From eda31029b14e016584a451620245b74f247c00b0 Mon Sep 17 00:00:00 2001
From: Vincent Mazenod <vmazenod@gmail.com>
Date: Tue, 8 Jan 2019 15:24:19 +0100
Subject: [PATCH] ansible+vault
---
content/slides/cri/devops.html | 4 +-
content/slides/cri/images/vault-ci.png | Bin 0 -> 31629 bytes
content/slides/cri/md/ansible.md | 125 ++++++++++++-----
content/slides/cri/md/vault.md | 179 ++++++++++++++++++-------
4 files changed, 222 insertions(+), 86 deletions(-)
create mode 100644 content/slides/cri/images/vault-ci.png
diff --git a/content/slides/cri/devops.html b/content/slides/cri/devops.html
index 044631e..2d8e4c0 100644
--- a/content/slides/cri/devops.html
+++ b/content/slides/cri/devops.html
@@ -66,7 +66,7 @@
</section>
</div>
<div class="slides">
- <section data-markdown="md/stack.md"
+ <section data-markdown="md/terraform.md"
data-separator="^\n\n\n"
data-separator-vertical="^\n\n"
data-separator-notes="^Note:"
@@ -74,7 +74,7 @@
</section>
</div>
<div class="slides">
- <section data-markdown="md/terraform.md"
+ <section data-markdown="md/stack.md"
data-separator="^\n\n\n"
data-separator-vertical="^\n\n"
data-separator-notes="^Note:"
diff --git a/content/slides/cri/images/vault-ci.png b/content/slides/cri/images/vault-ci.png
new file mode 100644
index 0000000000000000000000000000000000000000..f6a6b57843d336a06d0d33368dce11de47059041
GIT binary patch
literal 31629
zcmdSAWl&sQ^REptf`{Oq;O?#o?iwsOgS!t-Ah-s12oAyBT?Th|cX#LP<bLk_pHp?t
zhxgliRuwQz?U^mB*Xr);*BvM)BZ>%z0|x~Kg(xm2qyPo=8W#!*`o-Hfz&jqaP$$5j
zS9Sv8U)}=4?X7+Q6x0VOaiPy&oRSX~JyoL}nx9XNV40%_@IpT8w&IOgg=hxF>yQ~{
zSVU4fN!*nw%>QaIHR9eoiWo|*beuGu9HLTBIKrt4REM4S<)@-iDMYt>$u7vAuGEGI
zGbYc;fWxfg{=DM<Ga&Cl&W*RYpKhy}|N8!%VC=qrn>USc+L<Ty7$ri|_F_lAP}$5V
z_al)-R&6a-(x9XGwDJc1>Zs^AtmXq|EF@u=%QgOznQ#poLb9aBkLxPKL~KY1I?~o6
zPPZBN-X!5kls-tj9H_2Y(0+<^b!IW*=*J+}W5p@EQ7?-RHNxQ-PjIn<o7$XL!y4ad
z&-g-+94|AGh%6SC7s||P#gwog`L@_<eaPUcX`Di;Pk%9bq@FFXP@Ua(qyp9COe;By
zJXAN(1e&lh@!KYmhv#KWZY2zPx#NnN{*Y}HlLgXlOov*n3#`p$uTr7WR=jXL#&)^B
zy<}N(VVVoQ<YQcgySS7jV$$LB_gfU{Av9W9owYf+SPShT<MrG5ltAXNFY_;AWnm%u
zEUQ+CIj7GAL)YM+M8UJ5)ON;m_bF*uKI-D6h1+W;TJl&{^=-SH?IIFUe&Nl=mJ`$V
zS<h=BuI{b{e)?@KY9d?K+S>aCU4?be*1pnhRo2C@Ssk(uS-W<ET@CyOJHg6JGpE#k
zlla`Fdmcxw+=<`{&)%X-M9HPqr&^Vr`#Ex&rpJ<p?H}Ye^f$N#M+L}^(N*H$vXKXx
z<42-;ag6S7Isyaeh0=G>lHS^D!Cm0gm~GNdW=o^HAKEKgC$Lrv+Rq_p*yn!F(UH%l
zZU<wJyRx3`o3_vly6vyLy}c8Yubp_zXG*=+A>r(9j$jVFoBMlILc;Kx8gSHAc6PS;
zLhWh!c|F$imDO{%ATqDL8so3)#$M+9G{wnZQ+x=i<=-H0T(oO<Nzb?(_P#W{#@yX&
ze!Q9=lKCuD{BA1%i%80h(jM>SkcTxK8CCZi$}WxtYcDRn0_>1BpSi<r3@B(Cw!$2V
zGrKbzh>+Z~m=g!RKhgKlURrnAwc^f0=<jXT5!h;21nln=rXmvwMQwdf+vAe`NAaZ3
z_Rz6%qz#@>B~P@Yr0k6*N0Ca%4FnmVY<h*N?r5<Y5(NTFwKtwE&aKx#(gWhMy8BtA
zA(juR!EB{W_gK|8uM(+kf&v11Ci}jP;&rb)J*vA4i>Xp{XKI&Lys|{h=T$!K(&qd`
zf$Rf~#fY<NEd2VN99Rj;y@ST-$>m4T4}UDTAv<Z{|A8+avHfui&N%_S+1>D@OamSJ
zX&VYQ&+&GtKjyt#T08~IMpvzq70nB$GewcR!|>rh85)vJYl1Z^4)Ksgx%Fq6`1xD<
z!&WWAb6R%o_)5%$LF1n?4i8m~U!9mv?+_6YX?~e%*FO^!MMd8W4+NnZW=ATSkb3+?
z2YXPRPYX&(aVST5Nr)ot=DRWo4G=$!?OS0|CiaT2>SqsZ!5T7gcBl2V(<o>UcD%3g
zo)PIl;yn_$+Ss-m&<q@x7jnFlU~9;X$8<H+PsuG0cu3Yr4&4inJ=w8?OKA%{k59Oy
zpp@kavK!N1%b>+tjNv%5%L_?>MDGOOypAW1Z_;B76Wu<UU|ua$OC4djJ5#lxtE&se
z#Vr#NdgnIVqK$k6^4-{~Z&M7+WJtQGL`3^aR_10YmFd4Ba)`631BVD%n){fNDgk$H
z+sn!tq=RT=f5y|zcZVj+`$c>$`juYc8>--PammF`=?+ZPhItbdL`1el%wfsh8>OOR
z3Fp)UvSGwow%nA%7F}-3RAjF{S)?PgHDAKveuwB5+w0+Rh3WFUME8KTSNXS9#XOwe
zL3c|?AhoZEc8_3UU1gdGHQ%e}@az8Kl_eDobtGHxpge7lXK`mK8NOv5e@PW@1I7}$
z#>BH0ROfxKUZjkK&-H2o1I`}-du*ezP3ObMk6z=svg{#x$qc$L7V90jjlO`~L&ByS
zz{mZ_Yl~@t>xT!f1uHKyaotP931y$JidcWm{JsZDDY70}?e;eiMk-#ihYpy?S|`Se
zjL=$msd&8ILboj?ychxmGThaU?Q$Z{hzj!VYV!MN^g;%jj|LWSvPDI&o~`xB=s`yV
z%)-o3lR?jAG^sB3FLhcsthz8zhP|Dc#f*~+K`)1S%F;)nQ9&x^M!mBsIEPZs7Wh*t
ziemGP(YabBouCs44#8(VDN@WwV-xJb_O2-BlhJIRD1t6C5OlbIW3-8s+1N<mMt%Nj
zT*rphn(7r%j={?}s8b_eLegq&Yn}0Sa0!TqIIw9kz4equ_$Xg{<~YYy=XU}e&T#m|
z!a%(^)Vn3k5_1LTYOV-UQ*s$=7z|b-FB}J>F;GxYK%SA>uCS?^-I3%|^128HCy(@J
zQ=W@z*U6ZzS-GCQ<aQqY3nu#?I1<&UyBQ0gWu1rzdm6Ww^p{Zk^E!pBH&{Ht&+&7R
z%I5G>5uB>+T-wYr{q$#IdfVYcL3&E9R`=(A^@mtrdRovOVTuz1nRkcZSx0F#CHvLU
zVv;QXBU)a{i^T;rM=PsiGGAdr!ZbsW`{krcbZl(3xE5xnbWrFw=N*t#iBssrHPXlf
zlqjnEaZ)=-aQ<2Mtp4oGwrG~ZHZWO+-2MLQ@PI`qE7TaD5%8p$thmBLLnH3Rpr+@i
z`{?Lss48M?a_K~$l9FTLF6%lCeSQ6vQ>QuNuJb*>d^#?Us?QErTh8NJ4s?c}I`B#g
z+xqQMo9+<xH{ux=Fx&)_t{nJqW&ykTXQ*VacKAm{M6`jI-Tfi!y60PiA^6<YldnbN
z`n$FUleim4oE|TyQBlX|LJ`!D{Z{6&o@XpVtj>Fia`iHSeGff1U;>6bQekF+6PMp(
zyS+h4JA!J8`Etmp$LuJXG8KIubL=WyT}AHs_X)?g9v&WQ&xg2gZ`Q-1IUEnLu(7d2
za9H=eiKSZZ_NW~XW=2<iMZQH4i)vlG9VqY(3I#r;k}O9?>*~KcNLQ`bId*V0t^#dG
z1JAUaKDIc(nVEg7S=FHM&)3tncXZg)X&lT|!9#^ZI{XPe#N_1ODHos@Oa`^I@XM)(
z*mK}<;DyPkWuoZx{P?(F+fSP^1{ReolNS=&fYV2+9>2VTW<<rCOE~^jagPaDR>T#P
ze$Tsy$H(5Gp`7}9oV-ProXX0|^tZFKjZID1ye=&6cNe<{U*;w+Q&PSK{AcuRmd~1#
zkdfJ*53++DskUoxx01xAqz=w}MMio=fUo^Cc8T2F-2;PzGb=06{5#r!yUxqYTiNK1
znwXfd7emt0(y~8Z!mpT>8cyXc`&#ts^=k*QWtA7`fKB`}vLs>Q;OcYW+*IC6XZ~IX
ze?|mb`tP~<&!~j`bNrr@v$M_FM(>b}pwPxI+p`Vv#>THLTv10=L}M|U2fXrG)MG7B
z!2NQ0d3i<0#MoTyj1I{N1IMmzZVKz@=oHNF1Hp*qY}XR1a6QrA??ie3er(nxAi&<F
zej0Fu_7+8{BAQ?CJbBJ~2yeolZ%_$jA?D~F9;|rJcNELDL%i!;9?2!)?1RG<^!}Xu
zZoY)HH<4Cc6oP-R-b}hcl+AKpS<LyiCOXcupZ`g|Z>6n?zD{v?TKn{F-}#^iY`dY)
zUVnYy#Y+{rJ8qR-vnrrMNP0<b6`^HIypAEe-W$Mdbf*1vQ1Lj8h~yOIiGlRz>P?`x
zAX+j9qB9I<Ytcph#=yT%QE0<$NZov)@s=<v_gL@3m>URG*iV*RU2%u9bG8_4^hoZn
z2|u#e#H&?wGg#|b@4MLJuVp){nR6<5uCS1YbIisZciOcHtiMh+>NF@J>^wV1z30#k
z*S|4v{P@p01AY&3Ta}%rfX^ssANi*WXPt-Y9`D0X)`AJy8lP6aHx<#dVYv0?ib5Uh
zcwG6vI@;g#-FBk9U5?+KAIbA8;qTkZu6&7x#~J#O<Od;1*V%f5<(d@l8QL-bCHE2x
zmJ_*I9D*f>V&oIXb<WErc4p5GAwR-}{{7v14iv+UuvNy3Cl}=B`!UNiNg3Pr&GbZE
z*x(@jyWxz0+I+fzZ4Pd&XP+uU!mX9SaVKy~gqE(CR5D-c{hjxAD}j~^XSgi#mo-ML
zozZ)YR1J<qish+Coc|c1kWhW%dGYMc3<z9F^{s6r)Sn>8)IEH$VI2Qwy|<>bC?^t@
zB^=Q&&uc$22>)DX^70XAIAZ+fie-(GQ)<g<$w0|tJR*3}HGXGyTu3bZhy@#M_EE&;
zie<DSF2N8+GL-@}or;RbX@m2<1p0VS5%0ks243qaavdsJAM)JX-#*}JGh#qOQV7$W
zsu+F1*;5>evqE9g(rYOBnUr9e;Nobtt9Lz@F>mDWzBgTZ9%hcmx`&}${1E?q-(m$_
zd%XnBb0LR@j;@rIV`+4K^d9OBa&rQo`-A#2==q}*q4T$8H-+9@`rPx~eO|1y?_y-+
zNLkO)P}y0zkHJy#ST#5DsUat8N!L#UvRZrtkYjv37oR%1k<f+9Wq!+YLr~KX8(8Tn
zbDok?vDl{ff+Y{(H@%AY9FgE3FNTW{o(&1j_&HxMVR$_Bedn2(A9U?4IXz3Q-{&Ex
zxP9{z1{IU9J-T^rLjB*TzR^gG%YR>3oBn5qW;BpMXmUxo^?WWN4-7OCVZy+OJuUIX
zZwa7lV19@TKlAqmGo6MJTyQvhYbMM-JQyXoT_9R7^m-9P#WX%oz#TPRgL$6Lbbon8
ziBfUch+9<{ym4h{YVz7sOt$vg-hbcxX2%^Kd|{dM!}#r1F~v)3?~AmeEq;uRlhf%V
z#~!J_*R?l#@S`zXl3#y+%9{+*4EQa>m%rC>2)4<?MJ{my2V?o<;#CmNz(ro$!%b3&
z6D4Obt>{x%{dL&c_rOcVY%BeqTJ^X4OFQLDUiMaW8ob{zS4<3$q)W`07VGZ>FzvUC
zpFMsYC3u1?w)iP;>@iz<xjRo)JbGHR@5mPaE;yAcLs7P;$Kz+yv%7}l=IzUA@W~)M
z`onpesF>`qneEg4@oF%=#MjwPn=?MX>U0jEwXK*yZ{vBwq4GYelFgSEyRf+5P9!
zmFNhm1g6NWzzC^E>bKe<7bmYdx~8>NSOOOoM-acEl9F3jF(qwb30P)ewgP+9C?7k4
z%IoE1^M#Bzas5&g->=ILLP<QhN^!q%-;$JM+<yCek<;IPU*w+3dhZ}_XBmjDy!;7z
z;)vt14aPO8a)0X3<vptZ%Hd)tBj})L-)7lT>uyjhEZJ^Ngy`t)tHyW^&L830beSuc
z_V33L?AepIHhOUrZqC9JmZn1%Exo-Zt{NNt2#XK>a_@_1o;t)_kYTe#4N1xQ2G>pr
zJzfwnM`=6%@NB7FhP?>YUu)%UY=ns44XZ?WTsaSa_PBS#xNRnLx%`Hzo%ROd;=p0O
z>xu;M$3GGiar*lD^78ZRtU)L!(5?Ob!L6;I0Ebc&R`*{H#q`R`)5+<>>Z%tM9`D!Q
zV$EmMVr*o7JZXioL(Iu^2)oZJn4_1PL!viue8u9Y(eWogevU{&(aD_g`{q{|xO}UZ
z4*os#oL%Aw7YO^GhwHH($swl|>$8QA6TN|`Bbh4fJl{T=k~}|x*y)S7rFsJu?T=?)
zc90JIdc%Cpd;Y<%%5#0)ThYm7;VleO`L-B)V-vIryUPWuE{9xi8|p|?t}piyZtulv
zeL_Hh#vpJ{JENH}iw!lk#{K~TEWf=Z@ZMWkSQ91JMKj?n>V_HD3^5gZO=oB4^I*oQ
z1lE20=DWQl!{IInvfkD}!yIYZ&=!}L*D9Ia;ny%o%bIVR!D%lnY9Re{Jf%A~H+P)^
zM~ckd)ui^@h~kVtXk_ZQ_tbEp+j`1(Eef!As2}dFI`S4g<w>2}MPy6zjgI!`uvsH{
zJ|(oWIm=4=^$Y$e%Ql8<NECkj<`McOuZz<vr%h1Q<cbAh5Aqk4_y77)ld0Fiq0i_1
z>o+&+C0N{7$_Rdz7kdVVqZzOGo*%TO;u-RYZ4X}MGG0`UoF}0sbF6tCksW{$HX!4f
zBZlLDEp)I!r>qQoOt4+pZ(IYTR|8Y6u8>0i?cU>7@Ms?hRsS<KGMsq`f`Wr7si-m<
z8<Q1tW#ly%8JX>ynwoZ(nz%hYJbe88#&Tr|5#9*;U$~QwgpvJwiZN2R`@<Tyr`zp=
z`I>Mbj0H;|O-@cm$HggXY022wFaqgNrswk$0s&7vu4QeyqV1j-6&nz2{24t;$0O;2
z=8N@J9U=_XQ@i82vkhQ+UtizO?rz6hM4vC_X#aU65e0L_nhi5mW-3vj&!0c57AXVt
zqEwXz3YZcJNl6<HJRn?mG!6sK?RK;3FC;8%GjCDjV7!bk-t{+Tt22E(PkT03FlNC*
z03z34vnW1);>*4t9|bAs=nUtpEu45#kp?i%&dzp#8(&>r#h<eht!u78efRHmn6=3}
zHlMyQ12@dmtN{V|Y_)}Yhnc6RCxO$7m$I}{^{hG1N$X1hqtvMJ6<zj{r^zWOjIBO8
zzWPt-w-KZ)UmA1CDV%&iIw37T<Wi0Cg~e`C*LK<{;@EsEnmMiTvJTJk+6h0wRnlE^
zu&!nzE+AR^HL2%4d|HhfZ9&l*dfD#v@yTdgH8tDOVnf_<%QHb9{;1P1@3jt7!dLgE
zUj4OH*Q4E&#f+BcC)cObaL-ET1uNuZ-Tox{^LB4-Ch(DlN8QS6Ee|_*PyPpsq-zJh
zKa-;2?em#fY-w&lFp@bXe{^&}!*fe;bhVNs17@+m{h?wWvy|s!B8*~iB5!JG<B=0U
z{xWjMC`evQ9vO`M{5<%K&6t)v)g19aN`inhA%!IOBe65!E`D@0L`F>Ss@>i;#bU%#
zjwSP0TJI|Ia_2lVKts%6NdhAqlg+MM+GCDL;hKg0u_*o`yQI9TE+dXOI64}UV~$r#
zbZbdLTgC2(_L6iA9ghsOcQ|8J7gMTkNowADxPbkvxYcxuElN*)gh`Wd2e0fgsw~`8
z9X8D-lfu=NF6fV=6%HgS8E~POQe>#$1shTIoGB`QB>c6Bd_@biqQtdu?JZwSMd#!5
zmw24=!qU=+O5|bIE9cj$=WFnd4>pYWWe#C~@|m~~Q_8(zg~@gzIvf=hJ>-5qs&<Fa
zV7`1ac*aDk+2llN^~p&Aa(ctdy~#qYChym$Y$xFcM?sTS5M?P{oq~)nrL45UpeM4R
zvGE?>{XwT>NM2=kh0`F;RH3Sjtpb`KFQrscypU;T`z~pfdQ-BqB2nIei=T<zSQ7pw
z5s^YPTU7q}I3?Rx*h~N93H`{(ioDj|yA6`a@w3+VL6dS~a}W6gGW-ZfMKn^0gJ(4C
z7)j{;WtTL`oH3iXpPp=UhBVsmB;eT!_+!-i6H+RF;DOa4`#lTlJNu?XP1(&t_3=TO
zG4aP9vHV4@!Tc>(JQYXGrRQA`=Z(7IMC?QAP;^X8_6IyPw26a>-Mu~2U%!6gXsIYE
zu{NkXI5}|ui}NtTFc_!BzhC}TjjDhNS<ZP0BL=TWLwIj_{yE9x&oZF<tWg-+hp)E5
z;{3usG9@OQkt}T0p{hG5nT4%kUA5GSCI@&`GipQvvVJu>Iw~Xzd52=!sZ;qL1y$3P
zh6v5h%$tL~f^EJttLr?VXklRPz>bgyAxEyAm?$71>?55Go8(lXuB8(r<+&n7?SNw@
zYLr?m9=!9eIUiUjJK(L~2v&RVM^@VKjDs&@@KQous?cvk!`h?MhUN~49J6vFA)oZj
zMXc2W2@b=FsbdP;d8Tp<*I`3R=axg~(LPHVlg^gpM5)v!OwhnQWoDj&Yup>d1|A##
zvtY&IK&{4Q%rv&|zFQG?WbM+QH$VhAZ!F2Up|6|SZ-+bYvA8}&0`|K-l>78m-G}E6
zyM)h%Ul2w}kI<Gdoc|g#ame=SWHh<0ikQsm7R7AePeS>?BkEbIG3oP5B5bsKVhoRo
z3+O7nYwiK*-|ty=@on(sw78xyttp+{;_|OIuSQg5vPF6H53v<G;B#32Ts10~bQy96
za_jC;+}T<iVqmZQqN2j?>|VX4S6RbG$)<cvY^MmVglVoS{CSJ)s_Ohi<e%B{;{E7#
z(uc3lTFk~((c8z)#N*+lSvD;0c!%_`PR`6l7T7r=Fg8|_{OjwepZyteq*zE8G3Anw
z%$;Fk(&dy7V{|7r=#+kli1+$zKH*Us%UUtL<WM*ZyNywNAQ2C`n?kQ+5et;V!2R(B
zGX~LnqbRhOM_y$@(DG46kysYc6)Clp%z?~b-s9i~_gav8h`eWP6A4MrOkg4=D1Zo=
z7xEJ*;xXrT>ay230MpRq+g!Z0puQ)$fuqBM-FDcGSbJ@;-SHiRjP{<_Q|p>2n4kuv
zPbiu56dgnAXjpW^TaZfNb>BqpyphntmM9Kdxq7~3CUh?i4Cix7g@tbQVt01iqs9w;
z;4B#P7|v)|)E~Hgoqx&N5DAXwyL|2VhNm+F-Kuntecb7%=Lso<+Ie4`z_aYz4?^DI
zed<&r<t%J4ZgG(H!AzN7+OP`60}#J*+N`}wVz=7*j?A~x8Hnn3y$D9!=V6<|?&>BM
z4byN8+4I)8O7Ro}DaN?=&>AnBX8yAQ5!ut6zFa)$=`(TqX=i8@VHHIBF~?G4b(Lo9
z9KaTHUUF-w#Mb6A#4Q!JmKonJE|D_cL*63@k%V<6rVaTiPY8srqWIW_=!y1gOV%t5
zg;r4bZ&Fuq8V2jy?~pdZqU@dpiD^d%aeL6g8+FT7+Ec1sE(dW;SLo+|k5_|Fh}kjR
z%wU#e`eLrxp3(R=XF$@h+~j4j!ahW`p;x;u0C9?vWH>31)`*hwQX8l0f18i2{d{T~
zWxTEa@Tb;xeheKPPQSLx+|cxphc>x4qD#G+k1wq~%M+_$4hO!T@<fRuZ5H2q_WsHh
zRXja1<uk9G$>jVH((K-`GtZ92d~!Q)b!PCKcHWQ+VWhF8Kuz_C6^DLperI;rQat>8
z1M`G&f>ogW-~&tSZ##|rl;V1aOV7CUneB-YbNzAnykU2})@%cd>~Wgq$h6}a!PL|g
z$HUT6)Z}|xs}C$HAj`F`TFWUbivR>CFg)DKQ80dJCZ_(>we}07<u=Fi3rL&n(FMCd
zmi2slI%)_06Z*27-9!1kd7w&z2!Nk<%e@07Lx>D^-#C5=AscdwFTA{s*E4#jbj_n&
z>HN|cB}z@}+Mv|HoJXFLGHaUz6=l3`ymg^&SDz4fXyNX5DLs(HuY}ay9a_<Fe!fUs
zRu>KxCYz=4Dm-zZ9K9l7q>ux}M43XInkkT3oq_55G*hVR9)H%?_o~U*-$(U2vFeit
zoZv5W2Qo3s>DoiP%>B9&I^*|;u>!?BLI>dBF_;I`Yu;pb&G4OaF<oQa)hF6n<<mzL
zcXh1R5avG5UzSMwEb{s*wP1@vu{3Ofdz*<CphpqlIqe2`j49mJ2A7fAv%YQJarVXC
z<2mu&v(_x1?UNaKBXdK))IPG)!$BJ?D(bs`ak?Pm7>8AR+56f4DpPA+K4dV|_&`ca
zOS6P!`f@2EAV3VJtds10#RcV*5qDtl%z&Q&_33%WK0(fzxGa6=x|1K{_f!+x6ccwO
zbjD1^=_>m)X8+pAJ_+P*W!gq3%7u+=qxC$V?qqIuc3uaXl!w{#K;zxLb~m_F@~Jsn
z@4@N{X}#Gsp~6%Fg)|pG9>rHEZ7Gj8ltd~lcJ5xiZaHr!t$!VT8}-iaE$R%&e)@KM
z@IuL=t)Tbv5UqsRj^Fd&z@tjFn-}tH*KyztGxW!{c>3MrhO(}>O9U`~ziUf?<s8e0
z_^tlLI8-awL-?Be2Tbi8T&qTuxc=7@GWmS2-!Xxm*AEew!{foJ1I+|rhQKxq*cD`c
zzCrxHd%T>x50QPrdX~|0ZxWsm?~Bd15TorMqk3k9E|>MYzs>5O_1}lru~9~rDz^Md
zS(i(AHA+pHonj=VA(h4mtwMR&pmukFG_?^er?`+1aW|Y7ZE9=N28;W$U{&si;1VP1
zYPI86<{Tpb3w#2-?IPXoR*`X0stTvAKt$T`MtjVNW?N>6`6)@IYJ_=nN*k6`-l7bJ
zBL*GCMjJT>qo+Gs37K)>@915l00C=I7vX5RWm3h*$5)T%?lrgM%2fSmD7yAT%uAoM
zPgvhjGEu^mzd&7f;Jw_zHEcVd{{F>>r*p-Q;Q9sdf6iHjM)Sr{g$TQrM57#02T$XZ
zI34<RxXI!hKg{0c<(BlB9czxEh9vuN0$wa`M;fSvgai%nqQhXd9S7dw4}*SyN7Hfp
z)$k@h<qY38vhK4bzIktP-E7^^|ML&uCS`t~f)#$5u9BerR{nf#56;i>j7?t=n=$If
z*mXPte~KeR0b?@EPpb4CHzz@VC0c6yp}vG0OHQB0m`ZV%uB5*1x_4S`WP78AEiO7;
z=#({)H~mvtksjpDS%6;K%-aKLI(8JoCobyg?bWcr{Qc^HhXsvfCl2LgN#(C^W+CPS
zTxNTAX7jAKhr+{pT5d?=3bCcEj<A{Y79_dALlm3V1E659Zuk$TZI$>mJW;VtM}@jG
zGKqg{0aE9KZkv^=aBJR4=wq3??W4233GdL@?c}h>>+rash&XO;_Z%ww@o@6tMMz9E
zo=;nNNIE^kf#`UE+jWhUXZsh|REaP^@2P!MSo38xxii*EJ2%UL`NFV%#1L{s&#_|J
zU=yZX5F_Z11YPCZ{!!46h0}@wOH52`<zjanF%yeiD*jWA<>C<bq$*)%=H=1i{n>Y?
zYoj$M?)#<sk+2EA8Ay1p=lv9p((g>Ij^>IaGGnSdk0LCqw!S=rJN$As#%CDI<7iG{
z3u`SyXVlL;88%QgW4pq|H!zzLSM_dUzcy64-G5l$`7F93$lkXwg*mh;G)$GeWcB+-
ztRE&DMEvRwZ$TbDkSn(qQ)*zxIyNUKN)hGz<XU)dnU_(H1=M$FPcse_`3hBD=7{bj
zFPyKlM;am-MuU3hS9r0-Qbc5&8ROIEzw@^`Dy;jchdIfU1EyG>vM@Lh#rI>+h?=MU
zp?VY_XepPwI5(#4nt_yRB=5|GDm}c8yJsKvv5*1RBk3*PvJeTWSE4fO;Op@GBB(3(
z5caV=UVaPg7&7=rLgxrqOF|d%(-%kg+DmISG;Su?<Ig*tAO;jXwrE1XszF8V<E5tC
zi*Z?K3R>Fif8aq@=x>$1JtI6^wxSF`5!65;J5N#)JWAFj(#mten4{7tvgZn8?C~u#
zu=!egwJiPc8S&X+b8}N=sxO{M1toV}e7PAQ6No4##Dl!afTZKAIq;}>{S{?*&pvHm
z6-W&ENJ&XQ9g1~}N0F`W@4Lz~YS3W<x($%#UWuJH0_w*&LsLVMo9oT-!zMlVOvN(;
zgxc(cX;G-e<0UqyAwtb-?WemRMd=a0#hgFGRtbmCjRW|O-w}%w4*{Fi(!fj^NL|y~
zzD~n@sj;pDK6F~!lb6v!60<5B*V_v80IFeZ9we?w{j-5-%An*U%aCN3*4eRnJPf%Q
z&U15-|DK(Q>h0}qND6qV7eeTXFmXhY0%%)#@|koT?H2_l&3ce9e0(kAS6H038^YnO
zjbHPAOQ>U;K1?RF+z3{VWf;V<BVj|LznMnXqmRG;x@{f63oxMw!u^r?AAbD&`Jqsm
z8p!v7T>WP?)~+>&H3wcwxd?G9kp0(g#;S8=ABX+fIK(gkF)4E}<+sML@s;uaMG0xW
z%lgnrvYYHG7VP-%!~yV+03DZJM2YeBYtm@&0GcNdqv!xaRWgrrdBylUl)7KQtM~LJ
zQzb)Lzj2lUrmHO4ZV=bC_O}9`Mho>BH97BbrSEa!gt0$7LIQAyp(Jw+0TML*699++
zYvXXaFgD5sWbMh5voj(FhSJGHhZ6LN;sd?oKq5`~ZFF4C*ZPGXNlmODg~G6g7cmG;
z`}!#<=`tm>UjUmS`R`AWkYxS7l-)7=5_I75=D6|;RfIoJkzGyAB(SXOzPU-|Wd5*M
z7~3`9yAUaAlK}4~i1m&=;?$8Js?V`mdTZ!?pC;We)5a6TN@mkFp^O(zICqr&{d(h9
zFZwiAP>r{bPS*nwE?)Fe&P4ZCKN@iK7qpW5G~`Ny;;o<)3fRl0cQd;C<61q4vG{GU
zKJww81^>3qKcmjnL8h$Cl)nL9L)9<TRKb|X-;UhGWd5Tm4>II-ZLYyr8ry1}9rT8n
zhP75Ai1Hk}wPPJ-MNx5R=}^tw#TDMGV*M?&hAXoZalbFG<$D`1Ry6Zjp{;rK(t$AI
zSD0P*!TE65!yTx!PLtnC2v^X>Hu3_6?ry&oe6vVU(>JeR<d*69`B(Y+I>y;0qJlky
zL-@ji7V|{H@hFSN8m(ge%?kXx_oCu$xM&CTMn2iq61$s5ncDogTHgk1LLLjQ6<2)T
z1xGE;2cP1zg$Bx3J^Dz|7(MrM&#J!{Jsd!!cN09gs9-I2y3@s7QMtBz3r3#l$2B0W
zeVdhCpZ5pb0l#{xj^Nbs%R*?W$0-8ck|F-La$7XHIV8cDo-vbIF=^wk2V<TdXl|Sj
zv-@7(a8lY#t<b3VmQ=G_ZuoXhwmXg$>s1?Bd@Pv>EO_IVm)@=Lo$cpe5!6I&8x7a}
z<>~pacC{@ZkI<Tw;`E$8-~P#y_az?d2^dCZk$Hd>4*r_gYR(z;6g*1p7IIyGjoEZ^
z%Dp^atY@_~Z%%zIy3lz#^I%Fbd&QR2M}LL*FLVshaOKLK*#QxcZ3&7jIbMlMXK7a?
zmE7o+-6$w(h=gjRd2Q>vc$N8SVbFNUX>7HFh29p;FK0WlWEspX3SAb^8c*Hae*3eT
z{j;_(?cKNS_xr!qHk2tHZXL#$=x?Hzw$#QyzJ498lwx9l%NFu!+LCE$sr~4&3+<R*
z2do7>q<o1YHo<^<u-G}T=8T4hso3aA&wU+RC6{wSJn~|w(PHC}KE1H;m63Di6rab<
z1PA4erc~XQQt-c1z%uG=#`ZNsEOE8Jns$D+f%JQd606hg&D#Dnazl|Np5Dsa$jA?7
zk_2id^Z93IZS)L5;t^NM21l5e4B=5-Ifv>!GitB-JXGI=klVK2(p{6<J_t!L)s$`?
zE`FJGTHRa^?mAMLUjjpA`W=!nTfw_#<}j}DRMh>oz+&O)n7BC4<yr9njiUc4fcOtp
zE`F;rV>tmlp_JU59KZ5%CR5W&WxoJ1GXTJ&U||KssqFK8-T5zF`tcCRn(`Haj0=eP
z0RHOw&t}5md`4nmVBq89Q~9guzZ8nSEJQuvRK+~3tgLq@K&@RwJ^0u|J`?S~Hl2w7
znx!$a|G~*9fX>ePUsC+36Av0Drs9_`Le9>dxiTpk_4W0FcUM<eIj+}7H@CMaI5-k%
zeC`Zb2>4^yF`xbiDet}qs@>E9C~tRlI1d2;HaDq10LA+H`zh(^b8BnkEf?!YTRc7A
zAQKD#;r$3Drvu4<K=5zx@(a8(^0C@-aZZ;QOMM^k#s>h;ZEqLQ1A)qB%~Mho8Wet)
zH~ce-O&c5!^`?t8rNdsoeyv;e6(}HR*DHfsvFD<srR@Te)vsUY(m9n?RL)oZ3E!im
zcUjadPNlnp|F<(<4tqXTh^LS0Fff=-<Qa;-`&y(7I7UG~gmmC?E#|9NPo20J)O-5-
zGl6>t{3zJC1z)&9{$INjgW>2KV%O3+v;-#!^SIqG0My*f>G1e?_$4yW$gli9wxm!P
z0w*X>&u6y&+$z4?4O9sU39iQFf1E2|y&9ubaMk5}xdC?kiS?9yYQt0BL59U#Qb%_*
zXDNfpwp&qEd~qFz1VHj-m0wc8c^!NAKH|LK=Z2N%>N#71L6uS?5!>SvJ|EYNV^?>R
z>-E{=_43OqVw~f;Z2~DW#ex#{1gQnPVP5=Z^^5Ce&tZN5fwP6*AFlG6JD(e9sh&t~
z4W;zcV>Y(-TUo9i`?pw}HxG&ap414*9}LE?dexJh#cXq!S-BDu_J`dlxRPUqE`GYI
z#d|v5zlbFlI@d9kuYjP&PU8=Y8wy=~!ST(~>1{&5VadDYC*F#(TN*%)inUMOe}hQm
z;;6g`!^<wLt|%^3ABQsf9Se;&(I@|0yq|Y}9K>9wv_Ze!wu2%iP2GyPkw!j!w=56T
z%my}t`P7G>boQi-OfQTvw$iQ#1A169n5;;H$KaDV*U9)TQ1V?9lb)2N?#5Jxn`)pq
z%EiQIzhy42JLm(D+<|o);N?V`ZMsZ3OJR?(>aY!)%I$9!hEh)X4VG}zY%a>zJlZ1j
zTXZ%tEtDqA_MI%&0ThnMWuLct`8(wLHKIDK&twC^2Ui-H7TE$u3Xt?kk<nk2Pd5fy
zPK+_veEh8us7gSwi=4ySTNpmia8~-})_y|FaTN9KKarU&te!;-fT=i*UimR|2fOKs
z1+Y#NSZ_zwSHH{5j~vXOt(>e48R-pHYjR;NP$|**+=%!9N@&n?I4na~#By4qrtKUo
zFspIFj_PQ8#~O@YU>05!kM4`Y{yJaL*<OaKD?M;Pv(Xzp*yz1kAGyKY_W_ONh4|?D
z8ujSzWb&!@4RjjGa!?_^Zm3b)-kpa^h07&QBxnF}+8Gbm$<PtUC{9y&V@~=1ZJ_R%
zRm&CtL??BxY|7ZQhI@!0yosZT=&a<kYPVP*45r57Fy)A-ZbL90JO-{R7kB8O|GF4L
z^TShU8;a0$7v&tN^M?^B5m{mYymnw0f%Ku48#>1WqE0yqD!zM;xIEQx<JSO-DK4#~
z_j7U#A=tdJJGaQEonyj<;m$Fy`qk2rOSbd#DLEi?+f}nD@wh2W@dAMXVPqF>CTf{)
z!C4Hh;;;52iHFcAg*Orn--do{WbmJ;<O!m}&k{u>q3VYFWNeRiTen-dDDOkek1pH!
z7rPHn6@EE`gJ;aa34{y(gWXX9?9Mh@Vi=|JHb(6wEFmwBCwu%H2Oti4EHy9q6|n!_
zD0XcTuxK6qgppq8oE(B`tIqhkTVi^La{Zaimy-tEx9}a0xI@N4Bsa_2`u%I%j0BG%
zDrt|1C7!lF;6Mx=N6(zWsRV*zf*Qz#gV<6tc;A5K_YlzwEmw9AB!SmtgvWLQtslq$
zemL;lmH;ymw0K;4QpbO?$_HZ!q5$(gzArdxnQ%gPd+L5>IKG~rRnaBkU_t}E4z+FM
zfkDDEzL_<xO0`>BKP@#GCzDCz8wB7l^bCOG0i_hw?gQ)O>dJ0nRrQtI&3|ugP0zCF
za;hI*p(%Vo`t=vhQeE`d2}v{TC;k`L%{uFnIe+r9xYpDkpPV+4%58Dnmk$QWsF!<A
zZdM(9*~n*ixlh8=26o~}-V4HuOSYUrj?fFWWz!jBDWe33sqPX26BvEHVw}x;Ot|=m
z6dO}#$1&v5D&nWNAl8ofX95UMWdrJb*q}Q_n!eF`4I%|<4zfVCDB@NuVe?vC&;Xht
zxsXn`fY6$Gq+Tm8LoCGy(=(~}nY239sO$!0HhvNUAP{3+QRlE25!p-tqdkkFVJGM^
zJ|OfG0ty0cMROc%0Ww`gUCqe!WHKOk25P(vAtSC`tOaC}LpP_9_AG;z?cseb{n2&D
zkONTfL|S=y=TISfi_zpbv31KeNjT5>v<R~a!om~3=T;^%+vzCGF!M(!juWzQS$E&e
z2!11_xnni^nxqiUmJe0UhAL-B<GIbPL*M*WE7uT}9}RJkFOZuzoJg&Bd)MhP-koJ`
zJG*zC4+OESTXra+gyC~fo!HrRiR5YGo&pmE<hKdPd^g`v$z@I!!ON_L=QA_6dX>5V
zM`GVQ@sFq)G*Z@yY+pf4oxAEal#n9aOd0EQx7+4lAvRnQ5pN755GWhcTE-bl?FuWv
z9;OE~L-f|l@<hy<V^tYBtX+iK(iu+Nc@5jPu(wc^qkdK(Gnc_PFm&3y5!}n!0wdUI
zjxl^j?)t>6&ssAT7ohR|f5-Q`3HRUacqL=G0urizs0CUo(@9v(IA!VWzsJ}VW-!oV
ziju}vjs7YJ?v{S)6E-iE`RKePWzH!np8q_SSM<l9T>R@#WHoim))=%sE?_X8%Am%3
z7!iv3Ef5Sgko}lA&SZ}E2*2G&O&0PR8%+gmC-B%(fES-7m3es+gTN~1x|v-BgV4Gc
zhqxlk&28~s!^<8~^!Lxn%e=f{x)Fj2Cl?h`a1=V@+GfuV?oSZ@lbUZ3)v7geDJ;(D
z29J~Dh4E#lz*D61)9^a1W6#uOX+nr5F@#~aCC5eu*TYCoQE?oYDQ*c|gg0aWwfgi4
z3d#RF5Oum-9f-TRxmDn{+jkdFgf4evb3F~RJ7nVAGwn|It5z2#@VBH2X+!<G*-BcE
zTQrhn3H=I0W|6N@<FJJL#t;wku%wf38PxXA8M}r){5o<jG(LX=M@&}Hc+{`cKjW04
zpddCZPDYeNE&cM`XvLb^m93>Oqtc5;rkp)N0P&l}d!YMe>_oF{bnGB{ZzQX0pwA<K
zG`Kt<alTkQxJT(@bQXF-X96u&LYrBF2+bv-0xc}fP)M6GqaK2$jA3K;YCqEXj&EVG
zHHa}u*M^L7>yBB3C{mlaqTRa-;e4tHII>#yzg4d+vs3GvL&)y4<D(g>E_hgX(yAK;
zYOwfLv%KUj_!CP9&Y&n8GLD3{@_Eg72Fjmx9${yjd@!lQ9)pK95B0qXD;+Yet#S9s
z@o$93>&2Te1GXK@8#-HyWRdnRNNsV#^~^1WKt^Y0doI~^#n)j#bjlS#$`%oyEnCJn
zFRsyP$cFYcFbz}lnjuEk#pNRbggFHJLMm!sYTqs|06Vm<IJ;r(AiIS+zwknbCs%J8
zB}COixu-vO2C>bEADe(KYecsdXURAyuuVYY3@#Fsx)x}ZbLwOCx<uNf{wU)QmiBmJ
z#l?LURjY%chD@s~@7RbTjETZ9jTt{+6eNe3yN85DtD3k_5~8|?96wAaH;K`hsIe^b
zTj@Bz{@0v?4HoPQ6D=X;45;tkhulU!HRGzgsSR6SS2SJ+@8n3o^fqZObmly*o(7=u
zu;-~k{b@HYP^0|mFnX_o-3dq<{%xI+ig4t>1A1j5Zf<Vurp(QGXd5yYtUD0n@Yi#+
znoin2qr>z#IU-@xR$ry7lqAtL496PdQ~_ypHWP%wxiGNt0#QFZR}n2$ETicvnj6fk
zHbh}q<lzrq;ygDRTv)9Io9l?a{>FbLXT7n>nu4MH2j;V>LrSn;I_%5WS2#OZjH-1t
z!`Uh*&Vqu7__hjVzrP_)hwWEu`T!@|hdN-X3)zE*lhJQ0lsi+HQkd~GyZfC;Y9##2
z@f}@ksrPI@>ZW6bd$bKjGDE1EZ>VA3k}@H*28_N%M-PP$fWAPiSeXR_tuJ@GBUPRP
z1KsuKhEy#*oBeh!jXqA@zbU@kt@x2|UwmBQX{C{Whs}~BugirFpnC$P>9GX7F4l_<
z)2#Ew*;t2N!^6krAgB4vT`N<Af7)GYxe@-<x7%We2$6S#+;^0=Fa;(WIZTbD8hYn{
zNE>uYtz{lci#n>V2S})W;l^QV6FAs#q8V3k(yNZ5JROavvJ=;?!|<n#@D0uV>Pkg9
z&`(-3D(EwcBO_$Zjo^upGT@z{o)CLR5so3PYirJdfwy5P2C}G5T7}<AX+U*IS@G#A
z<Y0?23EnCtu}ADh>8`&B?in7;K2-=2k)%LLAB2IENrr@6BA46C;<m5@kyiv=D~Byk
zR0qLFgP{@ze$KETeTP{*HR$K=1*Ytl`P5vN|3BsSR?{hYpZ_F1{UBK)N>ke4pf$0e
z0_x<tbJa9W@tcs<?P6L3pq2s-!=k4<;YR?e3txdsylP^(SGH_Z*t{{R+l^E#x$MV`
zUPaZ9X4_IAi%jCFUbCAIoEi8_(J1%P)2blXnCJ=nSVPXdPC|7dgbL*WqTK`e&~1%|
z__{je(*Z@vfWc(#dxqVaR_1Xw77H#nXis<6RUR7w@nrUd3sLsu?MA>#dsqi%(l(~G
zyp7_@HUb^KU<qQoJqI^lYJ;bWQt<!3bcw*}EJK`#L+8%NW93cCN1h`v>$b1b<Iw0=
znx8jmJ^I_@Vi_O9Wq978w&@Dq>Z;C1;{sXmU~ZZR+$R$g%C4@i8S`o~3!r@<2@S*D
z%`Gt$=oHbG2NG{GXU!0xhT_FmdN^a#8mq!G_os7Q#iSkAWi$fZxhFGLO%*LI4}+o*
zN?UXru9S<z`5J(9MzD=7bOZwHa0X}@`~xmzuIs`sf%*VN1qJT31t3c|86yE&4d|)-
z`ZtM)iC>22f~HRZ(0~krgjtNoFB3d*d*1dVT^;Zboc7@~O0ka?EPoOS!|t$Xi)-Q2
zH#64%+fSeo<A+QrBO>x<+5H+Hz~X~R?94#hhB79eCLJbFi*R%zuzoqMEh{A@l>}+}
zc*EAs?})oT&tto<nb{?R*~ML>h`|x0TfOB!48SyvrXVqQYa&YD!IX;Ab?_AP{L&~V
za4P`;mAw4?{6~%FGJH=rpr4MSyCES6BB3}AZ74a~?w9D?jt4s@0>rI75ybQ^ueK)F
zaA?_L6-$}JBLNCxxPPDlIFz}s6j8BF9VdpEW{i5UhdXY65XhV?P+>$D7p&Rf2o1E(
z+?;eE|7IYjReDulaUF~KfTk2A|Cjz9qm*VWFA%VqeAF%LvK8-+-liy<+iy0t1*@@k
z4#szvR!k?9P#TW+Ta`}7c6!PlOjF+eo`b=GHpe;7U8CQ$H-fqY&;?GeugST&lK`Ug
z({Vh0Y;4SrNZ;uE>dFx4umEUHZiS+W$~0IRQf!Mk5nXCAUpH?Xw{4*d=KNCkD{nXY
z;2&@UgcGKE6|-VeQX5-IR!0Y4hHQY|lBoFjnN9f6kpyB~O}dlIjshKAXBlqdJyG^4
zv<eGX>}HSV+Fu&AQ2bE8DE?0bdp0Ga?Mjb)vzW@X(G3=x!CNd%?+h-;CU$xSmFZip
zI4bsvO4?_{%?4&CXII!ED*6Y3H`doT9B)+jJV|LUVTKm5&F8eF)art%+{(h!+B&NB
z*bFRnt!y}zw3-1ZXf!9p{S{r|Kev$eczbvE9urd(SOq{}1q8fu^73uHQRMmgyYU|_
z{xAJ5-ZE5dQ*ug5-(_3mL#T%J=C2+Rl4g+UTdQ1gU9np`bvN~oXsoa<cjl7XaMkDz
zY@!0-3)6M_$(WXxybT=jKGsrDQ+j!zI&+L6Cp+sK7(^HZZXDH$zjBF*sxd)LNMJJ$
z7hRkG;Y%oQLtN?<qgZMIk8QGYUvWCqNH?L4xOsoAc)<Ei92vPaj;fJH>tHFmcPWvA
zOeVM!8FL6H81ApEg-=64v6D!3qAAX0g5!X$M0auuOJW<1U*dgu-~b(6W@iK&t4myZ
zfBQ)ZoenDbU`Z?FxHM2IWKUEqAf<sk?8Ass>r&)hyw=UDtIV`Pk(RvEkW%MW1ME-H
zO@!4R@|~fj@`}}IOhc75LQ8|C(2qMt;d&1pnQv_l4Yr>Wm9Jp5JlGB%&1ddrVNVM(
z`T(6Jo3Q%Frx${EjICQhMe{$Srz#^#giTpq>os4qmeZ`ryUm)&L+<|4`Ra=K$?#eV
zcr8*sr^zq!N-tNkI@P{cn3J~5EwQ)<7u0<$<-56akzco!7d%Y5IKAXWEvW+^VhRLU
zq2Eg;kCZ$R-M>5mwFW>R47er5r8xS9VttP0l_UO3NjDNlO}e^&;hdbELc0ax=z?6Q
zFqncRPjG(tEW(_eu0B_QpI7CT!B5X=Ke!V<CWN5Iw}~?)#&==~05V44H!L)k$-I1`
z?4Y#rSmpbUW7GXB$egA{L$%|y#o|=;TsbYRYJLt~v~gzEdz03m>7Asn*j{msien{s
zh1_nEBzPSY!oK?e3oR(Hwr``Uh1u)Ayxn;G&B#!TbDPib#jEe%>d05@XjNt8MV4=d
zTFv*LF%S^$j_5#Gf=z1QGcl2XUTCjOQZp27o4WjBirkDFY^o@DwPqH~K`S&AY+Qtn
zpG{3E@$vDabizXV1IAWX5C*@eG67IgK!}kM7g<n<XeI`mpSRA@BjHFgV_e8s%oo>W
z8VcJ>Gy^Owyp%v=h~>+g8pM8$>AD2k9q>9*yiL8ij?Yj%e@Cp8<tkG-^VHeIp2V+*
zI-1h7CoU8eY<HPl)RO7o;ceVQV4Za%bTC+Rr3mtA|9i?g1B=RkYXN?r9+k~cfR`CJ
zJm*n_>GrkrJ2B#GV+JEO(7U~a*?_2pM*UwB5~?5*V)~9S&IvzuV{-O>=U8@>j6p@&
zrujD(1i$+FPPxx1B$$WFTRx=j;k;lYcVvFG;343L9qf_*k%-9<%g?KS6X%c#xEj{b
zDgfTE&r|q@eip!rAA~g27@*5dT;p{tFjtg;xlPrN-p9&IhznzP#e8O%FEv7sOmSdi
z*KJEU&;z?unwfh03}7Ui+|tm-2aj{iKY8DPRTRD+lVdS4%qQ!kVMG+L{#FP6j59{Y
zkMG{%VIL9+byKx0%bJ?*8OQzGe`Tu`&oTG<-xUzhbMv$GFB2E?^KJiI-;J_64HRyX
zCHLOK{k2*leN~FTRpclUy6OM7&thYA8)JR|)XV0#z5-57S_0`K#&JadJd*L<P6ofL
z(f>AuyJ>nreeU1C{JkeiNe%pSY-LT&`lSnyA_#K*okU>bzKYNS2UDZL?RJy|^k4@C
z26ASq1>u+p>+^7rGs^4pDE!v4|1&xSbpLwn00em6ioZA89aCIPw_wTc`Fy_&`|5?g
zz5U4IA}^7<sEEjWRMhW-hU<}%bRQ`x1A$gVl-+x`|9Vc{zP~l_-!X^TG+q1ZN!|qT
zQRxrwKD>Lo;@AK<Kb^TslZ}lHAlk^1&o?2V{QJxz7)#RAy#Phuz0;5ZNr?k52T*f>
zwyS5*)59$ZIeECF_;&RF%mMazwZ(il@FR1h<>tl%3k%x`fq-h}p-=7~50+cfa&pM7
zj+gl}SRKLO^EtDUh@_-`bQKN84EJyn-@m&tli}fP#kS8+Mk=Zxpv=d^=p7je$&VjD
zS_cxCZ5kGV_JZ-rNmlPk0VO4LMn*;r$5{j7xnr@>KYG&{O4a&obKqg>5cKfL;mjxT
z$=S!PnVL)=eoNC2_SKt#0U@Zgh)U*jj3=r%XXe|(xQ;8hZHdNKI_GKHxy1$~+~^Ty
z{i2(FgeMx8t;e{-UqB#Ypy~qBoXTVX2b7OPe#BCdlat#4c$~qYFIu<2D38rz&IhuN
zed;0V{rg!&Fn*Xg%1m#AoHWsLr#S9OD3|J4&>rUU*7(-%;UAnLqQUqXTjpi9&D&sj
z=>}kg!yKnaG}xisV!>CHdY1SL65q^+#vXcZB%tFOa~v{YwyUUjg*6qu49iX#be&<(
zC_(?^@9%!!Sh>S4K(w8J!K41%ex=)A?pM&%qIlNNU#h!&68Z&D#_%|8U+pA}I&~nj
zzr)4l-q;6$Ky|BrxFT*fJAe}}wc8#-Ike0Avqm`K)0;fEjQDSfxn<Hi5rbnjaVcgi
zgCmkS^oZtgL>D%&c<qFRL}ZO<Js*09DQ39^#A8c>#>Qw_>_eo$P$<gOQHM4{!XX-I
zM7De;SvPhSJz~Qoq`Xnlg=!jh`<ORZeKmY*G@Ia?>tXj$qb2NOIjh=vTmpQ2d=?fK
zyn8Nw{^t<y?o2@as=M1O@UN)+Xku*qGZXYm+g>Dqk000q#P|_3&W~DI=L`Y@LhKmx
z;nkA4=9B_@j7?9g^fXT>_-_T?<jC;57CieKrD}*6tV?KlY*0yMYOXjB96A!-+W{!3
zMKZUcp#j#vBYw~j%De3Y5bX(xh@@IC8N_LdXlgD7SmCTYHuMe*;EnPPv;Hy4j@BA?
zTHIfcEMWV0NTTm7WOb+7eFv<unjn%ha_iZ3+20xDJGm5kn+yq<*IbwQ2!7r14j<c=
z-K08mK%Jc21v%Up(SdAa5TI7KOjDo5S)t^|E!UrX#Ubz<l?h4(;MGQVPWW&#pXR|r
z7Y{<pv^syzDK56g(!lyHq;{0inJ7ahPhF%_vY!=RgPu!LDK!aGbOAw0pI3P+b|22+
zB)Ch~n=|YYzRr|gg_~QNXH(;Su4GP`h2M(eyxma`WT0)(GMr>1985v!<Qhw;&>`53
zf^jN9;SyTR2{m8b&dwee(pYwRgE}{ygQ=A<RR5#PcUKk0oV;@>61{PO(SMjW_4BZ7
zY04pep}zWp1&wwdmXbaVoHJX6r6PXwmU4ajJM?`Lhp87^Ml#({0;yCIY=^D$3(U&G
zU7X@+tZB}>ypY*vt`_HB*(=`Q-m(`yGwNqF+3CJbApCb%XVWqKt0ho2vu;~6wFtbR
zb4eDNdxYx&8@&4^KlFX$)T)p!=JxL)F|-p+&0fFW5Dpe;zT4EFTI(7(d5S<+FI=d0
z`$*TSa`|Hamz%x)<%0HIqpwDsDX;S9+PWZz0xifq9vKl`#DMcOBmM5pDXPQTd|6<q
zlIy914<qMT0<R}uLReJy|7z_kfZ}S_ZE=U-1O^M51b3I<PJjdpt|7R)1PiXgVF>Q-
z?(Qx_aEHNN?~wnT|J+mW-dFeCdR+w#v#WRap0=;Qwbr+{BhQHJVltY6j&6nX<z|S$
zZHyqN7(vrFb2+aZUQv)CDkUBgZW`-i2#*#Y3|O=zb?(e5-}Zmr1mBT7UzB<OvQwjc
zV#EnfcZ;bc)A1X)#&2`EK=!IKBV))FJF|Lz|9sVd>FK4h)D!r_PRbQ&Ri?G>wr&aR
z6TiQ53hwjn12jFX)~AX;KX^VF>#tW7X%;@WUz0xLm4UxyPB|dY37)9{TOKVy=KA-8
z-rJzIVm-Cc;O;|N<{D;;w((_1yom}SS}LkkyXK;z(3lwP&NXInadD_(-8NuQ5Rz5H
zR=f&KpT9p`KzNt%%O=w=iJ#eX&|@u=x7z3+mw|s}^}D+_Mt=TzjdvY+V*PS8QY!Bk
zGoDI*K;V9fg+~G0QG*|$=%WW7U$}3l#d;7q#a(tNO<vUNrtn?_vU)ecWr$sG7OX%u
z0If&sIV+OeBk|!tu(tI{O{T8#=7%fB?#0B36{2kws`@TF7DkE<6s=$kEs^Ocv0xHF
z7I)-uu{t>1*hwqYo?BBoh}&coIAElL==g<8r4b|ZxB+AC-7zPx+58PQfM3C6tc@gZ
z%@}mxy|pz*TXh&K?bpm>mQj0Q>=ZQuhTl_HoQk09`Ow{qKqSg0#pM%~&?~Ap=7cuy
z7nHiv$)M9bqFRYsN;!bER`k0wK0K$J=a|A7a$+R<dMI$j%FFXft!H*JVRw}cH@6S1
zf`D(Kj=@NiT`Vz^$F|xr=I864QVAw7x0_e=nt40OjGCGS0STQ|wRXeoYxWdRdS`&G
zn1e_)-U)Et-C<pBn@>(mGT>Cr+CXLRfIER8+Le7C70_+0D|uwZ{i!LAftp&3zBQER
z5zP`@<Gmf3!Yh?_EnOOnT48-4F(^}udHw1<=-7Q-(iNRY<wtFml{VgRqU4$f9Z6H|
z$z33J@fEO56l+gEgyVxLZJO{-DT)rrbZ41NXi!9wmLV5S?r?oY=o%ilLDTwlZoPi?
z9AFCc@ELOu92#0_$#p&qF_;w+8f()wgpuPWZeL!hIJ6h)a=6dpzYii=84_9tz48q2
zb~LZ&!aI5RelK_p%U{(x+$LbdGdn85s~s%7p;5Er`UD*>upqSzyRvgIC3mxY2m5?E
zd-9lyLCWuPIQAG2K7MY|y}fOs<9YcRgG^A)-kvR%R#EUOwXYQ$8(U$1#*K=Y+eT09
z9)SGEd<&Eos}B81MSu{63(i~XLAbglU!J&jQA~{gi7WYaM)uQZuxYR3sUL@XvuBrB
zYS)KnGB9y=V`hQb$vA7@1Wq^j5-XY;l@=;iTITo>mw-&sKQAJ|!&8u6GSP-A2Lk*d
z=UE8ptx7?z+Ve+fpijqfuA^@0aX?Wd@>_E9Bngmh#}dCuR<q1-TjAH*qve><k^D@O
zy`m}{F$A@)!CmwnFXfvV8g=yaaZ{`Uk*;o^gf0bq=nkeeS_X+43Px>Z9gCP-40Nl6
zhd$zh0)qrL;gp<ejB>0Ebg3BZafsugxdpAW-SE4<*qE4dr>DS#A}8Co0ts)7HLwsW
zY%z!*pD6m<<M#d0-OYAWKjb275)pk3R-iDp8#|o}k7F6djnV4!8;ec%!pBJ;ocKI*
z8f&UtXN{^uW^|<h8&Yn{#zgx#Z!X<exU=vXtUvmWt@c$#QDb!CVGn)k1Y3RImlQMg
z8b5*i9W3uo*)d5EbRJmXzU2*ZRlTW>iQ;Q)Z}jEBgnaX_Z=5SlxCZ+)6w9S#Dc$Q@
zJKLU}xGK)$W9=`>_prAan)m1D(o%q{4W5J#hI`iyAb1-*o?MC2+g=nM_f;bN%htRq
zUS%nHfv08D`{WfRK5)^)Wps+$vWkh2jN^jo+go$W>s*@3$GSFyqK#*zv-7d36|E*V
z^Rn2>Hc!A5nC^DKvt_7br$_m5@(bErD@Vro>2>iV_$>*9<ib$5)H%e|Ca0o;0|k+;
zZsn#}?K_JmPC&F8#{yvlf5y@%ygBh~5HBx+TVU-P)eNC{_=+N*C@KKaG%67&=I~pP
zXwg1VpS^qx@L`e`$6e<TB=E^{sT1S)4KHs8E*1?xkC;n8xUSrJ>cHanL0%4}zrJs2
zx&7)vi9+gxK9R>r6shxig$dKh8U~T>9Z!=2ca)TSqSs2AKY&Z=%!+-=N>^%sLa{c_
zyf1k$CxXGE=p0+dZes0nQeVD1XRMN9;|EqK2Mvt3EaC;gJ;^4ATQ7^iJ17I<#@3e^
zq>7$fn8T!CYl&^SPYzZ{Tj7gIUsHDt!Tj-!tHSmRY->CQa}v@IQOJhf{(XqFr*_+9
zQBmjT>$43@jHyF!V0tREG_7xa1STy;?am#?X1-JMBZ+^DxAB(ZlUrx>{I-)YY_*4$
z<3zm);nXbgBX9gq_*bWgI0Dc*-T*i^r^hsfzPQcHTiq46+t1mRz9skE_?*CgNpLAm
z<MJIw)nuD}XLPrO5T-boQK%w8cfoqxr5EgYS8yd3ecQg3^|Un5TJ`!qWr8~y&G13o
z-f$yA1e*T{YJ1b@FiX=m$_FH$!T_59zHx?)qjSxj?9IFnm12w3afF=4NLdu>O7d;@
z)iP9eaDYk)!FyCmGWno61xO$dQp#XO8X{rZ8i36FVsdwLz}#vWg6_<ag$0Qlhyf(~
zt^}RMQU@B9Bp0}oYk7;*gDp90$rbC_Y4V-M0KtuxC_zl7{<}7SE4uZDSF3LnP)tHs
zFhy*!(1>c?|3TI-a<|(YA(8Msg<;$tdzU2~ZTbloWWdDq%lXe85Ft@Jm5&j~?{l;$
zZAg;Pd46$euppaY+fhm+{ZUXA5zYjDz3JO=Oby3vx-#JV69-W(_Hz2w=dMd4)}M1#
zL7_WUE;{ST-fV%=AF@1}7p&b<O^=7#iHv*JWV+o{_fpNqnIc0pPu?<lg9mXG9jPY0
zi*J<{i*|1_tL#@pg)(<{zb-B=`T(hCPH7cDxsV-S2ol{5!r|GSXFY%%vu4Y5$4cs!
z-3HkJ_l!fN?_z1>iB1K_YJ#(-O4372NjC;!-YBGAs(x(F4ZB-yDA}(Tu^Ln*P&wi`
z&6z4+C<lQP`y?FbC@6N|$w<8kCTwlHp>lV>?sAJAK(W0ENAj~dws%J`qGDyBCOR(F
zo<2I$qZ%Qffa3OV<B?mc<{6d>>01lxvkg4fOKJJho-~pwM*#60x=0SMwpH*?2jy{~
zG_f5`L#*OrEC%+v#6*5qyYy!R1P=faR@!JM2vrJs=HuB8iGX#$kMRf&fza+z1gAsL
zkYHJG_QhJFIHX%7k*u@GifsjA@ePU-J4tR*5Q93=U@4cR`+gAugMSh-o*WwVm1?_`
z?8zOFXpXuR^GoL)V=^cOZ;nd$ZP~2a@CFgl%b~k29Dpfit&Y>?7Ius%F@E4--0}wT
z=!d1s$$5*Xfz74hgm2~#rdG>LS-N|~ajdSeDuL>;H7l87f{dBW8Y=xsoZ-{c8Svqy
zKV_LAx~)pZ;>oj7-Gw1)qdcfY=A>UaIo3YA<QzQ;bETfu^?z2v^r3J20#-SfX>|nx
zIek@M#~hFs-f2%;x!pUkY-=1e9p3J;?mcz)^w@5MbJ;<DAby5Eh<D>oz`C4s6b}-X
z@h-Oab@*;qdyG=|S=dCWh?v-@v%WV+O0DSrCKASsRYqfvg42hwMS@s5Jld4`<_r`Q
z?%-Zo+1(o$j-oCFhd#l=!Yg0cWKq@J9A1Savc2T!kjvW=i{K!WUU2F1hU%f}e1$n3
zAF+l&m9pljg^6NumrQ+O;7E;XE|1*!lGkK$95Z+sfrwvq_oUMBTs3*4Qe*xes`qPb
zaCu$?Z+fVlBrlsv?b+G3qXp7d%u!Hagvnyo)PMu}*%2>ITtGmT>so;PPb)<u+fmF#
zmK-)pW7M3KT1<T^rCt6k5Pmev+oiRPZ|4}i+NzzcV2kA$>GcOf0onW#X{sK`raUE)
zS~V5S7Vz~DDnhW9Zd6+96Nlp$=hbBWoGSRkB<Vc*HqIE6sBb^Zjp@2a-g9#r-dz}O
zt;*S|W;R_Z)igu|{p6Ob9>){3{q9oVB`PY)PNO-mRuhnnK|5!3ot;J#i_8ls0J$Sc
z7Wxq`1Ru`VN5>>$RI02qJJznE@+C%logE;iUYZ9DguGi4*<gIdP^G1=c<#16INGaI
z7dMHGQ)L%ZJ}Eu)#%4PkV~Eu`IudoNd21={jPU6oqpw`h2B&lu<>}ybu44ItzK+{x
zdEEB#T*%OKU0(gmV`6DzaP!!*=#{L{#<P3>=v;zUMAvkPDcPpSwwv<z<}pUv`y4Xc
zl>`I#h^dgVpB)TUqq!}(_`jV=+FW<}mUh0bJ;A?A<XzFX-Z>eumy?qEm5~9xi;QAA
zn(EqlnxFsHstL>qaRpUqgw-wCp+Zi<dBflM7kj0eb~8gIn#b(H4@dxzlZvvIL<^TN
z`Rh(*kc}}xWj;Cj(1g7RsZ6>@m@?G8*3t7IOe)-|YMioi1;84Rm_|tdmYxdadQl5=
z$jFdU+#BA8jur}^M;F;i?aB@9?Z`rnXVv_j(^tL!ZF4#`A?a-C+l<~7iT?6cxfEG_
zCDKyEp)Ap9f@eS^9&G(v7Z;v|%Ocmx;m*k)p;8D)@blWLA{sRS@BT0Wh7{jU`0UH&
zusS<*b2<UI#YLn*H2P7rv(S)!0Zr#$fiX44)Ag`$=%`o4BJl*qzwj0*C=9j4g0_?A
z-kD+GU?ud2`5r_ZlYUF<==3$=v?w&_YGmxhQtH;kkxpB>UtCS@d7u{p)U^)FieV+#
zk-W?E5BH%=F}wO!%j{Qd7<*&TuT_tE95`aZxFD{^?HiQ;bzRv|K|_l>YG461=@`^L
z8_uMJ6A1Y{b7M02$Z}=RVR9TYj0E)mI@H^O9<+!hhthdMagR-EKe<Xh8@(?;wa(L<
zlBl%;wU<UPV@)_Io6ttPCf5N2DHD7(9QoUfDfyI-^?J=fEK(!#eT{j^5Rs}7pJ8Z!
zJ&ykPjCxO?Wr=^*hE%dA0M(ROJM%zqb_8|zEvPd$!5NFjH-DZx^<9O)MnUxGp{x75
z-<83R?&OPt;Q@Qna)Pdh%rX5kktTB(bZogKx=(yJ>O63#_HXNR{lY<<CzG|zVq#b%
zJLJ?v?d|&x2G_GnjitFej-Ani51<{EEUp|jWfRsR4Vjr-qTHNON-v2w&gGDEcFMbw
zBj0@W^~s&+1?&0#g_gkXY&JS~0)Uf6rq!bMrh?$eK@w#G$jVPXrEsCz3ZM<?174GI
z8;Sh_AyX{EL^C4Y=i~IwETQd{whI`BT-pAHM`@t<&91^U2EM=<1E;_R<&)VhYLpB0
z^UZlmf6A4sYANTRGj(0tg`s9JHH$lsP{ZRL5RUosxx$V^pfBM$aaNsgO7NVDYq)X0
zc+r08A)S9L@@84ld)Tw>ataSm)?o1SQXDJ4?S?pkc6W+(D{}kO<2}Uv2=RKR+b9?r
zZ6bGME-ZOBDyymWL9YDBDP?0J?dnDTF06+O4BN|FPs%HBVAxp`A%J`DvRxo!0WZGE
zlQE(quAw1tm5Hd4YzeK1tXOgqRZ$(Jl>!||m@*<#Zo;8hW=WZ)2i-7=*)$}Rk7QKw
z&;g_6Z<D}3GDyVMfO<Ai34k*nR9CSy9pEB}*7wh6@`{;xqQ__G?-ar80)8LDZ`a;H
zOd(u!QfaOA6~21pS6}rXw+cyD7ya_|h->oN=X;Np-+rsUVbopCSh-tWK(nvM<S;aZ
zwVsc>ReAUXUw?PeWb^@l`=d{Ch;rd#rTYPfa?72xj9&vTo{?b|x_7^V>e)?-Dj(_1
zqnEOZilTRBP#E%K3lAabo2w^R_?)ykTV16)*Rzz?$mmhc*(Vb~1m6)4=}}03IdAOg
z`BHezxW>Jtszrqz=q!NN`o+&~FuKJ}o9DI_r*`7vHXAD`E?)6<f`T4@$gGrC>B|=Y
z1bTOHbW97yMudb?><;Hz=Fap4hC|%_a@=+Zd<UsQ>CR|uSDWlHX~LDEQTNg^PVPv?
zrWa4~6Ybj$20~ZIJ&KM20NG``5Igr-v4#+sX(4Ut@I0u5lE9FC&KT5ql|+!e(p&Wa
zB~RtLS|irUnEMBE3o26*^eZj;{zCnnIZ?pqvPL{Y;7CNvm;whazf7ei7aoUYHXdUh
zdDBh^yD8H1)Yhlzohqsgmo~GON189q(`EUlb!1vs<Q=t`fo$PM2{>%O@N^-Le$)42
zp=C*!B!{48_%?G=R6O<<c}f^xmFZY6gofYs;}yig-2;)m4Zb|-W_v|RNw}J>r(?HY
zZ!iumD`X9S@!F;e>2Dwp&s&(B)M3HhJ?>zgZJho%aZg{X2x&z`JG6X*<a!c#xS5lt
zku0B*5;DnJxa74cqDLdvPfB!GrTSp?@P^Mm_Wr_Lw$~V0`S?^c@NwGQ!pTAcy@Rve
ziqhN)KhAvaq*}<Yxxs#5#O53F3uTGW%tUez)xtcOoRK9Vg&;TmWSH#*F()Lm-~`NR
z*`r%GpCXJ`WjR2i|J>f*=B4RtLgq(2!xstuuW*T6*2{!r?ZkAWQ{`A_Xb6foZWxXD
z^m%WytZ_~CY6(}7Ni4U};0iRF0?&kr;Kc)|Kq4-Kb04v}&-cd;FM#Kf%ccJngvXGL
zk40F7rYz(tq)Q5B6;vf2ZrB+L8(YB(?H86yaz5D_eld{*OOKk41%aMd3loeRhI^Gm
zj9HK`79x6p9*2D0=4CAse_<9>R8+*EhP%}cKXwj|iRo$f_hXQ@^Vrku?d@evUQ2OX
zclF}DHVOL}Rogm6jLzo-sBf`U-)>Y$yEU~pFyyjQjN%7<+=0Iuj<4QfAm=KfT|`|N
zwqdtmM?<3&d&|A*AzR*54&az>^4m1Nz5>{6n6Vi;U$Pb1LIpA;Ep-|jnHFyq%*1`V
zwbx+282X3e#>oHeS7J{#(@~?rpYLASW=BU>zf7kRA0aUgQQt^@F*2fp1QjNcmX^-a
z9^~QR?38FiZEEmMK6@WyZwUvxI;cR&#gtSSgFUOh*gsTmh*7hKzBn*qXE0ycFHdJ`
zxkohEPdl;{m^UbzZ`!sCJ#Vv^QCOJz-kp&V^#;~6PmR}>2mM>&U_q_1K60%-m1)|I
zoVYB$ebsw)?Z!Z5Lq@`FC=TN-7s~~DSvKww2YK?Kyv9JEk>KBG&~@oi`n{~2Pr3i#
z69}r}vIB);Vq+U1Aw>%yp)(<LS`x6Gg3W0U0h{yDl5LYiV_5~3J|Q74u1Q61_0Jg&
zJzEo%pK%hJ|0nDSkAPoEz>s5UiTs(msG!?-%EX6dUj9ozBYkI8ZCEA844f!J;DWC}
z*Q|SZz@abvG(mz&Wg`kb<5@x~E~f!aiOsvvFzi8@*^h**<+MAM*<Ybc-#k|P{r8CF
z4jz2?4q0fA$cGQm_t(dH1qH#dh#2FOlOpc!d>P|W&YL$<XkFwqGzdjAgAi$jw3HON
zprDu7ogkSU5*&=^a-&<Zd68y^3Lay;fVz)41ZA=9IKGZePUeL`8~x0XT_(>ns5&Sp
zbziPm5rV|B>ZB60lRj#0q=s=p*1SZU&Hm^&J3kB!O*S-;*GdXHt+^`}&_teofBNZO
zZbZ**Mw9su#I%1L9hW_%za9hNcXLqm4g{vfMAKJ4tY^iqs3v#iUx8HeC#8y_5Q!sP
zS3tl@)}`t&O(PEo!4Yx*!NS2|Tg-thPK01En4ODj!wwz%LHu9fCH*+-HwfZYwdufn
z>eh1O(fSvD&Wr||XTSUE{iHe_#l}KXL@>oh^dD$UCs2R4ZX9x~OzhQ!lsmOt|AV{!
z1O43a`xlmoMTq}D19I;iA>Rh2sa@;;qU^r`$p6y{|GyV{ouv&4K-+)2*;c5t+E(=3
zeQ${<*@Vjzj>@1?e|`4F<-{u9ybKBoK>qTMfI-D{M?l;1;m)-+N%oWQ4znsv7qw+!
za8qe=XN&z|mi8a5BU*H4uNT~VwKKV#aPez`XcG)<n<ld=<JHP=Cu4|fh4E2shU{hx
zY>uQs!OR#0nSGn=4;kb_g*si)$dWE^od*bYpASa7-e1?8hBn32Ux=LZ<bM<_6gWn7
zJ>y^^=7H2jlBFH-GJ4QDAT$B!LRBGAY0vUH6gK>((CQ@*{LRMlFa@Q)*PH;SCXy;>
z|D~TLj5O*O^6`s5M?xU93cA8)v9~4^IA{XKM)Zk#a#Tj&pG$STRrNQHS9tS(o$@>H
z1(=Ywb_@`Bul$8(8-=~jxu6#-X9(iS@}aiZ#<b|t)fE@tlTk&8w|$10%U5WqHo~po
z-%u~0pg3c({RNIPVUJ+J2@Aei#7LW|xkTi}V~>DN(D^#c>I~VnqFIbS<?R#V6AUmC
zKn<9g&HE`<R5lVF!w@j~2n!ff8-H?tfUAg3{USW!TMbN#w7mR@pHKlh_%n%8vyFFD
z%E|o<i_%1)of6_cs)BpTSPd12a(~%Co3*IWg7$~hzi0-4$l$8Nt9^~>2Wqj3bw*;1
z@#6)x#OxIR?U>^lkGZ^$Ei>r6f$q=D$Cmg-T?$yVBP!dkB5iAiM_QI%8}*&R9cxG{
zj$iv*?rw@~|Ni5E`w(zD={Moha~wRk<oXZBf0797B2py}e9?zZU`5{eLcMvFQ#AL{
za4644n$^S`k2<HPxW+pmX8|9{)wT&_gHNA1ZiacGs-jaH7}sI!k;6>rM}A37r%?qG
z(docO`C}TYS7FEhZi6C#Jii)t|68Ly3R;Pj^k0^%@Jj=zM|sR$P-yh{UyI(EY-zqK
zZ3v*3<~&i0Q?9k+SZYh<=ktHKoOU1CWYCmI<`L_+F{sMcfAv}U7&$u50tymz4|=%N
z=wjaf#f*4Kga@OM<t(_}#|62?G(OY}umqTeW!a4k;hkId1I(}k3MflW8W6LSnGe9`
zqu&cm{g8|!r9ipxb)#U??%P>H^oZ5_Z;MiNS_&VW6oV4C(bl{hQ$y}N;;HJe&<N*a
zrlg!S^~PNTUTnGFUKf2^d6@=W60^$j^io|=lam&3K(D|MnOCj>0#zI=An75gqcjra
zD2e2ju;kx5Qcjm}xjHsm5l5A_FO7Xk(QC|wglb=AP)Lh-@8Sqeo!-czvN6MYMJDKt
zE1u#+DlJ`8m;x+?y%p6fvoD8<9q!)%xSpcY8U{Q~=oVvaHGHStAEKf^=s3Zf&kByP
zHQ6WeaYfS4Vb<j$-=5xdB+YSAImB$Us_b2k_X@9N#1^CR;WasL^aM;D_X6x<5{h@k
zAta7JsehiUP(O=0D=6ny;Y3ZTxfY=-DXgk46Vrz}RD9@6G1dO7I)a9sMXH0S-)~@2
zb?3b+b5meQ2+C|}ex_XqYy5~nouYz+iLqYUl6<%`v`JlxkAUCi#Io1l@oSA<%Ms5k
zGdMvszoW%4_*<Zp_>!E?75o09YQySVWW7GC<MVXORSlmHk$^V+K4Zi~#>2n_H|LWZ
zWN0oRC!5pUMEzv@`e3f!z$1OSd54Nd@Xn?LI&2pb7Rr@bUfruQ(3EM_H>OJ<IeuR3
zhbmE1#)eTSj+v%{6>twQK4XXDpJML*dgey`4Hksa2JuZ$%g=;QSWsbM{FRnEgLAkl
zN-B{c?Xjc6_xqqbEqs*nrcB@c-<Q*B2^F~xToRh38u;xoJxlbcmpSHdOA7k5b;Spg
z?V4*XwsQ$F&y-a(L|gho=QeVe0dQ40>01j5S_-g=pLu33t@h2o+0-oz08>8XH~Mqn
zan%2ADxhb~eZOj8rE_L>G$WyE#cDZ2{nOnd+xXo#T&(Dd9`;*J(k72LNw8^{0x5ka
z-ofq$l9h##WuwloPEJAvuQ1GuKIq(&akb^6zA`U*nZ~S7X_EIbkQl4Ox!=TjjGL;|
zA)##7DsvKLhw`<Wk|C=>4{%sZjnS+x7lQ~hKcl!ljFY~e6-7hy=LFz&vNWC6AVrpc
zWemrsK(xbw2KslJK0{E8Fp$SrR#}ulf(>Q!^UZAF{=SOrsL{`;F6?Q`LtRwVzE0sS
zjX$6fs*X>ek)7!uXZ(hKl>ICLKbp(`a6BeXQgz{5p{1))I_NV9(nwJQJCFD|6WxLM
z!5=rX_rLvs<~3XPigrF+&KAF}Y=meNnT%V{m3f_kDVkei4EJBubxqfg^et;r1{YPY
zXo$B%#n8-${yc7Lxbpm0)1${omh0?eqEZo3kK&UXE(<ey^_X7Y@5wCmM!3skzTaW^
zx)f9)WIB|49+QDzyH98#cRWU;I)imp_v{<Ph68G63Rc9XR#-#!_s4geoC>8wW^A#k
zX*tvovYFxM&77s!M~&9hs9|v>CAcPx^0~V2l5}&YCf?9XuBBB&lAh)`?tXrV;bgkn
zxX+Cdl2^pJILw4Nw%jzfUB#%bHu3NWUlV9w8f*vTjx^zn@b2(Q5JrN5^md(b1r>;M
zkvcf2Un7`G=$_1VJ=03&`XT<93{8(!chKUC53C_XUcBn3cC&O)7UqPvQ_)pjP12i8
zIL1_#2G@ZJIcJ}R#<Zy{q;@{zcIy#=vHw{9qp&CdNjW6N+i$9Bh!xyy>gCx!MvoWb
zV!iorrM2?ZyPhFT;CT^RDC_g}ij8P3fej@uV9fCJ+nZm%M~e8oN4WqnOKu}fuJ6yp
zO<Gz@omDEo9yM<#@OPB;-yQ&}<>c0ZNki&K&A4hth@`qak*$~RgM9Z_EA}JpU<-Y>
zwnwfBWFwtBX2tAmHi6#2Bq%@;nf_i!K(o`MMQxl=cO8bKp^W;dIor83+x76`L&|*}
z|HUY%k5idVQfqLo)H|6Blxu*(d6w%={R-@YxB?}_(ih--x}i9{9ik3^Q!MUt=&0dm
zIajbsW5u)Q7WUkb!MFU)s`n*pz$i&<v`1jfen7fz{mzCf{kK!lqVH=vsAQp4g6EB`
zhU>-?te%=GY?o$o{J!sx9{YVGMqYw`eJXBbNx!GN<%KM_;t?4)LXq{q)w$hRxzg2G
zN|yJ2aV_7az^A@Q1vQLy#q6XMSn|P`;LMH6tPc3jcbI+xmX6g!MLu+Pxvl8)qWcXy
z@I^8u%WP+RExOHhUACdv9nVeG^Wm>DTl2TYGWlcQuDH`&!<E4P<`cH}Ic}{_UvG1s
zGJBovMe&`(d6Av+6Xe)qL`>9Vn_$U!?R~!)Fu%j*SDpF8wYbd@GLKk$Z}K60Q-137
z9)eF*`+gCz5zgnpYrIzPauP-EkiCNRtuJgsV=K)o8PiQaR>StRNE#vtn!X25C0YBW
zHJO{O!C1ANVUeb+Z%fWRcPPYY2yR$;2~No`$1_wDo45I$eE<>GKYvb(&gQ918o(zl
zUJ8qR{q-`f(pby%0K~8Th|#J?pt>{SLAxRQP<1@yQBZKLLz#KAx~l0_!{)P45mjdL
zfb&f9z*~1@#(UZ4*kQ@fW%{PxdrWi&F)`VLYbE)X91%u$2a!yxef@CE-dv1lWvLqe
z73U-c(b&+h(@!`R3dv9zz?>O}y7R7;<{`I~H18H#{Gwy>6$Z0atUluhI}>^yPO>=1
zw5ZA0?c3!8y)x?LX1J4<sdiJ@#)b^$VC(K51@xBd(Vyjwyt>3`^z7zu3?|^Y4QR*D
zj-Xrb&)grFsr~w<5El-t_g6h3N}tlUAaPr)@x?)v9v#vrS+p|T-qhPjgK_sCm(S;<
zJsI4<2Lob85f>2}_&?Ocjp=#x7v`vhJR+0obI5|d;1~|qL)g~xNb%x5N>Oq$H!t+W
z2FT7LcOwNFv2Izb8?RPM)wO7WCo2d>l8TAb(J<MLM@@{gV)VdoH$@$YRHpibC}h5m
zu&i%t#2LqC5-Vhj>b+kj2I5lZ^SgZZ8oTx-;k#9t;_KVr@{P5sxFpfB5Lndk*+Y(0
zS(Wn76%d$n1{;ZA(lxui{#v;0bNkLKtul)4>LI=@ZTutE?H*Swk@^t2H)y=d@T|j%
zmE?K&Ar$AP1H(pKd}300sOWfZ5~kU8)|-hkzX>qrKEi*gz!l*DND?+pi(H?5P5NxW
z&m{+=oO#>Zs@Zy?K*zvlxfEq^vec@|FV`uaIG9FeAa5Hb9ksLkwU321ywCK~-<QYP
z>9jWzqw-0+zxj1gjZN3Zaw`*O{k^rjdRrOJ<b6t@%cl!+Png7krllqK(g4JRWR1z`
z52!4r#Bdm1#}hY;5qjZ~TZ^IY@hPwBV;f$~mN3`9fO?5OeA2}e&gZ>;)7u=>TRR;=
z-K$4n6IYuEc<pPcltynI<A{ly9J_<FVF;8W-1r@5S?%(`S+|^={4ukDK5xWqoyHtW
zE-KSjCK7;chriE~)}c1GAX<1OXWFkC*6%_{45QD|!&E|0t&g{S@`I@uE(2CHEPq0|
zAD3r%RHD?rm;wsGQZBMaA85ywa>Q@jwh3#3NVB{a&{(I=e=gfxVZ+HZU1BKS1w3~$
z$=WILq-t}#C<@-xitc9$Wo$<|^el^w*Q0&qaqX?x{I)d~pC-oM6)oa3!>3vW<LHS&
z^JDqd#j$RKeJlN@W2Bn<Ynuf?AJc&mOzCV_yO`$k<!RTXXmdqdC_V*qK*XvP&u>@}
z#66r}HF3HLhj}i#1VBu69+(J9+6Okk*_iRTd-^cLoTh8(jdtm^M#J@D0e!NdG}|8n
zbnm-A>_yWOK%_Nn<Spk(7HV6!`T5a0-$07Sq8qJHx+^u}zUo=db@JEX)DfKXGxsvH
z%!}VNt;vEvifEmpjvdPD%-Cvt-ogBeCg6Nd)va+(n;(0JJWdYgJ|fC~eiPIjbG-R`
zWafJff8&-VKX?632x5a<l&nG>kIYHC{gQ^ZeEHZlZ<D);?~$cTjQK0=f%P!Z&Dn5Y
z1Fb7{=+hla&CZ$$U+J)zm#ZiH%>%y{aXT)VsEJWJ4n4ui)R?Z+w{+_y3QAjOE!HIS
z5v$obC;L!p;T)`?*aTu-gfwSElt@$H&FnA{7gpn!+qJ^SPdbO2r`|z5#tvso$<77D
zA}zVl_lG8rq393Hm_r-RG%<#Li*4*DHs^XJB!T1PKM<R)hhkl~)>UT{$W{r=uTBnR
z*EQ_RvUU>xj7z$|$VeYT%aYTyZ?k(8dSoafO4B?bY`vdk2sAV{<Q@-8Eyr<H_HJ0A
zOke}IuoQwNbSQ_~Mpq^e>e5808u`3*5Z6b(+4+upp^{x$=}>;*y(5C#*fIc;jid7%
zx&8+HCSPoZCoJDRoWB6Hk<Z-~)b_hz^)GX$b<i-~@sJUHdIf48zlm&SF?|ziS#~m?
z!ItlutuALoBj@Wc2DEsJqAqJ4Dw~>WaDHFEPRUZ^xZW|0u5#bN$r>o0gynHXBGePR
z$ecqPO@ORN!G_`0BIHlEV)xAk^zg>rFM7!a{He6%HM#GnbN@F1;jq^W;w8sOJob!6
zN^Zx>`}Ih#-&%x)cVd0ZsJ&(GPP<F(pIYYA3kfxz$TMg#c7vUJ-o`w5#eK65wew<^
z_s{3NknA_ZsBOmLoTCXnesH})*bOVU?GfjSCc|6(tV_x8ThK#E&2B8r+|2A-rm+F*
zEK-E^$z(+mfv5B7{DlYi4QM%MOxT>KsF~~h)3(s*c`#EI<M{W1)OPp|JJpuwjsjz}
zaRu1}vpb<Q46fsV(8P3GoH~Uizn${%>i*c#U>h69^*Dz>N@-d8^`hYN(-QP)7&urD
z%r!lyv$*WpR{2|?ofFM+H_lx3d6j2PGeN{=ruzJq_m})Fm@}0#Te$1hy@>8D2R)R!
zjRQfywg@GbXvorfv;I7LKCMZ{<<aq-&i;L<#l6e78bE0zC9M;Mpf17e@Vm{PE3H_z
zp}>PYuU7NdOZT_STf=he@jNUKZk9N@LFo3@Cb+pDx!i@=ZLhaj^jOwd8(qQSu$$Td
zzb>S;JvQ;_Z@{2;^Bs3-A6WBJ6jA69_t`?^5c#iX?{O8=L~@N`+*9spCJ`c}C0#5{
z*=mxUST_tBIG2Z*WR@v+?gr{<NOCI)gTOo>_T82r3$0+x)_Ups;njsX`8=%emz&-y
zf2?iBe=xqu{Ie2WC$#BDgF5605H+t(@+=ikzp5an@%M2#gKiYgc3c?+P&&cHU#&Ms
z451ehi|y6U8Fn0&m+A<|PE}ni&TJDK!pe+2fS}AwBm}^_m0QlDU0Ms`Uug;}dv`+N
zM-2RTPBcQJjO%^pZb!#{zaraeYNwDLYMT}o1b_6XJ>jHB?ymb?2{bo?)%X|3`2bZ}
zsp;UfE}R1A%K1l5A?^$Jqu*#Nw_<{kTff72mPXyb+qE{BqSpMd%%<Kx|J?Um3v;3e
z5o|SB<ULe4`+<&MQEq)XlRL!wR8SF|IvhL2@Nhs7WAoGH*3lLgI1Z;3@w(MzVxk;N
zDseb7^x=Wo$Z(>k?~C1t%yym2jsC4yYxym6BD$SmbU#CaAIBL?>nR~$<WJ&N)HZH8
zS{xho%zpa|e*dYTJaLFjZjrh_ZyJmnLsMgi4(rCGtZt{pExc`ogtRW9TgTywP5g$3
z^9`YQGY^<nYibZ(3awDuQh9>i6Y5WJ-EWWfUwzew!AJ=<j|7tO%(pmK)m>o<6(4jH
zB>Qx61_MH{HE^9rpI+izi5cO_Lp;Zl5=}_a6@!0V#cp>v;zn}yCk2WIRK36_F`hDi
zqA#w`9YX1+jsq)qx=TVg-8}hHfhkX=FE{9oP$6rieCho^$qpa)?-wxy^_PGA&k~f*
z7ipzr6GAkL?DO->GWe2+^OF7+Xi%`y|M#W;UBL2Z3u?*Lq_NND<6kuHC*;QF4eMgP
zEiRQ$`DQS7-=SYB6$k=e`(?{>ggX(ww2f8l&!X$baNj*bYz1DI+C72jYea3R91^=2
z(w5>JyEL@D=RT|4M9wv%5RVzUFTXn5L|}5(c6It*`O?%de#2^1$U7T&bUna@O-S~M
zGtXZJ|F~2k0assKs(kmHtt<z?s>Y{f9w%-)f2OC_?{~0iU0P{qKdK98jvDP)uSXrj
zoZkJ_92|&d#oMSl6qB&%!AnR(LnBK&@TDF|>UaGxl>c`~wEvshsOJU=kYav&l;_<8
zPG?-Z+@4^Rc<Gmyw7FsC;GAV;wLT-%+*Jg6HNJb`yDLqlgFW`3s5`=-QSxxtDx|a?
zsyEv9Ak-SqW>YW%x~`}KP*kb(2Ok`Vsn(WxhbHKN##UZ=NFge5W9P-FxWHd)Ilqa9
zC_`X{EZgU>5Xf0sQNFBys@zuCPze~Q&m0{A|1+vrP#A3%SJkO7iJ}MC80b0T2bvS-
z8vlLz<|qxl*>P2lXkYKX7uEr%<Dy|8HHO29#OSfDx%=9yDl#pcY;pqK!FkQzJ%4@~
zLD>2Jho^6EkYOKJ>2mvAt7^y9RiszbpAq-+YvcFZ5sSmsOVjr*bWrnJ^exBlw@oyH
z%&fCYx5+1}GQZDeaLgQ<7;3+!*hosj@f_4wl;$aNcKVPVz;iviHKis`9l^-&c#M^p
zEQV%7FDus?lm7HJrNCi*;f@RVWQOh--sEEP8C$63nS#CJZ|Rhg9z;AxIzMDSqpyd3
zPNv=umQ0Z9OYCp38YJYHY4#*@gk{VS?C%Z#v5SC>TDD=%r89r;iIXrgNSyr{r&L4j
zJiHzH$omSaHH6n`*&T~V=3fdk1a{t`{8z-?u$Vjnse5G9$A_yW9}+$ye&vV46n7g9
z$kXv6vfWcjLK&avg=Wb4JIo>BbiP29tvU@dXH!8ws_5plSHj1?`=h^~Fs<CS5FH?V
z{h@X)V6-u5yYA|OJ_86`erB9j!p~iVYRm_DorHmeK2C{I`iyi=dpS4!eedWjiFX#w
zK@9^?WR<6R0QEKjVSD$Wt8LY%)|Lpc=wf)IU)_6*E5;0`v_^j-pLfFpNpQl31G+b3
zYAM{~OVVoYh`?u%thl`7v%It8$#sYwP~8*Br@KKzPH4*gpKoQsx=kd^`JJEl(M1;@
z?^)9iw6n&w;vT(n!L$Fi*~j!)Kptnr-96#sbsMVVE59K@frMKSSNX&>bV|Bs(#Y5q
zPpSv?p3or8_U_zKo$Kn9cUBXh$KlW2i=o@WNz@t~2;BTv>Ng8ho<~wj&>p!4CU(kt
z&wmgfLA>GZgou$0_Ni4G-v1UONb}QKd6=Eh&PP-i@%*I4`s!g<byDpyT&<4m*TkH-
zvk`7Y_dBBz@WL%G>!^r<16(+Xeq)pSfsOnd)2A(u{a$})6ZwDo6@#R7|2gNm?Ms^P
zn9N<AOyL%EH9FgL@<#NH93aGp%F0TKCbYjCz*y1eo%vvi$7ps)Uy3&Us~=M(dyVE@
zERZjS|I>&4L4YjCqA~jFk1+7h+^}0pO#Rop9VvFm{w$l2OJ~n@=6#${{>+$gIM`F(
z9b{gxbkLJ>@Cn=+gizQ9l#usGLq%Z%pdp!$|2)#mzf|24FB$n8PMDV*xdQ7YlL`ud
z$%I8L;9hcUa}xz?AJYah$lpHcWB-#9|6W=5qI>!>)L3%T6wb^2O4q9X%WD3;(En2l
c{})BqVJT<|gRdhxi(lF#Ev_I|Dx&B6A8ZoA^#A|>
literal 0
HcmV?d00001
diff --git a/content/slides/cri/md/ansible.md b/content/slides/cri/md/ansible.md
index 392a3c4..d130418 100644
--- a/content/slides/cri/md/ansible.md
+++ b/content/slides/cri/md/ansible.md
@@ -432,72 +432,131 @@ ignore_errors: True
```
-## task
+## [<i class="fa fa-book" aria-hidden="true"></i> set_fact](https://docs.ansible.com/ansible/latest/modules/set_fact_module.html) & pre_task
-[<i class="fa fa-book" aria-hidden="true"></i> set_fact](https://docs.ansible.com/ansible/latest/modules/set_fact_module.html)
+```yaml
+criprod:
+ pvecriprod1:
+ api_users:
+ - proxmoxapi
+ - vimazeno
+```
+
+```yaml
+- name: provisionner l'environnement du noeud (pour y accéder plus facilement dans les roles)
+ set_fact:
+ _pve: "{ 'cluster': '{{ lookup('env','PVE_CLUSTER') }}', 'node': '{{ lookup('env','PVE_NODE') }}', 'host': '{{ lookup('env','PVE_HOST') }}'}"
-pre_task
+- name: provisionner les utilisateurs d'api pve uniquement du noeud (pour y accéder plus facilement dans les roles)
+ set_fact:
+ api_users: "{ 'api_users': {{ hostvars[inventory_hostname][_pve.cluster][_pve.node]['api_users'] }}}"
+
+- name: fusionner l'environnement du noeud (pour y accéder plus facilement dans les roles)
+ set_fact:
+ pve: "{{ _pve | combine(api_users) }}"
+```
[<i class="fa fa-gitlab" aria-hidden="true"></i> exemple permettant de réorganiser les variables](https://gitlab.isima.fr/cri/stack/blob/master/ansible/pre-tasks/set-pve-vars.yml)
## tags
-* `always`
- * tag spécial exécuté à tous les coups
-* tags au niveau tâches
-* tags au niveau roles
+tags au niveau tâches
+
+```yaml
+- name: s'assurer que le fichier user.cfg existe
+ file:
+ dest: /etc/pve/user.cfg
+ state: touch
+ tags: [pve-users]
+```
+
+tags au niveau roles à l'inclusion dans le playbook
+
+```yaml
+roles:
+
+ - role: debug
+ tags: debug
+```
+
+`always` tag spécial exécuté à tous les coups
## modules
-* file
-* infile
-* copy
+* [<i class="fa fa-book" aria-hidden="true"></i> file](https://docs.ansible.com/ansible/latest/modules/file_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> lineinfile](https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> copy](https://docs.ansible.com/ansible/latest/modules/copy_module.html)
* [<i class="fa fa-book" aria-hidden="true"></i> template](https://docs.ansible.com/ansible/latest/modules/template_module.html)
-* package
-* stat
-* get_url
-* unarchive
-* user
-* systemd
-* pip
-* pexpect (require pexpect)
+* [<i class="fa fa-book" aria-hidden="true"></i> stat](https://docs.ansible.com/ansible/latest/modules/stat_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> get_url](https://docs.ansible.com/ansible/latest/modules/get_url_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> unarchive](https://docs.ansible.com/ansible/latest/modules/unarchive_module.html)
+
+
+## modules
+
+* [<i class="fa fa-book" aria-hidden="true"></i> package](https://docs.ansible.com/ansible/latest/modules/package_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> user](https://docs.ansible.com/ansible/latest/modules/user_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> systemd](https://docs.ansible.com/ansible/latest/modules/systemd_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> expect](https://docs.ansible.com/ansible/latest/modules/exepect_module.html)
+ * `pip install pexpect`
+* [<i class="fa fa-book" aria-hidden="true"></i> ...](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html)
## roles
+[<i class="fa fa-book" aria-hidden="true"></i> debops](https://docs.debops.org/en/master/)
+
* [<i class="fa fa-github" aria-hidden="true"></i> bau-sec/ansible-openvpn-hardened](https://github.com/bau-sec/ansible-openvpn-hardened)
+* [<i class="fa fa-github" aria-hidden="true"></i> ...](https://github.com/)
+### skeleton
-## ansible.cfg
+```
+ansible-galaxy init --role-skeleton /path/to/stack/ansible/roles/skeletons/role-with-vagrant gitlab
+```
+[<i class="fa fa-gitlab" aria-hidden="true"></i>ansible/roles/skeletons/role-with-vagrant](https://gitlab.isima.fr/cri/stack/tree/master/ansible/roles/skeletons/role-with-vagrant)
## remote roles
-* mettre à jour `requirements.yml` avec les rôles nécessaires
-
-* récupérer les rôles
+`requirements.yml`
+```yaml
+- name: vault-server
+ src: git+ssh://git@gitlab.isima.fr/cri/ansible-playbook-vault.git
+ path: ./ansible/roles/remotes
```
-ansible-galaxy install -f -r requirements.yml -p ansible/roles/public
-```
-ou
+
```
-ansible-galaxy install -f -r requirements.yml
+$ ansible-galaxy install -f -r requirements.yml
```
-en affectant le path dans le fichier requirements.yml au niveau du role distant
-## skeleton
+## ansible.cfg
+```ini
+[defaults]
+roles_path = ./ansible/roles/remotes:./ansible/roles/apps:./ansible/roles/commons:./ansible/roles/services
+inventory = ./ansible/inventory.ini
+filter_plugins = ./ansible/plugins/filter:
+lookup_plugins = ./ansible/plugins/lookup:
+callback_plugins = ./ansible/plugins/callback:
+module_utils = ./ansible/module_utils:
+stdout_callback = anstomlog
+deprecation_warnings = False
+
+[privilege_escalation]
+become: yes
+become_user: root
+become_method: sudo
```
-ansible-galaxy init --role-skeleton /path/to/stack/ansible/roles/skeletons/role-with-vagrant gitlab
-```
-* [<i class="fa fa-github" aria-hidden="true"></i> mrjk/ansible-skel](https://github.com/mrjk/ansible-skel)
## extend
-* https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html
-* https://docs.ansible.com/ansible/latest/dev_guide/developing_modules.html
+[<i class="fa fa-book" aria-hidden="true"></i> developing plugins](https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html)
+
+[<i class="fa fa-book" aria-hidden="true"></i> developing modules](https://docs.ansible.com/ansible/latest/dev_guide/developing_modules.html)
diff --git a/content/slides/cri/md/vault.md b/content/slides/cri/md/vault.md
index 9279e9e..6803241 100644
--- a/content/slides/cri/md/vault.md
+++ b/content/slides/cri/md/vault.md
@@ -9,10 +9,13 @@
* téléchargement d'un binaire
- * https://releases.hashicorp.com/vault/
+ * [https://releases.hashicorp.com/vault/](https://releases.hashicorp.com/vault/)
* décompresser dans /usr/local/bin
* configurer les permissions
- * créer un service systemd
+ * serveur
+ * créer un service systemd
+ * cli
+ * `vault`
## Configuration
@@ -32,20 +35,58 @@ listener "tcp" {
```
-## Secret engine
+## [<i class="fa fa-book" aria-hidden="true"></i> Secret engine](https://www.vaultproject.io/docs/secrets/)
+* [<i class="fa fa-book" aria-hidden="true"></i> Secrets Engines - getting started](https://learn.hashicorp.com/vault/getting-started/dynamic-secrets)
+* [<i class="fa fa-book" aria-hidden="true"></i> AWS Secrets Engine](https://www.vaultproject.io/docs/secrets/aws/index.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> Active Directory Secrets Engine](https://www.vaultproject.io/docs/secrets/aws/index.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> SSH Secrets Engine](https://www.vaultproject.io/docs/secrets/ssh/index.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> KV Secrets Engine](https://www.vaultproject.io/docs/secrets/kv/index.html)
-## KV2
+## KV
+
+```shell
+$ vault kv get secret/test
+====== Data ======
+Key Value
+--- -----
+password1 secret$
+
+$ vault kv put secret/test password2=secret!
+Success! Data written to: secret/test
+
+$ vault kv get secret/test
+====== Data ======
+Key Value
+--- -----
+password2 secret!
```
+
+
+## KV2
+
+```shell
vault login token=<root-token>
vault secrets enable -path=cri kv
-vault kv enable-versioning cri/ # kv2
+vault kv enable-versioning secret/ # kv2
```
* les secrets sont versionnés
* il est possible d'utiliser PATCH et pas seulement PUT
+```shell
+$ vault kv patch secret/test password1=secret$
+Success! Data written to: secret/test
+
+$ vault kv get secret/test
+====== Data ======
+Key Value
+--- -----
+password1 secret$
+password2 secret!
+```
+
## Authentification
@@ -59,7 +100,7 @@ vault kv enable-versioning cri/ # kv2
## LDAP
-```
+```shell
$ vault write auth/ldap/config \
url="ldaps://samantha.local.isima.fr" \
userattr="sAMAccountName" \
@@ -73,6 +114,8 @@ $ vault write auth/ldap/config \
starttls="true"
```
+[<i class="fa fa-book" aria-hidden="true"></i> LDAP Auth Method](https://www.vaultproject.io/docs/auth/ldap.html)
+
## Policy
@@ -81,7 +124,7 @@ $ vault write auth/ldap/config \
```
# Write and manage secrets in key-value secret engine
path "secret/*" {
- capabilities = ["create", "read", "update", "delete", "list"]
+ capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
# To enable secret engines
@@ -89,89 +132,123 @@ path "sys/mounts/*" {
capabilities = [ "create", "read", "update", "delete" ]
}
-path "secret/data/cri/*" {
- capabilities = ["create", "read", "update", "delete", "list", "sudo"]
-}
-
path "cubbyhole/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
```
-```
+```shell
$ vault policy write cri /etc/vault/cri.hcl
```
-## Map policy and ldap group
+## appliquer une policy à un groupe ldap
-```
+```shell
$ vault write auth/ldap/groups/cri policies=cri
```
## Utilisation
-* le même binaire à télécharger
- * cross plateforme
-* deux variables d'environnement
- * $VAULT_ADDR=https://vault.isima.fr
- * $VAULT_TOKEN
+* [binaire à télécharger](https://releases.hashicorp.com/vault/)
+ * cross plateform
+ * deux variables d'environnement
+ * $VAULT_ADDR=https://vault.isima.fr
+ * $VAULT_TOKEN ou authentification ldap
ou
-* l'[api](https://www.vaultproject.io/api/overview)
+* l'[<i class="fa fa-book" aria-hidden="true"></i> api](https://www.vaultproject.io/api/overview)
## Workflow
-```
+```shell
$ vault login -method=ldap username=vimazeno
$ vault secrets list
-$ vault list cri/
-$ vault kv get cri/tokens
-$ vault kv get cri/tokens # à chaque put on écrase les entrées qu'on ne réécrit pas
-$ vault kv get cri/tokens -format=json
-$ vault kv get cri/tokens -format=json | jq .data
-$ vault kv get cri/tokens -format=json | jq .data.password
-$ vault kv put cri/tokens root=pipo2
-$ vault kv patch cri/tokens root1=pipo1
-$ vault delete cri/tokens
+$ vault list secret/
+$ vault kv get secret/tokens
+$ vault kv get secret/tokens # à chaque put on écrase les entrées qu'on ne réécrit pas
+$ vault kv get secret/tokens -format=json
+$ vault kv get secret/tokens -format=json | jq .data
+$ vault kv get secret/tokens -format=json | jq .data.password
+$ vault kv put secret/tokens root=$(openssl rand -base64 25)
+$ vault kv patch secret/tokens root1=$(openssl rand -base64 25)
+$ vault delete secret/tokens
```
## création de token
+my.hcl
+
```
+path "secret/data/cri/apps/my" {
+ capabilities = ["create", "read", "update", "delete", "list"]
+}
+```
+
+```shell
$ vault policy write vault/apps/my.hcl
$ vault token create -policy=my
```
-## token et ci/cd
-
-* on teste en local avec ses droits via ldaps
-* on génère un token en variable de CI/CD pour autoriser l'appli à lire des secrets
+## vault/ci/cd
+### en local
-## Générer un secret
+authentification ldap
-Un secret robuste en ligne de commande se génère avec la commande `openssl` comme suit
+### <i class="fa fa-gitlab" aria-hidden="true"></i> CI / CD
-```
-$ openssl rand -base64 256
-```
-
-Stocker le secret directement dans hashicorp vault
+
-```
-$ vault kv put cri/tokens root=$(openssl rand -base64 25)
-```
+## bin/setup
-## SEE ALSO
-
-* [cri/ansible-playbook-vault](https://gitlab.isima.fr/cri/ansible-playbook-vault)
-
-* [Vault - Getting started](https://learn.hashicorp.com/vault/?track=getting-started#getting-started)
-
-* [consul](https://www.consul.io/)
+<small>
+```bash
+command -v "vault" >/dev/null 2>&1 || {
+ echo >&2 "I require vault to run see stack"
+ exit 1
+}
+if [[ -z "${VAULT_ADDR}" ]] ; then
+ export VAULT_ADDR=https://vault.isima.fr
+fi
+if [[ -z "${VAULT_TOKEN}" ]] ; then
+ if [[ -z "${VAULT_USERNAME}" ]] ; then
+ echo uca username
+ read username
+ export VAULT_USERNAME=${username}
+ fi
+ vault login -method=ldap username=$VAULT_USERNAME > /dev/null
+ echo " export VAULT_TOKEN=$(cat ~/.vault-token)"
+else
+ vault login token=${VAULT_TOKEN} > /dev/null
+fi
+```
+</small>
+
+
+## bin/configure
+
+<small>
+```bash
+# lecture des clés vault avec python: la sortie est une liste python UTF8 (u'value')
+KV=$(vault read cri/my -format=json | python -c "import sys, json; print json.load(sys.stdin)['data'].keys()")
+# converison de la liste python en liste bash
+VAULT_KEYS=( $(echo ${KV} | sed -r "s/', u'/' '/g" | sed -r "s/\[u'/'/g" | sed -r "s/\]//g") )
+# copie du ttemplatye de configuration en fichier de configuration
+cp config.sample.py config.py
+# itération sur les clés vault
+for i in "${VAULT_KEYS[@]}"
+do
+ # enlève le permier '
+ i=${i%\'}
+ # enlève le dernier '
+ i=${i#\'}
+ sed -i "s|$i|$(vault read cri/my -format=json | jq -r .data.$i | sed -r "s/\n//g")|g" config.py 2>/dev/null
+done
+```
+</small>
--
GitLab