From ae79e9ab9180b594d9aa328cf11ee0604d0013ee Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Fri, 21 Jul 2017 10:55:30 +0900
Subject: [PATCH 01/71] Infra as a code by own your zinst packages

---
 templates/zinst/0/README.md           |  85 ++++++++++++++++++++++++++
 templates/zinst/0/docker-compose.yml  |   8 +++
 templates/zinst/0/rancher-compose.yml |  18 ++++++
 templates/zinst/catalogIcon-zinst.png | Bin 0 -> 42732 bytes
 templates/zinst/config.yml            |   5 ++
 5 files changed, 116 insertions(+)
 create mode 100644 templates/zinst/0/README.md
 create mode 100644 templates/zinst/0/docker-compose.yml
 create mode 100644 templates/zinst/0/rancher-compose.yml
 create mode 100755 templates/zinst/catalogIcon-zinst.png
 create mode 100644 templates/zinst/config.yml

diff --git a/templates/zinst/0/README.md b/templates/zinst/0/README.md
new file mode 100644
index 0000000..86c73a2
--- /dev/null
+++ b/templates/zinst/0/README.md
@@ -0,0 +1,85 @@
+
+# Zinst
+## Install
+* Git clone 1st
+```
+git clone https://github.com/goody80/zinst_repository_docker.git
+```
+
+* Git clone for zinst packages (optional)
+```
+git clone https://github.com/goody80/Zinst_packages.git
+cp -Rfv ./Zinst_packages/* ./zinst_repository_docker/dist/
+```
+
+
+## Use
+* How to start the zinst repository server
+```
+cd zinst_repository_docker
+docker-compose up -d
+```
+
+* How to set the zinst client
+```
+curl -sL bit.ly/online-install  |bash
+zinst self-config ip=[IP address of the docker Host] host=[Hostname of docker host]:8080
+```
+
+* check the server alive
+```
+zinst find
+```
+
+## Setup
+* You can modify the docker-compose.yml for setup as below
+    * for example: I need to change the port 8080 to 80. - You can do as below
+    * `8080:80/tcp` -> `80:80/tcp`
+
+```
+version: '2'
+services:
+  zinst-repository:
+    image: zinst/zinst_repository:latest
+    ports:
+    - 8080:80/tcp
+    volumes:
+    - ./dist:/data/dist:rw
+```
+
+## What is the Zinst ?
+### zinst?
+* Package install manager. It very similar that concept of yinst command in Yahoo!
+
+### Summary
+* For the centralized package manage & distributed systems
+  * Centralized control:
+    * Install the Package to the destination server 
+      * *ex) zinst install apache_server-1.0.1.zinst apache_conf-1.0.1.zinst -h web0[1-7,9]* 
+    * list-up the package in each server 
+      * *ex) zinst ls*
+    * list-up the file of package in each server 
+      * *ex) zinst ls -files apache_server*
+    * Easy find out the installed package-name of a some distributed file 
+      * *ex) zinst ls -files /data/z/httpd/conf/include/_temp.conf*
+    * Can tracking the release history with who could controlled
+      * *ex) zinst history*
+    * Easy can change the configuration setup 
+      * *ex) zinst set apache_conf.maxclient=64*
+      * Then you can see the configuration has been changed on the Apache server for example.
+    * Package remove
+    * Send a command to the distributed systems
+      * *ex) zinst ssh "whoami" -h web[0-1][0-9], web20*
+    * Can makes a list of multiple host for the target control
+      * *ex) zinst ssh "whoami" -H ./hostlist.txt* 
+    * One package, can makes a differnt output
+      * *ex) zinst install apache_server -set apache_server.maxclient=32 -h web01 web02*
+      *     *zinst install apache_server -set apache_server.maxclient=64 -h news01 news02*
+    * Daemon controll
+      * *ex) zinst start httpd*
+      * Then we can recognize that who managed the daemon in the server as a history
+    * Easy to find out the package has been released to somewhere
+      * *ex) zinst track hwconfig-1.
+    * Supported a package restore & roll-back as a save file
+      * *ex) zinst restore -file /data/z/save/zinst-save.56*
+    * Without difficult language and environment. Due to it made by Bash only
diff --git a/templates/zinst/0/docker-compose.yml b/templates/zinst/0/docker-compose.yml
new file mode 100644
index 0000000..89de073
--- /dev/null
+++ b/templates/zinst/0/docker-compose.yml
@@ -0,0 +1,8 @@
+version: '2'
+services:
+  zinst-repository:
+    image: zinst/zinst_repository:0.4
+    ports:
+    - 8080:80/tcp
+    volumes:
+    - /data/dist
diff --git a/templates/zinst/0/rancher-compose.yml b/templates/zinst/0/rancher-compose.yml
new file mode 100644
index 0000000..c47a1bd
--- /dev/null
+++ b/templates/zinst/0/rancher-compose.yml
@@ -0,0 +1,18 @@
+.catalog:
+  name: "zinst-repository"
+  version: "7.0.5"
+  description: "Infra as a code by your own packages. http://zinst.me"
+  uuid: zinstrepo-0
+  minimum_rancher_version: v1.5.5
+  questions:    
+    - variable: public_port
+      description: "public port to access the zinst repository"
+      label: "Public Port"
+      required: true
+      default: "8080"
+      type: "int"
+
+zinst-repository:
+  retain_ip: true
+  scale: 1
+  start_on_create: true
diff --git a/templates/zinst/catalogIcon-zinst.png b/templates/zinst/catalogIcon-zinst.png
new file mode 100755
index 0000000000000000000000000000000000000000..d3fa018a08189954cc300fa3a81e9f06ef1d7204
GIT binary patch
literal 42732
zcmX_n1yoeu*Y+hOq(uaVR6r0xq(d5{Ly!Ta5s)tF21P(%KuIN~1ZL>&loshuMWnk+
zzBB&*@8?=BmviquXP>>F-TS<MrY28x6Lu4VAR<KtSxpGSih>}_JUkrmi;!Ce0r&^s
zN#TVH1X12X|HZIO9|mth*p^bNQV>+!EqEh*4g8<l^{KAwbH`V%9;UA?ASrXlmllkQ
z_NJB=nii(!Ud}xhq7d}eT2WR?%X4~j&d({u!|&vxI6J<=KSnDp<_+ij<2XfX>IZxt
zJ*~p>O0|9Xe{dcU@^(4w$lerF)hsD}&7eRX^EQq+qfjO~{(d9P3Q0rAgK>uMvR_SD
z#juP<gksecIhg3^lMZF8T%IdDSUt1$$Z_#2o>MmJ@tzFbIP-3PRrHZ_=HXhk?Uw)H
z)!(M(n-~xjIJb^Kah`01G#I1)%*GeDw+>iL)^tuZaD6`6*qdD__4j*UPtu}C!2w>D
z)JWQIGd@T%nM}Cwql#QEy8L4O?wQ}U1^rE^l?;Lyd#4XDO%IX?CPI}TJ|kZ7S0B5@
zD1-??!R(BBK_zdURu%G8{=8FaysrxjT*QN*Mfqu?>4bW`u)p|mT5K3^m;gas(l0+9
z(}jGdU@nY!j894n_O%;Hqa=NT_dbIl_ADqSNc7)kCdx;(PLm%g?~u`%c}Zz5XvSmX
z0ntGZrAn2HD$_9&oNKk?nH4ax<spdlZmRTCGHk_vn|{cJ7r`l>=n_v_ad62J<I4v@
z|K6cGvVHTCR~a)=*N2H*n*Tq_7p!{;A`CfjeI;k~LW6CXC7rM#C@u6U(R;Brqo=3o
z6pTl|CQ1ISOFPOwfea6Riaq9J6qcPs@$cj`y73)Grp@=-EIB9{$%7UCokxivLQL9%
zELh<`dY-3K-T~y0-s>k7X54&_jb^2!$N?r(;Ko{7ckp9f+<)|OPlrz@6GZlN;65wK
zXoz4E|3^#4C}%|`rhCbc_bOBqUI|$LUUk)W)4(#r>cg0H0NWmA##8+JnN5ol<KzXr
zdxYZ#npG{uNv};c9!7#+cOq9XnV-LqLZ7Z_D2*UejN``Q6Ro@den=a3*D8EeReC#c
z2Z8VN-*1od6K&fal3oxqekg!?WVO-f3M_QJe%Wk3U}S!MkCeDQW)9aYCg-25;<5nC
zseWP|9UTpiyZd>RG!<uLT&hTji$7{_Z=YZ#T=F9)PZ4I&T&jigDLr`5)O|4#+5KuP
zq}G1+&cRV|K|oM2d1Bhwmdb#O&0F<tc8ChUfWRxGvz>{J;T+}J*4EhWs|8C2X7s0l
zEvq44zkZD;{S<J<Pbk9jS*7S^{F!6^%kvY5K0hv#|K2ir>aqP42wZ~}<u+<Vv9-Dy
zX7IRzNmoy5_-6ddK&+1MOOBJqAioc2K}wo1KfXgwT50o%;m*%zFR5wt@ngN$cB})A
z_$1fqyMs$eZlPI>7g;m@5;@j>S%McZc+<lF3$sdHxRl6$D@4+xViXhz<v&%-8#R5m
zqfEp!m!`_bLZd!oD9z_1<r%_5Pj&ReCx+W(;@Zh59L2^wB@v}|GYO1;i@%|xI=W#f
zuSNN#veJ!(d0ij*ekdEuqkvTL1GD5Cv_8G|QY@qB?7q=?8U9j7hqB$a#PkC#45o)4
zQ&Dw`5iLwc&DsYiZwgu2jZ3yQzLSJ&-PQ=dtQsH5RWE16{)bLHOaI<R$qhssrEO)p
z&9l+!z|?{&ZPYzQ{ul@!O{?i(B0*%vcF*SKW;PN}-HM;*qe6+`{~iY2UeDsMxG{!g
zE7KwK&lu6Gyp=B%L;B*@kD!0JP7HR}L{i)-Bw&>Nk07W6e|eFn?H=C8k0c+?{kEJF
z{+*<kvd%BE&ayN&H?$<|Sx9$K5C*RTk8bX+Mc<9?SdJTL9f|u;%skUOMjOKQwXxBU
zg`>=pOykR2w*pdOZYlX!ca`r?F~p==K0qVF#CAF%=>zGenVpRdPkW}3ip<kEYZ?@e
z!jJbH3OtmIYZoj)$boL7D@GhgxaSewTl%9V-NF$qHsk&Zg|frFb#C)_qIS`841{AY
zBur0Fvo|(20?oTITz<Fmme)SB{)Ip*wl<nUAMEszO^i2x$5El`@`6eW3lTo#Y%J7>
z=wx{J-@pFI4>UC7IIC!l3Cn9yQyy!KIKP*;e$Rvp`9c3>ATc;vV7FDGT|BoFi-?$<
z3@T#N5IZFYu0Zr*^WE$->B(yav>>zBUASDmv5picCX(Me@IB_Crf^E<S6R9A3b(U8
zs4Thu2oNFJjqPwsw3Qdwyeg}GCDBv+VS)=`9>Cc3f)x!{Ol4FgKK|ft^6~L;{8}D#
z87eSN#DYM{TN$JILHangc91IUHQfbe(Bcr}_3In{+5AaU*Gq#Du8QJY-~f1ml5pz!
z`uhH3!DBAW){2S><^i!2lKpSw>fKZ2mbxDbxHJ6X0U?3WH@@~Nm|(YAI5-&jA1*QU
znaN*k;^5-G_)w5N*rWtb)FO|mVKIuIKOKd9u8AKhd77>H;B!inz=;&S#NRmDfOYV{
z6m!$EEmU*~A)5Mz-xusz6jVnqrP)axrt3s3g1fXt?A46NAYsq-ID<xS{&i*E`%~*o
zD@kZ(I|)X=A3#N7%Q4n{wR~mn?{B(%k{h|3XJ3G=aBxwz9boQ><~`JP*3{cgF9#7s
zMDU1-G4=KJVRw&pvgrH$@438Hyffp;o3|}^EhjvmBWrgw7XC0vCWSEn|2JkTl&gAI
z`())zuuDEy7NQaeDAN+N<fD5DC?CnXSy!A-IvPYDu-yeLepb{pOF(d)Gj;6F``F#p
z)rkvZa@4yJh22e|_;ZyQ4JQ_x7`unhlXt{Rzus45zJ)CZJ)O#Pi-)W;&(T2mVl@{t
zH?WGr5Q0%vw&huJV@l==*ch@%CdEh}p)t^M$JgsSj=U{YGV==1f=4oBy3dXV8BwKD
z6@TTFdiw3Rj*yTAY8;N4eU|bCBgTaRALz^{UqL9eRS=pjgKyY;!^+lXs3cexjlK<N
zVyvs+hX-VCCcAcu%RxqL*>3z2lH!+xD;BR`^C&52U(7QsetenEo&a1gskgvVM5kM<
zv3N#PlemlCdSUf^ZzEO<ycEfvUzq<<MTALNSvmRdT%*s4lKOy{CQWht&_}Wty1HR)
zx7Gyz6wMxV4tRY-OK|8*VLtv+_{F`}s%mAP&v8XXkKT7J%|3xdHD0{1_9a2`2c#<H
z3SQNpH`**T&1BwTbmS|->OA6Is{6+DRkQ+$30;2IDa@Zv5PAIA1V;|qjn!heApY?n
z+YN45`?_QHT1ZHUDxO7&N~id-P$=LXUh1)d)nSL%o#}+$Js5PUqOT1gQv*M8wh#0@
z%?SOyImN4?n`zpkW|(uXi>U|4fc$?ak84e9VqiZ7e_9Jscf>r7e?<GK9B<9A>J%9f
zU0`eL>GXN|mI7DHkUwxkZoo(Cs3Wc_hli6wk~9agm{*9>C;IVX<NIgFWQuM)+MlhX
za5T@q=&{TsO>Z8t4$sZmhsdF~_#7f9R%XT>&wjo@5A;LW`;e>MKRC3i$Q|#39>@?l
z!h}ur05Me?kxRMgiPhEBMS2WUn2XB+&l5qN-9_5IZ{LDxfp&?yA6k7%v=pVJw>Cs;
zzVCLhc_@Wv_)kHoO+{ZP_p2pyY|rg0M<yOg`Seh=eT6Bic4r7O8oG+~etbY@<bSKM
zuyB8~e4sZ73zy0ti?QPHd)IUl?1i2YyNKu?l0j-Zx_H5PPo_xaY@dxI*3f}HD>VEs
zWlnh4=VM-RN#GaqtW&>2zjA^XI5?7zg3+U1!vEApci7n3#igbBWH%KVHC<or^tH7~
zPbREt_f!?G`(NCk=LV)Au-a8(sr=VZ4Vp8!92AzM3y-H}e4g(*bU{DHSv~s_r~B-k
zm)BZOVq2AHf6P|!(8`05Kfg_*nV=Tcv>nS)cC&y0i4$yy>Yrg~I{Y==-5n-+xhu2Z
z_Kv_*9~SbbK&pcbTErPR;nlRj4%`@v8>&M()cnK|_T2rlIW@vY`AC%E>oI&Qe26uY
zfo4M8GaC)qN9F>1o)Szx)EFja({-@oLVnib^{MEb$$Ae*su`WaU7`D0XgNXhYyO>5
zd#k>3$VliJ6<rE>^h8p#8Z|~)b{s`?AFlXr&|@{@t=>j4b+n=M_v_?mq$g?>e*HU)
zkcdbFP;^gAM~6m7<qqX@mIXP5++ufyDwjX5<^eS=0VGghzpI3qbkSAtI9yd#HAaCs
zJ1gt04<@9P&50Tr;Vt{56z}##r^w)Adnm~}YtJb0<~bR(Ww{*u#8)K1CGKfynM)0$
zfx&86p%xr8dU&7cA8(}yAJ_}~u6|HaQ@iyKZDF?k@8l+)>-+gNQd8B})zwf!Ew4oQ
zEMMEy{caUbc>f-sS2Rt`CuEmOa?=?bnrtn<D<lH3epc!IXA>ZZIIo}}Zh9KlW6l%v
zfJt<HH|2@MF}Jm~^~W9ml_ydQ7kR1t{kJm2qT?@hfd5|$GY{Bb_qG}}69@?n&8e;Z
z?1KT(5=Xna)th%6Z&@si|Gi>JNaP~!3l*=BSnV4&Ghof!r}_e?fSyH>*RrbVa6`CI
zgPG0-@@CI`SFr3C`*>|QB>BJ<???Hs*56umfmxQk^R6SRvjos0M!lZSnB&!W{r9XV
zMqbMlUPog(Z|ayoTIr)TCVVW808!+~F6zGdiI9-+(}g(%&FAOkJ#I5Aq`voj&GkjK
z#g-r8X>D`{Ni^CLh5zjNt!1xD2ZO~_RS9fkK)clThN($u+z&r254$kb?=&gP$;-d3
zqs7O!o?)kuha@vZ5VqZ0gI1Mac>vj$J$8nLrMYhKXr1A4xLDm%PNLDxU$0lyg}M+M
z>22;3&jE{XOGnQr)Lcnb@>f<@CywC;27XFTPW(LeLf>Jd?cK`qcK!Cv^~DtWB@sm+
zaM>R2rPut8LrEZ=vsf907mCjNofx8ZK*}JTcu9mI;R4N{mRE;0h>N+)z^$#V7?u0h
zsy6}y%Usrx#6Qs5aJB)3$ft@Hwg2{~54ngBXM#+`yk|qUEjOJG-X0$vDFRhPkwAB)
zHjsoXY09i1JPUjr(wS{8cv^pev9ZxVJ{lE8tjz#P%jxT|-p@7n@~YjOxw$$D_fu;W
zTRmYaL_&eS-m{$_k~2yxE640qEhLzr;Ml67PFvf4sMdUBbPOdINchatE@4x4e+9jM
zNpPq6HvSKaxw$zWAt5%jl|hrBt)X#u&$IAsBaV!*uQK2|)M6k_PT1#I<ypd__7aS@
zNI9sH#ES|G+Lz9<wd8v}iUY}xwEfCdQ6HEbt`p(mxo4QlK-AkLFSbz1l=l<uY@LoG
z<?MMg`6-}GRo0^Qk96l%1{gCZRFkH{XrX5eRSsHhSvIVFP1f~-!X6)VNBw6cpNOuL
zFz+-RnC<sIEbc}XH~l){y6T*DO9E>$@)e!5P7dHf-B}m({Gv8t1}Ztdb(~^5d%&-7
zu*tYoEXzHNmcSpq>X5ku-CGNGKB_tT_rYYOn!(uk*z4RP<nvs$o?H@!{fk7=G=dL_
zZ(lQL0DMSinN|2Hpd!V@#0o?p6PZ^VHueZkdH2n^dO<vLou%4EPad`tGJrltK9S7)
ze8rHE5UMv=5L@rz_sH)9TycI+Fh18Hw}hg}fw}Y7a5TVjcqeCzrzRtV^^gQ&OTy{;
zJT+Aoy@@C3NvP6i!$P7Ag~?i})KS3P@P6#>KF%P6o|SnvXs>U$f95P$9;_P67+Hv`
zs}pJV&p$W+jMwHT?Svg@6)dN7{?rXm?cPU|F$~BeqT}W8Gh^1V&Y9QkOMR4~IXO8U
z#l|+F&Ti*df6?lVhgc5ya_$X6DmS;%bqJbKRaFO$<K>HLZf<VVs>1WbnyAv*gQH;M
z9jvctxs+}W=3P)f5fRaKg94d0g?5HSHvoHkJen`)yp|Axm&YtNed`U*sV5tLlE4+<
zAy~}th=Kd?Ht72HTkD04i?5NF-JNveUbI&UR*u!rC~a&^9R!GouiPm`A`d$ix8jC^
zgvI9$gcc_%S%okqJu6@nB{Uftthu*f7?9E6U>>=SEfUpEMen97S<f($3Um$RS1L;G
z(ZN}+uWcM1xgHWjyR(4xUVqH;E9{RN1*^}tQsn)B!FIG&{YTb~C(ggH0aq7ko_K6N
zF4lYzFQ1-zFnL$JKtvNQa5Gc&0vQ<<wHwf>X042ioSfWuKonAR-KD-583lYPBcB5`
z%uT{fU!MlOo114!QrbtA`_G4)o1K1oF^RgLuPLvSGSCgQ3P(YbR<oyXe@D&KpaJa+
z1s1OfM|;m_r5))iEti&-Y8-D`$CX<SoGvTd2o%MF)g>9F0XOHn!?7UDjLb~ws*a_Y
z7rk*>UbFQc#b?Lw2q-Ua(UN!aqjS|$9zJ(>_aq;fumcuEDy!#Zpl1~0T6elz<G5h|
z`ly!z1Qkc^iJ9u(a{b79y>v044DR%_p-&3Ty7rLd;+h7Xx4HZShaIaE8Bf|oyXBz+
zBvTiNS~5NYvEb!+HjIlF$>{4wEXSIO9C|f(k=UY*pmf&SWT{!O93;usZss>vl-Zu;
z)|o|e`U|o+26jF}LoG$<?#Ti$Vnh%gOKOeYb3;y$Dm=Zar*Wuh#Y;WfpWE@D=u<Z~
z#v-Ji7(jb>br~~tbrSG?n5?Ht&d5``3Fkh}>h9I<yoU4jherPA2c1VLiRlmssan$4
zT{24hOG&<P3dzU}4-K{2U_tlHtgRLA-_H#fDKdNcvW+&u<!BvVEWX9P<ei(_njA_D
z$@228QzOtsk6JBjoQP_}Ddv6i2a?rA&$1KK-OHUTea`R)kvAbSB80uYeSrYP7~}dZ
zD($G|lM=;j)%4_~Rg>S(wj0Ib_F_rx<?e70$p!*0Niti{tREgmQZo`P|2&H_`(;|s
z4(u=K$HB?bQCTaHhDs2^wUrF#9_1GnJ~&;tJR(o4ED+cjsnuaf0q_lzw6e3ekEb;D
z)ksQCeqj$m<3Po~YkvI_B<w94x}Rs^_PyqBPXvhyiXHOYNpW@)qJ~utPYw>YC}BY*
z@AKEJU+A)J7IdA=&;IF%gNqI9sd0^mfR%U0@ufj>^tZ%z<;R;DZLy@X>7QfM=p)XD
zbkhHOq+vCKRC_^3M;)(Y?AOt+&h=;txim0mM9Gc@E(pK9D)x1|g`<sq4>j^pD3^<o
z1M^-wVC$TW)18mdI=Ndc{ljb2tmw|2JG1n0y!Yu-R=S;NAt#+`XBIpJ1f8a*9SCs?
zR{|!1Kw6m1^7ZTCLiLB%2G#YAceH5#u@D;9(9kHgSmvgW?wgr+f14ua(^;sFnyR69
z_T%&v0&oO5ryWPCT5^0>|FpKDc$!T6l7-+zAn=?*#bY%%EKl$eXi>CiX=^K~x>a&;
zIQVv&8TvIQ!@KTQzh!z3$7neNk=i49O*-^i9^YPaPu03~g#`HTE=qwcJX$|JY9kh&
zk47(ee)|?Z3i*9KYun2pIs)EBiP&gJHhzLWwp^q62_O30cprgDwz0Jxzbe1FIH`9l
zGAo}k7DT^tpYMK0hQKW}f9Ho4QFRN>TP3uqCF{erQA?d}!~Mmd0ojw$XnMQHCboE@
zH*_~zg5G9adILo;DJBOHh1%3lL~J|_P{2NjA7)&s1$a&v6M}HLWqxo{28}70>+pKi
z)=aU_b?EUEdRoJDq+aVB5mY7g(f|v+Kqla`%~<vr2q@3e{SO4C<CpV*Jw2;Sy@>z;
zF8UQ;wE>Us3p={T#yfKLNE8SHo~60>(AS$j@f)Uw!S3;4LW?KQ;4dDy)w>sYFEsgG
zpvy$hQO-od6legBk9V>IqXUhNjs2mHzC(E|49XphP!hAxX2{mEB>McV6@D`U<>z^>
zb?YFg1)r0e9>o;?<6ldqlSOc+;S-O7%cdL)u2wSW9>)V>MC-U1T1TNb%KF;2k;?C^
z)0x1daF@3HK~GRySzBE-c?XzZL-(XA`MI|Kah1@~-4MXHMdPkWR9F7s<j6?-O+XbU
z91btzq)+s_aBx|di3F~<CH=6V(+Eu!Td<lgKPrloGvm}7&{R^X=Db?a$s`{|ik9nL
zI#7!367zwj)_4IeSmZ5Kd)K+W?LbXM^>6D3g(BO2(M+-MsU<u}JhRJzxg*F-kdN>F
zEqrY%D3Ejnxl})YROIB#IhzVCI-r%C1+bEotoe+l`RBL(`)F!Ok~Zxm++}3Ucs`rE
zfg)GfpFe+|`O;C$#zRhYVyIH|Nq~Z*PjXkpkbhM;3Sg#Sd`s4<ptx9Y<~csltS>5N
zM!wJ9FhK?*kBC*CjSc3-cY-h(5CH+CFt!{{BJQ#}cv@M70jNQnG0Z}kfr7wv4jqdR
zle4NR$jjqCBm@t5Hal=ZcrJO&>e27Muv%)?l?_UYV>dtpM;^ixO8sKv!(i><QGIxP
zTvi84;%a7{Zl6KSwJmb*zir92Km($)vvaed*0i_@6l4PP*7=Gs>K(NPY-j=3zySlv
zTe;Dm<75?kESNk)BYJMJ07%)S$2<Xz3dtxye>tpDEFMiN$H4)?{;vqGX*U<J)qC_-
z3gP|aTKs%AIUmb`j3oW7Qqn$u1f`<MGgv1tAXDR4H#U53L;-EGY-O@wbabT~uR_7n
ziwzFWCU4j+`9W3Ecg@wCh0mz=_0uAwMw<!M^!tD#<<lKOra~!WVBhhO&i6g}@e4DP
zUqyZ&O~^T6le(*_`Ig%|I<BCpEqRIdF}YtYyu7@Y{kRM~(*S80i(qFlcQe3dG|L`l
zXgoxm3#6-3bU6dj2tB+jK+-;hkA%U5-LW7@_th&)me`&G?*))O8(z@x^Qob=n%b{(
z%)$dCX@Y1MU<eqKl$4h6?p?>m{Pp2p?&djZla&i{u?UA$I#ta#Rt&^1Xr{M>Uz!Q-
ztE#AU`#3tp_Vo0;miYF`xp9QV_#rSvrX%b?KFgCt5cEvJO3U&`N+}axIC-(P($fwy
z$xo|~Q?e%;ih(Eqf573gHS^(J4h1=5a>>Vn0yGmA62ASwJ_jqdZG)&w3yrvzOiTXt
zQW~0C5arZMo3(LefOwu!#f~9lWOUS=xE;WtL^?|wb}(RLu(3Ln<?dG#oZjRP0P%Rx
zROrfmp0UdTv>sl{WNFhFm#l1dW`kgHWMY6`9+H|!y7*&b+vfA<vt>346@lhu87P%5
zk;nd->7T5r)-VoEIUa#MbH*k$7a?Rd1>C|%qAi8VJGnwW2MSoU#8I4KhVysF3=I&r
zlbW*vd+>wC9DO!j8W`{A?_UE3I$da3PNx4b1Cz4p{H+FOvq38Li-@S`_g(;xH!@iw
zzN^nc_G8r*O2=E|aqcVz5cDR`u<Qb6pM}OB4<Rma4&*R5Ml~JFTtkLBd0$<7pjUYJ
z<|c&h3vAm0n!GpVKwO9dUD1rv#lbvIWVJ`dOl7skOq#>-M%`mtT**P^jz6YCSXloI
z^)oFitxyuWvWI*~BZ*?7Rx-&CtB+~*$&HMS(+>|1OUi&Y!y;}Xa@A5}K$tjr^fUHX
zxeLuiCY(a@nXB^gD$$IqyL<28An8K_Nb+0Gh&3<YBQ7q=!xMQqxop%ymb<D3{QT{n
zGSCt>b=2f+CX!ss&6ug(2{a@5?vTUm=O^-9l`gUTjadO;n^6Pr<Yx4=+^C||p4mG%
zyaLJ#UZaJL&3VjOSVpYZIIj`J;5Qe;BSQ(Gbmg%Ai~p&uWCbV3qu#?q6^)F&j8Jh$
zODnBLDLe$&*5Bh>P2FZgt65i+BHHKxI)nQMxVjI&t7u%yh5i)vyR1n~m(%q1ezoLn
z1;4SVQ&;Rf`GaP2dpkk)UMr9dsp<bJDx=Lqrb5jgKB05z;XAm$erNr{Yl$xKLmcM}
zj%yz@0635uJ|7t=D=E=+MFT`&gGAFx3&8kvNO)<zg!3I*f`JMnys+G_Us>YS5^uxo
zMcrkr<;VJ^^xKs{N!$19z>mQ^st_#b9SsdlY+4%q!NsemPv5z^xqa@U#E^>bG5_9^
z-vO$M?n@(~BvW)SxH{>?M_`^MtSOWA0prxrNeBUS1G^J+GK9TeU%jAXRZDq{#X`!Q
zLtAZ%hHF$*)b!PZBbo^&v{X{JZE1OnaOxdO%F9Oz1TY~10daAMZHx(JV-Ckt)w-s6
z!bBn>A`Td)6l?A}DJ{c0pg42%qelh5?%rr&P2(?0-mK%M3(3j=0aSSzRDzMp=hsE&
z(d{xI#!5gyko?#1%H=Ap_oEyhrkIVHyF<}xz>0|#tzgj;W=2baqEN9Y=yLJXq$r`h
zG2z~GXGk}lm~aI01Z@gCJqv?~N5rS8#I2t{ed0qQI?8Z<3X#I#(awg%`_se7n=Q7f
z=X&3M(D(wy{ccJO1&$R|jmpzM@QZ+#+6M&cgR0~2(F$sMWg-MIVVj0G{Unx@vGEUQ
z?8Th>OG=YoZ{?$C@A6@`h`90~iK}aUYa22{wI9w*PwPHARm#7hHpD};o8lqDK|E_T
ztdwPcl?_TNf7FLDpb60YIBTP9Vys^9_nFGjupYa$8w;Xg7j?4-8GE2~lS+s<PiNti
z=>H0*2-G=j==865h_nuXN|Llq{+?Z2bEIF!N|d?{+$luv5{RX1=s!QQf1s8sVv#no
z%1DIBZ7-V#1&Lkh`c$wu!JP~;$<ej>M?{e>2M7B{#Q}!&{;LOSa7{@4f57jN=oSLy
z<>k^W`P9qX7wxxUz|}W=S>c}+AzT3o(`GdWskNT-P!=u-mireN#19`()6!O4Ev+U%
zEz0NZWOIF1V&lp`N3Wwr@t3@r?QB6Qb5TJ5gx}r6Lm8k7bu+NVs^;}_xa)#n;`1*2
zT^SKirQEM-ssnMeN$ZQ$h%;9zH8$f<z@^kEg0Cjs%s|bVupL9v<h!#cPqyNKKX$`o
zK|x1tm~zgw#9=7APO*{O{s`?r<B!jHOMWdNaCaE``!(B8@N2u1t1*+r6%Of9OP&GM
zzN!C$MJ9WL=l2bxPAw6`ef$5bY>r&`6%KknC^)$RT#iGDpE0oiz*l6_Q;qHArp1IZ
z_;>FO1o6K9DFCY1OHC<?O(bH6US8*?&Vu4|X^%tYfHMlDNh6~f;2!ovyqA3gzd`Cf
z9;fBE*FaAh;#=UkRXLFj%9c-VM3ratt`7TmUJiQlY@QIbk_C=LQ6<{bkhvKzfiel|
zCgWihvZ@AT=1E8g5~#s{mh#vC3V5$K*kE+Q2cEaLX@HGmtyFTa`^4!QfC!QE|3$?3
zT{AyUSXdK<pmFBqLq<??m5D)7Wm&y>26n1&{G~cp_7gH6S`49%V?V@nnvxYZ=^x4;
zyu9UQR@hzrHFPi%S|P?AuK}N$w~L>qrfP|1N(q(^HTX105XhKNb|}=!2WkIcr~4xl
z;VX!Ao$?3pX-xzOH#fKa4*6y+cM3e+XzhuBGt^$0OqLo&Q)5=@;Ob+LT?%D9IZ++E
zvuTS>s@*|rwe4=D#oBxhpK88t*VNZ%s(0W1P5hSgW?_-zQ{2T>ZW_yhH0OhnXmcwq
z0NWD%*hwKm`4fI(BBD|xByEAR&iBVdoXmTqQ^VrvvC7OYVzjh}3qtm--25E;n+kpk
z_U4pR<0HI4o=`ILbg9h#O&jlks7wTV;Ikoipu~q?+Z`K-5uBWyuOE5&k6lzb&fK4=
zc3dKsRlIYDvY*{7Bl-ei6~DJS)a>d45od6R0;BlkXo?y(HG#)y7fy$n=~LZ+hmgr_
z_L{q>RJt8Kq3I^8;mVLDzP&Zcit4fhAFq$0g5^knmp4gtUs9TOGee*LeqAo;!oJ(I
zsIYoybTa2rf9|#Zn6{8lKtQ1AVrA1!mOI+(>hAk0;l#eI#>ikfAY<IsA)2K9B>P(K
zA7Fudb&1Ze+^h1$44IgihR4n{bWR+ttwxoW<{Nzkujvh|m60e^ty$?K`=?`F^>jfR
zUKNQS2WyCd5GIchV^wioUI5aUn0ly(-t?&qGFijDYsLJdBW2+m^gHJ=x1QiEu!$w^
z?f(4N4KZq}y2}T0p~=-S=cy{P()#*jKLmtX95=4jHz#N1>O!K!4J-=Vr%x$752J(S
zC+Vo-iJOK0jy^YnQ^T8`#o8L{VW5Q2n<4LL6=Cz1PVnmmEVd_`kB<+81DML8K~`2A
z%TFtsO#C-jH5NiTeK$RrA5YU!xt;d6lZY{AWn~%pTZ?tN#rS+$#A`9CqHD~!fbsKH
zRaOEdU@99cs1JOPyUeUbmGhEjeB7ln93M>X=!mlq(wHe{07k7yo%BB6olszMbIOiZ
z5x|W}GX+W}C#5~|Vhn3?YPu+@$E1M8`!_0oR-CG|Wwl4$&0UGMaT_Yi5WHirIHpt|
zYM*a2TO$&=aqHx;699_sU7@_=|Kb#&s2?^z-J6;MVh9Zc<q-AW*0;F!^^Hi-?c{CC
zYI<730V0XZ*#^#)$A1oXRXQtO`&3CXoNa+0zpWfSuK?^C$YKB72DLvMt5GTL9KzO8
zs}7d#42`u332|=g5c#Neysjm^0MbkfxvR=lS3Tsm+2N{6=aIBosI#h5u_Gd!De$Ej
zlYp9rn8$XCtE+1X61qnXJ9>J!MYmN{xke}CB$?*9??`(^1*+e63ss2mF{o@>V{5kA
zYRKKrUeOO2ux8&{{GT<5On}yBk!nw5%#4j0fRiu>@Nik5y@}Xas2<oG%yX6efD;W8
z-DiG;-DWR#xQHT`#nS|Ty<OrTU*|9Csy&I20r7Z-otSr4W8+*(=1oY02yrfb{xg)}
z^|H%6C{Cm(rwOv^)+^=~ZBI6(u4j>~&36C=^_f&{Lf5R#<g5-`#pNQ1Ti3XYMno||
z(3;|+R(1jPe&sUwU)Kj%)t<pTd!L=g+Wz>Pk%r`2%KoJ<H15v)axQ-t53O<9KTS2(
zecYZoSD1I^%XfO8LB^?97R4SYO<VeqkDV?AR2@h`ih1~5q<Z?e>2x(wlmMZG6`ppH
zTlfK6VW%y#Dr;J7^;Khw=iw@ls~Ck98zqeT&2t=(Lst#6Po)n}WdcQb003zH^5t*>
z6aHa`8wjEwrkB&SJB9o2z0feNDzORseM)QzQW1lP$OF@%l^~7MbdY1TuuvjU{ZTZ-
zS%MW$D>E{Jz;W0>oL9AVW8?u6;5{nf2e3=8B9Jo|um}xMZmitX1D*4qQrbASEvoFP
zug&k-NMdDeTaE_#uXqJdz6ID$UMmMdcSgot0PdF0$;s86eCs8og3?(aj6Z-~fspql
zyM+;Ne7xrK=bU@fdha_tz4Y)3*}rO9mzS-M@{I=K$i;tuC#UxuxOsy?2ZO6Bmcb@*
zYg=10I0klj6I=S{)XJ@6*S2h$hWQCyj>1oC-1Oe?KhoLScZGi}oqw@vs?4ycyKVWy
zS3inDVtb{9t#;y3^lljF`Z|UF4HGfd$Fz4$1lp%fA^F9M!qVHjvub9<CX43zec<wd
z&S2GVpWW3wk<spYDfeNNlse*jnu6bE4nkSx<^9w>4z@oM?tbnCo!*_yPoU6ot<aJ#
zvKH?sMR#7WGyJ$LK?r-axRce+9%FP#Fvb68At#c{nD*E&!Y020Mhz5E`<_`T@|hO1
z+q(5MUMTDnKbwt-t8MhJSBKr7q?jI~M@|;7vR>LC34n&{qDG1a^Kfu*K+zA=()(5C
z_~5E`rG~y%I}8>tj4j8-Wb&fo=8K#lo;$JZOe)$o@xzuunheV4wYHL@&+;&wdptLe
z=f6oCfFT3I2pDWmgy$>aQtbo>>sisVC;-v^8VbR^RA%u;6|`D~NpYb!vc{tuUI_Qs
zS<|O~{VskVt~tKO)#G}NfT;T_tMsHaA11)z@e_X=BBexO*avUZDQ*^aeW0d7G%s~J
zQ@IZY3BvB+;^Mx2P07llZ_)5QYmN>WnBU5i6tJUJBDCA!JHHpu+v$f;!VRy{u=oA-
zp0yV1;8T3#?7U?03Euf<?e=u>zi|&o{OvR0o&G=V(2i#SSnNc5{82mvZ6gMwl`CV!
z9L2p<>9q=<oqBZ`$epn?NbTk6Xhm7N(!JU7w(`zG(7S(YToni2hD~2zE1FjL<+eR`
zAmdP#3|*Mn3Blol*G_+w|GX(f7}kZ=k<aev7f>O+AC~Ul?DRb(7cl=BK1j!HZ6C@z
zLU`HMAPb2nrgonGdv$@2nEU`Yq;<8HjKzv+Gm<m@@(XVfcqMK62G70BivJu!$NM0m
zUPOivSEKJo0k{F{;@Hy;Bf0d9UwE?m&$pAyIM2_|(NeYcel>nPGx{K2Ewoe2=a>{$
z+9sm3wE3A=s_>DXD|0=4xl}w_Sy^vMgP<V{AeDS&Eme5QH^&lG4`+kO1VLj-e7u70
z2=p-C{9U$+FYT&Pa~S}x@-(z6&wbKarmi~V0EU4*wz-+YRP8hVZm}lR#?0LMAyT}P
zj}OO=XI;*9My2_c>9!$Y^>s<*Q}{zfe}8`gdtl2D*v|425gA!C%q}Ft)0;|l_q=Af
z_a&a5#sLe<OhPXi4M?`c<4BYBv}R^zazL|};s&Y00RchOY>_^eBIqR7kjto@aDsup
z#)!K&BWy$|snlO{fzsh=EYJ-QnxfwagE%0&T<x|ucCs#h(ftN{Josthqo}BmGNg(=
zm>CKjn3~Q+W_-K@hoqK4Zhx0b6EpFJ446K{ImJU1GQX?R0`(9{g)mi4WNK>a@Yq;K
zI3^xP?zGks6|rEdh?^2Iy=XU`lI~%7sey^P9#~Qm8U#*3*!wbsT;7ST8h2b2Jw|l>
z_v+8dtJCzc5bsXBaI!p=4RJYpWxrq_P?ch&vUAk1x3V$;hDe(|-hH!*tA-ZmkS(M=
zl(<Ky`IvuOH+|ST4|YqY!O~f5(+pk0_!5lXW#WyQ$nvDUaie#~QL+3CEra*!!TxHN
z@vk38`1UWVrk^nhd{ZECAFmqi6TR7%^M(bIR@c|U-K@E5{}!M-YZ{Mn*Z&OV?1Ds+
z&z~m<`W(CY?L|cQ`kgEc&}{}?UWLP8mA7cQ6??R)1`e$7SlOc_YlgtawyX1Uxzbrx
z%-(Cj@$n3}`~K=_{u$*S1c#3bjN(;(xkUxctTfx*iag8~cI(iPUwJ)>JJl{k#KcK=
z|NPczzK=j4W`7D?n@Gz1x^WP04(DFbee^i(_eantBehe}xDn`PKK$c`d^Ic5;na(&
zb?-RJz1;q&756&sN$M9cch^eRa{fZy3jJcv$PZPm)K7;4kRp+AG@TgxTi|9b5xd<l
zqV-3d@_wfO_kLLTKb~#q85u>5PN2xeB>YZ4c+F>NGlG;rfdFMb@O<>@3+3wzawey*
z_kzeQOp)xQ;;Auo?+gXL=3(MxU7s!&(-K5`EVw0l@r5ij1}up4N^bMc%iWc=>B|q1
z5o7Nl4DZ~@zwcnJTlRbkKk_jsZM8ks*CKbHqvAwDZQVWLS?PLk!K^WURNMIQ@Jk#;
zqK}-MK3H_j{ERk2qaX4(bH|G{;<6vJP;3C*5ANgbv`{wAugXKG1(}fa3gz{la+gDW
z`9W5YqgMe66`RoL(=VBy$_iuKSYNj&-V-mj_Q?;C664jt$~Zbkp8Z9M*7RkmpJQRm
zk<te3W<8~V@S>td*0XJ9%jJ)M!&y(3=Z(GD8f-$OBeV$%Z$7#pp^N`u_im3zIjA2r
zpMu|l%_olufsKGX*LR|t;eTJ67|8j@?a!^edRId^-f+#mUByT}(C9E|`(|14F8d2i
z#@puz)KnDB%W&|G<L}Uj{lZoniycRua;lP%PtHeF6UEdMOu=Y^tgHo#jGj0s=xbF@
z<AD}f{KSZ+v5ul=u%YWi<xuCw=bvJ3zF{JLQN<#rr-jiX(W*g4uYqGPzm;ewKb+b&
zNCVbT*dYJUNLT|f@T|2^)q{7kvkM&LEmn!}q9ngnDjl=FUv6g0cuFA|tObV)yU+O0
zieP=*4dc`WBj1P(_Y6ApJh_*hviH^1)$r`>_i)Ux&WQAIlQcOw&u=0zuM6u=1D_e9
zK?jqM{1@BY8JnLs(!MR}YILb3e6pVl8uke@*0Xd>qA!`uUfb{78+!^8d%HYEI~xr+
z(1Nfeq|%BWyz*$FXHmg3k^|%}teeC=YH}7k_dp0(^~1Z<qHlEsOca8H%Bs1!eJ`DH
zu%6oRbYd2j3#ZQ-Vwzh2CDvxH<(UW67&C|Wgjus{d|aEFp8nNS4A~#U!!eipI!jS=
zfAtsk|CBi{>E}9pm~lWjo}JvkpZL3(_Vjb)C0hp_4gLA=lx{<E4&2K(;Y_5oM=uXP
zBOuZqN{RURKg)3^J2N`R_P1}r`dM+<qfKu{h&X+js&Nn~>cU5WVPQ6S^W<oz_wQ~p
zbl?Q`O^Dq>E~hPf&Rp0;oL>ZYJ$v``m=g><f8p4wWlb#O=jZ?2<p@b;zcu?_`vJZ!
z-qpBM^x%Aflpc#oQ5WztFcxRC?ymhm^9PoDA|#^g%ux+LYG;@=8g6D1Jx}0YluP$@
zWaYS*M-_#2YMegldMO8D3NR)HG{WR`>@?V%hg#m@LNH({l}A|kh41MM{BB~vpze6r
zE0d^|PG<cVqpY(d9Jp=Zyo-+Bud+Bfk=|8QSkBO5lBa#4S#=}mzO!7_gOUQOY2mro
zp)}8lZy^@;VM>P&9{SKuvG>LF&y{d-aM0#Pl%M~{4U`{C6>6G{7C*X(Dt1#K=Fy9}
zH{S1aq;!XnH%}AoEd{Eo(F2|4Pccl0a;M>-xcmFWVTWyffv+h`$$$6KL0^JoTHBr|
zyr&^TEFA2y`|f-;Hja~}ZNkV$72Q^VL%L@E{!(CmkG6ITG>h+p;t%KPPQbQ8qi@l~
z-yfuHW{RB?*iYHthlzqvBw)SzAs-k<B7<R=U`-e4Y5e>?Fce|0bM-cQ$MyHY7yC*^
zvzR&hVWz1p9{>KD?c3ApK@=c>x*p=CiFKcSW^0QgBq1r!{J$2pZpD@RK+0Jas9kwT
z1)Q`uH>>{LUaJ;9chmGTVEJ4h;^N4vdkb9m!0vzAqh|4Nrq*QzJ%mSbBT#jfUVd(4
zHCQ@&`E)#==699;QdB@88Buh*7ly`yrWCf4B#M2J%g_B^qfVL$y8Q)-R6?3@10lAw
zzSaMmIy0}cp=6~+W~D!7^6A6o5Y;(z-qV<579Y`0MQNsIBJ5Ft0es78yS?)>d6oiE
z2!!(`4s@F>Ua9BX@3^gM{ccxyH4<?q{mhFt(H8!VJ0k{9=uzh_sEL~~WeN{U%PT4p
zKt<)dPLI#bfhi3z<lPM>N$Uc(UsZCa!@US4J!xZY<xO=>HMowMF&}}l_32xCEN7u|
zGDvAjYiw^c|M~t}d+7KTFBjOx_nB8k+m{0T(DQ_w_rMjF54qwe%u{w<2<KN!P@Kas
zUR1;bADL0mPxtz|G<{dtK}D03Pt<>NJ3YG5)!Lb3XRe<`oa;r#08c{wc!;duf(5;^
zq!X~cp2ZVIgWW(opQV8YYF}nQxwhNF8Hf`toSdA-F0L;L9QQjW3hYq})aPz<3xhMe
zKl-%Jpn?d1b56Q2-dBA@K>YyDq2<q@0e5zGL*MbBH~!)NlbuGd<&*R$nq27{M{`E5
zg?R3y^cV%9OG1z%i(P$&tTbqFzR-Z!Mvm=gvNPM}(+dR!1kjVPWzGKb@s~ZU>zAiF
zwlS(v&EuoJS)g-Fwi~V1lg17IOXTL>dwu!$M43ao1BoeF%N51`&;pDuRxNBdp3FHm
zjopFUlN>#0V+wQws^ZyR6(m&W@n<=at9Qo1GkJ5i^lkhNC|N~CW!hh~YefC;&VK&3
z&YRukk*b>}6hQ8C0~N*mscehIQv#&9&CSO1=T+6cRh}swxDd_OY;F5|!r1bIGxL+?
z8_RvU`*;ALLR7Hm+oX7)3Diu-P+VCF7eC5Z|J+=J%v7a-HnSIW+?uoOs|6QWDR}6z
zSr|nzfi@Bccb*$CZchFxzQ1|?sVj;ORH~`<jVB?fXsU|y(OBueIu}YIHMZB4Crnw=
z6B|g~Zam%R&0HjaNnL&Yvc%Q)j*^>Oqzz~)=53;BDxan@36_TlyD&CQL_ZgaMVHq8
zOikn}KC`VN{)V2sL|nJV@7od`0Y~ICiJr+*jURud$A8hK`Pu8iZFP^%F*DKT)IVex
zvLqDpE%fjCn~k|>r$tC}*|j+<EBQfl%}L5$6>%n3y-KMU5kQ$Rm{+kc6gM+~zRdN7
zs*~KR-eAGMPJj`7voi0q6RUE+eI9)DF>OnClw^ZP;v@21^UWnq!rMYpv_PVgY2QS4
zY#%M|#QiS*yMCQed*+p&U-T8YX@@2&WI>$ayKN7Hw3x|FhEOkI@5o)xM}kzu;JcPr
z0>b`G*M8twwaW?mVA^pi<q#K)m~h<T4PCa&vDt3Ev9*fOTy>$5aS04F5h8vD242(4
zqI%9_wPJ~O8hq;~MM+n>B>ukthD7xb?H(Pu&Ei9gAE%~-Kc^<^pA4|CG;_f7i{;lJ
zXvk#mHF&(2$00S+q7528>g()stXQ6(2G}SrR!7>Fy``>lv~*;GJQbTsiUm1x?;Z8$
zy_4$^qa=<7(Cuf!0>bW&ed3?xQO-J4bTy;j(HSHZa43HrI+ckW>s(*A*~W%;C*9g#
zyHfqQOw4Lv#$P(yqlzX3JZ0SJaYi*i7Axm7pTPCmEbTJqj^_zbtt5kd_wOOgG|>})
zj)kT|WRnv$@kXgNy@RyiE7^IRE=PlvYX7Xdsi<fVP#^8vncYwSZoHvhl`nu9*xa^M
zM5i3wIp)p$gfDa#4;|nr-`-C=ZmR#fNs^7_On)_;Xl`xYb9q%I6boV^$2<OKiut<d
zly_e8&uvI_euJZT8NT1;D0GXK!T<C+##3}A2`Moa)n!{t4lbp<3fQCW`QF?uU7#NN
z$7;DWHV1kWy(ARaCbRUa%dy}(^6W<+OMoa{n9CzCBXA$&>>~AvJG$>J|HuE#vP|fV
z;!ft{#!i=COB`6F27vEvN0j8SG5ei|VyjnY>DL`fRt0%^jC`1Z(Hv?4ZwGZ#FzAxn
zdBA)E<LFHxe>20JDwO|kCWem-ehU}c{sRDnyE;}W7af+mVZV;3269)ZlCZ$BA1lZ0
zM=Rk+0k}p)i`%44<>i5HTL!nRNbq|U02*GFbo7GmfPM8H;|G_&StTAg23$PR_BYno
zj}>DggckD;FC&8Gd@9K3!97e;x%Zmarc2wOfCEPEHZM%FU9VV**RT6k<YNY&@I*+&
zeHPrdxVuRdEyIBY)LA;?(~_Worpnl!vhn#r{2h4CSSP4>Zi66Ih)?Z$Gq8J@Il{D<
z80QcAT!a}K`c~(Cjj7Uamo84WVz0NNo@h5l1MMe;$*AG}aV;lA6U;+|AX=VR$Y|Z`
zVZDAewu3U`eosva1rAcZ#;RRg29ddBNu2j(r}xdN70(^NlO8aJqut2Wg!s1*lT?60
zvI#W=4kKG79%QfWhE4!*87@c0uDKsR%&Gbs0;a`9zl?x+lcJ68ehLVj<4s1&k|1Cr
z40g2H={r+xzXYa&NLGaryuotChc2?X=y#Y+Pl)_a-_A_<1t=>=%z9j3q2_hKC^0|(
z7<x`z%IbHDoVs=2I@E`rRaq!sIz=3fPQZKT7n;Ng{r86Ci+$47G{-=d4v6QCH&q-E
zA4YSioPN~8WcM_32@I<nA8*xf)ivi@3SvUDyb|J)R)>lH2@p^}|A0&zr}fSWoUS7z
z0tQ1Nk?5g(mU1~01FGC7!<Kd89@%L~CP3$9*AF0*vXeRfhh49Ik6UqbN=x_Zn#qd`
zmw$kp%p6>*Ng3SyS44N(17QBga<3*mXZkgPcv>89Irx$mimZDffVy3~1$>R~T(=4N
z1qFgx)#w>UzViu&s|myLsVLUS2t_oscGJka9PMO50JAC5<;X@Cjs-c5Yo5D-W<BTM
z4;{Ou4Ubakmy}>S4^f!lsKqR^=aPEPqMnP*1}FYvZ<y$Ffp1BP<8J#ks(wNa!@9Ra
z_`Ax$GusV)hj!j+{S?u!l|5j1B925riyUGOG7k}Dd_6C*xrEsDbO2fxUs$;wo+5~@
zM{;5(8l#znpcY|*SmPf0YAGwi*G?6Oc!g*(oj!+j;!IqRSUVY{=~2Lh!5ni+M(p#I
zfHO-DS%`l-%KlJ(x(@kVC%Qxl{dyb?IMq1=*HM4Gu?sdXG^q|c)c$h!b8%+ucV-TS
zHAxnI<*W?BUE096x6=N0DPJ|7C7?I=Cv1Hm_ozpk!TR6B##vE+GbRe<>w9H~&(VDB
zFSskzw>I%2l62A}eMzrhdV?Lvi}u5AJF7<g--OZ8XZF}o{r6~+$JngX|7{@F08Byq
z;-|9&E$w|{Qm8lQg4%MvM(0i^t}fwV-A!NsK!c4H5PT}ldR3RbV*EP_Bamm+U(Q}t
zb>J^n1cq|?f3NXaS=sH5uvT<eNI+~GK6xQ>A&Vwh6-D5p^cSI}Vt(sBrQ!wg;?Yfs
zPn_CN;IHpj`va2$VbcG7oq6iA6tVY)^{Ed9bo;M8?^T`GXy>orI=Yc~pFSCsExk&5
zH;%Tbb{3bFU)A<bf#^7Pf8jzmGbOB+d^@eE&wgg63g$}4ir@XWrAaL7&4pn~Nopf(
zjFym!9Ao|GmJ2nB<63d3u9}$t7_*N6&WBZ8*x!s-iw?uYPsA^2e00_OZ~C2-nkj&j
zP4jmE1SWLNLo~qy`~cA*zadF_RIkuMIo6-Or(yKTGg=eF4>n{v-6G?0@S<7*Pd5Qw
zPJFnKxrRkBLF-Vago!xorVqG49`<#1k48-DJjGh)2C16}x7#0tPd-mu|6-m<Fw+xY
zOzzn-TBVmXDg3e`hBWvk#7(rRM|>G%e;jcAs6YFe#8SUgnjDV{7Q$<0XfCBjMnRc!
zGn%Z%&8l}I7rVb{=@vDlC46Manf+T**T{1BzfB{9zWD#5Ub=Bx-USN7v{z33JB2Z=
zS^6jug|IE%A!8J}xB2GvW#_9r5llQ@TfOzsjq1-599ZKATLGVr&Y!Q69*be3v`Vn?
zG(c!T7^N6^Ki|Q8VtXZrrz-ggg=8LP)?btFmp`dE^C!Q3`yInqX>`=zN6@3qsQ!9@
zaXnAyo(iTLSY9Xz3ye;k@X`6Ui_6{qwXyK&cqF&INuCijJEiY>Ty{EHHGSz7$)CAu
z(4un0VC)Xk$jvDWCF}4UurKb5zy7$ll$*d;^k^w*(MbBXhO?|LVemStr_vQe@)=f^
zno=roT6hSyaN>?VYb!0fwkCN1+r^vvdo;;Ii#00Bln^G<z2A<_zb;l9U;S)AKW%~G
zE$e_;%G<c6Sd5SF-8<aubi9^ukvi3yI>7^`ozE2L1#g`o80d}+d(%usMKYcH-77lm
zcE}QAcLp~fP>5GE`b`}CPb7ZO5x3|BeasLniPffAIB33%{^EaLw*$(wkDS%-eFt3V
zmUj7%$-7t^v~ui`PSOwxaW>5iWE$&p%T%s|Ea-OKl3<nO7+K&%&``?Z_m)ROi?|ZV
z_-nW8=HTVNHNhhJ8XYn@Em|_IkL>LlZrF=eIfolO7ZC%WC^~Ok(aTx|%gkTRv;Hnl
z_tacpmv(k9#pxmkj0k>4p&a<7hpu_A)~fMMa$N7ELq5_=kOYFFlm?ou{+1}sXe8bV
zU@L2A$!w|3t)7%O&p#%y*qLwK_h~-C0C(GV`e+;*$PT%b^>ub07g-`~-}q3QN}<@_
zP|+I4lB#RY?Mk4?XgAy?2C%>l2iHY}5jB$#rh{%mYRvqZ{Sv;zMDNA@`}co?4tHE`
zGy_S8@|~VE-u^+_U`z^mY|uX1qcQw=`72)pv*hAk{hptN^ZJhY@dAl*FCK!hAt>2q
zUE<-b`lksA3EK0N(Ot_}45xwURMDgPfbNAZo@>Vw2ZIx3cTCZrWI^&BWKuT~AA#te
z$Gg26E6ps6!o?1ZS^N8x&OM7l?)Xs~0eny2Vg>Q`Pw~nMrMbI<13XX*eM4=#ekW#V
zXy~zT513sD^`Q^)r|!MQD0$EMvhz>zaoGqF#+Tc50nR{cE!K}_%s)QJ-`yOuOtlN>
zOVshFiJnlBY20f<XKBCmRI|VU@(-4QK9Ffqh7{Lz)%?JhaUnGU!o$;e;%|mxH2~Us
zGiNI=e=6WH?)+f*O^LAPH3CijllN}dDyS$uzfpGcCSJ=XPB7yZ)6>&(U1BCgc@G$U
z;5^ub*45WUbl(?DhZw!5p@i&$-L+0N>@ILEx@OYm_jfFKs6T)H9N(d3v+Q@*#&9e{
zSfu!;Xfz05F??jQ=$pB}DHT-No*eusp@q70$DR^Js>r|Fi5ujO<$1FNItbarYw;&^
z|4rEtwuc{5O(@b+0e5+Pqf3Flxio$~mBF}D9$V6tbLCiq3tSEtuUhJqdf(y5xwc>v
z2<~*ep#I{rKKj7xG-Dt%!;SwgVLwJISqTeT&Q}HB&fS}?2)kS$vajt9d>rc<u)y@G
z%8q*hm>XcW)AxKg<8ejNeU_OzkyfS~{++^6yDnCvJ!aDpw=DU`6BVyeqnnpP1Q@ak
zf2SfusNJmhLOE{ws-EyW1RP`?&uVkrpQ-BTUqd;1A0+2&{CKjA5cH=%+?}*D@SsXO
zPP|T$C%g;~XS$@NRadCGW=LksJpz%}GecQY_;|yNXz|c{#YH{0(VM?#FB^QXHjD*P
z(NY0xO#hC+Cc^jnQZD2Ay;*&~DHhb$RqzNVrE$Vl=0Vn~jBtBp<?5~cj)L(Tgx)W<
z>o%Hu$51+Nn_i2x4blR8^X4s6m*Z{Ia^6x1n`G>1aL~-fF2Cg8!-c=9+gD3I%izAR
zlyOt=V?JE*c6#|!ZZx~n%~--cKh`>F*mzuJXlad>QAtXcdXRye>YT<2>-Jkk{wi}P
zx;i?nxWu#{mX|Hicjzg9v)J_+4!|ZbquEX|D8NcWfNFf3b@971^M^O?VB%4Ud1#;_
ztd}@Ras1cbDBh0+-4qsb@*sL`<cz!P!jc933m|Tk44^kIXh}HGL|3WVVOxK6uzUV#
z@cV@yRP;17yzNUl%88g)`wC?<9*_3$uv*DJ#4ibUMxuho*i_+{+AgFR(DjhE7OL*k
z=YWqlFfxV;Cn%SehG%9TvZ~{F&qs#Hi{Zs)2!owy{~u9r9S~*rMGK=yO3cvR-Q7sd
z(4a$ugmg%agf!AaH%P+(5)uN^Dbk&if>P3@blr#dcklQ8Ek1K%?|s(ZXYF-5&GCQg
zcP{|NqzarC;Qug6Jq=ZK0eT$=Q1PWe|B8PcUy8+xfvCWn69Xrdo@Et+@qb*`Mz~PI
zfIr5K_L+=|nvgk|X?yM2E={Jbu26f#Pp@ta_zD;=4){1D`X<U@Au%z)4`_ihD9cpf
z40iMvSw(EAAF~0KPZ)OWL9@$;FW``ODDMGRl(#&VFqW@9N{svr9FOn5C9aE7b>&la
ziGM{h>{=|z*d5yATsI&<`@U9d9Kdm`ZfE6E7y@AJ`F;oJtff#IN#H;*U2QNQW(gVn
z{KY_zE->=QU-R4x8Y`|(L*9L;HM}92UW~#9QW9bcZa}7FYI>URpMSh`sFK)qZ4&c`
z{!GKC7~C2|%e)UU9w<>MhPMSH_iKUz@J(rfo4)o?MY^5>SbcqcMr!}q*ce?PIo3Mh
zEsvFRW)=J5P^|c_H1}2HeZKW65U8$8Zbly@aay0$y6-6%C=?bK6vzR+b{hb(O7333
zCuWa)z5EaCc`Hx_dO2CXI~DkE-uZ6~w~=1Z-go3|)KCZX&H4mc{oQFKq&vHX;+KEC
zgbY$atP0SB31t&|M--vvK<UH0GBGSqcUnO&>N6RP?TD-$%O0biEzEIWwNz44O8CD1
z(JFrL&Es-mLR}q){4GPCi!Fg+eF>ELh!Hy}eY>{~GkJpl+LUnPpU`A}hf@P9uk-sv
zzb^}2uRDkI>0&K5gq_QX^oBU7dt1Cqa^+lTiSl&2XEvD?Rq{*9y2P9D3-mM;(;H)#
z@6_Gyy82wU_doq81x<-i%!>(Oq%8M(HV=1S#DDcIw>GtPb)%q_mfeKzd+iZw!C=D{
z8<TD{9$sSr@sqUYr3}wP+AM#;DMH{CJoHbW+1p*gm49^vhXvNe<~Y%d;pM5loB#H>
zFke*+Ni3Xy;)OV4YSy^#mg~`?wjJ@C8(+A-4E}}4NAK4g)O-kjU5#&N2*osb97LzQ
z!LuPh%{MZZzuoQP^yqlaI@G-Y3p}QisvV!SRyTwud}rvlML9<}J>&!YuW^Hoy|iEW
zqraQ*027-3<t1Mm@uM61wIcWnCL{$+bQTd&?~(V0dkAz~ARY>U8t}lcdHXhU3ufbh
zpR&UoenS#(VN0*DqCecN-q>r@k9T!_kUH){mAm`bA6iEv=L$jj&UjExlW$EN@I2ZF
z{)6EcPEKa|>R;e*^}8arTz@bE8)ocUWHQV6-;ai713&7h7-#uT^Z)zjxD8R4eaEHO
zYOUp@)vPfSO@I630-oY_Gl1lAy5Ri&Xn}T`_`ku=l%9Qyq`h62^r3j)Z-9kwcaxO+
z8x2Gfl)x8^MDKH86zksnN4#GkZshHk?F)XZTl4HVl4UTLlj)(^pYrqXppkB9U04|a
zJ9|I)o5Qz`tONXHw*pSc1^IZ2?^DB`80YIM9x$0x28({R*3FR#e1XWjr|z3|G%jgo
zO^gRZe)saKLFZ?Ao`?Lz*<)4foSB1wTu+u1Qj#*Rr?~;NB}3b^kq~(wU*8Z3A=bxj
z<OQxzWXjU_#q8XWyMclGqo)|OtApiUkU-T+R3a2$hFt3EXROqjK=Ujr1x<32bXCaX
zs)q9ZBiHXd%j$ctGl-vCVlt(6BI+NcP*76_AU2y<#@YAif4H8Sc7BXL5cwPfe4@Ih
zhQH2VIA6gnoY~hH<FVb>%R#q(^0ZQ0bik>x&yc!W=SPhwdMK0*MJ!rW%zdpqy#K?Y
zFOw87!tu&-5hG_`vr50W$BKIW!~1qXe~^pJcX<#Au<`i1y)MF^V{n9?=c2qcrcQQT
z+GRe30*P&d$LCm*^0<|CM4a6a*^|k|I%R`re&N4G3;6i>=<ubEWkE7$@IgHqtaxw_
zoa%V$50m7nw~4;#OF^doJ(L>PNk{$4@_P*u#;4|R^EDUiLm8SR=(>~5J=AdQR`NOO
zCE}j%Wkh;SEZwDZ`<b4-vvZo206V~|mb;!gW4*?R*)v?f7Qe9i3V4~mNTrBTsl>Ic
zb<RSqs-(_kQLL+-E=l@ybsgP@m-esAJp(~x-&wl|_3KYdv)%&q0)YHb;-Pl#m#<MX
zHz~tw<Zgf$JdPdZGdRWc{ORQt)X1@sob2vLS_{w&k)giTa#1o(ZfI)CbMUsZG{Ip1
zTCwSoHdj%B<L@=&AO9q$X;HxoxX#z~9c{{deif}leHS$7|II3=#!i<MD_Rys=SPMT
z!_H=3MhwMMVVrUujvU;GVMQ@@+jpI&rlM><1rj8!=fKVH{yXw-wdLjSW^aNOS*sj2
z6OVyh;){{otm5#>YE@dG)L&1%QH+Mp1ABCVXKY-VL9p)(AG%6cuHb(o+&!J~l}n~=
zm?yBq%5*qx?$vjQ<yWgMdEPiAd@avd_^@+yLh~fIN%e80acoVCc2`I7?HO|70bKz~
ztF>{X6KWVsD3~Na3G##ZZQ8iQbcJU;Cr7mUDoAW%R$r$=D)3TMbrlg66#~K5BkzN1
z8yod$0&h>~c$~VM4u6Az&YgWNo%+eC%Q%j@T>~@yL2REKYVp-cQ85uz%x}+Y=A8xk
ze(c|R$px-1nw37`&ruoHvQg365qfTTc$crM!YBpYHN-UX3%>FpXCaIXU3Pm(CrI|2
zzeg+%)tNGZ;d88mg@fT*J@LNBzbDd2x!3fc8|&-HXu_azqbTyS7yLgSBE4BGE6%rY
z6_5=XJX~Bu%gb#eBV&X6%h^}HPNJi$S%_0Z;w7l1(<69y4lvb<E=v{u;aZkX2?!^R
z>@C>l;V#0doto#oOS~arK!LtVC0VgHoAUCTOozf_<WZrWw`rSa|Hrz)hM)W@$aV5B
zS^ZFx=W%Sf+|P(obAAoBf6SHg4#HX&nwi|ycrX2MkKxo<1*d=@&XDU^lf+PSkP>aP
z_6v`T;ff+!GG4EL2)r@ky4CXEA}wZ#Uob=E?|)HNl4R2JCyT6JTRX6;K2NF_7LL<!
zrv~~Ws;a8!fX4ab()D@PM<I_Oixd;5$Lisulth*TP2!My67iXWr;vPMxRPjJZv^#s
zrw^cr=*vp2_PsA$`ac=U+#AZ3h518y%Q-nlIILpH84i9jlK)zl0QgWsbW#KW(3G|`
zHrZV6vZeKVMdNq;5}H=RBywlI{!MbU{95+^<_R|Rs`)p>q$Qo^dc@?;sG;NUHe0Q{
zZ$fO|FtI5fW1uU#&Zt^xXw>&uY`WA<9s~X3s9yhzOhgrfO?^Y{iTV#`56RcpK7Z#@
zqXSuWp9l61T|=A{suu#nDh&@xu06%?B%VJF<>%A8ZLxAVO5WU!uO%Dka4xG5LbYmZ
zXxImlPt*a?g}y5V+*HuHOeyC2s|&bnR1*$lBi<>}u`#vq@PA|O*R{N7(0&)f)wf8R
z(0muAXJFOIAo~XL&#u>ywSHIE88K5R;l8%}h!l&MC+t6~bX$Ib!9%AV%S1Z<okHy$
z9gY8*T$T`IiOUX`oAGh|SyV{Ai<15Nv~WL#nUQZ7UpNSvD-jE7=B5!1v8wT9K=t{-
zn5qPLZGmM{PN}XyrO1nujn#?=-1IcvK!1hEgESz#5)PV+@9RHfpdgF=(xmejqffNU
zgbQ;B8R7vnw=&aIb6>79C9AltIdsMC{kJQ7b}l;~;le3yjC*>Ne|1LhL_bwrBQ%X>
zkIB%klx)73f$8|3HnfRVm-2BY7)5dwr3&ZUN<XTfbaD7=ZQb|b``dN;oxL?%S|iV9
z{~S<go9YClo(dNp_Rq`f_4zArh@XJSo?zJDl%o$+mM1)s-h->x5?=7aUlLLUnW<#V
z_7zN*SOelk4FPl|oxC;8zJ_qx$p4#lb_G%|2A7)yV8LDv4HHnZ@;VJ}M|R^R02f-6
zhhaF|hVko3l~RwxL40vuS50w41!%f2HS_Lmz6Ex^``x6&O=G+1FN@zAN3Q=We*4z|
z4$3pd%Tz$GW5CG7q}|zTW@!ED?;osq0NC-F3RZ2sbIzY|STFAqxap^w{M{>>1Oykh
zT{zXXh~0O11*2d^*FYjUN>E}KX6LlI#EBCe;H5Snjz9JK!3dm>2n0v#;{4PU!=EJP
z+pjTqaaEC<@<>xTso)S29pINkgJ^bY{FfT`&gBRmaSq5hWnZqE`DTwbHzfoEKkXxC
z0K;q@Ml<PtfQ3MJ0Wnd1Eg9r%{!^e3r20hQ!~Yf@kpOV%)7(&f&-W7n|4hH=()8E1
z_<OfZX)TR9Tj?NE8FPTQoc_fDn}fR)<p+9Slv%p^fq$*>9gGCE05<`ks5AEwblF&!
z)Q`WoEZOWN<1>B6Rcw|t^l#NIp6IWY_TR(Q{8D|;;|`i7{x@*QD8L_4A0HV2A|5$i
zy*0qv{pLrRP)Fmz5SVnlEu%waUIL(^LG4;V$)au%=t6cGX6^ZsU72L@Qx%ZZlcRL7
z>_9QjG}hHELL=@9U*+XkWzNWyq2pWJ0B)S$o$aRT9<{pu?)C_DaktW8VVT3{(jQ%F
z+P(f$^;5%_f^zPz&j04z>8isb;==n{C-1ZD{bj!l&~1&W?4|Q4DTG-=*f*;^hWl9e
z-;|@|h?_HIR#zFpj0eil-R+iPJ8kFFba?f!#b5`t-mfPlC?a>curtY89k)ELerI$3
zAN+v2Npka>blOv)H!*Q>TWGR(zF%)$NaXkSc8jfDhCMm~y3N}qpiC5SUtON0Z+1m`
zb+`K9-wlA#<CLTF*f~@FTOA8Q3<gPi-T0va7a3d&U6`RR6nzPW?Q$t_pRrcwE>Ri1
z570&vT?P79J&HL#(qdx;txU{GaQj|tbz4PWW%m2D+P*9la(;zYKm8yn!4ZMy?=Xvx
zh6xyGx5j@Chl+tWK=|@LRxr<Gi*;eh64GtSRedLfP;er$<$TJ<%C}3SSmx)u-68T>
zTBwu44o$v#@r60>=ir5pzHiagB$q7DPNspTiN|rf=A>cvGqq+kTLEm*$%VYHVV58A
z_DXR+*OKYrG(34#p2{d(E<>>0Wmg|-WS;N};iuPoYV>hg|6Q>_>F-H{5H+1)VCkzE
z`-ESO;ffhKjRbZ@Y<`SuD-e;B=J@Vc(Eo-KWix=b?9zjgD?o_Pmd}PWjFFSOhyt^k
zEGXdzEM@Ob5%IM=g@Wz*f__<i|0AOjXyAWJOcVRdk6kt>{TJqjH-LSHn}dKbVUqQV
zWaik8I<-LmRm39O+b=*#&q)sL0|9DbUi{32bhw__*Ya@Q3PCuLYm#ok2>Kw2pn8>l
zj@17eLCH#wy?%8CsXe*Q#)|t;u+&7bx%}ZibRVD^x7>8$%X-Zeh+G|%$Wc2KRzxv`
zIH9Brza-SE+$})=&Pf4MQYxcj_+l>b;djjyP|SR{2J{QUO9-gIAb`zYnN2BnHCsId
z$S-+5P}&~6w>~7zJDIiUJ6(MF{gv)U6V9&(+oS!Eb+#j^2W3H@`V|z^CypvB?ThVS
z0vJ`OtLAxzU#C0vCe*wA#wXYRA@DvTNaM#?E`5`HSHf`j)A#dO-?|RWB@Ms0MC<Hx
ziRc&bq>Zzr8jD1(M$MQo%O#Dfb<O+KIkuYx=4B{3$NJb@Z|=-p1(dfaQm9Bv|18Y7
z|92E?=WB*l^BWf}k%?MpBS@A(i>7ey3~p(EGx&S##f-!0L*kk;aunNg=ijwr7??^<
zJ5e*buMeGH;L@S=)Q%=KXi3bnO4rJgQXYZVZRZuTB?M9^`e^Y{8Z9wldw88U@NBQ+
zEbxr^TZ>YliW?~i-|=rt@D1&y5gVmxE=PJ}s>l0*rLK*dHgltEd*iG{6bSKX?EsuS
z6y(%hx=T9E>F?wfvK=KJH9!H8x4@`fk&wBHe7zWO)4F=mTQT`^|4mO~Q!&&^(X|O(
z{Jit#ZmGcWwqnr;rmZb~Cfz5C)3JIOeOvlTgab`@jIUf7^Muf_(*R!bvBIFt|0hS%
zrS<@WmIiqS9h1tyz<R`=7rW7hl{OWRU$xGfBX(^2lY4A>xij<i2=>z8qQ>86V^W9%
zwGr;@@V%6Qo+;siV)QH;P!6hPfqlvp0HjUX=@{eZ#yS*-)=ScP2puyEX%(p=Dfx&>
z=k`<|M@^c;yFsdNHp?_LJZ!rh-yEEvR5JNBh5b%wOv4GKFe)^GZbCc|R-A1EIY|+7
z+roLzM_)XsvjGRn+$l<<d~3?fUl#VT7nhb4k`>=D$D&NiL1-ezoY?1ag;WX!$aI-P
zpIzrNPQzr5eD0CEuGlI)-F6K0J<k|`<}K^Z#rn6KO<+&sSq#Rw9$eCx;=y5TfX-|7
z8ZRIB=`5_CEZw&;+T0RWq_I;1OcM3K@A1U!jN67z{=S7G7#N~d2@JE8F>AgZ;*a}(
zePWj1k#VXFXZrnx<{`#Z?|7$Jtv3i&2KxXDpiM?yw@AG1eBR74>?t36hDG@}J<vy0
zB@aH$5Tr6@fs_`NihwNTj2<uNeBiGS1}*M}b}#cAJ}J)p_`!59%Ma`q*7K5`QdOc1
zA63i~H5xb!`*a{0Mx;c5!x>XNJ&e6ImctovwzppJBC;>s2T&PFY$L3%snbRdJZ?|Q
z1--ixv@UBVkK|U`UE2R{qM(9{#**j*XpNORT<Y+@0eqnnNfY7aygYxOOU$N+m;9*@
zJyDajkT-<@x~xgDri@81XW1yZTcChZ%qCB^aFzm+_bw7k+L*H7GBMSgn3$j|j5YVv
zMysoCmT15*H`1w*ozs`cJh{75{#3Za&cdl@bWa6?GDlT+1|TG3Km;OW)9}#KZJM}s
zI?shI4>Zc7W>$Cm5z%nQ@;6mQ&3cJ2sJwFNkqYuq)qN7VfJ^a8mViE5ik>kP5_1RG
z7W%2z(?5kb__v7DZ4h8x)Ng#-P4x-3F!92E!l=vzUY!0&;fgENO9aVxlk}a+B-TeK
z@1zP&!C-}6+Y|Jk@(JYEP{wRYDNpBPUC6xM(E(Gy%WAL6Z*P}&w|`dV&f&vqMR+&u
zK)f&$4k92v6>gPlXMlja2l_-p6Uc(ZH#kn`OBmwwnymR(huPvFgw(mc{2Sq7QKz+b
zMdj~w6yev`tUWb(CTV7?=L<%MAo-{ABCY&ZVD_@DZ3gQ^P!fnlfhHD8VwW|oceSEN
z_NhF{qCzz7r>P!a;JqKb>8~<VuDZW}PHA}s&Mka$rjIK+hQnyu%~PG~_9VeL?#|C^
z_deaMDeY7lv3jHpSf>r|CmCT6+NoC;2S3#enL?Qo%gEzVgcno#y8)Mp`Yo<;b{KmB
z*&0kqM{}!$2-p8E#kq0x-*205e%p0wTiqrB*l<t$1&6TecaY-jK052m8$dm86fmM4
zcVo$$%yqzAx<sFoaDi5D?k{k?jYp-EF%+p(==I3dO45nnJnKISc<{8!otV`ZzWQO9
zs^N5-s0h7?Y(~};WJ^YaaMg>JtU_V2Q(fCQh_&auQZIo~rck`a@s`T(SO6%6ms!<*
z8NR(wAHONlR)xYSh78rTx6-DRrpq)?r+BhUP42<e^W9fZ(;fWt89wzQXJNFA|6h$m
zIxWyl5VvWYSKl4b4E%0TsV2|2xUNp{XuPGRWy9hVkUM9K!GkeUJ}y-Dx&O+le>)c?
zXzSCX{qn`2bTTSq91|_K*Z5gW5?jo#S3t`(TsOH<Jjv0aFkRav7O}LnO6rfA3=O;(
z;~gUymzK_wj0Ht(D3T^dU9UYKuXC<>W>{m<J2RKi1;|a89RZEqpYEIwFI4)t@@y7D
zt!QKdvbzl_e#s7Ne%_6%_PeU?1%zgrY}w*^(BsL50mtjYj60IL`8gm(FDghiIinc4
zMuv=nP;O_oxB?n|Q<#}9s*%b4Tdw_J3)Iis44KP(#KMMLMqlkz?^Cva`x2821!@RU
zgwrR3RO$@MZ|HIWg}Y^y6RS@8I5WQ0np!6`+s8Nq2Bqy0WEhGbKHT6@fz;A@qDPX;
z%gc$*JUqf)Hq>f3rEt}j#RhVjomGjQWx<pJ-TwW;wfHugy6hdgK`+`;+JZbS_inQT
zgcx^nY)-Vn@<VT=UL_7MqXkDk7iX$<6x=w0o#Dn2+e(=R3CHzB37Zy!flXwJrPIx=
zZChQwOW7&;=DM2Z7FP^@qprjchcIc!{k>eU7GFWd^)L-MkvMcuGN>qw9v5sOGuJ74
zHTdR`J5r|CK{Ao%Geepx2hcavO-=d)-sX8OYyz0$H&KVa^}K4w^;~d_7{S{K^!nLh
z?2fw}TWdHxrL?jP45UQU(=Wxf`CUCbW_TL{{sw>UG&w%OhX0$06+9dleSn=TYtJDh
zk4o3aSR)zUA2PfpEevsBD%=RNP~Jx}5m=}c;H2L5O%*uMn0eiMpG+v2m57~s$h}iu
z#>C?nryJ_Khw7wK6A~77zPYwX&|!PsEXsHpMI^}*>-IQ}ORiUiCMPt}7e=SPAHpnT
z`<xDV=kQo*f&ZH-1AYZOwX!lCEIi_j9`2$f_UfPsPJu#+qUML$^bRJ|z&lWHB8X6i
zC__hgZn+&^c=@C8o@be~fj-K5y_0CuG6K5L^RNz!ML}RAt0tWVseWcl`6S!re&6>a
zP%tF&un=h1ilOXg(+cD`vaHMc^=eXqSWd@G@SSqEVq{U0iXw}@!Vl>+f6~!+s#ntK
zYsw=%@1OPew34d`S;15b$u=fqK&6sB^SGiOu`O>}I3jcS(jFpHpvr|&Jm>%ZDI10g
z2~g|GAOQDM$>xt{BJuQ^RV=A--<NUC_Z{7xB~p^d$>mQQ1<u6g@k)ZnsDUb0I8>CE
z7Vkk(Ylm3d@Rjlb+x+}ViwJQs#`d6ezEQ``+DO>eUZEQ**NdLiX;oL#Exm?%D$Sy{
zq;c>IDG_3+P}p@9G7&tth50PyB=q0V0_YX+V-+|Pb8H%z%D3Y}y2fGF>AuY%BY;9J
zcYcL4cOD!-t!U|=vHfCU1XZ3vrRBU1i9BD8Osw5pJKf~O&E?ZvS6P1+b{6f!1U`$1
zVIYWNf=)3m{Ta`DnAOTY0^(xSSzqna|9{qAH`v`iM4iH!qjRL>`8QJaF?#(k0*NvX
z%ySqcXE0oS;z}KwhCzMfQInB-J->cI`NhRm%>SY6f>Wuq2(W5clWs1KY#lzkxpps^
zb1_@55Gf%q>ubC+*>3Y5{x<gX`5wYMgCpNtFWO(t^JWBOqG+}YGwe}(cL=xaoeU8r
z%0X2@RHuk4!$SE!ak!AIudlDI_0sbTWR^WZBW6l+Z+%7DY9h;3bdm<#wdJK2Up2fS
z5E!(P>}`K-rP_A>ib_Sr{~R0ONOidcUif;~&rLpe6`Gz<R3rg@jBEl2gIXs#b`X=`
zhgcGyiY_l00IACMT!I^5V*sGwn6xkz#t`+bmD(Z20T6RC8C7dvnV`%?^^lnU(=bT=
z77r;#@I}q4`=H9+#f5a$`@FR`5WG{e5H7MA&X;5rth`>6haVA$G&EyzzHzKHXei30
z)>S#C{jwvjMN*SOY4)-mH!gno>&#>gKepwQS6Ox>P_EE~V?H$|Z6n(cGrBQ#YX9O2
z#0a<<#m;HP=+byhME+uE@08?FCBqn&8#lAPHZe#Qd~eZct3MJzKNTl+4Sqt(lT6R5
z+1z^BZ70PDAj3~M&F%%l_~Y3u%oo||!3{<0{k?}jTiFw*6HWAEH&J>MnNpQvth3UI
zNAhIMs18TAzPYI@su1c4QWX`*lYmXE{!$X4>y?$-0K!l`UB93woevjak@i8P*2}pH
zLj@R9C_x5O1Ld$jdmK}wF^ERV)z4*)Wxc08%_E8#FY`B7C-?kwG-as2(`rANA=7Wa
z4_hkGQ8ZXz-b3C4BaP4Y9y4!@olPMmv8*JN3BRb0Ba-VRb3iju#YAI9GhZxCq)O4X
zR7X}<QZWf5b4m7D4%KSd@EH0Ej_pFFt`;B}8^ZvM4rJ}OC)x>)fB3l?36u*`HxA{m
z%K&6YAg_wSoB-TLv(1`(n3)wx%ul2y>Yv(jJx4Q1*vitHhSUHDw=d7P?#rHY(;BzA
z54Wbm>E5@$KS$GCeDeNQQu5}e<)z5qF7T=fWo>EbB;HZ`MTeKojo?}tYaUm#f4$Ec
zz&5tJW~T?_j?`3{(g-xH4?tMt3vzHS6Ou@E47TB9ICG?dfuJ4*T{ognq$EJl;VQF>
zEm|Htz{e2xtG<0s@KnREpzU<4tfg1}zq#DHJRIY%eXI7@_;+!U-V>mu;Y1e|!$BaA
zU7%%nvA>}0@Y27r#xY+ksY$@;S%d>maM+ne@%Kk4)`$@(B}8n^)#LWkB>8<s?~nd5
z;5iTH!=JBs8IhseHND}$ucXk&X?g+Tls&8W2dh!QiwLX%qTEJbm4_?<U7xqaSoCq<
zVg?SD8q<x4YPEaX4inc5GKF|r>&x{c84865(Gww<7UK*2SHjNi5cI!;j2mu0`|$tX
zQ}2TBJ{}-4mkJ}CH-cDlO9vE5YQ)g&4YEX>2xP7&;|X}9LC{BF>K-hith|xPsHFOP
z#}g0?O!J5*>L)0;I3Owd)R2+Ja+taiY}A{>dp3MR7Elzwm8|5}Qr;{=^8A>S!~1kw
zL%ob8j$K6lJKj=*Q!=ZR$^lJjOTHEf7JWcS4ULx!caYGJ`7z%jF&2HI*Xl`4;Yb4`
zV1w}<URqQ-JlAy>G#jcjW0a(M=+j+WX{ES)O4lp%Z^{j#``sjNm!wiQ2M_6@qFxis
zRX$*$O(-LQN&gL*xx;jYG$t9atl-L6`$z?I6jEVue%-9E`doRTrBw#ALJpT=D_csW
zAD(U^lewL*NIL3^S<|ENb1mj#amAEfSLH45xR8##^2V4`?8R&51gxr%Wp0ZZp@=my
z7eiz2DhTmHPJXDI>h5Edy<A_p>NQ+zF0qxorgV4q2RyyrMGe52RKyCO29f24?%IuZ
zXqu)8nVBh^zfyoq!f}5Hq}=wvqC;oN2rQ;o<Qg`AyJlj-L=o)w*N!g+gw%~~x83#H
z^(jT}Dp^*OPCqSpl(T~0Fc-j46>VjS7I0HR@<A~~{dIrN6FUS{;4uwsnUssJVk8+)
zrnFsL0?q#6s)sk=I`^3ijZQy=AF*7kBn4$QBB1G99InAYb7_2^&jX<4p()(-I~yvG
ziIxN;jOyWR4G2!*D1-Ub4@6d1<?nmTR%60jaLMXU7CYj_uPJ9NX#CcbejLb>>dzP_
zO`&Kwr*Qe$ze~QDzPW^xrvehM5XTE})-p(*Eup4R4FVMXZ{{L+qnth!r}~D?qp_C*
z_zTyWW_g)OGQT{ov?XjzOC(+AZ6KA<@;A3HyIZOR!F?>EVF<Sra9L>rl&j)3kTy`C
z1*GRsDtoOTj`+xJY$SsF-#}|%>Mx}?OC;d2bB9F<eSi&T!}8{VWJIc_ea;h=Qj{I(
z6%#hRI@$4(W_gAU`jJVE#6z@s5W|5SoD*%C0>8UHQ-?B#rks0wx>Tq1H>H!7mJmXL
zBodt!n1AF4J2|D042$|m#0z=4_&dL*Uq0C){jkeKo7P|J#9HAhw=fN7kO@w(n5R0_
z9sYM~^wdF88-_*Cgv#@Dt)2ggWikV6yt?izZ#47j712(x0Z3Qtjk<hC!EsNHm{0Ni
zHZ~RS49^y!GK33k@6H(OaM#ic-rL*D`(+UKF{#{?0SdEKnn4~dw6_bWl9t4keb%o|
zV}$}DseY3nd1XB1>DA7_PGeVd?!KMRO$_to%-&W#ldWvXzdIDLHAVrtNJ+EZba`zy
ze}a%jdP)_^8vV1N1d{#d%N#1<bmo(hb3(emgnEg_VOX5Gl)1_2>xerK04dtZkc>-v
z#5VnnljsodeKrdwuH9Bj&XVuhDGIKS4h5}ci>1?j^kC!w?8Tim$|*SKWl89yigb2L
zTxb!Yyx&AVx`3`D6*|)GBR}F=vJosHDA8y5CJO|^5yW1u{i1Zk1~$(2y6WA#v>`UX
zJw!NQK=wWN=fPM0#S(=U^r4`n{fpbuVaDD><Tf^BhAu|(J#N$WjhIpx$b0E}{t8(i
zcqQvZ|7^<XtEO!c-l^A-3GO>AMr^-F6wf0uUwqSJ{CZpo3cEvKCuh`_I*{D$BaC92
zVisiUC>>d+fjxrYV=0^9n$WPv2|^PY1soC2H80zXR9iCcNYOy%ZAbU<Qq>qR{i4X0
z$n&ezwMa|k?yH(@L=1Ypj9bmL3Gr0ZZNtT<j`!2lX+-q-C*+>r+IWpU;&xROEG-MA
z%D#yRPy_DyFBv$)UTxNFJkA7XhTr*a3(e%_h2FTyd-oBi@=~)kyL$h5k)rwQ*?G*w
zy)>w;-@^UexoMtg6vDsh@DSgoXt4H$Ry-HF@Qd$Qpjx2&AM!4}>>7&6*jh*+k9g>j
z@*qA%sNnvTlW`r4wDg4ZQAAl>t`V`q|8WY04=`>_s$`a$34)?0{j^o1$a++5js6@Q
z9JOlRaI<tE=;ZwlOmDl~q`V#R9u^20qUnb8)9GW#o^)RW@c=9LV@VawxQ}{1Wu6y&
zgR3{j?#;=&+UnO7-<=Z*Te=ub!0Z{NC&Q$$??)C}`G+h#*rE!19zy*m9EtO`3Ch*=
zi4ukLSEg?hlpvzf9(QO;_$ysC{32LBKakoIl9I(jiU&m>x`9H@B;8io=b&NBwVp(z
z7u3@=DJJ=y2eN{qKrEF=C>Xx<OsRxx2j%p`pJdK&VN;5C4!<n6HYT&EW{Iwei`}A@
z=29}2jlO?jPgzr~8n8&HBl-Eo|HkuVwmLvqYbg}3OgX+=1)DxJ0nw!3Qtjsw=OC^C
zKBpWeWs4(%>T5kSgcw=Vm$@=H1<Xv#i6r2Wxs$$B7Lxe36-{L%ypP4fJ!5Z4B4f4k
z+%)qJh1!jsJuaoUG#3TPb(N#IB#Q{-mEGk~>v1VXdfrXPGAH217mHEUHZgEUzEw3O
zB2Iv^$A}bKX!hXZLhw4^DtqT0Kv);t9lL#Y8c|x1gK2U|hS53AHYye=p~$UTVyYi6
z<5&NAO8`b-UNX5_^cV=VU#-(cN0k;+@iPNfwT7lB@|(d7XOHGYZvBRM+8~=c0|Mh_
z#_xHO2<6gzdvttr=_?5%{yBxHN|jT!tYIsh4G=ye-Cxb`vRsILHk?RKTMYtm4MoNr
z(>Xr{rd(SNjphDdHUuMbte7iyGgb8EpoO=DsYWpJpZQC3rqBehTCWoeZ!kd~EB|NT
zWhX9^zIQ$27?D=MhS|mH{zSgs|Fpj2*iEoeiduBQV6^)cZz5ZOVrKq%*mPWOfQQc+
zHbcCf--b??5y|=Gj}HSpa!TLXqcdM{GbWjaipPKyi-ri~F(XA`H0voZ3qr>&B^c=A
zh<dx9T9r8S53PN4;R-f;6G$&STNx@#LoW^bmk;eLYl0N3X!7WtA$u{ASc!*DpSZLr
zQu*Xb#3O(bTM`slAOC}|6j5SYL<fWMMz;y1tscgvZ>it{c=k9Pcf1Z7mdnbYlUc+A
z;<2&T)<Um@JDt}ferI2{#w2NxTm^Lm-1(4O12VF}Sxz6yltA`F`jF&>@GusHiaqN5
zl}EIv&8WAu%HfLz$G!JIKfPr*Ac)lpjuK!Hh~9pk;&6ZaLIeh?l3za0pg1{=o)f>$
z`qJ_lJws8$P`wXBT=A_e*#bMTn@KNm{zxNjER?t&7n3#z_%1v%=}%D|8%0Cuw`0#-
z$sVGqKh_CSp_Ef(y`@={%QFkVgHe%{uqBLU6Ndw-`20PQ97S*T=-(lUl;*-bvPK+=
zZ@--2(ubyyT<(AKeE_;W*J=k#-_Kmjl|g~AA6kJ~2hAY^*&}eBH@@^NdhepQ86X&^
zwzhG!R$u`K&7d$>2HgpE81W}Q2>R35nYGdp1$WMGazC6{pcHCyB%}Fhu0Shgkj&vH
zjV!B_M30zIkXB1islBGY9!-7mRuh3z6w=LA3*Q`DjifzyBr6YtAvD2kCZwzv&+9&+
z&2M~l#}kb@C)n!Ejm|TTIE9mfjOZ+PU9>pdzIaIS*z_ngDt}jGohP=KB^tY^bmiSJ
zchHM1BsAJentAanp*$u%ze8r-YrBf~Uzq_Pe$RRgVutLxQWmqlnm`>pxuqBEMJj7*
zZiG;!2HCMWoK>7>n4Ru=a6Q|2ej_!)Q*63{L&}!6dY<dDbap9PmBc=q(t8<1Gz(}E
zKRY#`s+Pl~XQBnN;q=LVGNDmJOD?0+x5I2vK3$PjMs&h3r>QmO%uU5yu=!U`Ud;yX
z0Tzy4$Wpv!RSVKw3|&BgLaS(L81ej;mi|o7b^}cM<crxsk&ZS=p%T#UZqWSBnl3(U
zOSB0&;#?LAl0O9}$9?{IguoXZr!=%twkT8qk!lk~6aHyw$+wv;2nU0COK!Hezfnfz
z&R~!`eVryJdKW&Un!~Uc@$2)V5joZcp9S;493@ZBn~p;Lo!)!MkfSj&CI$L-Vsh;0
z)3X=>z_s8U@dzo!w)Ncr%d6nIRJxccYp#la?_E!+-RG1lSx@n{cAHmZ`XW1)wpc(}
zY|xN>$L9_-^vn`wq#$SG{0VV}r!Z|qa#Bgzb`yMWuI*KIKS5ypCzV>~zr_LlOWQ@m
zF7rjWDxqwjKBvDT;g;oe?<`J)DFQpCDR(C+V9~vM?nGGhxr&5FTW@l+P{T_8V-LDm
zP^@4;6r<)o*!%AknDFU(W6b4~o@YO;JuGa^HdI@q{>h^s>?<h~Yl*(3$zr5j*jCi%
z=I)^a8;rb$5Rri)YLTLc{o}Cj2qH^m+mvE(t%2Z;{p5t7)=0}Cl-#;V$SA~!pi?&G
zB*Qj0k@hy_f8%L%@(a(;FbZ9WjhEu(Ot3X;cWLaBz4-fuw8R>Cf<Q?|Ea$T=Mv()O
zL}LyUO>)#Xc(-)d3eleIo!$~p%Ji5!m6$O#)vKx&5PDDFQSBGe_&xzo)A2-Yr}akd
zYw4}fA*5ZQbMc(bmkALmT4Y%Cp<ZZpG_YOJZ#Z>=(wvFjCb|7|n{z0)q*qgPUQwSR
z1sFWd9Xrozr&H*5m}`iB8pK8*5zjz8`4ZGy7fqYU-3n8hSst5@@8dUYy3J9qETg}W
zlfh_PxsAh9AekjF#1a1*1%$sGf6xs*Fs)NWg+_r8u<w&k7~<Ky4LSq-bwt4(jory&
zHk)9Fww#FNtO*GDPu3F<fl%2b_q3-q);dQ*6atfZitBGNug^CXZ4za1h7|MtX!%(0
z-1*6L75avg>sfDe`nYu-_aTcg`iS~)CJ`+XY1HOvEG=z(+810|zd*o-w?sBc9iDT=
z8G7HAr>DZG)Rd?uQ847!Ff=6t7>EglUAI?uBBUh54^3@&x0Xmf3&VPQ2$FdFUlSSR
zRn3XTDNs>NU9v~l*X5<{l=euLQcj{#{K}ui%OrdJIx|~*W#1{n7Cth>cxo!?-DGP~
z@*BZD+034rF?}&3yawdw!)U8Fu~qIbSnJ45o+p3r<5P{fL%b7TAo;mwcX0w6x6_9t
z8abwRly9-@{yK@M{*g;U4IKjVN$c+>DZL**%;+eyX+>fJh=CwYX(apIG8?PeT#T@x
zxABNV?i1DpQ*8nI2oUAxfxILMnJ{&w9+>ChjMV-LwsH(5*7y5aYAg?eun?|-!>PUH
zZ^m#glJ@T%wXbcX=J?OSB+S`f{(FlyMSCpbi<pL?R19ZAy554TRF)`O+LI^||M`sh
z03*WSJC(5<G!j{;D4s?i^vV0D*k3?2j1>PpI`5<+;#rFt^1C&?_us!(uk|gdL=(H{
zX#3+O6fjeP1I@hX^IH8niw0?JBs5)Utv+tfdx}l;SxvcpU1{q{g55_q^%>(kzG8ls
z{I?tqOzg2h6zWdt$5f<|j4AG|6U*EHCn}A35p{dykTXb>w$~9JOs8VM^_H(L>wqb>
z=TN^&{^J=Kn#x15wXX2-yR#xHJWPm%8A@Dh;Dl+>P9Jp^&ZkGYrfe8PdYQ20_~>;h
z{cVoZ41i5Q9{!396-t(Uj})>&S(HxnB$$22^(Awc@{XqZO`lUCiA>MvV8a{Q9p|Z#
z%pMC_DzG6QDue>?f5Pp(@A!No-?^f7ao<Ot{-X+542z*WQIKYQQDis{z(^*JwtrJ<
zYh#jgQ2S(w(2x@<Xe<k7e3o}<4&yWiHN@<8f3bWoltydoVjt4WS&i3nEvai;N?4L(
z>M>3Xc}9}s7%lB$T#A|LD>`E<vDhax^-<C?v6f6ayC?&h3!kepp{jp88s4R(r$<Zs
zdPW0p6S6s_9pJ0Kw)I&ckEfPe9_yXNlAtWVWEV(y)@mZv{^9Poh_J}MyRHoSR3Tie
z22Rl=dkh>o*c)fu(_b!3X*==Cw`#~MO|omqP(kn>vRI2>?_Z72PkxK%1eR@*DMvH<
z;eOSOAkVZ#h$Cx;#Zi&kDeu5~Gci#qi%xe^C1rfhu5fFclIh8*7f@(<SA^Npd(AI1
zSylm6p}JFD&{-G4c6zR*cSmu=@JEnhPqB{G`^h&9xpUOGQG^VjBbq)5;WRQb>cJ1Z
zRQMtIh{Di-3yL+`hZAf5!28=$$0Y84HA%xl`glp7Rp)PrI6RuuZZYYCI0egW<IF!r
z);h$`8y?QjFQntSY6u)ef7<Bg6pS6f87=~_iF2o0Vrgw`g0^<vMBTsy-@b<^6-49B
zryCq+ujzars39M;I9cmO0+l#yre|QfFptqp;Zs|{9F?;_x=qJgJOt533V(jk%6{Q5
zu|F!OpyO_Ez~kk-X)_93v~UP}hYBrsoZ~kHK77-NUHdkAo+XeUFj`F>r)+|QTxUVP
z0a4`0-UIc(*6Y_r9uk!rT<8o=o}2bSUBh2PhNnSV+5YGCy!Y#BPG&?C8H!vFcUn`B
zW+@1YX=%Ji#L9ZzyFC$ay~|aId>qm{@-{En?HcI=!)8rqr_BE70(aDihr5T(yim1o
z2z|VUp(Hm}b}mFRR;;&xUz0z9CaNmeZUgxoGWW%08FG9q3gq|i9N!0`!!Gpge2*^?
zQfu`$J#ifwH-CO`c*}i@|GGja=SGRC*W#n%Xbrd6uSkJ%t)~Zyc*ta)%Z38S2q;O)
z;jKdt@a&cK#>u#TLs+{wHA8akVu>!52IrAbTG9YG2~38ewE>|3kx#L|Hf8?tS?X|E
zINv00IjWErX(O5x(|?i4QI6`!JLNxW;$Z!LxhZaJKyi&OswwuZcGgK^W6!{^&lV$~
zUaa-EoIE*83@+^PkF!6OO`kQa?-O4LMq682_13!`)$gD>XOW|#9c^uQo?8^ErWC;z
zeqqXiF{e_Qlbrm{Y>yI^BImaat$3oa{`k)b?<i&IGq;sb+WV&YU19i`MMi5Zv9+c!
z5BX7%#z;$69SBhb4*9-Jt2$0ct7^=@&J=x$(NnLTTgzK_W?%#a${rr6%Eek12aEM<
zhq093SF+=Rk$cvo#Vqm4dv%Nqn%1M^LbLg;rb80qqYB&LSP#y(0a6dF4Ht_`&Ut9s
zo?>TmGljtw`i@O%Ge5nQg+|0lhBZq|^&vVZYZ&jNJ95J;2AZgaJMyR`_w1xWBL$BC
zfJ_3Deh}%b_sMbl_3E|c32<qI?WS!MYhBN~W|yQiZ|^dN&w-TuXjt-EFX`2)9g8YV
zsdI~cF_PfM+n7F<ECT%bDpJI{=6W{*`oGBdgUqbIl96MVI0AQ)(y!CxA7w29@q2zE
zK9<&t(<j1Jiw4-}gbjc+LC-Ojf!z(<!aB}dN=Wz-_E$*df-(jy*EYdgp$lPQu8ZG<
z;tIurNt7B1w)A_53ze{`MP~@FbsM7)B1QZS!cpS+&A6FeLPB{dwFa}U`umy7`KI8V
zBGjWQ0#w`d$l<=ZEf&$14^r~VfU%<i_9dV6y~1$@EEo+tnx6m}iN{fl@}pLwy#XK+
z7ePk2xQ2>M6No%!VjvY&xtI_xFR|Xed34#3)5nix{cy=2g#=13`rroOxayEnB0j4l
z5JMCn_K7J!(TjDq&}e9mHCl_>4VEaU&)oJR)m!1(ebK<%5E}%XwIG4ypl@>gQrTGQ
zk57D!*ofOD)qU58a|wGtQ!apP0B`E_!^EhTf(B-Qg6qa`gZc8)9u}PccZK@H<1wwS
zQdGL6hxaz9l~k;W$&;*e#nd*((ns3a5jM_fqiMaGd_s(5(|-B=++~RI(VN)%`ulss
zRye2mI!-q`NdRuab4%@s&MlJFUVhH_J*W+WiTx@1*F74uf~NNh?UkA8GRKTbK7UAU
z2b)7R<pe1|i-)(!Zk%k?h)*L6_73m6rg2mtq_Z*55>iH_JclF?s+#d1P6jkxC~>rh
z46fRMt;vOjqjmP9SxxWk?U5E*S}s)I^kmKkvTNqOpzizhm16j-GJ@B(NaJtIg_SlF
zdpuOx$bUWMlB_nwNGfNi+?jIYlG_xx{67`T++(Nr*X#w~JcmImSkum;H*vM=h}Wge
zV37>SXwB9<ble7fVF3C6&!#T50r~3dYe6|?-J{DtoJ-yFL^BeH$0k(l@#iOkVN=n5
z|IS_x2pP@1TYLLqo3y9TIfwq4a*3Gy#1{=sZIKYf{AS!rmzz@i+X5jg2=R%pL!_k@
zke<|W^?`*lGm?5Si}EG<<^%q>wm1{!#BS7y4IJZtNVz~4GRGghb_ZEQR#M^sNc8sx
zoY7z;OM%PY>VH7%XDB+w+WKFZhK#==#e~%*<)oXnjiserpWH6bI9(emm5cctqYwK(
z-BB!>;Yw2_SkDZOT9japf)f)L<uf1=<k2v7Igj^mC^jw$W)gv8jGn2(xI>Byo!2zm
zb9JbJ*u1Es0b9GJ{K&Q{Mv8<)sPmY>3G%ZzRp_aEBJ^%$QbCj?R_dA`8x?FMv;r46
zeYUpETG~F+*jW>Av5KZ^rD!8d1U89z+isDq^~!{QlGj%8>3<U?Fyr9lge<(u_?X@H
z?gfq35C@HG{54C$&hG@JbsI`E^ly=cuk95=D-5o=Ho&;Hj!ylRx{G;~E%l53e#)Qn
zcDlR*%!TPriDO3iHVV&MNH_hULT`d%dQ>PT(TKsl(X`9l*DXf93GirfL}ZF0VS<vB
z3oyUXo_|6WZN@`|<f*k3d~ZiqQ_!vk06*O)$nZ0?_yVvrR>ON*sZD+}wa<(hLuDj0
z%bUZ!a`l#;VD-HiBb7cI3dy3_TxZ?VC_l9!hsFFIh$($9hnqAM-fFeW@fZu%`i}<?
zWMm&RgfAjrlSB*Jjy?P2()Vt5rr9DvGT+|x0{vUcEPL6B8pWnAR(e^vCNkesOZILb
zFX}F05js#X+mPQdfo~5<IRUD51oW}Wa+M+*$bd0^Sl~K6I|V#hQF(2mnH%}AFTj6!
z$ictd+P+Z?1|mPx#q<AuUrE=xn2j@weEnvuZXCVbrLWd*w~c>02gQ5jhm>c^Y4o>o
zAzh(9_>vdY<5fK>GP&0QH^dGFRXkL7t!9M1rG=KVKE|t~hAOo{7Q4L6ls}G9Fd?|y
zf!J~ZO<1{%#!vSRLgQe+q*?G0?0*b$pZ)!NXY7mnj=<!~3J>rsF6oTTSMuS=S3QZR
zUeK1??&x{31s+K^?2r^L2=(Y1qMClv6dCui64P)b9gp(4zPc<n2NP_Np)hi66F!mP
zG*i~+(ZB-CMJsd7KwN?9+a12229<=nGH_3b!5k+kPpC9xDMY#c0bsLuLZ;&n%UT+!
zW8Y@Stu-A83ZIJ0k*rGyFy_RvG1QXv^OQO?APE%RahMOuMb8T}&y>BH9(PF&x_B-1
zwYk~wkrtV6BiW#lV;0^lsA@=4NCpq}60d9xMIj|nl0jR*BMW<SrSM+&GbTGj(!7}$
z-mXYoVy}P#UMibKWbv|<EvGyYy#$08G4p=|#)rf5g#O8zjBkmtlt*A*sRut0kcf)Q
z&$lSxm!u%2<R@--|Ls7jehxU+WDd~v@|%$w4&*1jc8p)#Dut+;bY|$RNC8f&At$Uv
zocw|XxHAwtKIF(~pqQJ(d0ZCNqA7MYxTB*Z5zsLv{K#a%w-6*zpc+QjYOC7oV6^yG
zEnODy?kPU2ys@hL+}YlK=ie^~yc7Me-k)}uGj&+MeednXJiFn&SJ-k~(+~PZ!QOCt
zSZ|X^Lq@s2m1Wi|GqwL0{_K)nxFQ(xPpFn+HYW#&TvN3+_@nI0=UGao3~)wVi-deo
z*-N*0O5xAgOUabS`$S*@m-l5~b^qt(CR&?e<1UG{6tXj5uoAdzjJB8|KH!r}3s|XW
zYz4U8_Y_|NNNX4Vk%}S!A4?K81@Q8il)ZcQHQkpV@r&}a@#oWF9+mzFMkgD|fk*Ev
zE#GeR)aY!$-dl~wXa@!Vs%*VMJrGW}Q(R{q6)m>vpYijEg?BH{vsBd)7e~b85R=L@
zNs7RrMOy3i@zLB~)V=Lnvz1b&5{=LRmH%u3slt&;u)hAo(67`3C;z*{KZdwsy7&Om
z=o(5mBn7@_`NwJ0!rfQvaQN@=m@cGoMl3nBPed>`nZC<ljV{jXuJE3ORNa-HRa7G2
z@sLyYER+53!wi0Lx_T_w#DVlC!XGB7xD!W@LZm1}Ta!J1-Bq}x=u<~QsOYPd)l8ah
zskx^<x{MVp8L18b(J^CryvdHEX_KRpcDIx&u4$9gA!FSXuFE6A9c6{y#YR9prnh=#
z(`PBhtEJG#v8rDie;DZJlxf=b`eaYAaWZw)f4QR$xF;m0wzm6D9qi%g;&S0DXf%xM
zC`|g{L_8IqtkpSCd8M#{UyIPJGH@6D?Cq*u=;i7*9diSp!WH*;&Je9k9pi>g|7<8b
z*ocG9nwXJx?bQ<EA$GH|-S(<ZD_VlXH3*dyc!MkyM1UI}&J$Un7KZx5rNdjj!mxdD
zd~{n`$zREOT2B%xkBko}DQAe9uicKRc!Gm0w0}{i0Qu8gQU$*F`H)z7_QrR%4a#-J
zkTEF&7$TCazfZ)-GvuU=pY?d{<{)uJ(^!XHC;D}ga6EcpNOcrFJ==fiItC!wW_*-<
zUzJxVj--X_kexQYI6OrV>MENgZNK1eeB;B#5HBV^PHdB%vVN2>6~$a-0!!xO`OeE1
ztS~zU#cku6B>OYtqG)@IGwBSW@c8t)KQZORrw{EzlgL|!M_?D6gJ6_>uS@%ux-qra
zzNFWL2DbW03}f1Yw(bAm5SOW$LEJRO$gXbVz#-2#9UdaCB(NBziGTVeixJM?DmV63
zDE-eB{NejMJK((A9_|3AzI%gBRFToWmE?m43N`P4t^Ar3J?(X6CM?6wpwzniZcy(_
zfcbeY*RuX=-jE;A9ZQ_2fpj(o{Oyjpnf!p&ZNO1&-<q$$V<Y{)m;;iDXFbs1v~zYQ
z`TJ*_wB%*pIkeZ}y&?6f-Eswg+DemC>*`soTrlAQ)5xol8~jXX!gbvTm6$OfjhI<#
zqV?I=Y_U9YEtW(Ql}P^7R3T&sNuryoWq>!NuJGjJ$e+iMnbddr@veh8?{)o9;{n3@
zMH+oPMod;i)1YNi4>(6BIb|%Obj_<b$D-o86ES&h7I~8Sz`?>XNB%%BI+TZxACH)v
zgmt(zqa<=H*fAF&h#jK&>n6*y_*+1hJ!)lhf+TkjWRjeW@hM7=KxEPH(Ct3b(lGnI
z`q2`1bWE0JlhsV)?4DN?TVe`78iGUf(+m6Ms%(ND`TvNX+Kj7-#sZ#Kwn6WWdV4bg
zu4iL~?TDyqI8j$ZU{NKD(>>dxrCN{qyRS?hJ)F>v65ib{_9Hz$t+x?oZF%JJZNO_z
zHUlgTsWzQr-M)fNSadOTgkST=sRLZOkIMe4Lu*#Os{Mg7FJAEQn6z*?IH<a*hv-kd
zDz!PE4)QSa-<*{jhVxa}{_BEt#z_4zzWY*I(He3S0>IW2^6Wqfv_f%!3Yc*3*4%WY
zu0Yd@>+MJgBqmmy{5)%zDmryU^ieh0C8ZG9OyuCdlG?=HmkUuGB&gJtK+`PLTfEh|
z<w<SOK;deR9#D--&5ZKt1K?g<SsBeHY*1$NG3h!<=ht6rn!$%Vs<E0!P@K-Er}qD3
zm=<Gw2dOXQK=N`#A(q6VkttAO-B2!ysZ#&D<YWuiW2Bv3=^x1qwcGu#Q9g=ApSH5b
z5iDX<^#vFMjD3@?0qnrSt<gIBIQlJulxVlP)fUHupS??mPlM%}V@De3c99VN!yK3(
ztT)wy;ZDT~29=zdn~N-0Rjf3oZFC%358bliOz5+eq0NPN>YDJ>qR?gbLT0kL^LbDT
zY?}Y%z=!O-LrObOKz}kGLFfy3LF2e?%Wi#L^<+DHj<w42w{WQ!7R!#&L+8JG+^(FC
z!dh^LohvhwdYeji21}7Cy(08lffPd`DXFQ0isI^q9^*aphT>aK%Hmr-%>M+c9n*)t
zx0L#kzDF%nlf+Yvz%4OXVUqKJN#J0!<>qMiU!W2edWjMWUfT{&b>eg%cT@ia6n)|C
z14UKgnjI|E0mv<`@=}XzMg}tAc4RG7RfaoSG1JZ(il(jC-a&8Cb=&&c?<(;71IjM>
ziA+A*jP)!x;#Z!O-XgeB=ZxULY5?XWMy7x%6~()=#=x^;-kmD9eRWn3B~c&_SPodG
z54aoS*8d53brxG*6HCx1CMe8-x>G_A<Usra5<@(nO~VRLZ4Q7(gd24rKimrcPfOPw
zPxbfzE0s~?-jscfi)`8JqIBJR?JctE+B;d1k$rKEYi7%KNmki3>`-<J)phMsl(PNK
z{d|A^@_2CX`<(ZAy<hLwcs`%64Sn~Y`8<jLJS&?!>LP+{t8;9TA|o3&hJ>S<(%CnQ
zZ2SfkVjkFB181lH2e;_(k3ll*b?^`R2jiLxvoQ#mr0fXovqfQ}#ltgH!x^G|ZB)d5
zL)LrY;?-BKxB$|?zU|=c580Pps^4~ge(`P*f5N<YLjKC0<v8c%Q~>AAw&YUwVtv+g
z@~|qvRinbn>T(%^a&~O0x6$Zcp!T}aU8vk_aUjQk>@Kgo0ole4*jciCzB^U(Rt%FM
zjlKeMk@fycyg@-fxs-*a!<i#CXj(a_sLiD@9o^mUdqWVyIoIlTcU?7@eoaJX2J*)F
znEl-Ny)lm1MU~ot#rsPm#l&yon-{?~d#DCnf0Hkc`1pAl-PVlKyk7gZ#e#Jzsk#?L
zmPm+pp1#2~qryC*Dc*Izirt_EfB1V}i6Q;pnV6xHWy64qDJxjmuIsGW6k-J;OE9Z?
zwyRQFe#iRo+rvw4;)P*4azo$n6ra>{)VegV>O3h|U0pNDfMn72xhk$KvQhLsHGMYT
z*)?*rLh49H9iZj0W*%Z2oSj{c0{adXQ-k%5U24<Yra$#IYT{3nWm*k+aRcNK%TWt|
z+ZSv<Z$1z|I~<y`O)<fiqUX<T@kxOaeiMjPJ4*{8*u`5gW>)!p-lB3vg*_Rxd=2J}
zdv9rJVbEzIa8Or*`+q<F-n1XuJ}t?a={0n8x#2C*;-V=Ng#OvDFgMfpy8sl;q~pf_
zpHJ-(tMvH3!S$g*e1z0eUSo18o+mlcBJfYA3j>=IcN^gml;|kZ*IKV@G@(Bqv6qyB
zmV39=_i?E(E+GY77>?kDzdG!u4Qz^+YA7K5x8B{6y$hWMIiy{|BoBwO(EAs|gZo-$
zIie6)rc>iz8BOtScDXL|`r6z_lk`<4@gompu1oC_!CLp~q(4KX;<8h`H?4I37ln;{
z_`p9~Z_Aw1TVI8b#SAUF5~?1#lNJUby$$RQkY4>v_kE!yNrZTQm<~vH$OnsGi$^aj
z?~8`T1fgUm2Lqn2d`*rm4bEA4LA-$U=1RNu-}gq`bc!eHlgv@x9lXh6ywVMJ-c>&n
zbP`F|9P9~e6`NHxm5lWC_<^8vkxNG$6Q{r3S~01{!Iw*U$DioSNq(+3Ulb`VEg>+R
z8{aK-ZqfFCPl-!$YjcmV>Q<{i((D#^g_H988d6CL#@t+zo-Z>d6J#wb6f#1!nhZ@%
z2PHXSH!DnK-fh|G^p9rk_fC7+2<|Gkj@)Ooj&fG|k$y1{@3ttCZ!$U0<Laa~!Yl_K
z*i?<%%%)tu-v7ZL@4Q=#|IXm5OO8|6U=m7}Oh?b#DbbZxEI$CHYbh*_2JWcZwnXXR
zFqsX(|9cOdrizTjK780i&HCf=$$Ih$W@h~*>$?)sR}GW|6hhFnm@mMkc`E8}{l?Y=
z<+9}O<gnzv(AP2Xf}~v$5lTG$Se~jwi1FXuqQjaE8>TlcQ_&f(p3*Y#;&F^;ScPP|
zn&F8U%@7bVS{X1`P2WSIgx@D+9Bv`kw+v1tCIdrG5sY+H2*tn^LiW=~r~HO~OTrr7
z^hoaGAXJr~)h8I{j%VL=|3^OwynZW&fd07(o4A*xw9x+42GP>0DfjaA3B$4iaf>}#
z>A5=7&(7+5sNWoiT%IA{5Am$EDO#n^pgcn&URV9NK3|i#NGS}J^(?)6i~U8?_%eO6
zoZAnIL)CuI80e7)f=PeL5NR&S20P1i4MVY3>DA@;g%S(_uy5g|2!S);W^xA*sa#dL
z6Z=C|5kFMheK;Wwh~2(F)1QQQG7Kn%MFX~@uhA=o%wQUvA7{0ar)cxn3k9to4ZjD@
z(`X`GX~>?0IMtUL7EC^hA^S3yu*iW@_{DgO7cV%bzCrQ6Pe51`^JvFD)ov2SLq5sY
zb~%d^7q{~FztaST=pu#UQgo9)9MV(`EUhWdQT#PDanmAkFXXBI3^A!%;^FeT4tIN^
zgM%4|awL;Ro-?mhL-164vBMZ^Jpf-|S8BtH$14^5)|oEdjUq#Qf<6Rgx0C=!>Rtyu
zyV{YHVC|BgI%}W`&v7Z(!$@u8meGr<zM~W~E<O`vbCxIZ>xlf9$rnVSm3uv7`8Rlf
z`Z$1)Ya{V9!&AjGYcj>o)JRTdQS(=k%n(reD??1rj6m09PUz<!*XB{hIP2_+vbVaF
zR~j~nB*xD*nH(mkSv~q*7>@vL?fYTiY&1vFb3IWkEG&N<$SBp(KYyH=(I}2iS~AS|
z?1Sc5(;c>V$0vK;G5+m|f>$YjDiKb$v-{q#c6GAvDQZ-rhBs12a_2T|?2yK<2CNzb
zeHCc)T;GT7ceo)37!^BKPZYOXGy8IV@+q1d5{?)@@V~&eS~Dn~GFXlXdw_8JxqVfr
zZuVg8^^3R39`^ZmGTC`~>0SbUjgE2a>%yCiv6YgX7@sKLv*8oY@EgR|>^X)SdnM=4
zsM&nbHuH7@dx#Trj_~nz#uWTKN2^41#exCJ@g+9l$Sdmw-y=M0#IXA;$u^4tdQ9dT
z&uu^dH4X_J?V<i);pXd}uIpp<I7S$U;2n_^4D>yN3M4x+n2)6JDRRAB;YyQD#%KzF
zO_9zT8B<eB#1qEG3}Ci)uPW0>EO{7Earp67UvD?)%%gRt4G#FloMn7sVnWQm5<#o1
z<rYT@vBQF{?*nzf!LfOzzAsb~X<ThZmw3#5n}svj)GBW^t3PuQKzpNlNWq@=NG-b$
zhA8RhTuP;OvNX<|*T1~}fTDfvJGC0whAyoo>BcIQ6a!8L%Exy|SWH&_M-$^e4@G&q
z^!^6RYK6CBr|oX3WsZ>tX;5k4sbD-;j6XV}YM|A7GLG9v>8>2+w+0w+XyXdk-vtP$
zM#!^wtQ9#(qx}`Aq+uem)4e<mG-J|{G}!vu%3a0MtqiVVj?IIw%K|XL3a&nm8A_M%
z4TY8f-0B4}*{NY3l`&LZA&Dg<>EH!P-eQGCB&AKb{l3OmT|qt2i>;exO>Qlok-sjq
zQnj4hyE{}JxxHdG{_tl^(6oG;{e$l{ctn!*F>Ani;EynmePn3tSm^I>KNT{VbmLEQ
zK#&QGbsrGS<HLa2>ox|)UUYIufAD?*goG1)I8F_+%<!>-;`H4<1iFrbT|EoQPM5y@
zg^hr9IT!kG^(lMcU0*AXCr3?qaSFKR-sAD&1m;*?$i3mE<P+zD)t~>Y7V1Bn%aIob
z892sDZt48&A!aPMj*yHC_nH1Z7``#VF{x5MAtX0iPwNUpOK?Kc7P*3KX1c8n;m0!s
zZBnGqgt5uiQ8xz{01K)7{K{f+qB3qBR<{ylXx;1PcjuTZCREf7CgN&#pJJh4qIYae
zPZ3YzB1H7sC&0q{*nJYKWcFgj{Mc(V|Dr82Sx@cuF({%)v{$F@h6nX`9iO&%m?$r9
z#Nzv{=Sfn-ACC7M>c}lnBT6&8Re@-!GCUS@l3#ZyJ>i#3&;R#dh%AO*RS9pJ{Pt~C
z?)v1U?h9?Qud(TMUx>=5sN^alP*uaeFPPun*!#_lTX&td?A;uB$B5Z0mlZ;4Xq*ec
z@C1rhL)X^%v1F1O`+?iXi8e;DL(+;9>p`dyiZvlzaPggl&9#%5U8<aAZlaaq#_w%&
z%FS(y_7;A_vX$@`(345W2hFSIQ~q{}*g%`!EF{@nOf=r`s0b*mH9fZ$k@M_`^-GpK
zC!1Uuf~4mY`qk$}bKVseUB1fHR$ffYu+BEZY39H@%|G=(uY|3Y@H}p`N&cYG?t$S3
z>KUJbY+695cjm**wOK?;;0Z)(%whO9CHw7&D3@PNSAv$Dj~);X1~qxV8lovV`<A{p
z9wzu{?c)ATwNBqEXD?e3vuAhs!E~WOCM-%rNel>+u!M`g0_{Q4c&k{r3M>ku>$ffY
z&U*;3f6PZS_->Qy{r^rhyacE=8gDwS2o&n#y^df-fBu_K=668_dBZtA^6M1y_EAa|
zaf~XaTWpnD#b+7+@Mz~2Xelo6{4R-=xRd}=MDL@Wncuh`@(2R}Hmhf9Wi*B-P32mH
zI2oaWmNVO8N5W@34h>dCBX7iu@@Dg0N_&g_LsEP9Y1(&6Y>o@;(OptbP9R3yI(4lQ
zjGiR0R)0I2*Ufc2sP9{|4kKLqM8o2Z7huNoLyg}MMwP-|pQ-m<GiogoPlXJwzNN7b
z760eS46=og5PW8|$^>s>;*JA_c_13bY}hl`r--ra1Q6l!`B*>SLVK;&XER~*oKpJ~
zvoeRQtYXF4N)n&&+x{AI%aO>(L{QCKji!H{@T<bBODL<N;onH1np(T)_0k8b4pI^L
zq{Kmn8m5746M2uTm+hQ-SHD(wshsDHe17<qlp*hTi<bxI&l>}B6bb)Lwz@;sD5EL8
z)HBb+7C$oJJ2KXYmJ6>qfn6aZ#vBKT3C2ILk~R;&1#*tl#M_uU^+@J`en4PS{k_e(
zR;;IwkDRdLm)$N4QS-XTXenN9zZd0gIl8_&che&aw_Cugm^A5C8+@GyD~JvvR~aLX
zIVO=<0ef*4sy77K=xf1Di<!=Waz#+NB{eAUW{sJbKfQV;-$ZSXR&0sYx=$*Z#G(&_
z@JuT1pXO_LT5m|lZ{N@wC=O4*SAfaN&<w93674xlU%zUvCS$189@8u=93RUBx_1fj
zC&AjhV@?%65-zP@$<JPs`d+yXksAT7c?hd+(YY_-U{-Wq3GZ;JSF#{#+(Op*!{Ceh
zr-tS2#LsxEh9nUhVG&`Zsb5AVQFLA}p9PjI$r(BbH`0a#%FHNZyWqvK@sVmUD0l}r
z&4%ny>U9ANhW*Ud=ZQIT?_?an4IHHMi!Uj$W3|vRU~}d9yE!j%yewin4PMCi;GZzw
zcyXHkoy=_pgR18vvzAw$xnDn<CR7*nT6AD&h>kT*v{$h7%QnuLmp9o_(!{U_be-d`
z`TrRSrW#0_ju#Y|FrAMqSCqZ2HrxjCFU?b{e3vYczLJ~to_P^WQ<Ow~O3t5#eGC<E
z*A!@JfBru7f=To3$G+yJT}I-aRNghU#8h4jEvTX=22M8A`E$?^I_%p4dS}20+cbRG
zs`o;xgHT9`B`eG=*qFW3Z0dT|m)BxWh)*RQ+m4hQnZgoL&&mkU$bB=KdN;*-a=l=e
zFNGX!kp8SqD4EUhyQA2JlE#)}`x;`}U$YbYjLP1e;eT>>ZQNl_GkxF&8Pdq<gLWrJ
zV91M?Y&}>_ty;d<IMA0e_3ul0Z-3-K!970PMW&<wJF|G~B!7Ly3Z5sfqEyh8=p-}2
z^S`ebkfeV=daM{xHE!p_-<Y1ee}lvD0&Sd5MVd0h8?Qj*5YcqTgaVKm0*Us(Y?9^Z
z($N96ylgzRy!=+->}g8j81Vk?qbc?D$J}6IOje$tI)ikx*HAW|u}2#C)ZuLDP&MC*
z`WoMDYNq~GBPh7ykX4#hj>ZJX>{(5`bFn}}F|P;4zAW!@+|M)$+=1fHKFzcPC}aIj
zF0++pNp>&+jpS_CZ>Uc<Hu#6Dtp+Y7;+AY9D?8Wa#T1QOOlcU@S$*BOr+a_@R2jFq
zGR==WilPOR2JfY|b7wbX6Nbue>+SnQN$br!KoX-cW+o<lC_cX-xGS_-)!(LLJ2D|K
ztl}dc{Q`#MxYXr6xc!qr8e*ssw|zUMP3}NXs{nL=Xvza6RY?K_iM&GZf`25lm7d<!
zRdcF9PPOEqyf_*{c!Tw&i=|l1AH}>*wi{X;rqwRT3wd&GdR6D{$<Y|`X6vzPD_!|K
zX=c4`E~qkf(GgLsH?~c+{tP0NxR<lmaY*tj4%Evz5rhe9zb9-DP)yT1SxcU?kR@4{
zZ%j1YaZg(No{s$o+FuE9y%U@h+t{)~FJVBwI&aj%Grq)UNm_o$g}*fWAaBZ__lR%e
zsxn;L!NDO0S#FP%a=_UWI}lf;;yyLU)i+{W0@^EfiVj?A6&3&_I<Q;II$B2kxJFQB
zWov<cM`|3?A??E9Hrb4|qTT?R3ZL3#9Bk<QKJA_?=rL;qbH3a?Et96`Q|`3>X!63}
zC+p{^h+KH7_IXSRqGIu#+IZb40hy|wJMMl#)5(*MsnWSp$4xhboi{tqfVWpRe%=zu
zaX>)LJ?Ktsyb^C26TQ2M3f#zClK9s3@H|)r#D`llGjjL-SkX6ep%mcZhVTyTlSNk{
zkRIAwOn&9re=*@3+5TU06`A{d$}a7GuxOfemd*5xx03=4TOnE#dcoo}oRRQV2^-Oz
z97q2PfT)w9Exv1gsGCkUoKjS0`7vxMYQh``;DzuNx%~^2U20MrzSa42{j!*-Kx`|a
z6MvYW%@fwTR-koC8!^Oug_7!eo;(3@qr!Uvqb?AwHXm~2ftX6|do6bh9Dlbxn*Qg}
z^D)scAndNidvoVe_}C@N*LpARZY>r!HwSzQ!EvbXi(9p%Wb}Av-=Q0p4R&Oi(&n@7
zixAleVd^J044S|6k!OUeN_5|U_I&Lr#xh#w&XlwgAVkU-ExZC2fjf}isTFS}mozp`
z5Y7rG0lIs>c3#Ad$<q=dMGC0G%<osusAC2`vgUrv4EBNjn3OKw5FWSmPS_;kFr>_U
zvmKx^qn^s+N=L)mQ^OM7qo-mM5Fj6bh*NsV^ZZX6G~N#J(Lt1Rjy{S{A2vTN&8xHr
z;@^f1qG^<ohe*_frw6~#@T;XTvE%)4d?~Y*$6xiX9Gm%F!wWja=%=`hjmG!9yi5IG
zq}x!qYrg~@%Ll)|tst1Rb;=NJb=8ej%gv{_O>_EYziBm?%+_o+2;pqq!B>X&JY-OA
z<Qb_`HM$h-Y7o~A_#A?aRsM8vJ-`%coHh4fHHY*{s@5=Pw~9oiL=D(=d9$Y=kZe9e
zG82-RZ(@FQ8gU?XNTC@Mk}0h;0w4<T`@kZlIF?|eLV===Dz7^p!p4n$wx5(ld~R^p
zd@*+wM{i{DtQeb)4q;NJ<VqNvv$kQGLZ2mU%pt?2I*RWG%(P9|i2L_5YC@kMyP9ZA
z0ieA~Y0(Cn+|5tPovRdZy_O7XBT(y8Ib)(0SLEm@&9U966>%a{zkQvcNV3P=m8c$D
z7|%naW6`!Ek`qqrP8{tzcSc8L;i4){X`uD4;`(;b0&CV6pQczF?vsz*dK-F_9H{W|
zwP4eKT0%)%=g0az`o@Q>Z(?@0ae@V#5SB`p;b&#HdKeRZCheBwX6vCAhYV+#M!Z=(
z{!mY<0EF2qPD;+BL!s3inoIUdDxR6;VF~BsGvW4Sl(Wv)=6NKRF#0hFZxz_2g%)F)
z<vWg31=oZ!_BX12KzsA`zWSIXI~xtv#0)Qu5npZry!&=}kNQPs@i6efmzSQWN=mz9
zz5zlkzPNE3g%2VYMQ+gLrlKF7#%A2jPPUk+lv6i)^yReI3V(IgHlxZzKm-uIE(p;?
zrg5BOTVy=?`Vsr3xVGNKraAo)lJ!5(YpQVK<2@}})n-Vxp4PIbmPmsHv3IsCqdkuC
zgbdMj^-b!$pMxFZ+1bA#!wk{DD=O~x@dMoy07K?a1hnKujK85w4zfY_dS?dXkL}g6
z&%_De+nB`lJS`cHx6LTBs)jECst48_@m(%+<R%7wHxWMQKxlyytaP&Zdf07He&lIU
z?Bw}r2Mtdj4h>MNK+rHOSx$)<y#YspOt&Fq*VMrWsLK?f?NYO@&_T1;GPl*w5YPif
zfvVi=9E3A&=LwR&zlSsWKC2qT`~6c6Z?piZCM7`N;(=5c+m{RZQXjoyLX-Bb%yph;
znApmD&oCD2!+4_Kc|Gz1?g6n7h|WK}Q*N}(dh+Yj!bWcc|J2-`Vx0}>!eDfwy>p+~
z_@lh};uwdfzmI2T4ED~+0+k#+Sit{lSCn-BuiYyBeDTRSju-JM8q*>a6e%r6b6!Hq
z7^)Z5DG7vu_{2zBz72z<%#_p=bZN3u;#p7tqsY8G9(TU%LnoYj9s)iD$)9xyW3ndz
zb*rKH?;f=VFX^UDQllt(7&>LSpUy#}?(_xwJ$&*Fx8HB1tM5Pua4IP*V;R;;jm`Zf
z0`cHNP9|(M7UH?0n{dARZ5-y437mP+O$hHZPI~!%dZ=vjI{Hd>gcjvUZd`oSh<%7S
z*dZvWLgL|?!ooq>mbSB*D{kuQ;VxyP2BexOg0%rShbW!f1?N&fW|dyk^5)}<Bz8BY
z4q5HlH*ytUsfMtV>73n5ifbr*ZyMT^Q4U3!FIftbr3z4>hV-Dz>x%S-)MwG-+Qjyx
zQ^QtK2syd*ti!ImCgA?!E>-%DSqYgyKUxyifuaLnmnc-)P4*d5#+IBW#b$gpxI;Z@
zLr^0yici?kp7IIIX{8GTce7fctfglGnVx6wA(?>gdFk=l@wg-_<5`{16aSxZ)o=dO
zc5^qVO?>RwQGgv@%6A?8w+1P3`|NATrd&Ln2MGsLy8-G}<cWMzgH*er;oYepnSR9@
z<Sl@P_n-5Y9ja`N*Se~B8(a~4v-aasnsW8QuYmcvXds_~=}`#Yt!vqt<}WT6=#oCX
z$m1~#Pme}6ioHMDL(0j`fx;)9y_I3HU{>L!--SSzDFULb;Z$(oQxZyt`b*PGNGWX$
z+Hu`dJ6<b923llSR#tvx5E8F6gBUBnu@E&PTAO9f-{A++D{bbJD#Zs?7C-<(i{@#^
zl?*T|qyOkyOD-)CAtA-}^`W+^ZIA9)1swSmdrpgPrZ``4D-kRxR=%a0`#*V_ra0VG
zt`QS04^RA)tnPZPYEeF4_gZzZ2*#s7UGuy-%jdGjPll!6<HAn3jw31ZETFhg&Heh1
z-wR5c?t=H_`)8)&%6|O*8Mj!0o|~*1Wn6rGQjmfPi&9`@Yd>l1<f)A$NT~}ZMWqCf
z(?me~H4?7I*#ej_Y5P}Q<@4&r(}MJY$ebUZ-@<&J+B6Evz4YgQ`IldR=37ynD@>zi
z4L{(|aq?>pUCV1wr5z?R)URaM`a80N8|+vCY6Kl;Aya?X58b|8@4O`jRErA6`o=F0
z=<;3;ndIl}*DZcH$Ebm#r7=A53OU01x(|P*omss{=sGOKc5(r1fdMcQNv8gtjhO_e
z?gML}`7!8hw*~@H0eL6p_A|3?sYp?4%_IS6apcyP_n6xNe8CI+7x#E%GwU_$$oenL
zpx**E$EZ8b(i1DfMmqf4+%0<?`L5SgHxVxf#gJVInvdMyL6AJPlY%^{0|J+#TJAoy
yM_#<xa=Cl*Lm1Q2Vz<t4R}lhglyew%`ur(nfuenw#LCer@S~}rhpbh<8}WZ@NoGy}

literal 0
HcmV?d00001

diff --git a/templates/zinst/config.yml b/templates/zinst/config.yml
new file mode 100644
index 0000000..131e852
--- /dev/null
+++ b/templates/zinst/config.yml
@@ -0,0 +1,5 @@
+name: Zinst Package repository
+description: |
+  Infra as a code by your own packages. http://zinst.me
+version: v7.0.5
+category: DevOps

From 0647f8edce07005231c0c3eb9356fc82a6b05d63 Mon Sep 17 00:00:00 2001
From: Alwex <alashai8@gmail.com>
Date: Tue, 22 Aug 2017 12:55:20 -0700
Subject: [PATCH 02/71] Internal DNS fix

Because container have host networking it wouldn't be able to access rancher internal DNS server so access to the ETCD by DNS/FQDN name wouldn't work.
---
 templates/portworx/0/docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/portworx/0/docker-compose.yml b/templates/portworx/0/docker-compose.yml
index c5143e6..b2a753d 100644
--- a/templates/portworx/0/docker-compose.yml
+++ b/templates/portworx/0/docker-compose.yml
@@ -1,5 +1,6 @@
 portworx:
   labels:
+    io.rancher.container.dns: 'true'
     io.rancher.container.create_agent: 'true'
     io.rancher.scheduler.global: 'true'
     io.rancher.container.pull_image: 'always'

From 66d5022e32ecaad82169fc062e5fe54cf01b628a Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 21:01:00 +0900
Subject: [PATCH 03/71] Update rancher-compose.yml

---
 templates/zinst/0/rancher-compose.yml | 34 +++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/templates/zinst/0/rancher-compose.yml b/templates/zinst/0/rancher-compose.yml
index c47a1bd..b11eae1 100644
--- a/templates/zinst/0/rancher-compose.yml
+++ b/templates/zinst/0/rancher-compose.yml
@@ -11,8 +11,32 @@
       required: true
       default: "8080"
       type: "int"
-
-zinst-repository:
-  retain_ip: true
-  scale: 1
-  start_on_create: true
+services:
+  zinst-repository:
+    retain_ip: true
+    scale: 1
+    start_on_create: true
+    health_check:
+      port: 80
+      interval: 5000
+      unhealthy_threshold: 3
+      request_line: ''
+      healthy_threshold: 2
+      response_timeout: 5000
+  zinst-lb:
+    scale: 1
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: zinst-repository
+        source_port: ${public_port}
+        target_port: 80
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 42
+      unhealthy_threshold: 3
+      interval: 2000

From f2a4a659035c2e9354423507560dcf4ffd4f5195 Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 21:02:13 +0900
Subject: [PATCH 04/71] Update docker-compose.yml

---
 templates/zinst/0/docker-compose.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/templates/zinst/0/docker-compose.yml b/templates/zinst/0/docker-compose.yml
index 89de073..59f47d7 100644
--- a/templates/zinst/0/docker-compose.yml
+++ b/templates/zinst/0/docker-compose.yml
@@ -6,3 +6,7 @@ services:
     - 8080:80/tcp
     volumes:
     - /data/dist
+  zinst-lb:
+    image: rancher/lb-service-haproxy:v0.6.4
+    ports:
+    - ${public_port}:${public_port}/tcp

From a49d0cb6685c4489c8de5d298f348f2296f126fe Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 21:03:57 +0900
Subject: [PATCH 05/71] Update docker-compose.yml

---
 templates/zinst/0/docker-compose.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/templates/zinst/0/docker-compose.yml b/templates/zinst/0/docker-compose.yml
index 59f47d7..cecfbe0 100644
--- a/templates/zinst/0/docker-compose.yml
+++ b/templates/zinst/0/docker-compose.yml
@@ -5,8 +5,11 @@ services:
     ports:
     - 8080:80/tcp
     volumes:
-    - /data/dist
+    - zinst-data:/data/dist
   zinst-lb:
     image: rancher/lb-service-haproxy:v0.6.4
     ports:
     - ${public_port}:${public_port}/tcp
+volumes:
+  zinst-data:
+    driver: local

From 9a9dbdf9f08ce73e9e9adfe744d8ae7d72c5db8e Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 21:04:49 +0900
Subject: [PATCH 06/71] Update rancher-compose.yml

---
 templates/zinst/0/rancher-compose.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/zinst/0/rancher-compose.yml b/templates/zinst/0/rancher-compose.yml
index b11eae1..2d45905 100644
--- a/templates/zinst/0/rancher-compose.yml
+++ b/templates/zinst/0/rancher-compose.yml
@@ -1,4 +1,5 @@
-.catalog:
+version: '2'
+catalog:
   name: "zinst-repository"
   version: "7.0.5"
   description: "Infra as a code by your own packages. http://zinst.me"

From cfa546e8e6719ad2f20797ec351a35a6292f0acc Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 21:14:39 +0900
Subject: [PATCH 07/71] Update docker-compose.yml

---
 templates/zinst/0/docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/templates/zinst/0/docker-compose.yml b/templates/zinst/0/docker-compose.yml
index cecfbe0..6e528cb 100644
--- a/templates/zinst/0/docker-compose.yml
+++ b/templates/zinst/0/docker-compose.yml
@@ -2,8 +2,6 @@ version: '2'
 services:
   zinst-repository:
     image: zinst/zinst_repository:0.4
-    ports:
-    - 8080:80/tcp
     volumes:
     - zinst-data:/data/dist
   zinst-lb:

From eb3741997dde89cdd3b428a58b9ca9ff709ce0d5 Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 21:29:08 +0900
Subject: [PATCH 08/71] Update docker-compose.yml

---
 templates/zinst/0/docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/zinst/0/docker-compose.yml b/templates/zinst/0/docker-compose.yml
index 6e528cb..91eab26 100644
--- a/templates/zinst/0/docker-compose.yml
+++ b/templates/zinst/0/docker-compose.yml
@@ -8,6 +8,7 @@ services:
     image: rancher/lb-service-haproxy:v0.6.4
     ports:
     - ${public_port}:${public_port}/tcp
+    
 volumes:
   zinst-data:
     driver: local

From 09b9eb27d8d1a9905dc2d50eaf15c5969fec6e6c Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 21:31:09 +0900
Subject: [PATCH 09/71] Update rancher-compose.yml

---
 templates/zinst/0/rancher-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/zinst/0/rancher-compose.yml b/templates/zinst/0/rancher-compose.yml
index 2d45905..69874c8 100644
--- a/templates/zinst/0/rancher-compose.yml
+++ b/templates/zinst/0/rancher-compose.yml
@@ -12,6 +12,7 @@ catalog:
       required: true
       default: "8080"
       type: "int"
+      
 services:
   zinst-repository:
     retain_ip: true

From 1432bc3cb63088530a68a937ac8bbf2916fd9a9f Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Thu, 7 Sep 2017 22:20:25 +0900
Subject: [PATCH 10/71] Update config.yml

---
 templates/zinst/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/zinst/config.yml b/templates/zinst/config.yml
index 131e852..ac31f51 100644
--- a/templates/zinst/config.yml
+++ b/templates/zinst/config.yml
@@ -1,5 +1,5 @@
 name: Zinst Package repository
 description: |
   Infra as a code by your own packages. http://zinst.me
-version: v7.0.5
+version: 7.0.5
 category: DevOps

From 44d518231cdb29367bb91ec26b87bbef59425831 Mon Sep 17 00:00:00 2001
From: v_ycyxdeng <v_ycyxdeng@webank.com>
Date: Thu, 14 Sep 2017 14:53:10 +0800
Subject: [PATCH 11/71] Add catalog icon for aliyunecs

---
 .../aliyunecs/catalogIcon-aliyunecs.png         | Bin 0 -> 38008 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 machine-templates/aliyunecs/catalogIcon-aliyunecs.png

diff --git a/machine-templates/aliyunecs/catalogIcon-aliyunecs.png b/machine-templates/aliyunecs/catalogIcon-aliyunecs.png
new file mode 100644
index 0000000000000000000000000000000000000000..5f6c08aafcd5c3596ac45d94f7dbc1ef649a45cc
GIT binary patch
literal 38008
zcmdpdgKsWh)b-Q$scqZ3wQbw&ueNn-+qT`_>ejYx+qT`l_x+OhpZI1nImt<OGPCwt
z>+GDfCqhwP0v-kj1^@uSOG%0<0{|fL|NB6J{+mJED#-dbKp4qLhys58_s;JsO9B9h
z08*kts_xmBT^{KsD_X~I-8)<yB+L!Z^U8@;y6RHRofGvjAPfezAVCF?>6V*xd?E|D
z6Ra#?axc3c?Ex79p~sd6>6V#&eDLrrzZ=q@4HnY-P}tdp>*?(4F|28&$WyGQ$VsmG
zPP|UyoJnb=X|!mlE18uY{ZbUv)WuB(xg2LaZn$>dFr<YgBqT=Ed)Yfc@c&&iDe|@4
z+}zD@IR-Ajf7@Vl_nn`ft}_1)T$-D!Gd%@X78My!%tEXGi%Bg&t%{9}r5B;p{1>Pb
z`u}Ahv7IZJUbZBt;C-~O>DL=5a10+HIR;Ng4LzRU3rLr7;3yIS6$Qp$C-wqB$$&6M
zpdhmVe*m};C=^i;@XVoC?sj+=f(1C%H=k~!m+4xsk>nc4I*SDl1S(x9_%l~4djOCM
zg@S=#f~`a;+X141K}4bqaRVTjUdd3DqDZWm#FTqU%}6BC!7>-ssKRfXk|++GKx_TJ
zm|>PqS^O;6CB3cKHDN*ZR5ZcyiAJY!rDN`xUnMqXjO}Dflh;Jft`FR=qu#}vR2*E@
zo-Fr`DD#ZbVOTl&amp-{mQbauRTjLZyTDnC&S6!^P`pE~1;ImJZQGq8{|ITcB~%l*
z!(LCmrgd`z4^W?4QcVRiBICR+d;-tuNxhI-Sgic>u<gLQxYd~;u@L?P&}ws5^)E8x
zOX5fDKsrvLcwm66AO@10qGe=TzP}&@ClMzqJTQR|5`}Kwl1voi?h0sqF$=w{W$tsv
z+7<eKKLbe(l?xs2Fn1)1kQ-mWo4d@)+wX~8M4V-cOZd2#<k6ZPCSmLh>QOz$c3zN~
zpbTFF<^+&+&?@z~73>4SHkA)yMjM^9a7fw(9X}Th6a>%gn1HkL66%#4)3vL@qmp|O
z^nfraC2C*TBg%#XB?cpF4VWC85(aMWsl_^QZB6CyT|A+`V|?^^VnDz}*`-u~tMk~@
z;x3`Q%ivu;ej^O=8|OLV4k%yK7gkt+Fg8GCCNV4ak*T2I!zr6|9ACnb{;v|Ie>nvh
zb-+#_q&9_(%XRC9NhaB%33-SUkj5>-wYiE~D_FQ=9UOGOYij$37a3QDS*XutE3z;P
zA}|Z8CPV=Ma|uVFf(eBNkr__h=+SNHm`J8`hs?|q;Gpt}tXz}3PJvX2lB_}N*m@W|
ziD@Aifo<7Hc&wTAMERg{NJOaPL4is6bje+Kc)!rTidVbSL|};9C*+W*6XT^&HZT&j
zjzJ3)iB-e-RzWMl)no`TIW_-axEA?!KfN4=;A23Z(^s@$y<=)N6(gC5KN}#cli?@*
zEx0tC^Hp3}DBil0x8nzeYF=sjZy*WL)rKm^z?Sjof$m}92yj{~WxxaiPOKsh6@c_0
z`II@YI1uFfX!w`lc)jRt@T>dTM4mKOVelPzG%cBO6;-MMER!udGvghYQP?>)e|=-=
z+HL5*$L{)Y-s6g$i-4Zh5i)GUI~o==Cn>C|Q7pj3!Y}}<Y+f@^&}<hB;=8;Nv=76W
z9_aVLvQdeKK^GaSH8G0^m_URN1ILghS&rZoL1lmUQ`5>=HcX3m_WcfQx|0O`&mm$Q
zC59L|5R|M~i2#3Zofxkjk~YrpP3CP7gb=?x6FD=bnC=M*DI-}@f)V6ay<%_-p5PRC
z(P&RrsCx?-JrYWcl~qa<Oa~Fx%9NrQ6=Ru0DpKo;&fQO>zite{?{@F5$YJN4!FXPe
zO{?wU86l_?LugKz+hhUTHA&T>0HbRk!!x@~)y9>k)SStCD(W5MNM9Fig~cwWEFm5l
zak#AWevIPw)!_V;<aY#|VP(PDBPEyTOQsKOnOqm+A;SovfFC`($0{^6cX9$R7GqW$
zI(IEI_*?08TFWI=5x5(&s6Z)DApYpGjSa%J8&qc`_~R+J6(7mZAr-21#m}1iF(Ev^
z?i%g5Dy_buT((DV{Avz)SlvPBH~9st{v2^d?nMAOg0E19T6Gd8v#eb$6b4}FJtFy2
zb$8eKi50h%gXkM6L2!QrhDC^=Hv!TB2P}ik{4X)6?=bv#I+01F!5wLS8!QMEStK-G
z@7UIiYL<K@gLyHgf*~!;^5I!Ex|F5>L~<W9uvf6mYprDhnlif933+Ziz<Uc><QO7o
z!9*T%a>*ZJ;u@|PONst9R;JC(Z?&tZ{Zy^{LHfd$Hino^1PD(e5~?6;T4I|MoCA_$
zz(>fOICdCgL0U^W%G+xB3PkW-C+rMS*iMNRkhCwhne^|YgZ)pyAZxNN$+_|~zO092
zE1w_NJEP#I$_PF`oqU1?F4Sm}nTqah`s;3fB}~S?k*{X5Ylui`6r)%+1PR~|hdUSX
zR`?GU5m)R@T`nTdjI<Gj?dz8>Xu?kTiMWjNfTz<@k|NR;j1+UEq7z|CP4kG8u6FPB
z2XG-c1eSJUjy0^b{%x57nVx{O9#V#@ppspXWTwQ+P3m089D^L}YI0Cg^V?FGH_fln
zsiK)LyQfpkqFBnPVSuR+L>T}$7rgJ|Z;5*O$bSmg!i&$4e5Q8wuzi*LZcI5z&1jw;
z#b-vtHWe870@2a0c2j@x1H0oKQ^2_jR%<8VUiv%m=?KZ6JvKOz8NI<gYLdtb|Fr?t
z?en>xv?XNr@EMTh5DAo%9y&Ckk`PmdrsX;s%5z-5T_kip@HAf2?4$8@jThxYHyFKD
zM2;L^o5KQA4~6Z(sPT5YLHFai>LiN<<}h+^sTu{d=bJM)areDDHPVtEUOLcJSnVnq
z(+hBaR{EVGZY#G5(~4&#8=#UVmoAm^Y~+gM8pZyup$p!`BfRQ%A93*u<M@oB2(1_d
z1p=D5kUg_jwyTByi6xe{!<?iwCZ*o*4$<MF$7*<lmX32vmA8m_jHO+}Z4y0{H_=mc
z($Jzw?;c%-<7=VwL^{NAHgF85(8$f=mF^z^(a9l+>v+)AJazAi&Kp15Jr{`QRtal?
zC~{}XP<_|_H3!&4AnYXYOksHHe3$1vcM|(4JNe%zTUkgnz~8Y5`l<4@@^Sx)fXT^Y
z;y#a4dGAm2%Q^<uF5g@6#K}`+8vxpZ2gfXTZvXqGQ}HQsw4HHz{p5e-e=z@kVRY@?
zgnWamf{Fl>h&e5`u=g$h`N|oTzsz4cA~FT`W3ZOeo^Sp01AUy;L?@E2Vj6$hi)qd+
zqlyDn`5bK$K_yDCa&l&Dh>vamnoq*EE0nTmvskps=}Z@G?mka$gx(OkGG+0Y4}rbB
zS1CFMjX#;QwW6K?RQ>a$e`Org6wA9{@^1uYe}oC*kuHwgshi5_9;4vzz!kf%Ra-a(
ziIz)mZU`)3KY7RpKmYsSjKdQU`=S*l<q3_)<(!jLda}Lsulmr}bYJ_93BRj(`&-_5
z1P`rSnN~}rI|O$h4O$$nq*lcU=q7PVkRRXotAbi(986!vUe_+Vyl#@yd1aAtrpicY
z)s(#1!m>OG8EIgM$V;(~F9;=pO}uW54E9<|JN+zcjsZH9qz%~-UJ;`6=z%ffP}Yx!
z)pFo^`k{Z~Rz*^2?8(?d7{V5{r2K>Tp~_pTpL#WY5XI7ONUCBvi_@xkX!VJ~jU*T@
z7K2t4f#;bpT1bd)@#i5MsNUc5<FT<Z{`CHbOuSAX=e7domQZQL$0l3rKAG~hFeLC5
zk_qt1PZ>LnU>sSpRrU1-6rc{RhcoX^|LSApoJ|&pAl}jL+mR>T9_vx#QY2?;!bPQ1
ze%O30ft28EG+AiKn<{~yZ=0w&AeR<OI1gYvH&?8t=pZ`1*;Wp|lx#xzFWy_tPu%+~
zCe<<B4aSqoZ)ZfRP-@_4;CXU7|94c-oug(=6v!oKnj#3v<bXxfKM*x6-?00;j??68
ziKJu^6eb0CG5rYRcD5aGnT)POWk$FH4XD##g^{~P>~%jbZ;IrU7w6`oF#wzf8Nt?X
z5qmi|FWp26Q0M)m+|%Sq?}i9zwkzho1F-^vfE??A;I`cOL^3Ym96j>zhX7V8;vilG
z0A!ry+PFleoApjEySoZyE5W%OhwsUxiGM}M2JSSY$2)4owzhZ(R5q1fwK6VF;K9Cu
zvQJlQT&L3yw-*Dq3U@*(t|D>S*qd(W2}D~TP>n{GqgBEUud=t2w9iL5;#S$7^ga2}
zn&%>{5>x4k<S-NFa5~K-D~;XO;owZKDaaFqPjU3PYWw!;lRD8p&|>r+!fu;?kgVgV
zvt-4GF(`H>#`>u5eSt8ec3Q0!nVWj`@B?BACFXGow7v$11&DI;9d&%`hYqWDzIKWV
z&2Sp=XvrV|`a)dj3nlGERyo%=kZGEZW2oL#bxk}%&1QOe%8TUy`3mn8!jvi<DDq<z
zAzi>e8E9dUA!gO{S-TWm#e5v_h6-j}f!8~SeWBToF&Kkw8B0`>`rt;VQH1T>Rz++u
zDlP-ckx#mUr=Ink+;H)2H&~Q0NA__N1IA#h-dZB+cv)jM($R7tmuy5q;9L?U#S6{L
zmOMnD&Gn<*)r?tUV3{npXP`uYBsGyticE=i`G_F53JkS1Qud_mF-U&PTBHoWctX1T
z9dni>qZR=V&0?6tP2T>nb>#iDhrwzmY$|XR?smk!Wo|E0tzLB;%>Fsp$IPAC&|BSK
z0!u{IW;nyKv$3Xqw`nPtwm&z`Y9!^9UQ34vY>j0BCXLW4cKbx)`gw#OcRBa56XJq}
zR=eh}IMa-J9j{a%4j5K=U7I;ey}e@@{iU!Ut|h3{p{JU)gmHs3{8>{`B5_vYrhmM1
z$SP2ZHE+vWhlpxUhFPbm`?0`#z%95hciPfp8yuDh8+a1XliUW?8pJLIU``^{Q9+m&
zMI1Yl+sv(bJ$HZFfIQhkf;{o60$RIyqn<=7G9z5K{nGn&s78qYK<ZWo$*;}#Xl{8l
zH|`d^C^DM0T(h85U(E^e#cI{8>mQ|0IPI09+es+%5lG+XNz|Eamr7f6<S9l;P?PuB
zi2o_;y>C~Ae;JaDgkysmN^XtREGZ{g@cY;5J=piFxx<?d8#NMp%cL`C&;A0ynRUw1
zd-vo1j$w{PT1i$DI%NA&TwVpoIG#%si`cSc&9Pkf2|wuTX8HNSfKO079wI(o(dtdm
zN*5an>6)as_`ia?J!rqvqPK^hi4lS73Uio1QE)*bK2+7VixzbM>E#jOzO|rGGo}If
zuVUl~_q~bF_ZM}{o`@iDt-OkL^E6sfY;9u#A?m0=FRR#xS^NVpejLItO-=qkiV1Vh
zsivg6;udBzYGmQe{%~Uw?r&~SJ^Lel<8+f&Ni*ONw3?>hX6>dE6EDX*Ke?>@^JUDH
zYYEgjpW;`<{()h15)Q{DUF$zNG9NwUSF3xP6?FY#CV{)2TtVevLg-PAIo_t+hw+2O
zb%=!TjNk7Z`w=`rSAmoXg8rb4Xf(6X0M}>WL{OIb?66%Ffy5o~rL+5|o$x+Nzj8IM
zSd=zTgt}zQmqYDJsjzO*oYn<YH)HCqDU5&aqyOf#7oY2~l1M_9J=V!gXQgTl4U~Go
zbL#Iz+V<PUdN)Th=!?!N&`=~pzfaf;)w*~Wl0Wz774pcsk!sZJxY=vnI%y8Lqo-fz
zce|b!?N#HDRKT1D88n+}&Xp7At3`x<0+E+_^4A1Z%w2^;!tvy$YU`=v>&{8_NR#ct
zT<Ld`zsuD6E59@-y?aWuPgT{^%e{+0YwZs%A3|W9DXbt8pMjC7wFuwa;~8yv@_H!k
zKym5)x}oQ%tM~iYK~T$(cXsz|Fx2AEk-Sx0m^r+8q$M%@`S!{e#xD<-^da_Kp5wJp
za=}L;Pv3jJ8F=VFn5?<jUEC4D5wa%QlNw#FceH*K40POH4nb_x!IFXcc0KIa=Qch#
z>*as*iAoR63iKTn9^MI8eaCPgY<n1e_nnnw{*obp8F7Vk%CtN?9l+V(P}O2zby(h(
z`r*0itKgCr)GpSRqX|<N`$*$1#}SpzyC)Knb72$3Q`3R6{pucLaM!&lP=LGngeU06
zFF(^7oh2h(qT4_B_`@|lRlxI(+0#Cy$6W?nRc+wOD+3iDZ|d*9A27-!L_BpIm~<SB
z^`ENy7!QQ~cgE%pHXGv+KnY`-F7VG1yL>9ODEcJ)FY&??%pJ6zXN^kSZ?niE*?!1T
zq2FZ<TX{~>)VYXO3IHJ(W??9<l3k|T3j6DxFMWp>85WTpQr`4c4Y9cxg^LpwF@*%y
z%m^S&(87mFBh7JTx6v)z&4uo31<iZ9yl4<CnfYn2A>a1s;2=(<@BYK&RQ3q^bd5oi
z%2IIY@wpJPfwk%OWoQmWBy}&U_fF+OmLDhm6}&icT9LqdBSU`%wMK*tC;-Tq&Xkz2
zyMKK?{NuU@|APuqSO+c7@mh$r9zD<Ce%yFbNY|1LPYka-gQ5Se`!847uqRneSV#tq
zPJhjZ9p3-)Eg)Lv&j}*UNzR93A=iDubRLy`_OE0>)=CpEFnc%u#|;x8uVJ#h$3R`p
zt>8GA#c`}vJ3g1@{JWFuIiIC5G!9$rca7`yMbFtt>sKNSfu#0-I}@Gp_)}z3_8#D*
zL0YU3Q9+OOFTpkM=)W!_Gvpi&>hH-+BItVFL3xgggP4lyO5MJ^?%sQDzP3!5qlV}E
zFxyS7JIv{Pim=Z%?-KvfBKcVl<pKItkiUpB6npft45|ONHPaNJw~2q8_=Zl`><2ql
zFCHe_$2#E(64<BzwG+(uF$Nf`>zfEDv&aLK6$;;w*C5(|oOzC*tC<A_Xhq1<A+z8j
zkBk^NXzw=d5a@rnp<&1(3@4>o1c_T(I(EQ|6&r1SRD5Uol03bb#LzzaP%!lLffa$V
zYd`NPC5cc;bUBamx_bG<auI9k@hN)1b0RB(&atD9FL@Gisv^hGl099O*hgvjB(azQ
zwTB`qmmqpR#x%&#0B#NLcewBNZ<L#k$W@m4f5`l+;kTzv!j$*Xr=<E!>E`0^)BpO)
zxGV^WHklMM;V6vXi9b1xt1}d32{l^n;JO^_#5nr%qS1l<RWX8QkD{K)-i0S;tJL%;
z4n6%FvzllxcC1wE&yI?58a$uCa8&x7h-D3ts9&yoOr%nb7hUlYwb5_wD`}_%Cv;I6
z+pwyQqF%LZ2I?_qeMK*T>2`(4RsCE~Z5An+gmibZ7%k=QieW(DIj%Y>+f})Zyz|OW
zcPaeG!nGOk5(>0Wl2r8Z?@#J6`OU2$jY6?iC};yP6WI)&c^RSQLUeNWt+&mD0K9TC
zEZaH47J)Vnwa<bvA<KS*3ReYLKFEoJywd))raxB3G(+|x<9OzMkYY+$%Y7d7mwQRi
z!^zh?F6Ox}zIY<@{-Wbf1F7JoKaEFysW`)s=GN`jdqrM&R0pWhCREXCgR52jTZsts
zVeMki*~iibDTL7$hvNdIa8zVmXjEVAXE=3>ZJx|OWX9cD6XVO6Gzh5G99eNGhtY`1
zO~?0!iQs-kuJ~3aF>+sS%9E!KrQ#9w&zF4FybT?*?QAR<-LiLJ{5dIPHqE;rLgPim
ziya#J#|~Nh*M!v#YH`M#%8ii4V>p&Ha1frFKl%?~1$tmHbVA?_j2Qmxq)0)uhnJKH
zqo||Ud_<fdlSKwi9GVSuFP<S1gtS?}sc;c6aAp!!lPwv?sfVYV=qOCVfNA&X>S{7e
z4El7fkkN19&byn79DzKBP6YYZg(LF9IEQ7jlBY)<fPra;TxIwlJu^kDm*=jgpJ~6O
znh$nkw8`FmImg&{AgY0Ia-tTZNA1sr&kMS8BF3KvEZ^UyXpUAE!i%T*C8dU$GZ|5B
zSFQnqqjD81j9C~UbGGsO`EFM$l&kGxmMrYF<md(vTeCHRYeV`>?khdRS$?ajziKv2
zJP|0EB^_XesU(~ttl${ARjOCr&#$_Z?cXw9r}ONmI}m`DX3MEjTw$`YqDOFoLwzBx
zUv8?FKnff)bE`(76NuTazX`as%~NeAz9P<%KRKasw1inPDN74P0~Xkr-6WTr_H^G#
zS?EbZ@}ZG*T(ZQVUE5DP8~=US!oGZZw4Wee47iEe2TBB^S5QP#z$hI9aVs%j27NT1
z{(d~)nd%ct!Jd+a|8203_M(`S-M$DYMkV<Bp85O3UT`EajFTsWd)<N-dH<ACJj~Yc
zWs_n!Q@;-s5PCc)a*sO985ALIrKzx1<LxEPzzDK*EJs{@ldfwf-ykkN_TGHR;qBac
zjoUx>ku}g#CUFx>3%P%Km(90;^{(BSzwOf34_>3&dYj_0A%n6Ci8Du?&!m=xt4&ly
z%q2Vh&nthQ$+`Xza$JH;P14n8L$r<hzo!o?2y2*!YCVn%d`y-ZNIA7JZ>b|{*UQ$*
zRX3g)mJE$v`HMJ+aNbY^!+~cX&@U`#t98Q$%O)n+`7ajn1fF$TL!8`<_!61FC@CTU
z=$W72%>d+sW0ZK3T8&0T8;dE?DaZcBuqnSjXgW>=v}#iKtJ3R46V#n}$_@`u1H{Q|
z*Dq6TK_93zFU$jeuiTEoX^p+{p+bu<hU)b~MZxmeZ0H%P44qphbEZ8n7~#fPpw4)O
z`fJK5uO&}bo0cnkPp+U!%aX^XgOHK`;r?lF@0sF7DO!W}wxD%HvyWOL#m(I_hh>Tj
z3~@1k+1wo@MVNhPCpT@-&`j5!&_vj1s|~Y#UzoC8QmGxA|MQ8j%3RsdgyPJnwKTZS
zjE}%6qpM|~6j&V6b$J6bV4NJq(sF@fIT6>Ey~*l)e9T<N4X<46l#`0s<a>mRg3$uv
zfI@K`%xm+|%83i_#hv|4lVVAM7@odv2Bt72#^S|CVhK}$(cdhCvJe_(#cwZ<PJWaU
zlsNDZ-3p&;{Ld{Up(l%v3Su-!#&gXenu7rO`-8GLhlaHiQ{h^FDgEX<*_r}jl7tbT
zAInn8atAQ@Ii&U6b@mO+CoN0YTYPmGk)IsffQG*={vBoTaz;V<<K`TYPF4mtZDg$F
z+cc3$!kHAdNLb;U6DDE=S&J_ewlSX@j~=vD=d!p3s@0p~m^kTs@p6pFgoduIxys>?
zv?PnurhHs#`sqI+Iiw6tR7HnbT9oc79V2TyUu-hD1vcrOje}GXq{O-0V_A!*vknIi
z)2iV#VP~7+$@PPmjX!1^HG3LTr_At!8s;+Up$^#Kgo|2u|2Gw{(&ls=nUVSD1hilJ
z%cHN>6^<k_#68qP1#$rd{^7Q^&zn6cOgoL8>(HUhNk?NO1bAo}vM<GwYK?(v)=s2g
zT+Pb_s}(8_YiJXSho3gu_MiJqjsXZ&LwK(D5tCHmls28=g=12d5?_CWh)vR=ty9uE
znNgY7=$0<FQ>tg2g|k=cQECTm$0oT3wSFbt)Ur8(zZ2WY!a8d4gxOK@?co}&)F^N%
zEXQymY_OCuERe1IZJ)Y^7e^C?bY>G?AEl25(c@61aKkLGUg5-N1x?Uv7)H*Cs3IFD
zzR-W&*)FQ7J)VrA4NtN2%{<DVQb51N7@M8Pv)va@b)N-Lyhl7`9eLR1jF)mK?mWs8
z7PdPV6owr|YBNGLmOYH<N7sGcqgON15`pGnMOzL-lX7wNyYFzkLP4|PvgiPhVEPFw
zQH$Z%<+4EwhO4K2)?lw7(?H<KGVHfW`GA~b$nUgX#m&se(K20X1IRX*sm)7=@ce3C
zkT>sPftgKmt_vhvk7U;4*I>c48AXe4>W0**{2c*z26e*a`K2Ma&bDjJ#C6#mvQ236
znx@ZSzPq!}Q+>8D!rl7-J!e&?@&edK?&k|6PZ>=0j=u|H9LF;Hgf03goPvxRzchjl
z&0OReg-U~E*(U}h1l9*g6lENn?Ti2b(t6Ur1mF*oIP23i&Xk%!Xg9!<(z1v-3>1r^
zXQ5b0Xli5{XHa5Hss!R!h^`;oA^Eha3afQJ2-<)0?HmPq@{j^cn=gI0qm)@o0}16b
zyU_%mPDS8AOy^s(c*_xjs<^EgNdCc%X0|jRm)2|h(?AWXU*c3U5J*{yL0#z!l3c^n
zV!XbUv0GtC|B=^R*hEJ_le3UO#l&WruWrieO%@nHlcb2o##(iXC%sLMqOV(EfModh
z=Sx}6?Vs?6SN6ztl}zdAHfaTso2n4tN4)s5Zar<Bt!_EEsbUB>L(NHgpc>qhw8>tA
zxHSIfs#!;{_gCQW%@50eZ_V5AH%o6HTV9O@hR*NeCN!Lt=_{!{uY@0P5e4Iu#2eAr
zFszOg%dbGbzW1!HLOFwL-~>J^i&=D>6e(3WIgfBwwP6FUX1~KGRR$@d`27AJLvc{v
zx$ZMWxDoi-<|;#R;(B)5p@2q3!w7><aNf_>?_1RAaWpU-Vj-cmiQ(Adfff7_8bT?M
zKTwd>5L#nh1e+fPcOrg!H6Pu5-#3!YVdH3n1}Enz$#75zvtnvfdpZYTe$Y(u%u|AF
zi3_B0Re8lHW4b2YbXxzCM?{5{upFC!Bs<B%&W#TkG=W+R60D9Ec*%0yu~wvqF6aJ;
zh+mGI$EA@>?IQMg1YEy99R~;~anHei9g=}#?*&fU_#AMOb1xQm@~VBCP^lUj_YIE>
zP=2d@jp7Hb{JgCCxWJ5w_DSPCtufRsh}-;MFF+oco6`6n;<IJ_Bov{PtaaIAVJa?0
zR(=SDtgX~3!|p@uBq7O}|G3Dqc{B5{rEeREGDQ`Ly((Pc5WEXL9?eu>rpqv?wpZ;M
z*V2eIB5_t?qX)eNHa|~pT0VSh?lKGV65*h8*IA81pN#Zp$XIO_%v07MC}K@~EFuv7
zs=gNpEpuC^5|g*KX8Opf2@LZG;ndHz1*`}@Oc>vb9~vS6G)M2j+<lptnwRVMO9NMK
z+2wa_1Q`s@_WeYIWRP>a%YI4cqzL-@h`A*ZUDr+}a2nT$X(M@`c`gqMyRX{9YUR*e
z{q-s)*{;+5XN%{_;_}QV0J#(|im>WT7221zyl+kZTSo}Fo^>r_<pl{Rth~;wmLDet
zP*e5${p^cKtQll&C|37_wzbP<8-xc+O+k_^)X+Fn6@SPUY$q$K)N}R5Xq#PPBFc-k
z1cs8CuT(0H#Cn-Pp5-WCJ3&G+q1@s_>|Bdnd0wW@qmliS@6nV&RKAx#RMt=|hzq%S
z;;D&K3K^#hDB^#n6r?9gZHfz(?sG%q4t0FnJ#LRfjoldR{-DmhqOdnG$>g!8O6H1<
zDb*b7{FrjKXVcJ(D1Su#o?1)?03^p_;W*MlCCn>$pSX<w5#B<4ydh3rQBB9wNWJF6
zQ+q6ZX)t)^Q{Zj4OwOk3VF@eymIQ?1wrjkQf)o-So}w&v6IbA~=x$Hv58CFGH=c7n
zil@{GtTwn@YO@pBEQr<X=xgfB+CZLD%25!&9r`q5kfbLb)`fY_0m8JDILq+6QokNj
zfSq8pK5PxOyo?0OPJWpZFnQg}XFZu?AXO-+P{3u!7?4z$#}XT6v(&m=Ex<z{u*R8w
z9!=w=W!k2vS<wDOpU#8xgky^Lc6qAcSImEJV1yw&Al+8c$*k{pKRk({9cTBKe-m>#
zHroE1((}+5T1s&m+JTX0Z{`Ark38~^_rY%_)0X#GKMlXVmLUQkG?f&a<uWjtZ(K_8
zFpduTtbr>1f|!vb1do_I=EdI6@-;7W#CklF3IsO7uB^PzAw@z>X!IpAZ3=M6=}DMM
z6|OhEL{@|_JNxg$k%I_{qG2KQcrY{~;)!DQ7miaKwMZL-HQ^aU$Jb!L*D%KmhLbrQ
zsaf#1hiyc8*Oi42WkH;p5{2(h{s$RkbgtlLTC(>l+)yaMFU;YQ|MxnZZEW$3W-)0?
zc$8pA7vk4i4*lHp<VZN8!PKogUjdEY7Ppx<%iS8G%B#7OaHViqd&#eKcC*{ssZsv4
zD!It;C{FH&&BqMB(v^^4e`YBJ#j--ojczu=XRHz(1Ot^!y{Jrr4bD`02nf1Kw;sRl
z_HnU6K`_BN)=VBgE>|kaLW%0LnxIdhJ?{4od@pJSy?p(OO9(Ea^=27aCiC4sRPvLJ
ztE?6eik7MnRvN}Pp;Lj#7V5kwwM(*qE9KEyzr*FZq?Qet9TnXVg3B&uCiQRx<X^pS
zRc%T(KCoJolMw-<7NKW<5zk_OmL!S**<PqpcfC$-iN1$5w*@@?rZ-l0pIL@4Y;bd(
z_QCPw@g=a?pUY?Di}Yejzv>E9#<?Foyf4jN4yPgNlttc(Irmes-~uPWs`O~L^42;o
zwT!-jQQ~IsaiH?U*v|c)7~|duTx=AjN>6QmdEKvl4o^G>Y&)FYx7x$xOyc3WCU?bo
zeedbZi;Z*_6ez;Xb0Gt69C`0ekG&F}<Hsq5_R`B!%wSTH2FK?EJ(!5wi8Y^A*FV$S
zxz?Fh#IpMX<WLB!o`{sX{AcOnEjDtt>Rb!A(7t;=$0y&$R<ZtI63SJ&d`Ut5law~p
zYKu^<)X}L-l@TX1H2=(F{FkA7A)Znbm>=z?ZqyaHpcy#PI5U2CYR~P>gAd`Y4@bzv
zj<&A1@wP9t2>Q5Tx(I9I1-($LltEL|f$lAG9Dgyxmypj3<o<dA6c=O#uZ`7T8qmk?
zs)$o(-o_cf{I;6`j~(m#l$+-$JvG~n6T|!`)jE{$2wc$!Q$Z~@>f&T{4T8rH`##K{
zAi|GAMes+#xJY<<nvdf$3GZn|an$;Awo|UEV*TI$B%6>JT^UC8C;D;O%b;|RdZ$V!
zADgeFH9vb_gis2S|5~QQ<(sxrW;=em=htN`+0Yg7BUoS%4K@^1N;0=4TU>0hh}(Ui
zfI{3Bo_ZF|f=G|7bE>Sj${o{*_*~h}&{;C}sVqTddcDBw*zK*p^+)$!x5jFBO}LkS
zsjXM_dMM}Y;o~3_(s)d!VTFdv>-6hvwdd=B<r9bsq9zehWc+EJW`ARDjP<djh=J<8
zH{N*frdnklPao){KQHh6FXra{_4A2YO)`}7|DNc*{^L8OB^*Qi^nmN~9Eq*9?!l<B
z!*C1zW@j=9s8A!6vzGWg_2GRt_>Twl#ei5x8BxtFGb8B01<d^d-5PBw<!W%C>mcr<
z>!+>U^S{<nS6#CWhP!X}=jM=Ag(v27bcDFm*8$(l1V;YVV(wLC6Ev3PD2_?>$5UtV
z&`a$5Im1a=`9<fkfBG>1ks}bu2!P7lEHb0lxN#<TU&9#N%OI{qG|{wTU92<Ye-A!0
zOR5(`(c_(Rt~d-xwHULYD3bs;jiC>w_WO&?blQB8cbPBB8lV<B#;W&lyzPCdr-W8t
z$bv*o8&sT-PqvP*7S1(mMj12vAgUge_~PlJ%gutSaf-+67AV%s*PzEHYY%LmSGIn?
z%z1<Z3nbQY#HO5(uP`CUq}RD~xut3cz#7>=1r-9G{v=dUYNa&TyOJEca5lk_EdGtj
z21yk`5d=pytVRpcnp9*|Pf{dD6@pKwM03jaXn1cJAW#j;U5VA6{^LDNvzX&@tWXOK
zGj1huOa8B@7el$S-_sdfn^s>OYkl5dzUqT^?oe#BIFTJZUMp)2%_Nj$6Z$lpyvWmT
z^|u79=-qJUrv@q^ld_=?B9}+A2np$*-3IJwZ!<||N|Gx2r@E((-=ULfykP!gytMc&
z5nzu|ADIngO8dX{q1)wB88RG-Q0*pl-Wt;XUOW_vAt(=hu~m21I#kjB%Y}MidXzy*
zBNT(v?|VXMv`gv$$s-96xb%SgFx;szm1)eOCJO2E$o)8G?>XJS=H~y_)g#Gr0>YPN
z%5s<d%}ZBXz(sjiE(#aN*pVV0qJoyH6Su@z)PYL+IMwt1=`<^AYIV2Q_<`E=4vO_P
zFbX&ypBuAW`m}RNVT)I-cA#o4H>T=#4~?&r=2~mUL2@`3WwhjO_D_7^icbm6>eFOv
z?i@)x&A=q*#6%Ti)9YmoXDZF)``155`$@)S+|d8pB|$_5?>$YUJbSv4{sC=aqmFJ;
zvfNJbiyt4KB~H3o3R{ji?)X-n$1M;Xspu%%dd2f8LcWH(83IU+oqt&o=FI7J@^=EI
zQ>z^6U{kE!&Bg}}E?K7bzX!414!_Vz-LNC+C+LSZ+Ki1mBmePHJMsz1h9hIrnd~;$
zseph3^f?FSocT~DHg77Z-(%V@R4JXQCQ`gBnV$-8T@hb9%lK&j4u3tz{np`3>dU=0
zJlm}RLw*m`J@m<^!<V)2HFi``k;PGymT2ZZlQZHheu3n5dMeOE+);_U5dB5F`O?x{
z3~M$PLlQ~a90f|`her1u7u0IpQ|qkjlm28urHLL@kYT8`%k~Y$!}csW%`Z94q6foy
zLNcbsSUv;xtvdd18yLvygphZSfj78s6ef34<U+{xDCcHqdls-k+{D)Q2P)lbM?{hj
zoOtGteUvW08gp&5m668NpzTIQOS7p8j>$$*gzNMUJc~Bi`dH(Z&QI(@$W2+T%{Shp
z3so=@X=j6wX#`|q)~l!~sLUx1iOpbz;6NkDAT2QXKH3L{qDax~qJ$VCMKq;QX2xh*
zgUv!ab6NXED;5c9tki(AxOmsBd=}0uCUzEIG2THL|9D0#>C%8>Vlux7>P$MEvJN+B
zV8qBStrjY*X}S7hh3Td@4XYPn`_Vt|QNUp!?a?^AMEP)U3@dSMkxFPcERrE6dYCO_
zj6u&x)gd`M5h$C)cL2fmG5Nvu7Mfl^d{$mwN=Y1fMNle7{F5xf5mD}%T4|Oq7$$9M
zTBf$<gA||Lv?xI~=YYm*M%K!rj>6((2EnN)%jKb#QE_@;GC_S4Yr~qd(a2eDe)g89
zkVFx*Ngbn*-(c8vik$C>&S+SaSgv?)RPWF$=|;)-E(v$4kM+wFx8{9)TdZbizuO<K
zC<uT86_${|#Z`fdr~!Fxfv}m4u(gd#7+BxQ>^U8Q0iATec<i_^TfUPQUBoUu1o@F{
z^^2L7T!X8_FpC^QFB$mIOH_0MTx6DDF~DMg^WHEGDyjSoobcRWaI`z=@2#(3Rqje$
zK{yi0JGuiiJnG~855w}w;}m~_z*gC(P7bpi{y~(AJrv%vj(*^uFUzD#VB@CF*mfxf
zWiz&C_c^IIxWoVT!F=%xa@9k44hXdg=FcvUCSjfewhD_*cjyJ?q^U7{nDM;V`ke*&
z{)A;6g}rAG=ilKWi((UpHG%uh;yldIUsY6GHOqe&i^9n+E1A$LDu*tYEyGExV?)Si
z3brY&iN!Bh)?U?ri`7h|br-Z;;QZ1ZTty7TD%{ipL!ULHCQ&O<;`jCAe%0Fi5yESq
z$<nh~+05itTC44VPhn=YM|IzRhn09XvuKQA4o4BBwzOpGD9m6PzUXd#x$jAN>E5*I
zGAjqEGZ_Y+v8KW>IN>Df0AhZdUAHZ|{scLEbqs9z#S6TE;1V<fTGO0|XOH77VNYy^
zrAXAKffn){1&2RqU1-UO7`x<4*+MY!L2Y~js4E<y4TdRMCYUI_vOtJ&pAr6!+o`(}
z`=vJy2Sa;>f=i5}j4IW6e40R8>IEw0+gU`fnik!a^L2YU34WEWuMgiJ37g--NMe+N
zN~jrrdbPI9(C!4n9@`WSI(=Tgl9p}0KN>^HTc2n><tHD3ftW7`rJF@BdL}iWUam_k
z9^n)a;`}FcXUbaTCK}1*W5&7eR9oLYLy-J9;?|KoiOL8E(si2k(lm#d+ac!H>yIre
zZ%a9>kSMBcq`>~1aidWT7Gz#^OSw7?+BqZD&;eDiQz@EI&hc<KplnGGS0zsKHl&qu
zoXC-@azc@8+51wg%>1`~ePuVbT}L{`ta<}ykZaon^f6Py1?kHx{*6N1XGn?CBsFeP
z*sv40S8gHO5m%p2O}+i6KxOM~r=CS6vtJ+^uj<e8MwMfR-mA@u3Cp4?za*dTv)Sfr
zT;l}{5N)7>iT{Q7OsuvT2n+-BxK#Hz=JV6^+gthl>OaE!CvA`p^tS90YNphniB>AI
z5OPfugh_|JXmKai^}ngEmEjQG<sA$!pJ?SRI%DtPu$#IA{qZL!QdodfA$7PzyOh&>
zDewIBzqZVtiFSAB$*MgywWs-|9W1>!J-eQ9syQ$)OU?}ZAFhNHDmO+cB`a^X?Wd79
zmYxiC!gJ^h;|E)#hVM_73+AS8tv3&j$L_bENM{Pohvq`jim-gaBz7Vh5ve_D$@4Oe
z&$PXzovaTp5;Rdw9r9f`H(N3==`V0cBtbFVAA*kErOyfd!GNABuY+_5L9hzEmY!LD
zUdVMC%n~Fy1eZy*X@cj&3B4V!F^zv)AOrK$Gzh^kaBKL-b8^6QbX<mm*&NSXg}YIG
zr$&_QwM0l3Y^=r9Nlv$ofhQkU@GyV0he8JWqm>_vp9(im0YNAj)1)6>vSb5@XpFJT
z(~bVu(3?is8tA-NQ@;B)M?|p7J(YcrQZA$MSj7bo?33^|9m6Gwo0*=MDH~~+p5<tl
z(jsM((cB_pbIppY&hN_Z6}wm0L2~gBb`kDK(!Go>Cmlh(BqV}}LQ+yoce<@-na@v1
z6PFT3b$0Oq&*#2{@tenl_j3E+_j_fuR!o;zL}33-0s@fYx4<UfH|CpeU_N$GUH=<m
zM4FP`734y&z&G21P68}D91jj4#t?oAI=>M9%Eh8t?1wrH$VH>&RIr@as+*DmkY{?K
z&e2BZu{KBP4RL%Lcif@_10frgbWqKoSOzDQEFE3bL_q7q8$aE<-+a6ukFzlgO{+f!
z@(j_I2a#nvcTJZ%esoXOH5u&E)ep&;oH9aZ%#9Sc<NH#`9zwq5c2M=cx2nfPAl4uB
zm>Z81m4j>GwUg52LbvU<9(S1RY6KoO;Ll<BJg)+(!Lt`O2F}`g{sNBFediHDEX<F~
zjl^dIp3k&07>mrKu1V|D{=TojM&4ZAv~5p7Q(I8&iT@WTNel?~H*y|JImK|?MwjvW
zF>K%8nlkrWyZLIMc^dA+xDZbfLI{cASP^Iba<YTMuD@)qUY@054#VBX)xYEOxa$N!
zdL4;B2&;Q9V<^%QHbWx-dk6Y|`CSOWwtQv_d>Wd9#lSiB&bOQ0t+ngR(*i*3GBZ#T
zPvYB9>0a2N{9)}l!4SJuZhnBMoKVZVDK|$G-|DDFep~pJd>-qydt`m&qR3I+S3A{I
z-sf(rY-7f%uF18?=d2PZnVAh`TH;MUTzv90I{7E37!RDb9rf*J5-v-)<sb=SeGo}<
zOq2n13MHbA@xLmBhTj;jdd|ugOn(UN-Y^{-|9gSAGtkS6G`H<za3+I=cx;>>eGh`Y
z$Nho)@4LBu<$?=}sx&4S83^alKbVU#W54}b^jYN9>Lf4@nt5@wJl(pJEz_6DGs5C&
z8%f5cM9bIGrwkzxieeHU#y?{H<Z@GO_vx!16d=+lNJ;(xzd0jGBw`>Z8e-AaZTBhE
z`4$$9E)`ikMmAx48BT#wHU=vjaW!Tpw<e#<4IzyM18@V571Uj6c0B9!w|vs*zb~1=
z>V+tshA1XrCu#f7cqf|`C#WehyaV`6{FF4hC$=BH9}_jg_OyQ;Da#4kwIt(q5!&z^
zlHoujT<AV#KEn5yX!MY(vkN-Oz_1F?QqM=y%c>qN>$HZ~{A@@e;ioc-D=4i0TS0fT
zI~@A|C8%b^bjFCrtMDX}h&B(Cujm{xYsq@M+2H`O)fP6F7brsHWkS|JJjL0xBxFnN
z?}K!yVbJ>B@%WtA6w(FF$0<^Z6vf0YxcF|T$oZzW%pf*Xnmf<!&V9t3w5wTsI`rqJ
zDevVzq~#~+O8*OWshM^Pg7~p;4Ro>-bJcpQqWkhh6339aNNXn5qRyV_y3^{Gtp`c(
zxjJZ%bK@Bfns|;p@6vPnHi`Rf>6><xtPDIx>=@=Rk-GPi!0yTyj9X8%SuFwAA5J2W
zjn@hURHl|*At*ECyZf4fw~q!1H%iDOEmZrDlh1n4_=Xu>?8vqaly&#)B_wR_2H^@a
z-QdNdC76RPFSqWyk$D3RGQm)ng(--EF@dD}scY)T0OT5P>(wrSt>;SL89z{w+t5;R
zm;%bQ6d+hNdMDXx=Ake(GHcQg=inbYH7@2pV-od0dXhn%FGijFUd{U7v1YYFwIp^#
zaJHdTx%0#3XAnv@x~8rWPNRM7oo_w|B@bRLKO1Jd6_|97pbZN%uTXCLnmfMgs15PB
zLCFWdjwo0odE7p-cEX}|dKtqPf0tO~M)>Sb5>vT>Hf{_5r0j6KkH$e<I+aN63R?Cy
zSS&xz1;?#iR+ZvqNFB@9p4yGqvcwjdmr5j!!tIaUj^|BoFdzo=NM>)%@o&M^3kxI2
zPw>nj+P{rCTy6Z@*InUsN@F$_EPDKDcquhZ)zwJZ)&9u#+KD2TI4bt2k0GCEh@p%I
z$uhFAuxN*AcMx$=Su%xrXGwm8$^6BUzUQpb1}m!qzogn!@COve7!!+Wb#*w^RI9np
zM62G+x;8mcS(^G}G~E3rw@c%v^+rt8s+O6AbiZryL0MX#igbV5d7ICC$LD$5`YICx
zXkrU*tiw+p+Gj(h2Zlw>v`BN!%mpCfSXSln{LtI%+V|=>@ndN}5oIJE9X#^2FxNvY
z<S(tKWv<lt1Y#<`{rlea|7LiIdI1$`O31AFAn-tRDCO!vVG;E;1v-k#UvJm<?|J)^
zZ{ms|O^Y*AD&rK?35>e0R~{b^pQ~WlQgGqcoELvGWb{u^_+R>X={}??*HH`&(ER^c
zkHlVs?`Tz-pN_*h0J3_MEIEp4)2e{W{OE0iAv?-B9}pcU42~a5obDZW#mR;dlgRZz
zv0yTsjTjixL{bp>2q7r+4-<TymtpXl8it>3s~2=TmHalKN<Wb{1-&!n3{;;qA32$N
z_?i2Z&efpp_bj|p6Srz}@__DA7)xif3gc)7oh%h>PS;YUZ!*JYL2{XMs~{tyeVvs2
z_-q!7)biOQ!%v_000Vf7V|<Nf(<e6ZM|+>=HR(GL68n0oD&8LjN%<`A^1sh&rjCuO
zM3af{rBH^iWmPhgCSxh$5+K>cci<2IuO9@0)**sd9fDS-V}#x~NSS=I-%whNf8rN-
zR{^(BnjzO!Q`Zq)3@2jtlU{#?-SpXq@&!S(#DzkMi#&Xeslb$21exoa-@X0zUiRxY
zdiC<*(f|J9774CPlm;B*EBN$PNsV`X|HYK+IX2IH(31n1gLQ=$KQPm-q>N)%)cr1P
zHErRD(gMup?p>`FYT828Pff-`Vmdc4IYLxE#x?!^Y?Lkt0!l(ht4g;Y-cYMG<2A1z
zHnEIWB3n$<8W=EcMC;!Udw*Md?>U?d8gsj=aQo(S{BU9tE`1ulj{#v_*Va<YX6nkf
zEX~rU+jw2|a2C8YZOKu$V&cOChzV@YRbX3}O+hVC%>j~Pk?)-=>^#55CAvYaGzsgu
zB|(BS*rK&9W*HX9b>G2qG`<@)xiqNEw3Lu#m@P;*?noAzAADwHD!}q$EVynf@!^bj
zR}?TPrVT>!s>bTybK9yl6Nx(;&`)}*VA9r<1p*U-ObW=`dU<^i%v|5QX`wHY!JWfi
zNZvtdCTgY2n|Z-mf{3uRkL!6&bsU@5@fypN<!_Emch2-*Bemi+=?%$6XLa~hi|1L{
zO5IM<enfry+_c1v*ZwoW!GN)U-TTt&Ri3Sj+Kvw6FJ~QC8d8Bo?*aMSl7FV<AHkw2
zP7+ORnWBV3DHpR_cT(~1mq1vy#^Sk?6diL>Wjh^EQYp}CE7T8<@#xcOlszMy({o0_
zI`W-hqGC}`bdbz73MI5K)NnKkjE>uw@1vh!b;+cFg`{@e)LbUTaJ$IGh+O^G!q4#*
z<Ch6|Y6A$$g<GPg>n<DhI7Z_+4+iKgtGIwNOQAI90#Ic>qXr%r+3db?K@qa*ZkT{V
zq5|#{a5EK>2BK)0rn(GzH4S(xNQix%piw%ed}A;OMtY`9OR#H_d*xvpXHc>$U5F`y
z!dTmn`R0kQUAbtJ=gSlPzFz)9+|vv-Ao3ox_gtKd{=K@38%hMVDY69{3F9vw-ufeO
zxvS+%{%m*E;@_Es+>q^@Cf9aiIB{n-B>$2|fA^r?@te9Yk*B?*220Ok^R_r1=k5@G
z-2B}$*qNyqN!V}+!=?iY(%xocnwJ&|Zk$~(Vyv>w`B$dT*~Vpk%cFAHaxI#(!Jpw%
z#|VetDjKHGh2EdN{@kA0J#C-l)tQ1#p%F4sxgc2i@x~+QU^=}n6Pa?%R456F;WVyY
zy{(Vx9_*tLFm#F7GC!Y~@;z@|-rsIs()i<l7;zQoQHnHBEG##~Yz0~t{*xTQX@AC~
zaD0&8&t3^_ww5cKPH2fc`o&3a5w3)2f(<GhO|<7YT_Wt#UZodmBE*3ut>2+vos$Mt
zY${l917p-lvC(g-Oj^v_VLmm0`};YaQ8vF1Mr^h*v`yvf^tz%QA0hphaSLiUg;Bbf
zmsR0zxpM@(1?c-DQG)Cm)bV(Ge#!2c3oG;NnQqDL=2Y0t_}&=rgb6ydv0ioW9fiTH
z!irO=p(iAg;Z=cy3)>4Q#}#%A;y;*EzVWCn;g7|G%Nxk=C)eJLa0j>Z<Ru@<{Tj+y
z$YcRJpwBdR3d&~irtrxGZGCyIL*&H3v|`7Sb!@EsfnLu)0VPWpVW|yQDQyVpoIxS;
z@zzR}C_=LrmYV#P7~}pXn8@>r7U11ZF!O>#LKC?M+N-wK1bersc0n+tIeKa}&`#)~
zG@d&rnGD|qo|M#t&lnr033<>afK4Iz$WQqhUF`~^j7g~TL2SB6!Hxe6T*N8Ywa?kX
z`AVOyh$zU3w7>JoLJku_oy5Y4p$Tw&^^vc7A_YaM4hzCpi=_~>?HhF)-@C$(VsG_v
zMUlo7Q4RGb&Odvb+8=s?VGRAX1*|P|aru)LLIL86*AFA=w_^%!!6I2HBbM@6!4b69
zx4@*pQEgqerV!9S(xl0$SPi*_g%==w1!SQky&a5gXhJLis5aWb?G=9?Fs;<3-2T;S
z0H&Z8lkq6bqNSQ%YeLFifS_ihHqyuq7>QUbIj@e=-}M~`K^XEei>ZCgot-UDt@gtW
zpdxXl4pT5I`%DF21w|^#n*65Ds%iH1iPt!yOLNRsmh%ClBSe%nJvT{4{Gvc)DP@-J
z#;-UfdJ+J6A2rLU5*@RDX+}$15cfN}-@aWA=it!DqF;7NjU;nj?pO{VdxL~mP4t$A
z(Yd#)dHjDwDMIk;4M@0YqLj*YjBZRL1sf<u{`4cKj|_>RU)i*As=47apBKr^7yD_L
zM>H@oRxY~3$3jffb-~J?t6$beaxj7w+$K#RMYz`gtOLiumL2vOHcZ)G$VCQ5kJ9na
zlRw#b5KO#9m78+dHN%I1Y25a#fD<8G*nGOF)NvpURtQRXpo!s|{Ef!e>QmwQ=gR#&
z$4B!7GyGn8NxlF2Xu2Y(P|3C-uOnhIn?<c>=Kd0Zh$Mugs-JEK|5W#fw*1@l%B#F@
z9Vy4KF2#7{|9Szm1UwH*Ck!H^hidLu2ROSPZd8bwC>Tmv93g0zwvf;Z(1#+*8hjxG
zQokJ^PavwHBzo>ah!2ezm9dEK27|uB_+x9l*Acb~wwW~57DSkrX)Ls)4B^Z1u*ZWt
zLW-oj2nf5!2)mV9zBP2;tKTATUUFv2m=6s=r}9nLXFR6?V@p`S54$<v8IR0{Oq(;O
zR%fmL<p0i*%dJm(Nw(h3*?wd=*i3^S%U8E_IjlOt2oQAV@;0Z#lP#ZEI7UG*nGzL}
zS2JczlN<g=`C{r`W}_y1%E%Du66&~}OgDiY$+26u%xN34)OWeZ#hOA;GUxvx?kl_E
z=z?{JVSvFI+ycYk7M$P=Zoyp=B)9|*A^0G{g9Qn}-5r9vy9S5gL4!LS-h0>i4QGGp
z)xElV)!tQI^3<;CSB(|RkGsAn{hv2pJOKd~rT3DAdx281$dwW&qU?|-Y^oql+1&VV
z2V>%gYu90S)o*$+pM9Ty4hwx8VTYjVF;4!<V~)WCLhkkp^me{Owen~A&g5enUUSA~
zGtU)8uk27iFMQq{UyxZF(LoRqp=nGHBkLtKim;}8b4cuLv-%lMXOCW|t-2c!o0jBu
z7uT?m-Rz<=jOG}LnU{Vl3oiw2ms8!^V-Uyg&>C?Z{bi7Q1)mn)Fn&1N>3+6*-nl;Q
zL4v8ry5?KgB7NP{_mDAcVftny%*y+9$bs5g?Ck3J=vjM@29Re8^c9r|j(0wTQauO&
zunZ&19}!L+ipPno1kOhs`{nKX3e4VrLj~gs>ghJv&`aIy+eOc~bgi^WXy&>9Sq!AH
zb9vr-oQbfRIB3KNA>?DIe@UF<+FaqMTh>i{*-Xf*NI!W_7Q3eYd<dz@r;YdQfVz^f
z1!w!<iXQ|So_<faY|2YA;dH$-dyaMKc2rR{?s;)pNBU~p45jgHy1d(VX<Os(2Vd`j
zah*nmNa<(4UlYtSO&GHMes)RsBCWVlHz@G=M<|<JUG=a&@lE(ytN&YeP1>YmdvmtT
z((e|q|D0fbbpH+?0V%=TpTU+CS4cVsDoQjtbfcn^l)oS}VFA{|q5PJWs;@v$UJP9U
zAY)t8=M}F*$5k7~D~?634rvzKz@SV8mVysjjT;f<u8)V9M7s`Ebg5^{N9-3LpG7Z8
zz+8*`Mpk06V0ads>4(6n$?aK2c2G{OOHRq$lm2O4u<$u7-{hT4_Kf#w!~O48;V+Eg
zlVp;y;oW)48}%`SFlZ4ZmjL(g815&{-*wA+|7uH#1lcS?P3kK&UDMC4r4sEpxp|Rc
z)|RsyWhY8)>xUFrdIh2n_7jypCK{@fH-W!7yl;+v-M5pbqG*MXGl8OlVWxzdsegnW
z{H8#eV~T<;8uk7ik{bho1|s}y==vG35!B2bFy`e$zWBdjxfI)}#yRC*X88_&eW)0!
zvYy$uE7VuG&*sk)qH)3_rVLiR#Hn<=Z;7nX4Kz;2pJk`LM5eUrgJ%~kv2Ow;ncUAn
z$7|}iCN-1zS^(ScuHQHn2SGJOjBSg4>mLA1NjnULlno4Xvq6eXmyY*5z8BO5A8@tg
zd$sf{a@@rzz!+qIbG6&_%+e8dnI*1$B-e_ed#`((S3TY>U()EfGHDyMi;=J!h^q4N
z0OUTV-<?xORrr!Ct6EfLzJIGvv9?np+QMN_euonN^vaL;+9%ge_=|{&@jEQLzkEs)
zrNoS{b6>Po#E3bS;=6KSAE!ky(PdY`Fp2MQwAheoMtsy810)cs0u`>Y)teTpPNBC9
zbLCn^y9YjO^wv5sDACEs(X_P8JRZ!i6~8{C&U}~_J?rSYJmFQEbF=Z8hVxxwom3@!
zkSFCl!7s}9kla{%iuC*IW4p7(C|p%}oUx=>nhSDoIW3+Rx$(T;s4!gI=hE%9FXhKj
zG*!d1qU2pkXM0ik)noOb0A%gqX>sy;MIb(YSrKvb*Av5=sdimQ8p-H3T+$vpvlVe<
zR9y`(fHjOx*L5$t_u%<N!@EiSmu3WC%}iL!`{+UF-?jXGc|=Gnhh?k9?NOT!_%)FN
z4*L1*;O2S8)9ja1^JvbRMB@fA0&5B;oV{g2wPk{0n~Vcw=jrxtMn4E6m4Vh*>s&R$
zBs+OR@%Z24LkXdTSvo3p7v^8KEZ;x3Uz6Oixtg(Gq}Nsa)-)mhSHG)yTv~pyDH!nL
zg%7P{33Z$;t47$eB9K76O_|0H+be$6PD|8$Vi}^0m$RQ-_1ZnC&@)3<>%ZINCO5Y~
z|Me4fzgYdqG=hXq?4n__(q-*HK1Aors9=DW<csDigY~R`{ymUMnvI2cs7vAbqP>)=
zxf?s$31s0-o|WqEkGjD}BOUEacN6GW^6eql=hAV;*g9Kai$$qwz+K=RXGDj2kG3oL
z;-)O(_fyOGtKvWMvy~}V`}~=l>+-QCqCCz|vvlNa<@JFxMNkRUn5pcd>Qvu?rh|Q|
z)UF`y>Y|KS<h2qyg&ju&j}KcM+ktPsQ!3-nD@dJJmD_@l+aRVyujGYJ=r0@B3jGPK
z>SNKXlgwhtF#FwB+W$Si86qAz;P0t*?%y{hGmtCJ67odM3Y`}EZKR#{uGI%i(Ukb>
z%$v5#!q5j8E}$Z3VNZPRF}ugb<OjR8J0<adIBAz5Hebq0(`!fxNNO?5W7Dg=HDD&$
zzs=OA?b`lPba>x|_!TxaAH!r|bZ-bLZ>ry24?pHy%c(TFrD2*5t*<ZFq+8<#B4u*+
z&%C|dXeipJQ}WLkq)<VuXU_Ih@A+McZU=CfTh<I2mVJ+k^$^+)w_o)AM+hQ@CQ-Ft
zd=+wHeSdx>aNQeieqew^ZL3Fl?K|LjGurZ5OUzKHa;o(9F5Kx83$Ofl_Xa4hjk_L!
zRi&1rLS{tZj)z`azf7(DPeL}(_Z~}i<C~-2M!9qCXD|;5-9%JOJUT?ymdT+S5n1is
zkMxR!<_AbJ<|{pV2tLy1ipI^y?L_hQ!TuG!ukk*J@I>tzs<sX%+qmUyosXHh`HnXG
zL(h{}Z9&}VwJl#XE5IHTT0Mkds<wvb1>@h{8T>qjzYMb-qgB3z_>6%_XOOzJ3I#r6
zirtMr=7}SAeK@SHrr`92?`SQt)D!9^Ik`XlEplFHB?1d92@`_A@n7T~cdnO?+Ls1+
z@Z-7e=B~aPQdoz`$T1c%?XG{>4e6(PnP+mdLq<hFLEYW==@1um3<p1{EVh4%xEoo`
zx5dw%f4Y8qAZ20rSIgsB7}V?N`F_RK6;e0Jmz3_1o=lU69DiHec=P;G#O=coql}hf
z)*{}4Qu9vugH-s8o`c@M<g~V}(WZ^BF<6oO4{gQ6I1HFS@T&i{Q9W3D|7kdnMNTI`
z`5~~ETPY|<k#;AJNHCZ(6SVcarucO)_3KdhrsX8mAqhRL6zmzFEE<L(kg(_*t(0&3
znVAGLVZQ!@ifqR9<C{c|$EsI1Z$I#BldF=InJlCz&qe+*Q5?}EAaTin2cnetgy{+I
zvA6W0@Cv+|T(7Gh&$!u`VLUE+?J0F4<2c$}E*&y4tR7DkTAy|n=arX5_Zq$E=*-3p
z2Sp3d=T)1-X*BNQ<L`<4q7;t<gBUD5{S!5^O7j}<0D@6;f4?Q^kGo^T*qn*tWa-sj
z6`@WJ>0XWCj`1CG^EvY2_@z*(qTLmm{)D=NNSvf1C!weIwF>2)?_VF^-x+_Fb(iQJ
z&sHiX4%6vS;-x^<c;N*?19*@G&!DQmy_?37!q0K{;_-L=`r3nDt;OZb?tPAAv=p4(
z-9n8u7E{ZtFEOEF<0fzQY*y_oA^%Sx&hr7-g1%ws&tJOZTM+e~WaEwd?bOMJ=UO2P
zGE&-xq3B;Nd2aAvso)sFw*)!I*VlgYIIFAgjP`V8iIg;zS-_kI<O_G0Ew!AT+Y8NY
zCoJCQ!XLii##94KNWv-REtux_=5t0bpF?ncXVhtB!ZTf#aHQ;9Tz(U|d2UtyBdZF-
zQKjk>_1nJo>B;AqTXmcWuIP;}nL2EnS-}yC$=F)KxzoK?`8OX}_001$u<N#Wob8EO
zQlx>AqLH8{Ea*ZOH_W|-6d_`f^K{5heW2P#?RxRemx%g?N*WY(5Qjycj)x`|{#Mc7
zOWSUD+jBf(dNoP!TEwlPe}q`ekX>66MsOctyE7rI@kP$T_jyC=&35;7-y~Y8phTT_
zY+{Od=s&i!fw^G=_622EUZPU^`rutxV>8D)zNNNQ@~sn2Jhhue4;*y!rRJG?7S!y|
zl&!4gkJ=)>!f__%P6Di@CvJ0*L=h&pPUOV+q)5^;OH&tu%PwvC*K>v(GZ(Mj8v=<R
zH~IZyTybx!0)?ERJ6DD^P;%u2$?v4H3I{q{%)e+E?FPzb4aLL9>N}BtkiPx-Ri@+}
zZ(5^Q+s2P>Wkzm)oeBDW7<F^}x8*sl_6jYlrNP=+Au@BNK!^R@)fV=26UVm9--F=U
zFkWEo6}%T4Q?4Sii0|EkWEqPHalv&<^>d=1w(=2yN&WK72``Mpo@0Kld9E`=S>*Kg
zX2#3;@O=qJ*J89tZd3{B?OEXnb|wE);t=B1+P56s7_CC6(p!ekcd$LYNHYDoSRe*;
zfV8JsrS&YuUlE!a)ReuD%tthj^<wZ9(^C4Xd+#*4L2w7QR<&&Xcy^X?F-=bv=iD9%
z!_uMzYXG5t7M|kULsSf@5PbdtsWi*;WS$osllUGpZP!P5?WVkF?6q0dq}KZtnvgiy
zVuz6{e&cz^<-=C9#&acwR#R9+z|0OgKl@0VWeiM`5Dx>lx^68B2^<m#D4yGBh=fU)
zNzwM`SURG-^70A4D5SI7`<`#v$%`7^kQ()3&K31d{6pNuu+9@aieB<^MEIE|Ydz(v
z5%d$G%s~m+qZRS8MR=99(z8o@b@JR$I|nnpd6D-II$oEma#ll#$C)yvSZ&p)Up{4a
zz%A&3{@Quxs{6^{>UnOE^abLTw3HHr>q%IdyH)~uNaGXTH#pNYoY<VC1_WD|=mdjc
zTyO0!?RCp5F40Bsk(y?-`D)%zRalX{;4Cy9EJ{9&6~nZCL)=DUQjkDRiTh9PpOr+_
znNlR?gvcfE*rV<SAAUrE%Q@b~BQ!LA=^6@g-1mPuHH=CbF@4WfLaxPL*SBq#oE*SI
zdJO!VXZ-m$b<+5w_&YW>mV!zo6it<U`tvtp#0NHVFhwV%7zxhLC6>muhpED-8O)RQ
z^2pFS<>ns#y*EbK2bEKFe1ivjvUM@`&A*=R?l!-@EMBMiWhwEl8*1(^z7Iv~P8Q`K
z&Ton0Fp7dyY9`ihTaH<MMP5I?R^mhriQK(HQ$4qh!w7aN`pWVA+VQiojw6?{w*4HB
zo&c%<ee3;O@fv53Bos-QkYU@gsWJ!=V#|PT+IK1+7fqL`DOcfW=)RD;ulv$n$JsXy
zpN_22Of|i}%;vz@wPs@Z-$`ooQ%-ThvhAf0okq|2JI=xxsD@iZH$x?s-5FLQprj#4
zatQe-50X-fBy62?f(Vd91AvH-B=<&t{%+ityXc}eTT$Q+fu(ZB)EFv=dghk^?Qa7R
z@_D_qtrSmXAD?p~*=G=X=#wl7<(9wjM-8y;)N^T|s21F&9q)jP16Q&M6Y0!4bC=F5
zt?UMd?IB|$Td&Xp(0TO~r0Zs}(Xj+-ZTkjoHuO1~&ggy})9N*Sic$FZ)+Z&5nfQxM
z{o-}Yn4KTXk>~fC?H_b>^WjZFR?VM4KzSSmY>A8LE5{r5<vW@!W>bhfe97-|L3xPT
zg9kh*T`sRm-$<e*+Yn=oqRbwy#VYqwAq8s4lURB9qF(shd)d&Bw$9CB3Mm3as?q99
z&#@W#!nd~}V>%RBR&|X7G*&Be?b&i~IoyQPNS>UU_Ni?wQ)`Btqz&`~eaP?Aq@<)H
z^3}&$X?>5p_A8z&#I1s@+<tB^ygtK9(%~(&y9B;tZMC#)aA*~nUCRC$nq#co8gD%_
z?h{@o<dbNU+Mk>dSO5;w(ra~?`9OyKBGzH~BElvsDu8gA%)g0|hl`D^_r)FyG8~Q_
z(FEwyI{U~eC5J4SoRZPS$D+r-pTnu{=FNtfi=_p;^lC!=i(iK`{tAEn*!F@`&(?Sm
zmkzCNt<v~yVYYgSC*Uk&6`@(mTY~Vo!e@HH9f?ul>obB<zP;wA8(2DEolybvKr=Ei
z<^{j{4>9l1;<w=8_UL&kzaFS_bstGBufni%5cCC%q}pk#%(g{wOfXWW$^=y^8?pQ0
zU%NuG+S^bsY>m9S;er_Jn9Pu*mb|<C=h6K#`8f%*<HBj>8j@Y5_IJ2Gom98p)8boS
zap${eSG{0^$!}jzO4D^9%$RF+SSv=+MbN0KkR*6eg_am63`~L8!~rua8;PMnOAHPB
z_v2?#(rmh)>&=*`wAndk4^ggucqAyT{#;P(cdtf*zYhj>!?RjeZo7WomfoSIsy<;*
zJz-UoOo%`RBKf7;`j`RmKQm(w)qY(?X>?1>kRo^R_fH#V?FGYY8Zv`iClOzTzvA%X
z`qEL|3cvD7w%5z2{m#h|E2Ltfa3DkRip!un5lp^tdl&1(9RoP|sL3hMyvV!a+F^h+
zjKPnG(K}Ra)w=F=8QySdHFlIOP_U#!WZ-_1n)rA~2Tc6J<0`QD*du)OXPlRLe@dCD
z&8Y7)>ZQb4%)U>>gy495oWx&+U{!oIQ2earyOEEM_3t&_T_|3DJLpInI`Uf;xnn-}
z4gaXPqcg+eiSpZc(~K^YTU~GVGEp7Zg7*b1wvbL)m7rhrpTDBi>tj!}g&+z6sXi|i
z@vZ_Vv+mqqF-k<1Ywi9q8g_PpLz3N1c5>RQ{|)r3kLGL09pC#~6WUEnQ!XQdlA+C8
zOFi<GGmm!i9F7FZAIba`&O&xjgOsz5?|RqDBielK27Dfcp9GGZo5Vb^7Ra?hxdQP!
zWShtm#4Ot14^pC(<f3_A#5tHU?P#zIsga|#eSFG_V+esWi4P&9|2<RgwvD@6;#>LG
zez1_zl<I9}FUv|seH2!ae^)G);v=KV`)efuC!etz>n`@Uf~>WKqJ{@n3#bXA7E7lO
zihQKGWwksGgNQKe@pf4*7rca;8MT<IgY5lFaXa0|^#=#)NU!JO<5vpm0YwtuMi@}p
zI%RB_guLoSzPSARtUo$&=1LP@_2tC~1C#fUP;h>h#g+u%!%M)V+EomZ`h&0L%G_?R
z-Hb12>mR*$wfcWTDnUwi$@^*>40Irb#F)64->BE^KfaU|u^&UlFZ)!&)ICBn6PlM?
zTeSm`#8>!|+9f^|JhJd0C3Xa<Y54VH3ORm8D}O**ezF?XUF8r@F`H{CFj6a)C$k>w
zgNrQi-z@gkqWV1U0$)}Q5;8{IFqG|a)ncS7aWI@r7J%xbrmgv*X>9!2*Qfhhcj<Ms
z5wf5XhP85jF^Vaw1bd)YmY}Cz#uuyI*zqfS1M8+<vy}yVETw7r=}xObut@J58y_!S
zCOMe?uw~x(d0cq>S*882_}!B#ho$-3UCxHyJj7g$9ZC?X)4^eGnc?Pg4dzRD)8X_<
zPxV99H=^QHD~Nq^u}4QtUeLL5$nVG6G}qu7#4^xQV~IZJXw7v|Aox4Bgp)zX(fsCB
zm~qGEn@d4E46bX<!GQxK-=%POSe%ZRfgy30HPQVbr6PmPuJ+ZA$9d<$8GE}i&g$aH
zMN^)OZDwu%Hs{Vw1qj_tD=n>ZaH$c%FkupG!fa^umH3-!=3$#{-x8R{U*m&dkz=vC
zYC%#P-}?t#)+I$H1@L@k`$Hy!kNf+HN;z4$tsYiU*nr%L(XXpk0dJqO1rse|uqB<f
z&yPIZ{bqU2T(dTK@UOnt6X>YL^yIRNvb1r=PY!J-+qcIh?)`qp<D%&%`nKzEAStI*
z<TDFYo~NXN*YZ;Trd-tZMQm&-<}+)`l-+PWJ2&6+wrH&=0{*Ea;1~UL^?fYPh>Tb>
zLN?)M5E)glbvU=R^F{c-YHn}b(LG>1#<T1yHESo@*Jl0Q;A_oJf5%vsAP~>UJ#nHq
z$6v1uiV2=s+2(l6x<febuRRDiJ;z5~2A5Cx+gqgdFB@dN18{$;clsCo>OiI$k}RO`
zN@@Z>{}a5N6U*hnYC14Un`W;?SIhCq{ry=YTavrailbDne4byI`2E4{dJ;+iYE$o>
zD>Co0ceihz!oj3r0HuHpC`c=gaqQ-p#O=kS{Cp%V&{}c^)F^ZGFlf4@MgBVaSvjA*
zIgX*G*!0C&Ffq}wLX+mkzEJObTHs(;MWX4EaV%=TT(RjthZE|cq#q61=2>BMq8~j2
zsh*Z4_dz2fGefkcZ+ZgeRYHF*5~TeNbwB$&^F-la%&D&Z>v!6|%(K)b`^jrz4m-n)
zd{e8`(;gRAJjvSRRjw!2Pk}F4nqiQ?rzK+w@FQsQs+3x@R^16LSdzZWdBJ1%%_DWy
z_A;Ebc&Heo{!`oOG=hQq$NS~WUBSCo{HRHth$@w@yYzuGLlyan?wORr*M+N!hMJxS
znp{p9ql>Tc<xLobEc4IXs(hz8Zp)MM{{iLXO=IAW7Sa7^O7Cn4*hU0fee4|$WIt?R
z5d-`Wk3j$-a95u?_+#kRk-<oSiul*pUq0OBd+<(svGV1Tv8SYv{jL*F1K|A>R*POi
za>GMW8XIbo;$|RGWQj(3f8mpuuTeWyaByoRPitctCeK?*;AJdynV+#cmIS3AOpxN0
z9xd$qBq0#*-tg_a=*rs{X~W=@A5HfvrW%|tA4d{W?)O&lDpz#$_9$-9)#(06{waPn
zR9K^D`LX_U57AqS!afQUXVt9bnt2b4rgiKf$3tWq;Lr|yQ@CO)b*($aRZ|O_Vxki;
zoE)<L(qgjE!>rXyERFrefXt$n&4{8wQ)mj0JOzCx!fW7zooPvPYZrd9R<a|4KP1}x
z4-P|0L0%da-<E?aT=_k>EqTcPDn~!fl;2s1TWT&Xb=;$lVWR58!_q*#SLa8gCzBUi
z+CuplP66b@We~OF5&pSZO>#D6aNlW>J(IjDZ|bUo{_r$k)bCiez=0;Z%hAlfJo8t6
zN5bdznAPt1MaA*fTe9DUaa+cV(sbNGxuIsVWN4yNr!(TJX<hM8L3D6yVG>KGWlAKL
zLalAreaDAWw@yO<qRzqTD@qQT3x!pMzU%n+&)po%Nxp<3vAKOyFis5*Obz}3z2}jC
zH!plmoP<I>IP2mA-=lrleXK$Gq39l8z()S=vb*Kqr347WCY82gaE0Wyes{YvT_!w6
zgh^fLZQty>s6L4rGZYf@#8e@cpKnchy#9q`d}DnQ&R-niFQba1(?pThs2*+$=6FC0
zYfK`)yCdxR2vW4NQkkvcN=mQ!FTGn&p>*7L@w&hA%6UX*7s_M3^E2bD`qwV~WrSa8
z4D(JrHxXr}$s4ETAjQ_a`zb$sK5iBQ(+~-}-A;*%nWg@4aaN8QA#HNrU!)IT(EcbY
zPtIJ>J1VSQzHfeL7B1xX6U4wzfdSRqFEVU@%cM=&OwF^05rbM+<4w3!tPrC;J!GYw
z3q34zOJ?x(34#3pB|&Z*%$X6^wQ`j=$nbY;{8@a=3IT%qzaCOgl}~1)Bht*I5u8kz
z{gndtdNAI9+RU7pq`yq1iZrA<I%6dN(Aa)?^ZwtOTl@W+vxbM_Pc8CV6K~qx;(^Ti
z{5<a0+ewdl-M&{rT;AW1Vx|&TCV~<hKLCpaX)Gr+9abF5WUmV4F0}BVe}R86ZxPS@
z?{1>fUFgG^1KCBLa&${#W0RAe|2EkEw!p-F{}oNVm+{z=r+^7g5SE`H4W}8v(tze#
z_a@OZ!G|Si=nbw!;_Hn&UM20cR{SYvt=jg^mu8`XFc88x1rF_}LhR}50mVmhew_^)
z4{v&&ROO1X@|kKc>7ixh4#&OnfUxyMpIFvnz$MdHKG=UspUf`EbhuFo(|Kf7$CfWr
zxiR;r@sl_ovqkbk{#DUOdi&~;sQFK)hY_#m-gsy1;Oy@q3%CF<(dNaaGaQGqVJ_OV
zzfIGMn+ZHa{?O!V1%w!Vux-x&RFLvc-O)<4q<HfX&nL&9P?Ef|)?x3=@eJ9fw+<v*
z)UZB8y)I=8AV%gTms^P~u#iPvqB3Syb})n`C_`Ty1~Nj2%k%mOhuNu})WECEAO2?d
z@9ml^z|gYyA&*!R^4U_Tmo{d4t9@xpANqSg6$K!KgD@n}6QjU@B7AFb$N&}|j9n63
zL<CVbMIsR*9E4RLZMD3;HxzUExM(hc|2Ck~)p*nEy_u>vgI<dMuW!g)ZBd{Q_fjvM
zAZ-Oy(WDn0Z3hjYH~q3!+5h{qei=Yx7%!~%0b6`8%u@}cauA^$1ft#I(}0Qynv%I2
zw&-j}N?aHt!W`r$@X0vIC;ANb%1BX717ouI6ky<bx1V&1E;MydvpZtnvYZK#=D6Lg
z-2T4l?;Owj*%fF>Uia_WB#T9ZFYt>nu+q6Qo3^6|Wrdj>+r(|G>gUfm`z?#^f&?})
zqCrUVLaK)`Iy_dcT1X)ozz}Dt9b9ai#xRu}Ce1Su1d8F7vNhyf@*j)L`l!k}i9$xG
z5L<YNg-YW%f1>mfxm(*s%oPUJ)$6~8;7A}VAFj9PO1GxLm@p|CZJ>B~@}DeAg)v!V
zTg~Kx!_F(^F+0#x7s9^~V@AMxY%PxY@wn+LMg+!JbbAleN1VQx&@OO|`)dl>W4G5^
z(Xoq7*UwE|Ynsco>t*a0dYo-#QFvPWdF*KXd@fE8C}Nf6Yr>$7Rlp!?Fg9NrZ|Fa9
zsNU<gB%%#O$2S_<w;ybba~_#rNd5W}vO>e;IcE*MZ5u|Z2QhZ%=S%AAuvaGCu39u2
zL(m*1bf4^l5_u?KkRc{!>L$-)*XR0GKT%B{V+*g<wUf5v-PV{y-s~NyxuJ&9Ktjnv
z^`oNS!$-}K-oh}v1({pI|J@7lI$13&`dIMeJ4EgWn4Mg|RnAA)VjN9LPBTIERVAVz
zCpi)nz$vSfBy0?)%U#r4_}sgYj-te0d}IRg--?mMxIC;n*b%=YxSbq#Y5J5}{z0i}
zmm~H5nQZ}9sbwY>Cnv!b5#&B4s0&s$bmw2BbXk%y%p~-@^44GBuc4|Kxw16H$DV^4
zrLZhjf3yEd>W#C=g!Ek-e#C(0kXX~a$f;J+E4b)fh9Paph9R%TbQi<N$?y8<dNzXk
z8O1P}r{*6Nugc_j^p#)ds<VMLT$;Mmd*SRWykjb{6&TqE!L}rGU>YSy=4{5bL?s(5
z*PU-NJ&O)fG6^pui9lkAx3MqGwItM5+x{{{N~$+svlF#gFNF=@1|$8@`<0w=Gqi#I
zjC5a-rHGIr#o`Xzp-Q8@PRPO4_vr6{e>>I|vhJQ-U~zNpF#H>;9);?}M9W3a{NYOl
zHkv>aBnm&?y3#<%5RkkgM{flix=BV>Fxe`uo*~-{75m=srhEdPjfn*Ls1fJoO4;x%
z)3|*-Dg1L@pa4e63|7Np9$DTM#$5~Y;dsSD{%!tRwb8J6sMTq!J^&HlH^9T+yp#$3
zlV8JE>?!+Vc=9?ijS`kF(lu1|r$Hec?xqvbCazW9N<jH=csOY!cvFY@s@D4G(1aM{
zbNGxJ%Qqj$n-*1EKVoM3CN&FzDVHC^;6ilLohwalot)}1VB*C#GExv>rF0aurO{2?
zj`>HSW^3?tGm=JblvhRpcGruYp#cq8dQ|;T7>x}X$j00JGXS#5Ye-g9#pvjPWGJ@r
z8&t61y|lIF=b*3tb}QvOOuZhBYw-LzzF9#zbv|4NX3E_3S}oDq!nr(${%R8J60CGh
zfH$h(sj#diG&7BeBgJU24NqIhvfs2u<Kupt-Z`bAjIDm6)=J<iSBmeQ8O8UnLl%^c
zeLt~0N;1*spXYomGj~iCkFLx~@-~nA1g%^-<KCl{z=KTq?W`KnDm)BUTdnUs5P8x2
zK@BU<P8Pv`ASrQ3{avzf0Mgzk9|R9lJ&9cAvrm6NPipq!9zrC^=~gw~9L-aFJ*mm+
zh&1JWYt62SLI&)m%+nY63ECXMB*{RLqLxMx96b8xv%T}2bnRW*uZ4ylP{yvLkR{RO
zy6pyH$jtQ6%lkU>Y9+*86M+a<p;ECf+3>!|JC>IoG`xnXDp%Ka4M?TZ0tgI&l%xBl
z4!WQ_h*Y;I%d=n6DP=NEL2euMovj9lCPDr8YcXUkBZty{sq{Nn-+r{zZ!Or@-U%0x
zVoVS&I{L0et13iP4}a;1<@<=Qp-gcbe`^76zVOG;W`boXn|NZ#;-V}S*utV3@%PkB
z4uWfK=>o~9Ul8}%K9K*X9Mb&j<jM7_t=`Dm4Fxce*wW~bx>5PC8=Hd7sZEisHw8==
zl%(^tb-Hx-rfvMnIB7BzA1om+T@rmdf~reZYm~jKy4Ule?Fc^*t?^cY6M;qY(?UY-
zI<<vUBZk&Od<m*%a(GNN+%T7K_5uXWm%}AZ7JW@~nG@O)F%<g&s00Mm&Dxllg_dd6
zlei8=dGjtN%iV~7F0i#bq~)^=MOTrWTnUl1Zj<#h%yk>&`9LXJo9*0JUL7xOCyBdI
z#anF9GIhviO|U71+l*fddvY1|&7*3I@QGmG3+xYMXes-WO<q2KDfzeo_FdW5JWeEX
z9Y~~BSyTcAld9%ytk>{l1!oFvR1@jm-}_BGY~0ntcHh*s8@q_nEJB|g${72-c#+3S
z-KR2h;z_N-AIriw7FM*9lWUcYBDB&2=v+9fVLQ&u^iWxM21-N%L1}?Nvxj7fjIIg3
zXeo^~MA?c&NVv|amYd(2iDzLa149-4$XpFYJy`B(-?+a`cLsw|IcL~XNz(8#3#zOf
zxJXRR-tb`ReH$paL$0HJ?@F^-g9g-1Y>JH&5g7)4^DC<P%-!^=sCh707KVr6ny5i_
zlZzf3E}czQc5w7ox^lH|>~Qb#Q2m38C>x%s>8#eOZ)_EZ1rCdx+#@*w60)eSf`?By
z=2wa-HCawPW>_wmDKrigBIig|i6(yRcN*_|enP-_H^Rqdz147+9dxyx)JvGch<j7z
zmA5z%2}Ockgt|Q7h<<Xd%n8uC3@rmm<p-ts6kEy($2oUwk+UI8%!)rOS;Q=w|1MO0
zFI8LN_1*Fme0)z4Sm!ySPROO`1ZDfN_1I?3NL6L`tbO9RnziW>!z{O7=nM`_4=ka|
zg~Nj)vMk%4C)^=SiBN|#@9vqfxRXXP;%^25yi^a$veF-xIJDBqJ&6tmxUyavT1vh}
zbe1J`2$^_+$UNnQ0&oD_T!u%^=O?`zrZ_UlwS%w11plRyn{xzvJpJu5e&#*#7RQ!Z
zAs4k0u+}RF8@DP+;+r1NX(bLlQtx)rd<@Cmsm6%*_a6zn?cYqt&F|4sb;lYZ>Zqg}
zIqvJ@&lVBp%tFOHT98rc9BTy5Az|Q2TlYk@gYgLAg&3ZcK3E<;YAgs~pd}6kE)paZ
zPl`CNlfany_Y<Pr=l9I1mx9tCK4J>JdkINfOrr%22b~0n&!{Jk<x+JsJDbQ$x^6F)
z0+n2i)!c8+2T`VpT{Q3~4~*6OPPf0R9}q#8NeYg-dBs4M!(wQh+}G^;*_E>qRmtB(
zqxvtIyH(PsUeeM~2|?1of~7Os-nZAE-TY|jWzf52Ef>&Oyf75N0wTmz9B&@2o(G=e
zPFkC)hEjUzcGL_s62+t<ral?wapAKUdWlW&%5{pACM|{DR+kM#goc0=UCtYYABO!x
zi!}{aeoM4ZLC`SbNNwyqmTqM{-@=G#d$!0+69WnSn+&I;hnIex2_%=~Wq(qD3GILH
z-Q3P!Q`j~SlBY3yfvDqh@&6pDT<w`Y@7`2p^kTP%-F}cUtp0&&;dFhu`KJD%Q>S@?
zG~(N`Ew0b|xQQQQ*rw2U2IdL#qKZm^srzNeA`j5MZmf5hq`(x64UlVRtK`<uBfD^1
zgC1{RxmXhdQ?|R(Q0L^|yuhG^ut*jp_WI}^tg3>#(c<t44Q!^|KR;t4F)h|`vipZl
zoPOOr@l~e2PuZ!WfC=iy5KA!7efT${b8N+r$ZPUcV|weZzeVCFPK<->!Zg?Trwjhe
zb5BzkImPzlBm8kfu3HGs{yMoYZ=*ndw*I_y_3RQr%&=erF*mc-5B4hePZ6}p6<GY>
zA9ALIlw7?>7qGnik3z_;St64lFK?-ATs|;vz3eHTH0t=?={D7mxZ%NB@*Bnwody}Z
z1fbwXN95dsPLdA%8Sy>xDJ%7Idky`&7CxH}=xqGrB1~tQK}3y`+YRY9FyqMY^x4%C
zpC*>l;a6c@exMwy?T)0DW_+`*u1U5y2w@f*Gv*nvYtzY+!Yi9GsF4LwuXMut{meof
zt<X5|($ui$$D2yJZ%%`~zPJdPfP;bVUppk51kZ7DRL})p37u43K?PV3yn1=rrS9a}
zTmcdecAU<!^5sn+43$NXRX`(7W&9X%u!@paD#CLYCOIH$6#eF*gG?dPfrLME>%&mM
znsnsk&ayWcp#c+YeWQF7LLWieO;4jxO}O`}rKE9(#PiUX%Zo5Uj2GHj#y>;=3Cx}d
z%`W~ZX|dXN@pRjM2Wj8kXUNJ3j7(sI@sF<%5~Pggn%{<<4f+N4pI~+7)D{7-XfN#A
z1B2kfKw;*p=bl#I(ecFiua<ZFJaH2E>=~V@Cas*g$hisE?_-lS4nkD;UwDO0S4k)1
zVYuoN@Rd<EvSsQ~tF{V81L<epl%f_t4a<l?ZU|p(a8o4eQ%l+(^bJi^j9NTFHPD{+
zA54o(HWc|h`jGK7z0+r0zKcV$vo#qt(?rW$XLM@O+IrbLltUk;_DfjP%+K=66a03G
zdN*qcA;|<azLQR;61p5`_QOPH@|Px#K>Wb<p~~=Xe&tEW!=b~Rg%e<TTKBPvjI*vd
zDoCsN<H*mz4zh*6yBPmboNI}K&v$Kvf{K}xTI@m~8u7jR%MTbs2wqXVsd-xZuV(MV
z{`(hEdM_fG;4hIkdMt7F&$72Gk&sl{f)w(HzNL`!E@IG2{mkdLmhLmC{OPav#V47(
zEx|zpvQwQ2HQT@ZFI%Bs8MU-3RGVMy&7$`=rwMqPoxbeb!+pObCxQ1K0We~5P*{xf
zUZ0B8H9AW;xc-Y>3|$vx8|yFgo4W5&y`9|51<)&m2eci8E|(C6=#=qRquX4WeY!^V
zS1u=`Qi@b!F_$)B<z(!-dXMs1yz0!~IX-VQ9bM_3ft5TnoMAH6-sTkjapk%0-+F<t
z?i1X-^FYyxLNAhGP@2Fn3<(1(79-arNJIi1eKjE-?Ep>e_wr*vFl~c+W|2bUM}TFF
zs`C^-x&#cNCUd~-@%Z_pOXW@fTI~Ca?x$?(xsk>YUoZnLGM*rvAqTzE4C>Qj?(Vu2
zoqlkTjP%8~wF-_$$jKufZAT`6Oc1pzTPlc1R}r>uG3=T4Wf6cSE!=0Bkkb)F!B$Jg
zJyCabt8JyqD+dNgON8;r>hb<6wE_%iF?(XrbfS+*J|5HlzMyWcU$~7c8g7>(X=Sz?
z`|Dw8@raSmhYY1tgGeCfeCs8!_@n2!k$5q{c>ir#EzKKt%Ui6Hd&|Z}99w+VBGB@j
zue8UE3Ov==k-SONAc}ZyZ*|2juWosIG&u0QrbkDLbK>xz%QT@g!a!+^B-);0IYMf=
z`0XsRUpt+C`g_{hz~-p7j;G&P)GB(em?tgTz+wEYVLmqtj0Hy0NC=e2lhAt201s`H
zkgw)AshPWdDNrPcOFMice9tm&^?<x4a?+g9y7uUM{bkNz+<>mMd-i!;=v?fr{wM*l
z)G4VJO6F0hD51^gMdmmrwrr#ndV_3DkYFiCTEaMgu-L*D?u=a(k!KxK=pnL8OHv~Z
z8Ujq^Ux|8=pezjpLDU*GtJw|B+nMD*IU6;Cf1n()f9u#iv93UKppef304*kGnu@In
zLxI&2coOIs^Dsp?dKiAHg#8+v&$^|-zMAUuE8=h3Pe3gyOZGo_wGDqeJex0Td8w}J
zXG|((Ch*nkF=(qT2oPXBMC1SvR5j$Oe`DLDh0kYAPt^zIjFrs$j?KgZZsX>2d5x2b
zOq;JUsdj;dHx8h~H!0v0L#h;T@U({ne<JM~H8RG|Xs0MGs|H#@FvuYO3V7<IW@JZ=
z8`H8Th9Z&tVJv!2l#zy{qUp2*BjmD`(lAT#;O+Iz=<^Jy2PV(-7QPTg-0SDS$OdIX
zV8Ns7@mQk#O_gC=G*<wF&`3PXl`L9Ge=rrCL3)Z*gT_ol_nu3*-7H#!QnxKz1wR=t
zre0=#Q^t`ChiaEOEjyf1ank8u5`f5`GcMCd(5dKs-Ot#>oGI^RuhZ-@Xrw8<8M@2{
zuKaosugi-yWeqj({7PK@#7K-ieih^rZ0Dmu>Tn+gD*Zaz4dFRm7K59`l<M9d#_9#K
zfr0^DP$1%MhlxIn6lZ}YGCNrxpnwr7twxK9UJXD-#?OXb_y?s$Se#;CO4lay0RjEC
z$t<R()X*S%ocfM!SrM-RRN_3mR+TDpB<LjZSBFZ`Ln4iO3ruTjLttT;!cWmf!7pE9
z<rheGXzXUZUsL|jq<^d#uA`)n^bZ9wVX(7cjQ_$Ngl#|k+Y#G%!AC(LR1^9iDE8YD
z5@yPPP#`IAh6%1BD~Jw>VKRfyP3BuQ%3Gah{49$ALrY)EQ)A3@3<zy&0j-6QL(YAi
zDWp8)%sT(P4n`(&J}!Jc{wi5@d!(LEA9u4Y(GkSB&=O{kWD66kNE0Og%{fcub!tJW
zHh$sE6nGZY>b?XK_Dsu28VU!1!2aYi$T68fs2QDv84UzLXkLI7naLm#Iu{gnAKn<k
zLl1<(LA7wf2894+6I$+U027kS1-69n9FO3MW(U5;dXO4zbA*c`PIjBr#7MpEd4kTr
z$^-RkHG6(5E(FTUpB;nb0fmaQk<^}@$eEDfGnRAujnYqN!)Ah_q*lUcKsP0$AzEo@
z{TYFiOJX*;*X2^wjHnwvb$KZuhjE8c<x9m}seaIe+1&I~ptp?o=)Hr`2M}vG9?Y)R
zSqnw=9m<qxj)TS}78!Eq=^O-x&x6|*-RDCv&qaX^d6~Yz8WGYfW>S-)l;<>z{)Khq
z+VWGTVwxIoED#jSIeMEl{>Fb&nIPK^Osj{(M9BOn%6~{)kyymchGM>+eHfLY3IqxQ
z2>ej9<-8yXE3=C2l4eTh1hHe^)TNeHDcNIX>osnf4~xlG!lXq<Lo>-1c%Jx+^z2x-
zvEzd~D5EVkeiVNTd2+eju`ifMHGGR@s*YT@Cg=J*T_5gnrpNDk+_+R73Mo|yWrERE
zXovwEMsFZEt?xN=7f7ybr+}HzlE#ye3RGPTE$KJkBm6V5p)AX}EYFPJm9GI_D4j4a
zTpPv_D`yl&33V=HZhsk+z?L`9Q?JPt@y*l`LGZ?@lChX^BlL-IXiPi}BaoP>$(L{K
zp95xqLc-@d;HLjxB&2jqV9ENsq$J2BVd|g^<(o?<9G6ML#FhjAFW~1w<}_x8m|%GX
z8fFg~M-K3Zkacv$uy^F_+_O+K43|v8)Ziw9o}(d5J2jz7BWiMdmR#ev)Y85n$<rWa
zfPr9pIKF}hH|bpn!FN;|Q>a!bB@pxLXb+0`c7PPAH@NBK(YgXX(xmrmXhJoiexb<I
z!4t*UP1cb*OX+tkGuBX`$~SA?CpIbkOmIx58MM|X5-3%0^U=45B_+4BdSWbV%1AIo
zA^S+Nc9#kUlhEsc;qFtM0MUbS#c?TNS72@oBp{F?qp(vnc7qxwNrNh$6I1IoY+2OX
zzCOhaTSqdxAXUm{EWbSCMt3$40fgdw-P&y5>=d^aE)4bt|M*@u5dQIU-{@x9iJjm&
zOcD>tZJ!yR8Gouv-k{G%bMz4%htwe!ZIBcXofGjrIn>040Ubr$Pxb22Sk=q*t0aeq
zKT~KToXfz%f7OhmYB4CNo+&dE_cZ@mZTh6fJCHX<Qo~vj@$&FCD#R39vf~F5hc|fX
zS@+lW=XnjVxefLty?G)_7KID=@8sMkj8ZNHsIXf&lX6GASk||@dO&s<AC-<9sZ*M?
z(<Kn#UpZYNiMgld74LWQjP7$qYy*kljRi_r;z>*5nGqLgYt|lrq*D^xpdLP3;>wM+
zR^<Z`;^WV#^rRp`$bucVwSW7q89Kiqj50Bi#zmsd%;a|Yjz_C^{6~IR!vtVf-_5ud
z@AI6xv@Z${PniVb8<MKagY^Wr^8xGoT4ip0H#~H5xUU%-0-K`<6GK~H$ttg_8{mZj
zBq<Tj=dCq<@=^r=9K1<zP+_ESr>Jb@oquSkwKO;au$cRZUpg&k{0H|LWh!!y5nAQ|
zQ<|5Z@n<UR`1{G@(misV)#KMx8n{9P=OYNS`6)gPC(fW&5{N{o#92yX!dyWm)cs~t
zj{A<n9#Rb>l%(hlG;ag@bbxh?A%IDK#1vB}=jQ-EqX(?$7Amnv4)k{yP7p~z0;d;*
zR81Nbl${s-vz$b>(k0XvL&rRY15k)0-vcypHh5bD{{toUVpZ1vfSr~t>YEoBM9ivI
z3gV639r~`Euz(_483!j#PUhuSOzxG-ChIP4<o|5zwI1=NEMGI76LWrD#*~Iwg18Dy
zgqZ6968pbm#%2NgO9DEeZ-G;T=U-;YtEWLA+A=0Q8B)BW;dhaF>q<$OCUhiVVGnPT
zeo(^uFOaLhh8sIo2g~kUHgr1Lzr6HkON{BCFwqgyUh-xd0aet5(u|X1MdgRQUBpPe
z1E6d@xJW%PfD?UwLz9l&9#DJ8d4n4ARpnG!PcnyCVUSK*c2piC29&1wKxLI7tukvp
z<`Zc`9~KIz1kmb*c8nP4;gxpCH2<~!b-XsWKs({aKxs=zh<_DI&ql5f$<{;gBc@GK
zkb?AVKoB~Opu=UtfKUfwW@O6vq&-4F+F84^Z;J4<pOMX;y$(QX6+`D|M5s}i-370M
zgj3U$u&Hq9A-YUK5)Kj!0jL2(S>Q-!PyhqS6iHeZ>%%<$KW?C_9uoM=gN4A25T&rN
z$fq_erfbhfe=}r*OgJ5}?5BD(axaz_)j|I)J_Cgby!C*ESt%=vL}<Q(lVq29%3D9T
zmmfc&!T5=Go<wjW+yGFksYe+L(BssIG=fvQVs=y^C^3OKerTa!A^>Nm(YsEOdR6dC
zhf8?O-V+TZVebQeN%N8@g%m7GE1qLCmASJ^uRUYTE4REj*y%fy(d`>qaUWBFnhG^8
zF_OtPFA=g5K;q|-Zge>p%{=tIgr$k35~n@UyiE7Zx_Ww?3v*g@cm7{QHPA7jk{CoB
zOc#n}5Bc%P&-@~xF7k&tt}P@mKnD<3+7pWpkFrL>58Z+8aW1_gwB3&WV*iZK@#fz)
zd2?Bq5INW9Fk})MLI4h6p00{DUfMWVKD&&-44VWGf+7i^dmD<euINP+ZLTWdK=OfK
zzf@Do{F+@F6hV96ih?9~^^@_*Qknw@fa>a0Gry?+wUPA5SQT2Kaggvz8Y?5dEW57L
z+zOoux*bT?1W5u3W>!#BUJc8DBGX{T6v8gBC5>aRaJ#Zibxxg_8dbvOr2cSjbKq<H
z1DSrPXHEa+-YAp~{o&M?yDu(VsSzg7sKbPa?P`cErF8pAU*(>5PFs#n>K@uHfm0W-
z^7<9_)G58YH(A><Qvd^cgW11q+h+|#Qc!mXR#zAKt9R0oT9I(m2~z!jC<b1pEH(nD
zNJ$Z+AB%5_3ZO$`fH>V5B12=&-6A&g!@i7x1Qr$8EaxN`Js=)eY3MQWfkBY3ct97e
zg|z7pUcJ3l*bpM{!2pUnUM$k!EuI3bnK$^Ar)hr}2!Vhs#Y29ooMYgj2*9|20LrTO
zlMDJN2)Zr+h|OOT>W>i{6f-Dkj82pgT0x2tV)BQRjZ!gKDxsjm5(HymvOEjZmLIAR
z@%?v`(gKto7;DW79p;=$V_cLN@iZPQuqrK?F#)mmx?MBLi2oUgpFXO9cKJgK)q;YM
z)bWsN_wW`az#f%2E&`FAN)zuHk1p|Bu>O3)Xn<#aM=leZhjm)^n$8U1Gt98@+eJa?
z5JBXjfS}-kjnG%Up%?%%JvcIJ=$#KQoNX)`A3K01(;5|&o6Js&2-0o2$5P2=LjdHO
z(!)ccdN2e`-H}Xs&I}%X#tD7tb_WnHE1G1s|0<cSmH-BFLTSS?0jz*%#rTa-(GvA}
zby+hIp*l1dOeBfq|5XIz0eR3E7Hn}yjdz7rj}cOc_@k%RhY~oT>Hof+Nt{_+b}oce
zpHTQj9nZfq{w$Q!tjA2st*Pf-6-E@-cZNulJd#-X2Zf$ne&bjk$Zpl#`f^C<EEGu9
zPd(CwfP=BvU_q0ZF9m3o?2D*40YUm`GC^)|q1Td`GC&gM<)J_R^EB)5UpbQ>8k`Mz
z_A_zZGv_-@BT|m=V&^DP4Z*?gq|(CtP#UN|dvW}^fj>a43J-~?AH3hf<eL56e}mLA
zO$@pJ7#RXbne4-iy=ILS1%Um#4h3q{@&gY^{UZTP25JFk==dy>XBc{L#ZZuFqPBl}
zz#auwo5UWq^*u(<SuCHtCtA0E)*dU$Fb6S|IQuNL8qQ1zBxL6YuxR;1+2s8*rAhrE
z-*XJc?j@aj6p>jX8494;@jpqJk4)uXJ`8UE4?5COktJaZ#sEMl)};1#f&u)vy=v|a
zOG#AI$crQ^#s<tD=T1FDmx?bdLJ|f+Lb4>pro{gvAFDN&9f*Gn$FXTf29hXr2~nE7
zIt#NFj<lz>UYTV3G$A?qX#nRvF%F9sxFbu6w1v*aJ+^T`a?}!smQ%>WuT!6dHXB8{
zN-wttUN6zXqPB`;ax23Ok={Q4jK=vT8SH~RaqxSO_6+P9%(l%;I9yN$+-8TD_?N<}
zy~mnJ)o7TZDAH^}1EF99){mHpFn)jRLS6s>j}u`Ak+!0d^QVIt69iUH>;BdUYq||1
zJ~X*EhpFRc(maxO4q-Okz_<1(NZvI<WS%i5wNp3WM11}Mqq+%wm)RN12bJhIR0V*t
zX<yTaCgT!9-XcNV&f27rt8;+SH*j-olqx=rf`w}TOjqai68vsF$`V;TX8b)`xHO%F
zX|A=sKUhyl+k*%~hXREf0AdFkW2AvthXUA0<y#2ZF7Vh_hRK$a5<ki8F-EClGZ3rs
zUn-R5J5_uiovLXVFF9Rzp%r<Lb06H^t3GD4=#$9Jm}w-2<;9OfQjbX?SNu~esf#mR
z3+YUMSv7ouQhA_0ud5`CYdn;Lif+S&zz`2b6gsI@Rk$o*^H$x;M>j9*7DFaC!o>Y<
zc?9D%2N%MElk^Prr6}jW1FarvAdMsE|G)Nsf5N&%@GCqqF)>Zpqlr?)^K7d~vmoDH
z?1jdH0rt+t8msZXD2jJD>71rrIp4&7%-xb=rASDRWr+Lj&lGXA-DGEFWfc__)z$G)
z;(V2)8Lq~78JPbKxhQhJFBf}NANr%oc=|R^b3Xyy-QBImehRwp&n(nfEiEnz2?;GO
zEp`8??B6{7()zxlp|G$pH#fKTzu`7tX__PV?KLa88J8mfK=7y_EuqC4vE(J<vz2Ia
zwAQ}%xUN~C!pF;tMaE6%bI#?Ba?^?H8#8zC{8!aa@y-Y$==*RJfQ%;g@UMGrZtm9y
z$t*P{!luusFo5^d?e3UF#cyGsyNeVatJTk&QNHcsf6)POJG+D9m1d8_`N@e1JP$Z0
zDHduVU}Ap$rkBLn?J0ikgqqKG=9ly4(C{#$YPyk;(Q-!0FPg8QgXKn7tMT-sY3BRu
z6XP~-&mTJ<ICF8!F3aCF*V`|+{OJm&Q^5_EM8l;L`TQ@le^bBGq;o1yDgI`={sqK%
zvpQdG5#g|;FoFaC26PO@zr0-J_UZlvxnm%fR=484=nJJ=<vSsi_@!bgx;Xb&M?46N
z0pVy$!D`>fyRF<}%s)<_m+BpaKOH9X+06ywitRo1yfClrW+S4muI@2ID)M}H-1wIh
zO&Q|5lzJE4|D$+!EKRB394o{P4-3`UbNjnhh7UizEm2^~{l$&<)q<6(*sZzkEDO(8
zxJjCr&)qOb``e8kpZlvkZ*Ej6A?uGHpDLd3D&94JvhX0kyu2J2y*7g44IJ~v(dvR&
zZB`VzUh|N0tG;`;a^m-VU&;ZN-g;R^dq>Cdms=PZK}ym%lmao!jo8@O1uAKZN8VT=
zGgDJjXBX3|Z{EDI@`6=*oUFF^zITzVRQV||IW-k`@wab)dy6|uZ7;<teGsJ%=-;sB
zE4=hS?Opjh)NB9u9M4h8Ayh~>wj@G!S>{j@&QKWpn&`;BH5kiN4e2PdC3{I^9gTe(
zOCiRRC6hhIPGdJQW_;hy_j>+|=l*GCu50eO@Av(Bzn1%l&zLUqsBwy~=Fga+P$gF7
z7e2Cjusk+o?Da+LN;>2Nmgc)tNp|RoXiiZB1A_*8-0;;?#}!pnpdQoPOM^lY2fluW
zL<PVmB0_6gu4xK^*<FQ3h~>SKQ&BOrvcq*7b2Mmk#1waT_a-Q6T3XuZsC7vo*We<@
z2#<8hPRrwCH2=sL9@#8a-#cANk_BlA(`hs6Q+vI57vey`24J~v%2U~I_A{!;d?H{F
zX%`;$^fP(mG!IXlfcgVy3#Kn$zLa686lg{Jx_|=XM156P%6Khx+}~JRTRVl^_RskE
zgd<zgEx|wc?OQT*<o^0c4#fWA+h?`w<+7G~ae|%z;jllQoSfFYTIn<@e~bL=x$cH=
zdPvG+@A@BA>T3;ycw5bcYf)^q<XH8WvJM1yQt5MkmE9!qsYvW(k=tP2M8qLohDYkx
zUw`$7!YSN~^&C6Ke*RmP=NJHUBIBD7Ue=P8^cbc{)x_-1_oQR^{MWy?U?{bElF0)F
zd~EbPRLX?cOULM+jcZ}vfc>yW0ze*rx3eL5%RYj>Q({wn;e58-p8E*iMZd;enwX}J
zhOPR$-@iZ5c(WTnsCoK?fL3S?^-A(TqcP6S-QC}ra*i!^wvjsNui!D)m8}0B#nv>{
z^x(&6HhuLTtKL<9E{xOaw-5Tp%uMai_!OZ18Mea0R%eTsm+#+maFI1LH;?64@q(o`
zawvSzxn|@$^NCfZbYp|ufwQf}AIhr02iPN?SYwX%6Y+e_gV$)n?&UBaW6x0a6%pxu
zb>%HJ{t1VWQ4oSH>e+1+D%ppP^Qc;UiBGXwiIz&y8RF?$#k;$^*p(VS1y|LW<*u$S
z&#|f<d3jzoa|?^UEX}dGqK=ZQ@&K?Wf+3&h&g_TuG-9ZP?Eyny<Ivf7y$i-!8SDG9
zO$VDmMD;?l($b*^8y)IA)SHwEIv_fh_G-sW`&~-c<(1)*m9W4Uv3&^isdy}bovCIi
zFa5?d-uQ=ms%*S+uc-lLzws;o37xaB<>FxwCZ2wF_|3H^T*H;o!8jl=;Ao6c2AOtZ
zp(mY`c!^G5i{Oc$G)4f`WNBh%7;aw+QG6G5ha@ILw|YE`h0}+=ey#0{w8!7o-(T>H
z{1-FJw$^vRhq1=Sr+864u5kWxUFBb;-VjcoJ=>meCi;C&P7ZYgAlb8lG@(vnylu-H
zs;a7}9s-<8`a|t;LQQ}5=OiJo=$ctrkcNitV$NETVLH~1q@<*~HSN{>aX<IA7P7;3
zM;sWNDJvu#!f*Cwspc&!8!qUNrB6?}8{=v>+WFNHlK>KEoF6U?o?}ng1+2>)weRP>
zV!84BT;NJcb^C<i#;7~4Crh(lLTYpBkbxc-J0~HMm2SmISN1eOSN0{9Iem<RT8W{(
zjAQ0xlGVsu#O7|^xw$!+a!Y=G{%Q}vDe>&}^ID-lu@|9}drO_Q+#jJ(sJ8CLxTS<1
zInPl=9BHinUf3anUMp?MROUC=1>L8jq!g$YzPC9?a)_W)>endY2EU&Q+WBfhw)gBz
z5T~>0=Eq%o!k&qU2%r5NKazFxtdFTwC(>57^3QCoiG?lkXGC;+!H&I!#X^l}gZ<ji
z4Kk5P%txjxJGElF4^3Q=(%i1XL5-8pwSihQ8$osFmwF|#LkIGEPNa4$Y)u4`?0gR^
zfU;{IuEV$5dS3IX`h3qsPo~c7y<_Jbsc<u`x)(1{cldjt#8#7HWMm{=|K~6NxpgsM
z=F?MP1qOrK6tUf}XNpq!syV`092FIXwK|B^{5t2@I?Li}RA+*0e|5$AhHb=og+sE?
z;i6v|fk4PV_y{5tFtwFz3XJ@fM7jrO+uVb5)!_-cT0`F*Gd+{-=H_-(R9pmoWg$C4
z%Q=vM7q#?C&>*{3TbP-N+3G9=6@QtAn#GRgEy2FwT$e-d()V|Koq?H+==-FmtkS)A
z$6dqWi1C^+(%&zLm%V>~ky&A>wfP~lQ0RKgX_>i<f5%SIDQJFWkDH6LO9-_~mIej<
z-VGmU8@;|Cvs8mO?>aj>Zzd9tySTV$&Z*!WnzYWds~>8GZ2tvjg?i<s%Y=WQrdx)?
z^0#`lH)Sd|iF~6B?;>EFd3EREF+rbN;;48xklK8HR>-9Z7k>QjmR_U5$W-}v`9W5#
zDB;;o<;-`6DecH}9v&W{3z=xJ7!zTU-)OaJ(OanAU1`5~>GlT;-KkrH*^G+ZT(Qa&
zO(3C@vJEeW&zDLcHy>Ehequ?%ARI(iw(p30PBzrm)&@i8`)Z~E|LS*A$`!Bt_2spU
z-h;KtOwk=>g&Sz9I~t!pqv$q}JH^<oCZ@<5mlUAv>@tU^@@-ESPomk`1vONi7&e}s
zCFyuUt9%KB*~QcQV^fSOUvhiRy(7#Nc$#Ke0~3wUv5Zt@t|bT43@9hhGW`rCfOu(c
zeBv%LFS#ToW%$))DrBW(yRq`m1*clK1tnNIIIdm!*Lb|VlO!H+H|O^m(VnK{4o+pD
zzrTO(r=C#QX>_PDXM4sS;P4~MupoMLSbv|93TY}C5fM0}7ZVf1&2qxV#>U^t4&n2?
z8B|x+rfPMzGZDyy{*xTnm!UQ&L=BeX9S2Q<FPf-!@}^dmjbqoj%$xkk?SADJT0D!U
zGALO!TQyx>-8O*eRUy_VAJ+&pud4aP;Bj7QFZ{Fui-=L0;!><SB?us%9kN{TL?}E6
zRt5M%dWi-gVzQ_@H!e%3{Al1hF}yzgQ7`uV2rUOkATWTZ$nDQp#!i>FB#0aCu8xph
zsUuy<Qig_x3Ucol<#*ctmKigz@}439brgTvROovle2pu%bL4?dcvHk^g_}`=vO+d^
zsv~4`2*HaAqSVmv@PmMWTv4{P+b4-gbzJ{jz53b_R^8t=#e`2Xo!XehtRZ>zeRhRi
zT@C2@cs!n%m*FT^<3fDt(IfG(rt{9>YI&c$Tw=J+b#4hG+Yfiz>H=2;BMvswy$K^o
zAJgmO2TT&$upyO}`q9x*vmdWY3Ja|pLjt|L*eH)oeVxEoHa=S_7`W#3C|b(AIA}VO
z=c>>+Oae}o`z7oCiSKzbI{yA!AeaiaWp5B{LRtqjAk<>3@+?q)Y~&l;-L^%k)bg_Z
zsoo+SxcJchrTo;;HpUkWvdI3v+nh9bQbA=8%LUPge>5X;SR9k+jb}G4hxnO7aQdm~
z<31mMtDbmZ)9S=(<0P&(|L>zRBqj2&TCoE)6<OdYE7^X0BGzEAQy$w?d-Ygy)Js2#
z_IgwcMJz2UA~uJb5Wz=q$LgClZg#Vpn^%y53{t&~(iOMndtxvLQT$$?D<9>^q^fw^
zrvzC6$kwE$aBM~$gOg74DfS_f%r@&LG5oUS>3>#;eSYBxs7_{wV#NxmzuY7BT=jk1
z&non+hI!v~Iz75BU$v1&sVC{wzu4ULQ>kn=%GSzE@Eh<-dqvplRR@h<IvnOxQT9vI
zNao{`R{7B|aGmh!gsI_pw4Y9DwEFApsRocZ^u~NeRTbsihqnk)HxFU2$GeVicRt-a
ze7)tEeiJB$Wm7mk(O4_h2iS^yB!*K5^D6b|HA-I>89vuny)egrMnGQ7(#q^P_`{CB
zg>2P7p;Do3sNv@0|Dt#2eUM(+9rIrE`!X^?Prldk=vObl5#8A%@-4y<MlCo$cw#zY
z1)BE1;vlWeOnMa-6=C+~QX)2D96ZKr`jPq1WUxAKR3?K&r^{}?y|J^?1^-52{W$%B
z{gUXZ;~?ODX-ZNy+@DW?n*Fdhz3g<kv4%N{Luj(EQ`)v>y`*|_xdA2abaDpAa=pT}
zCk?^ai1T7;0x5u=vZ}m~f-Y^f&B)8k14juSPL#FH_b)fMU@}A_a37MUdEIGBMPMjs
zr8|@%5~*pu^(3pxGCRMrG?K41_0&JL?PAbrIHi^}IVT--z7zO$PtPBV{cp)xCZ?v`
z=)U`h>2Vm1ETCh?io@aZLg2vlh_qWw&DDgR67LAwm?k}Ne|za9k4(VG{xpE74{;c3
zWn~4*5FES*(ShZ+bF*7}6~hnzcwJk&*BW{9D9b)rwJf~Kb!7`;?s>%8``d3XAk!2d
ztbXGZy^-|tB|EQN^U99AzZ|c}{riQGlS@m%LX@SS(%!GCchxBy|8$I0Y?Wwx4sB{W
z2z?eJL|&EY-MHUc;L?g^^^J=F1o+ZynVKO+&IlUo<FIWpJl>NHYFojVYnw+a-4TZe
z{#0G8vw-`+)gnrUI$8#m96K?qDW*3XW|<;mXRw%a?NjdM*AT0)7ydKIkg8o-kOW`j
z+n5DWF`8dl6E<M07v$!)1hh{&+yjc&7_~^U2D1UdBIANY0J}Wo_3a(f&HBi|@68Xf
z%Cq3SX#VQ=deV}8Z04cn3w_zy>n7laC`66zp+p&;-*a?h&Nl9jy4%INmt+Uer^4GF
z5P`)nZ$t*Ze7S`}Rr)XV)>OM~%(N9OUqcfwS2sW(S;_vAd<Ftq_-10Z27P<bVNWM2
zc1$LWWL)o9`;=pMutm{*xERZbCwIhES5?is?YsC%L#hDePGp~QoviXqPe%&Fc|i&@
z`Wku=et5Zhe83ddiqim=`3dHk@dR-oENftRp$FYWo5;$@l@x9?Y;A9E$L@L1tvIeG
zB`1s9o|)IB;f72sEq^vMbBK8garQHFXuPoQn1b16s5H}{mV=z!+`AKXfnL&d4R~I-
zw_RO;o3(>T<D<Fu2`%55>ndZ{F&)om?H=>xLXr>v{_t4B`~20N5TTI8H%U|z*-MuU
z-gLf<gIdF`*E$dk-xSYjIyTz1FDujM8%V;S*)~eD5|T}Y42!@(y;uNPBdtYjcZQn6
zbm2M(Argt)GhvcNsfu&k2hW|MK3u=z+&+$;3bQka%KIB2PB>)HNUg&e_Hd>0O4)O?
zH&Y$6tS}=O*P#%>I2iM)@9AL>yhF+SK#Md8+(m_jU<+Oqo{&4Ts(`G)B+1c8#S_E8
zPY`)ALXV>%AFm#||HdbOcf7{8k;KLw4-OaISI6j50Kj($VpbuKjuOIX`Pt#4jo}T~
zw6$AcsXVgw8W1VAk$E*WLH#+pBqQ;rtXl?`;o#u-;q2h23rkBWiJ|}RV|y~x%AwJX
zi#)DN%N~s;C=vuiEkFdw+R?p){@skDfP=>$-K(S)uf#05ivZeio}(27)GJ3NhahFL
z>E{gubHr~n(EoOg-EYp4!L=Ij6m5v`2b;vIDrE^r3rkB&Gc!exZ)Lc!AMU}oSJ$PU
zMrQyC!M%Wzk`i1^Jb(T?Mb?2mQfJ!7QWACR*7xx|NIP(+<=PF?cElo`7Q{FUa5!91
zQN0hW=OoYa$_iX={qpdS-%lN9d2H=Y#5dS``}%IY)_$CU>&n$nyb&juS$G_e8Mp|S
zfh{kr@q>kvj&i&S&BtH1IDY1T=E%nu)zI?4H~*~x0}*;5BxccZR)q<MzOK>rQXR)f
F{|De#+z$W%

literal 0
HcmV?d00001


From 75f4db112a6f453deb2e4f16aec6a36c1bce824a Mon Sep 17 00:00:00 2001
From: leodotcloud <leodotcloud@gmail.com>
Date: Thu, 14 Sep 2017 15:02:27 -0700
Subject: [PATCH 12/71] Adding openfaas (#620)

Credits: https://github.com/kenfdev/rancher-cattle-openfaas
---
 templates/openfaas/0/README.md              |   3 +
 templates/openfaas/0/docker-compose.yml     |  56 +++++++++++++++
 templates/openfaas/0/rancher-compose.yml    |  71 ++++++++++++++++++++
 templates/openfaas/catalogIcon-openfaas.png | Bin 0 -> 36430 bytes
 templates/openfaas/config.yml               |   7 ++
 5 files changed, 137 insertions(+)
 create mode 100644 templates/openfaas/0/README.md
 create mode 100644 templates/openfaas/0/docker-compose.yml
 create mode 100644 templates/openfaas/0/rancher-compose.yml
 create mode 100644 templates/openfaas/catalogIcon-openfaas.png
 create mode 100644 templates/openfaas/config.yml

diff --git a/templates/openfaas/0/README.md b/templates/openfaas/0/README.md
new file mode 100644
index 0000000..de94650
--- /dev/null
+++ b/templates/openfaas/0/README.md
@@ -0,0 +1,3 @@
+This is a catalog that spins up an OpenFaaS(https://github.com/alexellis/faas) stack with Rancher as the backend. The `faas-rancher` container is the proxy that connects OpenFaas and Rancher.
+
+`faas-rancher` is in an extremely early stage and is meant only to be used in development.
\ No newline at end of file
diff --git a/templates/openfaas/0/docker-compose.yml b/templates/openfaas/0/docker-compose.yml
new file mode 100644
index 0000000..4c891e2
--- /dev/null
+++ b/templates/openfaas/0/docker-compose.yml
@@ -0,0 +1,56 @@
+version: '2'
+services:
+  lb:
+    image: rancher/lb-service-haproxy:v0.7.9
+    ports:
+    - 8080:8080/tcp
+    - 9090:9090/tcp
+    - 9093:9093/tcp
+    labels:
+      io.rancher.container.agent.role: environmentAdmin
+      io.rancher.container.create_agent: 'true'
+  prometheus:
+    image: kenfdev/prometheus:latest-cattle
+    environment:
+      no_proxy: gateway
+    stdin_open: true
+    tty: true
+    command:
+    - -config.file=/etc/prometheus/prometheus.yml
+    - -storage.local.path=/prometheus
+    - -storage.local.memory-chunks=10000
+    - --alertmanager.url=http://alertmanager:9093
+    labels:
+      io.rancher.container.pull_image: always
+  faas-rancher:
+    image: kenfdev/faas-rancher
+    environment:
+      FUNCTION_STACK_NAME: ${FUNCTION_STACK_NAME}
+      CATTLE_URL: ${CATTLE_URL}
+      CATTLE_ACCESS_KEY: ${CATTLE_ACCESS_KEY}
+      CATTLE_SECRET_KEY: ${CATTLE_SECRET_KEY}
+    stdin_open: true
+    tty: true
+    labels:
+      io.rancher.container.pull_image: always
+  gateway:
+    image: functions/gateway:0.6.2
+    environment:
+      dnsrr: 'true'
+      functions_provider_url: http://faas-rancher:8080/
+    stdin_open: true
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    tty: true
+    labels:
+      io.rancher.container.pull_image: always
+  alertmanager:
+    image: functions/alertmanager:latest
+    environment:
+      no_proxy: gateway
+    stdin_open: true
+    tty: true
+    command:
+    - -config.file=/alertmanager.yml
+    labels:
+      io.rancher.container.pull_image: always
diff --git a/templates/openfaas/0/rancher-compose.yml b/templates/openfaas/0/rancher-compose.yml
new file mode 100644
index 0000000..667cc8f
--- /dev/null
+++ b/templates/openfaas/0/rancher-compose.yml
@@ -0,0 +1,71 @@
+.catalog:
+  name: "OpenFaaS"
+  version: "v0.0.1"
+  description: "Enable Rancher as a backend for Functions as a Service (OpenFaaS)"
+  uuid: "openfaas-0"
+  minimum_rancher_version: v1.5.0
+  questions:
+     - variable: "CATTLE_URL"
+       description: "The v2-beta Rancher Server Endpoint"
+       label: "Rancher Server Endpoint URL"
+       required: true
+       type: "string"
+     - variable: "CATTLE_ACCESS_KEY"
+       description: "The Rancher API Access Key"
+       label: "API Access Key"
+       required: true
+       type: "string"
+     - variable: "CATTLE_SECRET_KEY"
+       description: "The Rancher API Secret Key"
+       label: "API Secret Key"
+       required: true
+       type: "string"
+     - variable: "FUNCTION_STACK_NAME"
+       description: "The stack name faas functions will be deployed to. Don't forget to create it!"
+       label: "Functions Stack Name"
+       required: true
+       type: "string"
+
+version: '2'
+services:
+  lb:
+    scale: 1
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: gateway
+        source_port: 8080
+        target_port: 8080
+      - priority: 2
+        protocol: http
+        service: prometheus
+        source_port: 9090
+        target_port: 9090
+      - priority: 3
+        protocol: http
+        service: alertmanager
+        source_port: 9093
+        target_port: 9093
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 2000
+      port: 42
+      unhealthy_threshold: 3
+      initializing_timeout: 60000
+      interval: 2000
+      reinitializing_timeout: 60000
+  prometheus:
+    scale: 1
+    start_on_create: true
+  faas-rancher:
+    scale: 1
+    start_on_create: true
+  gateway:
+    scale: 1
+    start_on_create: true
+  alertmanager:
+    scale: 1
+    start_on_create: true
diff --git a/templates/openfaas/catalogIcon-openfaas.png b/templates/openfaas/catalogIcon-openfaas.png
new file mode 100644
index 0000000000000000000000000000000000000000..91467b6aeab58cdaa59ddf2656c87b19563ad27d
GIT binary patch
literal 36430
zcmeFXWpHIXt|%O4>Tst6JJ4a~beNeLI-CwOGc#i+=`b@hGcz+YGsD|w?%X>w=hj#C
zetbXQs#<$_+m>a^k}Syzm6H)ggu{UY0Rcf27ZXwd0RayImS<p~fWI)(7d;>#2-v2A
zf^y=5f&e)?>tCi8Mj#+!p^2){YKp^{8JY?(urw&36xnS2ZiyS5Gu<L$U;(HCfTE>X
zVaP?lFqp8gim;^xu%R3xC!;S_i;!P1jDAut$+^ZuOgZX2Zw#|Jf2467j(Ja{H*X?<
z+%!=80??E}0O6Tr5qFRJ17swO;@mzU30ugJB$%A4TVKC?0n3WG_x|n721;~MnG$aB
zZvWO9Mil&K6bdBNhdm{Jbi(h69Hi-oCSVNQXA1P*t@ai|{|!^$h>!#ZB$j%hSfPw?
zU|7L|qB=C{E@%lFgfX!nwEzr27Bx9$T-d{I2Npu}jEhgOV~NsQJ*$Qr(n^?-keG;A
z&4r=AyLY*h_d)aP#zhK~$`M!6J{D#<_&3#%;rKi6=ym6JDn(}2U|NegW<9<<c4M_h
z?yt+;`UuU$<8OOaHX(_Cj-g$#v;HTmRC2(tIWM2|Q$%wpY>*BUq){?#eKpAh!jX_`
z-2MgX>^`iOT)noot|R$0>ai%?$moMxrd|P&U254~sHkl-s|xG6WNElbIu!k;nW<bz
z(`j3UjH6`_Z42x^I~3==UqX=4FFe#@w@BY=zl0I>r`;2J{UN#wPgv0{QExVI)x)$%
zGNe@w;l7#40nh7D<6>juF^m8YKHa6-_pxnyOP067*7~U(o7>UvHx?rAUY7djn1G_3
z$%&ke*KDkj3YnJP6t7D3xGW2X!uu>8Ku4r8f;h+za|OlY11nVZ-QOYx$>kgz5&SCC
zp%1yr2PF@TmY!ff!nIFa<mu`wBwSY}iY@;|Q|52O1o)fmkI^QT7iMURxM`12Q79KM
zTg-~6)@@oB7!S9uUy+<UG6r5!&(-Ro9YO^9Ak)z%j1&Hd>c%~!5N+PM@Il;IzsL@H
z2u8Oxxq8q9$hN<1LuLQ5f$sAgj3dugsdWkLAxLK8CqD|BeiNyc3}Sd4w6GBzT0wg3
z`AO(KglD{U(uLa?nBuZ?LC?ln^q!GzlD68Y@xh*%eE;|yak4M9e<q?%65aXr(zcW!
z*Tq|v80pO4yRI+EK(q>e$@C0$A%X>j)CtbKZ>0)NpQ{5EUs9!K$s!ij>MK2x_1Hko
zM9t>SE$=VmNJbQi4Yr}(iD5Krm`jUpEkZgLn&@NL&LOQ|fJ{q<P*Y3OeGs3gSK4=v
zHa)S9RhZoywx2TaATr<OQeLD7XTZ0f&_IqZJC5(Pd(Z2ke9-VLV(E2Cdi#;VvOrv$
znC5&ir@#m3$;@?;wS1tjAo&5fLjDl+Xe!)@hWrb)-5ymC=>7^-P!=GGx>QS`4?gc(
z^d=zVTg>dp6+TEd;A{ToxyWrG{#$t1A}9d?Qz$=jf=q~^LcZ!pvJ+W_(4qPX5y6U~
z#)Vyd`NBw`9+p64B=)@quUObiIEuJ1R#J@24*Hn?C3bO$3|+9eh_NITCnsKBbPf$s
zBzO9&31zB3W|r^~WgS>K|6}(3k?9?r8~C}1PL?2cmmvdGfq#lYR5BZ8)OUS~WE9Pi
zMBRNgL?;k)zsnb#g-AqQ0$U=P!IUNrtxQlCgoy$BtH39THq=f3#a-iTa~EWu5by6(
zFgOrQeoTZhD6(ST$4Jr9MqpcE24N1jHjatgh*3ika=uK1UW`NN|FFfk{ca0?4X6%W
z5<mNn6e~u;68CjD5nV<<_C~BfPdd*tPce^Hf#4WiJ*iB(f%G*NZP>$(usN;mw@2KX
zu$KgWl6(w9jBOI^@9m+nM0J{4#RBnz5~<8Fdf`}oA=`W*#Tg1oa*PD<1p9>71h$%*
znwA=w8bu@5ns6g3L*!xYg!9;UG3A_8h4$jvVxkku6Du?Ld!&2BND-zy*C|v}*E;1o
zjg_w}f-BG*Eop&TS-7HBv08~*?OMOrBwfF{g1gE-r`$l^?B9s)RgNH&50PV2x=>Z2
zV^S(n;Hoy|)8~n))+r#UjwxsrH>qC7?J#|hi_4CyL=`O-GYy{kny>vsWHHx$cKI&<
zF8$8_j>jmcCe|*?uEnnS#%tecpC98phGwE#A_t{1C7DvoSM1)HFGE9yWxsHLtr>cx
zW^r`egE{wv!9tTdNV`=2ke?S!EY-+yle-T(A!8{>t<(rw(Wr;2hdya)DSlD9Up|>X
zIh=zgrId9@8Ol&&yuRvd#VHCZ7Rejnip0aQ#1Tx@Nc~6!8<$QsW`?fA*1*>|);O(~
zF}pXPtzWNmT{*3nHRUxfq32FX8G}1eKgfy-lJSWWGj5e>ov5mawTiIHzTjVnc0=bD
zZAWjvcPn@Ee_46Se!0Cry}QI2!e+<G`)a}5q<gh7HAFvQlcMLp%|xu6%a;q5`y=;t
zfZ4!#7k3wD_mor!O*9@Mo`w{!pr|<AG}ScmSea>VY$L+Bp}))?RWELq<RdRtym74f
zAmiZq!0~_^6CoTWTp%1O{CE648JUbW=X1|qWs*};N)ji{r8<Q=q&kKMi+XzlYyB@x
zRdt=l?B%Cr>KfBJS0nRZqxIzt?UtgA@b#L%7R?^}H@dY=yt_I!`8NrN^=f-*M2!Yv
z1{0&O(qUw@Wx~@^(|LZZavpLJIDL%vuYK<|svNDQ5K(MWbdouCoOd*8wsJmqGHChU
zY-xY$v}kMGyx7EhGj+S=a(3f#V!D%Z(L8yZ|2zNp)M@gfyS4Ep<OU5-a&)I`sBCLx
zoOOhC{-q%A&rYSzAD#T(oS&{AG@t=KTR!!mjbJR`%f9u#{`^S%@O~3eivGENRQ?2k
z$w4rJsRGkeSyPVLkG%*zPkM;k04{oupHKcUxglvGn+2$aB2wk4FC;URc3yjd<Zg3i
zMeXvJIqf;BqMP9iQD6G&21W*DqRS&a2@cUzF&FW8IlTDa5+Uv(v;_=^C>U66Rd=SC
zH%-44+)Fq9(dK$TK*;@S|4S>in1{*!AXNRPR;@OQ<V)O6+yklSufSR}HNj!u;Xm=v
z%Nu8rXIQw%6K*oRi;0>8o~b*j3Q0HA^DK@(&Ae0HHC$IfCjY1oyC>qubg;a8int71
zM8u9YjrptZmF1P~dVKeS`m|_Jc}P2x@lDB6n@ZnJt0gp+!=_$K4Bwj=vK&(k5>01~
ztv(`?m+jE>QvL{DuC9$9lTYi-oMl~fxCm>Og@1$dN(r7cm^4qXWbz(<%Ye*)Z=e&x
zB&D<Xnb%lkBEPBs+3%htmt;u&+&)!PRd#hg)08hQoGKh1?&f{-SzMu3p{C|xo-$ff
zK6<_1wtr4#p<<zNT_2!m*F0BK*LHU+@h~#VtNE^VeLGZ=pnP6>uBuu|Sg~E%+`Qm<
zp265(<5#ocn0<P($h7#o%)3=@AxLt+VPBI?fi;ZPNi{%;*=lC9?$_+$NZrUcWo>0>
zHggN@>gRXNiKGg%=o4^Fmc}Hj_qxc&^9QHT^Lv&cmVM3;&Kqa0<*%)`J#<l>a~BGm
z$}Oj(Rv#A^+_CNx3qR%-F6Nh7Tae1p=I<~6bW|F2PJRr4A3!${7~)cMLm-7BaeuNL
zFa8PkM{dNo<+9r<>Yg4SJQ|cZiG69l_eV5ET#tl}Ods@*YGiF@#(N##X<Q%wF|JIe
zBvZyC&Y|vLx2M!yoQ=sp+I2iP+g@I)ahV><YyW;WS9^ZwH~Ew6()nWyauU9fwnf{b
zW6$IG$!KsCQT42Hu5q~@?{)p+(ct{y{9YBWg4K!Lk=aq^m}_}|!|^3`vi^1vyi%w6
zi&O6Hud(sf#)8e0j`8OAGns>QRp;AFq)knaOq<R<-yZ*)U>s!g5Bld_-A2#HQ2fk{
z22uIwi~AaP9j*z_x8}+t*mLn`#q+}Y$+AqA$JcvjuFQwF%fPMvE57T@FmEd_)3=)=
z9enS4!~x`ocGM0W*Y=ypl|Sp&mYWSo!U)_RzwfP{Jcps{k==QIc(q+oT+GgHFK3Ep
zQgtMIn7-h=-G7KJ42Af7Hx!Qo!?rMyfCH&?2IrIXF@|=D&K(lJ)IsIXa~6RG`-GLe
zG(oL~)@_6aVF(9>@ik5`TS5R7^k{p$MLmENMUK0COI$<$W^PJN+18K36A{ri4dF8f
z(S@}=G<1~|8%xJYxXcMsw<mV#sZZF$^uemg(DFmrlHrN}1M+ysLJ*eCh7jl~z}kqZ
z+k=2$e*fzQ6;~j+0s#R{H&s$|P?MJWVPI`Zt7mAfZ$#^2X#?yH0>b6;16Z^)a?k^~
zSXx-w|8U_Z`bUo+!17<!bVPuEba61}CQ_4@0|;8%839;mnQ7^Xc;Em40GFNNuOA9R
zBL4&j{^KSxad5EtK}YB8>`d#-L~CtlOvk{%!9hpQNXN)X1MER#?`q|s=R#v;PyAnl
z{P#FQM)n4FrZx_y)>eSO#?{lec68t-BKix_|2+RSPa_x8e_^t+|L3xR3#9w2g^q!i
zp6-9f27+?^Rr^EE)Wyg`O~};J$jTmwgNK8jnd=|@|5wYuF#a2)`oAC<8R-8V^50ti
z3CTtG*8=`+LH|Xqf7AlW#RJDh_dlfPfs2%a><8`!uBni$67UQ5*VX_ZQ{YSf&o8hn
zf|y7<!wCYy2O=)SujB%HmJaDLw}duWm;e{3pg~UCzrGzK7>>b<i{$M5TM(Ij%SZ6D
zsdaPv;(}Hft{+}FY_`Xn^qhA2Tq17${MYE%p<-NH+vCm6dfge_?MB3`GqbJ%n3NAJ
zJt%1xL^24P?mzzcW@h-H!S`i;eANZ{UyY!?An-z7DF4&>Uyyu&F0fbvh<_jHpN%Lm
zReXEUzJEjWS0e-%HOe#pf1&-?NPkV}|DpMRMEn1j(~zi8Hru_CAN>e=!hdI95#1@z
z$&$Bu+~f50_CD__e+4BgWRDr5A|$!Kj(WNN(on2O5^UHZuEeT=kMvK;_$P}#alo=C
z@U@{i5JYA0Ko3r)`IoX;cQ;;cdQZsGB(1ZA_UQ-0byWt!3v8q<cYn89Q*#RT;QUWf
z>SBN?(gt`5TW>vhLhFrtYZAh62U%4A@%ddyrc`=_jA*U`ZcSIY<XP+C{GX6~Mi5F=
zD8rmhr(J}}o%)DeuJ}2O7F@WRXg1FF{x2*gU6=Ld0$|9<nmSRh#(xuU5ZEFGfOfMj
zJn47}a^uAs(=%anOB2lL;?V3~{1ANGG4x_H2Pfwri$OAjjIKxPO~SKvP8iQyC;^>L
zU)3ixzf;j(8=7K@TZtoBywrE3`H@%u`1ttZ5|60Ai#I%Mkp#f&;|B5<jW*J0!-dbK
z$O6_2>4UGIs~vy$S~I|SVXRGiya&2#W1M1YYFSb>Ad~Zv0Q-IIc6+6dfBgsl$lmZ7
zw_yj*e^NiB9zuy2g@DHu&VNA0r}fbvv1cOXJJVb_4oGv25razxJYHs3Z46eG>7mt<
z_Zf*0@M+C{!oSuPd!&`CG1)dbZ2G&(1097e5&&o;w}E?#MEJ7l=}ljd|2$Ees++Km
zVH0ftLI9jl0ohF!y`45YYk?+gVzW}Mji#WErOHuGQSg7)hE)+h>ySj!RA*ee<ZZ84
z{D(4YYg*ZQk!EuJoy>iqXrhO>1aG(yw3|(^wZF^3P$OOz8VxjyzRK};CP%0Iw;ui{
zw^jN0{DdTeq%vJK)@26e)9&3k*WeE`6sKuovBLQV<MHtZc|ffL87z~r(2VD1O0Rds
zM;^ypDZ@eVpK2YHG%L+#9YUYIg5mUs3%gc_m!k0<b7Gx!a04H{5G!dGVU^yhjN0=h
z=6H6MGzu@z*dKOGg+j3k#R=&D<Uk)-a$;RJUv|%KRJHuaKwi-#DeQneCQ(x52las$
z74&tddv8t03ns-E2YTloY@6-`GK;^DpeE8q3wAyC96t5Ue<nmxokaEo-W%}@{F;NJ
z#VFH++M3&PTY=qSCt>2}LaDYej8?AV(Epmo5Gl$o*!6pG^i-WBoy*5fzEhP|MFl-(
zzg}trMV(PwF9gDur<Z#w1bjAFa_^i0@|xp2hF*plODE|s)_<q793Nl+awnk~Uhh2V
z{D<KAQW?Y3r-o8t1ah(u1DI@PFyAKcV0YnUX1($oebsbMvA3X>v9aaX%fFKu5X~0>
z*Y}D{z+Y?S=@6HNH5LyK<zPi;J*V|rNLF>arI*~QABhxvVW}y=JrP~h8-V<u4CI3g
z#z2Yk*;VZO8l65B6-|^V^OXSt)!p5E)Fl{JjF9hCH8>&@q48p4Rz-F%5oKXK1@z*=
zYK3t_?{DJH_rn((Ed&{#J7^%?{RE<*IJ#SSX_xrDcPF(4!U}plnBQA^&b6SW-U{j7
zTxq_1Nc8XfBu0c{0A@RL_RQCO#+(G`fF8qTLfzr0Y7A~ubH3mOLGAqL#GGBju{Mb5
zdP=e1zU!A<p(>EdKv0=Xg+p%&iu}7;aD~tp0x0YapNy||w?1Ch=a&A=M`bQimv%oR
z=X9X^U9lO^E*jOn|E)2AkHU7R&-c3`DTuIvQMfu7+vQqsaY4KT?T`COJvo50Ogbaa
z-))C3E??{~A)>OGfgjk83I==YDIC8bNUm)o>VvI&H@b&!v25P=#GAtLdqb=@nHzJ~
zAC9M>!uBRhxewBliKpE6)Vjk<n|G{1F|uR_8&U-~82{5QAqB+pMZolh)*f^ZoVV5q
zjwDeKN1Ut*x|a>41F?2z#}{rL9ot_~?*%Rs9!w^JLph$CG~laN@qoHDs93C&owK_t
z=%}$d2R$S^|L3-Ypv8y)L?HBME84d={B_Sma288I_x9!EJq0TP(yD9jckF4c9*{j7
z@5xA|yfT?W+A%bOZd$y@Nbb2gH7z@LGe*h5(Tg3&vo-Gw`Lf4MCv@rX<(X_~anGdF
z6uaPmx6Gu_s+#%UZuY4XDmNiI^!TtMBTp95YK+FRIO<lDP|Gu0J(SgCUEUvlX59w{
zMF{DbA$Y~n7`P3E^-QsunNdR)r_dV{wtYUyo3OTc(+&9@F6$?Ocp}lbJp?1mXM+Fq
zJj?2ks}b8y#)HxM8y~Q<gZ_c<%i0Q_%9EtSlR}>gY_oo-np&(3G|h#UP4m-@;Gx8<
z*tu@%i-i9=oBstuZ{f}hWs^ALsm{rJ_QKQV<HT{hNh?%;D*O0y#h$lUMo0((ir@tR
z0f2kuTOIOT`6ZD_JD?5m#;{G$WcwP0=~{>>z2$tTRLk)94NdnMhuld4+604B@+)8D
z-NFOoy&%e_Gpe?cLg&B-WqU&Hv9|V07ey+C42T)TGI|h9XZY5dCPYrnWY(JOu~e)!
zXmQ<K-Fn(O2Tf!+<{sePWGO~0^18xNUFH4gq%@-r?}Y%adXef<A|>e!y08^rxy$h+
z1S4Wr^Oc#-8UB|7(ard4M%!qGdRt4dE3s28RmaIeT}hbu_@Js*8>j_Q+HFqYJYFw`
zcXq>ZB$#ah%ZyK;`&03MxG&9J*xv&AU5-)>XGIVp;o@?j;Jw};$d{r-o=gKX05?Sa
zSp{QDcN&rxx%$U(QxA_XNe+a~=YGnky00JpD=#dRN&a5xtLD+J!G8(vmKcPI)97lW
zo=9*SfZrqJ)Z*iN!8Fnn#D5>j#1Q&gfC8~3^n$3j-XWU=tl1xR??>O)y!Y54pw^*N
zUrdI`jrCfTC>Vw!G64wf?Wi~<q@@<motj$<?XLoVUgk^r+RYM;>Km1fJf{uAPp4j_
zoY~mY7^QeG`~dS>g)Z4(Q?-_o<Jr=U;R_Z%<?fH>mGbQZ97mghkU5wked(&!8(ryH
z(0+yQ!X`ydl5~9JG}5R91Xt2$#AmPh;xuQHXDivI+^+aw!L}MNKr7?QNUmxAvLDae
zndsR~P~Upz46%=mqN6J;QiQ*oR=X964eV0irm7Vi{VaXldUk#s1MYAf{LWdNhVB|+
z{jN|pbG!4WyDr8@=gnKcq@Z#DV`{Ym@@HqUA`1wYJavtFFkfHerOnQUeG>|97%$!S
zd@$X@@sbeTwN_fT(!rh_g)ybrX?&N^_>ygywpT!aryrR$Pfu+l!S?Yg^3&}Xt+ZV}
zI67ppSbFU})>vo~2j@^cHavglFAvA1UGd30p11tEQbrva7qMEgwswYT2;OPCLyqBn
zTaiUu3eGwK-Rm**zPkn<+Q;giQChpL&3ty1E<@Ac3Oh*|t82w=gc;^q7!fN!1cBnu
z<#d31hbEjXl?1^Zl54rkpU3z8a+<Ti`r@e{P^<HUALZABBoz$K`;R2t%x*rmKacn*
zEn=ZyE@6leRdLtl%Wa4YR-tJhW)<A9#*steWH3C=S0SjLByV+xbw;s%Q+T<JVZ@D4
zIda-TIu=7WhLcd<cSjZ%Gb$Xs-t!tu)t@m9l^V*F{Fe{q^@D8&X<g;5k6S~-Og4LS
zU$Z<pl0X-alc;at6DT#XYf1oD32D`m<?i>t01juoeMfFa#qZ?BhrfSdBy{OYqT5ga
zEs-Cc<`OT8g5TT*24vm|AU5D@Ms1F)*TJ+7_{{U>P1;2xeB+yN1xk$iK35N<apCK%
zv@M*kgpbQx`2|u*CFbwWAU}jG*RL*F+t0GGzTEW;Vm;OxPr$g^AJDgKXs<b2tasi#
zVL1GB#iivzs2`=7`F+pLO(nQ7$K%x8K|}X~-l=ujevSRGHQB8xyHzi=oz7t@P!vOq
zp)`~M7iJ^{S3yp+>;UUAfYn5H5d`BAdVNne@LM5NbHF*Asx2ANuwPpkFt_oR6RM4Z
z*ZGRupaUCJ{+po3U+$QW?s%Cxl+LZ>Kn6U~J|7dJDY-HCe2~(Y-RMJqTe9LnkUW(R
z*~?U#&IKX;TGIFX15V)!1g|SxaU2;W0Ucd>MGrk-w67U{n=>g+Eyp7y<$6@q0~tBp
zjlr|Za+6=J$u0e%W<LyT9**1dT2u$SOb<De%fDHEk>r}*N{-ju!Mp((GvwEoV<iCc
z#D$=!-f>GLpSeT1-rlvDb|-5B)iYIJ_on}nzU3=Iz^N}U7-0FdLtz{JiPX{Cf8@gm
z*U4=AnMyT#v1*!6@%G$Q7;eu$v=?gG9tNsXI;YtP`PrL^g3)DJC%ilT6<HVgL;I4$
z13iPw-RcUb0508j#4PsB)i((`fm~tegicZV=jz7ck)+=F=Q-p{jioGAJPV}7k=#Uv
zVAV;zc$L(uGa?csPkob)HL|LS3N@1hWjvk-+7j7Rc0Ze5KT<}Pv(3xLY1Pggp3CjD
zovgDh`quiJy?`+K9`B#&%l8}uUwVv8<sGx)X=eaxm?zbKkQPNd&G`iFxj`ado1gWI
zs8lMYk5q`Fm0P2!9!61Sr-yI;H#T^%YA_K>8ehePJ4>Vr-`smI{agw@3VFF1tk#6#
zIAP0pxY>atnuhX7zXrK0%o;6qM!|MU3`<XOJ&B#U{?WkGsk^4HxxuS%sSco+Au|jF
z1BdzxaTt8h#Flz@`dRkj1$;U^c<V>bom%arB`t^=RMOLN@7LC`#9#N5EZ6eM0#aen
zF%=&L<%^vwv~U%F$9trEHVNq;1q{cXnp4IFrxYA(hlCZCQ#2a>nPLKEekuPkSFWP2
z#-l5)V`lw|S-6Sue#)CBf|*h?lCgW=MPY_K$WnKRQf7B<;GEGLLUXw7AQz(ig61p`
z(ULHZ^mFu}uh^?4!``-isfFO>gGp+|9`b;o*(e?hC-B`vPw4(lj#+SKDNN2?hk4!g
zKE<8hZ57hxZN*Nn=$zdwcq4I<CI<hbD0On1tFBrCAd;n;XS%qt(m0FfRf$Yt2od3m
z_JDN31%uh<^K5T8`<%vhwg!$>xrt7c#@gdZ@Zxkd_jSqrEYGXD+aN3|mB>^9JyL$>
zOXrnv*ihcq7rKmYRtdPt?bVm+*<Y~IOa;>5<7TTo=e@zvnYwFd&pj;1+L)hA+QU;u
zje5Q&_+Q(*l0!ffWzsuMI%+V?rhYGIvycBSsNyJ*pWE;ep;6*^^Juo?>y$YM&{PyV
zLFE2M9bK?i=$A7c=-a3tRbs%r1|+}<*%B;lJc{o@o?izF?b{jY&yRsH6f&&R^=!7%
zhKHXu$j;7Xe7v`=S6Ckh4!<&*%&I><_IOIRGOlJU_(Z;!qs)yJP8{$2vgZ2*iOLin
z4c${zjzuCno#+aie&PuK)NQgSX^v%(JFT>KQ7YS&@=9mn<$lpL;ljs<f9G}R(}YxW
z!K4B!^b!y(n+B(94GBl!^!3e8qhX0Ij`zvHn667EEj1p(U#QMfP1M+J{8&;|7hYyL
z&otNa+Z^co7V9K^a@UwqDT&UgTE7r1nn;*1_aw3BFlOaF(}K2^%&9C?^dEBce4*?$
ze8}4J$Pb^$G)6_vb*KF?Z<{Z5=k58_DAL|F=v~G)XOOy-G@-}%3F&{imI!Anpb}VA
zIc4CSjS97VB+L~Rv{UVl@IV*1dm?X4r$eO_3FT&n$Gr7UbP!BFGvs-9ZMmkW%L)(g
zATZ#W^F^L`awziZYW|e~(rL}!(6{MA3*}DT9d(HKTf7L^b>@q37gdI1(n#OlQoi=-
z7q`Y0I!>^?lt}U0&`YRU989!@x&A#zOV4ukV5_dH&x!8eA=V8Y2{NC1>FJwg0fH`Q
z2I+k0vZYc{6f8ejt+H;nV}4&T7IeAXAJ9ytaz(rFZbYp0)~kgtd{WI>-)OQBRz((E
zD{8IrI^Vky`sv}lF(#2|VvbXsJ3&BcXVw2SJpVS2R<Pd&;|WP;BQYPYTGyXBwJ1Q#
zZ%G`=NlQ!X$ELJvDwW99Oz)XkP@w?wRZzrSu0?o1>rP~QIagUxa31}4ph2D*s`pEe
z<Jspy4oYYmGVkYQHJ@Ulg(Wo#A{uEokK+cB8X1FH?6x*Fon?4u@c8Lsbz3g>1^+pi
zynpVme7LDrLGzH%;?q>~k>#1YnUP4%5mWuy7HX8l?fj5=&uR0Y#Zux%ctuqh!p>4`
zHuYvA2O(gwADLexw0oDI@>jK!rWesv>hGaf23R>==^#?actPlF&5GO0c-=Z*R7VUd
zM>Wq|wy^^WpxqEn*9+RIVJk9!u2)d+$>v^=?^nwJ6efBPnuaoGv}5kg)^Xc}!1h58
zpwgl#z6_a^n6M(~=Q6;h(IYRS@(5dJ5nd99ilWAL?u{cVk0#A9qctR`7|h)*_c*3k
z8Oj|xZH47b#KdBWqD1Onhx9O@D<WV^PU;mANT<l=2>Gd%o#;TpZ7(s4m@8=9<CEhm
zkSzM*t(wW0Hp<F9c|BcyX+w3(Ib@D)NQ2nuFd*APtLT2I*Y(Qsh{egRo)nhR>F~k`
zpog`sey`P~Xmfj2A<qe^U`||E7yz55-?n{{vf5~0yc)))wVbcQuj|1gi!zKNLJ2iB
z`kbL}avu{yOnUv=(f8YcMYD+P906XaIWx=ZeS!U3zL9@ROCXXP`ppHJ;rp&AJ)8Sx
zP%cnPOXf}c8MFo+7dMUqiepw=RD@!ar!EYt7eJ!cyrAw6&-`U|h|A{lcf5WW*ksAG
zz*AaTUk2TkH3-t3x!pOeu5vMWjvmk+SxDq>d}jv|dnR}TzBfQI&V>=xj^v101fS;y
zf=A?1W4H%0i%Y}{?OT3nRvkvr!r3&ApoY2FDbDH^v!ZR>4$9b9HqT*+Y%0_|5~+Qh
z_P|^&2ReD5z$_PZ>rHRwPL~e*a8fxD=EUfWdc8t?jp-kC?u91iV$9u+5}33h)L~}9
zQr#Q_V`)^lY$e)X10A5wIl_*9a8N!;n@4D*uo}UgbF8Ga+m(0yeh_`Ugj8pIL)ljP
z1#jSsoqn=Y|4p|7qkvoVQr&eJMamsjuA%M*Nxvzd7*<FiSLMqDnEZ-==>SW}fXGI*
zx`BySVL|mQlHvr|bWL;^*tFEL`+SW|+0qJ~E!fgLG02eQ?vc~(u{lg~4bwp3S?UgJ
zfePV~9Oa*4$`Wo-b2c&q8-jZ5{p_{H(wZ1Sc^U)MXkrz(K50&;-kZoz*vFJF#FVV1
z%7Pw~Rp(uL?5^9Wa#7Vu*sR(Xhn4F-(yb4E-zv^c{jJ5~!@w-oTCgBSKi4UhtbNaC
z4BR7sc6wr|2utrWk<hZ-Cs++L;jEuxb9gGx9wvjfGqeX~9>^`lvE2(MG@V6*3ic_Q
z75fcPX+S9YDNX-jWq$C!4PY^^2fAb)Ia%C0e9Y43%E3~{GbdX1ur;0bylUj%mh!>T
zhtd@f+h~x~04EChV)_09ALaLXry2E|U!)T=IGplg?8m)wW4w$+(Lx-IbFVLbRu(*J
z_!1t*IO6#7@*#6y?)@11@$5aT576{{iwFt5CAE8_Mx%$VO?EN+>0b^CWcIuJeeFp*
zdbnag;v2f(f6v@rEn}BXaqpjKtxgb-<AoD158MJ1i{g4qzS(`$h5EK_SlOm4vo)wu
zpirO)6!P~%EF~<427H0#iTv4O3%`&XLV^r%1?!KMF-_lEQ$B^%Q>yh)C-;d3V-X>;
z#CIbQFPeVoSLl4RsVCs^#C*WzCRC#F!ylz|Q<P)zRI{go2<Uc<PCc#*CykCy+H1Pq
z+P=aq9E)=_-@rx<FNjrG4*P8A9&ddFcu$;NX+nBa&fvJh4r{7?wb#cO|1`L8WtZv4
z<2HzjVQ=G~2N{ax$ZbG8FI(+^Uv!0nGy18?+D~#a0}grYK(gxtxr3}$_mE&$9NQ$H
z`&|_IjVQuO64YYODvBJ1BCuEBO_T4KeomhnCEpV@iUj32YR&fjl}pQ5hC>c-UJXF`
zx<?LX*gU+d%y2(Fg(p|h$BXCigG4&eg58?;tm9#5s(iVfngObUW33TK4qaWeijz=J
z?$?fr%ja^(vvXv%nI<DuMCs3^CDYc#K?z?m=GFUeL{f`+?=Q+!{1am-CaUysa)QHa
zo4YHmW=&RwHW^x}iak!t1vDtw4mv2oB&hu&8^Sk?zoajrI~U7Jxa+@+(&=)feAKB}
zey6&eO6{kBCl;)q#p!WH8xU$0_+;4Kwn|{Dq;V5cES!3uDf(jHTw~b76`JU<@@f5S
zmbJx&4x6-K7$%JtBC^>k=Gbt-3sXod(sHe-uNz0XKN9k1#V`|6pG3vYbjo#0t|@{-
zea-?yBGE^$y|vgiq-P0N9x&5ouZKc&GgtE6Byt6q7MAv2?Gg0m;osn;izf|0MMe$2
zC3_E~)B9-|IY|0mDh>E0wgYPnRqB31`yGRh)0T4zU928wKT~tD12@5uUKZ;*59W_Q
zYlb|PhMrb_ZJrMz-iTg|fHE=~5k0wdJ_YC2n!lK6sD@~3MLX}4v7+ioi5eBkVWk#0
zrwt{Ax;Db(PtL5i3HxePZezA7`y@8bjM6;!3lN#fRqwY1`t}5_h@H<T6HlUY#XB2k
zthQ*JXk183*AUl(q14@$2!tHA67;d}xSv@kvX^sTWBmLzA1`(j7HI@VamlYl?k@1l
zf6IT4`A9Aj2b#yHVyCcp{z(7vdA^KnT&d+xt+s(Z8E(1V5{Ytm#ehB-aF{6ZPRRp_
zc1Yvbh@CPOgS`=K&Vsz7A<ZaJv)0A8A(lQ-X43`6fV#6XzN!o7#Tuo%8+;eM)AXP`
zeozD!o9xu@IE85T<`QZoJ7I<v(#~1utC2{xf)?6s&Y8oP_pLbCdlz_rp?8%rr(MMA
zE0zIqLteBz*N`-dU8)qywbkc?gR)6eQB7Gw)%i$-;Dy&IT%V!NQ00As75J;4F*IDM
zk=OH+1v~7Rdd{l2eRsE31CL8<{<dsD!`J2T100+Fm*16CpCH3xr6*N72u-kTW-mqd
zAR&VYh^0RVviOzh*@VBYS`DEcB5}D+o?`?~t}ZhPe*Ei;0BBlL3ZNs{Mxs_b8VTrD
zA;F@NOfiF|&PWJQheos2m8eRRwNMDlIEI#<`A+Rw=D{b@JyX?L&&at;k5B9YecPp!
zAsr;tVUnc&hTW|%>`|e!?+S%|_sR8rg?z+0$2{gI(!A*{F3l)Hg#w}aayfFK=}v=_
zKLhZBqhO3c+2<QrL@Mj*tN9>cJl~;koQ?{9+MCfFFk}4TicdwST{vNb6lwhFtBtGi
zyGTWm5@pz)?BkFA#Rqu}Lw;m+fooqlbm=c?NC^ikYsGNBv5?bz@4?Pv4BPg4FE@O5
zrkqpG621t3s{r-g&j4I?#!}GSGKL~yz%R)Rn3m^5pO?UyQxDZxM<xb2j;m))a$m3m
zbA-caMK|-GBL_aQEDoKy<mXhREAo9a+=~Q*efiWKL5;ywZmr(nD<#tz?e8#w18?T{
z#rX+$8<_G&?unC-f+Yuvh$BFLH~pzyd*N9h+AaPT12dyG)hk+Mvrf8Q#UO(*9=9QD
z569#E9A=KV*ln*hYGUG+-=IH-<QbYqZ=7u-R7?Y95C&gu+E-K=jqG5$Am$-~qOb=$
z79}qrZV?*!lK&BrKRV^|StNbyR-c`^;h;vD*{Y9t_5=G^ygWiDEKHvsr}~^TYNI3G
z81TIU-aI;cw7)^`5Wguz5yRea1O~ALGDNnU`s{J|7KQw09?DZVQK7>3R5M9Mt6_;Z
z1sF6}HmnEBXJmLGpU~RF-T_Nant?Q^+?j*HE&&c34OY+XTgg8fVx6cV_>WXiHM^7*
zblmRGaBTy{D@ht`9;_#&eWON4+CaB#ht;^pMDQmLHSx8yVt1u})B@F$J%0O(?DgZQ
zLTTXafcq|vh5H``U$Nok;KxuNCV}Disc?3Jc9tcHmujPLns7oIe<bKw<Ml^~G-PE*
zp-ntn>b2ht2kVdQZBqPk0vn4brHc8elWAe8EwpEp7UL%6=`q4gj$jsCK0uee_Ots1
zrMC{iTov5^3L8DeW83B51QlBIbUg#rCH5O?Bb{$tuclc7>)u=zPRzpLprpIxYn}2d
zI9n#)xq9qoI(2&xorvxDpP;23<b&1GfM-JR%=SS0KFmT*RGkq}v*Kdca^uQ+GQH_)
zK1u5@<jtPb2pw`T-iPpow-^iB3Nj;1{B&Dm?<nk%tGUh@u(Rqk&DgM$w}M`Z<C}g!
zPB|9D;k8Ff>u^zjY74^{f(LE75I4AM$N-y&8KMXzDoE2NVMUd`+mGp!e_<|W9!Ib;
z#UYg*B+2z*!@CPuSa=V%k=`&OTp<&FNB=`Xw~q5xBP)=!AeO{}a%9xK5^3`(zxSuW
z_a}pfNk!UDMc{iPJEWsvf(f}|olTurRF<>tW9+T~QeOpjpNK`ON#$2L0CVL}MGrXU
zMcSZQS@64p%#F5h0o~R_x$Os|Dd14fr$w_1n9#hfd>+20@+bA@2z#+AW_SJ7g0-8z
z3(%>raiaK@MyG7uBawfu14pp(fA?jHZ&X=rAoOcH^kXG0(HB7EeApaGata${H0rao
zAu8hcM+r@@G&2P(!@n$s3>)NwRRccG|1g@FNFmKvEY>veNrh1SHiJ}x_>AkfC5^DE
zGi{lc&E)BwW-`{BeOP}|*eU6M<bj*TN$dx)iZYad)W41p*OUAm7UfWi8GXMa=wZrZ
z`$za)?j>{s!;XJcrxqlXO;JRrCHTW#28F5MB!yFS7GU}#Z-qwpM26jQvIfgvJ<b(Y
zyU470Ho5KR4G0~(8$9V*3qm%zQvyzCYPg^|D69g@GMdM7jP)F8IM;gfb$<VnMxd|P
z;`nm8v9<10L2cEg$ey#E{e5J*YW!BzJlHjE1r{!+XVMkNlZz|=W0JH3Pdv>lQV%c~
z&=mthgq+t*H=H`be2RL^jtmuCgeJ#tFR>J-Ml`L2LY%WOb$c`3!$+S`mH`2PWv?FZ
z_VA0QC(0+J!<+xcYwU|+68umYjUP087C%)HWw~67jF}rl!i4@aF@OqIEfrN#(V)NJ
zo_0s6>%k3ng2mSZE~l_KNE;;;I@#auBNb6VHRWxld&$?cZ+*q^(-<qn{+dIh?N_^g
z!}sgu*IZF7Ei$T0num7iZhGB27Z>#U50zn%kE3M_%Hw=B`I%^%l_g1l*+pQ$d>4av
zZ@uQorXTAdpS<NawkZeG-!$+-rc34DQA|gS5w$dB={)j8;0xy1<F7x_rRU5|i5JQf
zIob)R`(XN`41xBYx5oKzyuf<nOL6Ng)mpoXIr?^aTXjX$>r!l~4R^=^tInb&K|u<L
z3WQ2TbWg={r-KjpqNhou{@z?&24IK`y-!a|N|<o|=-Ik;4+a;`gR)+{&g~uihVN6N
zrFJ$)Ic(c+dX=`TZ(S8#CvgEZ`lB3WNKYK=kMmvuiY_^>|1LR$tTR><57_VaVqF^j
zGR%-YY15T@wh#GdQV$vC_V@x<vootJL6@r|*gWwREf`8-WfZd&^M<;OsD<^|X$MJE
z2Yn_?#Jkf)n`CBh29K^|o&<eA1!<Ercp3ZjHXGOqvT(1c6AvNe37zD^n20ur(Lz~9
zaua0TuH>)bzhUnYLRH5d<bXFc*h|%sa<aFR)%IArhuOJ3I0Y9p4*e{yY?T`=h|RUX
zd|MJ7A#GvYY76Mp2^|C}5DWT!ptp=ML+%)JWlm+-ziX%`(7NsN*67IkPevc8)7R(I
zeFCG#3UB>!H-<9r_Q}PPOXq3rkVNb3uI8->I7n<(oAP~xraOIAULR8ZnUy)=CoKBD
zMbLdi*(?w_R0R$=)2+}`k_63|LB4}8kuUJT^a_f`;)aiiYGQzO6v5|jQ`sViV91<0
z<b&}+x){qNw=9?fi8A?Z1V45qoO`?VW`IfO8BD>wf}P_S@~bBQk(x&Pq*3EMneKAv
z>WCGRrgYIOe4R*T87eWutRYa7=hK%%L8>)BiPF6BiVV+}ZwBd;?%`K|8454zTlqZ_
zlp(l&d2RQSZCt-TLu{9NG?)JDZfg?KN%zp8MuP%-k=02mu+<LmwSU$L=O6A__*o{!
zZ~oVHB7{YDxLgU0#Mf*FR9`fCh?&&rO`se2mJ@KxOk<;w5R*fZwl_St#H96&(SDh7
zyGnR{6Tls0gtgjBHW{FVr<8=b7$J?zD(0cl>J7ymuxnF7qfXjcH+9FhPEoN4cG-1O
z&KZyv1I}5G(U3ZjaN<vt7Ux_YmJv+$G_2_I_yO+X{=LtUMx0qXfX1_Up=>x0zynVf
zIm=-k?w_d+m}%)kdJiV=ISHPe=R%N|rGuenxUq4>rB_lbC2u6Sak9{6L?%}bUy(ut
zTB9+lg|3f0d^%f+OJ~=)gvKhbkSKb-<mZaDN`M(j8OiuX#g{^08Wim4x4cM=MwNLx
zBRyRNYO1OBk{e=R{ClaK%M<HIB|B+(jdnR$0z#YS_gY1X`&400+=gddV3eOmqd5Ug
zgQ=x8*oqpG;#@xm3AT>fyDV^#Ac1DlM4pRDszkLfCws=NkCELoIj4xS`sYy6!clRz
z40NEbS$KL_kia9~WQo>f_D4UIernuua)nT6Y@w&?DWgQHM!j?yR){+iLEy5y0F`vu
zo`4ygB+SeTAXPw|g3)RN7HmYAyg>$AocU|T{>&2mU4@h;?y>YNmaj8Cd4C)*hM;^O
zzohtC#}iv-T>2|U>~fT8Uq3G`!cf>2FRPjleb4d9podqWT`8Hp^=EHOPsag)gxe>i
zH#rKDaA{po?4Z-$+$ZeMX{@CA&p-P1m;IB}C|G40@bET2YP5*;Sikv8$l1V}FHw6e
z^Pi$7E`@Y(XK97*NTjaRMQT70t?xCoL+g&srG#BHvQ&gyg}Ta}8v(UhY@-rDK?6;~
zTE7@_`z%$Z{RMp7FxI^8!WO>cN?sC4#(vk>*Ca}A?|DHIsTb(r=PP5*=dhTGz9@r_
zT$&V5w{V~`EM~SPtz&#RL;L2Q_(sDOreyRv1}ECSXQL8V^!;YnG#k9+2{xN`rns4T
zC{6eV1+iD}0Hb2cYjyY?yKy(}tb<%_Zo31!4t3F1!)(u#j>jsTs9V}p{UXv-w_2?J
z4qv~W55fHr>8}8u4N>(>qorh)iIrW1pA7^Qcb8+p<J31-o#YMEB5v13XlK((G#kM*
zMnN5j48hB_&g2gwo{HC#z|Z2re%BiuPTyj(1_L;_o2h$~WhKS3bp_q8aP)#I-`bNR
z@9eP6D0u{Ab)vUpr_m|a+CP-!rMb<mMJJQN6Fy@truS@zxES$5>ML`PFM(R@AJ>TN
zcxn~XExa0^#x$>2*Ti%Ed>j&fC2}N+VJ0Q4it&7T#eFpNj7<4gvF5_?2f>}eA|H4O
zs|z^y>HvvclTg0A<F`=;%LsPs%DPgVih3CTCixhW@2roP)hh1Sd3!H*D^+|6B2<qd
zh+#Ql4}DYb-f9dEpI#An>Y{pilNgpGe0&oGO!ax|&FALQ>&_TK);yI*0+O1EK_$Py
zW`>TN_IG-(E+L=kz$A>tLBDY(#oJT-nJ;H^Cpc3^p&nT2j$lng_G6VykY?cy5MWW2
zu>QjkH)9Lrc8KiLm{{x?PDV!b{oC9&uY)sbwPX~v17H>rN<gdtal{^ZZew05{r28I
zv32Is#Lsr5&x?)VZr(M>FXR)hV$bNvy1F2O6r^IfabjaJP{bh%#S|9`ONFN8Y!_=7
z53M^ak{Aqa8++rc^d|nZfkWg3dp=0zfu5S5Or{^GfFQ$JTTgYycGIGTjt?NapVl2i
zOwv!qYW-oer8XQ*khfxrzb~ZIf-7aUWK|!W8rHcv3>5E${`SLYk&y*f2<)0*0tcJd
zpuvKa1b;z~S<(F~@TlLT`4aMey>ECAxA5vG@<qnH@wn(HP<GO(JWEE|QRZ;=lLQz<
zLksnK!z?6tK}`6p@!?`r4Vs72k$pT$*N_u%#jd2dB2tLr7-1=7J*|2pFXOP6eW+s8
zKM9-l&++C>SdT60R!2xu<ma!#eTlG+s@tT-n5N;&i2b&`P4zs=Fyx**8<s;2R)}=i
zgGH4PEnhKisR4F^eigquR&wtR=i3CQ$XymKaUTQBvoTR>591GsX4vnSMh^fU?sh_7
znVg;3vfi}zZ6$CalT#S2W93-Tg1#)u8rW|2nJ#(nBy`_l{c$??zg?_==Ro<UQdwrt
zVfg|d;h~{OcSE6^S04`4ClNUT3UzXVm{C?2BI)ihg+u;7%G}8SvW4Z+Xvx7924)@$
zID?Zw$F@|dVB%6lM;Ckd^v@DBD{V-`m3diI+>Ipree-NrcFmuc?eG{QY!h+I0#@HA
zxWYPB>jf27QsXopFWq;zKeG3%tn`>614BniR2U(5H`b#wt}3_qW+E&`7XoUnMy&^O
zH!3vGZ21VukU6drBm-gz!z`MviR3Kc!YqmA3lAv6?H$!G%;mRB>4yU{-)I_@^&Rs!
zcF53hK!qdf3%6B?#1@P>h9Ze1e4S|ZT9C{&qglvwhi#v`gM(Bjk=NgH3oB|Lo}}&{
z6=C`YlPPmvr{uw)Z?^75>2NG5uy(k$%=szEO<s;P(Le!h4ALTB?(F3H2Jf(?g8DGO
z?qla^`5Ovfd+g7A5AYo4-Qy;q%OTWjae43Li&dg<<^Eoc^$oHpn~x<SGxml#ERrk9
zTPCwSa-zj>1frXhyn=YcdZj!X1vYjBN;hxD1rv&7`c7JVKKd!?dG}B@Rug@c;0U`B
z{awkxztz#t1GTLo^+lqAx0Elh@ooQ`P^O<nl-_j@q~2T1$3e+3Po)DFx~YAy-;iTz
z4V_sp6fmyiP+G6y=o9lhyXMkuGBqC)nmEpLx(Mno<qix?gm0toz_KO_c)Xpt9&y^0
z)pduPC3bz*e&DRhD&=ha#0)v${f0_MqQ93~4iPb9TEKEs5GYI|G2D*$XHoU!OFkbd
z`cxk<T0Bj-<RSl|5cG}sluu#OWdT2`?1RSxHhAt`b=XWW(GmkY$WHn}-C5$ng<SP$
zi}Km9vG$jLrT_r7N~Imzgc#(YFAEnP>bGB?$-?ll;CIku9RHPs9=YxBa9E6~CT=T!
z-)&$DL*tZh>1asmu^#VnJBMPY!lM<XnDV5Fc_0<BXo7!N>Imk?bqZYj@!~^BSn^ZQ
zlJkM=E9Kpx>$^Xnut@!E(;~kaa168`c&FgOv+N{xb70;O8G#h%AnX@8<`bKP)u%I)
z%#eR)tVYRe8CVK^EqK4M)ByDQz4WVa|MDeAHs)KNq0bXFc8w%ipw(<-@QBp#rmThq
zs$dB?`c#Sv!9JK?yGY0!Eqw+Zonk(Vkm=%9Y_(FWV?3^bw}SiCQJumxUR9aopk`OR
zZZ$yaX9Ciu7Zi)}8LN(bB~(6KRs!fkLus@Q|1hkkk+Y=vy~%jSN`zm^n#+sELlrqC
zm9TMr!~LcW&H;W0MXP42Od4aX<*sz{w*+7y!t^_NdqBM<TE(G7;OUS3)N<{Lp|69o
z#3+Sy8c@*DnasmMZDHz6zd$}w`?KUSv`E|SQlp?EQnC<nrgM-Aa>e2$>__&J3ZUX#
zJR;2@JU!b2wfs||cF?gbappk7Iw)ChoGL=XY*OI`7m-irr9FPEcmdO0L51^)ZzBkF
znvzuBvLB-hvR7s_*h-*5jVxXlE{rikNczNLfHDgw^ywC9B+6U&h{Iv<Hh08tF`Y}d
zHlV9+XUQwWfKln2w7L=Za>kz^A`2wkKW@u9YZn@(7Ok^H?4K1=O$UbV7>LWbasS*6
zf=zQRpkc4qj4(gr_u1CNgMY_uY_M!ajc|QM8o5v@$L~`hcdE=fN;G$OQ-P8o)VEYj
z&GB6TXt=i*uerNFK2zo40leF(_ha(3;ucupo&<fp_cS)cn)P(|+wA_R*M9)1R%y`D
zneF|FhNuk|QIUeY_?$?mt_8ES9l>wBr^YlUEwaH}!-GvYk9PZ^-mBg23SY@EBxxok
zo&A}AK`!&U?8weYAm2apJ)0(|ip_|aR2F<B(b$rhj_NvBD;QSJMa0T>Q?Qnx85mVV
z76VzDQ3H(Rj)KYK&;hMk_LS0ouxZ@vp<4+^qI~*nCDH}fe6U#VkcAJDv(?NQW`qXR
zkkbhYNudfAU$vLZa+~Kb@IvNX`*fS$L1TgoBNrt`*VOdY`0zpuO_?G<Tbx@XTy&Nw
zo>V+S@yG4%-Lwt>ku*istn%vIthESYA6>%(g)}u9cDBqs&%C}&2f8GI%HXC3&3G~x
zjdTVe2Lc~CMU0$VvDIrpOcX;@Yqp@Dipz(PW(X7tM&Pm8rUsDMHLSpd7qSl^nylqZ
z7#L2iU-CD}AcYsYji4^>2Af88Yq3leSsRZfij9#~Xk;6W2DbZcGmOnITF>dM-~iJU
zeUF_q{@9!^SY{bsYrBab*89gd+wcDZL?kmSua-FRxnA8r1ob`b9-QRRG(Jqcv3%R=
z-X#-gQ~>LWVfXO!b#rL*Ac26~#v&-3X;F6%Vb~ym7jhi}no_&{K+2NY*8^pa7~M4k
zGKX1ap$tf3E@_~K`>L+s51I2Fcsr`#5o_qFqKhJmU`#nn9!)H~QD0Ea$IP!N4L03J
zkCDFOctt<<vwA>R^QQ0nwK#;h95rb-OOSXQ@uPU!kFOSl?KW#=&jN0UW(;VHu5u%O
znd`u9bqD*4I{!B_$Y~r8cSZ5X*yGOw;e>uw3hcWsKV;VP#eTn?PU`#R+hjBDw$$+G
z^Pru7Hs#jS=chJ@5v_D^qQ7w}HZ3d;h?9Renk6mym0Fna+Ng|&8FDiOyv7>{|7*Pm
zX26w*lHYIvw=1no9a!g@N{uqkRFek<FC=*+Y^`biz_aAOYkP-=D)CmEA5ee(cI{pt
zFoIfA#m5Xfj01MP{)%k#F~X9SfW$#BER37tYbb><nWIR+;{{9}$>`ZFoZS8r1n&KI
zmQv-3b0griW9Np+jYjgcZ7EclOBW`RT9G=%<hyVxrYLC|Mv<a(qC~$P4cgO@`*Dk)
z{<9qeCS~T8Uju%@A2{hp2%uK|znuB&VpKT2*WvyV8A+1d2mgqm38I0oiC+#-Wcu`?
z^}Kt&MI4E%pv=nNSrMchZS)zPyHSFH?{JB3qfy|9bMZv3i4uN&_-H??jxChibtLh9
zB0Wo=61^6H%pwz!aa78Ei=D-yg_L;aUnp0$Cs)sl$yo(Dr^w&_zc?SrW`)B*?jn{n
ztKzE*(7tN`=3Mf}R)11x1dFwE4BGld;*AQ1N)6{Y)7Bc^=0i_;Y!jxGgS<fR`F<qc
z3|SeELzP79yKOCrCs(_qOmG|bY6beYI3^?%$`xkAA@yvu`-@`J2ce?;pW@yss;+HK
z7fog$xVyU(2<~pd-7QFPcPF@8fZz~ZgS!TIcXxMpID=hPx7J>J*E#ieTbmD~(I=zz
z{_FQ!pD-XsvqzxE)FZL2A6swPEIw1<n!0kKAeT{kIG3tXe=vp&C46sLTZ_~+13b%6
zNl*kZFD?~t3aa%9kbOvzbYmaNh*%bLKssb&0ih86IrY`Y1d6BA(!G=e3TP<8=B3JH
zE;Qz5U#ctWcEvOOWY{W?Gmb>Oo|Q#iyciz<J+Bxdq3@-74YKX^5&G=??JAW#E?xg?
z0(=EIza-Fe&FzVQA;i7mpd1nG@w%SfPLb_?xFffL@eQBN53h%xC>KW^XjZmZbpE_B
z&6p<%%y=B&{MM3q4<k$!=QXA0bLSUO$b%l7xA%n)X!OCRc{7meRe-IzWL76kHZ~N8
zLl6Er#<cX)tIQkglA!tiuG<D2DmRyrA_xw1o;flA2Kljs3mhg=VpK$j+d$#2%pN?f
zjAk8OT1CEvf64m@Y)GqlX-!%#XAIv`lRy1v9yUGdQvh=d>%<~v%}h*lBqibFnv!N4
zb0OXiYri|E>j`na$7WtTgK>W}zUb}gx3km+!8c;=1H>#C?3|0i2G<|Ne<nQBiLM~R
z`LtT+#8JQS`8jeNW)te|AW!VQpmT_@#05Z1)0zKbB6}9;IJ|J&N;veIef^m{X?6mA
z;x8o%Oq(Ux^Oo3=?@(EFp#xzMbU~Qs<VIK5{s*oTg7-&MZ|%C9cs*lS(=c6%yYwCY
z>X+dgzl4t+i<Erb*q0SPwVQ{--%#)ha8TwC>B44~>Eh(dQCeH=trn(@U*^dG3NAwN
zz=0k-o`gv)pUwZ&qKM#f_QlJ;cDXoV&QgOHMp#Hz^@{QB3v-SBfRuFn#dKg<OHOhg
z4$nh8qKY!-ruVzo*S7G*4Vx`L1^0;kPG>5@2%i0L`e&@|l|eGRSr#ar2W*LZ4$o{u
zGl&s#bAx6q=0B!59nE~qW^i(R)eRHuHHwHxV^s&*HAvG<DAWl>h4jn$EkO*p`B|za
zW3a7W&t^8wdC&+JYEZUmY0}CS^T5_8#@<XF;CB9|eChkOqn*5h0HPuyJ&N5AB_AOd
zUyHm)Dt>FAMyb(XrJ9Bjmhc<<)(0uRwXCI`$?Aq;u0#o8yScC%7M<hsLK<JX1ncig
zGy8``3Y@sR4`r#`h=ocydm6CIa3TF5^kDLH6WJnZ!t^E&v_|nK_ktFvCGoZO_gpG;
z$Qa#w0P#%g-+Ykaum(W2Nkf3=F=Q-igc^dQ9*doI83I6Wsyyy=Tq)51xYhWl9&`Q5
zm;vBq+4}leJuv!kI=MSF-_CJF*5!G*w6+_^EUs@NmrWhl^^T4id>UQU$6!To09r!p
z^knDb`DXVAgeUow&$+0`1h(PKIs=PeCT&pkTf4!aHVi0N*=zYf#DyAc=MCHJWW{hZ
zkJu8)l>Rt7-tbC0th1hg97v!oRV2Uu4xXi?5Oe+Jw{ls1*bg%H%kA5qqUY5a^Mb%*
zd&HYeai;WrDB-C8y)zLve;i#Y{%kksY8oFgb+D6x0t8#uTNXz&DlPn^TX+!g0T`KO
z)mMDE{ZQ7S(-5QfntwKLOf4H;WQtJxGoARsi6-)wu0xmu!W3lXCLWFJJ<*YgE%p-!
zBBakHVrZ$hhJIk#eH(`5IH!>B@PFv6+-HC~&~!d+SH4;qM*y$-#pp@0egsS_0&^`s
zhT=c??Uu;92^JKvz~B8a7eF9r547Z32b!EYeRY<iVx8@5O2<I0Z7>1BmiArwU)4rS
zqiHnJ(-;dOfH>(#Xvv$|p=W{W`s#5$0jB#?zRRFNrAA8~Gq}*_=pT8q|G|a=mj?0Z
zce+06-PVXrU}F}DyyT(%9u&+?y^-eA`)a~UWe4eVw;P9LbG`ug={w|T7otK-oz2nB
z8K+Cy0;Dak2zk`33i2^&@TrgQCzvhK^B68o6+$EmRt<{VwQ~bVXfH@-0<g{&2!!>K
zXNb_&;E+e4!-RW!@KNYRi^F1PIOlLoY3Y;u?T77%r>lD=G<8E#WTyLEzbi~K7Eg_*
z_TLn4_}!v9{l#^lfP$O^>m^2}_$jE3txq3DM2bFiIr>-|I}3F64{w}&9l0A{JI<Ao
ztKy#$Fuef;L|s@AyarM@8EVX6kCNSeKeXECaGKcm3-P#44?r*1e{ZH^S8jk|2mTTQ
zeJjD-o#S<AhzF$r=9P;yN{KSlGADQ<#DtPX$Q0*O6b3tA<Lkf<XAHJX+L45)=(P!}
zGf3`$b%SAw6pGWtC}(0Dr^pY$M6K{CsausHc_9Xz=!8|{RN*gPQH@Wj^ij$I#M?4j
zO^y(_9F89;dw+czrpe4-Ln5;}UGaX4h(&n<Hf-6+q+v$L4t*3E`7CX_M()p!N5GF6
zJjr3mpL2PBHg$sJ@fqG+W}yfnU3Z&LRYGYTt4WInYJlZr$9%^scZ(u}Qy*|#v;X0^
zvo}M}7;=saba&X9Pmgv!)ggNBbrNg7s{sa89RB>=b`P{tNp)X#?IAzSVz-hG7AT6E
zBa2fuLg-FYsZI*0Xu(W1%6qnx828tkXs;&^FX}zEeqhC@ljz;w+J>?9DulLW#P~z!
zFzXvgFW@tnh|d1*9r*CuT>!5qz18c@9F^_SCu#9I&;Sq>`VTpV>`H@x?=;bJzl+%E
zqbvtC*mq3v1yPxpwvYqjUIAeGe}@O|Enl6_IAK>DRJ?@b!{Bo(+Y>bcgvlzbXNkZz
zsxUD79nK)}9!~8NK0GiO(v_w2KNUZ=Kfi|(`KDXc_3Rb33A?)C+QH^58~n?13gOt>
z*%o3K!TJwYcjRTz?AjB)x6SH)@p*J(HGZYjcBmW%PpAZ_8<?&&h4~5HpWnSXHQ&p?
z<?3c|CrDr;5zLp)`|iqb`|JhI!}}HeUGMYr2dn+WTHWv{^?Yk42$_%{f~mgoa+n+R
zQ9k_atDS;G9)%|uGmXk0{Qn3VHL|)TgJ;Pzf0PA0Uoe?QCJ*?=+t7};<WHDGH`CBU
z1)P;8t~mPZ;)xv<(>JP#{(JT+&eYEP`jv0nl~?x2|3<H)1fRalt0_QWVRM4?`SNb@
zngCR$(>7lD^n;nl|EF~^4{NoM{_ycSOMCVnHnP8ld`ALpY9w0v7)C3(Oa!0lT9`E_
z<gG*?{AX>1#LUBxL9LAC05DaA?}w9%8~SOU7s=QAW1_*nMfM$C?WKM}<C?W2dkzZu
zU@P@AWwc%W>Vj&A##zOC`EsOQ?rsRJd@V4m8GPSQi4fkkdWGnW@<Tz%<-@uX!N0JR
zjeh+xTZcnIq`%6Trt`8ljs;BK<SCNx0;-Lx@eYuL^U5F~KfRISd>kNRJ_9pZpBph{
z^GQRp+3kk8X`62<JQO@D(0?DOkWPA7*!~1iLD64O0hRgV&L##Wmn{xh3p0LOm)0oM
zvi4W+Q|f5mko<-sc-Iv@u#GA3u=TTkCO*P!iX-(jq6NobJ{imv`-cZCEghbZ2?<f3
zd3qFW1g(=M>mcuTun~Ctpya^F1I~o|1CDR&O9Q#&<qj?`h-BQCKUm3HVOgZ{*o$H=
z{YH_47qhSZ(770k$Y|*MnHKe(Z6#XB6);#vS_cb$eOpJr_Bh!4E;GuO4|VMlLTd->
zy-eweuh>LC+ov&Xp>`pvir3)fur<v!gj?R+kLt{>&7>cD=zu5|6RUF@=%ltEr&p#%
z6i=KMD63b>j^k*LO6Na|r8q;p4E%9BhCNee?_MB3ekKKDennq{kPBh}=A6eWTu}-W
z7}Q6n$>=_=Ty%cbJb<J70~+5FGl`7_3jdL)Azuw6Kq^?VG%vudc)4tH?_gPy6@1w1
zC3sCVn6sy?O)qo5?lr+1$n;fX?;WfA>k!l=DfraqrSWZvM=*7lSY+2}`{z=GbFqbM
zpX~HCt{sM~!r^t%fdvU}7jmsLeJoNkb5*$iGlC!g2hKalAcZ5GpW9^vRZ6#BDd_bO
zxvew5y1`*!%5Ck26cIW71tUKrt8b#pgQH65RpwZFM~>U(i4?%f+-`E1r~|gpO7C`k
z(cY(OU%9EQ6NL_z!9Zk<Jr&^L=7M3(6sO#%^}_?<_tZZ?gc6~|;c{&aV~*s9u$Lsl
zE#8{r_@UcUCBo!Wbsae9IYpHGTW9lWSS_uo+uI-DS<R!9*fsIc!sc3<OAtIM!(rcg
z9HqgPZ@(!P@}sV1VBZ*|@GE^#JjcY9CY+etC1}ar`{sAos);@dLOFaUrVB-TgeO5<
z4Q%ma^@P}m%#q!{=s48HVIP86M}0v<)|ZHM5#Y;mHv6c%ks#QSfIc8wV7*JH8(_<{
zE1aTo5cipZ9isYuK55}~O2N&Y`xzYMDz}ia$ME5_uUR5=7qWp5WfYKIF>S_GCY)G}
z**6FjTEU&qT`q_)2RwzDRh4q5+gOo2&v2$$EiIzKOSW7X|J0J}DRjekZfi3DNY_3y
z$GIU|a#7#6ytUgkS+s0@w&3>GeSr(p82XQdKT16N%gHPFyLaziUvuJyC*Hl|B!4sP
z$7v8As3MQO-Z{<+gou!MB5p{zs{7htNHpkRXlND%-_>4Go7Civpl?D8m}9aCTQG8O
z@d;a&mc4ge==<%Q=a(0Ux9RSOcVnHMjnb(emt$|e*qBBYN63*w8J=65c<|k=%w8bl
zsg?eu&`XVs9yYih<j$6Fw(;CcTL=)bbGU#k1lsSvz1X0%c;OQ}zicy4w|lzj-~I6l
zy#OZdziwQqMyI7^Q_^FoLJ9ccgLP!1ZMUXZ&?dnhMk<Gz4vhLeX<>>Jc-+Hz=~mLV
zg_(m728k^vWzhd-YiMZLW85NNj+!l&q>#dO&p2_?z;?iML$R~7t4Z8h1n!v%wl;2w
z&$x|GsSby|!shKz&C7PhpS?Z~uytO|oNuj%8_mi2x)v<o%@e-!;(2{}(;FJ^a?q{H
z!WYzecB3a`vl}tXRhg$fn$8vVzAj>FS@%*Dj-j*jHDi`1vHfHIM5UbdMBPVshBDXq
zIY^5%?zv`o>An37&-}5+h<oxYrAlpB6Ae6qs6DmHSQ`en{Dd97!5CBwmKWvf!+D|t
zOuQZ4SoA9CLG;yZofkNF8SOKdlbB2awF^0dDe3U@dIVi_wUG?4EYx=jkf<`d3-CfJ
z!+8N=PaC{O*9gILEj^~C2qE;2mZcU}^s>^jy>}RSn^Q?u&`oyZ=a9JE@Y}=&XxqFQ
z{evPWy|N$<^?SwN+AY|5(k`@or~7c=S-f_r!3!?;+59Ei+1N%c%;1?sL<{&6Fe<I&
zh-4|<s~#r-6tiq#z!!Cl)E<-hVWD9EoF`Z@Z;neH`hmuo<LCg1bO`A#4p@xL`}Jtv
zMnW?Sj9FjD>Q}gES^I-SxGe?Ivs}^mxbU)|W#gwnhD|4re$KbUOFcdaq7l(wXSKSw
z@W)?Cf2F-3r)5T+q=*#T4n;fjW-`*>Wc|j|L5#$FM-&$(tyFy(6n?$RQcnAz#4x=W
zs1xS3+(<pZ-7iOYkS*#{5RuRZ)zuel)5Kn)QxjSXarFZYJd1S<I30VEsfbU3Oe{z~
zEd~h&TA1W&$o%oXXxU|rW*eTZrDfH@5pM`{Mbw%pqxzP{hZ0K0^H95FvAG6u$c}yb
zl}IfM1v>t|*OH?mOGWS89g^E#m_e@rH1=}v^X@8z0CgJ@Qh4k;1Ep$iY2}ivohx56
z^kPNJeH9!m<e#R=bg_HP%|$~h#LEh^#!UVxf2bEyL?FG}sdT=nu=w*+HBTzWZ%V|P
z_B{Tno_;ABXko`>)Zl~ga5XtX>`Y^;MfcsO2>Mx6583OSTeblHW_d^vZ&@!2#96Ba
zUsLP0{IzuXvQKnch1^Z~pU>8%gk`Yxy<GA7B!CMeL-RXmaw{3jH?JX0rUdkM>9H2~
zJNq8plJy%^*{nmw#8z`DFPVjW3V`P0ELI(0V+2jNR<L{X(u;ns^PwPl92;n1%haLj
zEPkbYai4;bzF=_hEF`y`+To%8PL{Hl$h6*3*Ckt*FNo+7$KVayQyH<VP{PG?I&Q1}
z`L+)h?LIn9RmlQTo#-2Y3lZ`I$)6ALZVjiXZ|ze4lCcN7xx&jw5s{e@$z9T*u1iFh
ziS>_-Bfl=A)Y>}d0c6hMAHwO!4+{<3b;poB-egW;iJ%Np0sj0;k<e_@Fb`ldr!+t_
zQBhh-#E3Dbw&OO6k?cd7HX@;55!uOa9qPjb9i|ZuI-6zvr(juN&znyHiO<iY&^v|F
z?u0FR#v)04hQ8fCR|DfQ<+RVpGnOOi(#NBSNPcVUDBs5*y<JH2ITjQ~iLGy#_%o}r
z`^DqW2ev5WWh}y&NaO+0`|>7wWiVYi5+N=-F%aWx7lYM2a!~5>gk~RPfwkBqV7CX%
zREX19SQWqcnFY&S7Q9-V2t-GnF4MF&qlGl4y4>rkXHAaXjl8H3Cz%)-9?r%421Z6G
z%-|xr3VovPwfn;Ue77q=M)`JolyuvDS)Q9Q>P_A&{dJTJNiIK$<j`4lu+sYLa-$T(
zsk>DRlJ;Vfb94eo-ba-M;B9E1)mkx#f!{)aV4{o-s6@c7>$SGo`-0>bcOw86Q!oMI
zH*KmwSj5DrFW_V1uX7IEu6IrC(P&qf`CbQW0h(mt;Rd1p1b>VkJj)|-wDl2*k6x|B
zh0a?`B#y?Ue>;F5wZGATj8<}oGF{w_2CmWeN7hgVV=as^VE{cXxa9SDMTN^@Kt2*_
z?QC*9CE|5V4j}7;7~uNmNFR687p(--u%~Ny{1Mddllf^0@FH9@yw^S$#wq^dSGqV8
z9hn8wzdu7fdTcvvIp0g}{lz~OK0qP_EgV&j=AM1T4bvEQ8LTM+2`d}REz0U`A<JBd
zeQJt9HZx)kzR>`KVRMQS8<V0+$i1cBHTm4rjx68W_1%rprbaCYLl(!*m<M_by(IkO
z4OYPS<OuHl8HxopFHeM-XH8W52Fty#NDEnESwkj)AbA1-KpUDpL<k26erVK~1ZoDt
z3Qm5!u902|D)EpebUK~Gk0tQ>69lQ93Jsohs~b`V)g>@&w${1mF^Gi+bZdIiQ6YvU
zl*O#vrb?jgB6*9Lsg(9EPZc3X@DZH&?UjFxdZY{q^rAr|D~W1*!M{YOm$w;|X@sTH
z77b>!AE~9{q|cL5uJEPQo?4s?nCy!!4&KK=9DBkBn_{!ZF=CKjwXB<Yo$07NLlN=R
zvTz-8IiZ^Lb5SIu{#<NCiKvV;4=15ODC!@S{cW=6rX0;ugH=pWE45bq@mD-OlyHOF
z-Foq)oOoCAb&ask-ZR^VB#42I7)-JYqyOL>!x_yrBk&N33Q^mhp*RjSPWz*Ka#R)v
zVeLltC(c2$_vFEyp|F^cr%O|XE=*VT6)gAXef69?8X@5v*3*cqht_KtEqVIdN*e`|
zwCT7!LoRy%6Sm3j`2neJgJrf2BL}NV33(&YH$scN5t<t<_#%AG(bL@&M_4TY3?f_5
z1DBe#Yq1P%b5mY^2?81+H<!qj8W9Brd93g^$E%Kip#Lx1XE&3X^7q6f9iGTEZ%hcw
z2Qd_SfPD<5_cY2GTjST#t|DHT{k;`i44V$!CBd*By@ER|v)|FQ73gQ|;LOF}To&bd
zCfS$|s?bi8=ortif-Qop#T9SAAHr2`l7w^O;Q~X;_I#Ck%DtTVLGb#FJ*3ep8CIy7
zLN#04RS>!3a^lPt9D?Tc36U%)w^(I!IEq)1m<r>2l|C9nzMb~BhNvCnY+}M&s)S_H
z+P)pnTSg1xC@TEIakPZZ!U_YaOD&Chd+4qX=Bd*+qah9>3!a5a64rLFwMh8w&w!$j
z%ePoj7wsc<N}3SR_@niLqR(8d46zs1WalFaoevTZT5w%;Y1nK~4XbAlS7e${(|+6D
zNnJHmmjOLI{m;|L4=WnMXic(vJDSNrAkiJVQa0KfDD>c+X!9Kw2}YoecMRoI5e0jw
z$HT!bNPfc8cIQ#8MK2aqt=uKdy?AW3)vclu_o$yIXvp5-_spge>RSl;E#~%6Y7YKH
z4s}rXNH_V)-_uc8UQgkTmtWp^2{<@gg(|>}kT_JN|J~@U??V#<Zsp)%5uZCHP=@~b
zVEmxSpxVqfM(yE?Zdd5>R%^OM0Ke2|-=8}Sovx6{e6;4@>*MSs!dYYsb<=Jh!kEND
zPlsnkplT9>s)bQp4d*iFxVf^4_8yY#(~jxkWXgfzp*NfW_^=2Jz}3l^0Y=%(pKj*g
zI+07OMcq35j$r~?7G{&O!2U!}<6ZrEd<zr(1ZFxkkUZ~XJBb*B?E_8U5cSzR>cLOM
zeI5fW&P4PJx46iC_x(z|w5SYvt*_=C-Sdt2x)pXN>Q7W9ufOdX>s!4EV9^*BLz&)O
zhvffmH(rb4e7`$2y{Vo1_tUzWo;BBAO5v_pFN-`2k%E6L<Q;P{Y!4@utI<LS&y-W<
zIN<v%-BE|y>Glf;1QOD5PXU<M8{f5|oc2!6ziRGaN`*5gCek#N3)ljQ)c<x1+{JLu
zD_Y;DA7xy*UF7&VhR}=?HK&XAYzexT%ax#nq0F}%;arZNqx8^dGy-D7V_Zs~Z46Zl
zRqN*{PDr}$JHc$>$LSS~irDS%@GU5AxTIeXcBIe8mYoUZTpVamgaHup`3;1;0k%TG
zdln%zs{MQaX}EyTlRz{=GSZpkuw5#`Qx%gQoxro8>hXFz44$Pxfw(<*Z$8X9ba$qx
zMu!xFxFW5Xa(&f+h&ka`cx8BC-S719nN|TeFPB|<nGRlT<%EUp88uj@>{lNMx{LUH
zOI3kzC;PJl;5y+5-eko{1K7=E4!@GIVV5sx9J1wyd6Uboyw>XqLHRs)hERf=_??l`
ztgqT$y7M=;K?N#AvfP@K+O>Ff0wOlHStt#a>mK%1v(Faot(gmcUC^2eQaO{{o(+E*
z?a^olTR(Q)Oh_vB&Zus#ELvR*3}hNuKnp`aS*pH4um7vw{KHxI*Lr%bh&EUD-Mhr6
ztMjZBQ{f-ZtI492&HdEyq1-=SYJr$s@j@`&$CCM+YdmRxY=yXsT+BJ`+Qjd6FGWYN
zeXPfWBiqFu*D=;;UNd;(=jPNKF?&P*Q!R)N;z^eXTwmTH^^g)VEvcS5lixu^#2X7B
ziqXHt)e^P8MN-9ZuWpE+YQ(&kzVr@#@c$TH9Bjujo}f^O9*lf-9-II9`nR(!Fk?Ab
z1rA2sB9D>7as=D(TurK|OoX@{)Rho>yl18Mb13k*nK3mu)joQToa>?oXRIdeUck2I
zGk~B43;zUyD!z-zJEI1RjF0Px0W$oC_5Tf{tlc*R$vHzWgYy-txYMP&3qF@%t|D9<
z&=gL=2t#o)(MYC>Kf#)_S~~Uf(C2|Bk{!fUu0^w24TUwf_r8EZ{4Dw62qlKPFp}o)
zc+IWmY#q%(QB^;8;bJ(IR^ROODWB6C4X`UD(*G+pvR`H;p+LB>Z#wy7x}^~(LxcAz
ztJ8P9(TO-&S@Qc8wHfKB$5Zx?ZB>{mA0Ut)nI(F5ot;=2;S?8tLitdJ%y&sXy0+_k
zoNsCw@3OoKC9CoxVO=i}SE<;~fm(3tTeHsevB{g09uz9^7C#*B@aZkn_}2_ydw-26
zD+q!(ZHC)6$dYt8Kn;F4d$W5$P!tiH3{Va`Gwk}`@-ubugfBJ_zw9}3(sV)PDjCLy
z{qzNYgUjWYy)mam-sq}tVVm{Dc*p!zEE3*$o2lb&C^97#6KK5sX0_$<Nbj>u8pk1}
zU89CjN3?P_6{C3_zm*_M{=)`ka2TYJQn0f~;oxrHmjEEFi<U6~++YK9Ou+k&ijng7
zp0<`{CpvuAdu9r#!KDTD^x6Clqj@%P;QD&l>8rr@4c^%PFW`E#;aHmBDP*-4->H-`
zYpc*}nBgWlP(-ajwST&k==8;h&$;3Cq+~|YPK$Jgo8uj0qkwomBLyOvO~dw8)u~rk
z*0%SeDtee3)XxH!$C=3zvj~4RDY}6vIc+I5$bq2vXw~U(82xw~loEGV!E`2vI*mP-
zKiK`swxhq<vSi>^@8X3<!a(EaPSx5}fX~YUfUfv35J^Rhb-TSO^uNSX1GRQR#@k}M
z^~)+n)pULRzw_Ecm4&m#OEm^AgL_Af-Ik{R)8unoS*vt1QX%4<-QaVR)~3GrMl9BH
zg@!h35D$=0>;t!He?ec7jg7(3>}TF(Mbf|iEKox1MlwG!+U|7m3)0H_T`kFL=;H@F
zgwlgCC|g^=8Cg4+O%4<j(JE1p!vdy8j=DUPpZ2T#6aZG`9ja%67{=fqQu6m0Ms}W+
zYt%PKtW6HxtdFG>J195mYWi!TRi)jjIIM>`(S?7IqO3x0qRo-Z4ySB#@<N^zj4(t$
z4+Q*1f{0|f-LYHUE(%_4Kw0f~!af_UpM7eNx;hr$wtC34Vbh4Xa}LDqI5-%n1!Ymt
zG;u79BLzNI)ur*kYq67o7GU&TUQnasOD9y+wG~S+Z;ofckIT$VZ&iv)t|Ndrw)K|(
zf2ECzwb$T2l*U&N8<s9R82fYMRn=Y_gi}(K^Jjoz30PSMLWgpPZL_EISqWSo+e*2J
zR!vPC%F5y?A(fiIo8nKD!Zm*U>jH%m;q3^1!SW_N)hM;knqPU!rH^u@74c@%1nTEb
z7HYTSi7iBM*3+u<xR^4i^7*H3sR2@-|8FFtl^Ah5uX+8HzTNj&EDmKV@$o29W^Zwh
zi&t(*8UTNANi7iY>t!{E<#x*-QMbo>q%WWJHRZ}}oF<V?BRD&;RjTtxx8_Wud@cIo
z1r8s;J1U0w_;qAn=G?3Wg#^d4Y=wwmHRsBR+IiQQ#WscH2+hE*`I!EnfbGrkq*wkf
zgB0c{jtj@FPT`%+z6_>^ZA89xC@S+{r{ASSWO<ihjP{nJxYn%ITg~h&*U%2~pe&+k
z2u+;1!_Eo&jBQi(%uGeD(4{|)1S4O9sgd(}sUEC+3!SBTvC+R?jk(Ypywq%F&MTgH
zoB##jYu#Ix=l_k~0KSp|e7%{;;QG9u?>HcC))#R&0~!0kI{8)IgB&%ObKYooYi(@Y
zfZb(_5+0Y=cQapR^QhsH-RXj~vT9oO)NZqQ!=p*BFRXNp*$x~DhC$1KR(RiXs`8F$
zPGLFd&<2)JNP$%43s8CfNYmAutr1W9MK*`!M=>EQd5_-CEa164%c203OaG?vQzbxn
z4XIrMaQ<KOJNXue=AiSoSd1~Vfzh|E_D>5ngsS}jm`nP=TCsk2R<Su(?Flgx65oUO
zdhFA!Z#&<_ot-#wj=rT-^t&Jm4nf4B-~l?_@sLsNr}yE^rO7Wu|Agt%fV}I&OmRON
zxnd1Q-)EDi0#IlVEO?fv+$&Qyu#vDg49)^1n^*)f4&MwF<0N3D(#U~q3JD21YOv@Y
z)#5`k|JBuM0)sa8+Wh-ZaR|HHxZwH>@87bF8))7JCmnn?MAP%?;h#QZ8aG8Kb*Y3S
zZ+w;s?#lY%*ed~ea9dMk0-P|fjzyE*+TVzHSo;%s)#yK!eG=o-BCKXtvmR^E^ZA>N
z_J*Trj@=aW1wpN^XLvl)&H9o)Ch$f8>2UvJV*``)HkOB^8wm_NL#d&oHzGc2&1Hc=
z$5d+)hid`ni{vt1GS*Jk*_yj-e%3Y&9~#|+!)x@MK4*-k6ida0X7*4C?a;j*-44Ar
zogf^wK~^6kR{lfeFkdVtI;wxD{JK@f^iMB**QyMpNRzl-xb22^bNAan-%qq9pCvN6
z*uN<g4veba>eV%NZqzml9TtDy4iQ_Pao31RNeC(xva)+9DZW-^Aj0SKU{@R-Is|;_
z4&fWOWBwlK{D<CHx;fz&@s#Qk&XgiX)S!H%=3*kM+x`N*^*Ei<qce#pdu?7?msEJ8
zCBTf9|2V>Gu^g#t>=`^%Vi7QYKQjwOpO0~iB?-YYAs^9XsD6)9f`d*~v_0R^dy4ao
zPqm<c(jcjl8u9mrSkTDq$~)KT*dMXfn}bQ#d!||aPPeTeFd0<Z&VVE-^iK10avnpo
zsW3oq%m1eLzX*bcu+2l4m{Ax(Vf?mP!`h#BxT&15jN}bT`;TyswzK&(4$k+6r+F?p
zVg}2{Ll*o#CgjrbtvO#(FLtE54<rDWpStfV>ovG_Ay27Vs^!(X))Uw)OD<4K%=tr$
z!^3uB^NU2u9wl|vEU@ow7y@>E)GZ8~7IA1{D%4@A4DVYKBd-HD7zg>yzB6iTZoUS}
zSmeTNer5<R0QE)w56ERE<?7Rx_pIBbs<X4e?St|)E6s%05C#o{@pU?}rIvClZwZT)
zsrIaL{OkZFVoTt|2LI%W8-_WXwQ{(d-5JU~12T<>7$ND{JqE1ifbEv&xo?(s*$AHP
z?pbDNWo0teAn5!BYV>R8jAf(l^O^bMW-HReD19T&mr{Lrg6DUUxP0p)U6u_?#Ls7Y
zO-nNgN<iwAW9v<%-?Cr-lIh)Dsyz({hW~DJ>;oi1V5R6kOr^w+gs=xkWIW^BEf%kk
zj<OBfkB}t+o0WP!tvT#gnT$fs&U0u)n^!I?Pv{o&Ct~d4;BRpp6;<2u{$+Bz^?duw
zHT&a#ZT2{d4`WyBx=9`$2Ch5RS;x--(Lgl0$%Y}X<-Sx*n}>*Z&@;e~Oji;R-)5x$
zQ5-nx(#|$Ho2wjx-uAiFTxX(X&0J<Q;+)lQKWorKu&6BRSPGAbGS9c|CLF+N{@(a-
zg9bnqytQ=hyj~ZmCmB~ISto*n@B8YTYg&fVC=`J@PdRPUZ<E^#Ag`+3#cT)~sN{b#
z?j+}as<v}f2Wr%ogXoELwNyCL3h$QeUOVY{Zp`){Q`D{Rw^U4_g+E!#E(3{%w3uoj
zGx+Za>-17fg8A}-ybBFSCSBBHuwJhdZHyd|6A?6$wR_k`GOItmEFE?L<&;^}l-UnQ
zi75TCXhwVB9;W`W0t&in3f(itON7fkiJLG56D_kK0qgMOx|~+7l$-Z<Pfbg{E;80q
zotAPC#K6Xe@obF;MP<Y-ej8bj#iqmcCpPbf)s=W<*AFG5ruW@-PHbb1+1lo;&Q*?S
zMO`K!!wmly88+J1u$j-X=3ZE!a>tp^#Lt6k9cVC!ATyp6xvNn1?tEbyAv&pcU=a7O
z!=&iYigU=~zq-JgYk7T_o_O&?f9ldQkhp3_#JP4tAi_b(-n24}H@vwlpDHv6;UKDg
z;|N`GUPmDA)caxabba?;0-;WW55tbDbFS(1&l)dJ4QqehV1Ix2R)TKlg|hj@;MGca
z!!!C4A@5*oA|>LmE6tngDg3)My#4Zw;_m0j6?`;&;S9ud;p@D~4vvxX+n--MGnw2{
z7LK=XD<Wb)5^;=p3V(>=y!nL$o&_-$&V2tC-;i_jpvxG$MF?1V#6M*LdHIpSMHL!5
zJ~vPwof=t@0u@pj9~V`dwt6eoAWiT^i#xVX)|qjhWD_eUmmL`L#s)M-Q_E_lL4tPT
z371RX?+A?mZixHmpi@HffqOBen%b3ue17I2#{ZG<T6OWD<78DYd+oxCYRzYA7grM+
zrAf*euLYNPQLp9b6m*7Wxb5>Lve||nUdG06K~E<C730;ejyp_>^U)B&G&XW%>}<%V
z{B7tPu3jiH7I`|{X|<Op<e6jd?YeljB_lT^F?EdKA064FGVKG7IKb8AXWpG1f(!-5
z&R2U=?-OPVx2M8HEGXi2T(-@&E0v4Uh%{5fSx{k*S0NBqSOopP^(V>^CU>R*E=CN{
z)qjmEP8M|@NAzi*Zxh`=z_IAH`_#7_f2&_F;xy5kzVE#pO67i{8{r<&sDLTvK1+4m
zM@5f34xlkts;{mWzCaDu=}IRV35~#H!@n3xB>ARn?Qef<?O=GUy5Ftj#?-<*FN4p&
zQa5m1n6_AroC$5!I#oTiO@-*=eS6ZGhQMQ`R?Wf7jkLaAkgE1Ro<_x=+t}r(OB|Qa
zQRDpHan8*S4gsc9^>l>a!@^ZI**zDiL~<konahi+@hn>sMRKCe9#-q6cR-bDrz(R3
zT3Au1rc?&NQMN!T=0D36>5sLC2<Za1vtB5xAxn#Ug&|Ndq7nX-k2j-JC0e-LDUsQ`
z6EVgt#_x1Bc;d8xvV#XF>_X{kC7j|)YT@3tN3nT~x|k~_D<$DOafZ@cf?ZD*v|1*y
zi^phPx0RF^?yZFTN+1D4-|C5FBp8@-7R3B8gJXN?=;z^9^kyURfy69FHjO(J65k*3
z{4dkR=oW{n8gW{YKvwn$NZlqW{(pPb8Mi!5xnyfqtEw|0At;E4r+&p>MW~?`e*9xW
zCzCk@B^<^+m=Kc`5*{v<GiYw~lgAou8);q7DHDyV>nExf64E*(JT&9+x8dYxG;~_c
z%)Qg8U+3k*>}9`{LP7+;euo^e6R)&VhaSAJM$2`EYs2T^a+Zrriix2~3&6^SF-lTb
zheSQ`KK201_E7QF{*G8n1{7lGf3!va3{2_e_OGJal{io~!LE~uIJjGzHid+Soifx_
z5CzT|eG9<pjDr8fJ;Sc-DDHsWLdxqY1^6NG-~0g1I0_k+Wtl$`@N~MAFsb;QY;eQ^
z=V=z2t3#O1X+P6?Z8e+jIalLM50A?UqC&38%jpVz%c4vbD{5+)FL*otOc%W-Pf^>%
zf4);>cQ0KFbGOn$9=U2={iX_~A7<(wW*<BuE`8FA@?Nr?bvn6U`8=y#&B@LyC=%Z<
zZ8E*Zcbc~^F+xKz`tCa0>DtUm1;ce3d9hx<hLz1i%t!6}8Q?b0=j;_>pgoRcUiL0l
zBwvFD&8Dv^k~n08K;uav6l6fzJDZr~{1Nxt9HDIb;1Mfoun~&#DS+nF02}pR;JC2v
z+44|t>8d^BAdt*(yhugl321g56v;$R{^2<XWB{wG?8||l0vUR>=eQxDn~OC4xHp%G
zsWsUO*XV4KKfjobd)wyuc)m52fTsAxd<xA}x{+!C7t47U@mtHc@%-|arXD@BHW}9q
zq^aNPLh^ZJB;bcYYQkVVv@OQ&r1>X#vgMYCn}b=Dld5(|^xD_qV{Qf@L#dE*-cE6M
zu<JS?NYKy2e&GarJi91nq<F<li5Rw%T{ANambH}Jc9$|*BeQDm1gN=C8XqFKJ}-0~
z8)~rCc%lLTQK5T?xm*=oFwz=I{s<Vx^yrjG1;ch{L|utYtL@(H>ZAq^W=h2Kb33nt
zyq*oH&}p^d8}KUGW0z#+8%3C4kH+C@%#{@JBm!%riRhs7nOa0#!q{hbzk)<wm6uY5
zs__>6nhA7hme3k&%_D$%rMSF`k|^|UgFdhKZ}oh0k(vVD<!O;H-9vY${os`}E@JXV
zmk!{<7V3RT>+DT(J_Og3=>&z_$YX~4bqEhr36YTiP{kMSWEuclWxj>g|AMXZfB$wM
zWx7ifQLA|Lul=Y~4vpN~*NW!}$El+-50kx5kfj9Kby-+=w_X=;bLknt<A2b*t{%1%
zfxQ;^{y7vi^p=+c%dV-IL_KT6#*Ba5_$zf&XwY37{6(wF``Wn8$dg~w>cc=$;Cx&5
zvfOBL=c#t3F{U`U#a|A0stPAdI?`RtXYUDp+qFwRN~YWz&#Cm<OT5!9L9gdhR)`bo
zJOO~<BPnlt|MxM&O)V7`$KL(J>73_<?~Q1;$^Aq5Ont87vOaFR+AL6Ny1by(?>>|D
z;5ubn=O%0Vf-FFk87wIw>M?x~EG{MZMGefi(;o$U-As2S0Y!pWmHlgf{{ZT2n71ia
zzU@t)Ku&O5$<-9`V?sQhMorfzKM0}|<hp0Zr$7FtWt0o~v!~yuc0{bJ!rsD7li;j0
z5`*O@3R;?0d&A>dE-Osm6>UyHev@DdO%pFSwcb)D)1M*rV#b|h&Xvsx8CyZVLf|Cp
z(d253D7PvVoMc$@>fgf5ML*J|atFp`LqyvheZGJWIJXJcy`%2L>H8Gu+317}{OGE!
zf}oFDqD}jA|D>_aE6`K0<<kFRMs7gedUHhDmH5=j-yVxTiU$~Ct<liq!w*(CrZUFl
zR~?`776{!QR+8Dwg0bkOW>~*KX#$q2?cINO3QW%4%-zGndbrDngbMHX7!K5^uAjhP
zUrDbF&HxqITLR8-ECSDu4a7Ti;LygH(<#-$X+MwU3vads!Q4*1T`rw>&b8^WIF+eK
zmN4Jy%ZFwx25AS;S!(Xe9x9v@(~Mj-A~c*UUs`G{16?qg`iAwz)N^Um9>l5BTWIXX
z;xa|ysu}5PhV*GaoB4LlbMo@Jra7PmNwVc`i*5?$n`^Yca1C7R{Qk*}yIKX~K2!21
z^Y`Jg{)9FGi@$x^qjekjg&DK<z}*5b&-qyaSA>%$^#U+38YMod+uiefQF6<53u`JL
z-|byY2Tge!8MLtdO5)PR(sQ6@OswMBX*>sy`wR>Kfvix2PdI9R$C^0PuCHWWP010W
zpEl+2)9SP)+|a2ai+R<8ypJ5p2<R*gRCuYGF|Ajp(4Vo338b0KrDPw^xqK))<)7HS
zky`J!Rr}C{RjEjckrV3n!)X?@{mKh4Rmt%a)Gsdl<+K8h2hrD_pl%6De@bKPO?~Pl
z8eNU>upn0GcH$Eo2rK<Q`AlGExU92X2CFPm596$(_{rM?{&2(_^*F=zPJp@oY2$~Z
zhTBJ@;d^KW!bV93G@4AWApC;m%1<D_q2-4J*L7T{Qnm2c7xmE8A=m`P=oQ(Zn?r+D
zCo@v1kKkF7&G!KpFb}({ul`YOPv{LBOh*x<ZT^F5K|)<-6-}e%Y&&{}uy5@_ahAP&
ze8XNl>gpPd0QRt4qC#A@2fCa_d*n&#M*A%tjPmh%M>3bMbb)&DFH=Vk?yT$+r|#wN
zpo)4Zu3Kxg^v6}rR+!P@#o!^_QxA#*xjN*P`b;=8Qq(AV_}zSF6@?>^ZTCTq%TvJq
zeN_o<hbT~~FMMiFPXVSodc-zhO1VaJh}Mw`Rx5%KxtEFR;?T{J2}(a`&gfnGX4vRh
zlsUw2g@!m7R=IRbh}2wZQS&64iCcAQ2lv#*LPXylONLr4)LQsdI7c8Fgs%PKdj>Vs
zOeu%Td=ZYt{~%YTUabFmL06Z3qSiY0LUF2{TcjMzV0Y(e;*w<iSi$#jpxNX{EVlZ=
z-KjVG_F?2FYj3l}gBw3Ph1>IURE1k-o_<=W7K?|R2Yj(osZz-%s`Ku|yz=OJ-9CPg
zDtPb-1Vcr8t@f+l)m=!D=8`n-gr#chgV)ce7U)<yj>xqeB536$+fKP91`m@=WP7Xa
z6Tg?bgIDKjk<CDtO;;-hmfcTr9`waG>B1RUFb=Z*0LW$3MG1ah)e3IA+2i|J`5&!w
zdB>TaT?cX!oaqm)JODWVHD{zG;zF55yMYUDDlh4=N>{5Vby`0MzA+L1`c*LV3|>4Q
z`8<$4EQjKl#|Bb&IBj=^BwH)3z}^vp`IHAU6KO?xhqWT>{<J7}j`<a$uGnzE_*0PL
z2Lc~5Mj7=Zat!j?ewA>$HWvERl>PEF&bU>L(hlXK=<fzr`j`Vu{?d&I{5%zn*k32^
z+n(B$t+qHuBHBFZYxheL4`y~I8fE-?Fez0~%Zjw&1h%yn>&@=YXIBkYHpuRkpBtUK
zHw{F0cU`kd3BflWtJ-{@#=D26fOeuInqAdUw5y3|Lys|^x~Pu%IN!Tmjr8I-sI~>S
z9mS@x5bu;y$M=G3?{(MEMWATa`)ap?L&h5=Nnvw0XS?+I!ACMo`Erzp6<&LxM!sg!
zoRII;@3dKL{j0Pj!GCo_c2{><+I>=)a@n9U+-_Wn*|PGTttkjmud8-e)h-%9NEH{l
z-1VM%mWsNz2=8@gnO>Ip?XyIzX52ArW+Zc+&8b5);#K27O~3D}SM~Gj`VC2A9uj>A
z$&uH}6G6Zh=?VHGeVcZh?yQGkw^g~HVh|Dg*k!g><45Lsmt~*HyS7zUy?(k`7~XVP
zRR(HU1RxXUT-}7L*S>SNcxH&7UQ6ZVQxD|1xgU<=p6<mV=uV~GdHGIHL|+Id-)i8_
z>jZPn2Kih}!aZcamdm+fC`T}V8V*SDL@BR&`I2z4VsOAoI)G$uTM24^MH3%GtCEM<
zU<g=^$Z9y3_<!q9?bxw8rI~I3Sq3fp^v$`{v91)bS2$z5yc`JS<fqzlX-#~C8!I(u
ztF~4`i1+&qsdPX6ZO2%5PE{HY4<6kZkzfN$7y`a-_O15Iw!UY&KQP@lK({a++a!~t
zIuZH1Otj5Pd%V)rz}d)4^JTet_58q{;2`<6tKt?aswK^#h6<+VBKQvuvFL7H+mlLG
z6qjhKXRDsvD{`7&Q+tN{vGkB`<&bubqU*8-%h}7IB9f96-`z9u3!lqD3R7B-qblL(
zx;M2KZVcbYM@j6r&J^Uu;j5emgT`!ayw???%w5;Alm@lg1Y;^p6`qy0x!TF)^M1Rh
z0)uI>K-B2-9c<F>16PZ(xtG@C&sH9<vf2hbQ@@eOZ!GhQBUCoqZc~NZ*sgzLu2Kn)
zg$b3;aQcrf^dAqdmMj`$^aXVvWUY{bU$CeuwU5!5XF6vawxI?_8q)z>1G<4R@B2_9
z&j~jlhrJG!A6eSYyx9~`2adBRl6o@qx6k)NViS@nFC4pz*5jW`>)c6{mEyh{-5zYK
z-44z=(Py0G>A}DY84Vlt$+UtvLTbLk&^{bxTp3dHBvb#ekul(E#F_C-(ObSrD6nf=
zKu5*(HEJnCDGt;Q^W-Yjj}$T7Qc>&|zo4e>Rw@Z^-0(0A6TKd<G(tx9)#BTI9d?1h
zf#%SQS^T|KOG9o6R%vfnuKq+=<#dT|v08&O0Ts8TvqLQ+CX!`TW5|qJ9H4;6YCiW)
zPcOlPSDWQ(v(h!}=hvAddZ6P`B1Sfbw00~Cd6%xq(L^;zTfI!H%9e>2qe5@nyGnuC
zjV3-Sq(|BhVk6M!`Rmq@z3qr<I?{`x1<SL%ztuvuXV7A%;gfblyv_@v{1W^xAp1)$
zDE{dW<GGMRI{WAmb$1wn_x4D{d!9xCe6sWWIHD24mP#9%7424({dtiLu_8r=k0_7K
z-G7W&p7xR8MwQ*%(}-2nj9#lC?51l9rn1~X=_jk8<L;#54T;?@>W!=Wl=Jb`SE9uT
zKIq=Lh@!4_s*3J1P0v}|d^{&I*Jrz79VwJi5>@js2?o9P`a1g$6^zsG6#Ow%e`wO_
zBA#k~A{90?i9YLb1;;;GfkYw_=w`tyyQSHJbi(Hg+9tNzSW(2VIr1QnghnXn?OqLm
zNeV_CF``aD5L38^REqJ|$JtkAq4_0!Ec```IhP2n2?#A-Ko84q3BJ=nCxV!o2_++A
zRhMoaPeF@ACq2)Pfo6>#>lhmF_3uM!=oFbg#XJnb>{gru_Z%57uUge9?8wp*BDyl5
z#o%aS&6I!na!&bL(w=#v++*iD57{>?AoU%5+phBa5cAv!J{kjJ_lr&O;cNEDspis@
zg%eBiEtbMYabUo%(%s8e>udSVF1-jl()IHyBdvG<b$@{l2U3XsKCguT3M2x8kbnKi
z%ZqWqucWgz&%I9_CZAnp_<K;L(IO)!L@-gp?vM%auzV=j9mLaDsl&uMA7Wlb8y<ae
zX*WDn%6@EBb#!8^COw6xu{&ZX;g{+hy5@bY&~8h1;WG-D8E2}^ue}gcbS@;t<-1?-
zSgJU$)`E^`$yXrqGi#EN-x#zR_BUzc6x%xB2#?GCwyWQU$Z*1&Y<Fm&eEw}-Q=AiX
z-klT8N(XBoD9k%yv&H?YZ_+p+Qt>8D#_y@ULm3)fv(PMzfKsrzIzq8^^VwJ-W@kq%
zmcN2pGhg4K0$N!WS8WFm)J=!DZP0h8I)RfsuGFf4#=K8nOB+0f_HssF9S&9hZGDuz
z-qNp8jv0FQ$BptKo51AB2c!(G%^%nVL!sUQ@D@5@!(lt<`&cTYLwp|JunmuR$dL)(
z|MhbW)=Z3;k$6G;vrHq~Qzb!dAim=P&z-nIKrv&U*tH)uY-qp+b0TcF^?IZED?=bA
zBqVB^RVbR!em@HxRYM=gy?*YK<HOmF^jw7n@76$8zPOchD&MX_n+Da{mHK=n*q87B
z{TU)%L-U~=rEBKC^whrmxd>&>+yb3YcM^VAH0@Y(t!%L0t@tr|^?B4TC!OlSBRAbR
zSf(JDlen*iJJ!@`NsQ<6^Cau`9??^i9n_7rhT@j1jH<za9Kj?7&q-0}H&TAkUq2#<
zXQBLYk$4|h88nWNoLkCtKbj<rd_gXnM)j_Vjs|i9AeE7b-4WvSUhAS9h|$TQoAvN#
zYd(cY0#TX3#$Hma9+FzSX^@Jqx{?-no2yj|O1z%%mWno4e&^%yEKI&kaQvKBoi>l{
zE6?8I@32KTmFRa+fBn>xznwP-pY7iD%cx@{Dt#@#6V5XxD8K-M3Na~X6bpv7gGf64
zj53L$RE5a*$ip8)VLybKk`y&po%!${_KS~6OgdY4Lw6bt`ZgOJI=qtCy`f5l`}H6}
zG}~W~N-7r$=^{-yz!VIGqw7=KHxPtrg`Z=-Q-IkqGM#nCoriuZkX~@=Slm3l%;Bmf
z`l}51Fv|Wh2gzH}x7@edI<cL@A574gw%N+sD-XT*SJeia8F_~03b-T?`(d@Z>U#W*
zxhUy~awGn~x%$Roeu(#FP{JJfB7?6Tlk_d6i8^7eLSw%a=|!-ZNPmeEZqE@tJv`V)
z8>8YCitR?am@Q$7{Z##{Bm&QAV9nHs-!T2;qoliTykP_}!9uGXJqbLZ8A9S6Wzu%O
z#ebjv5wvR5{BD1LDyBnFh++45Hd>9SUA~LvpXeU_T?V9s7HntrdNLo>gzpNP5v1X>
z6`vkEe4*Gc5#1f6Dc(8kno+<~t+c`RJdCKnZxjd!bCLZg@ge;c`+XKXD|K~9c6aUa
z)JsXKMrP2-#Qym>l+ozRngR$ySgUKhYE>C^wpbD8wB-&2`tSj5d+4tM06g!J$Poht
z3VK-!mb9<B(zM*m=$=79V-ybz#yN0XH&iM|H35vVOkL1BThxKyxdhFOXh1=mGt`Cb
zuS|N6d=||g0+jt{NqS}1Mr=1@e#Xduc3cmrymqY1I+@0U9&ix@`Tl9x45~O=PKZuR
z&s$@#J@VX}&W+6q$NC$gM<L@9`Qs+F8>~L`@UfvWf{A(|6IY1Wz1;8xyOSfc-<+~O
z)+%7#mfK(ho$Ec3TeVvqQhy_lC}dm#e;mr|!>+5#rk`wTI?;aRM-wIoFk=19v;#Fc
zR!Frjl`ZK@@2<#imqa{k=rX^{EF$+&dPxWgf7vjcivPtf01^a?NNMXsxyx&Qqk6Y>
zc$$h&0%$=*)3wku{4x?E=9bc^?}X%9U*xbFO>=x+I`8^bv^36C?_g|(u$o$dA|A|N
z?F{hD4g3rUNM7bOrJ+r~Cn$ruLzf+&hPu>On{uYL^3#BAcb`wLl8)@j>u9T)i~cBG
z!su*+C5;p=*T)GCIF!FhQv;ZXDB(cwLcJqbx~JnunRMRG3#x6WNsVEROqDQ|;NPi7
z6M+FQVuUoG&>q=Jds^X&ZFa_Z6A%z_QT@m3mi-SOZ;`|lU0J8eNYQ`%)kb_50P&I`
zZdZLN%RBYD0rz^a^qFuSCPScBMWdN647!N_fryV126;|Vwm!by?WEMx*#xE<V!RF2
zVL=4OM3*YG^ZGI|lHL>I`AWRqCy>t+7(hW=7su;%`emx5hX5Sfex2u^4wESTXBRAM
z^Zn~`6N0tp71oU9$^qp@O*j%z2@aO8TM0H_2>acw#X@Ufoe?GZ7ln{R2J=uM<osH)
zTn$d(an4eEWaCLbtk-M4PXwso`#RVLbRd)pSkf2}{>y&>7I_U1#7mEehk0|v_dQ_n
zrDJ2;dws57F;ZVg63Pdd8*(slWC3!sK|iH&NTL`0CHqsh4gRV_cPQ`Mkb(m;Pxu@#
z59=&COL^RFukOT&Fl86;7S(>wbQm??%7ZGl4dika$j%c?_*CbbZ9f263&v9PhrP#*
z>c2|H0Q~zlpsh_ON*PRHv~NgQRFs^Smkzb+6RV+ScSiG02w#da`<CssQmZaH<;X`B
zNEl%$oALLDxvS%6XP<>dg$aX;{aRo3IfVYAQa+60zosC&81HZH#{S7F1E>E={2p2u
zMX!?PFW>)%VxJj<P=jBdZrGjwzVbQd9e7sA=Xtb$VjMt{J0{>=-d^shTz_9l{PG<%
zE}VE2`p;JRJJ?ea@GibKo{_Y_uSk&s?E=J7P9p!zEq>686!5N$Rs3C<zps!Z17kEu
z<W0o?Y?%n(dz16~?2TGS*;D*|1qBKymO;j9$NW|3f#>ghD8KlxcI$c@V*kDp0tVE9
z{rgM*%C@)XKN-Ng9xfL*m;PotzWfmeNJ-vdsQP!}uZ;rldcHrlJ^A~}|L<)1^ZH@z
Y0)|_fD839B9epP*A|qTX_|^CS0J_&Cm;e9(

literal 0
HcmV?d00001

diff --git a/templates/openfaas/config.yml b/templates/openfaas/config.yml
new file mode 100644
index 0000000..8afc950
--- /dev/null
+++ b/templates/openfaas/config.yml
@@ -0,0 +1,7 @@
+name: OpenFaaS
+description: |
+  Functions as a Service - a serverless framework for Docker
+version: v0.0.1
+category: Platform
+license: MIT
+projectURL: https://github.com/kenfdev/rancher-cattle-openfaas
\ No newline at end of file

From 9e464b4340dbc712f5f536d85e00e40d22cdb9d3 Mon Sep 17 00:00:00 2001
From: Ken Fukuyama <kenfdev@gmail.com>
Date: Tue, 19 Sep 2017 22:16:25 +0900
Subject: [PATCH 13/71] updated OpenFaaS meta data for catalog.

---
 templates/openfaas/0/rancher-compose.yml | 7 ++++---
 templates/openfaas/config.yml            | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/templates/openfaas/0/rancher-compose.yml b/templates/openfaas/0/rancher-compose.yml
index 667cc8f..444c4c3 100644
--- a/templates/openfaas/0/rancher-compose.yml
+++ b/templates/openfaas/0/rancher-compose.yml
@@ -1,12 +1,12 @@
 .catalog:
   name: "OpenFaaS"
-  version: "v0.0.1"
+  version: "v0.0.2"
   description: "Enable Rancher as a backend for Functions as a Service (OpenFaaS)"
   uuid: "openfaas-0"
   minimum_rancher_version: v1.5.0
   questions:
      - variable: "CATTLE_URL"
-       description: "The v2-beta Rancher Server Endpoint"
+       description: "The v2-beta Rancher Server Endpoint. e.g. https://try.rancher.com/v2-beta"
        label: "Rancher Server Endpoint URL"
        required: true
        type: "string"
@@ -21,7 +21,8 @@
        required: true
        type: "string"
      - variable: "FUNCTION_STACK_NAME"
-       description: "The stack name faas functions will be deployed to. Don't forget to create it!"
+       description: "The stack name faas functions will be deployed to. It will automatically be created."
+       default: "faas-functions"
        label: "Functions Stack Name"
        required: true
        type: "string"
diff --git a/templates/openfaas/config.yml b/templates/openfaas/config.yml
index 8afc950..7a2609f 100644
--- a/templates/openfaas/config.yml
+++ b/templates/openfaas/config.yml
@@ -1,7 +1,7 @@
 name: OpenFaaS
 description: |
   Functions as a Service - a serverless framework for Docker
-version: v0.0.1
+version: v0.0.2
 category: Platform
 license: MIT
-projectURL: https://github.com/kenfdev/rancher-cattle-openfaas
\ No newline at end of file
+projectURL: https://github.com/alexellis/faas
\ No newline at end of file

From 784f50b2099bb49fdd7cb1d8fdb5062d87ee0e01 Mon Sep 17 00:00:00 2001
From: JD Trout <jd.trout@stepsaway.com>
Date: Wed, 27 Sep 2017 10:33:05 -0700
Subject: [PATCH 14/71] Update Copyright date

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index be5b888..5bc0397 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 This catalog provides templates created by the community, and they are not maintained or supported by Rancher Labs.
 
 # License
-Copyright (c) 2014-2016 [Rancher Labs, Inc.](http://rancher.com)
+Copyright (c) 2014-2017 [Rancher Labs, Inc.](http://rancher.com)
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

From 51b5a6d09dcdc7382ee73d632b583414ed7789d3 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Steenis <mail@superseb.nl>
Date: Wed, 4 Oct 2017 12:29:28 +0200
Subject: [PATCH 15/71] Newlines breaks yml validation

---
 templates/es-cluster/0/docker-compose.yml.tpl | 14 +++-----------
 templates/es-cluster/1/docker-compose.yml.tpl | 15 +++------------
 templates/es-cluster/2/docker-compose.yml.tpl | 15 +++------------
 templates/es-cluster/3/docker-compose.yml.tpl | 15 +++------------
 4 files changed, 12 insertions(+), 47 deletions(-)

diff --git a/templates/es-cluster/0/docker-compose.yml.tpl b/templates/es-cluster/0/docker-compose.yml.tpl
index b917a34..700ce3d 100644
--- a/templates/es-cluster/0/docker-compose.yml.tpl
+++ b/templates/es-cluster/0/docker-compose.yml.tpl
@@ -4,10 +4,7 @@ services:
         labels: 
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.0
         environment: 
             - "cluster.name=${cluster_name}"
@@ -38,9 +35,7 @@ services:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
             io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            {{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.0
         environment: 
             - "cluster.name=${cluster_name}"
@@ -71,10 +66,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.0
         environment: 
             - "cluster.name=${cluster_name}"
diff --git a/templates/es-cluster/1/docker-compose.yml.tpl b/templates/es-cluster/1/docker-compose.yml.tpl
index 5aadb0a..a8802e0 100644
--- a/templates/es-cluster/1/docker-compose.yml.tpl
+++ b/templates/es-cluster/1/docker-compose.yml.tpl
@@ -4,10 +4,7 @@ services:
         labels: 
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.2
         environment: 
             - "cluster.name=${cluster_name}"
@@ -37,10 +34,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.2
         environment: 
             - "cluster.name=${cluster_name}"
@@ -71,10 +65,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.2
         environment: 
             - "cluster.name=${cluster_name}"
diff --git a/templates/es-cluster/2/docker-compose.yml.tpl b/templates/es-cluster/2/docker-compose.yml.tpl
index f4706fd..5356a0b 100644
--- a/templates/es-cluster/2/docker-compose.yml.tpl
+++ b/templates/es-cluster/2/docker-compose.yml.tpl
@@ -4,10 +4,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.2
         environment:
             - "cluster.name=${cluster_name}"
@@ -37,10 +34,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.2
         environment:
             - "cluster.name=${cluster_name}"
@@ -71,10 +65,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.4.2
         environment:
             - "cluster.name=${cluster_name}"
diff --git a/templates/es-cluster/3/docker-compose.yml.tpl b/templates/es-cluster/3/docker-compose.yml.tpl
index 9139827..d56afb5 100644
--- a/templates/es-cluster/3/docker-compose.yml.tpl
+++ b/templates/es-cluster/3/docker-compose.yml.tpl
@@ -4,10 +4,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
         environment:
             - "cluster.name=${cluster_name}"
@@ -37,10 +34,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
         environment:
             - "cluster.name=${cluster_name}"
@@ -71,10 +65,7 @@ services:
         labels:
             io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
             io.rancher.container.hostname_override: container_name
-            io.rancher.sidekicks: es-storage
-            {{- if eq .Values.UPDATE_SYSCTL "true" -}}
-                ,es-sysctl
-            {{- end}}
+            io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}}
         image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
         environment:
             - "cluster.name=${cluster_name}"

From 0baff5b2f593481d76d78bab7264f78c6f9e9e7e Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Fri, 6 Oct 2017 20:12:23 +0800
Subject: [PATCH 16/71] copy aws-elbv1 previous version

---
 templates/aws-elbv1/2/README.md           | 15 +++++++++
 templates/aws-elbv1/2/docker-compose.yml  | 14 ++++++++
 templates/aws-elbv1/2/rancher-compose.yml | 41 +++++++++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100644 templates/aws-elbv1/2/README.md
 create mode 100644 templates/aws-elbv1/2/docker-compose.yml
 create mode 100644 templates/aws-elbv1/2/rancher-compose.yml

diff --git a/templates/aws-elbv1/2/README.md b/templates/aws-elbv1/2/README.md
new file mode 100644
index 0000000..bc7a9c5
--- /dev/null
+++ b/templates/aws-elbv1/2/README.md
@@ -0,0 +1,15 @@
+AWS ELB Classic External LB Service
+==========
+
+#### About ELB Classic Load Balancers
+The [Classic Load Balancer](https://aws.amazon.com/elasticloadbalancing/classicloadbalancer/) option in AWS routes traffic based on application or network level information and is ideal for simple load balancing of traffic across multiple EC2 instances.
+
+#### About this service
+Load balance Rancher services using Elastic Load Balancing.
+This service keeps existing ELB Classic load balancers updated with the EC2 instances on which Rancher services that have one or more exposed ports and the label `io.rancher.service.external_lb.endpoint` are running on.
+
+#### Usage
+
+1. Deploy this stack
+2. Using the AWS Console create a Classic ELB load balancer with one or more listeners and configure it according to your applications requirements. Configure the listener(s) with an instance protocol and port matching that of the Rancher service that you want to forward traffic to.
+3. Create or update your service to expose host ports that match the configuration of the ELB listener(s). Add the service label `io.rancher.service.external_lb.endpoint` using as value the name of the ELB load balancer you created.
diff --git a/templates/aws-elbv1/2/docker-compose.yml b/templates/aws-elbv1/2/docker-compose.yml
new file mode 100644
index 0000000..6af3d03
--- /dev/null
+++ b/templates/aws-elbv1/2/docker-compose.yml
@@ -0,0 +1,14 @@
+elbv1:
+  image: rancher/external-lb:v0.3.0
+  command: -provider=elbv1
+  expose: 
+   - 1000
+  environment:
+    ELBV1_AWS_ACCESS_KEY: ${ELBV1_AWS_ACCESS_KEY}
+    ELBV1_AWS_SECRET_KEY: ${ELBV1_AWS_SECRET_KEY}
+    ELBV1_AWS_REGION: ${ELBV1_AWS_REGION}
+    ELBV1_AWS_VPCID: ${ELBV1_AWS_VPCID}
+    ELBV1_USE_PRIVATE_IP: ${ELBV1_USE_PRIVATE_IP}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"
diff --git a/templates/aws-elbv1/2/rancher-compose.yml b/templates/aws-elbv1/2/rancher-compose.yml
new file mode 100644
index 0000000..a654e5b
--- /dev/null
+++ b/templates/aws-elbv1/2/rancher-compose.yml
@@ -0,0 +1,41 @@
+.catalog:
+  name: ELB Classic Load Balancer
+  version: "v0.3.0-rancher1"
+  description: "External LB service powered by AWS Elastic Load Balancing"
+  minimum_rancher_version: v1.1.0
+  questions:
+    - variable: "ELBV1_AWS_ACCESS_KEY"
+      label: "AWS Access Key ID"
+      description: "Access key ID for your AWS account"
+      type: "string"
+      required: false
+    - variable: "ELBV1_AWS_SECRET_KEY"
+      label: "AWS Secret Access Key"
+      description: "Secret access key for your AWS account"
+      type: "string"
+      required: false
+    - variable: "ELBV1_AWS_REGION"
+      label: "AWS Region (Optional)"
+      description: "The region for load balancers and EC2 instances in this Rancher environment. Defaults to the region of the instance the service will be running on."
+      type: "string"
+      required: false
+    - variable: "ELBV1_AWS_VPCID"
+      label: "AWS VPC ID (Optional)"
+      description: "The VPC for the load balancers and EC2 instances in this Rancher environment. Defaults to the VPC of the instance the service will be running on."
+      type: "string"
+      required: false
+    - variable: "ELBV1_USE_PRIVATE_IP"
+      label: "EC2 Private IP Lookup"
+      description: "If your EC2 instances are registered in Rancher with their private IP addresses, then this must be set to true."
+      required: true
+      type: "boolean"
+      default: false
+
+elbv1:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 2
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

From 33772f4f22416b7d2e34c37b2907e8a44e84dcba Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Fri, 6 Oct 2017 20:13:18 +0800
Subject: [PATCH 17/71] fix aws elb issue

---
 templates/aws-elbv1/2/docker-compose.yml  | 4 ++--
 templates/aws-elbv1/2/rancher-compose.yml | 2 +-
 templates/aws-elbv1/config.yml            | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/aws-elbv1/2/docker-compose.yml b/templates/aws-elbv1/2/docker-compose.yml
index 6af3d03..df5e3f0 100644
--- a/templates/aws-elbv1/2/docker-compose.yml
+++ b/templates/aws-elbv1/2/docker-compose.yml
@@ -1,7 +1,7 @@
 elbv1:
-  image: rancher/external-lb:v0.3.0
+  image: rancher/external-lb:v0.3.3
   command: -provider=elbv1
-  expose: 
+  expose:
    - 1000
   environment:
     ELBV1_AWS_ACCESS_KEY: ${ELBV1_AWS_ACCESS_KEY}
diff --git a/templates/aws-elbv1/2/rancher-compose.yml b/templates/aws-elbv1/2/rancher-compose.yml
index a654e5b..9a3a68f 100644
--- a/templates/aws-elbv1/2/rancher-compose.yml
+++ b/templates/aws-elbv1/2/rancher-compose.yml
@@ -1,6 +1,6 @@
 .catalog:
   name: ELB Classic Load Balancer
-  version: "v0.3.0-rancher1"
+  version: "v0.3.3-rancher1"
   description: "External LB service powered by AWS Elastic Load Balancing"
   minimum_rancher_version: v1.1.0
   questions:
diff --git a/templates/aws-elbv1/config.yml b/templates/aws-elbv1/config.yml
index 9aec5d1..bb9feca 100644
--- a/templates/aws-elbv1/config.yml
+++ b/templates/aws-elbv1/config.yml
@@ -1,5 +1,5 @@
 name: ELB Classic Load Balancer
 description: |
   External LB service powered by AWS Elastic Load Balancing
-version: v0.3.0-rancher1
+version: v0.3.3-rancher1
 category: Load Balancing

From 76b203521d0bb9924ffec113a61d7d7e4f7c580a Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Fri, 6 Oct 2017 20:20:28 +0800
Subject: [PATCH 18/71] copy alidns previous version

---
 infra-templates/alidns/1/README.md           | 40 ++++++++++++++++
 infra-templates/alidns/1/docker-compose.yml  | 14 ++++++
 infra-templates/alidns/1/rancher-compose.yml | 48 ++++++++++++++++++++
 3 files changed, 102 insertions(+)
 create mode 100644 infra-templates/alidns/1/README.md
 create mode 100644 infra-templates/alidns/1/docker-compose.yml
 create mode 100644 infra-templates/alidns/1/rancher-compose.yml

diff --git a/infra-templates/alidns/1/README.md b/infra-templates/alidns/1/README.md
new file mode 100644
index 0000000..dcc201f
--- /dev/null
+++ b/infra-templates/alidns/1/README.md
@@ -0,0 +1,40 @@
+## Alibaba Cloud DNS
+
+Rancher External DNS service powered by Alibaba Cloud DNS
+
+#### Usage
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.
diff --git a/infra-templates/alidns/1/docker-compose.yml b/infra-templates/alidns/1/docker-compose.yml
new file mode 100644
index 0000000..7f468c3
--- /dev/null
+++ b/infra-templates/alidns/1/docker-compose.yml
@@ -0,0 +1,14 @@
+alidns:
+  image: rancher/external-dns:v0.7.4
+  command: -provider=alidns
+  expose:
+   - 1000
+  environment:
+    ALICLOUD_ACCESS_KEY_ID: ${ALICLOUD_ACCESS_KEY_ID}
+    ALICLOUD_ACCESS_KEY_SECRET: ${ALICLOUD_ACCESS_KEY_SECRET}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"
diff --git a/infra-templates/alidns/1/rancher-compose.yml b/infra-templates/alidns/1/rancher-compose.yml
new file mode 100644
index 0000000..8e4270e
--- /dev/null
+++ b/infra-templates/alidns/1/rancher-compose.yml
@@ -0,0 +1,48 @@
+# notemplating
+.catalog:
+  name: "Alibaba Cloud DNS"
+  version: "v0.1.0"
+  description: "Rancher External DNS service powered by Alibaba Cloud"
+  minimum_rancher_version: v1.6.8-rc1
+  questions:
+    - variable: "ALICLOUD_ACCESS_KEY_ID"
+      label: "Access Key ID"
+      description: "Access key id for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ALICLOUD_ACCESS_KEY_SECRET"
+      label: "Access Key Secret"
+      description: "Access key secret for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone (domain) managed by Alibaba Cloud. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+alidns:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

From 9e4ddb74ae48e6fea4b063998ea485beb980b6dc Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Fri, 6 Oct 2017 20:21:51 +0800
Subject: [PATCH 19/71] fix Aliyun DNS issue

---
 infra-templates/alidns/1/docker-compose.yml  | 2 +-
 infra-templates/alidns/1/rancher-compose.yml | 2 +-
 infra-templates/alidns/config.yml            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/infra-templates/alidns/1/docker-compose.yml b/infra-templates/alidns/1/docker-compose.yml
index 7f468c3..478af9e 100644
--- a/infra-templates/alidns/1/docker-compose.yml
+++ b/infra-templates/alidns/1/docker-compose.yml
@@ -1,5 +1,5 @@
 alidns:
-  image: rancher/external-dns:v0.7.4
+  image: rancher/external-dns:v0.7.5
   command: -provider=alidns
   expose:
    - 1000
diff --git a/infra-templates/alidns/1/rancher-compose.yml b/infra-templates/alidns/1/rancher-compose.yml
index 8e4270e..1e6bc62 100644
--- a/infra-templates/alidns/1/rancher-compose.yml
+++ b/infra-templates/alidns/1/rancher-compose.yml
@@ -1,7 +1,7 @@
 # notemplating
 .catalog:
   name: "Alibaba Cloud DNS"
-  version: "v0.1.0"
+  version: "v0.2.0"
   description: "Rancher External DNS service powered by Alibaba Cloud"
   minimum_rancher_version: v1.6.8-rc1
   questions:
diff --git a/infra-templates/alidns/config.yml b/infra-templates/alidns/config.yml
index fb9788c..3dfc3be 100644
--- a/infra-templates/alidns/config.yml
+++ b/infra-templates/alidns/config.yml
@@ -1,7 +1,7 @@
 name: Alibaba Cloud DNS
 description: |
   Rancher External DNS service powered by Alibaba Cloud
-version:  v0.1.0
+version:  v0.2.0
 category: External DNS
 labels:
   io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

From 3dd3418f1d923be71bfd69f43db10ded487d395d Mon Sep 17 00:00:00 2001
From: Aiwantaozi <michelia.feng@gmail.com>
Date: Wed, 20 Sep 2017 18:32:05 +0800
Subject: [PATCH 20/71] add infoblox dns provider support

---
 infra-templates/infoblox/0/README.md          |  40 +++++++++++
 infra-templates/infoblox/0/docker-compose.yml |  16 +++++
 .../infoblox/0/rancher-compose.yml            |  63 ++++++++++++++++++
 .../infoblox/catalogIcon-infoblox.png         | Bin 0 -> 5951 bytes
 infra-templates/infoblox/config.yml           |   7 ++
 5 files changed, 126 insertions(+)
 create mode 100644 infra-templates/infoblox/0/README.md
 create mode 100644 infra-templates/infoblox/0/docker-compose.yml
 create mode 100644 infra-templates/infoblox/0/rancher-compose.yml
 create mode 100644 infra-templates/infoblox/catalogIcon-infoblox.png
 create mode 100644 infra-templates/infoblox/config.yml

diff --git a/infra-templates/infoblox/0/README.md b/infra-templates/infoblox/0/README.md
new file mode 100644
index 0000000..3f3636b
--- /dev/null
+++ b/infra-templates/infoblox/0/README.md
@@ -0,0 +1,40 @@
+## Infoblox DNS
+
+Rancher External DNS service powered by Infoblox DNS
+
+#### Usage
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.
\ No newline at end of file
diff --git a/infra-templates/infoblox/0/docker-compose.yml b/infra-templates/infoblox/0/docker-compose.yml
new file mode 100644
index 0000000..fb89ebc
--- /dev/null
+++ b/infra-templates/infoblox/0/docker-compose.yml
@@ -0,0 +1,16 @@
+infoblox:
+  image: rancher/external-dns:v0.7.5
+  command: -provider=infoblox
+  expose:
+   - 1000
+  environment:
+    INFOBLOX_URL: ${INFOBLOX_URL}
+    INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME}
+    INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    SSL_VERIFY: ${SSL_VERIFY}
+    USE_COOKIES: ${USE_COOKIES}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"
diff --git a/infra-templates/infoblox/0/rancher-compose.yml b/infra-templates/infoblox/0/rancher-compose.yml
new file mode 100644
index 0000000..0ddd99d
--- /dev/null
+++ b/infra-templates/infoblox/0/rancher-compose.yml
@@ -0,0 +1,63 @@
+# notemplating
+.catalog:
+  name: "Infoblox DNS"
+  version: "v0.1.0"
+  description: "Rancher External DNS service powered by Infoblox"
+  minimum_rancher_version: v1.6.0
+  questions:
+    - variable: "INFOBLOX_URL"
+      label: "Infoblox url"
+      description: "Infoblox url for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_USER_NAME"
+      label: "Infoblox user name"
+      description: "Infoblox user name for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_PASSWORD"
+      label: "Infoblox password"
+      description: "Infoblox password for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "SSL_VERIFY"
+      label: "Ssl verify"
+      description: "Infoblox Ssl verify for your Infoblox service"
+      type: "boolean"
+      required: true
+    - variable: "USE_COOKIES"
+      label: "Use cookies"
+      description: "Uses cookies if specified, re-creating the request and falling back to basic auth if a cookie is not present"
+      type: "boolean"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone name (root domain) managed by Infoblox. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+infoblox:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000
\ No newline at end of file
diff --git a/infra-templates/infoblox/catalogIcon-infoblox.png b/infra-templates/infoblox/catalogIcon-infoblox.png
new file mode 100644
index 0000000000000000000000000000000000000000..62ac6a964ed9b8a6e71ffcb9c3050024de91539c
GIT binary patch
literal 5951
zcmaJ_XH-*Lx1|%RAYCb;cS0zk29P2kz2g-`N`%l7l1N8sQU#=mBE5qY1q2kNgMuO*
zX_8O^2n3X_p*+0bz4v=R-hF4Bb9NbX&b9VhYmc$di8nXZXP~`8OF}}zU}&IgdC~S=
zJW2qni+7t#^3p}ah0(LeSRw9W0-RAWl51`V7Z}jc$Jrfb33GM}@*9AulaP=Lz^&~u
z_9n)vt_U9)=ieBaKp*4<n}kGNGZ5+Q>IK69U108TU#P%NYli?3?gkaGQ#6q^LF&Lf
z;0D1cm{qW;wQI1KtBRX|rUp<wQ1wE<2ZnJ52KspWqE!Q-0)OhNUi5!Yg9LzoLNH!X
zf&VyVZ(<JAL7-qjMHzW%S6MI^2!Y6e6%-*5uoO^E7Ayyny|^LLU<Fl0h^m|t@UKhY
z!Wzo$uBxT(^}lRgjGzJ@7z|Ps1PTZUkO`2NL7?10U=<aW-x_jq(iaG6bdWE`IZ)ac
zE%>*BE)4C8f+I0-gfH;7qO%L)9tJ9K;pu;t;Dh`})))O(m@Wba3Uo$-z%sJGm-IK#
z#N_{n`uO~VMq?~t|MmC(6h>PIAz>g(7#eX8<$960yMn(>AysuyFlP(`WsN|1{~bkh
z4+I8*_CO$kI#v*%m>t~L4H1AA{}XRwqH5@i#yI=B!VGnx0v8H0aJZYQwz9k&L_tLs
ztZ+>k4Az6FKp+Y_DmvF8I(m94a!NXXb9E7}_k3W!n7_Gh|K)=JmHWFCe2^EGbzvyD
zKg{hq3gH9%bIGdkfAvLK?_c%);=28-FUr^dl?%FX2J}0z|0~gdPhC{c@9sZkdolQ@
z@L|3e)sDI-YiDG#6A1}RgQ4y<>%iG9N4lprHf*=adjJt+OXMQG{9<~2BZEK@p7oES
zSF(5XBX78PdPb`kg-RC1WtTl<znh(XIkKq8TudaJRHHuhan!ftaP1}WxaNc5(@PER
z*s#wtYYXzq0d1SaseqlYM_XY>GwyZo&JL!DPYmO4Oc=v&er23n|0slS$iP}?xPBRA
zLqGo&@bQL@Q_)=srg!^z4SZPAl350b`~}imhDI-5!-&kUv3<U_&GCcqUWS=vS74nG
ztMD(W&eDNF_Yj9O4N6yED}bKn3;JoFpXCZN>t+c24gA!gWF~eY;dDmlP4{tI&T=X{
zq2eUyg}0$0xAvkXw<1kWx6mhh7>AfsN9KD9mLJ-9bVh)G=(!#Kv`JgjGc!O@16vS!
zKY>tOBQETd%PG@mQH89sk>^Z@45pYb1tc?NUw&;Iv0eZ=Vg)i4bPZ;eO_r|$S&M_L
zgn!Ye)oy$3<44H&cXb9`Z>5>%EQ{T$3N7E|X<NL!?RyR5o||zi5**t^NT+%J>uKT!
z^KAcvsP1$Qe-NnT0X~2CxU*&BZYH!UR2k8tD{aI%J9-<cgFV0HWCks@T(y$jV7);K
zb|_L`=$X<!U2a^EkC7$0Yi6xsht=83`Pq7g7?yyTEY|b;O4H~jvc`Qqz^mYQ&<kCK
zV6%^+V$DT&ylwLe5SNl8th6qjN=2+!g6M=c#U$2T)T}<%+4x!+YcI+bU?ofn*+rSk
z*FWwJhN!IaaZ9CaD5?c@R?4<uO4_9?&$5@-^b2|3mFa_LSRt?*;}v}Xoe(_y*J1M@
zK~UxtvUUC4A&HLcMoHI;=)g(3!O1`F*PukgjRwPA$1~OR8nJwY&DXIUQ6?5ePb8T_
zZa_GjW8E`-qpdi;ZDx9Ug?5L}>#bbZZNVVo{E-&!-Qv2R-dEPVs$?n*r<f(JPOKRY
z%S=i2RzOkXC({_Bp^uUcAiL{Ef|&#$eVduQc5Un|)Hdj`9MVg_YUW(5qlDh(L?3@Z
zso~!Eplw$pEy-9XtfTTo6p!6QTa77YcJvs&q$^ybO5W4PYa$gHiu1=KoX0W;I})y4
zHWPc$C3dS+-8{%7T8n->>v^VTR%{ZT^6QQ!zarXx+An&luVOboB3v4EI7v+zCLqaH
zT}bVF`EmYieC>{AEwm2hq2{`xw^vI}W0za6m{uuAdig)KnR?P4#EaEuj`q&kZG5`v
zDXdf!#x;3f$b2v*;lw|quvUSI3Kf{`oN8tw>t&8CFle~Fddw)fDLG~DJa(|E8!(E*
zJKch5qUNK-ndZg~WLUGE%C*6R{7h_Hh&i&k^Ca3nIDD2B7TTHUN}=uH05xSuW4~7<
zoAiS_r`F-7Z>AfZEwJ-JGBbexc7GMIpyX<pX7(Qi9cu@%Be;{d%W6{Ib~j;xBCdkl
z-%u~M@&}dl?rDk2DXcPiZiIfjO?{<OH21^RZ@IzE;fIUwe)-MD9OgPmOGpiOZam)9
z9L`i=AX|B!d8g<pMntp@l)Lo(X{grpQc;i4^PY67uJyKCLC>QPfFI%x_EDkKCWoNd
z!`VJRX%Ums<yn(gQMNbhUKK3nnNA<26ntwu`!VQ@rildS6EyQ)o=PuB`Yd<A>G}-&
zi8uFofw3^PE5^++#<KY~JR3g^5)lgR?+0ytCTBVa7Gfi5rHBlV@{3Pj_4XP9@*a=F
z>wry>z=;L^z!Nw8GA%2hdMv;Y0{T?a7hU97@k4g1Tm|PNs@*R4Uiox{RHqKZ`L4J|
zZaO9<s7@sFU}h-%y<LcH5IJ4$)SO&^sgrVz!%r06W)LKCNtR-n-1AX>@N6~UkWhC}
zYxB9ct02@nfg~lbN?omlpu)<YUR5*M1GCx^T!iyD#$}ltEvVuV%y(PXy<-Q@jpFW1
zLns05yTt;yPFZdF)?CmHU#77yWt=-B)eUd7yy+v-(ZWiEUmuvLDY-A{Bn@+2`Tk&e
zZLS4C(U^L;Jf;q{h-Grb#D^OR8WRf0MjY$oBgtzrd7Bnj=7^U*a{Bj^V*D|5a6ZQT
z9X)ugf<m7q<I+}~mxF9kNQC4%a^N7qiIty88}z~W#nx5UcI7{`Lj-8~%!)THsvo);
z<Q+}lKq<{s7g5b}TCVAMy3Bph6z#@2A!t?=V?_O0eD+r*nZU?Fnk;J|<KpxsjF$U8
zy6kqtJL;TSV}8|nJ0LA{0@#6}_yeBT+pfSo^b45F_poBEUNCvLLMcD5RQcD<xYV3W
z2LX420`qPAC!*ZH-GAZD<U{}biHgD~kakybs;$DPhgShN!M1ODsz@PYvf?r)T%@v(
zHU#8EJ_*a;tGoVDG^VTccB`$8Sbj}t=B^NaLu+@JKi|>xs*s~6=uJfS%o4|gK->Cn
zf>0?Ph;*<`Jvg;pywPb{taZ3y8}l&_uJ=K8+>h`&`u@8lxfZ7Yj8wSS7^e^$NoPLI
z%5_$<tRleY2+`LI?8>F-=Pbd~wFxh($w&ytbhCzD;s)fe+q}@mdjLVs(VCk2hcp{=
zU$%2m=XoftKEj?yd7Z0YP*=mYJTKwd2;Sj^x4wQzfZ{<^Qn-;u-Un{w%+6M&{6vDw
zY<LTnJkd~0f(KS7Tybu;iPjfaCt;mz*X6u#F)`$q(#}PC?(eZa7`M6jHVnAZO8-z~
zyqAo$4j%<ZiYLb$dr&9(r+XVyV+0f>fa`BvF4Ni>Xb$++Wajy-8tteJs+J-1C0VA<
zfzEt5ABQ!u^Vf?>o^qDc4Ka^*ddRY$i6);^a0d5`6g7|dcSqJcf@vOZE{Y7e|H?1+
zo?|68LrM?Tg7(!CwrCc*Tpgx@0d`ijR1Uqwv13#1k%H+AOhMC++q{vO0yk(P00ev)
z4>+558BDuJqm|}SM<?N9{OUoC6$&za^lZY_9qaBu@k=gNnpAs%c?nckuBhd@Ib}OS
z#6aeFz_030(X5Y@*lyUMQF&{X&&<Yx8P+sRhHzY+EO8{?)ebu3i#`R(OpL)^a|PxJ
zZ8p`e?uFQY<O7KmB86*&2f9yk+@JrnBxcN>zYGt-IPy(Wm%KayuBaK`ahu}JNz<CH
zTtH%^Mo`>7m?&EP>!Ql+m3ubIcSy|ApR$l$g~wKMO`8I61jIBwy0PudL5wYVh_TBa
z#PH*pw6*c~frm9AA{7Xy);C(*UgNctv+B;;qw<AXTPyJNPT`=2(#5SP?BlH<Yg#hq
zCV57<RNQy7FJ7u@xCsGJi-ICKXJaoD0Da#{cX54V4ttTOtaA7;#Q{;3zDA+4j+_dg
zKJc@u=PG{FcYYi_AKgzln-Yjve@8gW6$qkoyjO%M-fEC%6c<h0pFO4T(xTvbMy+(2
zY|4^T#&)5NQpRMclQB?%f{aR`<+exJ-FE!=j!UE&f>}R1mZ!4=x-f3QcPA5?RS$J8
zAJGI2K<p?RM<Ocy@-=>t*(DGg_!+|oY`JiQiD@PjIj$LkI2F@*3!+$rK`{N@Omfq(
z-d7)9gHad9Dgrlkd4h#iIB%225laUlu7`)N(>o<N7fO7X!8kX3W}kNi=ov8;;$F0<
z(?+46;O>Ub_z}!X{7zhQ!QWCf_oMGYMLg>$$ov!vhudj(zS5L)lQC0eg+8{B%8`H+
zw)9x|JI1Yv7S!fYKzxr>F0F^8ne-+KRKNAd0Z8jw_uAg$86%*b<a18AmtNaQj~8FR
z<-U6V^7FC!A6KXeO{x9gh!$j{53dwGc9o5d@hq$40-Wpo-YX>KwZ7uo5enOswl@{u
zU8z;>&uZD2X+8TM{w4TqH8<_vE!$|od=H~5=V?$wI1wX^b4Gj!(4oJ(mHINB_sd9#
z+xWp)U_R9nb9%Mc6J^|$f*EE%9=mDsj&mAI`}PSP?mdSq7F3tm4y(?~JA)LON&%FB
zkjI+!gR(alRyRVycD~h3b;^&1zw|y>HqtV<b8C?80OK;R=287%{4Klqh%0TI{<K=N
zJxta=m6CXw2##0~+$w49`XTjRjsCQlyJ@&|X#uR#1^#@T+r%5`2Pzz2iavS=bI)mF
z&f9<%NnvxtxMY;0UMB_IiY(+|lHILjB|!^daI|cCk`>usg3hKyTx|%ZahLVNB}5HX
zso#<=0cq;{C9p=Q<_~Z0teP+u)+c#UjNIoM>z8W+56Z=WSW{Tq?^$-#ntO&HpVJtf
zf}j3T=V!TGF?+wU^2wyv@qo=$F;0YJM)$PC_8Wk7U2M1D;Oa3aZ=ZpEJdS9Js{Vw1
zQ*|zQEqAV0(}$?jop@9Ht03>0^U{Ll)z_Cziy#dwKl}YGmE=f;e#MPR3Mu)@nX0>r
zs&;8wUhn06&vy!<k~u&FdR6xGPQz!z3ZI0Hj&Slxreq!`-7%Z;V!sq2cDImZsAM!Q
zjC4oeA$H4VOMzI`B7d_OaLjggvMg>b^M~Qp(v%)GTd`}!&iY@w_Gur!2_!}H7Kk#w
zC?oi8iN6V{eI*<a{As5SGp*!9Q`}}KN<3X+?0>U3Rx#_7d9L;RLnFT30oz|Oy9`~-
zpvl?@C0^yWaUBb#qw7w*lb<4QwA3v6c4LVDGY5IvwA#dW+Da-;&U8>?>~VB+&aoOz
zhRV=xw$y6i({#Fy(Rk%hu7`a`b)|=?^F#WEXNpyVeD^N}&qGGb?4?G7Y+GMpMc(1Q
z(R)a4Tc^yV$p+AOse9I^o)8xKku+qZYGrSnriQ<gn8Kh|_-OyN(FkN&o&QTwtBWr$
zbq{NTfz0Lh_&m^rPQ!prUHME>nt4Wr3V^(kXg#pwQJ{DbbG%X&azp##JTAcWJ%L|l
zx0LMGTXV|gY=yTIRr}UA_QhGY(m3e6U43{>Gt$b$EE=ZRVG7C4(anbTMA$5waG{t*
zA}eD_vLKZW{w6u~cJ2$ZR~kdU8PP?$LngA1c@lM4V){EvQzhs-yb@$6v?Ju5nCm*f
z;Q-Cc8BIW@v6w1`TyLY3Sht$a_enUela;$<T#V0tfjiJX<tJQo@>Yq=Dtfz)$ViHf
zBp4R=;JO<N|LL9glL`aZRUO5zUZdS5j4`3R-U;AINMBGoBt6EGcPK|X$={^r<nRmU
zyRp1H`(g%rbtYi1u*UsVpF6DUhd7{$-%$Y2p36UTOcT1Ebz@m)Hv04yvmDr*T73M&
z&L926x0$ZZot#)rBS;z@Is47-5Wi|B1D($k?@t`%VdOv9TU7jz7$oPOK(S+vKp@%N
zt%c}FX3BEQSR<KkDt29#)P|@B)z{uCXs=#-x#r7A%UCs=%fiCE0_5wkt@nM!J4K-%
zzA39QeO0A0Y9JaoK~L+%K&__iSt`k=aL5MKKC#g-r|@EurH}ODieDJINBTgXDU@QB
zNx2$_X!{sH8GCfdYSV0P?pbpfW7y-|$ALyoJ~qQcTX%_d?oLDRM#f9{J>Eult4!d+
zRHnMt=<_cv9O0uckrfk>k<_9ES!m(Ddr)x)rnIlqU)D<bv6Xxr&u|(sNH9HFf_%y1
zFp8?7MyI)GYTE3l37-BZB=|*k4m%1j2UkY$Iv?014;<Zs8_4vmM5O$@7Hi%jlA%nc
zUZ83^5;a}R(|hg8af<rGB1KUW5i@s<6CB0c7s3G@<k3FDq9rNj)2SZb@#>PgV%y7u
zvx>T6o-TQ*VRbAeizJ)i3D$_!Gg^)sIny&Idmn;s;Wsu^{;?7EeT_RSpciLGYI@IH
z!!)RK>em3O>d>`%7v~Wq^kgV&zU1YzvEvVYhTNTnm(Q>mnTv22De|p~R3WN&Qw)7K
zcIgLB5ec%hpQulm6i4aFFW)yoo!=s(@!C87+Q3T)P!d5SWPoe24n$hV7^~jg0kuz;
zABDI$Jldl#RF2EOqv;tHF;UOud6PIlb*Y7Esnw1qJ_@_tOF2p(&9HRxv>W^Nt->46
zq{6P|Z1cth*%nD|7AyO^BA(82DYy-yZX~vDb>rq|wqG{duW0@9?HVo8at|ofABDAv
z8ZG0@AGYlIr!{s^i=w&aZcC3+vpE=sY-zm@@Tz_&x?Nqi=5bD1@6z!>zEP2}$ovy{
zTi%;HDvX(jKIt8F=i{TRcM5y>itk(%wH$LwXE((=q#i!$k4Lk-L1_$-!d)4*Nz+=7
zjzG~&SwhFBa~Ij=nqzM7w7n*P4IDVNdUoZ0R&-twyWFs5aQyLuw~FkO6Ts&}M-+)Z
zHQ=YNa4O>xQf_jNE+jOaF!$bK!Az|yOJlWx%Pa&Tued3uT?CG?_`^rqnowaANzP|$
zFMD{|vjI1Zx!y4RwPl^*JJW1YnQd>bol#H!{*~@zYUNSvQUPY=Kz}dfOP-_pBUj<G
zit8LT<q_D_@6|lS$>i@FQmT~3)8kRMOC;ho45rJT16Y#rP@j)}fmz5O473AB;!j)6
zSw1Iu>_Ou-MfS{cdJpe!*7k>48*a~-$YdLZh<^`+nn=IuddX5-&fyN&DVFCb?7Q49
zxy=J_d#yB5p;@^4W~%|mB~uKszXtf8ps-NiLT(plb8<fwh8$`VSxHsk9il-+ubkCP
zvJQORBZk0_sS6}%-%EJbl*dQ)$(oxm_T)xYq<UZZ#1^7h_z^ng*1PmQAh_4oGK7j+
z=uyV}DNR;Fi2H)aZ9a1jmtVLC<U9A~6QQ<7++@uhA5H48(u^iyoP@^7wiNgn^2UJg
tl7^5o6$d4ei!cP<98aTMIwzwiY1)hGOh4Tj`29=UP|sAiR{Kum{{Zu}>jD4(

literal 0
HcmV?d00001

diff --git a/infra-templates/infoblox/config.yml b/infra-templates/infoblox/config.yml
new file mode 100644
index 0000000..46f51e2
--- /dev/null
+++ b/infra-templates/infoblox/config.yml
@@ -0,0 +1,7 @@
+name: Infoblox DNS
+description: |
+  Rancher External DNS service powered by Infoblox
+version:  v0.1.0
+category: External DNS
+labels:
+  io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

From c49d88122be8b8fd6d2c06330e18ad12febe5475 Mon Sep 17 00:00:00 2001
From: Raul Sanchez <rawmind@gmail.com>
Date: Tue, 10 Oct 2017 00:36:41 +0200
Subject: [PATCH 21/71] Updated avi package to external_lb:v0.3.4

---
 templates/avi/1/README.md           | 32 ++++++++++++++++++
 templates/avi/1/docker-compose.yml  | 16 +++++++++
 templates/avi/1/rancher-compose.yml | 52 +++++++++++++++++++++++++++++
 templates/avi/config.yml            |  2 +-
 4 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 templates/avi/1/README.md
 create mode 100644 templates/avi/1/docker-compose.yml
 create mode 100644 templates/avi/1/rancher-compose.yml

diff --git a/templates/avi/1/README.md b/templates/avi/1/README.md
new file mode 100644
index 0000000..907b75e
--- /dev/null
+++ b/templates/avi/1/README.md
@@ -0,0 +1,32 @@
+Avi Vantage Platform Load Balancer Provider
+========
+
+## About Avi Vantage Platform
+The [Avi Vantage Platform](https://avinetworks.com/software-load-balancer-for-any-cloud/) is built on software-defined architectural principles to create a centrally managed pool of distributed load balancers to deliver application services close to the applications.
+
+## About this provider
+This provider load balances Rancher services using Avi Vantage Platform Load Balancer. It uses REST API to update the Avi controller which enables the Avi Service Engines to load balance the Rancher Services.
+
+## Usage
+
+1. Deploy the stack for this provider from Rancher Community Catalog.
+   While deploying, you need to give the username, password (optional,
+   read below), Avi Controller IP address, Avi Controller Port, the
+   Cloud name where Virtual Services and Pools are created.
+2. Create Virtual Services using Avi Controller console. Make sure you
+   create VS in given cloud in Avi. Leave the Virtual Service pool as
+   empty. Configure any policies or rules for Virtual Service.
+3. Create services in Rancher with public host port mapping and adding
+   label `io.rancher.service.external_lb.endpoint` with value as Virtual
+   Service name created in previous step. You can scale out/in the
+   service or stop the service and the changes will get reflected on Avi
+   Controller and Service Engine.
+
+### Using Rancher Secrets for Avi Password
+
+Optionally, you can use the Rancher Secrets to pass the Avi controller
+password instead of using environment variable.
+1. Run the Rancher Secrets service before deploying this provider stack.
+2. Create a secret named "avi-creds".
+3. While deploying the Avi provider stack, use the "avi-creds" secret
+   for Avi Provider service.
diff --git a/templates/avi/1/docker-compose.yml b/templates/avi/1/docker-compose.yml
new file mode 100644
index 0000000..da7aa2f
--- /dev/null
+++ b/templates/avi/1/docker-compose.yml
@@ -0,0 +1,16 @@
+avi:
+  image: rancher/external-lb:v0.3.4
+  command: -provider=Avi
+  expose: 
+   - 1000
+  environment:
+    AVI_USER: ${AVI_USER}
+    AVI_PASSWORD: ${AVI_PASSWORD}
+    AVI_CONTROLLER_ADDR: ${AVI_CONTROLLER_ADDR}
+    AVI_CONTROLLER_PORT: ${AVI_CONTROLLER_PORT}
+    AVI_SSL_VERIFY: ${AVI_SSL_VERIFY}
+    AVI_CLOUD_NAME: ${AVI_CLOUD_NAME}
+    LB_TARGET_RANCHER_SUFFIX: ${LB_TARGET_RANCHER_SUFFIX}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-lb"
diff --git a/templates/avi/1/rancher-compose.yml b/templates/avi/1/rancher-compose.yml
new file mode 100644
index 0000000..3346816
--- /dev/null
+++ b/templates/avi/1/rancher-compose.yml
@@ -0,0 +1,52 @@
+.catalog:
+  name: Avi Vantange Platform Load Balancer
+  version: "v0.3.4-rancher1"
+  description: "External LB service powered by Avi Vantage Platform"
+  minimum_rancher_version: v1.1.0
+  questions:
+    - variable: "AVI_USER"
+      label: "Avi account username"
+      description: "User name for your account on Avi Controller"
+      type: "string"
+      required: true
+    - variable: "AVI_PASSWORD"
+      label: "Avi user account password"
+      description: "Password for your account on Avi Controller"
+      type: "string"
+      required: false
+    - variable: "AVI_CONTROLLER_ADDR"
+      label: "Avi Controller IP Address"
+      description: "IP Address of the Avi Controller"
+      type: "string"
+      required: true
+    - variable: "AVI_CONTROLLER_PORT"
+      label: "Avi Controller Port (Optional)"
+      description: "Port on which Avi Controller is listening for API requests"
+      type: "string"
+      required: false
+    - variable: "AVI_CLOUD_NAME"
+      label: "Avi Cloud Name (Optional)"
+      description: "Name of Avi Cloud in which Virtual Services are created"
+      required: false
+      type: "string"
+    - variable: "AVI_SSL_VERIFY"
+      label: "Avi SSL Verify (Optional)"
+      description: "SSL certificate validation while connecting to Avi Controller"
+      required: false
+      type: "boolean"
+      default: false
+    - variable: "LB_TARGET_RANCHER_SUFFIX"
+      label: "Avi pool name suffix"
+      description: "Pool names in Avi created/updated by Rancher will have this suffix"
+      type: "string"
+      required: true
+      default: rancher.internal
+
+avi:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 2
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000
diff --git a/templates/avi/config.yml b/templates/avi/config.yml
index 562d7c0..16b90a4 100644
--- a/templates/avi/config.yml
+++ b/templates/avi/config.yml
@@ -1,5 +1,5 @@
 name: Avi Vantage Platform
 description: |
     External LB service powered by Avi Vantage Platform
-version: v0.3.2-rancher1
+version: v0.3.4-rancher1
 category: Load Balancing

From 3508bcab486e2a6906806215a1ada97eeaabdab4 Mon Sep 17 00:00:00 2001
From: chrisurwin <chrisu@hotmail.co.uk>
Date: Fri, 13 Oct 2017 17:18:17 +0100
Subject: [PATCH 22/71] moved autospotting to infra and added spot instance
 helper (#636)

---
 .../autospotting/0/README.md                  |  0
 .../autospotting/0/docker-compose.yml         |  0
 .../autospotting/0/rancher-compose.yml        |  0
 .../catalogIcon-auttospotting.svg             |  0
 .../autospotting/config.yml                   |  0
 .../aws-spot-instance-helper/0/README.md      |  7 ++++++
 .../0/docker-compose.yml                      |  8 ++++++
 .../0/rancher-compose.yml                     | 16 ++++++++++++
 .../catalogIcon-rahc.svg                      | 25 +++++++++++++++++++
 .../aws-spot-instance-helper/config.yml       |  5 ++++
 10 files changed, 61 insertions(+)
 rename {templates => infra-templates}/autospotting/0/README.md (100%)
 rename {templates => infra-templates}/autospotting/0/docker-compose.yml (100%)
 rename {templates => infra-templates}/autospotting/0/rancher-compose.yml (100%)
 rename templates/autospotting/catalogIcon-autospotting.svg => infra-templates/autospotting/catalogIcon-auttospotting.svg (100%)
 rename {templates => infra-templates}/autospotting/config.yml (100%)
 create mode 100644 infra-templates/aws-spot-instance-helper/0/README.md
 create mode 100644 infra-templates/aws-spot-instance-helper/0/docker-compose.yml
 create mode 100644 infra-templates/aws-spot-instance-helper/0/rancher-compose.yml
 create mode 100644 infra-templates/aws-spot-instance-helper/catalogIcon-rahc.svg
 create mode 100644 infra-templates/aws-spot-instance-helper/config.yml

diff --git a/templates/autospotting/0/README.md b/infra-templates/autospotting/0/README.md
similarity index 100%
rename from templates/autospotting/0/README.md
rename to infra-templates/autospotting/0/README.md
diff --git a/templates/autospotting/0/docker-compose.yml b/infra-templates/autospotting/0/docker-compose.yml
similarity index 100%
rename from templates/autospotting/0/docker-compose.yml
rename to infra-templates/autospotting/0/docker-compose.yml
diff --git a/templates/autospotting/0/rancher-compose.yml b/infra-templates/autospotting/0/rancher-compose.yml
similarity index 100%
rename from templates/autospotting/0/rancher-compose.yml
rename to infra-templates/autospotting/0/rancher-compose.yml
diff --git a/templates/autospotting/catalogIcon-autospotting.svg b/infra-templates/autospotting/catalogIcon-auttospotting.svg
similarity index 100%
rename from templates/autospotting/catalogIcon-autospotting.svg
rename to infra-templates/autospotting/catalogIcon-auttospotting.svg
diff --git a/templates/autospotting/config.yml b/infra-templates/autospotting/config.yml
similarity index 100%
rename from templates/autospotting/config.yml
rename to infra-templates/autospotting/config.yml
diff --git a/infra-templates/aws-spot-instance-helper/0/README.md b/infra-templates/aws-spot-instance-helper/0/README.md
new file mode 100644
index 0000000..36f22f1
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/0/README.md
@@ -0,0 +1,7 @@
+# AWS Spot Instance Helper
+
+### Info
+This is a simple service that runs globally. It monitors the state of the host, if the host is running on a spot instance it will check to see if the host is scheduled for termination then it will automatically deactive the host and evaculate the containers.
+
+The source code is available at [https://www.github.com/chrisurwin/aws-spot-instance-helper](https://www.github.com/chrisurwin/aws-spot-instance-helper)
+
diff --git a/infra-templates/aws-spot-instance-helper/0/docker-compose.yml b/infra-templates/aws-spot-instance-helper/0/docker-compose.yml
new file mode 100644
index 0000000..d88c501
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/0/docker-compose.yml
@@ -0,0 +1,8 @@
+aws-spot-instance-helper:
+  image: chrisurwin/aws-spot-instance-helper:v0.1.0
+  tty: true
+  labels:
+    io.rancher.container.create_agent: 'true'
+    io.rancher.container.agent.role: environment
+    io.rancher.container.pull_image: always
+    io.rancher.scheduler.global: 'true'
\ No newline at end of file
diff --git a/infra-templates/aws-spot-instance-helper/0/rancher-compose.yml b/infra-templates/aws-spot-instance-helper/0/rancher-compose.yml
new file mode 100644
index 0000000..a98b942
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/0/rancher-compose.yml
@@ -0,0 +1,16 @@
+.catalog:
+    name: "AWS Spot Instance Helper"
+    version: "v0.1.0"
+    description: "AWS Spot Instance Helper"
+    minimum_rancher_version: v1.5.5
+
+ 
+aws-spot-instance-helper:
+    health_check:
+        port: 9777
+        interval: 2000
+        unhealthy_threshold: 3
+        strategy: recreate
+        response_timeout: 2000
+        request_line: GET /ping HTTP/1.0
+        healthy_threshold: 2
\ No newline at end of file
diff --git a/infra-templates/aws-spot-instance-helper/catalogIcon-rahc.svg b/infra-templates/aws-spot-instance-helper/catalogIcon-rahc.svg
new file mode 100644
index 0000000..b585445
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/catalogIcon-rahc.svg
@@ -0,0 +1,25 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="1200.000000pt" height="1200.000000pt" viewBox="0 0 1200.000000 1200.000000"
+ preserveAspectRatio="xMidYMid meet">
+
+<g transform="translate(0.000000,1200.000000) scale(0.100000,-0.100000)"
+fill="#000000" stroke="none">
+<path d="M0 6000 l0 -6000 6000 0 6000 0 0 6000 0 6000 -6000 0 -6000 0 0
+-6000z m6369 5085 c174 -42 319 -177 377 -355 17 -50 18 -112 22 -717 l3 -663
+-1798 0 c-1983 0 -1850 4 -1977 -63 -118 -61 -226 -200 -255 -327 -7 -30 -11
+-651 -11 -1882 l0 -1838 -602 0 c-368 0 -628 4 -667 11 -228 37 -401 216 -432
+447 -6 51 -9 910 -7 2527 l3 2450 23 66 c43 129 132 234 250 297 121 64 -55
+60 2592 61 2121 1 2423 -1 2479 -14z m2142 -2183 c164 -46 299 -177 349 -340
+19 -61 20 -94 20 -728 l0 -664 -1804 0 c-1771 0 -1805 0 -1868 -20 -161 -50
+-286 -176 -344 -350 -18 -53 -19 -133 -22 -1892 l-2 -1838 -628 0 c-684 0
+-689 0 -796 58 -28 15 -81 57 -119 93 -78 78 -130 177 -147 279 -14 90 -14
+4900 0 4990 30 189 188 365 371 414 46 13 394 15 2489 15 2331 1 2438 0 2501
+-17z m2160 -2190 c82 -27 175 -88 230 -150 50 -57 105 -167 119 -241 15 -79
+14 -4962 -1 -5033 -40 -192 -212 -361 -404 -398 -44 -8 -715 -10 -2490 -8
+l-2430 3 -58 22 c-150 57 -263 170 -320 320 l-22 58 -3 2495 c-1 1709 1 2511
+8 2546 43 209 223 375 435 404 33 4 1142 7 2465 6 l2405 -1 66 -23z"/>
+</g>
+</svg>
diff --git a/infra-templates/aws-spot-instance-helper/config.yml b/infra-templates/aws-spot-instance-helper/config.yml
new file mode 100644
index 0000000..1457c2a
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/config.yml
@@ -0,0 +1,5 @@
+name: AWS Spot Instance Helper
+description: |
+  Automatically evacuates spot instances that are marked for termination
+version: v0.1.0
+category: Rancher Services
\ No newline at end of file

From b303dae6cef1aec39cd339f9bfde5ff5501f396b Mon Sep 17 00:00:00 2001
From: jeanlouisboudart <jeanlouis.boudart@gmail.com>
Date: Wed, 18 Oct 2017 08:13:58 +0200
Subject: [PATCH 23/71] upgrde rancher dns to 0.7.6 on gandi stack due to a
 breaking change on gandi's api see
 https://github.com/rancher/rancher/issues/10136

---
 .../gandi-dns/1/docker-compose.yml            | 13 ++++++
 .../gandi-dns/1/rancher-compose.yml           | 43 +++++++++++++++++++
 infra-templates/gandi-dns/config.yml          |  4 +-
 3 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 infra-templates/gandi-dns/1/docker-compose.yml
 create mode 100644 infra-templates/gandi-dns/1/rancher-compose.yml

diff --git a/infra-templates/gandi-dns/1/docker-compose.yml b/infra-templates/gandi-dns/1/docker-compose.yml
new file mode 100644
index 0000000..1dbedba
--- /dev/null
+++ b/infra-templates/gandi-dns/1/docker-compose.yml
@@ -0,0 +1,13 @@
+gandidns:
+  image: rancher/external-dns:v0.7.6
+  command: -provider=gandi
+  expose:
+   - 1000
+  environment:
+    GANDI_APIKEY: ${GANDI_APIKEY}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"
diff --git a/infra-templates/gandi-dns/1/rancher-compose.yml b/infra-templates/gandi-dns/1/rancher-compose.yml
new file mode 100644
index 0000000..85cfce6
--- /dev/null
+++ b/infra-templates/gandi-dns/1/rancher-compose.yml
@@ -0,0 +1,43 @@
+# notemplating
+.catalog:
+  name: "Gandi DNS"
+  version: "v0.1.1"
+  description: "Rancher External DNS service powered by Gandi. Requires Rancher version v1.1.0"
+  maintainer: "Frederic Leger <contact@webofmars.com>"
+  minimum_rancher_version: v1.6.0-rc1
+  #maximum_rancher_version:
+  questions:
+    - variable: "GANDI_APIKEY"
+      label: "Gandi API key"
+      description: "API key for your Gandi account"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Root Domain"
+      description: "The domain name managed by Gandi."
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds (minimum 300)"
+      type: "int"
+      default: 300
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the root domain name) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+gandidns:
+  health_check:
+    port: 1000
+    interval: 15000
+    unhealthy_threshold: 2
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000
diff --git a/infra-templates/gandi-dns/config.yml b/infra-templates/gandi-dns/config.yml
index 061b35b..ebd316b 100644
--- a/infra-templates/gandi-dns/config.yml
+++ b/infra-templates/gandi-dns/config.yml
@@ -1,7 +1,7 @@
 name: GANDI DNS
 description: |
   Rancher External DNS service powered by Gandi.net
-version: v0.1.0
+version: v0.1.1
 category: External DNS
 labels:
-  io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'
\ No newline at end of file
+  io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

From 4e7f3d70138c27a8075cee149a8f01ad54030aae Mon Sep 17 00:00:00 2001
From: Raul Sanchez <rawmind@gmail.com>
Date: Wed, 18 Oct 2017 19:24:27 +0200
Subject: [PATCH 24/71] Updated traefik package to v1.4.0

---
 templates/traefik/11/README.md              |  80 ++++++++
 templates/traefik/11/docker-compose.yml.tpl | 107 ++++++++++
 templates/traefik/11/rancher-compose.yml    | 208 ++++++++++++++++++++
 templates/traefik/config.yml                |   4 +-
 4 files changed, 397 insertions(+), 2 deletions(-)
 create mode 100644 templates/traefik/11/README.md
 create mode 100644 templates/traefik/11/docker-compose.yml.tpl
 create mode 100644 templates/traefik/11/rancher-compose.yml

diff --git a/templates/traefik/11/README.md b/templates/traefik/11/README.md
new file mode 100644
index 0000000..a3826ab
--- /dev/null
+++ b/templates/traefik/11/README.md
@@ -0,0 +1,80 @@
+# Traefik active load balancer
+
+### Info:
+
+ This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata.
+ It would be deployed in hosts with label traefik_lb=true.
+
+### Config:
+
+- rancher_integration = "metadata" # Rancher integration method.
+- host_label = "traefik_lb=true" # Host label where to run traefik service.
+- http_port = 8080  # Port exposed to get access to the published services.
+- https_port = 8443  # Port exposed to get secured access to the published services.
+- admin_port = 8000  # Port exposed to get admin access to the traefik service.
+- https_enable = <false | true | only>
+  - false: Enable http enpoints and disable https ones.
+  - true: Enable http and https endpoints.
+  - only: Enable https endpoints and redirect http to https.
+- acme_enable = false               # Enable/Disable acme traefik support.
+- acme_email = "test@traefik.io"    # acme user email
+- acme_ondemand = true              # acme ondemand parameter.
+- acme_onhostrule = true            # acme onHostRule parameter.
+- acme_caserver = "https://acme-v01.api.letsencrypt.org/directory"          # acme caServer parameter.
+- acme_vol_name = "traefik_acme_vol"    # Volume name to user by acme sidekick
+- acme_vol_driver = "local"   # Volume driver to user by acme sidekick
+- ssl_key # Paste your ssl key. *Required if you enable https
+- ssl_crt # Paste your ssl crt. *Required if you enable https
+- insecure_skip = false # Enable InsecureSkipVerify param.
+- compress_enable = true    # Enable traefik compression
+- refresh_interval = 10s  # Interval to refresh traefik rules.toml from rancher-metadata.
+- admin_readonly = false # Set REST API to read-only mode.
+- admin_statistics = 10 # Enable more detailed statistics, extend recent errors number.
+- admin_auth_method = "basic" # Selec auth method, basic or digest.
+- admin_users = "" # Paste basic or digest users created with htdigest, one user per line.
+- prometheus_enable = false # Enable prometheus statistics
+- prometheus_buckets = "[0.1,0.3,1.2,5.0]" # Prometheus buckets
+- cattle_url = ""           # Cattle url if you choose api integration
+- cattle_access_key = ""    # Cattle access key if you choose api integration
+- cattle_secret_key = ""    # Cattle secret key if you choose api integration    
+### Service configuration labels:
+
+Traefik labels has to be added to your services, in order to get included in traefik config.
+
+## Metadata or api
+
+Please use traefik defined labels if you choose metadata or api rancher integration. 
+
+[Traefik rancher backend labels][traefik rancher backend]
+
+Metadata is the prefered and recommended rancher integration.
+
+Api integration needs you create an environment API key in your rancher environment. Also, it needs you provide CATTLE_URL, CATTLE_ACCESS_KEY and CATTLE_SECRET_KEY.
+
+## External
+
+Use this labels if you choose extenal rancher integration.
+
+- traefik.enable = <true | false>
+  - true: the service will be published as *service_name.stack_name.traefik_domain*
+  - stack: the service will be published as *stack_name.traefik_domain*. WARNING: You could have collisions inside services within your stack
+  - false: the service will not be published
+- traefik.alias = < alias >         # Alternate names to route rule. Multiple values separated by ",". WARNING: You could have collisions BE CAREFULL
+- traefik.domain = < domain >       # Domain names to route rule. Multiple values separated by ","
+- traefik.path = < path >           # Path to route rule. Multiple paths separated by ","
+- traefik.port = < port >           # Port to expose throught traefik
+- traefik.acme = < true | false >   # Enable/disable ACME traefik feature
+
+### Usage:
+
+ Select Traefik from catalog.
+
+ Set the params.
+
+ Click deploy.
+
+ Access your traefik admin service at $admin_port to see your published services.
+
+Note: To access the services, you need to create A or CNAMES dns entries for every one.
+
+[traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour
diff --git a/templates/traefik/11/docker-compose.yml.tpl b/templates/traefik/11/docker-compose.yml.tpl
new file mode 100644
index 0000000..891a96d
--- /dev/null
+++ b/templates/traefik/11/docker-compose.yml.tpl
@@ -0,0 +1,107 @@
+version: '2'
+services:
+  traefik:
+    ports:
+    - ${admin_port}:8000/tcp
+    - ${http_port}:${http_port}/tcp
+    - ${https_port}:${https_port}/tcp
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+      io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+      io.rancher.sidekicks: 
+        {{- if eq .Values.rancher_integration "external"}} traefik-conf
+            {{- if eq .Values.acme_enable "true" -}},{{- end -}}
+        {{- end -}}
+        {{- if eq .Values.acme_enable "true" -}}
+            {{- if ne .Values.rancher_integration "external"}} traefik-acme
+            {{- else -}}traefik-acme
+            {{- end -}}
+        {{- end -}}
+    {{- end}}
+      io.rancher.container.hostname_override: container_name
+    image: rawmind/alpine-traefik:1.4.0-3
+    environment:
+    - TRAEFIK_HTTP_PORT=${http_port}
+    - TRAEFIK_HTTP_COMPRESSION=${compress_enable}
+    - TRAEFIK_HTTPS_PORT=${https_port}
+    - TRAEFIK_HTTPS_ENABLE=${https_enable}
+    - TRAEFIK_HTTPS_COMPRESSION=${compress_enable}
+    - TRAEFIK_INSECURE_SKIP=${insecure_skip}
+    - TRAEFIK_ADMIN_ENABLE=true
+    - TRAEFIK_ADMIN_READ_ONLY=${admin_readonly}
+    - TRAEFIK_ADMIN_STATISTICS=${admin_statistics}
+    - TRAEFIK_ADMIN_AUTH_METHOD=${admin_auth_method}
+    - TRAEFIK_ADMIN_AUTH_USERS=${admin_users}
+  {{- if eq .Values.rancher_integration "external"}}
+    - CONF_INTERVAL=${refresh_interval}
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+    - TRAEFIK_ACME_ENABLE=${acme_enable}
+    - TRAEFIK_ACME_EMAIL=${acme_email}
+    - TRAEFIK_ACME_ONDEMAND=${acme_ondemand}
+    - TRAEFIK_ACME_ONHOSTRULE=${acme_onhostrule}
+    - TRAEFIK_ACME_CASERVER="${acme_caserver}"
+  {{- end}}
+  {{- if ne .Values.rancher_integration "external"}}
+    - TRAEFIK_RANCHER_ENABLE=true
+    - TRAEFIK_RANCHER_MODE=${rancher_integration}
+    {{- if eq .Values.rancher_integration "api"}}
+    - CATTLE_URL=${cattle_url}
+    - CATTLE_ACCESS_KEY=${cattle_access_key}
+    - CATTLE_SECRET_KEY=${cattle_secret_key}
+    {{- end}}
+  {{- end}}
+  {{- if eq .Values.prometheus_enable "true"}}
+    - TRAEFIK_PROMETHEUS_ENABLE=${prometheus_enable}
+    - TRAEFIK_PROMETHEUS_BUCKETS=${prometheus_buckets}
+  {{- end}}
+  {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+    volumes_from:
+    {{- if eq .Values.rancher_integration "external"}}
+    - traefik-conf
+    {{- end}}
+    {{- if eq .Values.acme_enable "true"}}
+    - traefik-acme
+    {{- end}}
+  {{- end}}
+  {{- if eq .Values.rancher_integration "external"}}
+  traefik-conf:
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+      io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.start_once: 'true'
+    image: rawmind/rancher-traefik:1.3.6
+    network_mode: none
+    volumes:
+      - tools-volume:/opt/tools
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+  traefik-acme:
+    network_mode: none
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+      io.rancher.container.start_once: true
+    environment:
+      - SERVICE_UID=10001
+      - SERVICE_GID=10001
+      - SERVICE_VOLUME=/opt/traefik/acme
+    volumes:
+      - ${acme_vol_name}:/opt/traefik/acme
+    image: rawmind/alpine-volume:0.0.2-1
+  {{- end}}
+{{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+volumes:
+  {{- if eq .Values.rancher_integration "external"}}
+  tools-volume:
+    driver: local
+    per_container: true
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+  ${acme_vol_name}:
+    driver: ${acme_vol_driver}
+  {{- end}}
+{{- end}}
diff --git a/templates/traefik/11/rancher-compose.yml b/templates/traefik/11/rancher-compose.yml
new file mode 100644
index 0000000..959bc0e
--- /dev/null
+++ b/templates/traefik/11/rancher-compose.yml
@@ -0,0 +1,208 @@
+version: '2'
+catalog:
+  name: traefik
+  version: v1.4.0-rancher1
+  description: |
+    Traefik load balancer.
+  minimum_rancher_version: v0.59.0
+  maintainer: "Raul Sanchez <rawmind@gmail.com>"
+  uuid: traefik-0
+  questions:
+    - variable: "rancher_integration"
+      label: "Choose rancher integration:"
+      description: |
+        Enable rancher integration mode. Traefik built in integration, metadata or api, or external sidekick integration with confd.
+      default: metadata
+      required: true
+      type: enum
+      options:
+        - metadata
+        - api
+        - external
+    - variable: "host_label"
+      description: "Host label where to run traefik service."
+      label: "Host label:"
+      required: true
+      default: "traefik_lb=true" 
+      type: "string"
+    - variable: "http_port"
+      description: "Traefik http public port to listen."
+      label: "Http port:"
+      required: true
+      default: 8080
+      type: "int"
+    - variable: "https_port"
+      description: "Traefik https public port to listen."
+      label: "Https port:"
+      required: true
+      default: 8443
+      type: "int"
+    - variable: "admin_port"
+      description: "Traefik admin public port to listen."
+      label: "Admin port:"
+      required: true
+      default: 8000 
+      type: "int"
+    - variable: "https_enable"
+      label: "Https enable:"
+      description: |
+        Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work.
+      default: false
+      required: true
+      type: enum
+      options:
+        - false
+        - true
+        - only
+    - variable: "acme_enable"
+      description: "Enable acme support on traefik."
+      label: "ACME enable:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "acme_email"
+      description: "ACME user email."
+      label: "ACME email:"
+      required: true
+      default: "test@traefik.io" 
+      type: "string"
+    - variable: "acme_ondemand"
+      description: "Enable acme ondemand."
+      label: "ACME ondemand:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "acme_onhostrule"
+      description: "Enable acme onHostRule."
+      label: "ACME onHostRule:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "acme_caserver"
+      description: "ACME caServer to use."
+      label: "ACME caServer:"
+      required: true
+      default: "https://acme-v01.api.letsencrypt.org/directory"
+      type: "string"
+    - variable: "acme_vol_name"
+      description: "The volume name shared to store ACME certs"
+      label: "ACME Volume Name"
+      required: true
+      default: "traefik_acme_vol"
+      type: "string"
+    - variable: "acme_vol_driver"
+      description: "The volume driver shared to store ACME certs"
+      label: "ACME Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+    - variable: "ssl_key"
+      description: "SSL key to secure the service. *Required if you enable https"
+      label: "Https key"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "ssl_crt"
+      description: "SSL cert to secure the service. *Required if you enable https"
+      label: "Https crt"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "insecure_skip"
+      description: "Enable InsecureSkipVerify param."
+      label: "InsecureSkipVerify:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "compress_enable"
+      label: "Enable compression:"
+      description: |
+        Enable Traefik compression for entrypoints.
+      default: true
+      required: true
+      type: "boolean"
+    - variable: "refresh_interval"
+      description: "Interval to poll/apply configuration changes." 
+      label: "Refresh Interval (s):"
+      required: true
+      default: 10 
+      type: "int"
+    - variable: "admin_readonly"
+      label: "Admin readonly:"
+      description: |
+        Set admin to readonly mode.
+      default: false
+      required: true
+      type: "boolean"
+    - variable: "admin_statistics"
+      description: "Enable more detailed statistics."
+      label: "Admin statistics history:"
+      required: true
+      default: 10
+      type: "int"
+    - variable: "admin_auth_method"
+      description: "Admin auth method on the webui."
+      label: "Admin auth method:"
+      required: true
+      default: "basic"
+      type: enum
+      options: # List of options if using type of `enum`
+        - basic
+        - digest
+    - variable: "admin_users"
+      description: "Admin auth user list on the webui. Generate with htpassword for basic or htdigest with traefik realm for digest."
+      label: "Admin users:"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "prometheus_enable"
+      description: "To enable statistics to be pulled by Prometheus."
+      label: "Prometheus enable"
+      default: false
+      required: true
+      type: "boolean"
+    - variable: "prometheus_buckets"
+      description: "To define your own buckets"
+      label: "Prometheus buckets"
+      default: "[0.1,0.3,1.2,5.0]"
+      required: true
+      type: "string"
+    - variable: "cattle_url"
+      description: "API cattle url"
+      label: "Cattle URL"
+      default: ""
+      required: false
+      type: "string"
+    - variable: "cattle_access_key"
+      description: "API environment access key"
+      label: "Cattle access key"
+      default: ""
+      required: false
+      type: "string"
+    - variable: "cattle_secret_key"
+      description: "API environment secret key"
+      label: "Cattle secret key"
+      default: ""
+      required: false
+      type: "string"
+services:
+  traefik:
+    retain_ip: true
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 5000
+      port: 8000
+      unhealthy_threshold: 3
+      interval: 5000
+      strategy: recreate
+    metadata:
+      traefik:
+        ssl_key: |
+          ${ssl_key}
+        ssl_crt: |
+          ${ssl_crt}
diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml
index 4f54076..5d533dd 100644
--- a/templates/traefik/config.yml
+++ b/templates/traefik/config.yml
@@ -1,7 +1,7 @@
 name: Traefik
 description: |
-  (Experimental) Traefik active load balancer
-version: v1.3.6-rancher1
+  Traefik active load balancer
+version: v1.4.0-rancher1
 category: Load Balancing
 maintainer: "Raul Sanchez <rawmind@gmail.com>"
 minimum_rancher_version: v0.59.0

From 141cfd9171a96cc2dbb53c88a3d7ff3cbc508e3d Mon Sep 17 00:00:00 2001
From: Jan B <jan@rancher.com>
Date: Mon, 23 Oct 2017 16:37:13 +0200
Subject: [PATCH 25/71] Update Datadog template 1.1.1-11.0.5140 (#527)

---
 templates/datadog/6/README.md           |  23 ++++
 templates/datadog/6/docker-compose.yml  |  47 +++++++
 templates/datadog/6/rancher-compose.yml | 168 ++++++++++++++++++++++++
 templates/datadog/config.yml            |   2 +-
 4 files changed, 239 insertions(+), 1 deletion(-)
 create mode 100644 templates/datadog/6/README.md
 create mode 100755 templates/datadog/6/docker-compose.yml
 create mode 100755 templates/datadog/6/rancher-compose.yml

diff --git a/templates/datadog/6/README.md b/templates/datadog/6/README.md
new file mode 100644
index 0000000..93121e1
--- /dev/null
+++ b/templates/datadog/6/README.md
@@ -0,0 +1,23 @@
+# Datadog agent
+
+This template deploys a [Datadog](https://www.datadoghq.com/) agent stack consisting of the official [docker-dd-agent](https://www.github.com/Datadog/docker-dd-agent) image and a configuration sidekick that provides closer integration with Rancher:
+
+* Hosts in Datadog are named correctly
+* Host labels can be exported as Datadog host tags
+* Service labels can be exported as Datadog metric tags
+
+## Service Discovery
+
+Please refer to the Datadog documentation [here](http://docs.datadoghq.com/guides/servicediscovery/) to learn how to provide configuration templates for Service Discovery in etcd or Consul.
+
+## Changelog
+
+**1.1.1-11.0.5140**
+
+* Datadog image updated to v5.1.40 which includes the following Rancher specific changes:
+    * Service Discovery: Add ability to get docker IP address from Rancher labels for Rancher
+    * Docker: Fix cgroup parsing on RancherOS
+* Switched to use the Alpine based agent image
+* Added template configuration of Proxy settings
+* Added template configuration to disable DogStatsD
+* Added template configuration to overwrite DD intake URL
diff --git a/templates/datadog/6/docker-compose.yml b/templates/datadog/6/docker-compose.yml
new file mode 100755
index 0000000..d955d28
--- /dev/null
+++ b/templates/datadog/6/docker-compose.yml
@@ -0,0 +1,47 @@
+datadog-init:
+  image: janeczku/datadog-rancher-init:v2.2.5
+  net: none
+  command: /bin/true
+  volumes:
+    - /opt/rancher
+  labels:
+    io.rancher.container.start_once: "true"
+    io.rancher.container.pull_image: always
+datadog-agent:
+  image: datadog/docker-dd-agent:11.0.5140
+  command: supervisord -n -c /etc/dd-agent/supervisor.conf
+  entrypoint: /opt/rancher/entrypoint-wrapper.py
+  restart: always
+  environment:
+    # Evaluated by datadog-agent image
+    API_KEY: ${api_key}
+    EC2_TAGS: ${dd_ec2_tags}
+    DD_LOG_LEVEL: ${dd_log_level}
+    USE_DOGSTATSD: ${dd_dogstatsd_enabled}
+    STATSD_METRIC_NAMESPACE: ${statsd_namespace}
+    DD_URL: ${custom_dd_url}
+    PROXY_HOST: ${proxy_host}
+    PROXY_PORT: ${proxy_port}
+    DD_APM_ENABLED: ${dd_apm_enabled}
+    # Evaluated by datadog-init script
+    DD_HOST_LABELS: ${host_labels}
+    DD_HOST_TAGS: ${host_tags}
+    DD_CONTAINER_LABELS: ${service_labels}
+    DD_SERVICE_DISCOVERY: ${service_discovery}
+    DD_SD_CONFIG_BACKEND: ${sd_config_backend}
+    DD_SD_BACKEND_HOST: ${sd_backend_host}
+    DD_SD_BACKEND_PORT: ${sd_backend_port}
+    DD_SD_TEMPLATE_DIR: ${sd_template_dir}
+    DD_CONSUL_TOKEN: ${dd_consul_token}
+    DD_CONSUL_SCHEME: ${dd_consul_scheme}
+    DD_CONSUL_VERIFY: ${dd_consul_verify}
+    DD_METADATA_HOSTNAME: rancher-metadata
+  volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /proc/:/host/proc/:ro
+    - ${cgroups_location}:/host/sys/fs/cgroup:ro
+  volumes_from:
+    - datadog-init
+  labels:
+    io.rancher.scheduler.global: "${global_service}"
+    io.rancher.sidekicks: "datadog-init"
diff --git a/templates/datadog/6/rancher-compose.yml b/templates/datadog/6/rancher-compose.yml
new file mode 100755
index 0000000..368ca2e
--- /dev/null
+++ b/templates/datadog/6/rancher-compose.yml
@@ -0,0 +1,168 @@
+.catalog:
+  name: "Datadog"
+  version: "1.1.1-11.0.5140"
+  description: "Real-time performance tracking and visualization of your container-based application deployment"
+  minimum_rancher_version: v1.2.0
+  questions:
+    - variable: "api_key"
+      label: "Datadog API Key"
+      description: |
+        Enter your Datadog API key.
+      required: true
+      type: "string"
+    - variable: "global_service"
+      label: "Global Service"
+      description: |
+        Enable this option to run a Datadog agent container on every host in the environment.
+      required: true
+      type: "boolean"
+      default: true
+    - variable: "host_labels"
+      label: "Export Host Labels as Tags"
+      description: |
+        Comma delimited list of host labels to export as Datadog host tags, e.g. 'region,zone'.
+      required: false
+      type: "string"
+    - variable: "service_labels"
+      label: "Export Service Labels as Tags"
+      description: |
+        Comma delimited list of service labels to export as Datadog metric tags.
+        'io.rancher.stack.name' and 'io.rancher.stack_service.name' are exported by default.
+      required: false
+      type: "string"
+    - variable: "host_tags"
+      label: "Global Host Tags"
+      description: |
+        Comma delimited list of host tags to apply to metrics, e.g. 'simple-tag-0,tag-key-1:tag-value-1'.
+      required: false
+      type: "string"
+    - variable: "dd_ec2_tags"
+      label: "Collect AWS EC2 Tags"
+      description: |
+        Collect AWS EC2 custom tags as agent tags (requires an IAM role associated with the instance).
+      required: true
+      type: "boolean"
+      default: false
+    - variable: cgroups_location
+      label: Cgroup directory location
+      description: |
+        Set this to '/cgroups/' if your hosts are running Amazon Linux AMIs.
+      required: true
+      type: enum
+      default: '/sys/fs/cgroup/'
+      options:
+        - '/sys/fs/cgroup/'
+        - '/cgroups/'
+    - variable: "dd_apm_enabled"
+      label: "Enable APM agent"
+      description: |
+        Enable the Datadog trace-agent along with the infrastructure agent, allowing the container to accept traces on 8126/tcp.
+        This will run the agent from the Debian based Datadog image instead of the Alpine based one. 
+      required: true
+      type: "boolean"
+      default: false
+    - variable: "service_discovery"
+      label: "Enable Service Discovery"
+      description: |
+        Collect metrics from supported applications running in Docker containers.
+      required: true
+      type: "boolean"
+      default: false
+    - variable: "sd_config_backend"
+      label: Service Discovery Configuration Backend
+      description: |
+        Choose a key/value store to use for looking up application configuration templates.
+        If none is provided only auto config templates will be used.
+      required: true
+      type: enum
+      default: none
+      options:
+        - none
+        - etcd
+        - consul
+    - variable: "sd_backend_host"
+      label: "Configuration Backend Host"
+      description: |
+        IP address or DNS name to use to connect to the configuration backend.
+      required: false
+      type: "string"
+    - variable: "sd_backend_port"
+      label: "Configuration Backend Port"
+      description: |
+        Port to use to connect to the configuration backend.
+      required: false
+      type: "int"
+    - variable: "sd_template_dir"
+      label: "Configuration Backend Template Path"
+      description: |
+        Specify a custom path where the agent should look for configuration templates in the backend.
+        The default is '/datadog/check_configs'.
+      required: false
+      type: "string"
+    - variable: "dd_consul_scheme"
+      label: "Consul Connection Scheme"
+      description: |
+        Scheme to use for requests to a Consul backend.
+      required: false
+      type: enum
+      default: http
+      options:
+        - http
+        - https
+    - variable: "dd_consul_verify"
+      label: "Verify Consul SSL Certificate"
+      description: |
+        Whether to verify the SSL certificate for HTTPS requests to a Consul backend.
+      required: false
+      type: "boolean"
+      default: true
+    - variable: "dd_consul_token"
+      label: "Consul ACL Token"
+      description: |
+        If the Consul backend uses ACL, specify a token granting read access to the configuration templates.
+      required: false
+      type: "string"
+    - variable: "dd_dogstatsd_enabled"
+      label: "Enable DogStatsD"
+      description: |
+        Enable a DogStatsD instance to run along with the infrastructure agent.
+      required: true
+      type: "boolean"
+      default: true
+    - variable: "statsd_namespace"
+      label: "StatsD Metric Namespace"
+      description: |
+        Optional namespace for aggregated StatsD metrics.
+      required: false
+      type: "string"
+    - variable: "custom_dd_url"
+      label: "Custom Datadog Intake URL"
+      description: |
+        Set a custom Intake URL to send Agent data to.
+      required: false
+      type: "string"
+    - variable: "dd_log_level"
+      label: "Agent log level"
+      description: |
+        Set the logging verbosity of the Datadog agent.
+      required: false
+      type: enum
+      default: INFO
+      options:
+        - CRITICAL
+        - ERROR
+        - WARNING
+        - INFO
+        - DEBUG
+    - variable: "proxy_host"
+      label: "Proxy Host"
+      description: |
+        Use a proxy to send Agent data to the Datadog servers.
+      required: false
+      type: "string"
+    - variable: "proxy_port"
+      label: "Proxy Port"
+      description: |
+        Use a proxy to send Agent data to the Datadog servers.
+      required: false
+      type: "string"
diff --git a/templates/datadog/config.yml b/templates/datadog/config.yml
index 4e682a4..e3ba5d4 100755
--- a/templates/datadog/config.yml
+++ b/templates/datadog/config.yml
@@ -1,7 +1,7 @@
 name: Datadog
 description: |
   Real-time performance tracking and visualization of your container-based application deployment
-version: 1.1.0-11.0.5123
+version: 1.1.1-11.0.5140
 category: Monitoring
 maintainer: "Jan Bruder <jan@rancher.com>"
 license: The MIT License

From 8b8d29c6e4e8250e47d50d1ed9dc933f9416f3bc Mon Sep 17 00:00:00 2001
From: chrisurwin <chrisu@hotmail.co.uk>
Date: Mon, 30 Oct 2017 16:05:19 +0000
Subject: [PATCH 26/71] Updates to Spot Instance helper (#647)

---
 .../aws-spot-instance-helper/1/README.md      |  9 ++++++++
 .../1/docker-compose.yml                      | 10 +++++++++
 .../1/rancher-compose.yml                     | 21 +++++++++++++++++++
 .../aws-spot-instance-helper/config.yml       |  2 +-
 4 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 infra-templates/aws-spot-instance-helper/1/README.md
 create mode 100644 infra-templates/aws-spot-instance-helper/1/docker-compose.yml
 create mode 100644 infra-templates/aws-spot-instance-helper/1/rancher-compose.yml

diff --git a/infra-templates/aws-spot-instance-helper/1/README.md b/infra-templates/aws-spot-instance-helper/1/README.md
new file mode 100644
index 0000000..8451599
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/1/README.md
@@ -0,0 +1,9 @@
+# AWS Spot Instance Helper
+
+### Info
+This is a simple service that runs globally. It monitors the state of the host, if the host is running on a spot instance it will check to see if the host is scheduled for termination then it will automatically deactive the host and evaculate the containers.
+
+The source code is available at [https://www.github.com/chrisurwin/aws-spot-instance-helper](https://www.github.com/chrisurwin/aws-spot-instance-helper)
+
+This version support notification to slack.
+
diff --git a/infra-templates/aws-spot-instance-helper/1/docker-compose.yml b/infra-templates/aws-spot-instance-helper/1/docker-compose.yml
new file mode 100644
index 0000000..b84671c
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/1/docker-compose.yml
@@ -0,0 +1,10 @@
+aws-spot-instance-helper:
+  image: chrisurwin/aws-spot-instance-helper:v0.2.0
+  tty: true
+  labels:
+    io.rancher.container.create_agent: 'true'
+    io.rancher.container.agent.role: environment
+    io.rancher.container.pull_image: always
+    io.rancher.scheduler.global: 'true'
+  environment:
+    SLACK_WEBHOOK: "${SLACK_WEBHOOK}"
\ No newline at end of file
diff --git a/infra-templates/aws-spot-instance-helper/1/rancher-compose.yml b/infra-templates/aws-spot-instance-helper/1/rancher-compose.yml
new file mode 100644
index 0000000..044feb9
--- /dev/null
+++ b/infra-templates/aws-spot-instance-helper/1/rancher-compose.yml
@@ -0,0 +1,21 @@
+.catalog:
+    name: "AWS Spot Instance Helper"
+    version: "v0.2.0"
+    description: "AWS Spot Instance Helper"
+    minimum_rancher_version: v1.5.5
+    questions:
+     - variable: "SLACK_WEBHOOK"
+       description: "Slack Webhook"
+       label: "Slack Webhook"
+       required: false
+       type: "string"
+ 
+aws-spot-instance-helper:
+    health_check:
+        port: 9777
+        interval: 2000
+        unhealthy_threshold: 3
+        strategy: recreate
+        response_timeout: 2000
+        request_line: GET /ping HTTP/1.0
+        healthy_threshold: 2
\ No newline at end of file
diff --git a/infra-templates/aws-spot-instance-helper/config.yml b/infra-templates/aws-spot-instance-helper/config.yml
index 1457c2a..f010504 100644
--- a/infra-templates/aws-spot-instance-helper/config.yml
+++ b/infra-templates/aws-spot-instance-helper/config.yml
@@ -1,5 +1,5 @@
 name: AWS Spot Instance Helper
 description: |
   Automatically evacuates spot instances that are marked for termination
-version: v0.1.0
+version: v0.2.0
 category: Rancher Services
\ No newline at end of file

From 831c6716a1288a7a163c0cfca60a59371a5d0adf Mon Sep 17 00:00:00 2001
From: Youkoulayley <bmayelle@hotmail.fr>
Date: Tue, 31 Oct 2017 15:59:04 +0100
Subject: [PATCH 27/71] fix upload file in wekan

---
 templates/wekan/0/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/wekan/0/docker-compose.yml b/templates/wekan/0/docker-compose.yml
index c611526..7d3f894 100644
--- a/templates/wekan/0/docker-compose.yml
+++ b/templates/wekan/0/docker-compose.yml
@@ -1,5 +1,5 @@
 wekandb:
-  image: mongo
+  image: mongo:3.2.11
 #  volumes:
 #    - ./data/runtime/db:/data/db
 #    - ./data/dump:/dump

From 655e0195f8ceaa96a6f112962ed582ba79958b8d Mon Sep 17 00:00:00 2001
From: Sebastiaan van Steenis <mail@superseb.nl>
Date: Wed, 1 Nov 2017 10:12:13 +0100
Subject: [PATCH 28/71] Update external-dns infoblox provider to 0.7.8

---
 infra-templates/infoblox/1/README.md          | 40 ++++++++++++
 infra-templates/infoblox/1/docker-compose.yml | 16 +++++
 .../infoblox/1/rancher-compose.yml            | 63 +++++++++++++++++++
 infra-templates/infoblox/config.yml           |  2 +-
 4 files changed, 120 insertions(+), 1 deletion(-)
 create mode 100644 infra-templates/infoblox/1/README.md
 create mode 100644 infra-templates/infoblox/1/docker-compose.yml
 create mode 100644 infra-templates/infoblox/1/rancher-compose.yml

diff --git a/infra-templates/infoblox/1/README.md b/infra-templates/infoblox/1/README.md
new file mode 100644
index 0000000..3f3636b
--- /dev/null
+++ b/infra-templates/infoblox/1/README.md
@@ -0,0 +1,40 @@
+## Infoblox DNS
+
+Rancher External DNS service powered by Infoblox DNS
+
+#### Usage
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.
\ No newline at end of file
diff --git a/infra-templates/infoblox/1/docker-compose.yml b/infra-templates/infoblox/1/docker-compose.yml
new file mode 100644
index 0000000..9208a36
--- /dev/null
+++ b/infra-templates/infoblox/1/docker-compose.yml
@@ -0,0 +1,16 @@
+infoblox:
+  image: rancher/external-dns:v0.7.8
+  command: -provider=infoblox
+  expose:
+   - 1000
+  environment:
+    INFOBLOX_URL: ${INFOBLOX_URL}
+    INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME}
+    INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    SSL_VERIFY: ${SSL_VERIFY}
+    USE_COOKIES: ${USE_COOKIES}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"
diff --git a/infra-templates/infoblox/1/rancher-compose.yml b/infra-templates/infoblox/1/rancher-compose.yml
new file mode 100644
index 0000000..809f055
--- /dev/null
+++ b/infra-templates/infoblox/1/rancher-compose.yml
@@ -0,0 +1,63 @@
+# notemplating
+.catalog:
+  name: "Infoblox DNS"
+  version: "v0.2.0"
+  description: "Rancher External DNS service powered by Infoblox"
+  minimum_rancher_version: v1.6.0
+  questions:
+    - variable: "INFOBLOX_URL"
+      label: "Infoblox url"
+      description: "Infoblox url for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_USER_NAME"
+      label: "Infoblox user name"
+      description: "Infoblox user name for your Infoblox service"
+      type: "string"
+      required: true
+    - variable: "INFOBLOX_PASSWORD"
+      label: "Infoblox password"
+      description: "Infoblox password for your Infoblox service"
+      type: "password"
+      required: true
+    - variable: "SSL_VERIFY"
+      label: "Ssl verify"
+      description: "Infoblox Ssl verify for your Infoblox service"
+      type: "boolean"
+      required: true
+    - variable: "USE_COOKIES"
+      label: "Use cookies"
+      description: "Uses cookies if specified, re-creating the request and falling back to basic auth if a cookie is not present"
+      type: "boolean"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone name (root domain) managed by Infoblox. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+infoblox:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000
diff --git a/infra-templates/infoblox/config.yml b/infra-templates/infoblox/config.yml
index 46f51e2..835d88d 100644
--- a/infra-templates/infoblox/config.yml
+++ b/infra-templates/infoblox/config.yml
@@ -1,7 +1,7 @@
 name: Infoblox DNS
 description: |
   Rancher External DNS service powered by Infoblox
-version:  v0.1.0
+version:  v0.2.0
 category: External DNS
 labels:
   io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

From f59d5558cfd3bc05ff991a3fc5d2a46d9913fe5c Mon Sep 17 00:00:00 2001
From: Kyle <thesheerice@gmail.com>
Date: Sun, 5 Nov 2017 13:37:00 -0700
Subject: [PATCH 29/71] Updated Drone to v1.8.1

---
 templates/drone/5/README.md              |  19 +++
 templates/drone/5/docker-compose.yml.tpl | 116 ++++++++++++++
 templates/drone/5/rancher-compose.yml    | 188 +++++++++++++++++++++++
 3 files changed, 323 insertions(+)
 create mode 100644 templates/drone/5/README.md
 create mode 100644 templates/drone/5/docker-compose.yml.tpl
 create mode 100644 templates/drone/5/rancher-compose.yml

diff --git a/templates/drone/5/README.md b/templates/drone/5/README.md
new file mode 100644
index 0000000..e80a123
--- /dev/null
+++ b/templates/drone/5/README.md
@@ -0,0 +1,19 @@
+# Drone
+
+### Info:
+
+This template creates an instance of Drone CI server 0.8.1 along with selectable number of agents to perform the builds.
+
+### Usage:
+
+Select the Drone template from the catalog. Provide the following information:
+
+1. Publish port
+2. Agents scale
+3. Drone secret
+4. Run mode. debug | release
+3. Remote driver and config. (Ie. GitHub)
+4. Database driver and config. (Ie. sqlite)
+
+
+See [Drone documentation](http://readme.drone.io/admin) for complete information.
diff --git a/templates/drone/5/docker-compose.yml.tpl b/templates/drone/5/docker-compose.yml.tpl
new file mode 100644
index 0000000..eae9aad
--- /dev/null
+++ b/templates/drone/5/docker-compose.yml.tpl
@@ -0,0 +1,116 @@
+version: '2'
+services:
+  agent:
+    image: drone/agent:${drone_version}
+    environment:
+      DRONE_SERVER: ${drone_server}
+      DRONE_SECRET: ${drone_secret}
+{{- if (.Values.http_proxy)}}
+      HTTP_PROXY: ${http_proxy}
+      http_proxy: ${http_proxy}
+{{- end}}
+{{- if (.Values.https_proxy)}}
+      HTTPS_PROXY: ${https_proxy}
+      https_proxy: ${https_proxy}
+{{- end}}
+{{- if (.Values.no_proxy)}}
+      NO_PROXY: ${no_proxy}
+      no_proxy: ${no_proxy}
+{{- end}}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    links:
+      - server:drone
+    command:
+      - agent
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+  server:
+    image: drone/drone:${drone_version}
+    environment:
+      DRONE_HOST: ${drone_host}
+      GIN_MODE: ${gin_mode}
+{{- if (.Values.drone_debug)}}
+      DRONE_DEBUG: '${drone_debug}'
+{{- end}}
+      DRONE_SECRET: ${drone_secret}
+      DRONE_OPEN: ${drone_open}
+{{- if (.Values.drone_admin)}}
+      DRONE_ADMIN: ${drone_admin}
+{{- end}}
+{{- if (.Values.drone_orgs)}}
+      DRONE_ORGS: ${drone_orgs}
+{{- end}}
+{{- if eq .Values.drone_driver "GitHub"}}
+      DRONE_GITHUB: true
+      DRONE_GITHUB_CLIENT: ${drone_driver_client}
+      DRONE_GITHUB_SECRET: ${drone_driver_secret}
+{{- end}}
+{{- if eq .Values.drone_driver "Bitbucket Cloud"}}
+      DRONE_BITBUCKET: true
+      DRONE_BITBUCKET_CLIENT: ${drone_driver_client}
+      DRONE_BITBUCKET_SECRET: ${drone_driver_secret}
+{{- end}}
+{{- if eq .Values.drone_driver "Bitbucket Server"}}
+      DRONE_STASH: true
+      DRONE_STASH_GIT_USERNAME: ${drone_driver_user}
+      DRONE_STASH_GIT_PASSWORD: ${drone_driver_password}
+      DRONE_STASH_CONSUMER_KEY: ${drone_driver_client}
+      DRONE_STASH_CONSUMER_RSA_STRING: ${drone_driver_secret}
+      DRONE_STASH_URL: ${drone_driver_url}
+{{- end}}
+{{- if eq .Values.drone_driver "GitLab"}}
+      DRONE_GITLAB: true
+      DRONE_GITLAB_CLIENT: ${drone_driver_secret}
+      DRONE_GITLAB_SECRET: ${drone_driver_secret}
+      DRONE_GITLAB_URL: ${drone_driver_url}
+{{- end}}
+{{- if eq .Values.drone_driver "Gogs"}}
+      DRONE_GOGS: true
+      DRONE_GOGS_URL: ${drone_driver_url}
+{{- end}}
+{{- if ne .Values.database_driver "sqlite"}}
+      DRONE_DATABASE_DRIVER: ${database_driver}
+      DRONE_DATABASE_DATASOURCE: ${database_source}
+{{- end}}
+{{- if (.Values.http_proxy)}}
+      HTTP_PROXY: ${http_proxy}
+      http_proxy: ${http_proxy}
+{{- end}}
+{{- if (.Values.https_proxy)}}
+      HTTPS_PROXY: ${https_proxy}
+      https_proxy: ${https_proxy}
+{{- end}}
+{{- if (.Values.no_proxy)}}
+      NO_PROXY: ${no_proxy}
+      no_proxy: ${no_proxy}
+{{- end}}
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+{{- if eq .Values.database_driver "sqlite"}}
+      io.rancher.sidekicks: server-volume
+    volumes_from:
+      - server-volume
+  server-volume:
+    image: rawmind/alpine-volume:0.0.2-1
+    environment:
+      SERVICE_GID: '0'
+      SERVICE_UID: '0'
+      SERVICE_VOLUME: /var/lib/drone
+    network_mode: none
+    volumes:
+      - /var/lib/drone
+    labels:
+      io.rancher.container.start_once: 'true'
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+{{- end}}
+  lb:
+    image: rancher/lb-service-haproxy:v0.6.4
+    ports:
+      - ${host_port}:${host_port}
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label_soft: ${drone_lb_host_label}
diff --git a/templates/drone/5/rancher-compose.yml b/templates/drone/5/rancher-compose.yml
new file mode 100644
index 0000000..3da3bec
--- /dev/null
+++ b/templates/drone/5/rancher-compose.yml
@@ -0,0 +1,188 @@
+version: 2
+catalog:
+  name: Drone
+  version: 0.8.1-rancher1
+  upgrade_from: 0.8.0-rc.1-rancher1
+  description: |
+    Drone CI Server ref http://readme.drone.io/admin/installation-guide/
+  questions:
+    - variable: drone_host
+      label: Drone Host URL
+      description: Intended URL Drone will be hosted on, e.g. http://drone.mycompany.com.
+      required: true
+      type: string
+    - variable: host_port
+      label: Drone Server Host Port
+      description: Public port that will be exposed on service creation.
+      required: true
+      default: 8000
+      type: int
+    - variable: agent_scale
+      label: Drone Agent Scale
+      description: Drone agent scale to deploy
+      required: true
+      default: 1
+      type: int
+    - variable: drone_secret
+      label: Server and Agents Secret
+      description: Server and agents secret to be communicate. http://readme.drone.io/admin/user-registration/
+      type: password
+      required: true
+    - variable: gin_mode
+      label: Run mode
+      description: "Drone run mode, GIN_MODE"
+      type: enum
+      default: "release"
+      options:
+        - "release"
+        - "debug"
+      required: true
+    - variable: drone_open
+      label: Open Registration
+      description: |
+        Users self register. http://readme.drone.io/admin/user-registration/
+      required: true
+      default: true
+      type: enum
+      options:
+        - true
+        - false
+    - variable: drone_admin
+      label: Drone Admin
+      description: List of admins for drone comma seperated. http://readme.drone.io/admin/user-admins/
+      type: string
+      required: false
+    - variable: drone_orgs
+      label: Organizations
+      description: Comman seperated list of org that can access drone. http://readme.drone.io/admin/user-registration/
+      type: string
+      required: false
+    - variable: "drone_driver"
+      type: "enum"
+      required: true
+      label: "Remote Driver"
+      default: "GitHub"
+      description: "Remote Git and Auth scheme. ref http://readme.drone.io/admin"
+      options:
+        - GitHub
+        - GitLab
+        - Gogs
+        - Bitbucket Cloud
+        - Bitbucket Server
+    - variable: drone_driver_client
+      label: Remote Driver Client
+      description: "Client key from remote driver. Required for GitHub, Bitbucket Cloud, Bitbucket Server and GitLab."
+      type: string
+      required: false
+    - variable: drone_driver_secret
+      label: Remote Driver Secret
+      description: "Secret key from remote driver. Required for GitHub, Bitbucket Cloud, Bitbucket Server and GitLab."
+      type: multiline
+      required: false
+    - variable: drone_driver_url
+      label: Remote Driver URL
+      description: "Remote Driver server url. Required for GitLab, Gogs and Bitbucket Server; see http://readme.drone.io/admin."
+      type: string
+      required: false
+    - variable: drone_driver_user
+      label: Remote Driver Username
+      description: "Remote Driver username. Required for BitBucket Server; see http://docs.drone.io/install-for-bitbucket-server/."
+      type: string
+      required: false
+    - variable: drone_driver_password
+      label: Remote Driver Password
+      description: "Remote Driver password. Required for BitBucket Server, http://docs.drone.io/install-for-bitbucket-server/."
+      type: password
+      required: false
+    - variable: drone_server
+      label: Drone Server
+      description: "Drone sever identifier. Used by the agent to connect to the server (does not require change)."
+      type: string
+      default: "drone:9000"
+    - variable: drone_version
+      label: Drone Version
+      description: "Drone version/Docker tag used for the Drone container images."
+      type: enum
+      default: "0.8.1"
+      options:
+        - 0.8.1
+        - 0.8.0
+        - '0.8'
+        - latest
+    - variable: database_driver
+      label: Database Driver
+      description: "Database driver. If sqlite, additional volume would be mounted at /var/lib/drone."
+      type: enum
+      default: "sqlite"
+      options:
+        - "sqlite"
+        - "mysql"
+        - "postgres"
+      required: true
+    - variable: "database_source"
+      type: "string"
+      label: "Database source"
+      description: "Database datasource. Required if database driver is mysql or postgres, http://readme.drone.io/admin/database-engines/"
+      required: false
+    - variable: "http_proxy"
+      type: string
+      label: HTTP Proxy
+      description: "Optional: HTTP forward proxy URL."
+      required: false
+    - variable: "https_proxy"
+      type: string
+      label: HTTPS Proxy
+      description: "Optional: HTTPS forward proxy URL."
+      required: false
+    - variable: "no_proxy"
+      type: string
+      label: No Proxy
+      description: "Optional: No proxy hosts (comma-separated hostnames/IPs)."
+      required: false
+      default: "drone"
+    - variable: "drone_debug"
+      label: Drone Debug
+      description: "Enable debug output with the Drone server."
+      type: enum
+      options:
+        - 'true'
+        - 'false'
+      default: 'false'
+    - variable: drone_lb_host_label
+      label: Drone LB Host Label
+      description: Host label (soft affinity) for scheduling of the load balancer service.
+      required: true
+      default: "drone_lb=true"
+      type: string
+services:
+  agent:
+    scale: ${agent_scale}
+    start_on_create: true
+  server:
+    scale: 1
+    start_on_create: true
+    health_check:
+      port: 8000
+      interval: 2000
+      unhealthy_threshold: 3
+      strategy: recreate
+      request_line: GET / HTTP/1.0
+      healthy_threshold: 2
+      response_timeout: 2000
+  lb:
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: server
+        source_port: ${host_port}
+        target_port: 8000
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 2000
+      port: 42
+      unhealthy_threshold: 3
+      interval: 2000
+      strategy: recreate

From d9840de7e95f3ab1f703632b92ff7d7de351cb20 Mon Sep 17 00:00:00 2001
From: Kyle <thesheerice@gmail.com>
Date: Sun, 5 Nov 2017 13:49:22 -0700
Subject: [PATCH 30/71] Updated default version for Drone

---
 templates/drone/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/drone/config.yml b/templates/drone/config.yml
index e501783..c911525 100644
--- a/templates/drone/config.yml
+++ b/templates/drone/config.yml
@@ -1,5 +1,5 @@
 name: Drone
 description: |
     Drone CI Server
-version: 0.8.0-rc.1-rancher1
+version: 0.8.1-rancher1
 category: Continuous Integration

From 0b53ea456075f11a0e8930b4856601a7b3067a44 Mon Sep 17 00:00:00 2001
From: Raul Sanchez <rawmind@gmail.com>
Date: Wed, 8 Nov 2017 12:50:11 +0100
Subject: [PATCH 31/71] Updated kafka to v1.0.0. Updated Zookeeper to v3.4.10.
 Updated traefik to v1.4.2

---
 templates/kafka/4/README.md                  |  32 +++
 templates/kafka/4/docker-compose.yml         |  46 ++++
 templates/kafka/4/rancher-compose.yml        |  96 +++++++++
 templates/kafka/config.yml                   |   4 +-
 templates/traefik/12/README.md               |  80 +++++++
 templates/traefik/12/docker-compose.yml.tpl  | 107 ++++++++++
 templates/traefik/12/rancher-compose.yml     | 208 +++++++++++++++++++
 templates/traefik/config.yml                 |   2 +-
 templates/zookeeper/4/README.md              |  27 +++
 templates/zookeeper/4/docker-compose.yml.tpl |  56 +++++
 templates/zookeeper/4/rancher-compose.yml    |  88 ++++++++
 templates/zookeeper/config.yml               |   4 +-
 12 files changed, 745 insertions(+), 5 deletions(-)
 create mode 100644 templates/kafka/4/README.md
 create mode 100644 templates/kafka/4/docker-compose.yml
 create mode 100644 templates/kafka/4/rancher-compose.yml
 create mode 100644 templates/traefik/12/README.md
 create mode 100644 templates/traefik/12/docker-compose.yml.tpl
 create mode 100644 templates/traefik/12/rancher-compose.yml
 create mode 100644 templates/zookeeper/4/README.md
 create mode 100644 templates/zookeeper/4/docker-compose.yml.tpl
 create mode 100644 templates/zookeeper/4/rancher-compose.yml

diff --git a/templates/kafka/4/README.md b/templates/kafka/4/README.md
new file mode 100644
index 0000000..37ccd1b
--- /dev/null
+++ b/templates/kafka/4/README.md
@@ -0,0 +1,32 @@
+# Apache Kafka
+
+### Info:
+
+ This template creates, scale in and scale out a multinodes kafka broker cluster on top of Rancher. The configuration is generated with confd from Rancher metadata. 
+ Cluster size are variable after deployment, and get reconfigured after refresh interval.
+ 
+ 
+### Usage:
+
+ Select Apache Kafka from catalog. 
+ 
+ Enter the number of nodes, mem and refresh interval for the kafka cluster.
+ 
+ Change the following kafka default parameters, if you need:
+
+- kafka_scale=3							# kafka scale to deploy.
+- kafka_mem=512							# kafka broker memory.
+- kafka_log_dir="/opt/kafka/logs"		# Kafka log dir.
+- kafka_log_retention="168"				# kafka log retention. 
+- kafka_num_partitions="1"				# Kafka partitions number
+- kafka_delete_topics="false"			# kafka delete topics
+- kafka_auto_create_topics="true"		# kafka auto create topics
+- kafka_replication_factor=1 			# Kafka replication factor
+- kafka_pub_ip= < true | false >		# Advertise public ip to zookeeper.
+- zk_link="kafka-zk/zk" 				# zookeeper stack/service to connect to.
+ 
+ Click deploy.
+ 
+ Kafka can now be accessed over the Rancher network. 
+
+ Note: When you scale the cluster, zero downtime is not guaranteed..yet..
diff --git a/templates/kafka/4/docker-compose.yml b/templates/kafka/4/docker-compose.yml
new file mode 100644
index 0000000..e87f469
--- /dev/null
+++ b/templates/kafka/4/docker-compose.yml
@@ -0,0 +1,46 @@
+broker:
+  tty: true
+  image: rawmind/alpine-kafka:1.0.0-2
+  volumes_from:
+    - broker-volume
+    - broker-conf
+  environment:
+    - JVMFLAGS=-Xmx${kafka_mem}m -Xms${kafka_mem}m
+    - CONFD_INTERVAL=${kafka_interval}
+    - ZK_SERVICE=${zk_link}
+    - KAFKA_DELETE_TOPICS=${kafka_delete_topics}
+    - KAFKA_LOG_DIRS=${kafka_log_dir}
+    - KAFKA_LOG_RETENTION_HOURS=${kafka_log_retention}
+    - KAFKA_NUM_PARTITIONS=${kafka_num_partitions}
+    - ADVERTISE_PUB_IP=${kafka_pub_ip}
+    - KAFKA_AUTO_CREATE_TOPICS=${kafka_auto_create_topics}
+    - KAFKA_REPLICATION_FACTOR=${kafka_replication_factor}
+  external_links:
+    - ${zk_link}:zk
+  labels: 
+    io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.container.hostname_override: container_name
+    io.rancher.sidekicks: broker-volume, broker-conf
+broker-conf:
+  net: none
+  labels:
+    io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.container.hostname_override: container_name
+    io.rancher.container.start_once: true
+  image: rawmind/rancher-kafka:0.11.0.0-1
+  volumes:
+    - /opt/tools
+broker-volume:
+  net: none
+  labels:
+    io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.container.hostname_override: container_name
+    io.rancher.container.start_once: true
+  environment:
+    - SERVICE_UID=10003
+    - SERVICE_GID=10003
+    - SERVICE_VOLUME=${kafka_log_dir}
+  volumes:
+    - ${kafka_log_dir}
+  volume_driver: local
+  image: rawmind/alpine-volume:0.0.2-1
diff --git a/templates/kafka/4/rancher-compose.yml b/templates/kafka/4/rancher-compose.yml
new file mode 100644
index 0000000..badb166
--- /dev/null
+++ b/templates/kafka/4/rancher-compose.yml
@@ -0,0 +1,96 @@
+.catalog:
+  name: Kafka
+  version: 1.0.0-rancher1
+  description: |
+    (Experimental) Apache Kafka cluster.
+  minimum_rancher_version: v0.59.0
+  maintainer: "Raul Sanchez <rawmind@gmail.com>"
+  uuid: kafka-0
+  questions:
+    - variable: "kafka_scale"
+      description: "Number of brokers nodes. Note: Recommended an odd number"
+      label: "Broker Nodes:"
+      required: true
+      default: 3
+      type: "int"
+    - variable: "kafka_mem"
+      description: "Amount of memory to config brokers."
+      label: "Broker Memory (mb):"
+      required: true
+      default: 1024 
+      type: "string"
+    - variable: "kafka_log_dir"
+      description: "Broker volume to log data"
+      label: "Broker log volume:"
+      required: true
+      default: "/opt/kafka/logs"
+      type: "string"
+    - variable: "kafka_log_retention"
+      description: "Broker log retention in hours"
+      label: "Broker log retention (h):"
+      required: true
+      default: "168"
+      type: "int"
+    - variable: "kafka_num_partitions"
+      description: "Number of broker partitions"
+      label: "Broker partitions:"
+      required: true
+      default: "1"
+      type: "int"
+    - variable: "kafka_delete_topics"
+      label: "Delete topics:"
+      description: |
+        Enable delete topics in kafka.
+      default: false
+      required: true
+      type: enum
+      options:
+        - false
+        - true 
+    - variable: "kafka_auto_create_topics"
+      label: "Auto create topics:"
+      description: |
+        Enable auto create topics in kafka.
+      default: true
+      required: true
+      type: enum
+      options:
+        - false
+        - true
+    - variable: "kafka_replication_factor"
+      description: "Topics replication factor" 
+      label: "Replication factor:"
+      required: true
+      default: 1 
+      type: "int"
+    - variable: "kafka_interval"
+      description: "Interval to poll/apply configuration changes. 0 to disable" 
+      label: "Broker Interval (s):"
+      required: true
+      default: 60 
+      type: "int"
+    - variable: "kafka_pub_ip"
+      description: "Advertise local and host public ip" 
+      label: "Broker public ip:"
+      required: false
+      default: false 
+      type: "boolean"
+    - variable: "zk_link"
+      description: |
+        Choose the Zookeeper service to use. 
+        It's really recommended a dedicated zookeeper service just for Kafka.
+      label: "Zookeeper stack/service"
+      default: "kafka-zk/zk"
+      required: true
+      type: "service"
+broker:
+  scale: ${kafka_scale}
+  retain_ip: true
+  health_check:
+    port: 9092
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: ''
+    healthy_threshold: 2
+    response_timeout: 5000
+
diff --git a/templates/kafka/config.yml b/templates/kafka/config.yml
index af07587..c713076 100644
--- a/templates/kafka/config.yml
+++ b/templates/kafka/config.yml
@@ -1,7 +1,7 @@
 name: Apache Kafka
 description: |
-  (Experimental) Kafka cluster
-version: 0.11.0.0-rancher1
+  Kafka cluster
+version: 1.0.0-rancher1
 category: Clustering
 maintainer: "Raul Sanchez <rawmind@gmail.com>"
 minimum_rancher_version: v0.59.0
diff --git a/templates/traefik/12/README.md b/templates/traefik/12/README.md
new file mode 100644
index 0000000..a3826ab
--- /dev/null
+++ b/templates/traefik/12/README.md
@@ -0,0 +1,80 @@
+# Traefik active load balancer
+
+### Info:
+
+ This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata.
+ It would be deployed in hosts with label traefik_lb=true.
+
+### Config:
+
+- rancher_integration = "metadata" # Rancher integration method.
+- host_label = "traefik_lb=true" # Host label where to run traefik service.
+- http_port = 8080  # Port exposed to get access to the published services.
+- https_port = 8443  # Port exposed to get secured access to the published services.
+- admin_port = 8000  # Port exposed to get admin access to the traefik service.
+- https_enable = <false | true | only>
+  - false: Enable http enpoints and disable https ones.
+  - true: Enable http and https endpoints.
+  - only: Enable https endpoints and redirect http to https.
+- acme_enable = false               # Enable/Disable acme traefik support.
+- acme_email = "test@traefik.io"    # acme user email
+- acme_ondemand = true              # acme ondemand parameter.
+- acme_onhostrule = true            # acme onHostRule parameter.
+- acme_caserver = "https://acme-v01.api.letsencrypt.org/directory"          # acme caServer parameter.
+- acme_vol_name = "traefik_acme_vol"    # Volume name to user by acme sidekick
+- acme_vol_driver = "local"   # Volume driver to user by acme sidekick
+- ssl_key # Paste your ssl key. *Required if you enable https
+- ssl_crt # Paste your ssl crt. *Required if you enable https
+- insecure_skip = false # Enable InsecureSkipVerify param.
+- compress_enable = true    # Enable traefik compression
+- refresh_interval = 10s  # Interval to refresh traefik rules.toml from rancher-metadata.
+- admin_readonly = false # Set REST API to read-only mode.
+- admin_statistics = 10 # Enable more detailed statistics, extend recent errors number.
+- admin_auth_method = "basic" # Selec auth method, basic or digest.
+- admin_users = "" # Paste basic or digest users created with htdigest, one user per line.
+- prometheus_enable = false # Enable prometheus statistics
+- prometheus_buckets = "[0.1,0.3,1.2,5.0]" # Prometheus buckets
+- cattle_url = ""           # Cattle url if you choose api integration
+- cattle_access_key = ""    # Cattle access key if you choose api integration
+- cattle_secret_key = ""    # Cattle secret key if you choose api integration    
+### Service configuration labels:
+
+Traefik labels has to be added to your services, in order to get included in traefik config.
+
+## Metadata or api
+
+Please use traefik defined labels if you choose metadata or api rancher integration. 
+
+[Traefik rancher backend labels][traefik rancher backend]
+
+Metadata is the prefered and recommended rancher integration.
+
+Api integration needs you create an environment API key in your rancher environment. Also, it needs you provide CATTLE_URL, CATTLE_ACCESS_KEY and CATTLE_SECRET_KEY.
+
+## External
+
+Use this labels if you choose extenal rancher integration.
+
+- traefik.enable = <true | false>
+  - true: the service will be published as *service_name.stack_name.traefik_domain*
+  - stack: the service will be published as *stack_name.traefik_domain*. WARNING: You could have collisions inside services within your stack
+  - false: the service will not be published
+- traefik.alias = < alias >         # Alternate names to route rule. Multiple values separated by ",". WARNING: You could have collisions BE CAREFULL
+- traefik.domain = < domain >       # Domain names to route rule. Multiple values separated by ","
+- traefik.path = < path >           # Path to route rule. Multiple paths separated by ","
+- traefik.port = < port >           # Port to expose throught traefik
+- traefik.acme = < true | false >   # Enable/disable ACME traefik feature
+
+### Usage:
+
+ Select Traefik from catalog.
+
+ Set the params.
+
+ Click deploy.
+
+ Access your traefik admin service at $admin_port to see your published services.
+
+Note: To access the services, you need to create A or CNAMES dns entries for every one.
+
+[traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour
diff --git a/templates/traefik/12/docker-compose.yml.tpl b/templates/traefik/12/docker-compose.yml.tpl
new file mode 100644
index 0000000..a301454
--- /dev/null
+++ b/templates/traefik/12/docker-compose.yml.tpl
@@ -0,0 +1,107 @@
+version: '2'
+services:
+  traefik:
+    ports:
+    - ${admin_port}:8000/tcp
+    - ${http_port}:${http_port}/tcp
+    - ${https_port}:${https_port}/tcp
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+      io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+      io.rancher.sidekicks: 
+        {{- if eq .Values.rancher_integration "external"}} traefik-conf
+            {{- if eq .Values.acme_enable "true" -}},{{- end -}}
+        {{- end -}}
+        {{- if eq .Values.acme_enable "true" -}}
+            {{- if ne .Values.rancher_integration "external"}} traefik-acme
+            {{- else -}}traefik-acme
+            {{- end -}}
+        {{- end -}}
+    {{- end}}
+      io.rancher.container.hostname_override: container_name
+    image: rawmind/alpine-traefik:1.4.2-0
+    environment:
+    - TRAEFIK_HTTP_PORT=${http_port}
+    - TRAEFIK_HTTP_COMPRESSION=${compress_enable}
+    - TRAEFIK_HTTPS_PORT=${https_port}
+    - TRAEFIK_HTTPS_ENABLE=${https_enable}
+    - TRAEFIK_HTTPS_COMPRESSION=${compress_enable}
+    - TRAEFIK_INSECURE_SKIP=${insecure_skip}
+    - TRAEFIK_ADMIN_ENABLE=true
+    - TRAEFIK_ADMIN_READ_ONLY=${admin_readonly}
+    - TRAEFIK_ADMIN_STATISTICS=${admin_statistics}
+    - TRAEFIK_ADMIN_AUTH_METHOD=${admin_auth_method}
+    - TRAEFIK_ADMIN_AUTH_USERS=${admin_users}
+  {{- if eq .Values.rancher_integration "external"}}
+    - CONF_INTERVAL=${refresh_interval}
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+    - TRAEFIK_ACME_ENABLE=${acme_enable}
+    - TRAEFIK_ACME_EMAIL=${acme_email}
+    - TRAEFIK_ACME_ONDEMAND=${acme_ondemand}
+    - TRAEFIK_ACME_ONHOSTRULE=${acme_onhostrule}
+    - TRAEFIK_ACME_CASERVER=${acme_caserver}
+  {{- end}}
+  {{- if ne .Values.rancher_integration "external"}}
+    - TRAEFIK_RANCHER_ENABLE=true
+    - TRAEFIK_RANCHER_MODE=${rancher_integration}
+    {{- if eq .Values.rancher_integration "api"}}
+    - CATTLE_URL=${cattle_url}
+    - CATTLE_ACCESS_KEY=${cattle_access_key}
+    - CATTLE_SECRET_KEY=${cattle_secret_key}
+    {{- end}}
+  {{- end}}
+  {{- if eq .Values.prometheus_enable "true"}}
+    - TRAEFIK_PROMETHEUS_ENABLE=${prometheus_enable}
+    - TRAEFIK_PROMETHEUS_BUCKETS=${prometheus_buckets}
+  {{- end}}
+  {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+    volumes_from:
+    {{- if eq .Values.rancher_integration "external"}}
+    - traefik-conf
+    {{- end}}
+    {{- if eq .Values.acme_enable "true"}}
+    - traefik-acme
+    {{- end}}
+  {{- end}}
+  {{- if eq .Values.rancher_integration "external"}}
+  traefik-conf:
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+      io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.start_once: 'true'
+    image: rawmind/rancher-traefik:1.3.6
+    network_mode: none
+    volumes:
+      - tools-volume:/opt/tools
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+  traefik-acme:
+    network_mode: none
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+      io.rancher.container.start_once: true
+    environment:
+      - SERVICE_UID=10001
+      - SERVICE_GID=10001
+      - SERVICE_VOLUME=/opt/traefik/acme
+    volumes:
+      - ${acme_vol_name}:/opt/traefik/acme
+    image: rawmind/alpine-volume:0.0.2-1
+  {{- end}}
+{{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+volumes:
+  {{- if eq .Values.rancher_integration "external"}}
+  tools-volume:
+    driver: local
+    per_container: true
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+  ${acme_vol_name}:
+    driver: ${acme_vol_driver}
+  {{- end}}
+{{- end}}
diff --git a/templates/traefik/12/rancher-compose.yml b/templates/traefik/12/rancher-compose.yml
new file mode 100644
index 0000000..a138cbf
--- /dev/null
+++ b/templates/traefik/12/rancher-compose.yml
@@ -0,0 +1,208 @@
+version: '2'
+catalog:
+  name: traefik
+  version: v1.4.2-rancher1
+  description: |
+    Traefik load balancer.
+  minimum_rancher_version: v0.59.0
+  maintainer: "Raul Sanchez <rawmind@gmail.com>"
+  uuid: traefik-0
+  questions:
+    - variable: "rancher_integration"
+      label: "Choose rancher integration:"
+      description: |
+        Enable rancher integration mode. Traefik built in integration, metadata or api, or external sidekick integration with confd.
+      default: metadata
+      required: true
+      type: enum
+      options:
+        - metadata
+        - api
+        - external
+    - variable: "host_label"
+      description: "Host label where to run traefik service."
+      label: "Host label:"
+      required: true
+      default: "traefik_lb=true" 
+      type: "string"
+    - variable: "http_port"
+      description: "Traefik http public port to listen."
+      label: "Http port:"
+      required: true
+      default: 8080
+      type: "int"
+    - variable: "https_port"
+      description: "Traefik https public port to listen."
+      label: "Https port:"
+      required: true
+      default: 8443
+      type: "int"
+    - variable: "admin_port"
+      description: "Traefik admin public port to listen."
+      label: "Admin port:"
+      required: true
+      default: 8000 
+      type: "int"
+    - variable: "https_enable"
+      label: "Https enable:"
+      description: |
+        Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work.
+      default: false
+      required: true
+      type: enum
+      options:
+        - false
+        - true
+        - only
+    - variable: "acme_enable"
+      description: "Enable acme support on traefik."
+      label: "ACME enable:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "acme_email"
+      description: "ACME user email."
+      label: "ACME email:"
+      required: true
+      default: "test@traefik.io" 
+      type: "string"
+    - variable: "acme_ondemand"
+      description: "Enable acme ondemand."
+      label: "ACME ondemand:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "acme_onhostrule"
+      description: "Enable acme onHostRule."
+      label: "ACME onHostRule:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "acme_caserver"
+      description: "ACME caServer to use."
+      label: "ACME caServer:"
+      required: true
+      default: "https://acme-v01.api.letsencrypt.org/directory"
+      type: "string"
+    - variable: "acme_vol_name"
+      description: "The volume name shared to store ACME certs"
+      label: "ACME Volume Name"
+      required: true
+      default: "traefik_acme_vol"
+      type: "string"
+    - variable: "acme_vol_driver"
+      description: "The volume driver shared to store ACME certs"
+      label: "ACME Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+    - variable: "ssl_key"
+      description: "SSL key to secure the service. *Required if you enable https"
+      label: "Https key"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "ssl_crt"
+      description: "SSL cert to secure the service. *Required if you enable https"
+      label: "Https crt"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "insecure_skip"
+      description: "Enable InsecureSkipVerify param."
+      label: "InsecureSkipVerify:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "compress_enable"
+      label: "Enable compression:"
+      description: |
+        Enable Traefik compression for entrypoints.
+      default: true
+      required: true
+      type: "boolean"
+    - variable: "refresh_interval"
+      description: "Interval to poll/apply configuration changes." 
+      label: "Refresh Interval (s):"
+      required: true
+      default: 10 
+      type: "int"
+    - variable: "admin_readonly"
+      label: "Admin readonly:"
+      description: |
+        Set admin to readonly mode.
+      default: false
+      required: true
+      type: "boolean"
+    - variable: "admin_statistics"
+      description: "Enable more detailed statistics."
+      label: "Admin statistics history:"
+      required: true
+      default: 10
+      type: "int"
+    - variable: "admin_auth_method"
+      description: "Admin auth method on the webui."
+      label: "Admin auth method:"
+      required: true
+      default: "basic"
+      type: enum
+      options: # List of options if using type of `enum`
+        - basic
+        - digest
+    - variable: "admin_users"
+      description: "Admin auth user list on the webui. Generate with htpassword for basic or htdigest with traefik realm for digest."
+      label: "Admin users:"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "prometheus_enable"
+      description: "To enable statistics to be pulled by Prometheus."
+      label: "Prometheus enable"
+      default: false
+      required: true
+      type: "boolean"
+    - variable: "prometheus_buckets"
+      description: "To define your own buckets"
+      label: "Prometheus buckets"
+      default: "[0.1,0.3,1.2,5.0]"
+      required: true
+      type: "string"
+    - variable: "cattle_url"
+      description: "API cattle url"
+      label: "Cattle URL"
+      default: ""
+      required: false
+      type: "string"
+    - variable: "cattle_access_key"
+      description: "API environment access key"
+      label: "Cattle access key"
+      default: ""
+      required: false
+      type: "string"
+    - variable: "cattle_secret_key"
+      description: "API environment secret key"
+      label: "Cattle secret key"
+      default: ""
+      required: false
+      type: "string"
+services:
+  traefik:
+    retain_ip: true
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 5000
+      port: 8000
+      unhealthy_threshold: 3
+      interval: 5000
+      strategy: recreate
+    metadata:
+      traefik:
+        ssl_key: |
+          ${ssl_key}
+        ssl_crt: |
+          ${ssl_crt}
diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml
index 5d533dd..2392a3f 100644
--- a/templates/traefik/config.yml
+++ b/templates/traefik/config.yml
@@ -1,7 +1,7 @@
 name: Traefik
 description: |
   Traefik active load balancer
-version: v1.4.0-rancher1
+version: v1.4.2-rancher1
 category: Load Balancing
 maintainer: "Raul Sanchez <rawmind@gmail.com>"
 minimum_rancher_version: v0.59.0
diff --git a/templates/zookeeper/4/README.md b/templates/zookeeper/4/README.md
new file mode 100644
index 0000000..f545ed6
--- /dev/null
+++ b/templates/zookeeper/4/README.md
@@ -0,0 +1,27 @@
+# Apache Zookeeper 
+
+### Info:
+
+ This template creates, scale in and scale out a multinodes zk (zookeeper) cluster on top of Rancher. The configuration is generated with confd from Rancher metadata. 
+ Cluster size are variable after deployment, and get reconfigured if refresh interval > 0.
+ 
+ 
+### Usage:
+
+ Select Apache Zookeeper from catalog. 
+ 
+ Enter the number of nodes, mem and refresh interval for the zk cluster. (set refresh data to 0 to disable dinamic config)
+
+ Change the following zookeeper default parameters, if you need:
+
+- ZK_DATA_DIR="/opt/zk/data"
+- ZK_INIT_LIMIT="10"
+- ZK_MAX_CLIENT_CXNS="500"
+- ZK_SYNC_LIMIT="5"
+- ZK_TICK_TIME="2000"
+ 
+ Click deploy.
+ 
+ Zookeeper can now be accessed over the Rancher network. 
+
+ Note: When you scale the cluster, zero downtime is expected...
diff --git a/templates/zookeeper/4/docker-compose.yml.tpl b/templates/zookeeper/4/docker-compose.yml.tpl
new file mode 100644
index 0000000..eff9f0b
--- /dev/null
+++ b/templates/zookeeper/4/docker-compose.yml.tpl
@@ -0,0 +1,56 @@
+version: '2'
+services:
+  zk:
+    tty: true
+    image: rawmind/alpine-zk:3.4.10-0
+    volumes_from:
+      - zk-volume
+      - zk-conf
+    environment:
+      - JVMFLAGS=-Xmx${zk_mem}m -Xms${zk_mem}m
+      - CONFD_INTERVAL=${zk_interval}
+      - ZK_DATA_DIR=${zk_data_dir}
+      - ZK_INIT_LIMIT=${zk_init_limit}
+      - ZK_MAX_CLIENT_CXNS=${zk_max_client_cxns}
+      - ZK_SYNC_LIMIT=${zk_sync_limit}
+      - ZK_TICK_TIME=${zk_tick_time}
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+{{- if ne .Values.host_label ""}}
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+{{- end}}
+      io.rancher.sidekicks: zk-volume, zk-conf
+  zk-conf:
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+{{- if ne .Values.host_label ""}}
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+{{- end}}
+      io.rancher.container.start_once: true
+    image: rawmind/rancher-zk:3.4.9
+    volumes:
+      - zkconfig:/opt/tools
+  zk-volume:
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+{{- if ne .Values.host_label ""}}
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+{{- end}}
+      io.rancher.container.start_once: true
+    environment:
+      - SERVICE_UID=10002
+      - SERVICE_GID=10002
+      - SERVICE_VOLUME=${zk_data_dir}
+    volumes:
+      - zkdata:${zk_data_dir}
+    image: rawmind/alpine-volume:0.0.2-1
+volumes:
+  zkconfig:
+    driver: ${VOLUME_DRIVER}
+    per_container: true
+  zkdata:
+    driver: ${VOLUME_DRIVER}
+    per_container: true
diff --git a/templates/zookeeper/4/rancher-compose.yml b/templates/zookeeper/4/rancher-compose.yml
new file mode 100644
index 0000000..6a7fc4b
--- /dev/null
+++ b/templates/zookeeper/4/rancher-compose.yml
@@ -0,0 +1,88 @@
+version: '2'
+catalog:
+  name: Zookeeper
+  version: 3.4.10-rancher1
+  description: |
+    (Experimental) Apache Zookeeper cluster.
+  minimum_rancher_version: v0.59.0
+  maintainer: "Raul Sanchez <rawmind@gmail.com>"
+  uuid: zk-0
+  questions:
+    - variable: "zk_scale"
+      description: "Number of zk nodes. Note: Recommended an odd number"
+      label: "Zk Nodes:"
+      required: true
+      default: 3
+      type: "int"
+    - variable: "zk_mem"
+      description: "Amount of memory to config zk."
+      label: "Zk Memory (mb):"
+      required: true
+      default: 512
+      type: "int"
+    - variable: "zk_init_limit"
+      description: "Time to allow followers to connect and sync with leader"
+      label: "Zk init limit (ticks):"
+      required: true
+      default: 10
+      type: "int"
+    - variable: "zk_data_dir"
+      description: "Directory where zookeeper store data"
+      label: "Zk data dir:"
+      required: true
+      default: "/opt/zk/data"
+      type: "string"
+    - variable: "zk_max_client_cxns"
+      description: "Max client concurrent connections"
+      label: "Zk max client cxns:"
+      required: true
+      default: 500
+      type: "int"
+    - variable: "zk_sync_limit"
+      description: "Time to allow followers to sync with leader"
+      label: "Zk sync limit (ticks):"
+      required: true
+      default: 5
+      type: "int"
+    - variable: "zk_tick_time"
+      description: "Tick time length"
+      label: "Zk tick time (ms):"
+      required: true
+      default: 2000
+      type: "int"
+    - variable: "zk_interval"
+      description: "Interval to poll/apply configuration changes. 0 to disable, reconfiguration will be done when you restart zk nodes"
+      label: "Zk Interval (s):"
+      required: true
+      default: 60
+      type: "int"
+    - variable: host_label
+      label: "Host with Label to put zookeeper on"
+      description: |
+        Host label to use as zookeeper 'value' tag.
+        Example: 'zookeeper=true'
+      required: false
+      default: ""
+      type: "string"
+    - variable: "VOLUME_DRIVER"
+      description: "The VOLUME driver to associate with this server"
+      label: "VOLUME Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+services:
+  zk:
+    scale: ${zk_scale}
+    retain_ip: true
+    health_check:
+      port: 2181
+      interval: 5000
+      unhealthy_threshold: 3
+      request_line: ''
+      healthy_threshold: 2
+      response_timeout: 5000
diff --git a/templates/zookeeper/config.yml b/templates/zookeeper/config.yml
index d6b7d77..939b260 100644
--- a/templates/zookeeper/config.yml
+++ b/templates/zookeeper/config.yml
@@ -1,7 +1,7 @@
 name: Apache Zookeeper
 description: |
-  (Experimental) Zookeeper cluster
-version: 3.4.9-rancher2
+  Zookeeper cluster
+version: 3.4.10-rancher1
 category: Clustering
 maintainer: "Raul Sanchez <rawmind@gmail.com>"
 projectURL: https://github.com/rawmind0/alpine-zk

From 1987c6797257fddba93cd6312d0a6a8a5a2cd6b7 Mon Sep 17 00:00:00 2001
From: Gary Duan <gduan@neuvector.com>
Date: Mon, 13 Nov 2017 18:18:15 -0800
Subject: [PATCH 32/71] Update NeuVector image tag from 1.2 to 1.3

---
 templates/neuvector/0/docker-compose.yml  | 4 ++--
 templates/neuvector/0/rancher-compose.yml | 4 ++--
 templates/neuvector/config.yml            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/neuvector/0/docker-compose.yml b/templates/neuvector/0/docker-compose.yml
index bee18e6..0f853cc 100644
--- a/templates/neuvector/0/docker-compose.yml
+++ b/templates/neuvector/0/docker-compose.yml
@@ -1,5 +1,5 @@
 allinone:
-    image: neuvector/allinone:rancher1.2
+    image: neuvector/allinone:rancher1.3
     container_name: neuvector.allinone
     restart: always
     privileged: true
@@ -18,7 +18,7 @@ allinone:
         io.rancher.scheduler.affinity:host_label: ${NV_ALLINONE_LABEL}
         io.rancher.container.hostname_override: container_name
 enforcer:
-    image: neuvector/enforcer:rancher1.2
+    image: neuvector/enforcer:rancher1.3
     container_name: neuvector.enforcer
     restart: always
     privileged: true
diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml
index 336660d..2f3aad9 100644
--- a/templates/neuvector/0/rancher-compose.yml
+++ b/templates/neuvector/0/rancher-compose.yml
@@ -1,7 +1,7 @@
 .catalog:
   name: "NeuVector"
-  version: "rancher1.2"
-  description: "Container Security Solution"
+  version: "rancher1.3"
+  description: "Cloud Native Container Firewall"
   questions:
     - variable: "NV_ALLINONE_LABEL"
       label: "Allinone Host label"
diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml
index a3bcc64..7b22dd3 100644
--- a/templates/neuvector/config.yml
+++ b/templates/neuvector/config.yml
@@ -1,6 +1,6 @@
 name: NeuVector
 description: |
   Container Security Solution
-version: rancher1.2
+version: rancher1.3
 category: Security
 maintainer: neuvector support <support@neuvector.com>

From c267fbbd46552ce9bfa85bfc85252d80ce965248 Mon Sep 17 00:00:00 2001
From: root <root@vmhost01>
Date: Tue, 14 Nov 2017 09:41:27 +0000
Subject: [PATCH 33/71] update for the description & option checker

---
 templates/zinst/1/README.md              | 56 ++++++++++++++++++++++++
 templates/zinst/1/docker-compose.yml.tpl | 13 ++++++
 templates/zinst/1/rancher-compose.yml    | 54 +++++++++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 templates/zinst/1/README.md
 create mode 100644 templates/zinst/1/docker-compose.yml.tpl
 create mode 100644 templates/zinst/1/rancher-compose.yml

diff --git a/templates/zinst/1/README.md b/templates/zinst/1/README.md
new file mode 100644
index 0000000..7d45b94
--- /dev/null
+++ b/templates/zinst/1/README.md
@@ -0,0 +1,56 @@
+
+# Zinst
+## Install
+1. How to install the zinst client
+```
+curl -sL bit.ly/online-install  |bash
+zinst self-config ip=[IP address of the zinst-repository] host=[Hostname of zinst-repository]:[http_port]
+```
+
+2. check the server alive
+```
+zinst find
+```
+
+3. You can clone and copy the open-source zinst packages from the Github to the Volume dircetory as below.
+ * https://github.com/goody80/Zinst_packages
+
+
+## What is the Zinst ?
+### zinst?
+* Package install manager. It very similar that concept of yinst command in Yahoo!
+
+### Summary
+* For the centralized package manage & distributed systems
+  * Centralized control:
+    * Install the Package to the destination server 
+      * *ex) zinst install apache_server-1.0.1.zinst apache_conf-1.0.1.zinst -h web0[1-7,9]* 
+    * list-up the package in each server 
+      * *ex) zinst ls*
+    * list-up the file of package in each server 
+      * *ex) zinst ls -files apache_server*
+    * Easy find out the installed package-name of a some distributed file 
+      * *ex) zinst ls -files /data/z/httpd/conf/include/_temp.conf*
+    * Can tracking the release history with who could controlled
+      * *ex) zinst history*
+    * Easy can change the configuration setup 
+      * *ex) zinst set apache_conf.maxclient=64*
+      * Then you can see the configuration has been changed on the Apache server for example.
+    * Package remove
+    * Send a command to the distributed systems
+      * *ex) zinst ssh "whoami" -h web[0-1][0-9], web20*
+    * Can makes a list of multiple host for the target control
+      * *ex) zinst ssh "whoami" -H ./hostlist.txt* 
+    * One package, can makes a differnt output
+      * *ex) zinst install apache_server -set apache_server.maxclient=32 -h web01 web02*
+      *     *zinst install apache_server -set apache_server.maxclient=64 -h news01 news02*
+    * Daemon controll
+      * *ex) zinst start httpd*
+      * Then we can recognize that who managed the daemon in the server as a history
+    * Easy to find out the package has been released to somewhere
+      * *ex) zinst track hwconfig-1.
+    * Supported a package restore & roll-back as a save file
+      * *ex) zinst restore -file /data/z/save/zinst-save.56*
+    * Without difficult language and environment. Due to it made by Bash only
+
+
diff --git a/templates/zinst/1/docker-compose.yml.tpl b/templates/zinst/1/docker-compose.yml.tpl
new file mode 100644
index 0000000..bc1ba71
--- /dev/null
+++ b/templates/zinst/1/docker-compose.yml.tpl
@@ -0,0 +1,13 @@
+version: '2'
+services:
+  zinst-repository:
+    image: zinst/zinst_repository:0.5
+    volumes:
+    - zinst-data:/data/dist
+  zinst-lb:
+    image: rancher/lb-service-haproxy:v0.7.6
+    ports:
+    - ${http_port}:${http_port}/tcp
+volumes:
+  zinst-data:
+    driver: ${volume_driver}
diff --git a/templates/zinst/1/rancher-compose.yml b/templates/zinst/1/rancher-compose.yml
new file mode 100644
index 0000000..691a01c
--- /dev/null
+++ b/templates/zinst/1/rancher-compose.yml
@@ -0,0 +1,54 @@
+version: '2'
+catalog:
+  name: "zinst-repository"
+  version: "7.0.5"
+  description: "Infra as a code by your own packages. http://zinst.me"
+  uuid: zinstrepo-0
+  minimum_rancher_version: v1.5.5
+  questions:    
+    - variable: http_port
+      description: "http port to access the zinst repository"
+      label: "Public Port"
+      required: true
+      default: "8080"
+      type: "int"
+    - variable: "volume_driver"
+      description: "Volume driver to associate with this service"
+      label: "Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+services:
+  zinst-repository:
+    retain_ip: true
+    scale: 1
+    start_on_create: true
+    health_check:
+      port: 80
+      interval: 5000
+      unhealthy_threshold: 3
+      request_line: ''
+      healthy_threshold: 2
+      response_timeout: 5000
+  zinst-lb:
+    scale: 1
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: zinst-repository
+        source_port: ${http_port}
+        target_port: 80
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 42
+      unhealthy_threshold: 3
+      interval: 2000

From d41e3b5e47e514cf1a19038973bd0af8d4295649 Mon Sep 17 00:00:00 2001
From: root <root@vmhost01>
Date: Tue, 14 Nov 2017 09:45:39 +0000
Subject: [PATCH 34/71] update for the description & option checker

---
 templates/zinst/1/README.md              | 56 ++++++++++++++++++++++++
 templates/zinst/1/docker-compose.yml.tpl | 13 ++++++
 templates/zinst/1/rancher-compose.yml    | 54 +++++++++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 templates/zinst/1/README.md
 create mode 100644 templates/zinst/1/docker-compose.yml.tpl
 create mode 100644 templates/zinst/1/rancher-compose.yml

diff --git a/templates/zinst/1/README.md b/templates/zinst/1/README.md
new file mode 100644
index 0000000..7d45b94
--- /dev/null
+++ b/templates/zinst/1/README.md
@@ -0,0 +1,56 @@
+
+# Zinst
+## Install
+1. How to install the zinst client
+```
+curl -sL bit.ly/online-install  |bash
+zinst self-config ip=[IP address of the zinst-repository] host=[Hostname of zinst-repository]:[http_port]
+```
+
+2. check the server alive
+```
+zinst find
+```
+
+3. You can clone and copy the open-source zinst packages from the Github to the Volume dircetory as below.
+ * https://github.com/goody80/Zinst_packages
+
+
+## What is the Zinst ?
+### zinst?
+* Package install manager. It very similar that concept of yinst command in Yahoo!
+
+### Summary
+* For the centralized package manage & distributed systems
+  * Centralized control:
+    * Install the Package to the destination server 
+      * *ex) zinst install apache_server-1.0.1.zinst apache_conf-1.0.1.zinst -h web0[1-7,9]* 
+    * list-up the package in each server 
+      * *ex) zinst ls*
+    * list-up the file of package in each server 
+      * *ex) zinst ls -files apache_server*
+    * Easy find out the installed package-name of a some distributed file 
+      * *ex) zinst ls -files /data/z/httpd/conf/include/_temp.conf*
+    * Can tracking the release history with who could controlled
+      * *ex) zinst history*
+    * Easy can change the configuration setup 
+      * *ex) zinst set apache_conf.maxclient=64*
+      * Then you can see the configuration has been changed on the Apache server for example.
+    * Package remove
+    * Send a command to the distributed systems
+      * *ex) zinst ssh "whoami" -h web[0-1][0-9], web20*
+    * Can makes a list of multiple host for the target control
+      * *ex) zinst ssh "whoami" -H ./hostlist.txt* 
+    * One package, can makes a differnt output
+      * *ex) zinst install apache_server -set apache_server.maxclient=32 -h web01 web02*
+      *     *zinst install apache_server -set apache_server.maxclient=64 -h news01 news02*
+    * Daemon controll
+      * *ex) zinst start httpd*
+      * Then we can recognize that who managed the daemon in the server as a history
+    * Easy to find out the package has been released to somewhere
+      * *ex) zinst track hwconfig-1.
+    * Supported a package restore & roll-back as a save file
+      * *ex) zinst restore -file /data/z/save/zinst-save.56*
+    * Without difficult language and environment. Due to it made by Bash only
+
+
diff --git a/templates/zinst/1/docker-compose.yml.tpl b/templates/zinst/1/docker-compose.yml.tpl
new file mode 100644
index 0000000..bc1ba71
--- /dev/null
+++ b/templates/zinst/1/docker-compose.yml.tpl
@@ -0,0 +1,13 @@
+version: '2'
+services:
+  zinst-repository:
+    image: zinst/zinst_repository:0.5
+    volumes:
+    - zinst-data:/data/dist
+  zinst-lb:
+    image: rancher/lb-service-haproxy:v0.7.6
+    ports:
+    - ${http_port}:${http_port}/tcp
+volumes:
+  zinst-data:
+    driver: ${volume_driver}
diff --git a/templates/zinst/1/rancher-compose.yml b/templates/zinst/1/rancher-compose.yml
new file mode 100644
index 0000000..691a01c
--- /dev/null
+++ b/templates/zinst/1/rancher-compose.yml
@@ -0,0 +1,54 @@
+version: '2'
+catalog:
+  name: "zinst-repository"
+  version: "7.0.5"
+  description: "Infra as a code by your own packages. http://zinst.me"
+  uuid: zinstrepo-0
+  minimum_rancher_version: v1.5.5
+  questions:    
+    - variable: http_port
+      description: "http port to access the zinst repository"
+      label: "Public Port"
+      required: true
+      default: "8080"
+      type: "int"
+    - variable: "volume_driver"
+      description: "Volume driver to associate with this service"
+      label: "Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+services:
+  zinst-repository:
+    retain_ip: true
+    scale: 1
+    start_on_create: true
+    health_check:
+      port: 80
+      interval: 5000
+      unhealthy_threshold: 3
+      request_line: ''
+      healthy_threshold: 2
+      response_timeout: 5000
+  zinst-lb:
+    scale: 1
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: zinst-repository
+        source_port: ${http_port}
+        target_port: 80
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 42
+      unhealthy_threshold: 3
+      interval: 2000

From af163cf3d7062eb597b9e3a33b0e3e4843029b2a Mon Sep 17 00:00:00 2001
From: Ralf Yang <goody80762@gmail.com>
Date: Tue, 14 Nov 2017 18:47:21 +0900
Subject: [PATCH 35/71] Update docker-compose.yml.tpl

---
 templates/zinst/1/docker-compose.yml.tpl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/zinst/1/docker-compose.yml.tpl b/templates/zinst/1/docker-compose.yml.tpl
index bc1ba71..2e01f7c 100644
--- a/templates/zinst/1/docker-compose.yml.tpl
+++ b/templates/zinst/1/docker-compose.yml.tpl
@@ -11,3 +11,5 @@ services:
 volumes:
   zinst-data:
     driver: ${volume_driver}
+    
+    

From 657a8c06c247bf3fa63f2a6ab961b235fa172b86 Mon Sep 17 00:00:00 2001
From: Raul Sanchez <rawmind@gmail.com>
Date: Sat, 18 Nov 2017 12:19:19 +0100
Subject: [PATCH 36/71] Updated traefik package to v1.4.3

---
 templates/traefik/12/docker-compose.yml.tpl | 2 +-
 templates/traefik/12/rancher-compose.yml    | 2 +-
 templates/traefik/config.yml                | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/traefik/12/docker-compose.yml.tpl b/templates/traefik/12/docker-compose.yml.tpl
index a301454..dba840c 100644
--- a/templates/traefik/12/docker-compose.yml.tpl
+++ b/templates/traefik/12/docker-compose.yml.tpl
@@ -21,7 +21,7 @@ services:
         {{- end -}}
     {{- end}}
       io.rancher.container.hostname_override: container_name
-    image: rawmind/alpine-traefik:1.4.2-0
+    image: rawmind/alpine-traefik:1.4.3-0
     environment:
     - TRAEFIK_HTTP_PORT=${http_port}
     - TRAEFIK_HTTP_COMPRESSION=${compress_enable}
diff --git a/templates/traefik/12/rancher-compose.yml b/templates/traefik/12/rancher-compose.yml
index a138cbf..92c69c5 100644
--- a/templates/traefik/12/rancher-compose.yml
+++ b/templates/traefik/12/rancher-compose.yml
@@ -1,7 +1,7 @@
 version: '2'
 catalog:
   name: traefik
-  version: v1.4.2-rancher1
+  version: v1.4.3-rancher1
   description: |
     Traefik load balancer.
   minimum_rancher_version: v0.59.0
diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml
index 2392a3f..de632db 100644
--- a/templates/traefik/config.yml
+++ b/templates/traefik/config.yml
@@ -1,7 +1,7 @@
 name: Traefik
 description: |
   Traefik active load balancer
-version: v1.4.2-rancher1
+version: v1.4.3-rancher1
 category: Load Balancing
 maintainer: "Raul Sanchez <rawmind@gmail.com>"
 minimum_rancher_version: v0.59.0

From bdee66ca7453769b9097e659119163c5971ed01a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81d=C3=A1m=20Z=2E=20K=C3=B6v=C3=A9r?=
 <adamzkover@gmail.com>
Date: Tue, 21 Nov 2017 22:02:09 +0100
Subject: [PATCH 37/71] Upgrade SonarQube to version 6.7

---
 templates/sonarqube/2/README.md              | 19 +++++
 templates/sonarqube/2/docker-compose.yml.tpl | 67 ++++++++++++++++
 templates/sonarqube/2/rancher-compose.yml    | 84 ++++++++++++++++++++
 templates/sonarqube/config.yml               |  2 +-
 4 files changed, 171 insertions(+), 1 deletion(-)
 create mode 100644 templates/sonarqube/2/README.md
 create mode 100644 templates/sonarqube/2/docker-compose.yml.tpl
 create mode 100644 templates/sonarqube/2/rancher-compose.yml

diff --git a/templates/sonarqube/2/README.md b/templates/sonarqube/2/README.md
new file mode 100644
index 0000000..b95a44c
--- /dev/null
+++ b/templates/sonarqube/2/README.md
@@ -0,0 +1,19 @@
+## What is inside SonarQube Stack?
+* [SonarQube Server](http://www.sonarqube.org/) + Sidekick for storing plugins
+* Postgres Database + Sidekick for storing data
+
+## Info
+* In default SonarQube package will install alpine docker version and will create "sonar" postgres database, user and password. 
+* SonarQube service is exposed by a loadbalancer.
+* Optional, you could install non alpine version. Use it if your software needs glibc.
+* Optional, you could use an external postgres database link.
+* Once SonarQube will start, make sure you setup correct information in setup page.
+* For easy upgrades there are sidekicks for postgres data with dedicated storage. 
+
+## Installing Plugins Manually
+* Go to [Plugin Library](http://docs.sonarqube.org/display/PLUG/Plugin+Library) and find your favourite plugins
+* Execute `docker exec -it [sonarqube-data bash]`, go to /opt/sonarqube/extensions/plugins and put your plugins here
+* Restart SonarQube container.
+
+## First Start
+* Use admin/admin to login to the SonarQube interface.
\ No newline at end of file
diff --git a/templates/sonarqube/2/docker-compose.yml.tpl b/templates/sonarqube/2/docker-compose.yml.tpl
new file mode 100644
index 0000000..8fcb41b
--- /dev/null
+++ b/templates/sonarqube/2/docker-compose.yml.tpl
@@ -0,0 +1,67 @@
+version: '2'
+services:
+  sonarqube-lb:
+    image: rancher/lb-service-haproxy:v0.7.6
+    ports:
+      - ${http_port}:${http_port}
+  sonarqube-storage:
+    network_mode: none
+    labels:
+      io.rancher.container.hostname_override: container_name
+      io.rancher.container.start_once: true
+    environment:
+      - SERVICE_UID=0
+      - SERVICE_GID=0
+      - SERVICE_VOLUME=/opt/sonarqube/extensions/plugins
+    volumes:
+      - sonarqube-plugin:/opt/sonarqube/extensions/plugins
+    image: rawmind/alpine-volume:0.0.2-1
+  sonarqube:
+    labels:
+      io.rancher.container.hostname_override: container_name
+      io.rancher.sidekicks: sonarqube-storage
+    image: sonarqube:${docker_version}
+    environment:
+      SONARQUBE_WEB_JVM_OPTS: ${jvm_opts}
+      SONARQUBE_JDBC_USERNAME: ${postgres_user}
+      SONARQUBE_JDBC_PASSWORD: ${postgres_password}
+      SONARQUBE_JDBC_URL: jdbc:postgresql://db:${postgres_port}/${postgres_db}
+    volumes_from:
+      - sonarqube-storage
+{{- if ne .Values.postgres_link ""}}
+    external_links:
+      - ${postgres_link}:db
+{{- else}}
+    links:
+      - db:db
+  db:
+    labels:
+      io.rancher.container.hostname_override: container_name
+      io.rancher.sidekicks: db-storage
+    image: postgres:9.6.3-alpine
+    environment:
+      POSTGRES_USER:  ${postgres_user}
+      POSTGRES_PASSWORD:  ${postgres_password}
+      POSTGRES_DB:  ${postgres_db}
+    volumes_from:
+      - db-storage
+  db-storage:
+    network_mode: none
+    labels:
+      io.rancher.container.hostname_override: container_name
+      io.rancher.container.start_once: true
+    environment:
+      - SERVICE_UID=0
+      - SERVICE_GID=0
+      - SERVICE_VOLUME=/var/lib/postgresql
+    volumes:
+      - db-data:/var/lib/postgresql
+    image: rawmind/alpine-volume:0.0.2-1
+{{- end}}
+volumes:
+  sonarqube-plugin:
+    driver: local
+{{- if eq .Values.postgres_link ""}}
+  db-data:
+    driver: local
+{{- end}}
diff --git a/templates/sonarqube/2/rancher-compose.yml b/templates/sonarqube/2/rancher-compose.yml
new file mode 100644
index 0000000..4d4454c
--- /dev/null
+++ b/templates/sonarqube/2/rancher-compose.yml
@@ -0,0 +1,84 @@
+version: '2'
+catalog:
+  name: "SonarQube"
+  version: "v6.7"
+  description: "SonarQube"
+  uuid: sonarqube-0
+  minimum_rancher_version: v0.51.0
+  questions:
+    - variable: docker_version
+      description: "SonarQube docker version"
+      label: "SonarQube docker version"
+      required: true
+      default: "6.7-alpine"
+      type: "enum"
+      options:
+        - 6.7-alpine
+        - 6.7
+    - variable: http_port
+      description: "SonarQube http port"
+      label: "SonarQube http Port"
+      required: true
+      default: "9000"
+      type: "int"
+    - variable: jvm_opts
+      description: "SonarQube web jvm options"
+      label: "SonarQube web jvm options"
+      required: false
+      default: ""
+      type: "string"
+    - variable: postgres_port
+      description: "Postgres Port"
+      label: "Postgres Port"
+      required: true
+      default: "5432"
+      type: "int"
+    - variable: postgres_db
+      description: "Postgres Database Name"
+      label: "Postgres Database"
+      required: true
+      default: "sonar"
+      type: "string"
+    - variable: postgres_user
+      description: "Postgres User"
+      label: "Postgres User"
+      required: true
+      default: "sonar"
+      type: "string"
+    - variable: postgres_password
+      description: "Postgres Password"
+      label: "Postgres Password"
+      required: true
+      default: "sonar"
+      type: "password"
+    - variable: "postgres_link"
+      description: |
+        Optional external postgres service to use. 
+      label: "Postgres stack/service"
+      default: ""
+      required: false
+      type: "service"
+services:
+  sonarqube-lb:
+    scale: 1
+    lb_config:
+      port_rules:
+      - protocol: http
+        service: sonarqube
+        source_port: ${http_port}
+        target_port: 9000
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 42
+      unhealthy_threshold: 3
+  sonarqube:
+    scale: 1
+    retain_ip: true
+    health_check:
+      port: 9000
+      interval: 5000
+      unhealthy_threshold: 3
+      request_line: 'GET / HTTP/1.0'
+      healthy_threshold: 2
+      response_timeout: 5000
diff --git a/templates/sonarqube/config.yml b/templates/sonarqube/config.yml
index 13373da..c6bcb39 100644
--- a/templates/sonarqube/config.yml
+++ b/templates/sonarqube/config.yml
@@ -1,5 +1,5 @@
 name: SonarQube
 description: |
   SonarQube - an open source quality management platform.
-version: v6.5
+version: v6.7
 category: Test Automation

From 5bfab01632eef2bc2eba443826cb79275b2b1457 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Wed, 22 Nov 2017 20:21:38 +0100
Subject: [PATCH 38/71] added gitea

---
 templates/gitea/0/docker-compose.yml.tpl |  35 +++++
 templates/gitea/0/rancher-compose.yml    |  94 +++++++++++++
 templates/gitea/catalogIcon-gitea.svg    | 160 +++++++++++++++++++++++
 templates/gitea/config.yml               |   5 +
 4 files changed, 294 insertions(+)
 create mode 100644 templates/gitea/0/docker-compose.yml.tpl
 create mode 100644 templates/gitea/0/rancher-compose.yml
 create mode 100644 templates/gitea/catalogIcon-gitea.svg
 create mode 100644 templates/gitea/config.yml

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
new file mode 100644
index 0000000..0355a18
--- /dev/null
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -0,0 +1,35 @@
+version: '2'
+services:
+  gitea:
+    image: gitea/gitea:1.3
+    volumes:
+      - gitea-data:/data
+{{- if ne .Values.db_link ""}}
+    external_links:
+      - ${db_link}:db
+{{- else}}
+    links:
+      - db:db
+  db:
+    image: mysql:5.5
+    environment:
+      MYSQL_ROOT_PASSWORD: ${mysql_password}
+      MYSQL_USER: ${mysql_user}
+      MYSQL_PASSWORD: ${mysql_password}
+      MYSQL_DATABASE: ${mysql_db}
+    volumes:
+      - gitea-db:/var/lib/mysql
+{{- end}}
+  lb:
+    image: rancher/lb-service-haproxy:v0.6.4
+    ports:
+    - ${http_port}:${http_port}/tcp
+    - ${ssh_port}:${ssh_port}/tcp
+volumes:
+  gitea-data:
+    driver: ${volume_driver}
+{{- if eq .Values.db_link ""}}
+  gitea-db:
+    driver: ${volume_driver}
+{{- end}}
+
diff --git a/templates/gitea/0/rancher-compose.yml b/templates/gitea/0/rancher-compose.yml
new file mode 100644
index 0000000..8b1c006
--- /dev/null
+++ b/templates/gitea/0/rancher-compose.yml
@@ -0,0 +1,94 @@
+version: '2'
+catalog:
+  name: "Gitea"
+  version: "v0.11.19"
+  description: "A painless self-hosted Git service"
+  uuid: gitea-0
+  minimum_rancher_version: v0.51.0
+  questions:
+    - variable: http_port
+      description: "http port to access Gitea's webui"
+      label: "Http Port"
+      required: true
+      default: "8080" 
+      type: "int"
+    - variable: ssh_port
+      description: "ssh port to clone repositories via ssh"
+      label: "SSH Port"
+      required: true
+      default: "2222"
+      type: "int"
+    - variable: "volume_driver"
+      description: "Volume driver to associate with this service"
+      label: "Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+    - variable: "db_link"
+      description: |
+        DB external service link cluster.
+      label: "External db service"
+      default: ""
+      required: false
+      type: "service"
+    - variable: mysql_db
+      description: "mysql db"
+      label: "Mysql db"
+      required: true
+      default: "gitea"
+      type: "string"
+    - variable: mysql_user
+      description: "mysql user"
+      label: "Mysql User"
+      required: true
+      default: "gitea"
+      type: "string"
+    - variable: mysql_password
+      description: "mysql root password"
+      label: "Mysql Password"
+      required: true
+      default: "default_pass"
+      type: "password"
+services:
+  gitea:
+    scale: 1
+    retain_ip: true
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 3000
+      unhealthy_threshold: 3
+      initializing_timeout: 300000
+      interval: 2000
+      strategy: recreate
+      request_line: GET "/" "HTTP/1.0"
+      reinitializing_timeout: 120000
+  lb:
+    scale: 1
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: gitea
+        source_port: ${http_port}
+        target_port: 3000
+      - priority: 2
+        protocol: tcp
+        service: gitea
+        source_port: ${ssh_port}
+        target_port: 22
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 42
+      unhealthy_threshold: 3
+      initializing_timeout: 60000
+      interval: 2000
+      reinitializing_timeout: 60000
diff --git a/templates/gitea/catalogIcon-gitea.svg b/templates/gitea/catalogIcon-gitea.svg
new file mode 100644
index 0000000..ac1594a
--- /dev/null
+++ b/templates/gitea/catalogIcon-gitea.svg
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="512"
+   height="512"
+   viewBox="0 0 135.46667 135.46667"
+   version="1.1"
+   id="svg8"
+   sodipodi:docname="logo.svg"
+   inkscape:version="0.92.1 r15371"
+   inkscape:export-filename=""
+   inkscape:export-xdpi="48.000004"
+   inkscape:export-ydpi="48.000004">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.70710678"
+     inkscape:cx="418.13805"
+     inkscape:cy="177.57445"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer2"
+     showgrid="false"
+     units="px"
+     width="256px"
+     showguides="false"
+     inkscape:window-width="1920"
+     inkscape:window-height="1137"
+     inkscape:window-x="1912"
+     inkscape:window-y="-8"
+     inkscape:window-maximized="1"
+     inkscape:pagecheckerboard="false"
+     inkscape:measure-start="283.373,243.952"
+     inkscape:measure-end="290.267,236.527">
+    <sodipodi:guide
+       position="0,0"
+       orientation="0,512"
+       id="guide3699"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="135.46667,0"
+       orientation="-512,0"
+       id="guide3701"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="135.46667,135.46667"
+       orientation="0,-512"
+       id="guide3703"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="0,135.46667"
+       orientation="512,0"
+       id="guide3705"
+       inkscape:locked="false" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-161.53334)"
+     style="display:inline">
+    <path
+       style="fill:#609926;fill-opacity:1;stroke:#428f29;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:none"
+       d="m 27.709937,195.15095 c -9.546573,-0.0272 -22.3392732,6.79805 -21.6317552,23.90397 1.105534,26.72889 25.4565952,29.20839 35.1916502,29.42301 1.068023,5.01357 12.521798,22.30563 21.001818,23.21667 h 37.15277 c 22.27763,-1.66785 38.9607,-75.75671 26.59321,-76.03825 -46.781583,2.47691 -49.995146,2.13838 -88.599758,0 -2.495053,-0.0266 -5.972321,-0.49474 -9.707935,-0.5054 z m 2.491319,9.45886 c 1.351378,13.69267 3.555849,21.70359 8.018216,33.94345 -11.382872,-1.50473 -21.069822,-5.22443 -22.851515,-19.10984 -0.950962,-7.4112 2.390428,-15.16769 14.833299,-14.83361 z"
+       id="path3722"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="sscccccsccsc" />
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Layer 2"
+     style="display:inline">
+    <rect
+       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.24757317;stroke-opacity:1"
+       id="rect4599"
+       width="34.762054"
+       height="34.762054"
+       x="87.508659"
+       y="18.291576"
+       transform="rotate(25.914715)"
+       ry="5.4825778" />
+    <path
+       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.26644793px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 79.804947,57.359056 3.241146,1.609954 V 35.255731 h -3.262698 z"
+       id="path4525"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="ccccc" />
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer3"
+     inkscape:label="Layer 3"
+     style="display:inline">
+    <g
+       style="display:inline"
+       id="g4539">
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="90.077766"
+         cx="49.064713"
+         id="path4606"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="102.1049"
+         cx="36.810425"
+         id="path4606-3"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="111.43928"
+         cx="46.484283"
+         id="path4606-1"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <rect
+         transform="rotate(26.024158)"
+         y="18.061695"
+         x="97.333458"
+         height="27.261492"
+         width="2.6726954"
+         id="rect4629-8"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.27444693;stroke-opacity:1" />
+      <path
+         sodipodi:nodetypes="cc"
+         inkscape:connector-curvature="0"
+         id="path4514"
+         d="m 76.558096,68.116343 c 12.97589,6.395378 13.012989,4.101862 4.890858,20.907244"
+         style="fill:none;stroke:#609926;stroke-width:2.68000007;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    </g>
+  </g>
+</svg>
diff --git a/templates/gitea/config.yml b/templates/gitea/config.yml
new file mode 100644
index 0000000..fecfd1a
--- /dev/null
+++ b/templates/gitea/config.yml
@@ -0,0 +1,5 @@
+name: Gitea
+description: |
+    A painless self-hosted Git service
+version: v1.3
+category: Git

From f40c60d50284480a034ba2e152862645d944fd5d Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Wed, 22 Nov 2017 20:30:33 +0100
Subject: [PATCH 39/71] updated gitea config template

---
 templates/gitea/0/docker-compose.yml.tpl |  6 ++--
 templates/gitea/0/rancher-compose.yml    | 35 ++++++++----------------
 2 files changed, 13 insertions(+), 28 deletions(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index 0355a18..82b3d2b 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -11,12 +11,10 @@ services:
     links:
       - db:db
   db:
-    image: mysql:5.5
+    image: mariadb:10
     environment:
       MYSQL_ROOT_PASSWORD: ${mysql_password}
-      MYSQL_USER: ${mysql_user}
-      MYSQL_PASSWORD: ${mysql_password}
-      MYSQL_DATABASE: ${mysql_db}
+      MYSQL_DATABASE: 'gitea'
     volumes:
       - gitea-db:/var/lib/mysql
 {{- end}}
diff --git a/templates/gitea/0/rancher-compose.yml b/templates/gitea/0/rancher-compose.yml
index 8b1c006..1048f8b 100644
--- a/templates/gitea/0/rancher-compose.yml
+++ b/templates/gitea/0/rancher-compose.yml
@@ -1,25 +1,25 @@
 version: '2'
 catalog:
   name: "Gitea"
-  version: "v0.11.19"
-  description: "A painless self-hosted Git service"
+  version: "v1.3"
+  description: "A painless self-hosted Git service."
   uuid: gitea-0
   minimum_rancher_version: v0.51.0
   questions:
     - variable: http_port
-      description: "http port to access Gitea's webui"
-      label: "Http Port"
+      description: "Public HTTP port to access Gitea's webui."
+      label: "HTTP Port"
       required: true
-      default: "8080" 
+      default: "3000" 
       type: "int"
     - variable: ssh_port
-      description: "ssh port to clone repositories via ssh"
+      description: "Public ssh port to clone repositories via ssh."
       label: "SSH Port"
       required: true
       default: "2222"
       type: "int"
     - variable: "volume_driver"
-      description: "Volume driver to associate with this service"
+      description: "Volume driver to associate with this service."
       label: "Volume Driver"
       required: true
       default: "local"
@@ -30,27 +30,14 @@ catalog:
         - rancher-efs
         - rancher-ebs
     - variable: "db_link"
-      description: |
-        DB external service link cluster.
-      label: "External db service"
+      description: "External DB service to use with gitea instead of its own DB-Container."
+      label: "External DB service"
       default: ""
       required: false
       type: "service"
-    - variable: mysql_db
-      description: "mysql db"
-      label: "Mysql db"
-      required: true
-      default: "gitea"
-      type: "string"
-    - variable: mysql_user
-      description: "mysql user"
-      label: "Mysql User"
-      required: true
-      default: "gitea"
-      type: "string"
     - variable: mysql_password
-      description: "mysql root password"
-      label: "Mysql Password"
+      description: "MySQL root password to use for Gitea."
+      label: "MySQL Password"
       required: true
       default: "default_pass"
       type: "password"

From e060c0f1bd7222f50299d7f87201558397024b80 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Wed, 22 Nov 2017 21:01:18 +0100
Subject: [PATCH 40/71] updated gitea config template

---
 templates/gitea/0/docker-compose.yml.tpl | 2 +-
 templates/gitea/0/rancher-compose.yml    | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index 82b3d2b..9f53a85 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -19,7 +19,7 @@ services:
       - gitea-db:/var/lib/mysql
 {{- end}}
   lb:
-    image: rancher/lb-service-haproxy:v0.6.4
+    image: rancher/lb-service-haproxy:v0.7.9
     ports:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp
diff --git a/templates/gitea/0/rancher-compose.yml b/templates/gitea/0/rancher-compose.yml
index 1048f8b..f3f7a99 100644
--- a/templates/gitea/0/rancher-compose.yml
+++ b/templates/gitea/0/rancher-compose.yml
@@ -4,7 +4,8 @@ catalog:
   version: "v1.3"
   description: "A painless self-hosted Git service."
   uuid: gitea-0
-  minimum_rancher_version: v0.51.0
+  minimum_rancher_version: v0.56.0
+  maintainer: "Konrad Langenberg <k@knt.li>"
   questions:
     - variable: http_port
       description: "Public HTTP port to access Gitea's webui."

From 70f2a120381aca0f7db42ccb47a36d970be744b0 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Wed, 22 Nov 2017 21:01:37 +0100
Subject: [PATCH 41/71] added gitea readme

---
 templates/gitea/0/Readme.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 templates/gitea/0/Readme.md

diff --git a/templates/gitea/0/Readme.md b/templates/gitea/0/Readme.md
new file mode 100644
index 0000000..d0ba3c3
--- /dev/null
+++ b/templates/gitea/0/Readme.md
@@ -0,0 +1,18 @@
+# Gitea - Git with a cup of tea
+
+> A painless self-hosted Git service.
+
+Gitea is a community managed fork of Gogs, lightweight code hosting solution written in Go and published under the MIT license.
+
+## Installation
+
+Note the mysql-root password from below, you will need it during installation.
+
+When launching Gitea for the first time, you will greeted with an installer. You'll need to change two things: 
+
+* The database settings:
+  * Username: `root`
+  * Password: the previously mentioned password
+  * Database: `gitea`
+  * Database Host: `db:3306`
+* Change the public URL to the one you defined previously, this is needed to access Gitea's web UI.

From 28484c26c2d1ffa16a2de0a27a657ab9fd97792f Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Wed, 22 Nov 2017 21:09:01 +0100
Subject: [PATCH 42/71] updated readme

---
 templates/gitea/0/Readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/gitea/0/Readme.md b/templates/gitea/0/Readme.md
index d0ba3c3..7efe854 100644
--- a/templates/gitea/0/Readme.md
+++ b/templates/gitea/0/Readme.md
@@ -15,4 +15,6 @@ When launching Gitea for the first time, you will greeted with an installer. You
   * Password: the previously mentioned password
   * Database: `gitea`
   * Database Host: `db:3306`
+* Change the domain name to the one you use to access Gitea
+* Change the public ssh port to the one you defined earlier if you want to enable ssh
 * Change the public URL to the one you defined previously, this is needed to access Gitea's web UI.

From 89915400bccc8b6cfba779d5429833e050b44aae Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Wed, 22 Nov 2017 21:26:11 +0100
Subject: [PATCH 43/71] updated gitea to rc

---
 templates/gitea/0/docker-compose.yml.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index 9f53a85..f8b8282 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -1,7 +1,7 @@
 version: '2'
 services:
   gitea:
-    image: gitea/gitea:1.3
+    image: gitea/gitea:1.3.0-rc1
     volumes:
       - gitea-data:/data
 {{- if ne .Values.db_link ""}}

From a51aca86ae0c5ef5aa9417d07c07d6fba9015e91 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Sun, 26 Nov 2017 14:52:52 +0100
Subject: [PATCH 44/71] updated config to fix running multiple containers with
 shared volumes

---
 templates/gitea/0/docker-compose.yml.tpl | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index f8b8282..92d617e 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -3,7 +3,13 @@ services:
   gitea:
     image: gitea/gitea:1.3.0-rc1
     volumes:
-      - gitea-data:/data
+      - gitea-data/git:/data/git
+      - gitea-data/ssh:/data/ssh
+      - gitea-data/gitea/conf:/data/gitea/lfs
+      - gitea-data/gitea/lfs:/data/gitea/lfs
+      - gitea-data/gitea/log:/data/gitea/log
+      - gitea-data/gitea/sessions:/data/gitea/sessions
+
 {{- if ne .Values.db_link ""}}
     external_links:
       - ${db_link}:db

From a8a5c2be845f0944d4b8ca801c19e0400fd9c589 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Sun, 26 Nov 2017 14:57:17 +0100
Subject: [PATCH 45/71] updated config to fix running multiple containers with
 shared volumes fix

---
 templates/gitea/0/docker-compose.yml.tpl | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index 92d617e..0a9f9f2 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -3,12 +3,12 @@ services:
   gitea:
     image: gitea/gitea:1.3.0-rc1
     volumes:
-      - gitea-data/git:/data/git
-      - gitea-data/ssh:/data/ssh
-      - gitea-data/gitea/conf:/data/gitea/lfs
-      - gitea-data/gitea/lfs:/data/gitea/lfs
-      - gitea-data/gitea/log:/data/gitea/log
-      - gitea-data/gitea/sessions:/data/gitea/sessions
+      - gitea-data-git:/data/git
+      - gitea-data-ssh:/data/ssh
+      - gitea-data-conf:/data/gitea/lfs
+      - gitea-data-lfs:/data/gitea/lfs
+      - gitea-data-log:/data/gitea/log
+      - gitea-data-sessions:/data/gitea/sessions
 
 {{- if ne .Values.db_link ""}}
     external_links:
@@ -30,7 +30,17 @@ services:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp
 volumes:
-  gitea-data:
+  gitea-data-git:
+    driver: ${volume_driver}
+  gitea-data-ssh:
+    driver: ${volume_driver}
+  gitea-data-conf:
+    driver: ${volume_driver}
+  gitea-data-lfs:
+    driver: ${volume_driver}
+  gitea-data-log:
+    driver: ${volume_driver}
+  gitea-data-sessions:
     driver: ${volume_driver}
 {{- if eq .Values.db_link ""}}
   gitea-db:

From 9783dbc89d36137f39d52269d103facfd0b09548 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Sun, 26 Nov 2017 16:42:45 +0100
Subject: [PATCH 46/71] fixed volumes

---
 templates/gitea/0/docker-compose.yml.tpl | 32 ++++++------------------
 templates/gitea/0/rancher-compose.yml    | 26 +++++++++++--------
 2 files changed, 23 insertions(+), 35 deletions(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index 0a9f9f2..d2a1109 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -3,12 +3,12 @@ services:
   gitea:
     image: gitea/gitea:1.3.0-rc1
     volumes:
-      - gitea-data-git:/data/git
-      - gitea-data-ssh:/data/ssh
-      - gitea-data-conf:/data/gitea/lfs
-      - gitea-data-lfs:/data/gitea/lfs
-      - gitea-data-log:/data/gitea/log
-      - gitea-data-sessions:/data/gitea/sessions
+      - ${data_path}/git:/data/git
+      - ${data_path}/ssh:/data/ssh
+      - ${data_path}/gitea/conf:/data/gitea/lfs
+      - ${data_path}/gitea/lfs:/data/gitea/lfs
+      - ${data_path}/gitea/log:/data/gitea/log
+      - ${data_path}/gitea/sessions:/data/gitea/sessions
 
 {{- if ne .Values.db_link ""}}
     external_links:
@@ -22,28 +22,10 @@ services:
       MYSQL_ROOT_PASSWORD: ${mysql_password}
       MYSQL_DATABASE: 'gitea'
     volumes:
-      - gitea-db:/var/lib/mysql
+      - ${data_path}/gitea/db:/var/lib/mysql
 {{- end}}
   lb:
     image: rancher/lb-service-haproxy:v0.7.9
     ports:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp
-volumes:
-  gitea-data-git:
-    driver: ${volume_driver}
-  gitea-data-ssh:
-    driver: ${volume_driver}
-  gitea-data-conf:
-    driver: ${volume_driver}
-  gitea-data-lfs:
-    driver: ${volume_driver}
-  gitea-data-log:
-    driver: ${volume_driver}
-  gitea-data-sessions:
-    driver: ${volume_driver}
-{{- if eq .Values.db_link ""}}
-  gitea-db:
-    driver: ${volume_driver}
-{{- end}}
-
diff --git a/templates/gitea/0/rancher-compose.yml b/templates/gitea/0/rancher-compose.yml
index f3f7a99..c1d83b0 100644
--- a/templates/gitea/0/rancher-compose.yml
+++ b/templates/gitea/0/rancher-compose.yml
@@ -19,17 +19,23 @@ catalog:
       required: true
       default: "2222"
       type: "int"
-    - variable: "volume_driver"
-      description: "Volume driver to associate with this service."
-      label: "Volume Driver"
+    - variable: data_path
+      description: "Path where to store the data of the Gitea-instance."
+      label: "Data path"
       required: true
-      default: "local"
-      type: enum
-      options: # List of options if using type of `enum`
-        - local
-        - rancher-nfs
-        - rancher-efs
-        - rancher-ebs
+      default: "/var/lib/gitea"
+      type: "string"
+#    - variable: "volume_driver"
+#      description: "Volume driver to associate with this service."
+#      label: "Volume Driver"
+#      required: true
+#      default: "local"
+#      type: enum
+#      options: # List of options if using type of `enum`
+#        - local
+#        - rancher-nfs
+#        - rancher-efs
+#        - rancher-ebs
     - variable: "db_link"
       description: "External DB service to use with gitea instead of its own DB-Container."
       label: "External DB service"

From d1917df761201dac20835b527513fb68be08c0a4 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Sun, 26 Nov 2017 16:44:47 +0100
Subject: [PATCH 47/71] fixed volumes

---
 templates/gitea/0/docker-compose.yml.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index d2a1109..0ae675e 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -5,7 +5,7 @@ services:
     volumes:
       - ${data_path}/git:/data/git
       - ${data_path}/ssh:/data/ssh
-      - ${data_path}/gitea/conf:/data/gitea/lfs
+      - ${data_path}/gitea/conf:/data/gitea/conf
       - ${data_path}/gitea/lfs:/data/gitea/lfs
       - ${data_path}/gitea/log:/data/gitea/log
       - ${data_path}/gitea/sessions:/data/gitea/sessions

From b80d13b46f809cd847490517989edd2e5aea900c Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Sun, 26 Nov 2017 17:42:02 +0100
Subject: [PATCH 48/71] fixed volums

---
 templates/gitea/0/docker-compose.yml.tpl | 32 ++++++++++++++++++------
 templates/gitea/0/rancher-compose.yml    | 32 ++++++++++++------------
 2 files changed, 41 insertions(+), 23 deletions(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index 0ae675e..2f0a71c 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -3,12 +3,12 @@ services:
   gitea:
     image: gitea/gitea:1.3.0-rc1
     volumes:
-      - ${data_path}/git:/data/git
-      - ${data_path}/ssh:/data/ssh
-      - ${data_path}/gitea/conf:/data/gitea/conf
-      - ${data_path}/gitea/lfs:/data/gitea/lfs
-      - ${data_path}/gitea/log:/data/gitea/log
-      - ${data_path}/gitea/sessions:/data/gitea/sessions
+      - gitea-data-git:/data/git
+      - gitea-data-ssh:/data/ssh
+      - gitea-data-conf:/data/gitea/conf
+      - gitea-data-lfs:/data/gitea/lfs
+      - gitea-data-log:/data/gitea/log
+      - gitea-data-sessions:/data/gitea/sessions
 
 {{- if ne .Values.db_link ""}}
     external_links:
@@ -22,10 +22,28 @@ services:
       MYSQL_ROOT_PASSWORD: ${mysql_password}
       MYSQL_DATABASE: 'gitea'
     volumes:
-      - ${data_path}/gitea/db:/var/lib/mysql
+      - gitea-db:/var/lib/mysql
 {{- end}}
   lb:
     image: rancher/lb-service-haproxy:v0.7.9
     ports:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp
+volumes:
+  gitea-data-git:
+    driver: ${volume_driver}
+  gitea-data-ssh:
+    driver: ${volume_driver}
+  gitea-data-conf:
+    driver: ${volume_driver}
+  gitea-data-lfs:
+    driver: ${volume_driver}
+  gitea-data-log:
+    driver: ${volume_driver}
+  gitea-data-sessions:
+    driver: ${volume_driver}
+{{- if eq .Values.db_link ""}}
+  gitea-db:
+    driver: ${volume_driver}
+{{- end}}
+
diff --git a/templates/gitea/0/rancher-compose.yml b/templates/gitea/0/rancher-compose.yml
index c1d83b0..475a32f 100644
--- a/templates/gitea/0/rancher-compose.yml
+++ b/templates/gitea/0/rancher-compose.yml
@@ -19,23 +19,23 @@ catalog:
       required: true
       default: "2222"
       type: "int"
-    - variable: data_path
-      description: "Path where to store the data of the Gitea-instance."
-      label: "Data path"
-      required: true
-      default: "/var/lib/gitea"
-      type: "string"
-#    - variable: "volume_driver"
-#      description: "Volume driver to associate with this service."
-#      label: "Volume Driver"
+#    - variable: data_path
+#      description: "Path where to store the data of the Gitea-instance."
+#      label: "Data path"
 #      required: true
-#      default: "local"
-#      type: enum
-#      options: # List of options if using type of `enum`
-#        - local
-#        - rancher-nfs
-#        - rancher-efs
-#        - rancher-ebs
+#      default: "/var/lib/gitea"
+#      type: "string"
+    - variable: "volume_driver"
+      description: "Volume driver to associate with this service."
+      label: "Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
     - variable: "db_link"
       description: "External DB service to use with gitea instead of its own DB-Container."
       label: "External DB service"

From c265f8c0a69506a8efc343c0d1a82e9aee127d70 Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Sun, 26 Nov 2017 17:51:02 +0100
Subject: [PATCH 49/71] resetted volumes

---
 templates/gitea/0/docker-compose.yml.tpl | 19 ++-----------------
 templates/gitea/0/rancher-compose.yml    |  6 ------
 2 files changed, 2 insertions(+), 23 deletions(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index 2f0a71c..f61da61 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -3,12 +3,7 @@ services:
   gitea:
     image: gitea/gitea:1.3.0-rc1
     volumes:
-      - gitea-data-git:/data/git
-      - gitea-data-ssh:/data/ssh
-      - gitea-data-conf:/data/gitea/conf
-      - gitea-data-lfs:/data/gitea/lfs
-      - gitea-data-log:/data/gitea/log
-      - gitea-data-sessions:/data/gitea/sessions
+      - gitea-data:/data
 
 {{- if ne .Values.db_link ""}}
     external_links:
@@ -30,17 +25,7 @@ services:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp
 volumes:
-  gitea-data-git:
-    driver: ${volume_driver}
-  gitea-data-ssh:
-    driver: ${volume_driver}
-  gitea-data-conf:
-    driver: ${volume_driver}
-  gitea-data-lfs:
-    driver: ${volume_driver}
-  gitea-data-log:
-    driver: ${volume_driver}
-  gitea-data-sessions:
+  gitea-data:
     driver: ${volume_driver}
 {{- if eq .Values.db_link ""}}
   gitea-db:
diff --git a/templates/gitea/0/rancher-compose.yml b/templates/gitea/0/rancher-compose.yml
index 475a32f..f3f7a99 100644
--- a/templates/gitea/0/rancher-compose.yml
+++ b/templates/gitea/0/rancher-compose.yml
@@ -19,12 +19,6 @@ catalog:
       required: true
       default: "2222"
       type: "int"
-#    - variable: data_path
-#      description: "Path where to store the data of the Gitea-instance."
-#      label: "Data path"
-#      required: true
-#      default: "/var/lib/gitea"
-#      type: "string"
     - variable: "volume_driver"
       description: "Volume driver to associate with this service."
       label: "Volume Driver"

From a83a939c87b4e71511ac319c90aa5b9807037f7e Mon Sep 17 00:00:00 2001
From: Ali Bazlamit <ali.bazlamit@hotmail.com>
Date: Mon, 27 Nov 2017 18:04:55 +0100
Subject: [PATCH 50/71] Update rancher ui

---
 machine-templates/profitbricks/1/rancher-compose.yml | 3 +++
 machine-templates/profitbricks/1/uiUrl               | 1 +
 machine-templates/profitbricks/1/url                 | 1 +
 3 files changed, 5 insertions(+)
 create mode 100644 machine-templates/profitbricks/1/rancher-compose.yml
 create mode 100644 machine-templates/profitbricks/1/uiUrl
 create mode 100644 machine-templates/profitbricks/1/url

diff --git a/machine-templates/profitbricks/1/rancher-compose.yml b/machine-templates/profitbricks/1/rancher-compose.yml
new file mode 100644
index 0000000..1651309
--- /dev/null
+++ b/machine-templates/profitbricks/1/rancher-compose.yml
@@ -0,0 +1,3 @@
+.catalog:
+  name: "profitbricks"
+  version: "v1.3.3"
\ No newline at end of file
diff --git a/machine-templates/profitbricks/1/uiUrl b/machine-templates/profitbricks/1/uiUrl
new file mode 100644
index 0000000..87ba1ff
--- /dev/null
+++ b/machine-templates/profitbricks/1/uiUrl
@@ -0,0 +1 @@
+https://profitbricks.github.io/ui-driver-profitbricks/docs/1.2.0/component.js
\ No newline at end of file
diff --git a/machine-templates/profitbricks/1/url b/machine-templates/profitbricks/1/url
new file mode 100644
index 0000000..2abec63
--- /dev/null
+++ b/machine-templates/profitbricks/1/url
@@ -0,0 +1 @@
+https://github.com/profitbricks/docker-machine-driver-profitbricks/releases/download/v1.3.3/docker-machine-driver-profitbricks-v1.3.3-linux-amd64.tar.gz
\ No newline at end of file

From 4cce778b97bb2f36540328e256af3a4be5f2ae96 Mon Sep 17 00:00:00 2001
From: Antonio Pitasi <pitasi.antonio@gmail.com>
Date: Mon, 27 Nov 2017 22:17:11 +0100
Subject: [PATCH 51/71] Fix Drone config typo for GitLab

This is preventing Drone to generate a valid OAuth url for logins.
---
 templates/drone/4/docker-compose.yml.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/drone/4/docker-compose.yml.tpl b/templates/drone/4/docker-compose.yml.tpl
index eae9aad..fb9a50a 100644
--- a/templates/drone/4/docker-compose.yml.tpl
+++ b/templates/drone/4/docker-compose.yml.tpl
@@ -62,7 +62,7 @@ services:
 {{- end}}
 {{- if eq .Values.drone_driver "GitLab"}}
       DRONE_GITLAB: true
-      DRONE_GITLAB_CLIENT: ${drone_driver_secret}
+      DRONE_GITLAB_CLIENT: ${drone_driver_client}
       DRONE_GITLAB_SECRET: ${drone_driver_secret}
       DRONE_GITLAB_URL: ${drone_driver_url}
 {{- end}}

From bc7dabd318cc6d0084bbd9a8ed020100a5f6a628 Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 11:16:45 +0100
Subject: [PATCH 52/71] Added the new docker image as a new version, because
 the old one is deprecated.

---
 templates/jenkins-ci/4/docker-compose.yml  | 20 +++++++++++
 templates/jenkins-ci/4/rancher-compose.yml | 42 ++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 templates/jenkins-ci/4/docker-compose.yml
 create mode 100644 templates/jenkins-ci/4/rancher-compose.yml

diff --git a/templates/jenkins-ci/4/docker-compose.yml b/templates/jenkins-ci/4/docker-compose.yml
new file mode 100644
index 0000000..4de40bf
--- /dev/null
+++ b/templates/jenkins-ci/4/docker-compose.yml
@@ -0,0 +1,20 @@
+jenkins-primary:
+  image: "jenkins/jenkins:2.92"
+  ports:
+    - "${PORT}:8080"
+  labels:
+    io.rancher.sidekicks: jenkins-plugins,jenkins-datavolume
+    io.rancher.container.hostname_override: container_name
+  volumes_from:
+    - jenkins-plugins
+    - jenkins-datavolume
+  entrypoint: /usr/share/jenkins/rancher/jenkins.sh
+jenkins-plugins:
+  image: rancher/jenkins-plugins:v0.1.1
+jenkins-datavolume:
+  image: "busybox"
+  volumes:
+    - ${volume_work}:/var/jenkins_home
+  labels:
+    io.rancher.container.start_once: true
+  entrypoint: ["chown", "-R", "1000:1000", "/var/jenkins_home"]
diff --git a/templates/jenkins-ci/4/rancher-compose.yml b/templates/jenkins-ci/4/rancher-compose.yml
new file mode 100644
index 0000000..2fd65c6
--- /dev/null
+++ b/templates/jenkins-ci/4/rancher-compose.yml
@@ -0,0 +1,42 @@
+.catalog:
+  name: Jenkins
+  version: 2.92
+  description: |
+    Jenkins CI management server.
+  questions:
+  - variable: "PORT"
+    type: "int"
+    label: "Port Number"
+    description: "Which port should Jenkins listen on?"
+    default: 8080
+    required: true
+  - variable: "volume_work"
+    description: "Work volume to save jenkins data"
+    label: "Work volume:"
+    required: true
+    default: "/var/lib/docker/jenkins-ci"
+    type: "string"
+  - variable: "plugins"
+    type: "multiline"
+    label: "List of Plugins"
+    description: |
+      List of plugins in the format <plugin_name>[:<version>]
+      one entry per line.
+    default: |
+      credentials
+      git
+      git-client
+      github
+      github-api
+      github-oauth
+      greenballs
+      junit
+      plain-credentials
+      scm-api
+      ssh-credentials
+      ssh-slaves
+      swarm
+jenkins-primary:
+  metadata:
+    plugins: |
+      ${plugins}

From 9de88cb90fadabbe4b40358c7b4962bb7dbc2110 Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 11:20:24 +0100
Subject: [PATCH 53/71] Changed version, to use newest

---
 templates/jenkins-ci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/jenkins-ci/config.yml b/templates/jenkins-ci/config.yml
index 42c8ad3..cca11b2 100644
--- a/templates/jenkins-ci/config.yml
+++ b/templates/jenkins-ci/config.yml
@@ -1,5 +1,5 @@
 name: Jenkins
 description: |
   Jenkins CI server (LTS)
-version: 2.60.1-rancher1
+version: 2.92
 category: Continuous Integration

From 567be4323194e4a3aaa3177a942414f2f13da66e Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 11:41:20 +0100
Subject: [PATCH 54/71] New version for gogs, plus mysql upgrade in that
 catalog

---
 templates/gogs/1/docker-compose.yml.tpl | 35 +++++++++
 templates/gogs/1/rancher-compose.yml    | 94 +++++++++++++++++++++++++
 templates/gogs/config.yml               |  2 +-
 3 files changed, 130 insertions(+), 1 deletion(-)
 create mode 100644 templates/gogs/1/docker-compose.yml.tpl
 create mode 100644 templates/gogs/1/rancher-compose.yml

diff --git a/templates/gogs/1/docker-compose.yml.tpl b/templates/gogs/1/docker-compose.yml.tpl
new file mode 100644
index 0000000..b9ca12f
--- /dev/null
+++ b/templates/gogs/1/docker-compose.yml.tpl
@@ -0,0 +1,35 @@
+version: '2'
+services:
+  gogs:
+    image: gogs/gogs:0.11.34
+    volumes:
+      - gogs-data:/data
+{{- if ne .Values.db_link ""}}
+    external_links:
+      - ${db_link}:db
+{{- else}}
+    links:
+      - db:db
+  db:
+    image: mysql:8.0
+    environment:
+      MYSQL_ROOT_PASSWORD: ${mysql_password}
+      MYSQL_USER: ${mysql_user}
+      MYSQL_PASSWORD: ${mysql_password}
+      MYSQL_DATABASE: ${mysql_db}
+    volumes:
+      - gogs-db:/var/lib/mysql
+{{- end}}
+  lb:
+    image: rancher/lb-service-haproxy:v0.7.17
+    ports:
+    - ${http_port}:${http_port}/tcp
+    - ${ssh_port}:${ssh_port}/tcp
+volumes:
+  gogs-data:
+    driver: ${volume_driver}
+{{- if eq .Values.db_link ""}}
+  gogs-db:
+    driver: ${volume_driver}
+{{- end}}
+
diff --git a/templates/gogs/1/rancher-compose.yml b/templates/gogs/1/rancher-compose.yml
new file mode 100644
index 0000000..982db81
--- /dev/null
+++ b/templates/gogs/1/rancher-compose.yml
@@ -0,0 +1,94 @@
+version: '2'
+catalog:
+  name: "Gogs"
+  version: "v0.11.34"
+  description: "A painless self-hosted Git service"
+  uuid: gogs-0
+  minimum_rancher_version: v0.51.0
+  questions:
+    - variable: http_port
+      description: "http port to access gogs webui"
+      label: "Http Port"
+      required: true
+      default: "8080" 
+      type: "int"
+    - variable: ssh_port
+      description: "ssh port to access gogs cli"
+      label: "SSH Port"
+      required: true
+      default: "2222"
+      type: "int"
+    - variable: "volume_driver"
+      description: "Volume driver to associate with this service"
+      label: "Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+    - variable: "db_link"
+      description: |
+        DB external service link cluster.
+      label: "External db service"
+      default: ""
+      required: false
+      type: "service"
+    - variable: mysql_db
+      description: "mysql db"
+      label: "Mysql db"
+      required: true
+      default: "gogs"
+      type: "string"
+    - variable: mysql_user
+      description: "mysql user"
+      label: "Mysql User"
+      required: true
+      default: "gogs"
+      type: "string"
+    - variable: mysql_password
+      description: "mysql root password"
+      label: "Mysql Password"
+      required: true
+      default: "default_pass"
+      type: "password"
+services:
+  gogs:
+    scale: 1
+    retain_ip: true
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 3000
+      unhealthy_threshold: 3
+      initializing_timeout: 300000
+      interval: 2000
+      strategy: recreate
+      request_line: GET "/" "HTTP/1.0"
+      reinitializing_timeout: 120000
+  lb:
+    scale: 1
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: gogs
+        source_port: ${http_port}
+        target_port: 3000
+      - priority: 2
+        protocol: tcp
+        service: gogs
+        source_port: ${ssh_port}
+        target_port: 22
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 42
+      unhealthy_threshold: 3
+      initializing_timeout: 60000
+      interval: 2000
+      reinitializing_timeout: 60000
diff --git a/templates/gogs/config.yml b/templates/gogs/config.yml
index c675211..92331bf 100644
--- a/templates/gogs/config.yml
+++ b/templates/gogs/config.yml
@@ -1,5 +1,5 @@
 name: Gogs
 description: |
     A painless self-hosted Git service
-version: v0.11.19
+version: v0.11.34
 category: Git

From 067a0750cdea5742ce8ec7cd63e1db39fcc757de Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 11:48:53 +0100
Subject: [PATCH 55/71] Fix haproxy version

---
 templates/gogs/1/docker-compose.yml.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gogs/1/docker-compose.yml.tpl b/templates/gogs/1/docker-compose.yml.tpl
index b9ca12f..20fe4e5 100644
--- a/templates/gogs/1/docker-compose.yml.tpl
+++ b/templates/gogs/1/docker-compose.yml.tpl
@@ -21,7 +21,7 @@ services:
       - gogs-db:/var/lib/mysql
 {{- end}}
   lb:
-    image: rancher/lb-service-haproxy:v0.7.17
+    image: rancher/lb-service-haproxy:v0.7.9
     ports:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp

From e8f0f3c3b1b41d3ca935581fb069b05dfa796a31 Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 11:52:07 +0100
Subject: [PATCH 56/71] Fix haproxy version

---
 templates/gogs/1/docker-compose.yml.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gogs/1/docker-compose.yml.tpl b/templates/gogs/1/docker-compose.yml.tpl
index 20fe4e5..355d153 100644
--- a/templates/gogs/1/docker-compose.yml.tpl
+++ b/templates/gogs/1/docker-compose.yml.tpl
@@ -21,7 +21,7 @@ services:
       - gogs-db:/var/lib/mysql
 {{- end}}
   lb:
-    image: rancher/lb-service-haproxy:v0.7.9
+    image: rancher/lb-service-haproxy:v0.6.4
     ports:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp

From cd12b074dc0b6274748f8ea6323b31cf4401bcaa Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 11:57:09 +0100
Subject: [PATCH 57/71] Fix haproxy version

---
 templates/gogs/1/docker-compose.yml.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gogs/1/docker-compose.yml.tpl b/templates/gogs/1/docker-compose.yml.tpl
index 355d153..20fe4e5 100644
--- a/templates/gogs/1/docker-compose.yml.tpl
+++ b/templates/gogs/1/docker-compose.yml.tpl
@@ -21,7 +21,7 @@ services:
       - gogs-db:/var/lib/mysql
 {{- end}}
   lb:
-    image: rancher/lb-service-haproxy:v0.6.4
+    image: rancher/lb-service-haproxy:v0.7.9
     ports:
     - ${http_port}:${http_port}/tcp
     - ${ssh_port}:${ssh_port}/tcp

From 5667c0b1f43c5e8fc416d6cf3831e0abc4cfad06 Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 12:16:58 +0100
Subject: [PATCH 58/71] Update config.yml

---
 templates/jenkins-ci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/jenkins-ci/config.yml b/templates/jenkins-ci/config.yml
index cca11b2..d797b5a 100644
--- a/templates/jenkins-ci/config.yml
+++ b/templates/jenkins-ci/config.yml
@@ -1,5 +1,5 @@
 name: Jenkins
 description: |
   Jenkins CI server (LTS)
-version: 2.92
+version: 2.92-rancher1
 category: Continuous Integration

From 8030fa2e363916451b91f1325c01a4eb9c0fdc84 Mon Sep 17 00:00:00 2001
From: gothrek22 <gothrek22@users.noreply.github.com>
Date: Tue, 28 Nov 2017 12:17:16 +0100
Subject: [PATCH 59/71] Update rancher-compose.yml

---
 templates/jenkins-ci/4/rancher-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/jenkins-ci/4/rancher-compose.yml b/templates/jenkins-ci/4/rancher-compose.yml
index 2fd65c6..30b7d34 100644
--- a/templates/jenkins-ci/4/rancher-compose.yml
+++ b/templates/jenkins-ci/4/rancher-compose.yml
@@ -1,6 +1,6 @@
 .catalog:
   name: Jenkins
-  version: 2.92
+  version: 2.92-rancher1
   description: |
     Jenkins CI management server.
   questions:

From bfb180a2da35417f59270809b1e5feb2852d4850 Mon Sep 17 00:00:00 2001
From: Raul Sanchez <rawmind@gmail.com>
Date: Wed, 29 Nov 2017 23:32:47 +0100
Subject: [PATCH 60/71] Upgraded traefik to v1.4.4. Added traefik constraints
 configuration. Added EnableServiceHealthFilter configuration

---
 templates/traefik/12/README.md              |   3 +-
 templates/traefik/12/docker-compose.yml.tpl |   1 +
 templates/traefik/12/rancher-compose.yml    |   8 +
 templates/traefik/13/README.md              |  82 +++++++
 templates/traefik/13/docker-compose.yml.tpl | 109 ++++++++++
 templates/traefik/13/rancher-compose.yml    | 224 ++++++++++++++++++++
 templates/traefik/config.yml                |   2 +-
 7 files changed, 427 insertions(+), 2 deletions(-)
 create mode 100644 templates/traefik/13/README.md
 create mode 100644 templates/traefik/13/docker-compose.yml.tpl
 create mode 100644 templates/traefik/13/rancher-compose.yml

diff --git a/templates/traefik/12/README.md b/templates/traefik/12/README.md
index a3826ab..7534ce3 100644
--- a/templates/traefik/12/README.md
+++ b/templates/traefik/12/README.md
@@ -8,9 +8,10 @@
 ### Config:
 
 - rancher_integration = "metadata" # Rancher integration method.
+- rancher_healthcheck = false   # Enable/Disable traefik rancher services healthcheck filter. Only valid for api and metadata integration.
 - host_label = "traefik_lb=true" # Host label where to run traefik service.
 - http_port = 8080  # Port exposed to get access to the published services.
-- https_port = 8443  # Port exposed to get secured access to the published services.
+- https_port = 8443  # Port exposed to get secured access to the published services. 
 - admin_port = 8000  # Port exposed to get admin access to the traefik service.
 - https_enable = <false | true | only>
   - false: Enable http enpoints and disable https ones.
diff --git a/templates/traefik/12/docker-compose.yml.tpl b/templates/traefik/12/docker-compose.yml.tpl
index dba840c..aafcab5 100644
--- a/templates/traefik/12/docker-compose.yml.tpl
+++ b/templates/traefik/12/docker-compose.yml.tpl
@@ -46,6 +46,7 @@ services:
   {{- end}}
   {{- if ne .Values.rancher_integration "external"}}
     - TRAEFIK_RANCHER_ENABLE=true
+    - TRAEFIK_RANCHER_HEALTHCHECK=${rancher_healthcheck}
     - TRAEFIK_RANCHER_MODE=${rancher_integration}
     {{- if eq .Values.rancher_integration "api"}}
     - CATTLE_URL=${cattle_url}
diff --git a/templates/traefik/12/rancher-compose.yml b/templates/traefik/12/rancher-compose.yml
index 92c69c5..26150c2 100644
--- a/templates/traefik/12/rancher-compose.yml
+++ b/templates/traefik/12/rancher-compose.yml
@@ -19,6 +19,14 @@ catalog:
         - metadata
         - api
         - external
+    - variable: "rancher_healthcheck"
+      description: | 
+        Enable/disable rancher services healtcheck filter. If enable, just healthy services will be published.
+        Only valid for api and metadata integration. 
+      label: "Rancher healthcheck filter:"
+      required: true
+      default: false 
+      type: "boolean"
     - variable: "host_label"
       description: "Host label where to run traefik service."
       label: "Host label:"
diff --git a/templates/traefik/13/README.md b/templates/traefik/13/README.md
new file mode 100644
index 0000000..3d669e0
--- /dev/null
+++ b/templates/traefik/13/README.md
@@ -0,0 +1,82 @@
+# Traefik active load balancer
+
+### Info:
+
+ This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata.
+ It would be deployed in hosts with label traefik_lb=true.
+
+### Config:
+
+- rancher_integration = "metadata" # Rancher integration method.
+- rancher_healthcheck = false   # Enable/Disable traefik rancher services healthcheck filter. Only valid for api and metadata integration.
+- constraints = ""  # Traefik constraints for rancher provider. Only valid for api and metadata integration.
+- host_label = "traefik_lb=true" # Host label where to run traefik service.
+- http_port = 8080  # Port exposed to get access to the published services.
+- https_port = 8443  # Port exposed to get secured access to the published services. 
+- admin_port = 8000  # Port exposed to get admin access to the traefik service.
+- https_enable = <false | true | only>
+  - false: Enable http enpoints and disable https ones.
+  - true: Enable http and https endpoints.
+  - only: Enable https endpoints and redirect http to https.
+- acme_enable = false               # Enable/Disable acme traefik support.
+- acme_email = "test@traefik.io"    # acme user email
+- acme_ondemand = true              # acme ondemand parameter.
+- acme_onhostrule = true            # acme onHostRule parameter.
+- acme_caserver = "https://acme-v01.api.letsencrypt.org/directory"          # acme caServer parameter.
+- acme_vol_name = "traefik_acme_vol"    # Volume name to user by acme sidekick
+- acme_vol_driver = "local"   # Volume driver to user by acme sidekick
+- ssl_key # Paste your ssl key. *Required if you enable https
+- ssl_crt # Paste your ssl crt. *Required if you enable https
+- insecure_skip = false # Enable InsecureSkipVerify param.
+- compress_enable = true    # Enable traefik compression
+- refresh_interval = 10s  # Interval to refresh traefik rules.toml from rancher-metadata.
+- admin_readonly = false # Set REST API to read-only mode.
+- admin_statistics = 10 # Enable more detailed statistics, extend recent errors number.
+- admin_auth_method = "basic" # Selec auth method, basic or digest.
+- admin_users = "" # Paste basic or digest users created with htdigest, one user per line.
+- prometheus_enable = false # Enable prometheus statistics
+- prometheus_buckets = "[0.1,0.3,1.2,5.0]" # Prometheus buckets
+- cattle_url = ""           # Cattle url if you choose api integration
+- cattle_access_key = ""    # Cattle access key if you choose api integration
+- cattle_secret_key = ""    # Cattle secret key if you choose api integration    
+### Service configuration labels:
+
+Traefik labels has to be added to your services, in order to get included in traefik config.
+
+## Metadata or api
+
+Please use traefik defined labels if you choose metadata or api rancher integration. 
+
+[Traefik rancher backend labels][traefik rancher backend]
+
+Metadata is the prefered and recommended rancher integration.
+
+Api integration needs you create an environment API key in your rancher environment. Also, it needs you provide CATTLE_URL, CATTLE_ACCESS_KEY and CATTLE_SECRET_KEY.
+
+## External
+
+Use this labels if you choose extenal rancher integration.
+
+- traefik.enable = <true | false>
+  - true: the service will be published as *service_name.stack_name.traefik_domain*
+  - stack: the service will be published as *stack_name.traefik_domain*. WARNING: You could have collisions inside services within your stack
+  - false: the service will not be published
+- traefik.alias = < alias >         # Alternate names to route rule. Multiple values separated by ",". WARNING: You could have collisions BE CAREFULL
+- traefik.domain = < domain >       # Domain names to route rule. Multiple values separated by ","
+- traefik.path = < path >           # Path to route rule. Multiple paths separated by ","
+- traefik.port = < port >           # Port to expose throught traefik
+- traefik.acme = < true | false >   # Enable/disable ACME traefik feature
+
+### Usage:
+
+ Select Traefik from catalog.
+
+ Set the params.
+
+ Click deploy.
+
+ Access your traefik admin service at $admin_port to see your published services.
+
+Note: To access the services, you need to create A or CNAMES dns entries for every one.
+
+[traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour
diff --git a/templates/traefik/13/docker-compose.yml.tpl b/templates/traefik/13/docker-compose.yml.tpl
new file mode 100644
index 0000000..88b8b63
--- /dev/null
+++ b/templates/traefik/13/docker-compose.yml.tpl
@@ -0,0 +1,109 @@
+version: '2'
+services:
+  traefik:
+    ports:
+    - ${admin_port}:8000/tcp
+    - ${http_port}:${http_port}/tcp
+    - ${https_port}:${https_port}/tcp
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+      io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+      io.rancher.sidekicks: 
+        {{- if eq .Values.rancher_integration "external"}} traefik-conf
+            {{- if eq .Values.acme_enable "true" -}},{{- end -}}
+        {{- end -}}
+        {{- if eq .Values.acme_enable "true" -}}
+            {{- if ne .Values.rancher_integration "external"}} traefik-acme
+            {{- else -}}traefik-acme
+            {{- end -}}
+        {{- end -}}
+    {{- end}}
+      io.rancher.container.hostname_override: container_name
+    image: rawmind/alpine-traefik:1.4.4-1
+    environment:
+    - TRAEFIK_HTTP_PORT=${http_port}
+    - TRAEFIK_HTTP_COMPRESSION=${compress_enable}
+    - TRAEFIK_HTTPS_PORT=${https_port}
+    - TRAEFIK_HTTPS_ENABLE=${https_enable}
+    - TRAEFIK_HTTPS_COMPRESSION=${compress_enable}
+    - TRAEFIK_INSECURE_SKIP=${insecure_skip}
+    - TRAEFIK_ADMIN_ENABLE=true
+    - TRAEFIK_ADMIN_READ_ONLY=${admin_readonly}
+    - TRAEFIK_ADMIN_STATISTICS=${admin_statistics}
+    - TRAEFIK_ADMIN_AUTH_METHOD=${admin_auth_method}
+    - TRAEFIK_ADMIN_AUTH_USERS=${admin_users}
+  {{- if eq .Values.rancher_integration "external"}}
+    - CONF_INTERVAL=${refresh_interval}
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+    - TRAEFIK_ACME_ENABLE=${acme_enable}
+    - TRAEFIK_ACME_EMAIL=${acme_email}
+    - TRAEFIK_ACME_ONDEMAND=${acme_ondemand}
+    - TRAEFIK_ACME_ONHOSTRULE=${acme_onhostrule}
+    - TRAEFIK_ACME_CASERVER=${acme_caserver}
+  {{- end}}
+  {{- if ne .Values.rancher_integration "external"}}
+    - TRAEFIK_RANCHER_ENABLE=true
+    - TRAEFIK_CONSTRAINTS=${constraints}
+    - TRAEFIK_RANCHER_HEALTHCHECK=${rancher_healthcheck}
+    - TRAEFIK_RANCHER_MODE=${rancher_integration}
+    {{- if eq .Values.rancher_integration "api"}}
+    - CATTLE_URL=${cattle_url}
+    - CATTLE_ACCESS_KEY=${cattle_access_key}
+    - CATTLE_SECRET_KEY=${cattle_secret_key}
+    {{- end}}
+  {{- end}}
+  {{- if eq .Values.prometheus_enable "true"}}
+    - TRAEFIK_PROMETHEUS_ENABLE=${prometheus_enable}
+    - TRAEFIK_PROMETHEUS_BUCKETS=${prometheus_buckets}
+  {{- end}}
+  {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+    volumes_from:
+    {{- if eq .Values.rancher_integration "external"}}
+    - traefik-conf
+    {{- end}}
+    {{- if eq .Values.acme_enable "true"}}
+    - traefik-acme
+    {{- end}}
+  {{- end}}
+  {{- if eq .Values.rancher_integration "external"}}
+  traefik-conf:
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label: ${host_label}
+      io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.start_once: 'true'
+    image: rawmind/rancher-traefik:1.3.6
+    network_mode: none
+    volumes:
+      - tools-volume:/opt/tools
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+  traefik-acme:
+    network_mode: none
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+      io.rancher.container.start_once: true
+    environment:
+      - SERVICE_UID=10001
+      - SERVICE_GID=10001
+      - SERVICE_VOLUME=/opt/traefik/acme
+    volumes:
+      - ${acme_vol_name}:/opt/traefik/acme
+    image: rawmind/alpine-volume:0.0.2-1
+  {{- end}}
+{{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}}
+volumes:
+  {{- if eq .Values.rancher_integration "external"}}
+  tools-volume:
+    driver: local
+    per_container: true
+  {{- end}}
+  {{- if eq .Values.acme_enable "true"}}
+  ${acme_vol_name}:
+    driver: ${acme_vol_driver}
+  {{- end}}
+{{- end}}
diff --git a/templates/traefik/13/rancher-compose.yml b/templates/traefik/13/rancher-compose.yml
new file mode 100644
index 0000000..f097b11
--- /dev/null
+++ b/templates/traefik/13/rancher-compose.yml
@@ -0,0 +1,224 @@
+version: '2'
+catalog:
+  name: traefik
+  version: v1.4.4-rancher1
+  description: |
+    Traefik load balancer.
+  minimum_rancher_version: v0.59.0
+  maintainer: "Raul Sanchez <rawmind@gmail.com>"
+  uuid: traefik-0
+  questions:
+    - variable: "rancher_integration"
+      label: "Choose rancher integration:"
+      description: |
+        Enable rancher integration mode. Traefik built in integration, metadata or api, or external sidekick integration with confd.
+      default: metadata
+      required: true
+      type: enum
+      options:
+        - metadata
+        - api
+        - external
+    - variable: "rancher_healthcheck"
+      description: | 
+        Enable/disable rancher services healtcheck filter. If enable, just healthy services will be published.
+        Only valid for api and metadata integration. 
+      label: "Rancher healthcheck filter:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "constraints"
+      description: |
+        Traefik constraints for rancher provider. Eg: "tag==api"
+        Only valid for api and metadata integration.
+      label: "Traefik constraints:"
+      required: false
+      default: ""
+      type: "string"
+    - variable: "host_label"
+      description: "Host label where to run traefik service."
+      label: "Host label:"
+      required: true
+      default: "traefik_lb=true" 
+      type: "string"
+    - variable: "http_port"
+      description: "Traefik http public port to listen."
+      label: "Http port:"
+      required: true
+      default: 8080
+      type: "int"
+    - variable: "https_port"
+      description: "Traefik https public port to listen."
+      label: "Https port:"
+      required: true
+      default: 8443
+      type: "int"
+    - variable: "admin_port"
+      description: "Traefik admin public port to listen."
+      label: "Admin port:"
+      required: true
+      default: 8000 
+      type: "int"
+    - variable: "https_enable"
+      label: "Https enable:"
+      description: |
+        Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work.
+      default: false
+      required: true
+      type: enum
+      options:
+        - false
+        - true
+        - only
+    - variable: "acme_enable"
+      description: "Enable acme support on traefik."
+      label: "ACME enable:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "acme_email"
+      description: "ACME user email."
+      label: "ACME email:"
+      required: true
+      default: "test@traefik.io" 
+      type: "string"
+    - variable: "acme_ondemand"
+      description: "Enable acme ondemand."
+      label: "ACME ondemand:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "acme_onhostrule"
+      description: "Enable acme onHostRule."
+      label: "ACME onHostRule:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "acme_caserver"
+      description: "ACME caServer to use."
+      label: "ACME caServer:"
+      required: true
+      default: "https://acme-v01.api.letsencrypt.org/directory"
+      type: "string"
+    - variable: "acme_vol_name"
+      description: "The volume name shared to store ACME certs"
+      label: "ACME Volume Name"
+      required: true
+      default: "traefik_acme_vol"
+      type: "string"
+    - variable: "acme_vol_driver"
+      description: "The volume driver shared to store ACME certs"
+      label: "ACME Volume Driver"
+      required: true
+      default: "local"
+      type: enum
+      options: # List of options if using type of `enum`
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+    - variable: "ssl_key"
+      description: "SSL key to secure the service. *Required if you enable https"
+      label: "Https key"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "ssl_crt"
+      description: "SSL cert to secure the service. *Required if you enable https"
+      label: "Https crt"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "insecure_skip"
+      description: "Enable InsecureSkipVerify param."
+      label: "InsecureSkipVerify:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "compress_enable"
+      label: "Enable compression:"
+      description: |
+        Enable Traefik compression for entrypoints.
+      default: true
+      required: true
+      type: "boolean"
+    - variable: "refresh_interval"
+      description: "Interval to poll/apply configuration changes." 
+      label: "Refresh Interval (s):"
+      required: true
+      default: 10 
+      type: "int"
+    - variable: "admin_readonly"
+      label: "Admin readonly:"
+      description: |
+        Set admin to readonly mode.
+      default: false
+      required: true
+      type: "boolean"
+    - variable: "admin_statistics"
+      description: "Enable more detailed statistics."
+      label: "Admin statistics history:"
+      required: true
+      default: 10
+      type: "int"
+    - variable: "admin_auth_method"
+      description: "Admin auth method on the webui."
+      label: "Admin auth method:"
+      required: true
+      default: "basic"
+      type: enum
+      options: # List of options if using type of `enum`
+        - basic
+        - digest
+    - variable: "admin_users"
+      description: "Admin auth user list on the webui. Generate with htpassword for basic or htdigest with traefik realm for digest."
+      label: "Admin users:"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "prometheus_enable"
+      description: "To enable statistics to be pulled by Prometheus."
+      label: "Prometheus enable"
+      default: false
+      required: true
+      type: "boolean"
+    - variable: "prometheus_buckets"
+      description: "To define your own buckets"
+      label: "Prometheus buckets"
+      default: "[0.1,0.3,1.2,5.0]"
+      required: true
+      type: "string"
+    - variable: "cattle_url"
+      description: "API cattle url"
+      label: "Cattle URL"
+      default: ""
+      required: false
+      type: "string"
+    - variable: "cattle_access_key"
+      description: "API environment access key"
+      label: "Cattle access key"
+      default: ""
+      required: false
+      type: "string"
+    - variable: "cattle_secret_key"
+      description: "API environment secret key"
+      label: "Cattle secret key"
+      default: ""
+      required: false
+      type: "string"
+services:
+  traefik:
+    retain_ip: true
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 5000
+      port: 8000
+      unhealthy_threshold: 3
+      interval: 5000
+      strategy: recreate
+    metadata:
+      traefik:
+        ssl_key: |
+          ${ssl_key}
+        ssl_crt: |
+          ${ssl_crt}
diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml
index de632db..e1f436d 100644
--- a/templates/traefik/config.yml
+++ b/templates/traefik/config.yml
@@ -1,7 +1,7 @@
 name: Traefik
 description: |
   Traefik active load balancer
-version: v1.4.3-rancher1
+version: v1.4.4-rancher1
 category: Load Balancing
 maintainer: "Raul Sanchez <rawmind@gmail.com>"
 minimum_rancher_version: v0.59.0

From 3c307247d8bf7aa8c55b0b478476e93ac5716047 Mon Sep 17 00:00:00 2001
From: srinivas <srinivas@avinetworks.com>
Date: Sat, 2 Dec 2017 02:17:36 +0530
Subject: [PATCH 61/71] AV-27859 Rancher template

---
 templates/avi/2/README.md           | 29 +++++++++++++++
 templates/avi/2/docker-compose.yml  | 13 +++++++
 templates/avi/2/rancher-compose.yml | 57 +++++++++++++++++++++++++++++
 3 files changed, 99 insertions(+)
 create mode 100644 templates/avi/2/README.md
 create mode 100644 templates/avi/2/docker-compose.yml
 create mode 100644 templates/avi/2/rancher-compose.yml

diff --git a/templates/avi/2/README.md b/templates/avi/2/README.md
new file mode 100644
index 0000000..5f11ed2
--- /dev/null
+++ b/templates/avi/2/README.md
@@ -0,0 +1,29 @@
+Avi Vantage Platform Load Balancer Provider
+========
+
+## About Avi Vantage Platform
+The [Avi Vantage Platform](https://avinetworks.com/software-load-balancer-for-any-cloud/) is built on software-defined architectural principles to create a centrally managed pool of distributed load balancers to deliver application services close to the applications.
+
+## About this provider
+This provider load balances Rancher services using Avi Vantage Platform Load Balancer. It uses REST API to update the Avi controller which enables the Avi Service Engines to load balance the Rancher Services.
+
+## Usage
+
+1. Deploy the stack for this provider from Rancher Community Catalog.
+   While deploying, you need to give the username, password,
+   Avi Controller IP address, Avi Controller Port, the Cloud name
+   where Virtual Services and Pools are created.
+2. Create services in Rancher with public host port mapping and corresponding
+   Virtual services are created in Avi. All CRUD operations on services get
+   reflected in Avi Controller and Service Engine.
+3. You can scale out/in the service and the changes will get reflected on
+   Avi Controller and Service Engine.
+
+### Using Rancher Secrets for Avi Password
+
+Optionally, you can use the Rancher Secrets to pass the Avi controller
+password instead of using environment variable.
+1. Run the Rancher Secrets service before deploying this provider stack.
+2. Create a secret named "avi-creds".
+3. While deploying the Avi provider stack, use the "avi-creds" secret
+   for Avi Provider service.
diff --git a/templates/avi/2/docker-compose.yml b/templates/avi/2/docker-compose.yml
new file mode 100644
index 0000000..381b73a
--- /dev/null
+++ b/templates/avi/2/docker-compose.yml
@@ -0,0 +1,13 @@
+avi:
+  image: avinetworks/avi-rancher-controller
+  expose: 
+   - 1000
+  environment:
+    AVI_USER: ${AVI_USER}
+    AVI_PASSWORD: ${AVI_PASSWORD}
+    AVI_CONTROLLER_ADDR: ${AVI_CONTROLLER_ADDR}
+    AVI_CONTROLLER_PORT: ${AVI_CONTROLLER_PORT}
+    AVI_SSL_VERIFY: ${AVI_SSL_VERIFY}
+    AVI_CLOUD_NAME: ${AVI_CLOUD_NAME}
+    AVI_DNS_SUBDOMAIN: ${AVI_DNS_SUBDOMAIN}
+    AVI_TENANT: ${AVI_TENANT}
diff --git a/templates/avi/2/rancher-compose.yml b/templates/avi/2/rancher-compose.yml
new file mode 100644
index 0000000..0a7a201
--- /dev/null
+++ b/templates/avi/2/rancher-compose.yml
@@ -0,0 +1,57 @@
+.catalog:
+  name: Avi Vantange Platform Load Balancer
+  version: "v1-Avi"
+  description: "External LB service powered by Avi Vantage Platform"
+  minimum_rancher_version: v1.1.0
+  questions:
+    - variable: "AVI_USER"
+      label: "Avi account username"
+      description: "User name for your account on Avi Controller"
+      type: "string"
+      required: true
+    - variable: "AVI_PASSWORD"
+      label: "Avi user account password"
+      description: "Password for your account on Avi Controller"
+      type: "password"
+      required: false
+    - variable: "AVI_CONTROLLER_ADDR"
+      label: "Avi Controller IP Address"
+      description: "IP Address of the Avi Controller"
+      type: "string"
+      required: true
+    - variable: "AVI_CONTROLLER_PORT"
+      label: "Avi Controller Port (Optional)"
+      description: "Port on which Avi Controller is listening for API requests"
+      type: "string"
+      required: false
+    - variable: "AVI_CLOUD_NAME"
+      label: "Avi Cloud Name (Optional)"
+      description: "Name of Avi Cloud in which Virtual Services are created"
+      required: false
+      type: "string"
+    - variable: "AVI_SSL_VERIFY"
+      label: "Avi SSL Verify (Optional)"
+      description: "SSL certificate validation while connecting to Avi Controller"
+      required: false
+      type: "boolean"
+      default: false
+    - variable: "AVI_DNS_SUBDOMAIN"
+      label: "Avi VS subdomain"
+      description: "Avi Virtual services are created with the subdomain config"
+      type: "string"
+      required: false
+    - variable: "AVI_TENANT"
+      label: "Avi tenant name"
+      description: "Avi Virtual service created in tenant"
+      type: "string"
+      required: false
+      default: admin
+
+avi:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 2
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

From e61622ea102412f4ab0219a271d97001c45a430e Mon Sep 17 00:00:00 2001
From: srinivas <srinivas@avinetworks.com>
Date: Sat, 2 Dec 2017 02:22:28 +0530
Subject: [PATCH 62/71] AV-27859 changed default version to v1-Avi

---
 templates/avi/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/avi/config.yml b/templates/avi/config.yml
index 16b90a4..c8641fd 100644
--- a/templates/avi/config.yml
+++ b/templates/avi/config.yml
@@ -1,5 +1,5 @@
 name: Avi Vantage Platform
 description: |
     External LB service powered by Avi Vantage Platform
-version: v0.3.4-rancher1
+version: v1-Avi
 category: Load Balancing

From 4f5b1a7419af19ddfef775a6fb84b13919a9c514 Mon Sep 17 00:00:00 2001
From: srinivas <srinivas@avinetworks.com>
Date: Sun, 3 Dec 2017 16:30:55 +0530
Subject: [PATCH 63/71] AV-27859 added timestamp to image

---
 templates/avi/2/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/avi/2/docker-compose.yml b/templates/avi/2/docker-compose.yml
index 381b73a..137a8ee 100644
--- a/templates/avi/2/docker-compose.yml
+++ b/templates/avi/2/docker-compose.yml
@@ -1,5 +1,5 @@
 avi:
-  image: avinetworks/avi-rancher-controller
+  image: avinetworks/avi-rancher-controller:2017-12-01T194110.475015629Z
   expose: 
    - 1000
   environment:

From a9f591e67624dddb4e2455c4efadaada31f6a62f Mon Sep 17 00:00:00 2001
From: kolaente <konrad@kola-entertainments.de>
Date: Sun, 3 Dec 2017 16:25:14 +0100
Subject: [PATCH 64/71] updated gitea to 1.3.0

---
 templates/gitea/0/docker-compose.yml.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/gitea/0/docker-compose.yml.tpl b/templates/gitea/0/docker-compose.yml.tpl
index f61da61..6b4533e 100644
--- a/templates/gitea/0/docker-compose.yml.tpl
+++ b/templates/gitea/0/docker-compose.yml.tpl
@@ -1,7 +1,7 @@
 version: '2'
 services:
   gitea:
-    image: gitea/gitea:1.3.0-rc1
+    image: gitea/gitea:1.3.0
     volumes:
       - gitea-data:/data
 

From c88d53d0a2f59f5b7c0f507ef8132f2a235ab42c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=93=D0=B5=D0=BD=D1=83=D1=81=20=D0=90=D0=BB=D0=B5=D0=BA?=
 =?UTF-8?q?=D1=81=D0=B5=D0=B9=20=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B5?=
 =?UTF-8?q?=D0=B2=D0=B8=D1=87?= <genus@OPEN.RU>
Date: Wed, 29 Nov 2017 17:36:16 +0300
Subject: [PATCH 65/71] Add docker volume for cgroups name resolving and uts
 host namespace

---
 templates/netdata/1/docker-compose.yml  | 13 +++++++++++++
 templates/netdata/1/rancher-compose.yml | 13 +++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 templates/netdata/1/docker-compose.yml
 create mode 100644 templates/netdata/1/rancher-compose.yml

diff --git a/templates/netdata/1/docker-compose.yml b/templates/netdata/1/docker-compose.yml
new file mode 100644
index 0000000..10c2bc1
--- /dev/null
+++ b/templates/netdata/1/docker-compose.yml
@@ -0,0 +1,13 @@
+netdata:
+  image: titpetric/netdata:latest
+  labels:
+    io.rancher.scheduler.global: 'true'
+  uts: host
+  cap_add:
+  - SYS_PTRACE
+  volumes:
+  - /proc:/host/proc:ro
+  - /sys:/host/sys:ro
+  - /var/run/docker.sock:/var/run/docker.sock:ro
+  environment:
+    NETDATA_PORT: "${NETDATA_PORT}"
diff --git a/templates/netdata/1/rancher-compose.yml b/templates/netdata/1/rancher-compose.yml
new file mode 100644
index 0000000..776d5ea
--- /dev/null
+++ b/templates/netdata/1/rancher-compose.yml
@@ -0,0 +1,13 @@
+.catalog:
+  name: netdata
+  version: v1.8.0
+  description: Real-time performance monitoring, done right!
+  questions:
+    - variable: NETDATA_PORT
+      label: Port
+      description: Container port to access netdata
+      required: true
+      type: int
+      default: 19999
+netdata:
+  scale: 1

From 07dd7e4983f67903cd9521ebc9de15aa46f56faa Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Tue, 5 Dec 2017 12:32:33 +0800
Subject: [PATCH 66/71] Copy alidns version 2

---
 infra-templates/alidns/2/README.md           | 40 ++++++++++++++++
 infra-templates/alidns/2/docker-compose.yml  | 14 ++++++
 infra-templates/alidns/2/rancher-compose.yml | 48 ++++++++++++++++++++
 3 files changed, 102 insertions(+)
 create mode 100644 infra-templates/alidns/2/README.md
 create mode 100644 infra-templates/alidns/2/docker-compose.yml
 create mode 100644 infra-templates/alidns/2/rancher-compose.yml

diff --git a/infra-templates/alidns/2/README.md b/infra-templates/alidns/2/README.md
new file mode 100644
index 0000000..dcc201f
--- /dev/null
+++ b/infra-templates/alidns/2/README.md
@@ -0,0 +1,40 @@
+## Alibaba Cloud DNS
+
+Rancher External DNS service powered by Alibaba Cloud DNS
+
+#### Usage
+
+##### Supported host labels
+
+`io.rancher.host.external_dns_ip`
+Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher.
+
+`io.rancher.host.external_dns`
+Accepts 'true' (default) or 'false'
+When this is set to 'false' no DNS records will ever be created for containers running on this host.
+
+##### Supported service labels
+
+`io.rancher.service.external_dns`
+Accepts 'always', 'never' or 'auto' (default)
+- `always`: Always create DNS records for this service
+- `never`: Never create DNS records for this service
+- `auto`: Create DNS records for this service if it exposes ports on the host
+
+`io.rancher.service.external_dns_name_template`
+Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service
+
+##### Custom DNS name template
+
+By default DNS entries are named `<service>.<stack>.<environment>.<domain>`.
+You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported:
+
+* `%{{service_name}}`
+* `%{{stack_name}}`
+* `%{{environment_name}}`
+
+**Example:**
+
+`%{{stack_name}}-%{{service_name}}.statictext`
+
+Make sure to only use characters in static text and separators that your provider allows in DNS names.
diff --git a/infra-templates/alidns/2/docker-compose.yml b/infra-templates/alidns/2/docker-compose.yml
new file mode 100644
index 0000000..478af9e
--- /dev/null
+++ b/infra-templates/alidns/2/docker-compose.yml
@@ -0,0 +1,14 @@
+alidns:
+  image: rancher/external-dns:v0.7.5
+  command: -provider=alidns
+  expose:
+   - 1000
+  environment:
+    ALICLOUD_ACCESS_KEY_ID: ${ALICLOUD_ACCESS_KEY_ID}
+    ALICLOUD_ACCESS_KEY_SECRET: ${ALICLOUD_ACCESS_KEY_SECRET}
+    ROOT_DOMAIN: ${ROOT_DOMAIN}
+    NAME_TEMPLATE: ${NAME_TEMPLATE}
+    TTL: ${TTL}
+  labels:
+    io.rancher.container.create_agent: "true"
+    io.rancher.container.agent.role: "external-dns"
diff --git a/infra-templates/alidns/2/rancher-compose.yml b/infra-templates/alidns/2/rancher-compose.yml
new file mode 100644
index 0000000..1e6bc62
--- /dev/null
+++ b/infra-templates/alidns/2/rancher-compose.yml
@@ -0,0 +1,48 @@
+# notemplating
+.catalog:
+  name: "Alibaba Cloud DNS"
+  version: "v0.2.0"
+  description: "Rancher External DNS service powered by Alibaba Cloud"
+  minimum_rancher_version: v1.6.8-rc1
+  questions:
+    - variable: "ALICLOUD_ACCESS_KEY_ID"
+      label: "Access Key ID"
+      description: "Access key id for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ALICLOUD_ACCESS_KEY_SECRET"
+      label: "Access Key Secret"
+      description: "Access key secret for your Alibaba Cloud account"
+      type: "string"
+      required: true
+    - variable: "ROOT_DOMAIN"
+      label: "Domain"
+      description: "The DNS zone (domain) managed by Alibaba Cloud. DNS entries will be created for <service>.<stack>.<environment>.<domain>"
+      type: "string"
+      required: true
+    - variable: "TTL"
+      label: "TTL"
+      description: "The resource record cache time to live (TTL), in seconds"
+      type: "int"
+      default: 600
+      min: 1
+      max: 86400
+      required: false
+    - variable: "NAME_TEMPLATE"
+      label: "DNS Name Template"
+      description: |
+        Name template used to construct the subdomain part (left of the domain) of the DNS record names.
+        Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}.
+        By default DNS entries will be named '<service>.<stack>.<environment>.<domain>'.
+      type: "string"
+      default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}"
+      required: false
+
+alidns:
+  health_check:
+    port: 1000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: GET / HTTP/1.0
+    healthy_threshold: 2
+    response_timeout: 2000

From 826a65f222edd24005f504996d1da0afb8ac8399 Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Tue, 5 Dec 2017 12:33:16 +0800
Subject: [PATCH 67/71] Fix Aliyun DNS issue which change env name doesn't
 trigger DNS update

---
 infra-templates/alidns/2/docker-compose.yml  | 2 +-
 infra-templates/alidns/2/rancher-compose.yml | 2 +-
 infra-templates/alidns/config.yml            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/infra-templates/alidns/2/docker-compose.yml b/infra-templates/alidns/2/docker-compose.yml
index 478af9e..04ba618 100644
--- a/infra-templates/alidns/2/docker-compose.yml
+++ b/infra-templates/alidns/2/docker-compose.yml
@@ -1,5 +1,5 @@
 alidns:
-  image: rancher/external-dns:v0.7.5
+  image: rancher/external-dns:v0.7.9
   command: -provider=alidns
   expose:
    - 1000
diff --git a/infra-templates/alidns/2/rancher-compose.yml b/infra-templates/alidns/2/rancher-compose.yml
index 1e6bc62..9c02bba 100644
--- a/infra-templates/alidns/2/rancher-compose.yml
+++ b/infra-templates/alidns/2/rancher-compose.yml
@@ -1,7 +1,7 @@
 # notemplating
 .catalog:
   name: "Alibaba Cloud DNS"
-  version: "v0.2.0"
+  version: "v0.3.0"
   description: "Rancher External DNS service powered by Alibaba Cloud"
   minimum_rancher_version: v1.6.8-rc1
   questions:
diff --git a/infra-templates/alidns/config.yml b/infra-templates/alidns/config.yml
index 3dfc3be..94f4a33 100644
--- a/infra-templates/alidns/config.yml
+++ b/infra-templates/alidns/config.yml
@@ -1,7 +1,7 @@
 name: Alibaba Cloud DNS
 description: |
   Rancher External DNS service powered by Alibaba Cloud
-version:  v0.2.0
+version:  v0.3.0
 category: External DNS
 labels:
   io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'

From e4737011bee21b4313e73d7c14105f8ec01d9e7e Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Tue, 5 Dec 2017 12:47:03 +0800
Subject: [PATCH 68/71] Update min rancher version for new alidyun DNS entry

---
 infra-templates/alidns/2/rancher-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra-templates/alidns/2/rancher-compose.yml b/infra-templates/alidns/2/rancher-compose.yml
index 9c02bba..3239b50 100644
--- a/infra-templates/alidns/2/rancher-compose.yml
+++ b/infra-templates/alidns/2/rancher-compose.yml
@@ -3,7 +3,7 @@
   name: "Alibaba Cloud DNS"
   version: "v0.3.0"
   description: "Rancher External DNS service powered by Alibaba Cloud"
-  minimum_rancher_version: v1.6.8-rc1
+  minimum_rancher_version: v1.6.13-rc1
   questions:
     - variable: "ALICLOUD_ACCESS_KEY_ID"
       label: "Access Key ID"

From 92525a100df0bb1222aef3c9c71b385a1a9a63eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20H=C3=A4felfinger?= <philipp@haefelfinger.ch>
Date: Tue, 5 Dec 2017 23:45:23 +0100
Subject: [PATCH 69/71] updated drone to 0.8.2

---
 templates/drone/6/README.md              |  19 +++
 templates/drone/6/docker-compose.yml.tpl | 116 ++++++++++++++
 templates/drone/6/rancher-compose.yml    | 189 +++++++++++++++++++++++
 templates/drone/config.yml               |   2 +-
 4 files changed, 325 insertions(+), 1 deletion(-)
 create mode 100644 templates/drone/6/README.md
 create mode 100644 templates/drone/6/docker-compose.yml.tpl
 create mode 100644 templates/drone/6/rancher-compose.yml

diff --git a/templates/drone/6/README.md b/templates/drone/6/README.md
new file mode 100644
index 0000000..f6021aa
--- /dev/null
+++ b/templates/drone/6/README.md
@@ -0,0 +1,19 @@
+# Drone
+
+### Info:
+
+This template creates an instance of Drone CI server 0.8.2 along with selectable number of agents to perform the builds.
+
+### Usage:
+
+Select the Drone template from the catalog. Provide the following information:
+
+1. Publish port
+2. Agents scale
+3. Drone secret
+4. Run mode. debug | release
+3. Remote driver and config. (Ie. GitHub)
+4. Database driver and config. (Ie. sqlite)
+
+
+See [Drone documentation](http://readme.drone.io/admin) for complete information.
diff --git a/templates/drone/6/docker-compose.yml.tpl b/templates/drone/6/docker-compose.yml.tpl
new file mode 100644
index 0000000..be28a4c
--- /dev/null
+++ b/templates/drone/6/docker-compose.yml.tpl
@@ -0,0 +1,116 @@
+version: '2'
+services:
+  agent:
+    image: drone/agent:${drone_version}
+    environment:
+      DRONE_SERVER: ${drone_server}
+      DRONE_SECRET: ${drone_secret}
+{{- if (.Values.http_proxy)}}
+      HTTP_PROXY: ${http_proxy}
+      http_proxy: ${http_proxy}
+{{- end}}
+{{- if (.Values.https_proxy)}}
+      HTTPS_PROXY: ${https_proxy}
+      https_proxy: ${https_proxy}
+{{- end}}
+{{- if (.Values.no_proxy)}}
+      NO_PROXY: ${no_proxy}
+      no_proxy: ${no_proxy}
+{{- end}}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    links:
+      - server:drone
+    command:
+      - agent
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+  server:
+    image: drone/drone:${drone_version}
+    environment:
+      DRONE_HOST: ${drone_host}
+      GIN_MODE: ${gin_mode}
+{{- if (.Values.drone_debug)}}
+      DRONE_DEBUG: '${drone_debug}'
+{{- end}}
+      DRONE_SECRET: ${drone_secret}
+      DRONE_OPEN: ${drone_open}
+{{- if (.Values.drone_admin)}}
+      DRONE_ADMIN: ${drone_admin}
+{{- end}}
+{{- if (.Values.drone_orgs)}}
+      DRONE_ORGS: ${drone_orgs}
+{{- end}}
+{{- if eq .Values.drone_driver "GitHub"}}
+      DRONE_GITHUB: true
+      DRONE_GITHUB_CLIENT: ${drone_driver_client}
+      DRONE_GITHUB_SECRET: ${drone_driver_secret}
+{{- end}}
+{{- if eq .Values.drone_driver "Bitbucket Cloud"}}
+      DRONE_BITBUCKET: true
+      DRONE_BITBUCKET_CLIENT: ${drone_driver_client}
+      DRONE_BITBUCKET_SECRET: ${drone_driver_secret}
+{{- end}}
+{{- if eq .Values.drone_driver "Bitbucket Server"}}
+      DRONE_STASH: true
+      DRONE_STASH_GIT_USERNAME: ${drone_driver_user}
+      DRONE_STASH_GIT_PASSWORD: ${drone_driver_password}
+      DRONE_STASH_CONSUMER_KEY: ${drone_driver_client}
+      DRONE_STASH_CONSUMER_RSA_STRING: ${drone_driver_secret}
+      DRONE_STASH_URL: ${drone_driver_url}
+{{- end}}
+{{- if eq .Values.drone_driver "GitLab"}}
+      DRONE_GITLAB: true
+      DRONE_GITLAB_CLIENT: ${drone_driver_secret}
+      DRONE_GITLAB_SECRET: ${drone_driver_secret}
+      DRONE_GITLAB_URL: ${drone_driver_url}
+{{- end}}
+{{- if eq .Values.drone_driver "Gogs"}}
+      DRONE_GOGS: true
+      DRONE_GOGS_URL: ${drone_driver_url}
+{{- end}}
+{{- if ne .Values.database_driver "sqlite"}}
+      DRONE_DATABASE_DRIVER: ${database_driver}
+      DRONE_DATABASE_DATASOURCE: ${database_source}
+{{- end}}
+{{- if (.Values.http_proxy)}}
+      HTTP_PROXY: ${http_proxy}
+      http_proxy: ${http_proxy}
+{{- end}}
+{{- if (.Values.https_proxy)}}
+      HTTPS_PROXY: ${https_proxy}
+      https_proxy: ${https_proxy}
+{{- end}}
+{{- if (.Values.no_proxy)}}
+      NO_PROXY: ${no_proxy}
+      no_proxy: ${no_proxy}
+{{- end}}
+    labels:
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+{{- if eq .Values.database_driver "sqlite"}}
+      io.rancher.sidekicks: server-volume
+    volumes_from:
+      - server-volume
+  server-volume:
+    image: rawmind/alpine-volume:0.0.2-1
+    environment:
+      SERVICE_GID: '0'
+      SERVICE_UID: '0'
+      SERVICE_VOLUME: /var/lib/drone
+    network_mode: none
+    volumes:
+      - /var/lib/drone
+    labels:
+      io.rancher.container.start_once: 'true'
+      io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+      io.rancher.container.hostname_override: container_name
+{{- end}}
+  lb:
+    image: rancher/lb-service-haproxy:v0.7.15
+    ports:
+      - ${host_port}:${host_port}
+    labels:
+      io.rancher.scheduler.global: 'true'
+      io.rancher.scheduler.affinity:host_label_soft: ${drone_lb_host_label}
diff --git a/templates/drone/6/rancher-compose.yml b/templates/drone/6/rancher-compose.yml
new file mode 100644
index 0000000..c6a1d33
--- /dev/null
+++ b/templates/drone/6/rancher-compose.yml
@@ -0,0 +1,189 @@
+version: 2
+catalog:
+  name: Drone
+  version: 0.8.2-rancher1
+  upgrade_from: 0.8.2-rc.1-rancher1
+  description: |
+    Drone CI Server ref http://readme.drone.io/admin/installation-guide/
+  questions:
+    - variable: drone_host
+      label: Drone Host URL
+      description: Intended URL Drone will be hosted on, e.g. http://drone.mycompany.com.
+      required: true
+      type: string
+    - variable: host_port
+      label: Drone Server Host Port
+      description: Public port that will be exposed on service creation.
+      required: true
+      default: 8000
+      type: int
+    - variable: agent_scale
+      label: Drone Agent Scale
+      description: Drone agent scale to deploy
+      required: true
+      default: 1
+      type: int
+    - variable: drone_secret
+      label: Server and Agents Secret
+      description: Server and agents secret to be communicate. http://readme.drone.io/admin/user-registration/
+      type: password
+      required: true
+    - variable: gin_mode
+      label: Run mode
+      description: "Drone run mode, GIN_MODE"
+      type: enum
+      default: "release"
+      options:
+        - "release"
+        - "debug"
+      required: true
+    - variable: drone_open
+      label: Open Registration
+      description: |
+        Users self register. http://readme.drone.io/admin/user-registration/
+      required: true
+      default: true
+      type: enum
+      options:
+        - true
+        - false
+    - variable: drone_admin
+      label: Drone Admin
+      description: List of admins for drone comma seperated. http://readme.drone.io/admin/user-admins/
+      type: string
+      required: false
+    - variable: drone_orgs
+      label: Organizations
+      description: Comman seperated list of org that can access drone. http://readme.drone.io/admin/user-registration/
+      type: string
+      required: false
+    - variable: "drone_driver"
+      type: "enum"
+      required: true
+      label: "Remote Driver"
+      default: "GitHub"
+      description: "Remote Git and Auth scheme. ref http://readme.drone.io/admin"
+      options:
+        - GitHub
+        - GitLab
+        - Gogs
+        - Bitbucket Cloud
+        - Bitbucket Server
+    - variable: drone_driver_client
+      label: Remote Driver Client
+      description: "Client key from remote driver. Required for GitHub, Bitbucket Cloud, Bitbucket Server and GitLab."
+      type: string
+      required: false
+    - variable: drone_driver_secret
+      label: Remote Driver Secret
+      description: "Secret key from remote driver. Required for GitHub, Bitbucket Cloud, Bitbucket Server and GitLab."
+      type: multiline
+      required: false
+    - variable: drone_driver_url
+      label: Remote Driver URL
+      description: "Remote Driver server url. Required for GitLab, Gogs and Bitbucket Server; see http://readme.drone.io/admin."
+      type: string
+      required: false
+    - variable: drone_driver_user
+      label: Remote Driver Username
+      description: "Remote Driver username. Required for BitBucket Server; see http://docs.drone.io/install-for-bitbucket-server/."
+      type: string
+      required: false
+    - variable: drone_driver_password
+      label: Remote Driver Password
+      description: "Remote Driver password. Required for BitBucket Server, http://docs.drone.io/install-for-bitbucket-server/."
+      type: password
+      required: false
+    - variable: drone_server
+      label: Drone Server
+      description: "Drone sever identifier. Used by the agent to connect to the server (does not require change)."
+      type: string
+      default: "drone:9000"
+    - variable: drone_version
+      label: Drone Version
+      description: "Drone version/Docker tag used for the Drone container images."
+      type: enum
+      default: "0.8.2"
+      options:
+        - 0.8.2
+        - 0.8.1
+        - 0.8.0
+        - '0.8'
+        - latest
+    - variable: database_driver
+      label: Database Driver
+      description: "Database driver. If sqlite, additional volume would be mounted at /var/lib/drone."
+      type: enum
+      default: "sqlite"
+      options:
+        - "sqlite"
+        - "mysql"
+        - "postgres"
+      required: true
+    - variable: "database_source"
+      type: "string"
+      label: "Database source"
+      description: "Database datasource. Required if database driver is mysql or postgres, http://readme.drone.io/admin/database-engines/"
+      required: false
+    - variable: "http_proxy"
+      type: string
+      label: HTTP Proxy
+      description: "Optional: HTTP forward proxy URL."
+      required: false
+    - variable: "https_proxy"
+      type: string
+      label: HTTPS Proxy
+      description: "Optional: HTTPS forward proxy URL."
+      required: false
+    - variable: "no_proxy"
+      type: string
+      label: No Proxy
+      description: "Optional: No proxy hosts (comma-separated hostnames/IPs)."
+      required: false
+      default: "drone"
+    - variable: "drone_debug"
+      label: Drone Debug
+      description: "Enable debug output with the Drone server."
+      type: enum
+      options:
+        - 'true'
+        - 'false'
+      default: 'false'
+    - variable: drone_lb_host_label
+      label: Drone LB Host Label
+      description: Host label (soft affinity) for scheduling of the load balancer service.
+      required: true
+      default: "drone_lb=true"
+      type: string
+services:
+  agent:
+    scale: ${agent_scale}
+    start_on_create: true
+  server:
+    scale: 1
+    start_on_create: true
+    health_check:
+      port: 8000
+      interval: 2000
+      unhealthy_threshold: 3
+      strategy: recreate
+      request_line: GET / HTTP/1.0
+      healthy_threshold: 2
+      response_timeout: 2000
+  lb:
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: http
+        service: server
+        source_port: ${host_port}
+        target_port: 8000
+    health_check:
+      healthy_threshold: 2
+      response_timeout: 2000
+      port: 42
+      unhealthy_threshold: 3
+      interval: 2000
+      strategy: recreate
diff --git a/templates/drone/config.yml b/templates/drone/config.yml
index c911525..25d6aeb 100644
--- a/templates/drone/config.yml
+++ b/templates/drone/config.yml
@@ -1,5 +1,5 @@
 name: Drone
 description: |
     Drone CI Server
-version: 0.8.1-rancher1
+version: 0.8.2-rancher1
 category: Continuous Integration

From 2dce94f88d56a2df65cd28a47111cc7ab2f82f7b Mon Sep 17 00:00:00 2001
From: Kyle Sessions <thesheerice@gmail.com>
Date: Wed, 6 Dec 2017 18:04:08 -0700
Subject: [PATCH 70/71] Updated to Gitlab v9.5.10

---
 templates/gitlab/4/README.md           |  9 ++++
 templates/gitlab/4/docker-compose.yml  | 27 ++++++++++
 templates/gitlab/4/rancher-compose.yml | 69 ++++++++++++++++++++++++++
 templates/gitlab/config.yml            |  2 +-
 4 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 templates/gitlab/4/README.md
 create mode 100644 templates/gitlab/4/docker-compose.yml
 create mode 100644 templates/gitlab/4/rancher-compose.yml

diff --git a/templates/gitlab/4/README.md b/templates/gitlab/4/README.md
new file mode 100644
index 0000000..ca11a7c
--- /dev/null
+++ b/templates/gitlab/4/README.md
@@ -0,0 +1,9 @@
+# GitLab CE
+
+GitLab CE is a free alternative to GitHub
+
+Stack based on official GitLab version: latest
+
+https://hub.docker.com/r/gitlab/gitlab-ce/
+
+
diff --git a/templates/gitlab/4/docker-compose.yml b/templates/gitlab/4/docker-compose.yml
new file mode 100644
index 0000000..e353ed1
--- /dev/null
+++ b/templates/gitlab/4/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '2'
+volumes:
+  gitlab-app-data:
+    driver: ${volumedriver}
+  gitlab-log-data:
+    driver: ${volumedriver}
+  gitlab-conf-files:
+    driver: ${volumedriver}
+
+services:
+  gitlab-server:
+    ports:
+      - ${ssh_port}:22/tcp
+      - ${http_port}:80/tcp
+      - ${https_port}:443/tcp
+    labels:
+      io.rancher.container.hostname_override: container_name
+    image: gitlab/gitlab-ce:9.5.10-ce.0
+    volumes:
+      - gitlab-app-data:/var/opt/gitlab
+      - gitlab-log-data:/var/log/gitlab
+      - gitlab-conf-files:/etc/gitlab
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url '${gitlab_omnipus_prefix}${gitlab_hostname}'
+        registry_external_url '${gitlab_omnipus_prefix}${registry_gitlab_hostname}'
+        gitlab_rails['gitlab_shell_ssh_port'] = ${ssh_port}
diff --git a/templates/gitlab/4/rancher-compose.yml b/templates/gitlab/4/rancher-compose.yml
new file mode 100644
index 0000000..9020f13
--- /dev/null
+++ b/templates/gitlab/4/rancher-compose.yml
@@ -0,0 +1,69 @@
+.catalog:
+  name: Gitlab Community
+  version: 9.5.10-ce.0
+  description: |
+    Gitlab CE is a free GitHub alternative
+  minimum_rancher_version: v0.56.0
+  maintainer: "Alexis Ducastel <alexis@ducastel.net>"
+  uuid: gitlab-0
+  questions:
+    - variable: "gitlab_hostname"
+      description: "Gitlab hostname (without uri scheme http:// or https://)"
+      label: "Hostname:"
+      required: true
+      default: "git.example.com"
+      type: "string"
+    - variable: "registry_gitlab_hostname"
+      description: "Registry Gitlab hostname (without uri scheme http:// or https://)"
+      label: "Registry hostname:"
+      required: true
+      default: "registry.example.com"
+      type: "string"
+    - variable: "gitlab_omnipus_prefix"
+      label: "Gitlab external_url prefix:"
+      description: |
+        This is needed for the docker-compose file to set the correct external_url
+      default: 'http://'
+      required: true
+      type: "enum"
+      options:
+        - 'http://'
+        - 'https://'
+    - variable: "http_port"
+      description: "HTTP port to expose on host. Will be used to bind TCP"
+      label: "HTTP port:"
+      required: true
+      default: 80
+      type: "int"
+    - variable: "https_port"
+      description: "HTTPS port to expose on host. Will be used to bind TCP"
+      label: "HTTPS port:"
+      required: true
+      default: 443
+      type: "int"
+    - variable: "ssh_port"
+      description: "SSH port to expose on host. Will be used to bind TCP"
+      label: "SSH port:"
+      required: true
+      default: 22
+      type: "int"
+    - variable: "volumedriver"
+      description: "Choose the Volume Driver being used.(Option: local or rancher-nfs)"
+      label: "Volume Driver:"
+      required: true
+      default: local
+      type: "enum"
+      options:
+        - local
+        - rancher-nfs
+
+gitlab-server:
+  scale: 1
+  retain_ip: true
+  health_check:
+    port: 80
+    interval: 30000
+    unhealthy_threshold: 3
+    strategy: recreate
+    response_timeout: 3000
+    healthy_threshold: 2
diff --git a/templates/gitlab/config.yml b/templates/gitlab/config.yml
index b39ac46..76f2c3c 100644
--- a/templates/gitlab/config.yml
+++ b/templates/gitlab/config.yml
@@ -1,5 +1,5 @@
 name: Gitlab Community
 description: |
   Gitlab CE is a free GitHub alternative
-version: 9.5.1-ce.0
+version: 9.5.10-ce.0
 category: Versioning

From 0db2888cc798649ecd14b4fedb9759c15300d90b Mon Sep 17 00:00:00 2001
From: Kyle Sessions <thesheerice@gmail.com>
Date: Wed, 6 Dec 2017 18:13:38 -0700
Subject: [PATCH 71/71] Updated Bitbucket to v5.6.1

---
 templates/bitbucket/1/docker-compose.yml  | 24 +++++++++++++++++++++++
 templates/bitbucket/1/rancher-compose.yml | 22 +++++++++++++++++++++
 templates/bitbucket/config.yml            |  4 +---
 3 files changed, 47 insertions(+), 3 deletions(-)
 create mode 100644 templates/bitbucket/1/docker-compose.yml
 create mode 100644 templates/bitbucket/1/rancher-compose.yml

diff --git a/templates/bitbucket/1/docker-compose.yml b/templates/bitbucket/1/docker-compose.yml
new file mode 100644
index 0000000..6dc04b1
--- /dev/null
+++ b/templates/bitbucket/1/docker-compose.yml
@@ -0,0 +1,24 @@
+version: '2'
+
+services:
+
+  bitbucket:
+    image: atlassian/bitbucket-server:5.6.1
+    volumes_from:
+      - bitbucket-data
+    ports:
+      - ${BITBUCKET_PORT}:7990
+    labels:
+      io.rancher.sidekicks: bitbucket-data
+      io.rancher.container.hostname_override: container_name
+
+  bitbucket-data:
+    image: atlassian/bitbucket-server:5.6.1
+    entrypoint:
+      - /bin/true
+    volumes:
+      - /var/atlassian/application-data/bitbucket
+    labels:
+      io.rancher.container.start_once: 'true'
+      io.rancher.container.hostname_override: container_name
+
diff --git a/templates/bitbucket/1/rancher-compose.yml b/templates/bitbucket/1/rancher-compose.yml
new file mode 100644
index 0000000..3058039
--- /dev/null
+++ b/templates/bitbucket/1/rancher-compose.yml
@@ -0,0 +1,22 @@
+version: '2'
+
+catalog:
+  name: bitbucket
+  version: 5.6.1
+  description: Git Server
+  questions:
+    - variable: BITBUCKET_PORT
+      label: Port
+      default: 80
+      required: true
+      type: int
+
+services:
+  bitbucket:
+    scale: 1
+    start_on_create: true
+
+  bitbucket-data:
+    scale: 1
+    start_on_create: true
+
diff --git a/templates/bitbucket/config.yml b/templates/bitbucket/config.yml
index 9799142..64bf8a6 100644
--- a/templates/bitbucket/config.yml
+++ b/templates/bitbucket/config.yml
@@ -1,6 +1,4 @@
 name: bitbucket
 description: Git Server
-version: 0.0.1
+version: 5.6.1
 category: Versioning
-projectURL: https://github.com/ellerbrock/rancher-collection
-