From 16d0efc7c23d099c117f3e2d9a29e574d9f5190f Mon Sep 17 00:00:00 2001 From: atung Date: Wed, 22 Feb 2017 14:26:20 -0800 Subject: [PATCH 01/18] neuvector catalog for rancher --- templates/neuvector/0/README.md | 19 ++++++++ templates/neuvector/0/docker-compose.yml | 41 ++++++++++++++++++ templates/neuvector/0/rancher-compose.yml | 18 ++++++++ templates/neuvector/catalogIcon-neuvector.png | Bin 0 -> 7304 bytes templates/neuvector/config.yml | 6 +++ 5 files changed, 84 insertions(+) create mode 100644 templates/neuvector/0/README.md create mode 100644 templates/neuvector/0/docker-compose.yml create mode 100644 templates/neuvector/0/rancher-compose.yml create mode 100644 templates/neuvector/catalogIcon-neuvector.png create mode 100644 templates/neuvector/config.yml diff --git a/templates/neuvector/0/README.md b/templates/neuvector/0/README.md new file mode 100644 index 0000000..3969ac6 --- /dev/null +++ b/templates/neuvector/0/README.md @@ -0,0 +1,19 @@ +# NeuVector + +### Info: + +NeuVector provides continuous network security for application containers. + +Deploy the NeuVector containers to protect running containers from violations, threats, and vulnerabilities. NeuVector also detects host and container privilege escalations / break outs. + +NeuVector can be deployed on greenfield or brownfield (already running) application environments. + + +### Usage: + +Contact info@neuvector.com with your Docker Hub Id so we can add you to our private registry. +After we confirm that you have been added, you can select the NeuVector catalog to deploy the Allinone and Enforcer containers. + +In Configuration Options, enter the Allinone/Controller IP address or name where the Controller will run. + +The Manager default port is 8443 for logging in to the console. diff --git a/templates/neuvector/0/docker-compose.yml b/templates/neuvector/0/docker-compose.yml new file mode 100644 index 0000000..7fa0b86 --- /dev/null +++ b/templates/neuvector/0/docker-compose.yml @@ -0,0 +1,41 @@ +allinone: + image: neuvector/allinone + container_name: neuvector.allinone + restart: always + privileged: true + environment: + - affinity:com.myself.name!=neuvector + - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS} + ports: + - 18300:18300 + - 18301:18301 + - 18301:18301/udp + - 8443:8443 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /proc:/host/proc:ro + - /sys/fs/cgroup:/host/cgroup:ro + labels: + com.myself.name: "neuvector" + io.rancher.scheduler.affinity:host_label: ${NV_ALLINONE_LABEL} + io.rancher.container.hostname_override: container_name +enforcer: + image: neuvector/enforcer + container_name: neuvector.enforcer + restart: always + privileged: true + environment: + - affinity:com.myself.name!=neuvector + - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS} + ports: + - 18301:18301 + - 18301:18301/udp + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /proc:/host/proc:ro + - /sys/fs/cgroup/:/host/cgroup/:ro + labels: + com.myself.name: "neuvector" + io.rancher.scheduler.global: true + io.rancher.scheduler.affinity:host_label_ne: ${NV_ALLINONE_LABEL} + io.rancher.container.hostname_override: container_name diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml new file mode 100644 index 0000000..de7ef3a --- /dev/null +++ b/templates/neuvector/0/rancher-compose.yml @@ -0,0 +1,18 @@ +.catalog: + name: "NeuVector" + version: "v0.9" + description: "Container Security Solution" + questions: + - variable: "NV_ALLINONE_LABEL" + label: "Allinone Host label" + description: "Specify a host label here that can be used to deploy the NeuVector AllInOne container, the NeuVector enforcer container will be deployed on any other hosts. Eg: neuvector.allinone_node=true (you could then add the label 'neuvector.allinone_node=true' to one host to use as management node)." + type: "string" + default: "neuvector.allinone_node=true" + required: true + - variable: "ALLINONE_ADDRESS" + description: Input the allinone service IP address here. + label: "NeuVector Allinone/Controller IP address" + default: "[allinone.neuvector.rancher.internal]" + required: true + type: "string" + \ No newline at end of file diff --git a/templates/neuvector/catalogIcon-neuvector.png b/templates/neuvector/catalogIcon-neuvector.png new file mode 100644 index 0000000000000000000000000000000000000000..50e426dc36706f633f207f2ccfd750f56a64e757 GIT binary patch literal 7304 zcmV;39Czc1P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z000rQNklA4^EH-1CtxGkJx{l% zd+qJ+ba(#PS!s5(uY0VmQ1h$$X>Ui})6Z}JzQ14h%nEBQvBVNfZIN*o#1cykkXT|_ zk~n{V*HuUXQdp#DPa(#FHinKwHJx*m`gH_<0bIJsTl&B~*7C{U{MAQt@i4~HHh{d0 zWpCA%eONrK#ZucB61A=f0niPkft%xDjOFJ7Ad|Cs)@EN(`Fee!c-j-lVA8k9_Uzez z0IrXRFqW4RAe}&F1@CWxX<)u`;g#$ADu2HDr_X)`5Oi<6iLF8v5@k?mAMI;=t-oA|Ic5^X?8;uv)-Z3oB(10%+W z*U*mj*wO|3sSxTK;Ks5w5dhjZ;5uo>#zzhSUu<@(VsY+mrBeRGz5#6ng4lq>(q@1d zD+eU%H2~K7Sp3KYw^XtIMO?Gi;-~~tcvx$G#p3M(z9OU(q;&xggz$#;UByDloR2RH z@4x=X%*@RIWVAL|t3bHKdz`Vn1Qx`5msCltEkbD{uDufQ5kerPtWqHbN=lS;Q7VCw z>bx{kN|Y*pI?ChullwU{cL*gskh(WtnET2z`cDpTh4=9Q$l{w_=5Umc}z90#Qw97o|g3dc#} zx=FO1oS!c}m-NllYq9nstQ6%vM+sIUZ28j)7e{rxSIX2nC6iFfZ-BXL0DCHTFzdQq zNadjmGnWBxu7MB(oCL%iaac1XFk?__4 zkWM?>uy$Lm@{HB<`9khq;8SPjkIWb&kTQW%31A@}!C2Z05FtDq)qz1{kvK|u=lK`F zgX6mZP?Gm{WG=Zq>vwgnO$Y>*vITIQRSj~AbS8P}J90B) zZycZa(e3NHt~Ej=rK8dy&cq`aOWS=Al*%A&5g{awqav079y$I8l}j5g>e~GERp|}N z7{8?gq;&9go{7m9A3S}+9$dG+tFP!UAcaT5>i`Qye;%zDDm&!W@DPx2R&mkl&Dp8B zgC9@3zi6dQ<2V_>jYlw+Hd_$s;y4+6Qvgx+JHqm0?$hBFetXxdS7xPf5VDcwum}WF zI-Hq(k<(MhKR8#b7>v;v zWASy#$rmQq%#@xYo#>?K6*xWnzrsm$;5ZqCNW>!;OS>sn0@uk<(s_iCsE`E#P%0h% zx;5c;VQgdPSPBUO#!ozc%;JA&>*en|Jh$Qa1LKqT9Vrw`*Io7MZR87ccON-5^%h5Y zoXkCW$I}np@=+;O$oKHM>8gL&Y*X^FXHLK1D3v0a$TBrIL07s1&+Ww5jq7ps)mLYM zy+AK82J8ezoAgN!uph_*yMUn!Y|OfY`gI3&+tp&e-XI^q4Zz3+)~;+&zn(?5tK9%` zaa9IK%>foiRRhG@DvKgrmBCoufKn-p@p zF)9;lFK{)GYmz4${C(>M2#|rGEdc$%aEp_DPw4MkgMPS>q%QzRrCmcUEN1Noh?E|# zn?d<$gveLiTqcd|SU*)-7 z2$>K+e(dkaFBAaj21uV-Bokd2;E`v)zwh*!@g1`Zg&gpuiRmNPB@?T0oiqpsgu}Y7Ev)O>a_@Y8 zfudf(Q3;fjz;Ti|ZlF#Q&s#-0xrTINHFJd-9v>Uw@k2i(H+KpvT(l8?v&0p+=l?M+ zj)I}TMS2yM;n=%q*+~xo;-nB_1{I-Lel^Wcx=xCOa4@!f^44Ne(!uu&9C+&P?@pW< zzge4P0l5C;)ZtI06Kk;6pp=UUqE4&RmjQg?b(d{lclhM}Z<{VnIoR^i6k{#c8mzHc zi=$0(-NgJ;Oq_Y1h2kvPRQD+%_`ytZ{5y_R`{J>C&PN%qfg&+=kq6?%*`##knlR_NL`HQqi=;+dO) z0?_%!P4E7CS7yC*R1()o?bx(={q{|-UHcoG zuDp2LrYqLmxasn)cWzsseye|C@&yXT1*Aw&)Wto(2Y`LcXm^Ebt%N^tfO15Z{WqHt>tWvOiRIwhkp5 z2>NHSb&d9IPo&LzDl9`x%WpVd^3vJQ=`njP+hz0)OE7K_(uD7f254cwXA&j=^t|U z14BG_{7FFKI&PI_S8WXIE-#U}vt-3l;GcjUM^BHve(d;9uLH&}z3BA-n>Sy6?Z;h} zBH?C8cpW4Yon%s3r1Z{eGnt*8L2Iqb&w+4Oja9-}MZV}Tv#{vn?z;ne5+2aSI)gnm z2DzS<+FN4)n|*J^Va-J*dbR;b!V_?;4nUUMrV4Fs)gKC%)r{_qM50-JL0PSajeDE) z_do*+g`8cO@5_nP6ZkrKSW0WOEe~t$CI1swWQo_#tk;y(70ah;52mPUP`kGj( zFtZp9gW0L9!rA~ecG4%NPgZ^3_g`PfQ7)d7{G{V}^T6jOrb`t4BCe8uJTm%i$5@LH zqWnyWkVv6|?~Px~aQL~y=Uod^EU|JA5blaNuX|dIYW1`j4H}B@@ZL6sR)<2Xd4*;T z*YQn8BJ^^l+LVm|vEE{n3xKnC8IiOo;0GJjwLg+?r~#{}yEw|q>Rd7w5LJ61mtD4= zfBch2F;<;b$H{>3C~CueA^%z6lNF?D!*;1sI8GX+Qf12|JPZnLu8E)5N_~-M`MjnK5ar+~hf6MAb2ia82SzbQV9xUc1T*>RLEwX(>9y}G`Z`t1 zPiUr3Jn=;N#SFDH;-oLr2Z^pS!^@0n9jXz|w46Kh6b58FWHd6sVXN5Nz^QL%o7%az zl#KwS*&^7=0+nkCAbvox97masj?{SxzwnW7F<;1=^CzjG;QQa0FD!h@Siw>NQgO&@ zsn(`l0HKC&u%`{H{ooSl)ne)pjb`=MuqMMRJaL!Orj@X$ty+a>8M);EM3w|7@*`na!9uAZr}NVpW95Zbvpqv7U8koP2&7fbG#-Lsi~*C zmoQltEpi72%ay;_MjjkOR>3sa=Y&>qH8EM~ZmvJJ{vjJ2sNj&H~T8mLS4wg$awcblRSuDwD2p-}qh z4*hTws?$>=O(klV4fS0%6xz+!=)W7;Zo#hF*d;4Mx6KHuS>hqk5Z6+FA=oI7rY(^*%?qu9Y;CoWCcttOu_gVBT7G z7|ZWj*a39aN+`}ON)`p{XcLQeLr{KysHXHw{Mw&ig|X!yxoI^2ise%x0YFNu?OM;5f9JNH!0@i2?G5t^ zK$Ra;=Ob^p1?~Gm7}r0y*Acv^x}>W>vN^Bk9=qq{T~5*FDgRUgp9gNKB>2(b%l=em zEI-H6((i-J7e#ok;~QDtB%GfS0AKp;e@4$&_AUJ2jqEp@=M_c?azD8-B)J}UoUJZ!PNYydf$Ysg^!0~kZd?wN&o_C9o1 zd3Qu`z5~5N*HouMS_x%$XB4A(<1UCL imKY$h#Ihv$zX1RbPt+jFQJYi%0000 \ No newline at end of file From a8c1df5e5593abba674a2d7f746e115319e6e6d1 Mon Sep 17 00:00:00 2001 From: atung Date: Wed, 22 Feb 2017 15:02:59 -0800 Subject: [PATCH 02/18] add newline --- templates/neuvector/0/rancher-compose.yml | 1 - templates/neuvector/config.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml index de7ef3a..7de3570 100644 --- a/templates/neuvector/0/rancher-compose.yml +++ b/templates/neuvector/0/rancher-compose.yml @@ -15,4 +15,3 @@ default: "[allinone.neuvector.rancher.internal]" required: true type: "string" - \ No newline at end of file diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml index 7e07e06..bdc91dc 100644 --- a/templates/neuvector/config.yml +++ b/templates/neuvector/config.yml @@ -3,4 +3,4 @@ description: | Container Application Security version: v0.9 category: Security -maintainer: support \ No newline at end of file +maintainer: support From bd063c7f9a923eb200d8e3712f2b7c179c6b917c Mon Sep 17 00:00:00 2001 From: atung Date: Wed, 22 Feb 2017 15:24:53 -0800 Subject: [PATCH 03/18] add double quote for maintainer info --- templates/neuvector/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml index bdc91dc..4c3182e 100644 --- a/templates/neuvector/config.yml +++ b/templates/neuvector/config.yml @@ -3,4 +3,4 @@ description: | Container Application Security version: v0.9 category: Security -maintainer: support +maintainer: "support " From 28109313051ff508e005a25af7f27ba363375dbc Mon Sep 17 00:00:00 2001 From: atung Date: Wed, 22 Feb 2017 15:35:39 -0800 Subject: [PATCH 04/18] compliant with rancher's format --- templates/neuvector/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml index 4c3182e..244920b 100644 --- a/templates/neuvector/config.yml +++ b/templates/neuvector/config.yml @@ -3,4 +3,4 @@ description: | Container Application Security version: v0.9 category: Security -maintainer: "support " +maintainer: neuvector support From ad5f0dd462d43f0482b8829ebe5bafd722470a87 Mon Sep 17 00:00:00 2001 From: atung Date: Fri, 24 Feb 2017 11:17:50 -0800 Subject: [PATCH 05/18] feedback from rawmind0 use allinone stack name for join address add version in image tag --- templates/neuvector/0/docker-compose.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/templates/neuvector/0/docker-compose.yml b/templates/neuvector/0/docker-compose.yml index 7fa0b86..a84cf29 100644 --- a/templates/neuvector/0/docker-compose.yml +++ b/templates/neuvector/0/docker-compose.yml @@ -1,15 +1,12 @@ allinone: - image: neuvector/allinone + image: neuvector/allinone:0.9 container_name: neuvector.allinone restart: always privileged: true environment: - affinity:com.myself.name!=neuvector - - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS} + - CLUSTER_JOIN_ADDR=allinone ports: - - 18300:18300 - - 18301:18301 - - 18301:18301/udp - 8443:8443 volumes: - /var/run/docker.sock:/var/run/docker.sock @@ -20,16 +17,13 @@ allinone: io.rancher.scheduler.affinity:host_label: ${NV_ALLINONE_LABEL} io.rancher.container.hostname_override: container_name enforcer: - image: neuvector/enforcer + image: neuvector/enforcer:0.9 container_name: neuvector.enforcer restart: always privileged: true environment: - affinity:com.myself.name!=neuvector - - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS} - ports: - - 18301:18301 - - 18301:18301/udp + - CLUSTER_JOIN_ADDR=allinone volumes: - /var/run/docker.sock:/var/run/docker.sock - /proc:/host/proc:ro From 00e1da6f14b2b24c1318a7795b19545daccc7216 Mon Sep 17 00:00:00 2001 From: atung Date: Fri, 24 Feb 2017 11:19:21 -0800 Subject: [PATCH 06/18] feedback from rawmind0 remove ALLINONE_ADDRESS variable. use allinone stack name instead --- templates/neuvector/0/rancher-compose.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml index 7de3570..df7deae 100644 --- a/templates/neuvector/0/rancher-compose.yml +++ b/templates/neuvector/0/rancher-compose.yml @@ -9,9 +9,3 @@ type: "string" default: "neuvector.allinone_node=true" required: true - - variable: "ALLINONE_ADDRESS" - description: Input the allinone service IP address here. - label: "NeuVector Allinone/Controller IP address" - default: "[allinone.neuvector.rancher.internal]" - required: true - type: "string" From 2186e8e999011c71b7db346e9ea29b8b5a0feeb7 Mon Sep 17 00:00:00 2001 From: atung Date: Fri, 24 Feb 2017 11:19:40 -0800 Subject: [PATCH 07/18] feedback from rawmind0 add default username and password info --- templates/neuvector/0/README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/neuvector/0/README.md b/templates/neuvector/0/README.md index 3969ac6..cbbba90 100644 --- a/templates/neuvector/0/README.md +++ b/templates/neuvector/0/README.md @@ -14,6 +14,5 @@ NeuVector can be deployed on greenfield or brownfield (already running) applicat Contact info@neuvector.com with your Docker Hub Id so we can add you to our private registry. After we confirm that you have been added, you can select the NeuVector catalog to deploy the Allinone and Enforcer containers. -In Configuration Options, enter the Allinone/Controller IP address or name where the Controller will run. - -The Manager default port is 8443 for logging in to the console. +The Manager default port is 8443 using HTTPS for logging in to the console. +The default username is admin and password is admin. After successful login, the admin user should update the account with a more secure password. From 02fd36d6be57c5cb11745944d75b7d79773b9fff Mon Sep 17 00:00:00 2001 From: Maik Ellerbrock Date: Sat, 25 Feb 2017 01:24:43 +0100 Subject: [PATCH 08/18] fix(rancher-compose): update field type string to password for secrets in gogs --- templates/gogs/0/rancher-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/gogs/0/rancher-compose.yml b/templates/gogs/0/rancher-compose.yml index 7b5983b..b9cf7c4 100644 --- a/templates/gogs/0/rancher-compose.yml +++ b/templates/gogs/0/rancher-compose.yml @@ -19,7 +19,7 @@ type: "int" - variable: ssh_port description: "ssh port to access gogs cli" - label: "Ssh Port" + label: "SSH Port" required: true default: "222" type: "int" @@ -27,7 +27,7 @@ description: "mysql root password" label: "Mysql Password" required: true - default: "password" - type: "string" + default: "" + type: "password" gogs: From a1ceaa61426cfbb5ee6ad320843bb622e711769a Mon Sep 17 00:00:00 2001 From: Raul Sanchez Date: Fri, 3 Feb 2017 19:41:30 +0100 Subject: [PATCH 09/18] Added mesos-dns package --- mesos-templates/mesos-dns/0/README.md | 46 +++++++++++++++++++ .../mesos-dns/0/docker-compose.yml | 35 ++++++++++++++ .../mesos-dns/0/rancher-compose.yml | 32 +++++++++++++ .../mesos-dns/catalogIcon-mesos-dns.svg | 36 +++++++++++++++ mesos-templates/mesos-dns/config.yml | 8 ++++ 5 files changed, 157 insertions(+) create mode 100644 mesos-templates/mesos-dns/0/README.md create mode 100644 mesos-templates/mesos-dns/0/docker-compose.yml create mode 100644 mesos-templates/mesos-dns/0/rancher-compose.yml create mode 100644 mesos-templates/mesos-dns/catalogIcon-mesos-dns.svg create mode 100644 mesos-templates/mesos-dns/config.yml diff --git a/mesos-templates/mesos-dns/0/README.md b/mesos-templates/mesos-dns/0/README.md new file mode 100644 index 0000000..dd546dc --- /dev/null +++ b/mesos-templates/mesos-dns/0/README.md @@ -0,0 +1,46 @@ +# Mesos-dns (Experimental) + +### Info + +Add mesos-dns component to your mesos orchestrator, to be able that docker + +### Usage + +Mesos-dns will be listening at link_local_ip and will forward dns queries to rancherDNS. + +To deploy marathon tasks, you need to set network=HOST and set dns=link_local_ip + +Marathon json template example +``` +{ + "id": "NAME", + "cmd": null, + "cpus": 1, + "mem": 128, + "disk": 0, + "instances": 1, + "container": { + "type": "DOCKER", + "volumes": [], + "docker": { + "image": “DOCKER_IMAGE", + "network": "HOST", + "privileged": false, + "parameters": [ + { + "key": "dns", + "value": "169.254.169.251" + } + ], + "forcePullImage": false + } + }, + "portDefinitions": [ + { + "port": 10000, + "protocol": "tcp", + "labels": {} + } + ] +} +``` \ No newline at end of file diff --git a/mesos-templates/mesos-dns/0/docker-compose.yml b/mesos-templates/mesos-dns/0/docker-compose.yml new file mode 100644 index 0000000..ce83440 --- /dev/null +++ b/mesos-templates/mesos-dns/0/docker-compose.yml @@ -0,0 +1,35 @@ +version: '2' +services: + mesos-dns: + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: mesos-dns-route + tty: true + image: rawmind/alpine-mesos-dns:0.6.0-3 + cap_add: + - NET_ADMIN + external_links: + - mesos/zookeeper:zookeeper + - mesos/mesos-master:master + environment: + - MESOS_ZK=zk://zookeeper.mesos:2181/mesos + - MESOS_MASTER="master.mesos:5050" + - MESOS_DNS_DOMAIN=${mesos_domain} + - MESOS_DNS_RESOLVERS="169.254.169.250" + - MESOS_DNS_LISTENER=${mesos_localip} + - LINK_LOCAL_IP=${mesos_localip} + mesos-dns-route: + labels: + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.container.start_once: 'true' + tty: true + network_mode: host + image: rawmind/alpine-link-local:0.1-2 + cap_add: + - NET_ADMIN + environment: + - DESTINATION_IP=${mesos_localip} + - BRIDGE=${mesos_bridge} diff --git a/mesos-templates/mesos-dns/0/rancher-compose.yml b/mesos-templates/mesos-dns/0/rancher-compose.yml new file mode 100644 index 0000000..a6fe5ee --- /dev/null +++ b/mesos-templates/mesos-dns/0/rancher-compose.yml @@ -0,0 +1,32 @@ +.catalog: + name: mesos-dns + version: v0.6.0-rancher1 + description: | + (Experimental) Mesos-dns. + minimum_rancher_version: v0.59.0 + maintainer: "Raul Sanchez " + uuid: mesos-dns-0 + questions: + - variable: "mesos_domain" + description: "Mesos domain." + label: "Mesos domain:" + required: true + default: "mesos" + type: "string" + - variable: "mesos_localip" + description: "Link Local Ip." + label: "Mesos LLI:" + required: true + default: "169.254.169.251" + type: "string" + - variable: "mesos_bridge" + description: "Bridge." + label: "Mesos bridge:" + required: true + default: "docker0" + type: "string" +mesos-dns: + retain_ip: true + + + diff --git a/mesos-templates/mesos-dns/catalogIcon-mesos-dns.svg b/mesos-templates/mesos-dns/catalogIcon-mesos-dns.svg new file mode 100644 index 0000000..c54b281 --- /dev/null +++ b/mesos-templates/mesos-dns/catalogIcon-mesos-dns.svg @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mesos-templates/mesos-dns/config.yml b/mesos-templates/mesos-dns/config.yml new file mode 100644 index 0000000..6059f4d --- /dev/null +++ b/mesos-templates/mesos-dns/config.yml @@ -0,0 +1,8 @@ +name: Mesos-dns +description: | + (Experimental) Mesos-dns +version: v0.6.0-rancher1 +category: External DNS +maintainer: "Raul Sanchez " +license: +projectURL: https://github.com/rawmind0/alpine-mesos-dns From ffb8eda46230dd35253fe5a83092e1455829eb23 Mon Sep 17 00:00:00 2001 From: Raul Sanchez Date: Tue, 7 Feb 2017 21:44:00 +0100 Subject: [PATCH 10/18] Fix: makes mesos-dns listen in all interfaces for monit healthcheck --- mesos-templates/mesos-dns/0/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/mesos-templates/mesos-dns/0/docker-compose.yml b/mesos-templates/mesos-dns/0/docker-compose.yml index ce83440..b0adcf6 100644 --- a/mesos-templates/mesos-dns/0/docker-compose.yml +++ b/mesos-templates/mesos-dns/0/docker-compose.yml @@ -18,7 +18,6 @@ services: - MESOS_MASTER="master.mesos:5050" - MESOS_DNS_DOMAIN=${mesos_domain} - MESOS_DNS_RESOLVERS="169.254.169.250" - - MESOS_DNS_LISTENER=${mesos_localip} - LINK_LOCAL_IP=${mesos_localip} mesos-dns-route: labels: From b9833ae1f101106d46dfe34088db2b17cb0c93d6 Mon Sep 17 00:00:00 2001 From: Raul Sanchez Date: Mon, 27 Feb 2017 23:03:04 +0100 Subject: [PATCH 11/18] Feat: add sticky bit label --- templates/traefik/5/README.md | 4 +++- templates/traefik/5/docker-compose.yml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/traefik/5/README.md b/templates/traefik/5/README.md index 64fa02f..393d65f 100644 --- a/templates/traefik/5/README.md +++ b/templates/traefik/5/README.md @@ -33,7 +33,9 @@ Traefik labels has to be added in your services, in order to get included in tra - false: the service will not be published - traefik.priority = # Override for frontend priority. 5 by default - traefik.protocol = < http | https > # Override the default http protocol -- traefik.alias = < alias > # Alternate names to route rule. Multiple values separated by ",". WARNING: You could have collisions BE CAREFULL +- traefik.sticky = < true | false > # Enable/disable sticky sessions to the backend +- traefik.alias = < alias > # Alternate names to route rule. Multiple values separated by ",". traefik.domain is appended. WARNING: You could have collisions BE CAREFULL +- traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. Multiple values separated by ",". traefik.domain must be defined but is not appended here. - traefik.domain = < domain.name > # Domain names to route rules. Multiple domains separated by "," - traefik.domain.regexp = < domain.regexp > # Domain name regexp rule. Multiple domains separated by "," - traefik.port = < port > # Port to expose throught traefik diff --git a/templates/traefik/5/docker-compose.yml b/templates/traefik/5/docker-compose.yml index d879727..348bb15 100644 --- a/templates/traefik/5/docker-compose.yml +++ b/templates/traefik/5/docker-compose.yml @@ -33,7 +33,7 @@ traefik-conf: io.rancher.container.start_once: 'true' tty: true log_opt: {} - image: rawmind/rancher-traefik:0.3.4-18 + image: rawmind/rancher-traefik:0.3.4-19 net: none volumes: - /opt/tools From 3e8f9770d944a1dc26ae389239bba649fc4cdb04 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Thu, 2 Mar 2017 17:26:55 -0700 Subject: [PATCH 12/18] Add Portainer --- infra-templates/portainer/0/README.md | 46 ++++++++++++++++++ .../portainer/0/docker-compose.yml | 15 ++++++ .../portainer/0/rancher-compose.yml | 5 ++ infra-templates/portainer/catalogIcon.png | Bin 0 -> 23441 bytes infra-templates/portainer/config.yml | 5 ++ 5 files changed, 71 insertions(+) create mode 100644 infra-templates/portainer/0/README.md create mode 100644 infra-templates/portainer/0/docker-compose.yml create mode 100644 infra-templates/portainer/0/rancher-compose.yml create mode 100644 infra-templates/portainer/catalogIcon.png create mode 100644 infra-templates/portainer/config.yml diff --git a/infra-templates/portainer/0/README.md b/infra-templates/portainer/0/README.md new file mode 100644 index 0000000..e199e62 --- /dev/null +++ b/infra-templates/portainer/0/README.md @@ -0,0 +1,46 @@ +**_Portainer_** is a lightweight management UI which allows you to **easily** manage your Docker host or Swarm cluster. + +**_Portainer_** is meant to be as **simple** to deploy as it is to use. It consists of a single container that can run on any Docker engine (Docker for Linux and Docker for Windows are supported). + +**_Portainer_** allows you to manage your Docker containers, images, volumes, networks and more ! It is compatible with the *standalone Docker* engine and with *Docker Swarm*. + +## Getting started + +Once you have deploy the stack you can access the Portainer UI at `http:///r/projects//portainer/`. +For example + + http://rancher-server:8080/r/projects/1a5/portainer/ + +Note, the trailing / is important in the URL + +## Demo + + + +You can try out the public demo instance: http://demo.portainer.io/ (login with the username **demo** and the password **tryportainer**). + +Please note that the public demo cluster is **reset every 15min**. + +## Getting help + +* Documentation: https://portainer.readthedocs.io +* Issues: https://github.com/portainer/portainer/issues +* FAQ: https://portainer.readthedocs.io/en/latest/faq.html +* Gitter (chat): https://gitter.im/portainer/Lobby +* Slack: http://portainer.io/slack/ + +## Reporting bugs and contributing + +* Want to report a bug or request a feature? Please open [an issue](https://github.com/portainer/portainer/issues/new). +* Want to help us build **_portainer_**? Follow our [contribution guidelines](https://portainer.readthedocs.io/en/latest/contribute.html) to build it locally and make a pull request. We need all the help we can get! + +## Limitations + +**_Portainer_** has full support for the following Docker versions: + +* Docker 1.10 to Docker 1.12 (including `swarm-mode`) +* Docker Swarm >= 1.2.3 + +Partial support for the following Docker versions (some features may not be available): + +* Docker 1.9 diff --git a/infra-templates/portainer/0/docker-compose.yml b/infra-templates/portainer/0/docker-compose.yml new file mode 100644 index 0000000..6282e35 --- /dev/null +++ b/infra-templates/portainer/0/docker-compose.yml @@ -0,0 +1,15 @@ +portainer: + labels: + io.rancher.sidekicks: ui + io.rancher.container.create_agent: true + io.rancher.container.agent.role: environment + image: rancher/portainer-agent:v0.1.0 + volumes: + - /config + +ui: + image: portainer/portainer:pr572 + command: --no-auth --external-endpoints=/config/config.json --sync-interval=5s -p :80 + volumes_from: + - portainer + net: container:portainer diff --git a/infra-templates/portainer/0/rancher-compose.yml b/infra-templates/portainer/0/rancher-compose.yml new file mode 100644 index 0000000..c2aba9a --- /dev/null +++ b/infra-templates/portainer/0/rancher-compose.yml @@ -0,0 +1,5 @@ +.catalog: + name: "Portainer" + version: "pr572" + description: Open-source lightweight management UI for a Docker host or Swarm cluster + minimum_rancher_version: v1.4.999 diff --git a/infra-templates/portainer/catalogIcon.png b/infra-templates/portainer/catalogIcon.png new file mode 100644 index 0000000000000000000000000000000000000000..63318532ca832c9c21f8a43dda48758c895de9bc GIT binary patch literal 23441 zcmd?RXHe5!`!yN}MGaLc(whh<1f@4YsR0D(qM_X=C2t+)|C#l|0>l(|` z)^iWkDlff>(0Sq@WGZLy*;r)e+6f`uwFk-fn1n7T?3~t?lya4lRI9ig6<6asqak?W z-`mj+7dcKT2oHSGj*5Ei?JAVVE>a0=r)sv0Y-mW^k*T+zu zv=IWS{L&k-GZxXy7Ycf!bU#Jdepnfnjz4yka=RPx^vRVk*RLJaCj{zyIl8%9Q3$G+ zqc7=06o;-~iqEFfy}LOSo1lKnRFrfxhB+z4+DJE(k-3qV?;eYSm=*(cdA|xfk z@3_GHi%7iAwBIczH*j^i%BguLY=fnxR%&r$>|IL?IkCZJ*=okC@zUXiePf*s-fN2- z8TMAyyC-dyu6E?|%Q}j72~A~P|1cp@EqQfXCV+lh`#nU3;&FzDZlD-I$t{0(UnhV&*`TM zzA-s*I#p2g!kZR@N@^)tU(FX#aU(vue;rU5vjSmV9|BlMn0E6J*ocR|Yj*rJ< zxJyEqlujs(Avav(w*L0tB40Zubw)FTeV4aFy5cG)vyWm0kHwoRMR`erqAA&{YYca)EzQhkV~56x}z=zIggimtRYWnnh;7JY`(czg`Kezi72XQ=uVIxh@H|QTFu9 zRKyqBSJ;_K0lIDKkU8vYt4jEPhuTN*h7fo;XNY(#=9}L0bKTx#YkVMzX@huuxngpI zlr|OiJY0f3p1I5K5c>>*Qey?p@=C2kUzUNy>B z;?Db{6lfKwi_83eo+pF#)Q7j_T_pZpyiFFlKWy?|Aww&veG$#T&`k!$z7M>@#hu;$09m^u6J(gLpJGBd6`3)zFkFhS zV6kI>!zqt4Smgqn_}{*J7+|Vj!94XjXQJ`nua4+g95cBtVZXE?&lKy829we>plB*z z2tOEjBt8z__R%)VlJh(Je?FWV_6mq7HaV+1_=LV#ax+DnTlqLO9AcYSEI(_|KxzMV^+B`l|UT1-5>ge9nOqGh%zH z^ecAn8E)?D!r&G&x^J13)`u|namQLuJ;1la+fqR1TfP1c9AbdkROX!d0B^g4h%GKd zRyH(-F$bWC8^lSID-FNCW0kX0Pkf>EZ*ufOLPPz8R#r7L8XtQ6={eyx__PG)j4Qm& zR)1n+1yPedQiWH?^EAnejk4PF_@nXzQSrjdy&EC~?|hq-@aFIdn$dX`X_jlu21>KJ4=W3zmEAj-X* ze`@U~(T1v&(e*|ezh!$+IFD_VUL6Z(;eW%-CZniXU|WPz0nF2$tU%UcFA3t^m8mGk z%^en3>d#wWOH zp0G3Fc^9nwPF6JFoW;<6A|tse(IDQe5nZpP6?+-BFIdsS9|~p7Xxh{UdjH*aG@@n= z_=vhF*m?n`-Ei8jvLO_T3_=lih=(-~J`cNz5?Qdz3tYlpR5O$yKPWX%XZ~Y`h>rRJeK; zoR`o8o`-+->AOl)j4Or;*IdSVA)v4sQhDbb1~iT^>6s2a&U8U4mt#j z%zGEC_D&LfyBZr=<_o#A|Lob}8z|Y-Z<-kq)xWyJ@gKmasgzDD;gK5_BV+r~FwYCW zaoNNW(#u48h5~wc8t)gDKs1@s2(t~ZYL>5z-2c0Lblgd1|H3?N$+yX37B_M-7@G!> zRR?cGO(UP<=IqdY9pd>5;5csKU*q@SZOfD4u~d}&;B65yMviX2P#po zU%~uq^*Y8+c!>N8z2M;xv9Au3RG2wN(;F9>O!sC$uBVY@#i;MaZIDdyAI_v|2q?AK zSYu@s*RC7+Tro4h@@G40^~mvsJsXJdXRFwVY7HbIW$#7oyF;va)^E-Sp%i+t=zs4R zIRUi!`}X@JaV+id`eb+LG_q=gCi_niXDy1$-~RvV`TrIi{(pJ6OxS;p(#!iQOsq-g z>waH@@NsWmnODwkf1rEOQ*h7$o=w9S<9Xq2df_GEvEjK*@&k&TZ=(=9bu5aIS}G#M ziu!y#%c_tqbO0K^L2RSbN~L=H8?_^t>sdyrUtBc(wh91LBYOe^9k_7tB>bqq(}DXn zhuoR1lbkahP4c6gO4_VRWu8L)^t?>28lNT%Im)qN0LM=Rp?*z$T)PYTPjWy&s&bSY z^U?jrxetZ<8ErHd!ZSN#@Xz6GH^4mooT5JQ= zSOQV67IC)_bQZh_08;9wrW0ge;E1fTQHb(-mX{(@`L+>d;mJDxNrIAmZ*#qBbmS|G zzpAaxUE#~<^MhObRyFEIXjSg7PzBDJ8yAKZ16lL)E)M@jt9`c%BUL!c-u_-W@WwcB zrL;;ZEF6nbWtUa{Qh}@gZuD6z(d20@kt3;=AaBB*TlAl8EA zmBNkgy8$2#HBVAmcnK7i$dP&kThl}L88JqRL$&`bGnMI*0&^^ABguFiw8DWi!6zCww*V(fgUE}-Pi3_*Q|Sx+pTwD>l{Wr2Zx<%Ky=IKLzWO0(HoCopv*T~dmK4e0DE$5M zZ!B|;+>DPEAsr}I++8Pi=sj=bc-88UUOnBRO7n`Q7iy!h&@9cdB}F}{vd}CQyYm9d zFYfs_n`U+C6g+R{{*!pf2reml@*wM~?Hslqx4WUA+nos@hGWK#^V~VK(I!z1nsH^n zSvdY_xJKOW!F;p)J+{>&=&oV(?B9G2p+$H3|KQ|orB@AR<0nGmLR@gwo1}OtyHrs?_ zsR+6${CD_V!r=Vw4BK8z0&% ze?x&Uwh6#7u?i)YaItW)CVBJpID>KU8|e!1OYHvtZmP;Pe<`E`SHCYISSop(P30yJ zxX1-wfn(_Xfw>0{vT*|Z-A3a0%Nz2%gsT9dv|gcA8*bkhSaqBtbi}wgpdck|<#|3~+X@i+&pTpAL&JE&FH)^y14qpI5>^99MYPSCh=Pd0|opHhvF>GC!%s^&9_Z?Zz^2)*6BEpQqrNWOzj6N>5owIA8inm78IurWMNqtsx zvi9!lO5QoFGA1(c0Z2c>Hod-3kA>Y-|6zRB*nu)rvmO-)T|<#+(0v-HC@(wms%R{B z0ULl>s1%#gRO9qFj}~SQM3E-3{>~s@W*n>6PD*K#x9?Z#7seli^@Z)2toU^%>N@tr zB;{vT6{Uai#7^g3q`I-7eZuJuFPlyQJ`!^KHiu4qM)jyq{&U#3@#A$YFVAI)AgLD#nF`Ug+t6(X_uvuP0VI13 z-n}hm-ltr3Rqjn|G3x)gEUCR8;LfaO{-~n>YThL8#-q~=`5v-rXq#;tRh6u38=SZ) zJ6M)MIe>eG+7}|jy$zG(g2X5-^<1;wwU(IL;NJuz*Hw7ivB*{;T6ZsN%0^aZ76qO5 z5wfFQ`iiZ`=yjk0n`J~6G$RzhJ#CbboAg+e4`T8h1;R>ee}73>~~} z1To)5cSU^@89Vy59Xc)@W)5(8hbKa(eK^xre||@eF`|;HA{@4^LS`XDO6p|LiH`e*L!e9gS3N3JgTg2A0s1HhQZm;v#*z+;2Bk$plBc`sy&) zU>%FbsYyCsgqMD5k`;Xj^zdWEZcF~-qFC7a2q0JV&A-&<;q+4nokc{M-Tj0@N?tiC zdfP;y>B=DSI{K+^$(kAM5xbs(kmY)MomHuqbv-Y#{E z&7b9RIz!gwoT-GjxiegI?JbO)Q`mGbd?dy}7fPgJ5nI$ZH+vN7K7|2(8?F=8&xZUDJkn7q(_-*AlPaYR#=wWql^U#wH5TDM659 zNQ-s^rQP-tr`DJ$SYA@$piSo%`e<1M6L@P$u~?z_&Zc04NzMFT3*%P!@$FDHn2>Syf00G1^XCLrzr8d zZcjV=)-`Lq!|A=>eu zeObgJ-4=3Sr?(e${H?W?qXS!P7e6zvo&j$ci@5H~M*DOfDeuTr>OEyC?rnSM_-h{Upo}B)rWDkqJ$g=QUuTNJ@SaE6<1E zi*bo8fC!*eI4F$&A!Y@VbYJ3pWM6$pxE(O2GhuE5VDYn6xgTKjrb8jGc+X#IgF$?J z<=UB5&(cPV0=^I~bIvS=8H(fVA8Dj9D|JNd=H){vPhjgJ;FMmwUl&;ufhwO>i zy-j{dHZtlE*1z2QOXkf;D-yGDcmv*6lg4!SEW2tupmc`3CE1&^V*)^Ov^QL_>YU4B8$Xmb$%6m{%m=9GBJE%Lvz}9=fM8n+r{QG*x+ik|v5g&7O znIuSnT<{~ileKcYg9jsaS=N+X_#F%4eT4XRxrx>Dg*(RHLj25<)UFyctM}-QeT1@f z7G8&ZZ$1pCKjF%hJfa`hFV!S}Q=aeo zt@gD+jY~@NnkDQ*?b||e{@kfWcQ&A*-a_s_u=VdK4w1jpFNXfIa}yxQ_@j(bDv3!p zQQ0&h+Nydr@%Qx2#NGo))QVDh^)ANLdY;OF%oOc7T35wY+P*GE^)&AOMC)hot5Y&j z(QIc!;mgndS-$fcs-!e)jfTW?%{SxN%PU=PH)*SwsVUi=Xv(L58g$w}EcKS%lNF7# z!KW(VZ2+F}Q+`&eSTS_{l5ghudC1_QA#u4;d}`YL;bnry558u3G4DNVpWDz~^$HWt zgmtwwafy1ktm*YLs{B7jauO0a$|J(v%bjGTJz8L%fVp$BRex~~O>vwW3NO&#sVmS& z=1Obtj9RIHK$C}?`vn)cr`djgSqlNn+xZ}ie~d9*izOVb2ExhbIA^-?Eu^%u@3SLL zCkgjk+}%6WpL;JqDva$&WU6OTqz*AeE5y8FQoG);Ev1XDjXypoU9&8(@_s$g-QMOc*E_QUI@q81xatMgvfC1K8IZnM1|Pi zX`ZS^#`zqjSBo!*Vm8REWL9*atmuN$iQQY#1FMX#mNOfz)JzxG_tw=+wD_dW53{o9 zhMP&I=dgO-926D#*?sR;++3?jyoQ)`rifvpilRaRiDI__0lASPZCQDx9VM#+VgC4+ zP16b_i#m&c@qGh=4zA5TSfTEsy`eIU6PfrIzux{MKVM)e^u(hE*p|8`x2Qjr%gfjF z;q-d;hOtE#W0O|U7gNgkR`W^pja+;MRVl<|)Z=BbUx*HVVNoZzklX7+7D~%@+jT?z z0YJlQJ-9=h`bUAiE=ukl#W=?I${L__+rd0MeYuhe2&)~plVfSK0rW*~t;QPF%Zosc zLmVR+clo!rTI{t9vN8bkKA|lD&!3pIZE{vBJ^OEiG9`TNxbPk}+ftu-3%Pae&c^)( zqnt@i@Me(AxaR=AI)B|P*(p*0kSBBs!c%JsLUG*1AHkJ1(JX&+)WTk)F|k^;y&Xt} z#a7@WFNduufchLve(FDl^wR2*X?}QVOVl(!iTk*KssOOxuM0t^l?mJ3$7k0^4>(}= z-A$WF##^5jCh^Mnj*CQ*sSQDwE6K89$eu|pfC8!g*vl^>kY@*U3~WLl2iDqVC7sY{ zjcjy-Z5f4u-clHxnUMK2GLq_o?S8Jwf_ zB4Gd|!&1tO?B9&vFH_cU)gstayQDAMKjXz(SSHyhe~j=yPkBEBDZbIT%Lb@*o2XSf zrt+eO)?^}+YF^5>F724CpN9HK-BmsA%u0F}8duB5llqr3<%++8PP8+22=f8lcVqwc z$YrUm%Vt4)uVw-*0U^L))-esJ>+gu=p25YKxv_t}8IN=seYWC=VrDV1tL9hK>|TE* z3HuZVW@Q-#CT4qV>ci1}DfnMN&C!o5NicP@eU4^pMu?4^b~q`opn#@s0o=3}qfcCs zHGc6Pkb)4*G4`T;%mZ88gvTEnbZ#6AzS6zTO#XZ=Gk1c9b7leov$T?@-37ux?MaQ- zMZ5K@bDC;t!#@ti_xOadXhp`v4n#UM!=~fop??hjFo2o`&}kuCl$YCzrcK@GXwFRd z4?m0Jqh_YD4y0^epv9ew$^U4;$Il3ymvTI6IAv)}XDqF9awUCjXxWq6h4EGB^<8}m ztleU4+AMgquL#c^1_h)|5$~8%le`~ff-Sv{_f%7jS zr9Ch^5PqFIGCbDAG*(??SMF%gzYTALg=MF-y7$%Ul)uL<#+DTb7vY=}8X_AF%t{Bn zI7T>H)MH=j+^d~&|ZJSlfn*htUaOYHqEd_l83vjSgKDoCHR9+>}A zkfb6IUnYSe08x>1xyL-*&&f*mo!j&-+}YB{3(L$(X`a_-%$iC!$ms=S-wJl`w99hp zr1gt)@@YX|#f#+?255-OPv3qdrJd1NtiOQN7x5KgH9#0zp} zkE}*oq+b_{^H#!AuG0P1ksLaDXNC~DCwvzREDykL6yCBxQO*4FE5`6zx9*L2c(dVf^QkT*;6^2E0r5zX|! zk3|OeY*E{9Ic!6pK%A-H+1TMgUd4?APR>q{aRM1py*7im0pa0XjpMfpV0I~Av=ql( zIKG9ELh?yZhp?J$gXCrkqZ}u)jBL6&N41fSi3qV0?MvdJa1#_P(ZX(1iiCQd*ERYm zx=wOEt98lC#pu+pSmiVRVu|VZl{zD=oz}-sE{Yuo?y{r%Zl>{5$#J0jo}oV3%amA; zM%1~)3Hg}Q`0`?OdiOv3b*6V;%B;@P;foz2y0--oY9ij|y+an&ZksR1$g8OvaG$(w zg&W<5?yBq!IrN{8<4wPPN3BMj12-LZm?UACsM}rJ{tqb)t-$x>o2O72t!w73Lth6s zbRVO9qy_MA_=PWb-pGGc-s5&q#?z+VZ3*^Mv%F#uiiuX&JZZ~>uY+58nO3B z!KFzPANoW7w!kulYnK~AwfVS!5QDl|w6CKW9fh5|tt5Td=A%iAoBlq$jVpJIHnXZHs_@RF zw4gL5%$fH4;kh!g;MDcns`*^k(b|5~J9CrDzVLEJnM8<2?Rl(#8PULELh3CiT%6dL zxT367HF*n@BpF=(gAyX(GA~6DIPgd92gohokm>G)Nh19OMR>209A|OVK=rjNRL&Y_ z?@FEA@UbJT1RgDAd;5JnNs-~4Igj6e-HzKKPMY0OnyO}&pi0l(t__w3J=VEvtxfpw z&TT?-sif)Q{w=W=ROZV=@+j;Ez=9fTTt)o=Iw0g z5b^AxUJ%N?RP~kJIx&ML1IUD0D-u8X6VpBDz84r1vk>6i8Q)gLlp4BB!`(!d=?1wtJ+;?XK~aW7>U}gFbM7Bv3!S$CjC0y4%7VE+kTy}}MGu!8n-emQ z7DJb?^^M(?2W@Zhp)%cWrhbC#+H#I>N`RIM<+;apr2#QkbGuUN=b%x?<+lC6f`ZGb zQ_d|sji0{R_7US)S$__H#f1ge4MWua=8 zJMaQxZ0!WMl9^)cAx>4RbYo33o{Eq;$y;+=o)E6dr^7@b)+dk7i&V03R8=(Ae6r+{3L#p zOq?i>r{fpD<$Tfs3vWx-$~A3}o>x=;fJ~7s#YwX_qYf1KI#?RIkwdjEmQH#YNU!x@w>~`J8bRF2ZkkRLo3Ma>^VPC%~m7K+1lmaAO%+JPa>RP0nmEfXRpttK|=-iLz zfddrLcvwh*G?4FhqviLFIUT=bJtT)B3C+^EKh~8y7H_s^{7R9H+3txm{+QiZcs8K= zmhPZEkRy`40c{3NUV_A$G;6M34fX7Dtb(TB<$q{PSkZ8rRDXk9GVT%|VrJ}b z1Q6FAt)}`BgJ>89tXv%>N`ii_dy@J}^{U|uE)}@><;h0$7dh}yIA1Yol_HL7s+`f=D zUM2B;Vw00?2t{vDNoW0qc26vYXpABZ=`0b<;BB;sOdqG~_dHfJ@7+tKJne6Y|E&h_ zKUVuDJAeM2?p!6YS6ntR8blQsUO*;hE@a22zV+)Y^W%(-yCyu36U(UFkX5yd&lGt1U!z6asP&&})J+*U13*Ts0-f5~1SVpyx#%qdV3qlkaM zGKZB=)ycO{HG+)D3+FBEaffd_Q1R7xFdJ+Xox0t#$H(0nuL4p{Z0hvuD#}Jh>bqOA ztS+A}^$xV2wSL<+KM#xpt5}H%52>J}mPh!TgRPfxdr#NsnZ}=%n7X-r?~&8x4=#yE zSxphec^P`?OmF^uXD(}JIpo>Xw$@u7zMg5Hi7HOd?smrD_{`7S$ttWeFAGr?)0gdBVMby`iBELeI$g1!*^YHJK zL+9EQ*kH;w&-A_FprAUIW20_-Xz*|lxKvx2dQUD*eyzl`GJMqPhH^P^(7Q|Q?Y*Ph ze>(+WXTp&aqfx5c>v$pKpV6ahf_iM); z2SsX%h_c&{_VDyYCJYZ?Wo0gUOe(E5$E@EZ*)!A$&ieCQ`eiVkEpB(`%j1V9dBR3z zez8z+MRXA|2fOO)?7FCK)ZXa`xlQF=l*kF z6JaM;<`m+K#FaD>c+61R(|C^0eiD|cM@Oay4_&d!%+C?5l+dBG@v+#`5`7W}=!~8S zYhOl27iLkjPbQ_nW6pq?uAY0FOS@@n!0x2_dboubiR%A&?bW!Ke1$u6!p>zvp!n3! za@J7w)4R5u33*?ume-nq&OCH&6Fvr@Z6mUmfS?Uld544n@)p zOae8yS>6d}>6)%1+nu^hJ3x`QPkjg*uN`z0)zDyoVHm3>H}0OT&M&wg`3avuw9@$OXX!57Q<7I6xG#e zz;k3X#qM|r8S7pl5<=ysu46P(oBfy$gHxJ9@1Tegu18U9fM5TyVv&ArM*tn?{^1C% zPbTI+{_!p&*6qvmRK~Q=)DJuT(P!^pY;5%DKdJ3Y26YHBbhZgP`yYex4@A|={|?kg z7?>l@t|@j8=%>7#{Hkd)h}>`-3h%tms0CG@zgFr>yd9ld3BsEQ@JZMHbCye7Y8Ln$ zK|zDm?VDHcUVYx|XYBhsGH`v{noC7c?$`sds`v%8mdg0P3d?UB`==MO!lKmq+ONZn zF>H;ism<}V&SQB%Bko&W676Q#3@|$zxmZy>6dWeCzUP9^wT;Q^%R;L_Txup=Dh)7A zHmLDeSR)L`<*3vrym_HBJn*(NPw(D)ReQUc0ts~Zo}8VKI%(C1+|c~w=uq+^ra1WF zuV5@iD)A?9v_|Yg*2Yh_TLCFI`0m-Vj|5}o=+w~wROCOSEJ=1|xk+CQauDTAVX@rU@UR{*z5rcPpRD6kwkBd6xr=lFF=-+j`40 zncwZWI)#2BM(pmFX%jR^)7}u_S@EEje&fBMvZ!7g;|cKsM&ha8MuIH^4%CP<9rpU~ z!O*BrgTXkXIUO&C3PiTub(jUqm*Zy|64=!$ldv`LOeWo#zl8DOFSq*X=4!qE0GWzW zan6}Eyr7sx-qgeXQASjP=H0sQ8BclYS;R*8^+WxozvrLO>KT9O7VPm$?zTmV`$Z}q zdA=vT!}MuPZ(<+vk+!R}0Hb z3Mj1#qlosD0<*O0hX0Y|{P~?AbYCbcL3_VX`RbRiH2@;e`*dUTw-6c|c&KQPBrpe* z@w|^>sFaoMX0W+ud%5TBOSc2vYIqV*CzHNf50{-xZ)B-~nH{I4zi%2VJ0)rUZcGC> z^1t&AAU6by25)`hWtfY?O38FrFPs+(h*>@>Epf|L#zlM;$oOT~#=jb4qytdGMJaDe z2S)f}I}>|cL;y)AS(Sd5rxYq__O4e0WU~MdxVzX2)9#uKQ882mob7$ue(l{Vq(5&` zB=`Er)4hzJ_Bs!Xa(Fzhw0wH`zwtER!H++_pq8Q2z z!;e!XH|QLC;B5p<`MuOGuD+o{D^atUr>_9T(-AhbGcj#N?dz%%)xajw`!GM%(g^cS zPU+^o3U_aM=hS*o`=Y&^glJVssb>F&t3N{NQml0Yi{e$3K0?*zgxally(MAN-a;Hn zfFpTLcfCuzVfu~hJ~+8go8tF~asKWT%&txj?SKgJNM~B(-MLn2Uzs;1xO@J4xfV0k zO$+5h+#D16#j_l!XRen}OG>r5*)42im%ci>?+U(#OJ@hGoT|%~3&cVdrX*v3l${`Y z@Jr^%%9$cdW2B1{-92nKRHj>v;jn(?Y6I4dnFgx3)4<$kls0<)2*pZ98PS_Qhk1(r z)V-RyjFo7#Ub2qd(|zfc5?k#tmS+L7kJ4pL-X|_Os)_vpNwuBI_MFr$HhzM_T1$_} z_0Jw+vs>)n=DHhPPAjk+e}TA_OMyf_X_^1E;{+mJ8dFXVw6l@!s40K;_;hFe{nbUy zjNJUQf&CG?>SQ-A9qBdVB+^ffuwx9d>lDX@rt6^r5}@BkgRvy{pWj+~v1Pz)Gxw&tZ}wZS)Put`;cU@x2u9ymhFctpb1Esf}tfe;O? zu+$v{uHYJmBTy@#ONs~zApcNt`~f^or}3U#IwH_ZrwqEmpH3bs<^D*+hy2dZfJrhu zCA>W?UIzobHnQKaq4KJ0hMY4?@=wpnlx|b~N;h4paBTDCSq7|c?j!(>PQSA}tUiVf zr8$;Ad-gPU5`n1%(&~aNM^{d*@5sg&L$^znGlIkJ$#yUQ(41_Uvu@~)P~urr?MCa- zdjLc9ewtSDwo=&7SZnH~5kka0W_l9fxrASbFdWL}P8L^t2a9m#bOp%s;TQmUZu_mq zXP(X&HE}x%-WC_$3>ql-RU14|O`%%q3xfwXukSlrS8cW$g|Eu-X%_&aCv^eD%bD#M zH%z0; z*vR+=L-$QTU@E#do{AV0k0uc|v$n^kB6in7;QTy*Fu&6s7%vxy;bEfY?-N(#QW}Y< zyV|!t47SEUKLwaT_PKX6a~*M!k4`Po)cqRyo1?ac{Y8$h9?CT~ief8mS&z8lNhR>S z?X=mVOqi!C;Ya$UF;N<@Ev1(+Z$ZWf=GcD7bMqpIY6!Pp-c{hz$m{oScpss}rNrLp z0@JuL-dt4!dUp#1$jE0ctG>$l*(o50xdr@2RI3A}Glh;9iQ@sNEWuFEQm1e)fL}+> znqh6C(xDyB9HGfgd?9!7Y_app>9;1STBW#cf{T7cXz-aZ*HmZW&Qk~7<;aEsExpbv zPH3b%qK5xCS3lR}tRQ3bGF(P7-R7D zVS!do4*sZLCk}9l#btG^Q&*sZSs7b$WL^Epfez9RS`J@l z+_Y|ge5gu(ikFACDaxO|FYuG7rWYdCc8+Wf`Yi=&h=9R@W=y;)rsMt~fo7IcLSJ@r z^Js04DtEOp(^pK&Y=pCMkB!-A9*VqK=*)~Z>gOGbXZPy%6IwP-xf4J(;G7xX(s^EP zjaYRc$VE&p9!~2IDQiQ-Bj2xHziltrp&Hh6;M51O6(~j%pwde^HaSliXrWO{xwSol zcY?P~CShtW>gHtVE~s_;q~hkb(=@sL+xIzNrsNlT%M^RClOJ%-*x53c+Q!qD6`K4? z2hNuRr<%p}Z=J?vo=7Z(kU)RyR(2IQpZ|__tPq`7Fa;ya$}J1zXy~lA>mJ)%IH^+$_oH zb{k?=yfN^d13%80U7m`E5yfzkP!*H1BgEplZ)ve|!apoHXJodX41+=|dVLXnb&I!Y zE_j87%9M3Ly3-%#YqA?AM}`Uz7Nz)O7l+F5%lO8i0M{f?W@s!F%2&aqe#0OPep3sP z2h8$9HDa|T)+4ict9A<*rC0sxa~Bmo!1k10e5C+Xeu%67Z3p?$pfHmqtC695{+u&8 z@V0C!PSa(s^@oAewX58JdyY0H*bpazdX&3WK=b_yxZO@q@0e`b@N> zgW%#~UMlR-6@Gi_ESE*;n`03I)a|*1h3w%t(#wN!t269kpbw4)l=_W0Vx|;-EomNV za5`d9&q2NkEH}%VO;6-NdE!>l!j?5=KF0Xp1PBg1l!*+(Yk<(!z*2Hv$?iRfOP=

f=h#s>m>-X8Y?*9jmVAi55Vt;Dd(+v)C-E8y<7dG@e{YnR`J zYT*L6+k~HCdhK2iuXQy=FtQU+aDvAh%H$q=E&JlF2)WU%B4LW>DG$4qOQShBM-&-~ zC$Qh)aiK@|ZOIdF0(mdHo$=eFV#RYW&TVxbeva4;BKzULkkSesUhonsL+q1q`QyVy zgJq&|GAtCZ2rG_4-LRtCT@j4(ZYYEw_~~?2ZonnxUc3bQ`Exn9c_^Oas_jIIy=I!- z=Y?f%CnXTMLERpcjnNkCt(0(SYSjjo0os15{w?BNQ7hZ1*u>LUCd^lZ8O^9`R(-Fy zgsb3M?PBFJ&62MmTIYF&O-5_+wZP$^zq~*Fz4mRa{I-H{jr6o$P15(=U;@(1Hg0Px zLP69l>%K~uP_ERCgAO@zZhLmgd2`5|#KIR2e_*8H_kdEqI(%AmNB32=L%UFjt}xMX z(XdgfbThZNMe9qm*gZGS1u2jXf!Z}r#KhjnF!4?|iG(x2XI#;hI{ zIdT&nF{?qJc7EM<5KgoL|0{qi?f3r$xI=Kv^f^#0DtOa9Y0ISv3PBrLG>pc%>*Gm1 zI*2Q8RjHW4xP=)dvOMD_p_7Z)fVXFDao-9@4KQ@%5>%8E#xTqXVVUl2K7D8 zyBL)h&z+OX*$WYDU?~@M6AiiOp|J+>0A83b$9)nC!6)6rc5Is_XW)9J!OQ)KZnqA1 z-mjqYt;Mr9ww0eQjAF(cZbRFVvV9SCjFc9$(GQC~DIEVEr@_{l%pPvoHyx4!LOqx2 z0|FXD^d02Qc&d07FRUzLl`COe3T1%bBBGOqL5cEa(#(gO_hg(R>-C#!1GM6$fwTUBJz$tzT*Q*H12SMD&>>ILq9V9k#X7oJeND|A*62GG+nZ|!Hzi>qx)7L zNOICPQOwX*QPBsB@5Jv6h$R4vccJ=lo%u^hx<4w*C9s1gskli#RMMBE6uW>*cy<@T z+>4420j^I;N|u$+x7%DAP+yDFqCM$_xMiGfoDU-~M9+ewpR$t9Gir165D&j|cvL-O zvos>SY92nY^4RBLTO6Wcv zBYGLx_NIOuB(7}AtST5(O$VTUO?V5+oCQf56$%QRaE3;y+DYNxvGw%+sv~|I6tN-w zo!S9T*pfjOGF+uR$kNxJ=ROcNNNKi+MWL24Z#DUPsDBA=?gQ`()`G*J34r)-U;A*> z-ELEi)Y15YquJ>^_IaQ^+7UWaWz*yHa^}O`n&l5bsXarMV`bNtKGGBSrAs_o7+SV_ zL`n|yWpx?9f?<8pfU~rC_N~aPI{CE3nKj~JR5jDhiF*z<1`j5tiQaqF4B$C2Z1oY}_~mnJ7szg;G*F|JufTUbK4-9AY|WXR zVAL`6_MSd-%|(CIqoMbm^A3}Zg}(r;MhT*_7LK&*8SKAGbty666A zL722Zs`fsz<2sC&dU!pPpMni2j0}wY7dUPl*vS{G@8v${aytO7KWRC>>(VvnlguO| z{X>U58KR?z7#Bu>dBKS2iPZZ(3EQgS%qer%?FPLs`G9=u2Nnq7B_qi6_S3Oae$KZfhV~`Bit_trT!i3V))S#;|pZcCV2r->`7mjq4nN27=94H z*etJcU***`ApHxB)jP^ljg>@tL;^GfDoy{vO!X4xXx-vI=E7WO;h-36>|6{45 zQ>yWy%+Pm{d^9#!lbGHJUpTL4a!uRwk+u5i) zhEqYKmS;!ewFpnfg?gmvNU%verGCvD)YcN9VJc(@I_Y6M&!}mw`eb0TJ`#R^m?zuDOZDe22?-g)1O1Q2*Fn)JU+&H|?b*4-( z+DODPAjSK^Mw*cn+Z%spN(lpvP^3i&%n5s_Q#XiaGwoz}tQ%a2>l$|T)v@3s}V-Q&+J53ml^XCI;77qJwI zUD6^*68>|ksm@Jch@mDrS{7y>T5GY!y{Mj)bdcJsdLp}UZfWB(KOGz8|!3pbR)MQP00P~RhaWxih8;B6^>)wf*6V30JWg2aBng_BUo6AQQfZ&Kgm zeHS8Js6sB53qeM&8I3zn)uo}Y1c}K)67Qj+?~VKRG){c1j1B2qAC|)jiaS=^wy|$TI5;j}g4yVxe*-PtN_!UcZJPhK45T6gp|z>CeNEL4zHu4}3gdlYLflPp|kd zsrP>)Ym7nuGRKvC7yjPT<$Tf4Qs$S5Ym7Tj!#xy|r;g-9VcG!mu#hEZd~9S6cHzx; z%F*@twv`wlMq>;{YQ|~jO6_Ft5hQNVmTRNSRNHF5cU#X+e2#o8pec{^2wV6NzRZ(9 zkSTZB^<1pm# zJ4$bUXm+)JYeQ=%AK|VuX%_1H_08Iz(-WCjRo+pOV8Tk--myOl`y{961rfbEv^ovK zf!4s=_Gvf%L;}>xNY* zFK9LkDSs{%sKJQDO0+uN(~mU!7B0SA>}taM|1(<@+U9abAj@8PS!`%oxwmBqjq91^i!!U6HZvI7-ItQH2j_O*N44T(lt064q5t~{ zYWT;yKQzjk!dFn!{qdrHu@XVg%wO#W|8vvSHO9;=@@K6;FBI|eZOO=K+*3?=N@sgz z==X-;lJQG3KefG>%8*ap_WyRhzT|q=VN{YT5xzG8RVIY#PeeZ)FANrJ9Hg0KLgbVtO zr^*hs?Z{1AG`&9bKJl2}IDIXdW>JTKYLwBBGRY;QqM zxS6I+WwDkq$+ZPac zR~_47Hi))IfAKrG#w>UE6uwT(E*nZaR8?7 z*@&aS$D%kxc*wO$6>{jl5RTBN1$$X9>!S6w>&QO;d^n&gSohpO_AV+{Fyc9*5lhZ> zbQrD5m`?=a@CoU8emAXZstnW~_fZ|dB~uD*CNF|cC;n8jTj%|L&LPi@WuY;a;B$c` z3uqo}e#tYl7^pFJ4T=PbSjj*9qTuX@t53V|fG1GLIsw`%SX}TERsSb0pV4>?zgQ!S z=!H6~KQXzBQs0X+tI9wj-8Y6XBUyiow!kz}`rfHXN&|&U;i;1XNXNOT{AI6cRZBp!Ipr0(Wzvj}d zZ((e0tAT<#5Z;Sf1`DS3t@#!7T}sr)f`lB z{)9fatCc)$tG^?IpkQXL3rZ1>p*G7z>!!8!@;7q&zL^p4^o;pbKnw`qXM=j7*!oA+ zh&M_cH|$ffcUnmrQ3nsX$gjH@ru;Su)U#!v+AQRaiPoX4jBBeZYPU!4e zT5Z%kM626B=S_u2x@$H{t0UCzqS}*C*YrN`2oh`KsVa8LHRXmZd2&?}CHS7=098XA zm->4w_!<3Zbc!^x7FavoX1@Tc$@uv3E{; zPncUF1k@?%FA^a}<9Qc#Mx!W1@)S}y)=&_fq5c^_+E!)8U zX#-v_SUSA^nTOpAsFMar;l$Si?#P1Byn4O4mG{NJz>^L-tdY_{OuOg}zO1Nsi;gwz z!wHlakUS)A9l^d2=94|xpHN5N&NNEz``o$v^*f5Ylf&rO?divh6GVx%0vm`3Pl(8` zG$-TnGtGH zPBnY@r#GX5ykW`VG1jN;^vok`>rhwrOCT2DBTG+LH`Qg#M*@*(a>wP>bDWn>SZ;>< zS7(-*9hgKN_tg5}UnKdh)`iYbJdue;=cw3m(!t`C)Mj{x9(Y>xLEaxNr)BU$lMEj z)<%;joSWRI&s^hdh6yYit7K!nJ=a)JMV!Ovry?z`OFlFST(}n#y2O`uB#fz(WX?4T zI;Wl>$~N~%V#%S;Z?OWCuta1$%b52EoQeYczNBM+`FnJN7*#(?=?|>p9&k*4Ssf-* zg6ZE1I4ixb41{cQ5LjUjHH4Hp=-v6yFH;2LI{&9Q0BgyKc?U}uz38tjV+<0R(q)vb zY)5=cw6~1w__7i@3E>PDu1}sz1{)W?5a&thsXKy}h)u9FU^;pzd#r&@Ec!zksxl`x zmvB|K3r5KpXA?-yNGr}zY~B?tv#khLvX^mW3+GH;An{28>KacWOSfxB1H7t~KIb@j zfD0Ej$%?0FrwTuA`y#Y-c5>I24|d5F*C!!Ul!M;PcI7QBbyp?3&zm9NMGUj(5p!jetET|55;GTDtN-(_)Tk(zg=P z)+}c~u5&&`IIQLLLtt;wsgj5OV2C+fcU=WjW=hFLFydvPa8L?1f#Wj%JlOKRFcij| z)w`qD^u&NOvCs+ZdF&iUh1r!w0VM%jrBTWHC|~p|l)cE3>)Njks&C0wD8rdl2dv*iHP?2HG-iYom|2cfIm zJ{kQ-Gl!PY3CiWFgv*mEl2T^9_95k44jcXV)ST2{z0fD9BVBEpGtGe8sBEPv63lkb z1XRO*o&Anp>-(a_F#eR)7y&FYNKpDYw zB)??lNSO0@4ActzFVoU>afK@2&BJic*5k0p`^M{NX)}KK(OyD-&4xX`SQFzTH!x%> ze%|WFp}D8E0wUY>0jf+W}& zW9v{ec2iM6i|0+~HIP2+cA*FSrh;_N?b#Ev4D!oY?+Zf=QVqi{MC%iQ(y64MhX-ZxVA%Ny7YJO|aq`uD?uhHr|% zbpN+*KuN3lIi!YP2cc8UX#AxWBE*G@z3k#X_#2dYXX^V4xlVeYycj%-;FZ1gvFuS= zo%AkJE2$VZUDaSH<0x1o#p&y(zz>;rD#dYNE#7)0Yszbk9V6`}4O#l;^*x&CL|@6r zoY%X@eeCL)ta)+Mf zh8l=xpg3#Wl{prQisIaMgebTE&>q-1y5~1+BoB2~EpsXn!`(IBOC04bPpgvyKeX}% zUyAn12{VWVEC464MUpngaQAly%X9=Uyv8`13HuPBht?l1?UOwN>8) Date: Thu, 2 Mar 2017 22:38:43 -0800 Subject: [PATCH 13/18] Update rancher-compose.yml --- infra-templates/portainer/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra-templates/portainer/0/rancher-compose.yml b/infra-templates/portainer/0/rancher-compose.yml index c2aba9a..8588474 100644 --- a/infra-templates/portainer/0/rancher-compose.yml +++ b/infra-templates/portainer/0/rancher-compose.yml @@ -2,4 +2,4 @@ name: "Portainer" version: "pr572" description: Open-source lightweight management UI for a Docker host or Swarm cluster - minimum_rancher_version: v1.4.999 + minimum_rancher_version: v1.5.0-rc1 From 933f81d2848c402a2b830c4b1ad3657db53cfdc5 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 3 Mar 2017 10:25:36 -0700 Subject: [PATCH 14/18] Portainer 1.11.4 --- infra-templates/portainer/0/rancher-compose.yml | 2 +- infra-templates/portainer/config.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/infra-templates/portainer/0/rancher-compose.yml b/infra-templates/portainer/0/rancher-compose.yml index 8588474..74bbf4b 100644 --- a/infra-templates/portainer/0/rancher-compose.yml +++ b/infra-templates/portainer/0/rancher-compose.yml @@ -1,5 +1,5 @@ .catalog: name: "Portainer" - version: "pr572" + version: "1.11.4" description: Open-source lightweight management UI for a Docker host or Swarm cluster minimum_rancher_version: v1.5.0-rc1 diff --git a/infra-templates/portainer/config.yml b/infra-templates/portainer/config.yml index c059619..e71c72d 100644 --- a/infra-templates/portainer/config.yml +++ b/infra-templates/portainer/config.yml @@ -1,5 +1,5 @@ name: portainer description: | Portainer is an open-source lightweight management UI which allows you to easily manage your Docker host or Swarm cluster -version: pr572 +version: 1.11.4 category: Management From 3eed8090d3fff8ebf4e67e8d50269322f4ad1e06 Mon Sep 17 00:00:00 2001 From: Hussein Galal Date: Sat, 4 Mar 2017 06:35:28 +0200 Subject: [PATCH 15/18] Add new image for mongodb replica set configuration (#442) --- templates/MongoDB/0/docker-compose.yml | 5 ++--- templates/MongoDB/0/rancher-compose.yml | 6 ++++++ templates/MongoDB/1/docker-compose.yml | 5 ++--- templates/MongoDB/1/rancher-compose.yml | 6 ++++++ templates/MongoDB/2/docker-compose.yml | 5 ++--- templates/MongoDB/2/rancher-compose.yml | 6 ++++++ 6 files changed, 24 insertions(+), 9 deletions(-) diff --git a/templates/MongoDB/0/docker-compose.yml b/templates/MongoDB/0/docker-compose.yml index 2a4724a..75a85f6 100644 --- a/templates/MongoDB/0/docker-compose.yml +++ b/templates/MongoDB/0/docker-compose.yml @@ -2,7 +2,7 @@ mongo-cluster: restart: always environment: MONGO_SERVICE_NAME: mongo-cluster - tty: true + CATTLE_SCRIPT_DEBUG: ${debug} entrypoint: /opt/rancher/bin/entrypoint.sh command: - --replSet @@ -17,11 +17,10 @@ mongo-cluster: mongo-base: restart: always net: none - tty: true labels: io.rancher.container.hostname_override: container_name io.rancher.container.start_once: true - image: rancher/mongodb-conf:v0.1.0 + image: rancher/mongodb-conf:v0.1.1 stdin_open: true entrypoint: /bin/true mongo-datavolume: diff --git a/templates/MongoDB/0/rancher-compose.yml b/templates/MongoDB/0/rancher-compose.yml index cc3b566..59e47bb 100644 --- a/templates/MongoDB/0/rancher-compose.yml +++ b/templates/MongoDB/0/rancher-compose.yml @@ -11,6 +11,12 @@ type: "string" required: true default: "rs0" + - variable: debug + description: "Enable Debug log for Mongo containers" + label: "Debug" + type: "string" + required: false + default: "" mongo-cluster: scale: 3 retain_ip: true diff --git a/templates/MongoDB/1/docker-compose.yml b/templates/MongoDB/1/docker-compose.yml index bd37783..de669b7 100644 --- a/templates/MongoDB/1/docker-compose.yml +++ b/templates/MongoDB/1/docker-compose.yml @@ -2,7 +2,7 @@ mongo-cluster: restart: always environment: MONGO_SERVICE_NAME: mongo-cluster - tty: true + CATTLE_SCRIPT_DEBUG: ${debug} entrypoint: /opt/rancher/bin/entrypoint.sh command: - --replSet @@ -17,11 +17,10 @@ mongo-cluster: mongo-base: restart: always net: none - tty: true labels: io.rancher.container.hostname_override: container_name io.rancher.container.start_once: true - image: rancher/mongodb-conf:v0.1.0 + image: rancher/mongodb-conf:v0.1.1 stdin_open: true entrypoint: /bin/true mongo-datavolume: diff --git a/templates/MongoDB/1/rancher-compose.yml b/templates/MongoDB/1/rancher-compose.yml index d5605b2..0022167 100644 --- a/templates/MongoDB/1/rancher-compose.yml +++ b/templates/MongoDB/1/rancher-compose.yml @@ -11,6 +11,12 @@ type: "string" required: true default: "rs0" + - variable: debug + description: "Enable Debug log for Mongo containers" + label: "Debug" + type: "string" + required: false + default: "" mongo-cluster: scale: 3 retain_ip: true diff --git a/templates/MongoDB/2/docker-compose.yml b/templates/MongoDB/2/docker-compose.yml index 2a821e5..3f991d4 100644 --- a/templates/MongoDB/2/docker-compose.yml +++ b/templates/MongoDB/2/docker-compose.yml @@ -2,7 +2,7 @@ mongo-cluster: restart: always environment: MONGO_SERVICE_NAME: mongo-cluster - tty: true + CATTLE_SCRIPT_DEBUG: ${debug} entrypoint: /opt/rancher/bin/entrypoint.sh command: - --replSet @@ -18,12 +18,11 @@ mongo-cluster: mongo-base: restart: always net: none - tty: true labels: io.rancher.scheduler.affinity:host_label: ${host_label} io.rancher.container.hostname_override: container_name io.rancher.container.start_once: true - image: rancher/mongodb-conf:v0.1.0 + image: rancher/mongodb-conf:v0.1.1 stdin_open: true entrypoint: /bin/true mongo-datavolume: diff --git a/templates/MongoDB/2/rancher-compose.yml b/templates/MongoDB/2/rancher-compose.yml index 53a2630..58c3259 100644 --- a/templates/MongoDB/2/rancher-compose.yml +++ b/templates/MongoDB/2/rancher-compose.yml @@ -18,6 +18,12 @@ Example: 'database' required: false type: "string" + - variable: debug + description: "Enable Debug log for Mongo containers" + label: "Debug" + type: "string" + required: false + default: "" mongo-cluster: scale: 3 retain_ip: true From 1736fe94a737294feaeb77b294d3b1130d0c27b3 Mon Sep 17 00:00:00 2001 From: Jeff Silberman Date: Fri, 3 Mar 2017 20:35:52 -0800 Subject: [PATCH 16/18] Update Portworx to support CoreOS (#427) --- templates/portworx/0/README.md | 8 +++++++- templates/portworx/0/docker-compose.yml | 8 +++++--- templates/portworx/0/rancher-compose.yml | 16 ++++++++++++++-- templates/portworx/config.yml | 2 +- 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/templates/portworx/0/README.md b/templates/portworx/0/README.md index f35a373..45665d7 100644 --- a/templates/portworx/0/README.md +++ b/templates/portworx/0/README.md @@ -1,9 +1,15 @@ -# [1.1.2-GA Documentation](http://docs.portworx.com) +# [1.1.6-GA Documentation](http://docs.portworx.com) This catalog will spin up Portworx on your hosts. There are 2 configuration variables required: 1. **cluster_id**: Arbitrary Cluster ID, common to all nodes in PX cluster. (Can use https://www.uuidgenerator.net for example) 2. **kvdb**: A Key-value database that is accessible to all nodes in the PX cluster. (Ex: etcd://10.0.0.42:4001) + 3. **header_dir**: The directory where kernel headers can be found. Default is "/usr/src". For CoreOS use "/lib/modules" + 4. **use_disks**: The list of devices to use as part of the cluster fabric. (Ex: '-a' for all disks, or '-s /dev/sdX' for each individual disk) + +**NOTE**: px-dev requires at least one non-root disk be attached to the running image (i.e local disk or iscsi). + +**NOTE**: If using Docker prior to 1.12, then you **MUST** remove 'MOUNT=shared' from the docker.service file and restart the docker service. For detailed documentation, please visit [docs.portworx.com](http://docs.portworx.com) diff --git a/templates/portworx/0/docker-compose.yml b/templates/portworx/0/docker-compose.yml index 09a891a..c5143e6 100644 --- a/templates/portworx/0/docker-compose.yml +++ b/templates/portworx/0/docker-compose.yml @@ -3,7 +3,7 @@ portworx: io.rancher.container.create_agent: 'true' io.rancher.scheduler.global: 'true' io.rancher.container.pull_image: 'always' - image: portworx/px-dev + image: portworx/px-dev:edge container_name: px ipc: host net: host @@ -11,13 +11,15 @@ portworx: environment: CLUSTER_ID: ${cluster_id} KVDB: ${kvdb} + HDR_DIR: ${header_dir} + USE_DISKS: ${use_disks} volumes: - /dev:/dev - - /usr/src:/usr/src + - ${header_dir}:${header_dir} - /run/docker/plugins:/run/docker/plugins - /var/lib/osd:/var/lib/osd:shared - /etc/pwx:/etc/pwx - /opt/pwx/bin:/export_bin:shared - /var/run/docker.sock:/var/run/docker.sock - /var/cores:/var/cores - command: -c ${cluster_id} -k ${kvdb} -a -z -f + command: -c ${cluster_id} -k ${kvdb} ${use_disks} diff --git a/templates/portworx/0/rancher-compose.yml b/templates/portworx/0/rancher-compose.yml index 8e4f784..b4049c0 100644 --- a/templates/portworx/0/rancher-compose.yml +++ b/templates/portworx/0/rancher-compose.yml @@ -1,8 +1,8 @@ .catalog: name: "Portworx" - version: "1.1.2-2017-01-06-GA" + version: "1.1.6-2017-02-08-GA" description: "Container Defined Storage for Docker" - uuid: 352669-pwx-1.1.2 + uuid: 352669-pwx-1.1.6 minimum_rancher_version: v0.56.0 questions: - variable: cluster_id @@ -17,3 +17,15 @@ type: "string" required: true default: "" + - variable: use_disks + description: "Cmdline args for disks to use. Ex: '-a' for all available, or '-s /dev/sdX' for each individual disk" + label: "Use Disks" + type: "string" + required: true + default: "-s /dev/xvdb" + - variable: header_dir + description: "Directory where kernel headers can be found. Default is '/usr/src'. For CoreOS use '/lib/modules'" + label: "Headers Directory" + type: "string" + required: true + default: "/usr/src" diff --git a/templates/portworx/config.yml b/templates/portworx/config.yml index 121d6b9..56b0ce7 100644 --- a/templates/portworx/config.yml +++ b/templates/portworx/config.yml @@ -1,5 +1,5 @@ name: px-dev description: | Software defined enterprise storage for Linux Containers. -version: 1.1.2-2017-01-06-GA +version: 1.1.6-2017-02-08-GA category: Storage From 7b99c00e5512778680d7075912ccd20afee98359 Mon Sep 17 00:00:00 2001 From: Radu Stefanache Date: Tue, 7 Mar 2017 17:28:13 +0000 Subject: [PATCH 17/18] InterouteVDC driver added. (#443) * InterouteVDC driver added. * Updated the url Hopefully this one would do (and yes, we'll have to whitelist it in Rancher manually). * new logo added * wrong md5sum fixed --- machine-templates/interoutevdc/0/checksum | 1 + .../interoutevdc/0/rancher-compose.yml | 3 + machine-templates/interoutevdc/0/uiUrl | 1 + machine-templates/interoutevdc/0/url | 1 + .../interoutevdc/catalogIcon-interoutevdc.svg | 84 +++++++++++++++++++ machine-templates/interoutevdc/config.yml | 2 + 6 files changed, 92 insertions(+) create mode 100644 machine-templates/interoutevdc/0/checksum create mode 100644 machine-templates/interoutevdc/0/rancher-compose.yml create mode 100644 machine-templates/interoutevdc/0/uiUrl create mode 100644 machine-templates/interoutevdc/0/url create mode 100644 machine-templates/interoutevdc/catalogIcon-interoutevdc.svg create mode 100644 machine-templates/interoutevdc/config.yml diff --git a/machine-templates/interoutevdc/0/checksum b/machine-templates/interoutevdc/0/checksum new file mode 100644 index 0000000..eace2cc --- /dev/null +++ b/machine-templates/interoutevdc/0/checksum @@ -0,0 +1 @@ +152fd64fb4936454c8eb95fa57450753 diff --git a/machine-templates/interoutevdc/0/rancher-compose.yml b/machine-templates/interoutevdc/0/rancher-compose.yml new file mode 100644 index 0000000..4a237fd --- /dev/null +++ b/machine-templates/interoutevdc/0/rancher-compose.yml @@ -0,0 +1,3 @@ +.catalog: + name: "interoutevdc" + version: "0.1.0" diff --git a/machine-templates/interoutevdc/0/uiUrl b/machine-templates/interoutevdc/0/uiUrl new file mode 100644 index 0000000..17f2e90 --- /dev/null +++ b/machine-templates/interoutevdc/0/uiUrl @@ -0,0 +1 @@ +https://myservices.interoute.com/rancher/component.js diff --git a/machine-templates/interoutevdc/0/url b/machine-templates/interoutevdc/0/url new file mode 100644 index 0000000..68108c6 --- /dev/null +++ b/machine-templates/interoutevdc/0/url @@ -0,0 +1 @@ +https://github.com/Interoute/docker-machine-driver-interoutevdc/releases/download/v1.0/docker-machine-driver-interoutevdc_linux-amd64.tar.gz diff --git a/machine-templates/interoutevdc/catalogIcon-interoutevdc.svg b/machine-templates/interoutevdc/catalogIcon-interoutevdc.svg new file mode 100644 index 0000000..4427920 --- /dev/null +++ b/machine-templates/interoutevdc/catalogIcon-interoutevdc.svg @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/machine-templates/interoutevdc/config.yml b/machine-templates/interoutevdc/config.yml new file mode 100644 index 0000000..aa669ad --- /dev/null +++ b/machine-templates/interoutevdc/config.yml @@ -0,0 +1,2 @@ +name: interoutevdc +version: "0.1.0" From a3b1efbabfa743e584341dd4337ee29a7de1f318 Mon Sep 17 00:00:00 2001 From: Andrzej Ressel Date: Tue, 7 Mar 2017 18:28:47 +0100 Subject: [PATCH 18/18] Postgres: Fix typo (#444) --- templates/postgres/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/postgres/README.md b/templates/postgres/README.md index d37c09f..7a15cf1 100644 --- a/templates/postgres/README.md +++ b/templates/postgres/README.md @@ -4,4 +4,4 @@ ## Info * Easy setup with all needed data: `database_name`, `user`, `password` -* Load Balancer used to forroward Postgress port for the external services. +* Load Balancer used to forward Postgres port for the external services.