?S=k<`hvW~$k$EKtDy%%XwHyb03>OKi{d1@4pK-SyED=3aoYRQrv7^_qa->Wx!qRXV^6k~! zl!e6fjjo3A);-ZKktoXJ+j;N>X#cr!V<_T0ULA9-yCCj&%*`0cQ7crC*4jp9_z#x` z;1~9V#w1YW9OY?hLm}gj!)JW7RGaJ@xqO{7-6$ry7XbDoU#n#myoxF2>A%A+^HBKm^yzgDzzg!l$b`#${7LT z-{8&op-Pr;=k&#nYXT;8NvBzpWQ~$kRaw&oB}Rba=&xxM$7j? z51rzjm{{V(R#pV}YzYjz|4mN{j_#6zp{(D>>{zWEEVx!Jd%k!7%GhG!{nSe!M9X>G zEP%Oaysh;-Jx0O{S*QA&UofffLOhlSlNN1&fV@HMhf6#l1s!@{>K69-{&IHmHml`> zLi7h5ai5*%R4RORrNei>};twbh4K&?HG5#hek*NU^fG}=;-$h_(A07NO& z595f%h$z%Qu^F88alK#6%RiE7W4Nfyo`*Jf%uzUHZeN>8&ja*4zVqal>xu=P6gx|} z2exHo(j_#YorQrh5N_XbwC60v_X$bhb_JpE{+zOR*f9J1q;I0{%e@pK8dA5>4|LU5 zuKW1|<+(8oQ96|H)meJ6L5!$#`NfYG|uh4eQEby z2jBvqd+vWCQ~nW{fWtzV2X$?SP}Fi?A7^CJq)_4J;4AK{-) zr-4@2WWwlnC^ZVX8!%+*mRM8)?TW#n#0wQbP2R$hCo9204k$xpweAiytzSH$@R>yi zI@shS7th=~XY~Tde&moh!Z3?B8SJdaF^x!$Lyt&418uT??M|TM{ocDQ|J2!wlNchg zB$Q5-O}#R?RP15z2j>wbA?|$2h~RUCFk%LY(ONKt%JsxFu*^UZ|6G!!M=fmw&@6@mA250)a^%hUXOfJ8$| zQh(`MuaamxozHTS#Dj9sR$(tNwmfa_2}U%+=n%+kb6pf_9kL1{C49{87@H@MHmll8 zAtVCyH0)nk&|o@X)D0wlH3tsD9jHCW21tj%e8#;8?LL2q_?d$YV#Vy+ncJ2@re)(y zR%EW4?aQqA*uxE$TH+ND`FXM>IR#_3n#jKFX!Uk3A{F+*)OxcX5malO|Nh8?2zpk2 zr@Y*E6XJ&vDEBkYmQ4sghmmMO_GE+=c$v1pBh2rt$s|)br`GruBN9{3FQvFZ&R-lD zkORjOZ?5^U>$t_KICiz-JZ(C8UcaSLIK-|VPzfENTBoa zUS=qAxLBan9RO+VD?gHm{)iLK^2$i?%3)1Zdz<;DoaZMs2k805a(7t({Ifd>{|5+? z9fo9Xt{#t;UTwodcUos+|suk35tmDIJjOIkN2vp9x!M=~YqF5i0mgW-C1P=DXX@^Jz;_4Apm za)TcNb#f%YQju432wIEdM{gls%Qj_6_UpBIt6_DbK7RE!Y?(MJ@nmpPd$l{=RPRYk zaJAOc`q{hlcit75G>$_CAzyA6C7MLm8izea$p>@qT!idgMCV?8h9^%B5TI9|sNH7o zL4HqJE7?6;BHC$q-_y}E1%0-_)Z$INm&Kc1KECSRTFW=T6@;538c-dU#nB8^zf;yH zUPWnwypZlJGv6C;Xk~0g(B-}&-C2iAA52}Lrd#xj%KbIkV`2tXFf6R zfenw(EbK1(l9o1n^&~C~z+8J!-kB{VLYZ*tBg7W}3e$<(+2Bf@DA@M#s3Xubo~=GL zcwG088o&c-FAmhl6L=&n9RD+2IIRV!bpHR|RiGyr#hP3-!atOGey~Vk{qJMHCLCr+ z|2HK6S&08{8WM`}m?t>Lmg!Y#1Kb@c2R|VHC3yuFlO55km>6@>R_}QktlV)kyW>@& z@&pIg5W|^&E;8BlWa*&`@0~Q~eyvEtKv$DIR_@!+e?_fQTKLPM*%l(EU(Uu0*eB%a zmayjTGoG}Sa+;~{-re-xUF8N*Gx`3QC_@kzs)3`QFUkeuJm^mklB#e&QzEO`NL6FU z`8A+Y(q|SJLcxk&@?3i?aZk?}QYy56T$gKpCbdM6)iDyQee3brmah`cC+jb2R1ZL2 zw0+lZA3aiD*W)ERcJ3}-;ia4Le#fR|MnOtaX#0Im4##LH+KHI#^{-+C#=1Pm+uHZ= z^7p;oT+9K(UBw+Gs3dh_ z80^{)d?UIeT0v*4cZ&pksam4n@#ve~k&@(3yR{UW1?>=;dWcKnUF$@De9$>DOiDEP z1@1RI9w%6?GOa*((W%XoWmoN`U}-rRv>ewdQiJfeZm9>ni##XL1sfv%H9}Z8EKI2r z6)T==zT^oKg&S`>B#!NE@fG8vZ_y}eo8FRQvKzns9Js;s$r%5M@<=8Da$@enOL7V5 z<3TagY&ey@ER;}%zNWb4c773=>YedC&XO~wc&SdPx%0G{0q+A=THzF-6dY_A+iHRL z<(XyIsD1ly5~hdq-mQD+Q}dtpV&{=C_@%aH|D*Ehg<=CGvWBl2JYL7)0soUg{|9#^ zrB>YDy${>&oU^pAgKG#+D68<$6?=@%gtE<(A)>1YU7U<&4nLqD?Gx?B8H^dZ#PIIs zdyiGP&GxO0_G|VUGvVkE-);Y+0I$Gp;A#bKhua_fNkYAb^5+~2Av2T5KmPq+Y6nhf zLk=GW=W%(8JWR@+3VUj5SVGF~W@hV0-{sreLcP9264d-7+mCtcRIxh>vL5eDMc+sf zYjyE`+3|#&q$83%>Xojqnv|M_?RF8Hkzd7hoyF{hX$AC4*Vay2?7V}&Ygs|Ggc_dK z=T;kcE}N6xfYQ&IvgI_z&$aHfqz=IZeZPkjI{Dv$lp009+MCghosM?9o9^V~pB|Xr z_AMIcrVwG!&g?5*62B=)i4is8wc!E3cxe#RLU_s^V| zOrJ4@m5a9Frgu{V@hEu>xs=7XUkSe($k%VZA4;bsC8K>Y^oC=%nl-}3)b*MxC6|Dy zeUF&ulnGgbUa@b62EPrnB4-uLeD#+%-gCmb<#tuV&+p67^C%_?wCr9kI`-c`V}#Rq zKkT3OVg+3|r&DGV0}3-*m`-y*p;2jF-b;OPuqe&0xP`SCC@%svN18)<)WP1S`AqYR zyG0iLt+C4(Js3o8tmhs@`;Un<*TckwPn&%= z^Sq#Tif@=OSHWkk&+7g)SnEMa=aGz7fua2l{HV@{4M)eiyg<2bTbyK|z^E3;x*<%* z)?5vE|2o{!h8p*Fi8@BaQYxr@**fPkflzX`tl??$)CM5A$1XVP6vCxb$hguCdMj9O z3ZUjR^CtM`8>b%aUi(OmoQ)#}Fgp?0 zGJ#SZctGl#nF@5i%-^f9xg)7icEx^@Fmw%GCbsqUsBJ(~TK-K=S)-A14gpO~&rlt7 zq_v@LZ28I;YC^L#Qm*#2x;?S2$bhfNw24|nlJv3#>HTC!ZO@Ayhd z+V&zktmS$%rORhr-WKwvL;_CEOD$`W!?z+PY(=d1ZMRN$Rd&U zsZet9ziK7T)E-A8j0xz2e*+j+gvkmr^A5j<~Ch%vG*z*pys{)ejze= ziC;G8_&f}pRtxxb7np*hSpzKestH0bCvGiY29==~Tu``zp|`n4Wn!mf$^`@c&35l$ zL1@Z&twLRiW#lJ>=bTyB_^DvDdJ=7?j~>M zlQ}-g2fm=BCGgT?Wmv9$a!|j_PS-IGB~t8ZES4?9mx8>?D|Q5y$!zs_!`_}c#JSaoQxdpt&XWfp8}W2;=}zi1&QJ3*nF^590w zL9>4AB$cUs|19A%doY3+F_AE&ked;PzFv|7104mWB80v@NnOj@PEPCu!mOpNy|~q& z?`e8Yj+_I0F>}!Q5D0R{f}OgiA?Pkyverj|(eSGRjr5YFi&6CIHscp z4v{9)5Uhdw(Q7eHJV%f0hH^_>=`J97Q;jU#vepJytqs?MgC~sKtS`PQUPM`ZDCrPV zJViP@z|5^%tl>~Ot9-+L*sc1R?_NKD)#~HKk9)42BG6d;prL&R-$A_3%fT-^kH(bb zM#}AH3MwXSB6b^P=wl)!ym{*iib^LI4j=ZduW)Vlft~ca6QTf ze(=3q)a?E_ELY-73e`&+@*f4chF2~+4(_39Cn(csM#hdcNrJf9VyYE0`^mc&3 zM;Qh`W`u!j_^8)>vTS1(m62~Z-dBSWt6|U+(@^GuTG_R$rZ>#R;$Gl z4y*59qUf-RCoMz_{Kkl78(9-m%8TJE5%phJ0^qvC<phC|!$rc(vEz2?Vu zllEBhEh9x;e#{@PepqjR((N9{tYup_@XqrsWp@%}Oy|W`=DGAVbe-1eG2W)35@jzM!8WP;BMa zE4{~m)hsj!m*82s8Kx09Xq!N_0g9%HO`Gqy-z~#EdkyhgD+~lK(?NI)dVz8dqvS#{LLQhZ;^yfzC?dk1vqbV> ziZnBz091T#19b_BO`&%%(-7@TSR+6#x1H%lLJD!I_(n6+yC&P#=y22Grp)PF<#8hi z|7FOK=lYz>hW|+G<+w4LQ-v@gYX;paoABqphxP9o^X&Kg3t|l1Bo!=;q!<`zE4Q^= z1}_uHPEV@VA|@`HidZ4U7mJT}H?9h=zP{hXWHt6+KVPsVtJ|@;-soNu61RNN;PDYE zZc4h$p;xc`(zOOL!+nq=J%g(oQ2E1maqw-3Zh^D;v=e&a(^7wKhGWXO%R!NhY-=oc zuyC5RlX+a9Q# zRQ(2hH^dkId-Ex!ib+j8v-!q&e()MLG0G}+4(KonQZGygUh0B_9LhtrD>Q#bTHqJp};pmk}!Y$3k?i5&rhwU5bJlvEWKjaI zS1o>|5+)wI6V7YR1C^bXd&%ngr zJE>8bYfPksmZ5_bM(QJZkIpq<@~{CNw0~>Kud(BOwPd<{fxT!fTiuaGBX9FN#>d+e zZbaXlgihm~Yt9Vx$ngi=?4Fe?*^r4XnGx8RVftf|ZS4W+P0Q$Z9Z{o-kn+dHjhu;F z+$yX;wE(n6ex!zw$m!kD7gzzfrTcoN%G@h%V+=^1fm^?Ac?Z{-1|R#BD3?KHmr_E+e!wF{dcp9OCoKS zG7Vc|=Y5^K8N*1P9+64MIgJ;M=FuK_Hqyo?Gn`gq1&dy2=)9`fQa~1RYAY z6H631q|OmMX`%u-D}3QJvTujod{=#>2FiO8=|w)Lo;+SApB{})J)>4>uo*s+pCA3f z9Byx>>#k*CCg942SXt@1Y(@9_m3E;NLy7$uTys!$f3#{Mj6PAqq!O)M5xsjD_W(D$ zj`(|r&uVnN#xm{>%HDDTv)h2`lPWhs3%fFroS0R-9;1P|{-&HzhEVrkhfCq|iZ zCOhb@QwBd-wj+x|iQa2kV#-HPty#AeLtt-t_U*=Ns%+IQ^#meX;+>g`obelTPs=na zm7l@6{pgz2kv{CL?#!dJ!(P>N9isbZg%=;1D%L{<6!*JPo$|b`@$-igr_}=Nqp6Q~ zxqsysRHcj}G!btlkOPoT6a7d^ozGgPw7fXfgjUEj&_YzFv}6Y(s5@gJ%8!V*YE55A zb9W!gmnhark=B2J>7`?b32ItFP!i{{2_ki&xPH%+4uvaEhlDckc__@OG7j6w>R%bK zG$gI&TCn`;U|LbJ`P77ESazt?DmQyl8D^nhoowE<*VpJ!u$Yas9sa;T^(Ep~FK7b& zBBHHJV1e0ivuMQDHdowpLh;Kfw5j;!XubJ(&8O*zOU>{lIL++1=+Om1EM9c~`AwLU1Nd6E!e*=OtcI_?Lp z&sOJb19}(249PFxH1ny-5A}^WV?3*#;>Q#v69hDFLVXYw_`^p2Wqj`YR>^hOod6K( zG@^Cqc8Y`_Xv0i@D~<5{=>N62y;YV!Jewuz_h0IOPF|_X>o|GTyJU;n|YF>V9t>owaZ~O3Y3MFA_7#h{w z;$_4hJgc7RZ%w$45M8@Io$R4-FmC>pO!!c>fGt=X{?cKZ%Mn&z@tUdaC_wDy>m!lL z)90F>Hh_lCjHtWfejnf1J^=g64`zPq#^3I;-vG*s*U+H*_KUUpBZ;I6vf&|bfyW@$ z6=<6SwM#N_3q+yVk2~UHOb=n(e6pOMOuwd!Wx(_IIGxs|VW#K=t0Rsi{xzL9GqXAl zn?=YWFFHY@aZ0ODU=YPt{1f?QYx>m@$y?Un?wrbQGT-d}{xFj5Ytq^rtdn;T5v?pq z1$!5HvAmm7NBZlx&tZ3PHDvej7cYH!CLvdC)%|UI55F~fKv{jY>&0w~;SUxcCx7NY z{quS_aVt+gDs{pr_~_*T5hdGPnDHKdy|^;m6PXjrb?MWk-JNQSVPD={2{2CKu>|yT zTV$iaDGDQ>_r7dRgdIpLK~R0JRlmhQLwR?lhN0=ZoOhZ zl^&D|Dy8>;#znqU1*XNC5T=)4V#IjaomU=r&@6VNhZ@)_2TGWIVC*u72yAwf@pktC?cDy|Rqih;=1)2uH`)uI+`K^zxgOEu8T z^y1`L1>qeOE>D)(-(2C{bHuCXQZs~Qif$ioEl!=L-hxKe) zUfxd8Jn~&OYD^21Oo-^;zAkA`Nq;-qUSR6SH%SBbeFDcjb`!9CU!f_}z4f%nkLIBa zE>R0}0V>z8n74Jo=4zTj{1` z(_!?0sn-P=yHhC_Wz}#bWNC}2eNC8U&-`F^{$#QK^aV4^Wb~)=iR^AEgV@?^iCs}M(95f99S6+Ox`jyFuF3xEO|)b@JzC6h1};wxz=UR1#Fg(>8izQig$ocO zI?ZkdEY>X-x6TOG?}fJ|iz4va9O}_K3dL;?MsA8_J}1%)rhZ*7WUjON$*4Y9GT_eR z+di=EGu`MdqB@;Y``){A1dT>?<42RXHq&~Ck1`gE5U&S55kD_s?ylhu{-%}E_ zkMsf{W;0MwuaKS63DK6Jw+?6_@vnkeHm&Ta-buU<8fDIcZ9^P@?g>0Nn-i``(v;u< zKEle~>Xwq=#UE)$tNx%tf&5`$elIE_jljrIi(W#{cC&~(*-c!rWKm?moC>;5vp8C% z&QHTPR($81;%oT05{PL-@$)m)LM><@M4Ln|q*N&=WVHEwsxlt2*^sopD)G33ewEiJ z$U9!4!lt6nbHhEk^^2)vFx#f~L`N<*TF=tuS_J(R%0u+a8An>DF65)lK+J&*+{fAt zdR#-gkeE?G7_777{Goo#%h6?hsfQ@zij`N)+NPS~hWIN?Ye(c3)hKA=z&X+M;qbf^ zqYTdQGr5VYS?FmiNg+B>4}R{OOU0soGb;NvJz{#LR+sHZ${~VXaJ%Zu$c5`Rwp_Kc z6%J#1dgXT1<9UM2^>%jZPnuqZyHL2&m%G1;*ro;er~ExHFt&N@(89s3LfP#5j5gNjCH@YK&LSG2N`kvT3LZ1XC= zye!S2l_0@ZNr}Lx`{cRUBg~c9&g(5EB5u1wyZOVom$9Lrrx|o=A>(F)BIkRaqGxx+ zK2aILCO+{FdrwSzPl988*SpKsfFPw{lY&$GF?UgEo?l3;HrNXtq)&`&XdVI_vofiy z$EdRmz<|-}wG^rq$W_Epfma=W1`r|aOIrqy-+>z>F<0h^gnhfPwFQ3V_C zxQ^tHW}+|Pb;+Ky`6Gj~W%ivL53vl90n}>e#nuaVPjwK$2v!M3NiS{q8}H6;dc6;D z>xCLF9+qF57(uY1s1RJZ*)_KC}6 zqgR7Fruc!ii;bzFJlm8=ML7JcfQ!FXpt-}V^;syQyrHMu?6V<#{-jABK}4eWbd6%E z#b<1S)zDGWD$-Xweo|}LkFJ4T;X}R2i^nXd{6dQ8=M9Q3oLyAF%hNH>j_yhQyQ9tx`Q6F2~yx>WE?Qtu;Ev!A?8{e~HcSI(* z1#2-wcrAn_AcRhbea#=Y)%ldaNGul5*C?<>-|H+>ZujYISHsb%a%MTE!vu*D4*I8U zowGw`EC}_^R(%!hoi_3D^cz8aAV^v8Yj{KD(YDtJj*}>HZq)4B8kC(VaGp8WbSx(7gE0) z+J_wLa2*r;?M<=MhH`V`j+m#ZwqLMv}{pED6y)7&~eB0T=yLLPo_*w#x7NVc!fD=VHMkJ`x zd=+7*KCaTtK#j-X>E+tP&0?sE43PWUyU`xHQliiM;9GnyaO4Ljb7E9u&`L|#rY1yBG?#EGeE&fHCf<8qCV-tKz)awxJRF}vA!JJ_4MQ?ssn zdNgX9@PLRY<(P}4Q1w1YUJ=@-V=JZ zSiFyT`d#Lcb(XL)u_GBQ&Q6MkzW_YNY$~d%mu&~~UI5gYC9k^6$s+70{4ET`f&Oya zFGR$1{I;~9#%Z;&YR|ZvKb+btrOb}&xPSd86?A%G*B1T8zTR~nS-8P)vsJrgh!-=3 zrBsO)2(kp;lI-6(E!Uf^&SpJPSF53^8P5Q92zUlBr2W;@37m+$0RN(+%tou>S$v{VznVJQHRu9CW6N&{p&ySd@25W=K97% zMd;P!$PecmzJ`kIAB*5O-vjmBG->vI=^TbUk9#2dQ3nk@xkOLrQFX0#c|7rN8dw|h z80SGayP>VTc{0IfOaBZ-=C|T>}g4?Zg=NoKJo9`TR>!Qf8 z(Osp|IpB#YMrO{=U^Sm?;u(qmZsI+tR%m=bV+?u4zkgivZGIYvX6%=WO&*|IEG2fB zHES|EL0$`N!s%WcD1Qy(ujWFS0<%NO`WL|F)cHb&%51Gk z#$Mhos$AecQZ?`a45v(EgJoSN0pVA_X>1rmqoy!n|hSMkjJDX9~*Kr^}tEZ ze>soq0kmLs@6lTY#jIU2K05ve;J&#FKzWfFV@lnT11z&pEv;Do0={gd)g|QA2d`9| zBm$cTG$yi@!WSa#3*5(^m(ETm00!>m#)b>Eq`$AU7$DlpcS`+L%Phd#`slH5LK~1`kpz_!qV#3u`{;l9S}5*!rHBRew$lsM;Ea z>72vG&I`^uMS`i$OED(mgwqJdVt61&Y6s|9ulrhH=|hwm4B>52FM zLa;Lu;ZRUe;1v{4-lP0IcQZIsm3bF-m;M>U{C*$20=}RU<<~m@7TC}C5`UlVHz*$S zDoYbAnEcy$|1jKtpCn2dtiruM%ZY!S^zTJlhG7B3JfS$TPJXSO4Zyc{ zUZrY*la^g5`i=Yfwdw<Q1Rs=j&w$)z$+kP*Y^p z1yGQtm3QcVcZbU!%(0@<{#@;*o^k-W*3n}>;_?Vg% zINHxHS9#yJ-#ME>e?}6J$?aAEDZ8o1;0$1yhO<<6yal>Cp9W}vY6n+19;ir7Iz(kN zj{FL@PdtPf4e-#Eyjp&Cmpu6l7}bLw?Ds0Tn)zT%Ha5ORdjbpK6bt$+gPkjYBwt+_ zmqaZv?ExNJ`v%~?+=Y9tz43rj{%f?!BY@5OkWGZ4x(i4d_oU0Z06psj?p;tKyM(I) zh`^;a2OF&xV?e@KtN=UDYjf`D&St9LIsV%z7igqfSx;Opn23#-;?3)vNhypQ!7Ftg z!zB@FAm0TQoH#%)jgjjnDo%n$gbNN^r41Iral&Cru5nzt7e;nKJId!7RU*!w?mLGd z$@`^z%pCzWwdU3@f1XkM<6Br!sbQ`6=N?cqp_F%ZUqUW@`T^?k;r1B8XE3%S@B@S7 z_JOjrMNDCNXQarqNhje{iF)Y$kB>80WkX5mOsrD^4!ytwO|C?g`Ga3v8fgl~Co-|N zA1-|gzIoMgw9?s5Jgzp^)JmJ64rcqs{jjRs-Te@`bbF-#MG0rSrht8XqKFmI82l`c zBm%NhT!7r0hnE9>_5R>gRR?EW|GPV3CL>x}T3>n$=FwpP&!7*gFIq+X2!ALKhO=p> zkErc6pM;ZszCm@O1(+Y}$2<34^a6EC-nyS*~{Xd<;;%XdBdHlXMbVhurhwJqF1G zlAwNAjtm}|ScFU%e~Uy0N)*q(wrR-Ogv$ZDNf4DBTY+-?R2$X;aM zDKz~YoaZxW*wuL#VYvdDES?)_0#AfW-ZeP@)=8+HkUI|Km~F)owIwj#xADTR7J0N| zaQ85<(hLx70Muie3x~OC`&If!Iwcdp{M;6MSjs1EDyNd>-7L5q0bt`bWEVk?N>B55 zQvaMnJop?g@xsUWvd>pj10ab&8h^pae7isuAQsM}TjP+tBIUj)?fs`@Y|jqOZy#~w z2Q&`U-?axT{DL1v8IKR>2Dogo0lJtzvv)SxrQk6;w#mQkVFQ??-)>{9SPp(^_K%6f z9YIV!$AlGiZwP`gV1mh1Y@O$@&s?+Nfl*@`z`9_nzA#M3Q2>6@eSLI?3QDfDyEb8D z&|dSA;vYyuz*W(}V7W`bu?ygwW+t)@E9_; z4$+1euk6nQ9;F0#>`XJp(5fh2ii0}v4AhAHLR3medt4Vwe*r)0Zn zh=-x5+8Agwc3YHlAi@zNWLQegl6Q+nKD=5$rF*0K)?(S`>N|B`qo{C-=Ny&SqWE-kb zQ-tuUw^z{kd-c$igBiAL*{QVtZhRQY78GFva6f5@{kEuQoUkYP0RRmItOg=6*VI&7 zW^8AZIbjiqBhV#7dSSL*{c?!@mI_;aZJCyCnb8&Og|NG7p#h+~Y_{w-ks|}TvzWfR zMfT9-1dusBEZR0W13besmg*(nXhngi`MXV$hu6XA^o_c=VVVru>1zig#e}|pB7^3B z=_v;_Kb-{IdN3yHcC~$yg^PqRpE0%+-wPui7|HvLs-+v{YEhGLnL*h3cgSkk1mN}Z z!Jox@jLDmDX2?3NAhy*g5k$o0qb{vFu;CjL?mzkq{9_WB0gfRugP2}SD0T<%cOl>k zs354Z9tU6{83tRN4uCYk!(NXo!^IPs7%rs84ccm$AELHnyLJX>4UlXWk)gC!`WmO^TXm)C`0t4NxHWbL9BwY;#Y;>*B*XYqr`oKB zm0iH zG3zsPF2*QoY0Qx|Adw?c;f18tAAQSzo+R80V__2h6Nw1QY}fuI1{ z&OOz5?Rfk2JDgz@yV)!Yeq`Z2=SKmn`}P3j{UhRUAE9no_oO>{Z54z9#f8@ffVh^) zx9fz@deWByOK^h{6lcFY#O$yiUAg8oDJ6{F>g}cP0PR&-82q+W?Y#H{Ga@hF*4G@0 z+2(%e@ftv)7t$`m-w5okAqr9kWo$}gVh^p<&Fx9V+!j>WdFLJR2O|EtlPJ6lHYR^z zSyLJDx4w%bHkWsdp?=K^#dpFehcwec&0@;U?Mhhyt=}?Gloxd1Lfw12W4;ZjRu2=c zj7U+hr-1qgd&QVXVkOG>w6?{+3|s155OYB`3eN#6B%P|9B60sZ6_?IAB^fqK9)pX? z5Kxd$O)f}r{z9GkImRO)i!OWE7f9YP4rAx$GTp5fpFSY8n%~b3$yEoPMFuasL!8}h zR+sok`{QkOb#=KUwJo!OFwWEb`K9$f3g+-PBLZY#jWEeXl!kpQdefU7B3_WT*o{@F z=;{7VBH+-sT8P%M=riS%n0Us#HrG;(Y!JPpYGVP^JFjbFUaa0#{_xN%EZ2Ew;xVD%2T4KVBx{FNiPRX4x zr8($)P;S~P2u(6pKU7V0B#Sl;&|EjU&DB0@r$2UA+rvF`RiwasYvKG@8-P@e_Fpb* z{oF6?0~#Nj?mH#Zz-;^7$1CiHZp5b8*2DIrkatL7BA!qg;N`t0hYL8{&6hZuK!+51 z&Vt-&bA&vZ!R~30rj2XtzwTektC$GLT|I&&>qippN zUQ0QGh;o>>YkmblDCrdE@&NanD}iY~uHz4jgH%fFLU)sNETn^x>_H%Ufop{W8}P9| z9tGfvv?Bwv-{A9=ONf5#npU^juQ5evxFPG*($<8gzzUy$yOTWI=dtlz zIL_6!VDv}!!j!f`Y#IWwJEpry_0dtij9Ody)|gJ+m34U5tcyL#qKx40Ppq7)s$jyg z=zS*#JAeTqE211L6**DUND@?~@fNRM_W(bv{vy)o=DUFWZb6c}M<@z(?n|WmK)2sX z#1Cd)!1#gbVG=$F1f&>K+u?x6X<+&`a>S~{($7pGL>c^?WR;>NV%56?de?R3Xz2k9FIpy&9@VX7x}pVxs@jRF*sRKL|D z|Is=b!+HI@6P-RX4s;?cs!lbXHfB-1{!gvLi$TSp6S)%`9-x~)&y7*p>I0TWDdtGkPs zu2j=tY0~>vMy{#7wq-iNu*kRbWNW^G{s6(iNQ=|*(z(HYY8X-{7DVCz(5^O-mAx1# zc~}XhjffPUd+h|zJQEj_i)*AkWaoEh)6*Tk>K&3*ht2Q)8e*#jCcH?Lhd62^Q!#O{ z9QDI#X>uv543AP!h6|9R?$BHqvUzs- zYv=6plF(TH+lpK!6NJRO$lwvzPax!O{pxO5)gcLjNR*=6EaL4g0w0~JLCv_~uOLW( z^1+a!=Cd4NNg5-HDm%vdOnbc$VN3?|DV*)@4wXxu-@kn>f>s;UfuSDshEWlLXkm4* z$P~Ea_wC)3qaL{0X!vRX4CMrs!61Y|G*TVW>E2!`k`6)6~-{oyj zGUzJ23Eq+0SJTsO>(%s}+LRKxroVUbF)0I&o}sXlJ1Ni4wl!Z%*ZI#7fkDLzt?Yd%v z2jLrQw$-|-+pT=SbOX0B4yvgp*2FKa0UH0H0|=kvbS|BF#5=hZIMDySIF}jL5dcjl zK|mxC68COl1&yBm;ev*XbghB?y+c>Cdk7xb5xuXY7K45P`fZWi0KBLTHsBRfm)*Z9 z5pj9ay*QCY{gtawVZ>lZ)2|4fJ!$uTWLTvj4Gx`TL{zR{-fkiX-^r&%ZtS zc_$)`%4pf2%3%!n8~yjITVIllKsi3g$I22QL8j^%#c&Lz{!=`Fx2q0B>bYmkqNQww zu|(_&@UyTe5oI4e5N~_#SIcJz^;!jKCT)LF{X+(U1tSDzmXi?thw=W5kx&vshNqp7 zPx!e4CF4Rim|q6z;bkhP@NjD7-P5xL8$j7j5p^vs zN_kUpgRS&QG0bsql)g&YMY4-8=(yO-=&a0@u|@#4-RIHluY$0&-uB@&{gn$Zk}@~X z$kQv6191CjXTyJ#JJ^ZZl7#sVLf-gycI-AVJ=}v~?;I;qMnQrw>BP&vl@|F@W+&*K zQg86=Z28ds`4c6Z;$1kL6OaZ_um-nS%-RK50^JP%ATq4W2U6}mjw zcNQ9>#&}{F{`P_myubtg?_(!o0;&HE$;r_;UQ+)b7?P}Y*lqG-MafjN<76YyEr|iy zt(ZJ){1XzkAoCp)6N3R@Ee@C23Y6q~8Uk*fAT`agu_w;~GMP8?sUv4?LDdzCyL_zP%4myIKHCr4!WGA|QJ$I43M@W&BGJ z8)kEJ^SP$pD{7b$)=xX;!T}PxBHbzf%$@6!S&dc}X=tpUkAtY(_+5p)DjNi`9Uxbz z+Ve2Frr8*De930=QX$%?wEV)qkOzOCJM|FfQ6EY!@(q?28X3iX{M%pM1m~VAIDi{9m*uWq@IEe`o?Zak8H`7IXkISYQ7y+LKvnAfqdC zv*^-^lEcq0m+}XNy1(d#zdYQpEp(qMF#2?Fb$)j2`uS}bBgiNT+~CG^hv9#nIyT-C zhF=(=lK1$(=VXjx0JpK{Y+3O05>Eb&J7`8f?S1??^6&VXaHu&KGUKORPkaqs`I_m^=|c5n13E+C+Upr9y77zjwIlmbIobVv;iib#Vr z3=FBFAR*n|HFP&B(p@v8bm!1<_MngQ{Lc6Pe|KJ-&w1V;;mq9kzW2WNwb!-Qx&R8- zVqXB}#vJf;CAxY~2-K4lCa~sg0`5rpHwG|BcwJ$A4Lr|+ffgiuj*{o~X=9{wJ(wGQ zPIKj^i;FL|2px2Yh5vG^2 zDEeb-88t>QDf3Uj_g28L=#MQ> zm9HnGQf8F~tQDTnI4s`B2(+2J@vhs9!fm@BC*Sbm0Xfo#A?p2fj~akrT*gD#3|m77 z0Rc4;KzZvRe{BLy{%(`qk@N%qDm?eO9u~L&j1Ot>5L*K}B!hr7sS7GB>i`#O0@U)U zkm`dZegGzSWvLY>E`^@nBL97Ho6Ey$d*}r{A5Ge0B=Aa`1ZF&(wJcKCfjb$8OA@O& zra4@g0K9B=!U+P~^b>&Zg^C=hlkffbS@)hW2>>8(AQ~d>Z!na^K__5i6L@sEA5m2r zZ9g4$&kIx|6o9WMJ_qeEx4P>mJThg#72^k{c5j@K4^~PhdNipBps@{$BCyB8k93Kx#^Q_ZaM zGM=bE_p4;Ovw%Z+S>R_1bxFzv;0a0;z&W7r0VYhC7~u1%btYZFc)f{rjfLWgTss{d zKr{qFzWSOPIKN*c%v8>;I~!+wksBbKd`!sFJpgZ0wiyXM-e)_}Q~|`p$_35^8a9K^cx{)Bee?i8aw!XHqN3{oX3&VFA$2((vEdvQ5xVuA zjYdB#@zhr0A_N1WY0g9$a6)L#>5mDkRq1;%Emdf^lNFKKvW@^lmwGwFW09?k4@_QK z0_y<@d;9pfbi4dqtriK>JI_Cq~Qho&HYpcW=PVKZA?`Vp&L*+q%mI7R8S#4FJ?7qCtzZU); zfGGYM*YlC!&~Mu9aWdvv~wPV}$8# z3;HPvd?thn(V}~l%rQDj`-#{s-8cB~@-a~5ATwgp+ZXpLYRW?mila7 zL;xjuZ|kQ*QlXk#Sn$^?06&(5HAh}q$v{*QNR&3-iFnuD`3X1|f5=CEDK_e8z`N!N z6~d9r7U~8@MHv1o1$;rm2lg(8dz@WWo&{RzJuk=W-oKP9J4)pS7OQWmmpGcatmbCn1GR8xuu%Rex_ru&$__5(8?VG-Q<7$e~j{1XZH+e z8e_~Uggny)k8ZQGx{L_fxdlLft^9No#eg!6%_aAu4RnunQ&W>%Kqxyl7W{S(9%A!i z9ngLZTnD-|GoYEY@Tve1rvWuD!rV$BOQ5F8ubY<8ydmh@LEsGEBoym90pFA4|Sv+SCn{-fz??a zC^|M=mi*nj+jHAp~H2 z;8{$?Jg3B$fBj=()qUxGp*+`f8s=b@lk_9npBCh=V4NrgBJxZx-~tC)6ARi0uRm^F zl-DQ$fPJ_%CW>?P9do0MIXFykw8!1%&o42z+H8(wKoLFPT27xtg{U!ictJE1EVHB= zIRKPu1SM&9(Em1?MXgBENASq*5h#s3qrDsn%>Vd7pW+)|SI6shpU~oWU-)T4XAH~% zrq>>rpcAM)7H;_x?Ox0=3oLMD>3`t}V)>m?5nr0|pPfw5;;bHsDHm>yuCD*@4W3nU)*iG+aEUkH;$bRPM|*Jc1A zOT&ovY+Gj(Y&Op01L2#tNP|6SS5**3*Qumx)6swpip+*@fN!^B7?)9SSf2@)yTqjn+2t(-m@|a|8fT?eGw^q}l*2jfXNCxI9j}U<4 zdQ(B2O75%ov+z8yf2*)AfW-e9EmW<_u~eU#23t97!-tZq>2)4hqhi42FR4iT)jUn1 zG)ARex>B`Y=MtnLvLH%J-CInir116lDF5yF<5IxZm;#VHw{PscO<61O;AH^jq(zog z5j>}Z6oHgb45M--tZ<-8b4ebb7#_JttsbNP$r;CN_SQ>h@X&=^31)A-FVad>zy1nT z=`6yX*?b1K`3t2tiQnxdxIQDkr=+MT1}xT-K>2{{N;Oz@4?vwaziP`oIcs;3ioj^d z@BOLCLnoU7G6U65$|ox;mK?X>n+6az&1+b}BNb@*{vB8r&)>HF>0jyC_&@qufwV3Y zlf@I<3OhMx{2yN?G2K+NUpG?xh9FLFw{*-P8PBT|{WtgGcVb-%ToZ$sRo4FpazpyV z6I^@dJ^$0@AphK(P&VdhARg@azcTzh0A?{We|~+6KKUn)_hSazXsJK_36cE&xZ3}x zZZY-8A1b2I6T(wQW5kt4Tc?_zxD;dmkCWx$9y$O+s8x0S@wY|78CQP76GCm&it82S z)96yRM!DzFz0=RfMGNFR>lp$}r!9Ma59C-Bzyw#)1Ao~woqiR@pN#asm;E;+;9&m$ zl3613-j@D1KZl+b!;SN26MWAu4 z%nm#YoW&fnMY_cs-SU1z&@RUycpV^g#4(Lg?O3&)&HEp>g>y-O4i9%h_OMmfLVm$D zRS2_DXjMCP0iZUwAICK_m9+bx1?CR&(p_1vKuiP%1<3v8vMX9C=QV?7Kgs_5*5{HH zy`R?q!@N@#0R2la(9UW$*}A(wqm7bi1VmD z@tGw~$v+V>7gHeIqMXEZOme+M(V^9K;x87MQ~kr^yd<40Ha3hnFoc1!pRDArD?!S~ zUoQ*{J>yFnto&YH9ejQb0~S?9o{k##ely?1*NC~dtEk%O?JeFMoru5N>#DHJnP8Ga zQOudj^%7Z!RtK;YV_&p+H1Uq?f)n3>(G4_jhn3p44fUT2rcf>h{pbsyC^-q&pIr`< zAbaO-aGnc{chSVzf-!zumw)rm{i^{Bt%GbWaZF$YBd!*bc+_RuUCGA({t4YPIvDkA z0o;mHm+Q^RTVbvt9+Qi_P@=*=@nz6S3SD8D*=NdFF8_3R z4Xa{!=E>$zzk!3)fcd<|^q)6*g~>KQ7kn zMz2FVtg098Ftu3HINB3wR<-r2W1}-VfZO{IePYZD1XV3Ve~W(ykCOq9Cg{KqPPr_R zi@9>SE3ucwnfe8E|3Z?hFTmp$=)0?n0s6$%W6Ks&Wox(K|HHm(6dr&M{nH@o0BodF zP`Df=W*A+CV#_j8I_kFUU;p22zyANc?%(@i4IeQ6UC$P0B0a(8;M(RFPTkO02*^th z(q+Vdm6Cy<6UMxVL$9?-<>)kfUWgaN3JbV_sgnr-+ogibN?}{bENWWZ3FG#eyQ9Xm zdWKG93{t_@Mjfe2&h}AG;ldwB!GA%DLgwc~$AV}q&>1s%keCd|e0XHqZso!J!g}?# zU~29ITa>Qeqw$i2MBV1#PjuQjTOr-aVPiq2JA*S?qKc$fSxAiKH}tCZhCe;xUFq8E zQ%+zx5qw~dWS&|e>sjl+L4R^S6TR4>#78uD*0A^*$5!=&-R|~D8RrUNO6cvXyT(Ox z$z2upmMVF#KOGo*#Dv#eZkzio_V=;>!1O#Z_VWMj!2RrI&c12+k7x&?FBoSgU|rA* zEKiyW47yu8kMEg9^B;Yc7naCOXm#vPmYR(IVhcQsl7#7uCT=p_@c8s6+4=WGynTM4 zD&Q)^o^0NQ(Pz^Tr%JpvlBE? z^ql?z)dx;&G0p`^iR9UEMMcH&%qsH^Rb;M4D6d&JqUz{*XP-j$c)hOxw`;c6@p|Ih zwSJDOFKTA{5)Vg9%ys7a3cVzcVb4R8$pA{}uL*Gw2MK?jj<~Apwcn8t%qj$6p4)3w zlK*Ok>$-RTvy-J{iK{>zbW|9)@4VyP{W|eFf6Tm^Nj|yBlD&cv=_cXP@9tD&rSi;r zW>rSu(743Qr1%;ma7SYyOWeC}_jz?_RO2dMeH*c=smX|Q{#%Vx+%j>A*op#A34@cU zDE_RbfRsS>)nM@BwzUszqa91w2az;TjdkD1Ga0}bY^oXhV|(E^`S1nr;k8_u`NNd|ih5-BfPkvq4A)hBpKd8`!)#It67Sbp?% z)9mu10?^mqKp7tfye6~c(Z|P^Bk{+;7-k9UkH1o zcxKe()kYy48DJg6FZqIYX;ni_cTj|IhFzIX!@c3Gbq*F?RG;-{J@gusJFVw6M`o5& z!TmCIicouMeAK&*!l2RmspQpzKY6S!?NKn=`Y#rW=9GXOM6v8y+op!? zAQO=`u&)~)d+}W?p0((X^In=h!#Zfk)1irXLH+n)9LKFo|7?|j3k|pyQ`Ts?hnR?N zg=QIfD55fGE>QR>3N|``&Y_F2N zepCUxgrb$X(<6{=h2m@nTlMBmuy&>1c+*P+|6m|vcyDBMPlE3);@pTpsyl=`%4fR0 zg5d9=<_M${>&2!_*TBXkyN*pc_VKx99yf^Y8AdEd4Pkexd&m;l_6ctXd`R3)44Xen zy?K$nRj^Ea{vabklgHj@)o8TRBfLf-#fLf(N?I}BT^Mjm zgz{Vrk`l5USsq*8qc^Th*a&0mudw`LmfWC-+UooIne4H(`FYliVxEoODJ_yH<BsrTSgE!*USA`Bo0wjZ4}`92(6YzwYp2AN|Jr~>WA3ov z71NbpcgQ5{7b=q6taD9?;dQuKcCn1@5O-zKAqt(xsabAg651_syrLL(Z=4KMi2C$0 zC?rH;-)8A4?X4mEl$bE-DS3Cb@$WYAMHAcbQfuu$NRHhdFm>|@k{+I^_oU72kun}{}lWuXxGTQqMaY03tUculu#@uuCd?OU;)$y zkWQl-RDSGw!%PZv139GkgN#R<_KLEgz&oEA=WxH=-qK1lwAK!b_9Two_mQkn?FfIW;@Sj3uxef*!vvN{Pm$3qi* z0-3a&=s{KzQYh@PtmVYjdXN|$4_JIb`O<=lW%!40FTZ-UX}1AaPkZwhd9A`g4O!2b zPI`Q~T+D&f-q(+p(yhQ4(nK->)aGQ&VNq>8cPLlGnI z%nnqV*(p(Utt|*&Zd!XMB>5*({ntur!Y<;HWTGOMA4KO0AByqF#>~AI{gZ`>i?|e% z21{$m%V7fB>$8_ke7Y!jx~JwW+Bmg}WEdhu8&clT2LE9v31G&z)P{))GrsZI$b|rt z!U;;fGIf=cnDA|D8J3Hl%J&Wa@(0*nRRM>m_Ckq4OqPD>$~n!a`X4so13xv-+-6T2XR0|CyG*cL?xf4KrpFRg5CX!|W0@=Q7nodbY%A1-yy|8?8p} z>V=b_^oljbhr6Rg{&MVSal!lPWXavZj7$%1I$urRAtNsJ-D?-4c;vtA&f}t0qca>6 z8cJ_8eA`-BC=EQ2RN4L0E_YQObEbvf`*w2uFKV`2gG{eiJnqPO?O>n1Uf3XZRGL=& zYMb?&QRIV@^B34j=fIS>TgjX96-;FSi~*@(-kVlRpoXj{)=kttS8{f9NbjG0@2umM zv5Svmj6(7-)e8EX+BC#OG=z(T`6;Vjj-M2GzY*bXM)q5dYT}P$|4ny%&+b@8{a#tF za+f-^`p}(-9KrP1RZtJ}1Jw_4AgkQ%oZ3nWG-k{g#paexngD{#jc!n%1g+r1b0*$m z{aJ0Gk_fK%XVXLncm}R=;P~BPLMoAh7IBU%e!^*&)J=4byxfIY{8_s#WM;|H%04$F z=x;OSc#!GFQ%auPJ9(7L;WrKEPckPGbhffO^O|!H0W@(Jh28A4gdQ9CeEXk=3XW62 zDZ(0Uz6u6O$bev$eXcV$@GuFyy7kXL0 zdSD4gPwyNC_1EXE&A22e#?M{_SxM00GeO|CpJ)815p|#+_^?aq#-13;` zpQdWBc9q^VxeF=Kp(~1;={9i zF|#a*xrTi`No_muuiUXl%hkf!>v`kvcmBKNz;}*-OFH$0RqkIbzF+gVMhA1WfU-UN zbD0182LHY6B$Yk=<-Z|0JsPA!W5>m|wAwa`=#d5}<(walC|%&Y4hL_>XD~B2x@TXZ zmQ$W1UbFD2!W+=dT+ONYcygvLVOY>zuDDxrm&9G(ZN9smsJFg6%DXX|-xh5NN{5eh z+XqL{{2b*gm3?|ykep)`2NTfj?kt$5-oKH|Kauy>RMpo8e2s>3q*E*lX$#!k_)8Y=*XvJnEH3)93hdjZB?^Zc;>vff#jnNvg4IM zH2ZSFdh+eoNxH887V|VUYsr6Y;I68K82e;Xz*aE@{U{6fl%5O$j!c} z0b&ysmti0k*qt#_rp6h4vj#v|FW+CO9*qIqwryKrb!)QXXSWZMwjsdCm~T$Z`%)H+ z@m?63Yz!E7!NM5=+FrH(7BxQTexD3fG^*4Vd3UtpSxiaX!q#?qi+aw0Oaf}ORkLIO zKPQ+)Z5*~WJHD4$uOp%6V~mNMd2}_-=ksKn12GK$AE7nivsX6Bl1)1W=eFm%8;Gg6 zTTDvEKV*w+3iSlZ%gYCp1M1OUNYd3ug-MUf{tS%9@xsDI-I=^)Rf~WQmo9p zoduX5GIUd?_0L{Af&xS zYh>pmO84OTa)tbbA1ITxuFK0a{ep|xPH*$5cwi;va~^t6U0I$BHa>ZUNh*JYg01nh z;=^y42bV_|i(de=nR%`8%RnBq?Dyn?Ip_c>9kHKeod64P1Z8sp2N)^Fx3D|B*MHp_ zFxGZ7)qrEqHc9USqPi*qP~A}G4b*ULBOpgv2Ku#St1}siEjeV^#4Ps=x^5Q(>v-B0 z3A|UmgmRU%`{)HInXAOIW0Tg*Zn3~yhJ#u5Y=`aH;o51dt(Exd^BMg+NjxJlQ#20t z=_u!!>`t}TrkWGSnAkk9L*HF!#N@$PXXS2p0I&ClISC^;peb^$JUbCRZb^Y7(jX;? zu^~zC8KRdMbS;}JjF#daOx(ngFG-pI4r_@5N^#SStfHpoDQUi?$({@&Fs5y4?ZCsq zN?jZHc)p#NDggwBBHo>NFShlCs*R|X0;H1n9?KqN%(3 zdp>A7Jhjw)`N}52Bxq$jobA_Zv+>aR=)jJ)(k4_ApW4c=n*EgYR(n__X^Cd4m!VmsP&IL5wR#)MnNUn1R3v#iFjJR?2m95P#Irb)}v5UK-) z%k?>c`g=tS#Z*ql4tcpF<37;6rtgoFIL|i3bk+=g!&avB6+_I;Sw~=+e)_@_a|@8- zz<nq3ReVXbDn>r+nZ z_caiaoO*4MJ2`-s^L0+7QL-SjOcePI{~3n`bcHucVj^6sTGee{LOsDqxT?_+D zf;Yr10ahq)oeq@`I=0w|vrMg0V5hWFw?BvS4w67;!a?gE>guf|*b5S>ByXOP0rW}? z6&=ba?VVztw*d<`I$qwa?7q(T9exy=Q;`a)_99F{kbrG_9$;ljy%qe0)yPt!O<|W; zOLF^+smzx2L2H1BvtiP>T(3kSnwj$;ZJ6l#!+W`f72L^tFZkph1(Kj6iB@`*D425U zmMzO^>og|Qi{cYuY@6a%>vn}C!}%{GI_)_HLjBi`8}wD2ISS3<5@G$L#8L9-gtDa{ zJ8sR;Y>Q(%H1&4v;?QW`Bv%ii1Zo>;lb=eVG)MbRG}=S=BtQL5%D8g8NSUx0_{)wZ z0sD%&tTrQ2^i>a<@0dOTWdPnCxGUJ}o~3Dy0!`o7`;3HzN#O96aSz%yRPy~Of#cow zef)huj_fs9%u4X#y*n}kY#25-wD!6}hJw{huOW)B;XZZRh#1}Z1{#(MUU&a)Msz_=V)0lo3u(MXAAC8~3{dO5@$Bd#W$`Dsoq2dE1 zS;uHC$F*nWi7|K2Y@!j)!}yV}H^7)o7M>rLV2HMh?_Mx&OuWB1sg2nGfa-m+k{BTE ziKB>ov+ahA!S1#lGWXyq;AQDCt+O=Lv}O=Vl5yVaKAOOCy0NF|6XDa@&!*^eFAd_j zY#C$3W2e`UYBC6k+mou=+6LshUEcnq{l$D=zQvsSMOne#QD3d&y?&=7&~;`*O-?IFE5HVA9c6WaP+%7Lb);#Wf{g#4tP$$9|5x!gdseo{LpJ>mhuGm`vsA z1ES~tbP;hoq_Ri>K{s}6q4%|U^HWXx_HCTj0h0> zw;-D2LbB}?kev|!XkZJGLYLsrkD=t!R>-#BG?8D8lPv???4z*Hi_hmKMRTwF#knyO zNCx@$aLfP=@kV9q>v)9jyj`zH7f2`ILNA0%U(5Mc1G;!mvHX-g21yWVF6A||+1D~tLwzE!#}HL}>D8Hs z5LsEd${^EPF~V#FB4H*F`O_=Nq4A>&#ER|DqV<-VKLjCpZ!peU+NpeV(ArW z8r^w*{Y*!Fz8e(gqU4J)S-7+OERHS+7qNLJ)8$j;ox~b9n)M|v+Hz^uWCBel(sjU5 z9TbfH(BJc90W?w`!?_I;QW6qE%rd3vg=4?4*g=gRP5Tz>#Mu4(^w2J7@#0M?+!vWM zUexl&=^o~Xl2N?9_+14t>#BxwE;Vj^lnauTek>TC^mZ*D?phCy2+5!ceJ=vG%*eE3 z2^jI;5R-FUOt=q0S6k;o-uK8axaTp9oVhwuBdkpxckT8E!)MOzr((#iJ@PDhy0 z6yLy&?|JfEm>O4)05@k5Erafo6YxivD|X#&DMEgP&0Yt5e1U31XgmML=W-BC9Qj_* zNkHJ6$n0e%dR%vmYsS8P(9DlpzMC6c5|Ei54hcb<&&VFY?OSfo;)UK5b&Y#1M30j*WiQC2aU{@I;me1=&N4q> znTy9sQ~T5FX(UCMyC8<$}|pItLU_miW_+(2R;2X*`Aw zGacqLG3KfJyJ(V9ciZ8vDDxl7%c(0Gl=wMLZ})^vzcuwPli2dlk+&cX)E9)pH6ob6 z<97iLa0JKlueh6}nNAJ@lb^cYwayuDX(@dQ&_G2E83Xle2VV53~XBc84Nm zDnBj;-3Xft5|Z2HA0%HABLdRke&xu=-b6=gdz$DRbk^inUyaDcHcRD$Leaw~Um zBLg?XQ#D2M6LZ5iDO0f}8xx^vEc6cPsjd2sg>pE`yuM9wn))xPR~j!2;vv*Ds9diEGKU7G2iEU3#OTL&&Fnt6k>TMJ zQm1Up(kQIv295=}InBGKCc4DA#m1HQg-rDIjp7vI_P!ADuT;$xO2$?Q=4=Z?X3p0j zqj9?meUYDV?JmDXyzUy6I`k$AXvxA)f>{RnZw(ph*e>kqm3q`WMiJh2YUy>9xHqR-t(+4%s@E&?jYmL`z z!RTegTv>2e0tt5Y;SW-itb0Z0FY8t!d+P6ok$>!9b`gK6LBE}^oACs<3=>`awiiiRWwlch-23y7>d3h^selBO92igrg}J!C6(h+uINhNsV{T_q~e zxqL=3kGBAABGoJZV>#hoDkV)qO_H0k3H>n0)D+N3WpYANI`8RMhAoDBZpo(&jN38@ zf^tDTO?Iq)tCQku-3VDxRd{#N_t@OLrpbzpHX{zIred1)`U47PBM}%?p?#+f_lG0O zVsS(!eL$~b=*px(k?{<(65A3q(-@{W55z-Tl`lDueAg339>WUTsyy}j4b0Nd#KExA zXFg+laBBtzC1p);T~Ud9t=nBBuKd2AaZ6Fiftt%Pij}{uh+rx4m_A#U`%K#mOK7=e#r;J@>nXSs9usmQ!Md92%PpNw!}i2#7N^7{esuOoG%YwuW*Y@3fmOaGi4of9}(y zzQXGZyEf-T5qwWTsQGK^Mw0FoOBh13{zTdl%LfrT{#&Yb8p)+ zn_0w&tG%CL?XGh7f7Kt;MxRd9pH=B-FUJ zrMV_~(Zh#xB44`(S@@VNTt(lJV`qU3IjwnV85{N6sa?G;Yfpg7Ab$8$)3NJ;UftMG z=}h#3JHKvp6K(QFV?q`$%N8o4!do3KHxUPNh(6I!ZMO*JgwhI>Y3ROeH+K zVqLu2S5v1)XmN`mQR%L>dFL~VLVKTARLmxqH5negQ7FlZv`4?r_hr;yWI?m#ok?#? z5sJgzX?j#modBJ;B4G^8a-HN#mVeM8@1vIHOrr4J=e7f`Z0(Ce`2{#=m9r$!6T3|i zJ8u^GoitxNrc!g@%R=sn%kCL$19EMmOwK+6`x6Ces;7$^(OzAcKaAtuM5BIGr9iUB zSD&+yEIB$l&*sz{do)+FbBaamjF})wb%zpB#aQzuiz#wGgj)FdP||>gLTKCM(G(ks zZj5)Nss_4TY8454#8jy0k<{}ZrfRTw3s==Rk`5hi&`xjcMfr}ONRvs+1YOm&RV0^` zg)CFjD`NVnhlRp4Y0YqB{IQr0-G1x!YR}F_rk&7oe3L`qqm$LGOk!U)N zMP#Gp>}7f?`NdBR(W0hX%^0JXT6BACI)FBM6e9JaZg@QCxEG{&;V~IXV{@hSDBoD zRZ&`^kjaj1ZlKN}{s|=PstPFj>F*!(pA3Mgw+oHx635nj=Nj-JYp|Cm@i^Q#g~SmD@@^sjBsV}xDu_a3I10E05U45QSex>)&v2nKr-R<#vD zVwNL}kzjc$P0vUjjq2L>3oQy=={O-v9ocVU-Fu4av~%3JEmEzzjNImzk`guF7mqqQ zjL4A3LP>Ic>oLXet;aL&qArUv$hkjP6ITP$#+sSKfV%!@|&P2Xr~S=#DOX zXLN?vBV1l9O^BpXR50Jhp7J_u95nZeS*(suag9NvD}cbK)8P6&RyE%nmE5VCM!}o7 z1pwe_ni0d|hVM$+z|ay6$}4deu+RZ6@u>OUR2lfZynrCgM0_IHpvG)UxRzzVDRRC+ zGmOQ?G>jIUWCcP~Mp!|s&A8$Y7+Um&#w?cLB7LG|nqDw0VNS%Fg`K#Brs`E%(Mz^( z*$AO}YTKc4hv^}!ZYcrAlLL{>>-mho#llTg_(OJ zmTwfY;)eEGHfeG!wiMRsfWWPFr&n2do-2v{2*`MCoI)&y0`)4Nr&}_ms?DyrHW^l? z)>Ra6AspWWJ3Si$io*jRzU9#Vgf48=EE|@by6@dxl^NBzltY@+56(G|U3nO&coN;u z^*nWi;G^xIki^0PCBuA#V+F}TlBLFz80P?3ibW4P!1E#M;`UKUh*5C%U ziNss&^Toc5l))mRP8sX}`ibn&y>y968jXy{dr`b*LY^bbPK-|Oz?lc8lw{S|*A8x;5f*!DF`q3SJf4|9I#=&#x;+*t_Z z^~F|7m&c_o|z(Jh)H14k0^D&?QeR>lR$+=}m#HF@?T%CRubeh&1GXbVx0G25O@0+;C1ZDL45C8Rj@mjdl1W z`sl@b=(&9PnZREdHj(Q{r9*?xvmjUrHcir5i2qD?{i{-8-^tP@6*h*^KAqIa1;xFq zxETcKhfFiP1e^ofLrK>WM$7{WpIidm%=&I20*ylQW$3e-N}U`Ueh40@*3t+*6@VZ{_kVuS^x+h;ts@L{xH43QRVl;pql`f@?hi) zqrj=#`h7QkHUNk*K-^gWLm2&gDX-PRrF^G4^X(4>>F?9+!i?Aw*VA7n|9^iEzH|Ky zE~Uv1CwAw5j2IG(SW@MOAHSL8r~ikaIi{dtc82`KwB+yQW4;r`SP1<0@cuO$z_S1E z;r*ja`n$OPTY3MjyuUFF^WA@8^S?dsUmMMTVe`MRc`Cp7FJbvF+x(L(|9>Le+>~^{ zYy4LV-t$}=s2~bUNuk1Y&#-|EWkJ@oM27e4w>ILN9i97$l;7^SC=x5S{Z((e2vJ;O z+!WH(*Pyt2N#$9rl@DBMIV)Y))##ien(Peg!E@TZs*ww) zjx~OlupH=K*t}^89S4H-dCX3+z3nIKSi^nHJkAd5 zQrim=G1i2^EC{FR5^QXyi&yz$efefA9ZGbzk@2%|Ij_tIcuK5+rFf@KI!t8eXq&iX zR`2RwerjWQGu9;w>9p>Y@;pDVb*oxJL0(oOj0Y{^bq|%>GpM(w1nyHMd$X^uC;09bnQcF_ ziy3faB?mYCILzo&KH~Qn%Yo6%(9qLTkA!iJ;0@^y7nfz%An$am{GNu?Nv00NI&8qi@YY&VG zt+8RGB=T|imM9N{HUjW|9f#W6uDHxuZA+TDORUYUmeF_if^Hc`=c%iZDEd{HXJs1U z^JkUvREryJe?kQ5Ym^LC7%AQX?@YkVaKhI7m6+2VVsFXPR6PzoQV)1?_AYy@L(Q_s zu*vDlK*7J1_UA_O1v*?K($-C|64{4WmHV9PTf0~kY zzo4AlslW7i3bek+$%DegNixN~ECl{JVS}Ji=I285bn)faJdh_ zr5|W<`Hs63BRY?ur9s=NefDWQjloD$%Rh*xO zsKg#ft{ad^Ckw?|4k%lDJWfy10|Stj=sg21R)bL3q$aAeGWCqT_trVNg3)A*8A zy3EH)rDB@fp`HX;TnrLmpWzrBDuDPNR2o%1CCLmAuoOP^S!Ka4&dHy?pYs%GRk}A} z?5n&wm$#IlonWe$M7zM~I6yM9H1JmAVf$93kp87MiuGLU@DKYRHi~3Q*dp~Dr0F=% z&q$zi59jYC;VV&hl-@qId^MzFMOW{#;iGgs-8gp0Uw?x3p%~gkKXDw@3KGmBduXq) zpkNVskV~`gd>`FODY0oQR1mDzI&|*D$vCnWx^Q~Ic%RYPPfWi1L(~&DJf6mOI9}Tm z_9{&)ewivbW75@f7^R|W`V8P9Y3J8Z5T`%q?VcCf^Qe^)pjMo;%=xy{I=o!IB-b#M zc-Y0Nh3ZBn%xg?Cgku)PD7k8Rbouese&?tm3EgU^ohQZmyYv2t{Usc3Q)?FVo!M7Q z1JK9A&KGOa9WMKw-gdee#vB6ABCNUA*8%N!II*$4)Buz~rdz@m!uvQ&)4N0!UbB>J2`K&6P3-#E0q@zHjg z&9+}qFhhqybP@70zw_K0Y;S0+Om6UV$8Z>54&l5 z=Z$`BCU`vbwmWONt$fAYC_Yv(ZZjm~Xr7xU|I2=(uk#pe%h=x0@TqUk!SI2XIja$6 zWd$p}ZZ;*h&WBBN4`aw}0kkO(9@dE5sJf|a^=!jQ>Ik2-=z@)p6*!!x z1G#)emi^Mp>g+6h26{*%J)gn_jx28g8X+HAUOqKZNkzZZT!v}{P*hMpc%8#HzN0f- zk{eM5kkayN90C>rG0vTkBVUH$`y$lQ@sR;Ro9A}MQ3;FpTH!vqCH2`ad^2A2>Nm%= zVrBkpD1?tpUgNWfUR9<}>G?8&CNK!z+7_}tes(5fSy2e@^u+UZfd$W6=RS{?4%;gt zkpy2*#!GFx)BPHtyY){C5-Q%FrJO^X<)sMdC+0u-_}F2Y`vKYdJz0pOvJz|F$d^rEZ}7W^WN`M9y+B(!+>zgYi5XubZhiF|~!2^}$Xo$nt zedJcPIy}o^an1Q*<%dv7-qG_7v@<>e>-VY~+qQeU+sllyD{B$^E41*@;r$x-<;Ij~ zF`8u?q`8CbR`qej0u}Dpz(qSLExR>(+s+ksCc9zKV6bGP`d9-b9e8Vx%yv=K%hPIR zULhvHlYL})w0cWXPzY}4grboSKv9`IVlfh#zC54f#K-G1^^>My`5}KYeEIO30BK?U zESA%7W4X6gwcYBWn-c*{!>&iU_}dSswY7a?fge(z@!YEyVl0Q#lMBtYTWoS*vM!kk z4fEG+9M>ILB81>6XLIHk+Ivr}MA0B23HA>Px*73d_HVi-cN{%v9Ag*y5n3G%w?-7K zrUBoW41$*PVv3BFJ6+5I9cbq&E7-_1-%3@# zhHZVT{X*S)po1ty_tRbrnV_gX%IYo!B-arqbcELsPrT4zw8Ns3K1DSfp-G(nIBGD5 zn;@FeEh(CBZ^U(_w%&r-cLY*io?E~FJ>2#wPO+~iOhe_21SF%UjbQh%eWsz@8*c`? zbnSe&p3i`d@<@7eszBYwLHmrjpi;w}-F&VcUt4|l1U7J3{%L7&>d}*?X4L=^`-Ync zu(^}+;8-o4@Uh_;v54RUE(yb1ookeW3*I~_CC%9-U2skg9!9jr_7D{G6dF?mhQIOs zWYuHeeMg5tN1Wbar+$cOU*@0yJBi?W=;#|Qh&p+tq1{Al@%P>9k1XEtO(l{YTBk_E z8!ERD{lf$Li);(jNmKXi(CF0SAZ*35Y&UI^gTt53*%Ao{=?x*@4{lnk3sqVNhF-CK zXxebmT&D0@Gqjw9B6Af%l&zW%dZ(qH>8FXvo{6@fnc#0&N}y4FxoUXSrMTQK)ArUY zINJvQxfaKe?M7{>7hZK1O%b!zB3Wl{Cz@pF0k4hYQLfGP?w{zZ_xi1a&nRi^mOebS z70z9fH9L#@n9`cp`N)lb^D&1 zIxmtB$w5rY8ow{c;s`EmciSwPA?_NgxMs*m4b&r`vGYCbjw6uG9|=c}5+Q7s2$9N0 zo1vHcJ9g9)@*CZbp~ugSDU^nMq^JBB+awMLtf)oBpt<*4!kMUt~+d@0_p`rC+Z)a{s z0(Cr%1v@-vAnS9RZHE%;uBWf!^Fy(opzKHeEHm>-VF@Dv%jmW<{io8qGp?KG7)9fH zQoDmbLAUXq>xftMh>(evrH8adcC4e;jiDKVV6eJGqtMY=5bl+OSBV4nT{OTcV1Oy)!7WR z_(UQYxx8Gq?Q|SI;!iK(Npnf{!^SNUB41wEB!p| zCzhz1%nyjRtS;a2&D!b@IV`hXSPo`W>oZid_y%M}A?m%;>p#DFO)Tvpwbcx2A6I%R z!c>8G&>UYr12#4300$+i$=^-EK}3s`CHR6jo~|#Ba;G#T0dY>XYX|z?Uz4@qj8aJ@ zN5hAimjZB1fe*?sdD`}{?0l-;CmQPdwsYP^{Q4bqJZ2+~W(Qy8Wy&?;5xBu}Bfu|d z8W+KN)H9b7z4+a>{B_mWp{w`km&Qg&twkEet zf1Pi_8ASz=@hY2&HZD#|Spi83%~hOYX+$tIz0M?@_TD{$kAu5z0rLblhpPv?$(_N9 z$v$`T8>##CZ$`1VziaKYri`uZ;dB&Y=dsXc=dtW;n)Nd^RV3HmLR@|>Q6Jw=YB{pI zJAe6XsUy|alC8-XouGi=2{qabceNrTv)}-lM?tV7fC0$Bvrml7ex=4jl(;<_k6kmT z)0`Vp><0x!ZPu2`pW@`8LU!&*IgPZ2bM$*(6=(@5&RPd*mVNs|^x;O;1Pnoj>v5BW zI>kJ>E^vmzbd{uumu2Sq{`69J9{ljjt%);zfMqgeGin_YkM0KT4+NhFS3OKEc-_cg z8j;nob1(;M(tD@~L7^k^FVDm)9)^*2H8jU1@*TdpSz8 zS!K}aCmSn*gzaP1^_`FuJ@T^x4x`>bN0d^Qb6xkpxp!9}{ilrL*YYi}a+aQxSn*Up z!~HeHjf>wTP}K z@k~EhRQ}{IAd_*OC)}Zvwz?*T)}~-vm>;)*4ml0witP5EQ@oP2ayZst3Jw*MK@tm! z(v_D|>HNBWezk*&(ZX5pNj5GOv8Jfj^xNo1BiAB)si@3$_v?M1y5^NS4Hg-tBd!>x z7oe5YcG8?QoTj)sDNq)*EGSd?Am&WLYEoJiI_K7z;t4KdUy}X>PK}oivO^bIJ>!}7 zg7)uePIgperm@?8DBkw`o`ih$`gmYt89Gz4uNgscJVe`4O%C_&=+e}|w-?#1$DA3_k0 zZV7~(0v67=A_<9RM@Ok0HeX(_zG{N5ZqJA)A@?m z_UNwQX>*@S>k67{sN=DYG@~(xnG}-KhoE6k;=U8P@ngHcR))$s>7N2ph4V%G_^2`hVFdz}8nYN*J- z%mSnl=lV7?rTXzt7tx)>VPdb~p71#yu}66wLitx5pN&qH8r@0ZeERD{$Ljc#`9w3) zLWW2ab^Xt1AA4P9SDlBGBDUR%Q_N0IT=Z`ztAGBoU{7*UqgeT3jFv>R->h817-s-`ETSfCk$Kyq zt};ml-lykCzM*HwZka9QWW;&ottpZk_SkB0^;!^} zG8EjV*i6fI{d|!0t5m|?qXae2&dtZqapJP5x}-M6Z?{}8ib|4n{S?~yd8Ma@4{TE&XfAuFe z%IvlDnp69kBi(VL1B+canoAd>48u9~caZP`#=^0bWDoP_WJmO$oX?-WT%#IldBWK2 zT*=ij>R*a%JK=YgJritnO~;qu*@3~^@pYP4OX7Dk&MLNCu7f)!j}aNCm_eWdmL#Da z`jj@2=oH+oH67gskqr(Z!dFrdnQv}x-X)LrUVQ_)Eig$`0K_Mo^FHjv=Z4$xdF9I5 z3oixKvCT%lBlxa|C#{tZOLofIeD&z^jt1C=L7+%6h(XHUS57_W5}MiXjca?nx_xHs z&9?iI)}VvLE56K_344-Qc&+CH#y-~6Tl;OGh?YL})k~5rXQ@r^2XOp1XxYcyBh`~G zioWV@UeFm_%cya|Jf;k)4&~sYy>6n(5^CbZ^f`dS4bGL-!^@)=x;#+voxM_CkQkswN zP?pixQL>X)$m^OE`$-3=v6A4x#ZbJ6-Hz%odH2A(GOiEaS|h|1%0^qjfRj~b8vdmD zI8d5Va?=nSjun&`wa9}Uy(n0TT&c+N*7DU4*dr~&+=HiRE3 zSl?yU`I2vZRP}Df1Ju~Cpx~ad7yI(G1LlL`I1{SbQIq1l+vEP~tfA%YH0tIl-Wik0 z^REvI|C>-b+draW#yj$V6eIjT%w(q4GYHg@O8uw7Vqr?87hwYIcHCG09Kg!rs{yfG>T!Ztf!_p5JkBdzVvRbKz5-WJuy5y?rdFTm#fa_H zE`Mt!II#h^1mu#mdB$~u<={5&I^~~sVQ>5yU)bbu=wi7#>ERUbRZpMjYx4wCNrPV< z&gFmydG zopd$gCFaq+i<+QceJd!|KxXYTg2ZP!t++ua%m4r+9Hdmcpl^^I`$DQS3pW)01l@@n z^?jcx;`=9EDLHgAXMg7oZZ8hY0&LrlV((TU0`0MGsNcP(PEO;}|3v#A@PE;|lxB9o z>NpoUgp8%ZV*VJQM6BJB7$JUTMI&@1>1D^i>S+ocn2*%xkG+ zMY@XN;9>dANs4Z;k@TUPHRjB4FON$1gZRHY4Z~AWvLh zhuyS!-&ixLP-FS5p4ljjFFU+LhZDtg!OJ>Qln0;pEn{fQM8j&Xav~$w!X>to~SkZOG=ck#>X0gx={lcozP&1O5t= zo;a7djaN?EjX4T`LFk?^^of`!0b6+oQNU}8VNfL5CI!zlp8;jgAzfYu6x(KdLmo!L*He?U0BHd2p5_KO{h?+ZYZw2Xa9#^J#9t7(@PnSoAG+ z(AxGIV$W_2YsrJu+^R_N|44O}vO)q@kdu=WkS(~u^B*DrN8-HReW)krCo6?Th+u3? z0;E6XPvrm(YcW1yS`Pm?G4H5T5M{Q(NfRLU0*JeAQ26h!w=xa#x6mabi~lw8JHG3; z6QVYz*`N~yBtyAe_MgRyJka}fNu=o9wfYa4D+Ql^ Date: Wed, 18 Dec 2024 11:30:13 +0100 Subject: [PATCH 2/8] Adjust jboss-cli URL; reformat online version --- _posts/2024-12-18-Management-Console-on-OpenShift.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc index b71b4cad..6cea2d78 100644 --- a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -22,7 +22,7 @@ The console is an integral part of WildFly and is activated by default when runn You can build such an image on your own based on the official WildFly images available at https://quay.io/repository/wildfly/wildfly[quay.io/wildfly/wildfly] (see "Extending the image"). Another way is to use the pre-built images from https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly]. These images are mainly meant for HAL development and testing, but already meet these requirements, which makes them suitable for our use case. In particular the images add a management user `admin:admin` and have a list of preconfigured allowed origins. -To add the allowed origin for the public route, we make use of the https://jmesnil.net/weblog/2024/12/11/a-kubectl-plugin-for-wildfly-jboss-cli/[`jboss-cli`] `kubectl` plugin. This plugin makes it straightforward to connect to a WildFly instance running on OpenShift and execute CLI commands. Please visit https://jmesnil.net/weblog/2024/12/11/a-kubectl-plugin-for-wildfly-jboss-cli/ to find out how to install and use the plugin. +To add the allowed origin for the public route, we make use of the https://github.com/jmesnil/kubectl-jboss-cli/[`jboss-cli`] `kubectl` plugin. This plugin makes it straightforward to connect to a WildFly instance running on OpenShift and execute CLI commands. Please visit https://github.com/jmesnil/kubectl-jboss-cli/ to find out how to install and use the plugin. == Instructions @@ -56,11 +56,11 @@ exit . Open the management console at `+https://+` and login using `admin:admin`. -''' +=== Online version of the management console -NOTE: As an alternative to adding the allowed origin, you can also use of the latest online version of the management console available at https://hal.github.io/console. +As an alternative to adding the allowed origin, you can also use of the online version of the management console available at https://hal.github.io/console. This URL ships the latest version of the management console. -Background: The management console is a single-page application (https://en.wikipedia.org/wiki/Single-page_application[SPA]) without any server side dependencies. As such it can run on its own and connect to an arbitrary management interface. The online version of the console makes use of this fact. See https://hal.github.io/documentation/get-started/#standalone-mode for more details. +NOTE: The management console is a single-page application (https://en.wikipedia.org/wiki/Single-page_application[SPA]) without any server side dependencies. As such it can run on its own and connect to an arbitrary management interface. The online version of the console makes use of this fact. See https://hal.github.io/documentation/get-started/#standalone-mode for more details. . Create the application as above and find the hostname of the public route using `oc get routes`. . Open https://hal.github.io/console From 539b9249b0234c51825892c74ff1da22e05e4ec7 Mon Sep 17 00:00:00 2001 From: Harald Pehl Date: Wed, 18 Dec 2024 14:26:15 +0100 Subject: [PATCH 3/8] Add 'Things to keep in mind' section; fix typos --- ...4-12-18-Management-Console-on-OpenShift.adoc | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc index 6cea2d78..b49a5fd6 100644 --- a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -20,7 +20,7 @@ The console is an integral part of WildFly and is activated by default when runn * Allowed origin: + The console uses the https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API[fetch API] to talk to the management interface of a running WildFly instance. In an OpenShift environment, the origins of the public route and the management interface itself are different. That's why we need to tell WildFly that it is ok to make requests to the management interface from another origin (see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS[CORS policies] for more details). -You can build such an image on your own based on the official WildFly images available at https://quay.io/repository/wildfly/wildfly[quay.io/wildfly/wildfly] (see "Extending the image"). Another way is to use the pre-built images from https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly]. These images are mainly meant for HAL development and testing, but already meet these requirements, which makes them suitable for our use case. In particular the images add a management user `admin:admin` and have a list of preconfigured allowed origins. +You can build such an image on your own based on the official WildFly images available at https://quay.io/repository/wildfly/wildfly[quay.io/wildfly/wildfly] (see "Extending the image"). Another way is to use the pre-built images from https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly]. These images are mainly meant for HAL development and testing but already meet these requirements, which makes them suitable for our use case. In particular the images add a management user `admin:admin` and have a list of preconfigured allowed origins. To add the allowed origin for the public route, we make use of the https://github.com/jmesnil/kubectl-jboss-cli/[`jboss-cli`] `kubectl` plugin. This plugin makes it straightforward to connect to a WildFly instance running on OpenShift and execute CLI commands. Please visit https://github.com/jmesnil/kubectl-jboss-cli/ to find out how to install and use the plugin. @@ -58,20 +58,27 @@ exit === Online version of the management console -As an alternative to adding the allowed origin, you can also use of the online version of the management console available at https://hal.github.io/console. This URL ships the latest version of the management console. +As an alternative to adding the allowed origin, you can also use the online version of the management console available at https://hal.github.io/console. This URL ships the latest version of the management console. -NOTE: The management console is a single-page application (https://en.wikipedia.org/wiki/Single-page_application[SPA]) without any server side dependencies. As such it can run on its own and connect to an arbitrary management interface. The online version of the console makes use of this fact. See https://hal.github.io/documentation/get-started/#standalone-mode for more details. +NOTE: The management console is a single-page application (https://en.wikipedia.org/wiki/Single-page_application[SPA]) without any server side dependencies. As such, it can run on its own and connect to an arbitrary management interface. The online version of the console makes use of this fact. See https://hal.github.io/documentation/get-started/#standalone-mode for more details. . Create the application as above and find the hostname of the public route using `oc get routes`. . Open https://hal.github.io/console . Add a management interface to the public route: + -Give an arbitrary name, select *https* as scheme, enter the hostname of the public route _without_ https and port *80*: +Give an arbitrary name, select *https* as a scheme, enter the hostname of the public route _without_ https and port *80*: + image::hal/add-management-interface.png[Add management interface] . Click *Add* and then *Connect* . Login using `admin:admin` +== Things to keep in mind + +Please note that the above instructions are just a workaround to access the OpenShift management console as long as there is no more compatible, container-friendly way. In particular, the approach ignores some principles that should not be applied in a cloud environment: + +* Changing the management configuration of a pod is an antipattern as it will not outlive a pod restart. At that point, you'll have to reconfigure the allowed origin. +* With a route, you are accessing pods behind a service. If your deployments have multiple pods, it's complex and hacky to access a specific pod or configure all pods. + == Outlook -We're currently working on the https://github.com/hal/foundation[next-gen management console]. This version will also support a dedicated variant for OpenShift that will integrate with the OpenShift management console. For more information you can watch the https://www.youtube.com/watch?v=Karu90yDIhs&t=571s[talk] on the next-gen management console from the last https://www.wildfly.org/conference/[WildFly mini conference], get the https://www.wildfly.org/assets/data/conference/202411_wmc_nextgen_console.pdf[slides] or reach out to us in the HAL Zulip https://wildfly.zulipchat.com/#narrow/channel/174373-hal[channel]. +We're currently working on the https://github.com/hal/foundation[next-gen management console]. This version will also support a dedicated variant for OpenShift that will integrate with the OpenShift management console and addresses the limitations mentioned above. For more information you can watch the https://www.youtube.com/watch?v=Karu90yDIhs&t=571s[talk] on the next-gen management console from the last https://www.wildfly.org/conference/[WildFly mini conference], get the https://www.wildfly.org/assets/data/conference/202411_wmc_nextgen_console.pdf[slides] or reach out to us in the HAL Zulip https://wildfly.zulipchat.com/#narrow/channel/174373-hal[channel]. From c0543e0499f6671af1262b548e552b9fc7b143ce Mon Sep 17 00:00:00 2001 From: Harald Pehl Date: Wed, 18 Dec 2024 17:52:26 +0100 Subject: [PATCH 4/8] Add a warning admonition block for admin:admin --- _posts/2024-12-18-Management-Console-on-OpenShift.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc index b49a5fd6..5188cbd6 100644 --- a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -22,6 +22,8 @@ The console is an integral part of WildFly and is activated by default when runn You can build such an image on your own based on the official WildFly images available at https://quay.io/repository/wildfly/wildfly[quay.io/wildfly/wildfly] (see "Extending the image"). Another way is to use the pre-built images from https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly]. These images are mainly meant for HAL development and testing but already meet these requirements, which makes them suitable for our use case. In particular the images add a management user `admin:admin` and have a list of preconfigured allowed origins. +WARNING: The additions in the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images are only meant for development and testing purposes. Please do not rely on the management user `admin:admin` or the preconfigured allowed origins. It is strongly recommended not to use that in production! + To add the allowed origin for the public route, we make use of the https://github.com/jmesnil/kubectl-jboss-cli/[`jboss-cli`] `kubectl` plugin. This plugin makes it straightforward to connect to a WildFly instance running on OpenShift and execute CLI commands. Please visit https://github.com/jmesnil/kubectl-jboss-cli/ to find out how to install and use the plugin. == Instructions From aba4a88a37a553f7e87c8d606a219670940ed908 Mon Sep 17 00:00:00 2001 From: Harald Pehl Date: Wed, 18 Dec 2024 17:58:01 +0100 Subject: [PATCH 5/8] Add another warning about quay.io/halconsole/wildfly images --- _posts/2024-12-18-Management-Console-on-OpenShift.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc index 5188cbd6..7b4f450b 100644 --- a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -80,6 +80,7 @@ Please note that the above instructions are just a workaround to access the Open * Changing the management configuration of a pod is an antipattern as it will not outlive a pod restart. At that point, you'll have to reconfigure the allowed origin. * With a route, you are accessing pods behind a service. If your deployments have multiple pods, it's complex and hacky to access a specific pod or configure all pods. +* Please do not use the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images in production. It contains preconfigured, insecure credentials and is meant only for development and testing purposes. == Outlook From 33b3641249e7152f3537bb310d4b2bcb3c22f209 Mon Sep 17 00:00:00 2001 From: Harald Pehl Date: Wed, 18 Dec 2024 18:02:23 +0100 Subject: [PATCH 6/8] s/It contains/They contain --- _posts/2024-12-18-Management-Console-on-OpenShift.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc index 7b4f450b..7a3bdbe3 100644 --- a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -80,7 +80,7 @@ Please note that the above instructions are just a workaround to access the Open * Changing the management configuration of a pod is an antipattern as it will not outlive a pod restart. At that point, you'll have to reconfigure the allowed origin. * With a route, you are accessing pods behind a service. If your deployments have multiple pods, it's complex and hacky to access a specific pod or configure all pods. -* Please do not use the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images in production. It contains preconfigured, insecure credentials and is meant only for development and testing purposes. +* Please do not use the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images in production. They contain preconfigured, insecure credentials and is meant only for development and testing purposes. == Outlook From aa7f7259a7326e0888061acc056f3a35122e7cf5 Mon Sep 17 00:00:00 2001 From: Harald Pehl Date: Wed, 18 Dec 2024 18:03:37 +0100 Subject: [PATCH 7/8] Fix typo --- _posts/2024-12-18-Management-Console-on-OpenShift.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc index 7a3bdbe3..65b67a6f 100644 --- a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -80,7 +80,7 @@ Please note that the above instructions are just a workaround to access the Open * Changing the management configuration of a pod is an antipattern as it will not outlive a pod restart. At that point, you'll have to reconfigure the allowed origin. * With a route, you are accessing pods behind a service. If your deployments have multiple pods, it's complex and hacky to access a specific pod or configure all pods. -* Please do not use the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images in production. They contain preconfigured, insecure credentials and is meant only for development and testing purposes. +* Please do not use the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images in production. They contain preconfigured, insecure credentials and are meant only for development and testing purposes. == Outlook From a874aacc206d8b53b6775dfe52016eb33762a560 Mon Sep 17 00:00:00 2001 From: Harald Pehl Date: Thu, 19 Dec 2024 14:56:50 +0100 Subject: [PATCH 8/8] Make it clear not to use it in production --- _posts/2024-12-18-Management-Console-on-OpenShift.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc index 65b67a6f..b8f7bf77 100644 --- a/_posts/2024-12-18-Management-Console-on-OpenShift.adoc +++ b/_posts/2024-12-18-Management-Console-on-OpenShift.adoc @@ -22,7 +22,7 @@ The console is an integral part of WildFly and is activated by default when runn You can build such an image on your own based on the official WildFly images available at https://quay.io/repository/wildfly/wildfly[quay.io/wildfly/wildfly] (see "Extending the image"). Another way is to use the pre-built images from https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly]. These images are mainly meant for HAL development and testing but already meet these requirements, which makes them suitable for our use case. In particular the images add a management user `admin:admin` and have a list of preconfigured allowed origins. -WARNING: The additions in the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images are only meant for development and testing purposes. Please do not rely on the management user `admin:admin` or the preconfigured allowed origins. It is strongly recommended not to use that in production! +WARNING: The additions in the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images are *only* meant for *development and testing* purposes. Under *no circumstances* must this be *used in production*! Do not rely on the management user `admin:admin` or the preconfigured allowed origins. To add the allowed origin for the public route, we make use of the https://github.com/jmesnil/kubectl-jboss-cli/[`jboss-cli`] `kubectl` plugin. This plugin makes it straightforward to connect to a WildFly instance running on OpenShift and execute CLI commands. Please visit https://github.com/jmesnil/kubectl-jboss-cli/ to find out how to install and use the plugin. @@ -80,7 +80,7 @@ Please note that the above instructions are just a workaround to access the Open * Changing the management configuration of a pod is an antipattern as it will not outlive a pod restart. At that point, you'll have to reconfigure the allowed origin. * With a route, you are accessing pods behind a service. If your deployments have multiple pods, it's complex and hacky to access a specific pod or configure all pods. -* Please do not use the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images in production. They contain preconfigured, insecure credentials and are meant only for development and testing purposes. +* *Do not use* the https://quay.io/repository/halconsole/wildfly[quay.io/halconsole/wildfly] images *in production* under any circumstances. They contain preconfigured, insecure credentials and are meant only for development and testing purposes. == Outlook