From 60da27dafd72ec005b07bcee93295100953269e2 Mon Sep 17 00:00:00 2001 From: Aine Riordan <44700011+ariordan-redhat@users.noreply.github.com> Date: Thu, 24 Jul 2025 21:51:11 +0100 Subject: [PATCH 01/71] Update release attribute and docinfo to 2.6 (#3902) (#3903) --- downstream/attributes/attributes.adoc | 4 ++-- downstream/titles/aap-containerized-install/docinfo.xml | 2 +- downstream/titles/aap-hardening/docinfo.xml | 2 +- downstream/titles/aap-installation-guide/docinfo.xml | 2 +- downstream/titles/aap-migration/docinfo.xml | 2 +- downstream/titles/aap-operations-guide/docinfo.xml | 2 +- downstream/titles/aap-operator-backup/docinfo.xml | 2 +- downstream/titles/aap-operator-installation/docinfo.xml | 2 +- downstream/titles/aap-planning-guide/docinfo.xml | 2 +- downstream/titles/aap-plugin-rhdh-install/docinfo.xml | 2 +- downstream/titles/analytics/docinfo.xml | 2 +- downstream/titles/automation-mesh/docinfo.xml | 2 +- downstream/titles/builder/docinfo.xml | 2 +- downstream/titles/central-auth/docinfo.xml | 2 +- .../titles/controller/controller-admin-guide/docinfo.xml | 2 +- .../titles/controller/controller-api-overview/docinfo.xml | 2 +- .../titles/controller/controller-user-guide/docinfo.xml | 2 +- downstream/titles/develop-automation-content/docinfo.xml | 2 +- downstream/titles/eda/eda-user-guide/docinfo.xml | 2 +- .../titles/edge-manager/edge-manager-user-guide/docinfo.xml | 2 +- downstream/titles/getting-started/docinfo.xml | 2 +- downstream/titles/hub/managing-content/docinfo.xml | 2 +- downstream/titles/navigator-guide/docinfo.xml | 2 +- downstream/titles/ocp_performance_guide/docinfo.xml | 2 +- downstream/titles/operator-mesh/docinfo.xml | 2 +- .../titles/playbooks/playbooks-getting-started/docinfo.xml | 2 +- downstream/titles/playbooks/playbooks-reference/docinfo.xml | 2 +- downstream/titles/release-notes/docinfo.xml | 2 +- downstream/titles/security-guide/docinfo.xml | 2 +- downstream/titles/self-service-install/docinfo.xml | 2 +- downstream/titles/self-service-using/docinfo.xml | 2 +- .../terraform-aap/terraform-aap-getting-started/docinfo.xml | 2 +- downstream/titles/topologies/docinfo.xml | 2 +- downstream/titles/troubleshooting-aap/docinfo.xml | 2 +- downstream/titles/upgrade/docinfo.xml | 2 +- 35 files changed, 36 insertions(+), 36 deletions(-) diff --git a/downstream/attributes/attributes.adoc b/downstream/attributes/attributes.adoc index ef0f2df9c5..c37f2ff991 100644 --- a/downstream/attributes/attributes.adoc +++ b/downstream/attributes/attributes.adoc @@ -6,13 +6,13 @@ :AAPCentralAuth: Ansible Automation Platform Central Authentication :CentralAuthStart: Central authentication :CentralAuth: central authentication -:PlatformVers: 2.5 +:PlatformVers: 2.6 :PostgresVers: PostgreSQL 15 //The ansible-core version used to install AAP :CoreInstVers: 2.14 //The ansible-core version used by the AAP control plane and EEs :CoreUseVers: 2.16 -:PlatformDownloadUrl: https://access.redhat.com/downloads/content/480/ver=2.5/rhel---9/2.5/x86_64/product-software +:PlatformDownloadUrl: https://access.redhat.com/downloads/content/480/ver=2.6/rhel---9/2.6/x86_64/product-software :BaseURL: https://docs.redhat.com/en/documentation :VMBase: VM-based installation :Installer: installation program diff --git a/downstream/titles/aap-containerized-install/docinfo.xml b/downstream/titles/aap-containerized-install/docinfo.xml index 47f1005992..c9143dc17b 100644 --- a/downstream/titles/aap-containerized-install/docinfo.xml +++ b/downstream/titles/aap-containerized-install/docinfo.xml @@ -1,6 +1,6 @@ Containerized installation Red Hat Ansible Automation Platform -2.5 +2.6 Install the containerized version of Ansible Automation Platform This guide helps you to understand the installation requirements and processes behind our containerized version of Ansible Automation Platform. diff --git a/downstream/titles/aap-hardening/docinfo.xml b/downstream/titles/aap-hardening/docinfo.xml index a5430ad33c..c6256b39f1 100644 --- a/downstream/titles/aap-hardening/docinfo.xml +++ b/downstream/titles/aap-hardening/docinfo.xml @@ -1,6 +1,6 @@ Hardening and compliance Red Hat Ansible Automation Platform -2.5 +2.6 Install, configure, and maintain Ansible Automation Platform running on Red Hat Enterprise Linux in a secure manner This guide provides recommended practices for various processes needed to install, configure, and maintain {PlatformNameShort} on Red Hat Enterprise Linux in a secure manner. diff --git a/downstream/titles/aap-installation-guide/docinfo.xml b/downstream/titles/aap-installation-guide/docinfo.xml index 1153b284cc..621715bbf9 100644 --- a/downstream/titles/aap-installation-guide/docinfo.xml +++ b/downstream/titles/aap-installation-guide/docinfo.xml @@ -1,6 +1,6 @@ RPM installation Red Hat Ansible Automation Platform -2.5 +2.6 Install the RPM version of Ansible Automation Platform This guide shows you how to install Red Hat Ansible Automation Platform based on supported installation scenarios. diff --git a/downstream/titles/aap-migration/docinfo.xml b/downstream/titles/aap-migration/docinfo.xml index b307c93a17..fb4aaab677 100644 --- a/downstream/titles/aap-migration/docinfo.xml +++ b/downstream/titles/aap-migration/docinfo.xml @@ -1,6 +1,6 @@ Ansible Automation Platform migration Red Hat Ansible Automation Platform -2.5 +2.6 Migrate your deployment of Ansible Automation Platform from one installation type to another diff --git a/downstream/titles/aap-operations-guide/docinfo.xml b/downstream/titles/aap-operations-guide/docinfo.xml index 5ff53ae44c..2c3234d608 100644 --- a/downstream/titles/aap-operations-guide/docinfo.xml +++ b/downstream/titles/aap-operations-guide/docinfo.xml @@ -1,6 +1,6 @@ Operating Ansible Automation Platform Red Hat Ansible Automation Platform -2.5 +2.6 Post installation configurations to ensure a smooth deployment of Ansible Automation Platform installation diff --git a/downstream/titles/aap-operator-backup/docinfo.xml b/downstream/titles/aap-operator-backup/docinfo.xml index 8b76b1f66a..01906ad090 100644 --- a/downstream/titles/aap-operator-backup/docinfo.xml +++ b/downstream/titles/aap-operator-backup/docinfo.xml @@ -1,6 +1,6 @@ Backup and recovery for operator environments Red Hat Ansible Automation Platform -2.5 +2.6 Safeguard against data loss with backup and recovery of Ansible Automation Platform operator on OpenShift Container Platform diff --git a/downstream/titles/aap-operator-installation/docinfo.xml b/downstream/titles/aap-operator-installation/docinfo.xml index 2b16dbedcf..0c50f1a2bb 100644 --- a/downstream/titles/aap-operator-installation/docinfo.xml +++ b/downstream/titles/aap-operator-installation/docinfo.xml @@ -1,6 +1,6 @@ Installing on OpenShift Container Platform Red Hat Ansible Automation Platform -2.5 +2.6 Install and configure Ansible Automation Platform operator on OpenShift Container Platform This guide provides procedures and reference information for the supported installation scenarios for the Red Hat Ansible Automation Platform operator on OpenShift Container Platform. diff --git a/downstream/titles/aap-planning-guide/docinfo.xml b/downstream/titles/aap-planning-guide/docinfo.xml index 1d7ad68203..663cc79ad1 100644 --- a/downstream/titles/aap-planning-guide/docinfo.xml +++ b/downstream/titles/aap-planning-guide/docinfo.xml @@ -1,6 +1,6 @@ Planning your installation Red Hat Ansible Automation Platform -2.5 +2.6 Plan for installation of Ansible Automation Platform diff --git a/downstream/titles/aap-plugin-rhdh-install/docinfo.xml b/downstream/titles/aap-plugin-rhdh-install/docinfo.xml index 8445ef71f4..9adf1e0c8c 100644 --- a/downstream/titles/aap-plugin-rhdh-install/docinfo.xml +++ b/downstream/titles/aap-plugin-rhdh-install/docinfo.xml @@ -1,6 +1,6 @@ Installing Ansible plug-ins for Red Hat Developer Hub Red Hat Ansible Automation Platform -2.5 +2.6 Install and configure Ansible plug-ins for Red Hat Developer Hub This guide describes how to install and configure Ansible plug-ins for Red Hat Developer Hub so that users can learn about Ansible, explore curated collections, and develop automation projects. diff --git a/downstream/titles/analytics/docinfo.xml b/downstream/titles/analytics/docinfo.xml index a15b8b438d..39215c69fe 100644 --- a/downstream/titles/analytics/docinfo.xml +++ b/downstream/titles/analytics/docinfo.xml @@ -1,6 +1,6 @@ Using automation analytics Red Hat Ansible Automation Platform -2.5 +2.6 Evaluate the cost savings associated with automated processes This guide shows how to use the features of automation analytics to evaluate how automation is deployed across your environments and the savings associated with it. diff --git a/downstream/titles/automation-mesh/docinfo.xml b/downstream/titles/automation-mesh/docinfo.xml index 21d82d8834..2ca8c07e96 100644 --- a/downstream/titles/automation-mesh/docinfo.xml +++ b/downstream/titles/automation-mesh/docinfo.xml @@ -1,6 +1,6 @@ Automation mesh for VM environments Red Hat Ansible Automation Platform -2.5 +2.6 Automate at scale in a cloud-native way This guide shows how to deploy automation mesh as part of your VM-based Ansible Automation Platform environment. diff --git a/downstream/titles/builder/docinfo.xml b/downstream/titles/builder/docinfo.xml index 55235fd4a1..30c1885715 100644 --- a/downstream/titles/builder/docinfo.xml +++ b/downstream/titles/builder/docinfo.xml @@ -1,6 +1,6 @@ Creating and using execution environments Red Hat Ansible Automation Platform -2.5 +2.6 Create and use execution environment containers This guide shows how to create consistent and reproducible automation execution environments for your Red Hat Ansible Automation Platform. diff --git a/downstream/titles/central-auth/docinfo.xml b/downstream/titles/central-auth/docinfo.xml index 8a66af0c12..33a0664ee0 100644 --- a/downstream/titles/central-auth/docinfo.xml +++ b/downstream/titles/central-auth/docinfo.xml @@ -1,6 +1,6 @@ Access management and authentication Red Hat Ansible Automation Platform -2.5 +2.6 Configure role based access control, authenticators and authenticator maps in Ansible Automation Platform diff --git a/downstream/titles/controller/controller-admin-guide/docinfo.xml b/downstream/titles/controller/controller-admin-guide/docinfo.xml index 6e76c749b6..735933cf2a 100644 --- a/downstream/titles/controller/controller-admin-guide/docinfo.xml +++ b/downstream/titles/controller/controller-admin-guide/docinfo.xml @@ -1,6 +1,6 @@ Configuring automation execution Red Hat Ansible Automation Platform -2.5 +2.6 Learn how to manage, monitor, and use automation controller This guide shows how to manage automation controller with custom scripts, management jobs, and more. diff --git a/downstream/titles/controller/controller-api-overview/docinfo.xml b/downstream/titles/controller/controller-api-overview/docinfo.xml index 7047335f62..5b1885eef3 100644 --- a/downstream/titles/controller/controller-api-overview/docinfo.xml +++ b/downstream/titles/controller/controller-api-overview/docinfo.xml @@ -1,6 +1,6 @@ Automation execution API overview Red Hat Ansible Automation Platform -2.5 +2.6 Developer overview for the {ControllerName} API Explore the {ControllerName} API Overview for streamlined automation solutions, empowering developers and administrators with efficient infrastructure management. diff --git a/downstream/titles/controller/controller-user-guide/docinfo.xml b/downstream/titles/controller/controller-user-guide/docinfo.xml index 0138758634..3df7c804f2 100644 --- a/downstream/titles/controller/controller-user-guide/docinfo.xml +++ b/downstream/titles/controller/controller-user-guide/docinfo.xml @@ -1,6 +1,6 @@ Using automation execution Red Hat Ansible Automation Platform -2.5 +2.6 Use automation execution to deploy, define, operate, scale and delegate automation This guide shows you how to use automation controller to define, operate, scale and delegate automation across your enterprise. diff --git a/downstream/titles/develop-automation-content/docinfo.xml b/downstream/titles/develop-automation-content/docinfo.xml index 1473821ead..bab86d6bd8 100644 --- a/downstream/titles/develop-automation-content/docinfo.xml +++ b/downstream/titles/develop-automation-content/docinfo.xml @@ -1,6 +1,6 @@ Developing automation content Red Hat Ansible Automation Platform -2.5 +2.6 Develop Ansible automation content to run automation jobs This guide describes how to develop Ansible automation content and how to use it to run automation jobs from Red Hat Ansible Automation Platforms. diff --git a/downstream/titles/eda/eda-user-guide/docinfo.xml b/downstream/titles/eda/eda-user-guide/docinfo.xml index 4a544938ec..90c4892452 100644 --- a/downstream/titles/eda/eda-user-guide/docinfo.xml +++ b/downstream/titles/eda/eda-user-guide/docinfo.xml @@ -1,6 +1,6 @@ Using automation decisions Red Hat Ansible Automation Platform -2.5 +2.6 Configure and use {EDAcontroller} to enhance and expand automation Learn how to configure your {EDAcontroller} to set up credentials, new projects, decision environments, tokens to authenticate to Ansible Automation Platform Controller, and rulebook activation. diff --git a/downstream/titles/edge-manager/edge-manager-user-guide/docinfo.xml b/downstream/titles/edge-manager/edge-manager-user-guide/docinfo.xml index d7492d723a..31377ecbfa 100644 --- a/downstream/titles/edge-manager/edge-manager-user-guide/docinfo.xml +++ b/downstream/titles/edge-manager/edge-manager-user-guide/docinfo.xml @@ -1,6 +1,6 @@ Managing device fleets with the Red Hat Edge Manager Red Hat Ansible Automation Platform -2.5 +2.6 Install, configure, and use the Red Hat Edge Manager to manage individual and fleets of devices Learn about components that you can use for scalable and secure edge management. diff --git a/downstream/titles/getting-started/docinfo.xml b/downstream/titles/getting-started/docinfo.xml index e1b8436be6..1950768d09 100644 --- a/downstream/titles/getting-started/docinfo.xml +++ b/downstream/titles/getting-started/docinfo.xml @@ -1,6 +1,6 @@ Getting started with Ansible Automation Platform Red Hat Ansible Automation Platform -2.5 +2.6 Get started with Ansible Automation Platform This guide shows how to get started with Ansible Automation Platform. diff --git a/downstream/titles/hub/managing-content/docinfo.xml b/downstream/titles/hub/managing-content/docinfo.xml index 26b6154d33..efe3b1ce54 100644 --- a/downstream/titles/hub/managing-content/docinfo.xml +++ b/downstream/titles/hub/managing-content/docinfo.xml @@ -1,6 +1,6 @@ Managing automation content Red Hat Ansible Automation Platform -2.5 +2.6 Create and manage collections, content and repositories in automation hub This guide shows you how to create, edit, delete, and move content in automation hub. diff --git a/downstream/titles/navigator-guide/docinfo.xml b/downstream/titles/navigator-guide/docinfo.xml index 4d80c41c38..318c9fdb5c 100644 --- a/downstream/titles/navigator-guide/docinfo.xml +++ b/downstream/titles/navigator-guide/docinfo.xml @@ -1,6 +1,6 @@ Using content navigator Red Hat Ansible Automation Platform -2.5 +2.6 Develop content that is compatible with Ansible Automation Platform diff --git a/downstream/titles/ocp_performance_guide/docinfo.xml b/downstream/titles/ocp_performance_guide/docinfo.xml index 0771bd481b..aeef0254f4 100644 --- a/downstream/titles/ocp_performance_guide/docinfo.xml +++ b/downstream/titles/ocp_performance_guide/docinfo.xml @@ -1,6 +1,6 @@ Performance considerations for operator environments Red Hat Ansible Automation Platform -2.5 +2.6 Configure automation controller for improved performance on operator based installations diff --git a/downstream/titles/operator-mesh/docinfo.xml b/downstream/titles/operator-mesh/docinfo.xml index d7f34fed3b..3470fce58f 100644 --- a/downstream/titles/operator-mesh/docinfo.xml +++ b/downstream/titles/operator-mesh/docinfo.xml @@ -1,6 +1,6 @@ Automation mesh for managed cloud or operator environments Red Hat Ansible Automation Platform -2.5 +2.6 Automate at scale in a cloud-native way This guide shows how to deploy automation mesh as part of your operator-based Ansible Automation Platform environment. diff --git a/downstream/titles/playbooks/playbooks-getting-started/docinfo.xml b/downstream/titles/playbooks/playbooks-getting-started/docinfo.xml index 5dc012241f..dae897928d 100644 --- a/downstream/titles/playbooks/playbooks-getting-started/docinfo.xml +++ b/downstream/titles/playbooks/playbooks-getting-started/docinfo.xml @@ -1,6 +1,6 @@ Getting started with playbooks Red Hat Ansible Automation Platform -2.5 +2.6 Get started with Ansible Playbooks This guide shows how to create and use playbooks to address your automation requirements. diff --git a/downstream/titles/playbooks/playbooks-reference/docinfo.xml b/downstream/titles/playbooks/playbooks-reference/docinfo.xml index 58966318a4..785035a5cd 100644 --- a/downstream/titles/playbooks/playbooks-reference/docinfo.xml +++ b/downstream/titles/playbooks/playbooks-reference/docinfo.xml @@ -1,6 +1,6 @@ Reference guide to Ansible Playbooks Red Hat Ansible Automation Platform -2.5 +2.6 Learn about the different approaches for creating playbooks This guide provides a reference for the differing approaches to the creating of Ansible playbooks. diff --git a/downstream/titles/release-notes/docinfo.xml b/downstream/titles/release-notes/docinfo.xml index 097f5a79e4..9c946d5e4f 100644 --- a/downstream/titles/release-notes/docinfo.xml +++ b/downstream/titles/release-notes/docinfo.xml @@ -1,6 +1,6 @@ Release notes Red Hat Ansible Automation Platform -2.5 +2.6 New features, enhancements, and bug fix information diff --git a/downstream/titles/security-guide/docinfo.xml b/downstream/titles/security-guide/docinfo.xml index fb847664c8..b769853b80 100644 --- a/downstream/titles/security-guide/docinfo.xml +++ b/downstream/titles/security-guide/docinfo.xml @@ -1,6 +1,6 @@ Implementing security automation Red Hat Ansible Automation Platform -2.5 +2.6 Identify and manage security events using Ansible This guide provides procedures for automating and streamlining various security processes needed to identify, triage, and respond to security events using Ansible. diff --git a/downstream/titles/self-service-install/docinfo.xml b/downstream/titles/self-service-install/docinfo.xml index 6eae8aa3ed..21a5562a0c 100644 --- a/downstream/titles/self-service-install/docinfo.xml +++ b/downstream/titles/self-service-install/docinfo.xml @@ -1,6 +1,6 @@ Installing Ansible Automation Platform self-service technology preview Red Hat Ansible Automation Platform -2.5 +2.6 Install and configure Ansible Automation Platform self-service technology preview This guide describes how to install and configure Ansible Automation Platform self-service technology preview so that users can run automation. diff --git a/downstream/titles/self-service-using/docinfo.xml b/downstream/titles/self-service-using/docinfo.xml index 985a3dcc23..be9e80274c 100644 --- a/downstream/titles/self-service-using/docinfo.xml +++ b/downstream/titles/self-service-using/docinfo.xml @@ -1,6 +1,6 @@ Using Ansible Automation Platform self-service technology preview Red Hat Ansible Automation Platform -2.5 +2.6 Use Ansible Automation Platform self-service technology preview This guide describes how to use Ansible Automation Platform self-service technology preview to implement role-based access control and run automation. diff --git a/downstream/titles/terraform-aap/terraform-aap-getting-started/docinfo.xml b/downstream/titles/terraform-aap/terraform-aap-getting-started/docinfo.xml index 4c420f3afc..9dd6558c9e 100644 --- a/downstream/titles/terraform-aap/terraform-aap-getting-started/docinfo.xml +++ b/downstream/titles/terraform-aap/terraform-aap-getting-started/docinfo.xml @@ -1,6 +1,6 @@ Getting started with Terraform and Ansible Automation Platform Red Hat Ansible Automation Platform -2.5 +2.6 Integrate Terraform with Ansible Automation Platform Learn how to configure Ansible Automation Platform with Terraform Enterprise or HCP Terraform, and migrate from Terraform Community. diff --git a/downstream/titles/topologies/docinfo.xml b/downstream/titles/topologies/docinfo.xml index e29d8807e5..0ffc6bf4c3 100644 --- a/downstream/titles/topologies/docinfo.xml +++ b/downstream/titles/topologies/docinfo.xml @@ -1,6 +1,6 @@ Tested deployment models Red Hat Ansible Automation Platform -2.5 +2.6 Plan your deployment of Ansible Automation Platform diff --git a/downstream/titles/troubleshooting-aap/docinfo.xml b/downstream/titles/troubleshooting-aap/docinfo.xml index 4375bb5626..97233bf22e 100644 --- a/downstream/titles/troubleshooting-aap/docinfo.xml +++ b/downstream/titles/troubleshooting-aap/docinfo.xml @@ -1,6 +1,6 @@ Troubleshooting Ansible Automation Platform Red Hat Ansible Automation Platform -2.5 +2.6 Troubleshoot issues with Ansible Automation Platform diff --git a/downstream/titles/upgrade/docinfo.xml b/downstream/titles/upgrade/docinfo.xml index 0def8006be..4b483cfa6e 100644 --- a/downstream/titles/upgrade/docinfo.xml +++ b/downstream/titles/upgrade/docinfo.xml @@ -1,6 +1,6 @@ RPM upgrade and migration Red Hat Ansible Automation Platform -2.5 +2.6 Upgrade and migrate legacy deployments of Ansible Automation Platform This guide shows you how to upgrade to the latest version of Ansible Automation Platform and migrate legacy virtual environments to automation execution environments. From b8be4bd525dc09683edbf46b8d492f7aac923fbf Mon Sep 17 00:00:00 2001 From: Aine Riordan <44700011+ariordan-redhat@users.noreply.github.com> Date: Thu, 24 Jul 2025 22:00:39 +0100 Subject: [PATCH 02/71] 2.6 Add sync scripts for 2.6 (#3904) --- bin/sync_docs.sh | 19 +++++++++++++++++++ bin/sync_ocp_latest.sh | 13 +++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 bin/sync_docs.sh create mode 100644 bin/sync_ocp_latest.sh diff --git a/bin/sync_docs.sh b/bin/sync_docs.sh new file mode 100644 index 0000000000..6b383e4548 --- /dev/null +++ b/bin/sync_docs.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +###### +# This script synchronizes content to the downstream repository. +# A Jenkins job configures the source and target repositories and runs this script directly. +# If you commit changes to this script you should verify the Jenkins job runs successfully. +###### + +# Set the path to the source and target directories. +# The source directory contains the content that you want to synchronize. +source=source +# The target directory is the location where you want to synchronize content. +target=target + +# Clean the existing downstream and release-note folders. +rm -rf $target/downstream + +# Copy the content of the downstream and release-note folders. +cp -r $source/downstream $target/downstream diff --git a/bin/sync_ocp_latest.sh b/bin/sync_ocp_latest.sh new file mode 100644 index 0000000000..217c388759 --- /dev/null +++ b/bin/sync_ocp_latest.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# Set the path to the file that contains the ":OCPLatest:" attribute. +attributes=../downstream/attributes/attributes.adoc + +# Retrieve the OCP attributes file from the OpenShift docs repository. +curl https://raw.githubusercontent.com/openshift/openshift-docs/main/_attributes/ocp-attributes.adoc -o ocp-attributes.adoc +# Save the value of the "product-version" attribute as a variable. +ocpversion=$(sed -n -e 's/^:product-version: //p' ocp-attributes.adoc) +# Replace the value of the "OCPLatest" attribute with the value of the "product-version" attribute. +sed -i -e "s/^:OCPLatest:.*/:OCPLatest: $ocpversion/" $attributes +# Delete the OCP attributes file. +rm -f ocp-attributes.adoc From 861eb1f65607c253fccf89540eb713d9934ab17a Mon Sep 17 00:00:00 2001 From: Aine Riordan <44700011+ariordan-redhat@users.noreply.github.com> Date: Thu, 24 Jul 2025 22:30:52 +0100 Subject: [PATCH 03/71] 2.6: Archive 2.5 updating doc (#3905) --- .../archived-titles}/updating-aap/docinfo.xml | 0 .../archived-titles}/updating-aap/master.adoc | 2 +- downstream/titles/updating-aap/aap-common | 1 - downstream/titles/updating-aap/attributes | 1 - downstream/titles/updating-aap/images | 1 - downstream/titles/updating-aap/platform | 1 - 6 files changed, 1 insertion(+), 5 deletions(-) rename downstream/{titles => archive/archived-titles}/updating-aap/docinfo.xml (100%) rename downstream/{titles => archive/archived-titles}/updating-aap/master.adoc (92%) delete mode 120000 downstream/titles/updating-aap/aap-common delete mode 120000 downstream/titles/updating-aap/attributes delete mode 120000 downstream/titles/updating-aap/images delete mode 120000 downstream/titles/updating-aap/platform diff --git a/downstream/titles/updating-aap/docinfo.xml b/downstream/archive/archived-titles/updating-aap/docinfo.xml similarity index 100% rename from downstream/titles/updating-aap/docinfo.xml rename to downstream/archive/archived-titles/updating-aap/docinfo.xml diff --git a/downstream/titles/updating-aap/master.adoc b/downstream/archive/archived-titles/updating-aap/master.adoc similarity index 92% rename from downstream/titles/updating-aap/master.adoc rename to downstream/archive/archived-titles/updating-aap/master.adoc index 27bb46df48..1c695c6539 100644 --- a/downstream/titles/updating-aap/master.adoc +++ b/downstream/archive/archived-titles/updating-aap/master.adoc @@ -21,4 +21,4 @@ Upgrades from 2.4 to 2.5 are unsupported at this time. For more information, see include::platform/assembly-update-rpm.adoc[leveloffset=+1] include::platform/assembly-update-container.adoc[leveloffset=+1] -// [hherbly]: moved to Installing on OCP guide per AAP-34122 include::platform/assembly-update-ocp.adoc[leveloffset=+1] \ No newline at end of file +// [hherbly]: moved to Installing on OCP guide per AAP-34122 include::platform/assembly-update-ocp.adoc[leveloffset=+1] diff --git a/downstream/titles/updating-aap/aap-common b/downstream/titles/updating-aap/aap-common deleted file mode 120000 index 472eeb4dac..0000000000 --- a/downstream/titles/updating-aap/aap-common +++ /dev/null @@ -1 +0,0 @@ -../../aap-common \ No newline at end of file diff --git a/downstream/titles/updating-aap/attributes b/downstream/titles/updating-aap/attributes deleted file mode 120000 index a5caaa73a5..0000000000 --- a/downstream/titles/updating-aap/attributes +++ /dev/null @@ -1 +0,0 @@ -../../attributes \ No newline at end of file diff --git a/downstream/titles/updating-aap/images b/downstream/titles/updating-aap/images deleted file mode 120000 index 5fa6987088..0000000000 --- a/downstream/titles/updating-aap/images +++ /dev/null @@ -1 +0,0 @@ -../../images \ No newline at end of file diff --git a/downstream/titles/updating-aap/platform b/downstream/titles/updating-aap/platform deleted file mode 120000 index 06b49528ee..0000000000 --- a/downstream/titles/updating-aap/platform +++ /dev/null @@ -1 +0,0 @@ -../../assemblies/platform \ No newline at end of file From b40117f6dfde092b2b98800acbac243956c05afd Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Fri, 25 Jul 2025 09:50:58 +0100 Subject: [PATCH 04/71] Update Containerized installation for AAP 2.6 (#3906) (#3907) Update Containerized installation for AAP 2.6 https://issues.redhat.com/browse/AAP-48592 --- ...sembly-aap-containerized-installation.adoc | 7 ----- .../proc-downloading-containerized-aap.adoc | 4 +-- ...-hub-collection-and-container-signing.adoc | 2 +- .../platform/proc-restore-aap-container.adoc | 6 ++--- .../platform/proc-update-aap-container.adoc | 4 +-- .../ref-containerized-troubleshoot-ref.adoc | 26 ++----------------- .../ref-images-inventory-variables.adoc | 22 ++++++++-------- .../snippets/cont-tested-system-config.adoc | 10 ++++--- .../snippets/inventory-cont-a-env-a.adoc | 14 +++++----- .../snippets/inventory-cont-b-env-a.adoc | 12 ++++----- 10 files changed, 40 insertions(+), 67 deletions(-) diff --git a/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc b/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc index 19dc525c7b..1dacd46dc3 100644 --- a/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc +++ b/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc @@ -10,13 +10,6 @@ ifdef::context[:parent-context: {context}] This guide helps you to understand the installation requirements and processes behind the containerized version of {PlatformNameShort}. -[NOTE] -==== - -include::snippets/container-upgrades.adoc[] - -==== - == Tested deployment models Red Hat tests {PlatformNameShort} {PlatformVers} with a defined set of topologies to give you opinionated deployment options. The supported topologies include infrastructure topology diagrams, tested system configurations, example inventory files, and network ports information. diff --git a/downstream/modules/platform/proc-downloading-containerized-aap.adoc b/downstream/modules/platform/proc-downloading-containerized-aap.adoc index 5c724c9ec0..0e059a3775 100644 --- a/downstream/modules/platform/proc-downloading-containerized-aap.adoc +++ b/downstream/modules/platform/proc-downloading-containerized-aap.adoc @@ -36,13 +36,13 @@ scp -i ansible-automation-platform-containerized-setup-.tar.gz +$ tar xfvz ansible-automation-platform-containerized-setup-.tar.gz ---- + .. To unpack the offline or bundled installer: + ---- -$ tar xfvz ansible-automation-platform-containerized-setup-bundle--.tar.gz +$ tar xfvz ansible-automation-platform-containerized-setup-bundle--.tar.gz ---- [role="_additional-resources"] diff --git a/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc b/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc index 7de1eeacbb..3f6a1e3a27 100644 --- a/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc +++ b/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc @@ -38,7 +38,7 @@ The algorithm and cipher used is the responsibility of the customer. .Procedure -. On a RHEL9 server run the following command to create a new key pair for collection signing: +. On a RHEL server run the following command to create a new key pair for collection signing: + ---- gpg --gen-key diff --git a/downstream/modules/platform/proc-restore-aap-container.adoc b/downstream/modules/platform/proc-restore-aap-container.adoc index 4ad37c217e..cba4808307 100644 --- a/downstream/modules/platform/proc-restore-aap-container.adoc +++ b/downstream/modules/platform/proc-restore-aap-container.adoc @@ -39,7 +39,7 @@ Restoring to a different environment with different hostnames is not recommended For example: + ---- -$ cd ansible-automation-platform-containerized-setup-2.5-XX/backups +$ cd ansible-automation-platform-containerized-setup-/backups ---- + ---- @@ -53,7 +53,7 @@ $ tar tvf gateway_env1-gateway-node1.tar.gz | grep db For example: + ---- -$ cd ansible-automation-platform-containerized-setup-2.5-XX/backups +$ cd ansible-automation-platform-containerized-setup-/backups ---- + ---- @@ -64,7 +64,7 @@ $ mv gateway_env1-gateway-node1.tar.gz gateway_env2-gateway-node1.tar.gz For example: + ---- -$ cd ansible-automation-platform-containerized-setup-2.5-XX +$ cd ansible-automation-platform-containerized-setup- ---- + ---- diff --git a/downstream/modules/platform/proc-update-aap-container.adoc b/downstream/modules/platform/proc-update-aap-container.adoc index 240528c6ff..7a8b356968 100644 --- a/downstream/modules/platform/proc-update-aap-container.adoc +++ b/downstream/modules/platform/proc-update-aap-container.adoc @@ -3,9 +3,7 @@ = Updating containerized {PlatformNameShort} -Perform a patch update for a {ContainerBase} of {PlatformNameShort} from 2.5 to 2.5.x. - -include::snippets/container-upgrades.adoc[] +Perform an upgrade of containerized {PlatformNameShort}. .Prerequisites diff --git a/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc b/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc index 0fc287132a..bb56363f43 100644 --- a/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc +++ b/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc @@ -8,31 +8,9 @@ We use as much of the underlying native {RHEL} technology as possible. Podman is used for the container runtime and management of services. -Use `podman ps` to list the running containers on the system: +Use `podman ps` to list the running containers on the system. ----- -$ podman ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -88ed40495117 registry.redhat.io/rhel8/postgresql-13:latest run-postgresql 48 minutes ago Up 47 minutes postgresql -8f55ba612f04 registry.redhat.io/rhel8/redis-6:latest run-redis 47 minutes ago Up 47 minutes redis -56c40445c590 registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8:latest /usr/bin/receptor... 47 minutes ago Up 47 minutes receptor -f346f05d56ee registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest /usr/bin/launch_a... 47 minutes ago Up 45 minutes automation-controller-rsyslog -26e3221963e3 registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest /usr/bin/launch_a... 46 minutes ago Up 45 minutes automation-controller-task -c7ac92a1e8a1 registry.redhat.io/ansible-automation-platform-24/controller-rhel8:latest /usr/bin/launch_a... 46 minutes ago Up 28 minutes automation-controller-web ----- - -Use `podman images` to display information about locally stored images: - ----- -$ podman images - -REPOSITORY TAG IMAGE ID CREATED SIZE -registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8 latest b497bdbee59e 10 days ago 3.16 GB -registry.redhat.io/ansible-automation-platform-24/controller-rhel8 latest ed8ebb1c1baa 10 days ago 1.48 GB -registry.redhat.io/rhel8/redis-6 latest 78905519bb05 2 weeks ago 357 MB -registry.redhat.io/rhel8/postgresql-13 latest 9b65bc3d0413 2 weeks ago 765 MB ----- +Use `podman images` to display information about locally stored images. Containerized {PlatformNameShort} runs as rootless containers for enhanced security by default. This means you can install containerized {PlatformNameShort} by using any local unprivileged user account. Privilege escalation is only needed for certain root level tasks, and by default is not needed to use root directly. diff --git a/downstream/modules/platform/ref-images-inventory-variables.adoc b/downstream/modules/platform/ref-images-inventory-variables.adoc index aa98d67f2e..188b6c8328 100644 --- a/downstream/modules/platform/ref-images-inventory-variables.adoc +++ b/downstream/modules/platform/ref-images-inventory-variables.adoc @@ -18,7 +18,7 @@ | `controller_image` | Container image for {ControllerName}. | Optional -| `controller-rhel8:latest` +| `controller-rhel9:latest` | | `de_extra_images` @@ -30,19 +30,19 @@ | `de_supported_image` | Supported decision environment container image. | Optional -| `de-supported-rhel8:latest` +| `de-supported-rhel9:latest` | | `eda_image` | Backend container image for {EDAName}. | Optional -| `eda-controller-rhel8:latest` +| `eda-controller-rhel9:latest` | | `eda_web_image` | Front-end container image for {EDAName}. | Optional -| `eda-controller-ui-rhel8:latest` +| `eda-controller-ui-rhel9:latest` | | `ee_extra_images` @@ -54,37 +54,37 @@ | `ee_minimal_image` | Minimal {ExecEnvShort} container image. | Optional -| `ee-minimal-rhel8:latest` +| `ee-minimal-rhel9:latest` | | `ee_supported_image` | Supported {ExecEnvShort} container image. | Optional -| `ee-supported-rhel8:latest` +| `ee-supported-rhel9:latest` | | `gateway_image` | Container image for {Gateway}. | Optional -| `gateway-rhel8:latest` +| `gateway-rhel9:latest` | | `gateway_proxy_image` | Container image for {Gateway} proxy. | Optional -| `gateway-proxy-rhel8:latest` +| `gateway-proxy-rhel9:latest` | | `hub_image` | Backend container image for {HubName}. | Optional -| `hub-rhel8:latest` +| `hub-rhel9:latest` | | `hub_web_image` | Front-end container image for {HubName}. | Optional -| `hub-web-rhel8:latest` +| `hub-web-rhel9:latest` | | `pcp_image` @@ -102,7 +102,7 @@ | `receptor_image` | Container image for receptor. | Optional -| `receptor-rhel8:latest` +| `receptor-rhel9:latest` | | `redis_image` diff --git a/downstream/snippets/cont-tested-system-config.adoc b/downstream/snippets/cont-tested-system-config.adoc index 4e7a812769..8f7c352726 100644 --- a/downstream/snippets/cont-tested-system-config.adoc +++ b/downstream/snippets/cont-tested-system-config.adoc @@ -12,7 +12,7 @@ a| | Operating system a| -* {RHEL} 9.2 or later minor versions of {RHEL} 9. +* {RHEL} 9.4 or later minor versions of {RHEL} 9. * {RHEL} 10 or later minor versions of {RHEL} 10 for enterprise topologies. | @@ -33,7 +33,11 @@ a| | | Database -| {PostgresVers} -| External (customer supported) databases require ICU support. +a| +* For {PlatformNameShort} managed databases: {PostgresVers} +* For customer provided (external) databases: {PostgresVers}, 16, or 17. +a| +* External (customer supported) databases require ICU support. +* External databases using PostgreSQL 16 or 17 must rely on external backup and restore processes. Backup and restore functionality is dependent on utilities provided with {PostgresVers}. |==== diff --git a/downstream/snippets/inventory-cont-a-env-a.adoc b/downstream/snippets/inventory-cont-a-env-a.adoc index d2b52af0ca..8537814066 100644 --- a/downstream/snippets/inventory-cont-a-env-a.adoc +++ b/downstream/snippets/inventory-cont-a-env-a.adoc @@ -5,12 +5,12 @@ # This is the {PlatformNameShort} installer inventory file intended for the container growth deployment topology. # This inventory file expects to be run from the host where {PlatformNameShort} will be installed. # Consult the {PlatformNameShort} product documentation about this topology's tested hardware configuration. -# {URLTopologies}/container-topologies +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/container-topologies # # Consult the docs if you are unsure what to add # For all optional variables consult the included README.md # or the {PlatformNameShort} documentation: -# {URLContainerizedInstall} +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation # This section is for your {Gateway} hosts # ----------------------------------------------------- @@ -42,7 +42,7 @@ aap.example.org ansible_connection=local # Common variables -# {URLContainerizedInstall}/appendix-inventory-files-vars#general-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#general-variables # ----------------------------------------------------- postgresql_admin_username=postgres postgresql_admin_password= @@ -53,14 +53,14 @@ registry_password= redis_mode=standalone # {GatewayStart} -# {URLContainerizedInstall}/appendix-inventory-files-vars#platform-gateway-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#platform-gateway-variables # ----------------------------------------------------- gateway_admin_password= gateway_pg_host=aap.example.org gateway_pg_password= # {ControllerNameStart} -# {URLContainerizedInstall}/appendix-inventory-files-vars#controller-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#controller-variables # ----------------------------------------------------- controller_admin_password= controller_pg_host=aap.example.org @@ -68,7 +68,7 @@ controller_pg_password= controller_percent_memory_capacity=0.5 # {HubNameStart} -# {URLContainerizedInstall}/appendix-inventory-files-vars#hub-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#hub-variables # ----------------------------------------------------- hub_admin_password= hub_pg_host=aap.example.org @@ -76,7 +76,7 @@ hub_pg_password= hub_seed_collections=false # {EDAcontroller} -# {URLContainerizedInstall}/appendix-inventory-files-vars#event-driven-ansible-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#event-driven-ansible-variables # ----------------------------------------------------- eda_admin_password= eda_pg_host=aap.example.org diff --git a/downstream/snippets/inventory-cont-b-env-a.adoc b/downstream/snippets/inventory-cont-b-env-a.adoc index fe8c9c8ff5..2cd515390e 100644 --- a/downstream/snippets/inventory-cont-b-env-a.adoc +++ b/downstream/snippets/inventory-cont-b-env-a.adoc @@ -6,7 +6,7 @@ # Consult the docs if you are unsure what to add # For all optional variables consult the included README.md # or the Red Hat documentation: -# {URLContainerizedInstall} +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation # This section is for your {Gateway} hosts # ----------------------------------------------------- @@ -50,7 +50,7 @@ eda2.example.org [all:vars] # Common variables -# {URLContainerizedInstall}/appendix-inventory-files-vars#general-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#general-variables # ----------------------------------------------------- postgresql_admin_username= postgresql_admin_password= @@ -58,7 +58,7 @@ registry_username= registry_password= # {GatewayStart} -# {URLContainerizedInstall}/appendix-inventory-files-vars#platform-gateway-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#platform-gateway-variables # ----------------------------------------------------- gateway_admin_password= gateway_pg_host=externaldb.example.org @@ -67,7 +67,7 @@ gateway_pg_username= gateway_pg_password= # {ControllerNameStart} -# {URLContainerizedInstall}/appendix-inventory-files-vars#controller-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#controller-variables # ----------------------------------------------------- controller_admin_password= controller_pg_host=externaldb.example.org @@ -76,7 +76,7 @@ controller_pg_username= controller_pg_password= # {HubNameStart} -# {URLContainerizedInstall}/appendix-inventory-files-vars#hub-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#hub-variables # ----------------------------------------------------- hub_admin_password= hub_pg_host=externaldb.example.org @@ -85,7 +85,7 @@ hub_pg_username= hub_pg_password= # {EDAcontroller} -# {URLContainerizedInstall}/appendix-inventory-files-vars#event-driven-ansible-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/appendix-inventory-files-vars#event-driven-ansible-variables # ----------------------------------------------------- eda_admin_password= eda_pg_host=externaldb.example.org From 0cbc9c8db2ba9e0d8dd94c6c259f4740887e77ff Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Fri, 25 Jul 2025 14:09:08 +0100 Subject: [PATCH 05/71] Create AAP 2.6 inventory files for Tested deployment models (#3912) (#3913) Create AAP 2.6 inventory files for Tested deployment models https://issues.redhat.com/browse/AAP-47926 --- downstream/snippets/inventory-rpm-a-env-a.adoc | 16 ++++++++-------- downstream/snippets/inventory-rpm-b-env-a.adoc | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/downstream/snippets/inventory-rpm-a-env-a.adoc b/downstream/snippets/inventory-rpm-a-env-a.adoc index 0b3d680733..aa01e2baba 100644 --- a/downstream/snippets/inventory-rpm-a-env-a.adoc +++ b/downstream/snippets/inventory-rpm-a-env-a.adoc @@ -4,11 +4,11 @@ ---- # This is the {PlatformNameShort} installer inventory file intended for the RPM growth deployment topology. # Consult the {PlatformNameShort} product documentation about this topology's tested hardware configuration. -# {URLTopologies}/rpm-topologies +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/rpm-topologies # # Consult the docs if you are unsure what to add # For all optional variables consult the {PlatformNameShort} documentation: -# {URLInstallationGuide} +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/index # This section is for your {Gateway} hosts @@ -47,7 +47,7 @@ db.example.org [all:vars] # Common variables -# {URLInstallationGuide}/appendix-inventory-files-vars#general-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#general-variables # ----------------------------------------------------- registry_username= registry_password= @@ -55,30 +55,30 @@ registry_password= redis_mode=standalone # {GatewayStart} -# {URLInstallationGuide}/appendix-inventory-files-vars#platform-gateway-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#platform-gateway-variables # ----------------------------------------------------- automationgateway_admin_password= automationgateway_pg_host=db.example.org automationgateway_pg_password= # {ControllerNameStart} -# {URLInstallationGuide}/appendix-inventory-files-vars#controller-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#controller-variables # ----------------------------------------------------- admin_password= pg_host=db.example.org pg_password= # {HubNameStart} -# {URLInstallationGuide}/appendix-inventory-files-vars#hub-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#hub-variables # ----------------------------------------------------- automationhub_admin_password= automationhub_pg_host=db.example.org automationhub_pg_password= # {EDAcontroller} -# {URLInstallationGuide}/appendix-inventory-files-vars#event-driven-ansible-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#event-driven-ansible-variables # ----------------------------------------------------- automationedacontroller_admin_password= automationedacontroller_pg_host=db.example.org automationedacontroller_pg_password= ----- \ No newline at end of file +---- diff --git a/downstream/snippets/inventory-rpm-b-env-a.adoc b/downstream/snippets/inventory-rpm-b-env-a.adoc index fce25e63de..c42f3be2be 100644 --- a/downstream/snippets/inventory-rpm-b-env-a.adoc +++ b/downstream/snippets/inventory-rpm-b-env-a.adoc @@ -5,7 +5,7 @@ # This is the {PlatformNameShort} enterprise installer inventory file # Consult the docs if you are unsure what to add # For all optional variables consult the Red Hat documentation: -# {URLInstallationGuide} +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/index # This section is for your {Gateway} hosts # ----------------------------------------------------- @@ -51,13 +51,13 @@ eda2.example.org [all:vars] # Common variables -# {URLInstallationGuide}/appendix-inventory-files-vars#general-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#general-variables # ----------------------------------------------------- registry_username= registry_password= # {GatewayStart} -# {URLInstallationGuide}/appendix-inventory-files-vars#platform-gateway-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#platform-gateway-variables # ----------------------------------------------------- automationgateway_admin_password= automationgateway_pg_host= @@ -66,7 +66,7 @@ automationgateway_pg_username= automationgateway_pg_password= # {ControllerNameStart} -# {URLInstallationGuide}/appendix-inventory-files-vars#controller-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#controller-variables # ----------------------------------------------------- admin_password= pg_host= @@ -75,7 +75,7 @@ pg_username= pg_password= # {HubNameStart} -# {URLInstallationGuide}/appendix-inventory-files-vars#hub-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#hub-variables # ----------------------------------------------------- automationhub_admin_password= automationhub_pg_host= @@ -84,11 +84,11 @@ automationhub_pg_username= automationhub_pg_password= # {EDAcontroller} -# {URLInstallationGuide}/appendix-inventory-files-vars#event-driven-ansible-variables +# https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/rpm_installation/appendix-inventory-files-vars#event-driven-ansible-variables # ----------------------------------------------------- automationedacontroller_admin_password= automationedacontroller_pg_host= automationedacontroller_pg_database= automationedacontroller_pg_username= automationedacontroller_pg_password= ----- \ No newline at end of file +---- From 821048932a86596e3b351d39d4489cd0ab157e78 Mon Sep 17 00:00:00 2001 From: ccopelloRH Date: Fri, 25 Jul 2025 16:07:36 -0400 Subject: [PATCH 06/71] Update docinfo.xml productnumber Updated 2.4 to 2.6 --- downstream/titles/aap-plugin-rhdh-using/docinfo.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/downstream/titles/aap-plugin-rhdh-using/docinfo.xml b/downstream/titles/aap-plugin-rhdh-using/docinfo.xml index 84f78c8be9..1c812f1a74 100644 --- a/downstream/titles/aap-plugin-rhdh-using/docinfo.xml +++ b/downstream/titles/aap-plugin-rhdh-using/docinfo.xml @@ -1,6 +1,6 @@ Using Ansible plug-ins for Red Hat Developer Hub Red Hat Ansible Automation Platform -2.4 +2.6 Use Ansible plug-ins for Red Hat Developer Hub This guide describes how to use Ansible plug-ins for Red Hat Developer Hub to learn about Ansible, explore curated collections, and create playbook projects. From b0079e355811661d098b7179ecaeb55d4c9fd509 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Mon, 28 Jul 2025 09:32:19 +0100 Subject: [PATCH 07/71] updating Containerized installation (#3914) (#3915) --- ...bling-automation-hub-collection-and-container-signing.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc b/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc index 3f6a1e3a27..0840347165 100644 --- a/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc +++ b/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc @@ -135,13 +135,13 @@ j920hRy/3wJGRDBMFa4mlQg= ---- # Collection signing hub_collection_signing=true -hub_collection_signing_key=/home/aapuser/aap/ansible-automation-platform-containerized-setup-2.5-2/collection-signing-key.priv +hub_collection_signing_key=/home/aapuser/aap/ansible-automation-platform-containerized-setup-/collection-signing-key.priv # This variable is required if the key is protected by a passphrase hub_collection_signing_pass= # Container signing hub_container_signing=true -hub_container_signing_key=/home/aapuser/aap/ansible-automation-platform-containerized-setup-2.5-2/container-signing-key.priv +hub_container_signing_key=/home/aapuser/aap/ansible-automation-platform-containerized-setup-/container-signing-key.priv # This variable is required if the key is protected by a passphrase hub_container_signing_pass= ---- From ff44f0c137145eed7e26226bbcd32f1d9bc3ae49 Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Mon, 28 Jul 2025 13:28:26 +0100 Subject: [PATCH 08/71] DITA migration changes: Security automation (#3917) (#3920) DITA pre-migration tasks. Security automation Guide https://issues.redhat.com/browse/AAP-49630 --- .../assembly-firewall-policy-manage.adoc | 27 ++++------------- .../assemblies/security/assembly-idps.adoc | 29 ++++--------------- .../con-about-firewall-policy-management.adoc | 6 ++-- .../security/con-automate-idps-rules.adoc | 8 +++-- .../con-automating-firewall-rules.adoc | 21 ++++++-------- .../modules/security/con-requirements.adoc | 4 ++- .../security/proc-creating-firewall-rule.adoc | 11 ++----- .../security/proc-creating-idps-rule.adoc | 2 ++ .../security/proc-deleting-firewall-rule.adoc | 15 +++------- .../security/proc-verifying-idps-install.adoc | 24 +++++++-------- 10 files changed, 49 insertions(+), 98 deletions(-) diff --git a/downstream/assemblies/security/assembly-firewall-policy-manage.adoc b/downstream/assemblies/security/assembly-firewall-policy-manage.adoc index 71b82f5945..0f10cc403b 100644 --- a/downstream/assemblies/security/assembly-firewall-policy-manage.adoc +++ b/downstream/assemblies/security/assembly-firewall-policy-manage.adoc @@ -1,20 +1,8 @@ -//// -Retains the context of the parent assembly if this assembly is nested within another assembly. -For more information about nesting assemblies, see: https://redhat-documentation.github.io/modular-docs/#nesting-assemblies -See also the complementary step on the last line of this file. -//// +:_mod-docs-content-type: ASSEMBLY ifdef::context[:parent-context: {context}] :imagesdir: images -//// - Base the file name and the ID on the assembly title. For example: -* file name: assembly-my-user-story.adoc -* ID: [id="assembly-my-user-story_{context}"] -* Title: = My user story - -The ID is an anchor that links to the module. Avoid changing it after the module has been published to ensure existing links are not broken. Include {context} in the ID so the assembly can be reused. -//// [id="assembly-firewall-policy-management_{context}"] @@ -24,20 +12,15 @@ The ID is an anchor that links to the module. Avoid changing it after the module [role="_abstract"] -As a security operator, you can use Ansible security automation to manage multiple firewall policies. Create and delete firewall rules to block or unblock a source IP address from accessing a destination IP address. +As a security operator, you can use Ansible security automation to manage multiple firewall policies or create and delete firewall rules to block or unblock a source IP address from accessing a destination IP address. include::security/con-about-firewall-policy-management.adoc[leveloffset=+1] + include::security/con-automating-firewall-rules.adoc[leveloffset=+1] -//// -[leveloffset=+1] ensures that when a module title is a level 1 heading (= Title), the heading will be interpreted as a level-2 heading (== Title) in the assembly. Use [leveloffset=+2] and [leveloffset=+3] to nest modules in an assembly. -//// +include::security/proc-creating-firewall-rule.adoc[leveloffset=+2] -include::security/proc-creating-firewall-rule.adoc[leveloffset=+1] -include::security/proc-deleting-firewall-rule.adoc[leveloffset=+1] +include::security/proc-deleting-firewall-rule.adoc[leveloffset=+2] -//// -Restore the context to what it was before this assembly. -//// ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/assemblies/security/assembly-idps.adoc b/downstream/assemblies/security/assembly-idps.adoc index c84bee7838..54d1b2c3cd 100644 --- a/downstream/assemblies/security/assembly-idps.adoc +++ b/downstream/assemblies/security/assembly-idps.adoc @@ -1,43 +1,26 @@ -//// -Retains the context of the parent assembly if this assembly is nested within another assembly. -For more information about nesting assemblies, see: https://redhat-documentation.github.io/modular-docs/#nesting-assemblies -See also the complementary step on the last line of this file. -//// +:_mod-docs-content-type: ASSEMBLY ifdef::context[:parent-context: {context}] :imagesdir: images -//// - Base the file name and the ID on the assembly title. For example: -* file name: assembly-my-user-story.adoc -* ID: [id="assembly-my-user-story_{context}"] -* Title: = My user story - -The ID is an anchor that links to the module. Avoid changing it after the module has been published to ensure existing links are not broken. Include {context} in the ID so the assembly can be reused. -//// - [id="assembly-idps_{context}"] -= Automating Network Intrusion Detection and Prevention Systems (IDPS) with Ansible += Automating Network Intrusion Detection and Prevention Systems (IDPS) with {PlatformNameShort} :context: idps [role="_abstract"] -You can use Ansible to automate your Intrusion Detection and Prevention System (IDPS). For the purpose of this guide, we use Snort as the IDPS. Use Ansible automation hub to consume content collections, such as tasks, roles, and modules to create automated workflows. +You can use {PlatformNameShort} to automate your _Intrusion Detection and Prevention System_ (IDPS). For the purpose of this guide, we use Snort as the IDPS. Use {HubName} to consume content collections, such as tasks, roles, and modules to create automated workflows. include::security/con-requirements.adoc[leveloffset=+1] -include::security/proc-verifying-idps-install.adoc[leveloffset=+2] -//// -[leveloffset=+1] ensures that when a module title is a level 1 heading (= Title), the heading will be interpreted as a level-2 heading (== Title) in the assembly. Use [leveloffset=+2] and [leveloffset=+3] to nest modules in an assembly. -//// +include::security/proc-verifying-idps-install.adoc[leveloffset=+2] include::security/con-automate-idps-rules.adoc[leveloffset=+1] + include::security/proc-creating-idps-rule.adoc[leveloffset=+2] -//// -Restore the context to what it was before this assembly. -//// + ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/modules/security/con-about-firewall-policy-management.adoc b/downstream/modules/security/con-about-firewall-policy-management.adoc index 57de0ee84c..0a1c73f252 100644 --- a/downstream/modules/security/con-about-firewall-policy-management.adoc +++ b/downstream/modules/security/con-about-firewall-policy-management.adoc @@ -1,10 +1,8 @@ +:_mod-docs-content-type: CONCEPT + [id="con-about-firewall-policy-management_{context}"] = About firewall policy management -//// -[role="_abstract"] -Manage multiple firewall policies across various products and vendors with Ansible security automation. -//// An organization’s network firewall is the first line of defense against an attack and a vital component for maintaining a secure environment. As a security operator, you construct and manage secure networks to ensure that your firewall only allows inbound and outbound network traffic defined by your organization’s firewall policies. A firewall policy consists of security rules that protect the network against harmful incoming and outgoing traffic. diff --git a/downstream/modules/security/con-automate-idps-rules.adoc b/downstream/modules/security/con-automate-idps-rules.adoc index 4a5d3a08d9..f8aa274b88 100644 --- a/downstream/modules/security/con-automate-idps-rules.adoc +++ b/downstream/modules/security/con-automate-idps-rules.adoc @@ -1,10 +1,12 @@ [id="con-automate-ids-rules_{context}"] -= Automating your IDPS rules with Ansible += Automating your IDPS rules with {PlatformNameShort} -To automate your IDPS, use the `ids_rule` role to create and change Snort rules. Snort uses rule-based language that analyzes your network traffic and compares it against the given rule set. +To automate your IDPS, use the `ids_rule` role to create and change Snort rules. +Snort uses rule-based language that analyzes your network traffic and compares it against the given rule set. -The following lab environment demonstrates what an Ansible security automation integration would look like. A machine called “Attacker” simulates a potential attack pattern on the target machine on which the IDPS is running. +The following lab environment demonstrates what an Ansible security automation integration would look like. +A machine called “Attacker” simulates a potential attack pattern on the target machine on which the IDPS is running. Keep in mind that a real world setup will feature other vendors and technologies. diff --git a/downstream/modules/security/con-automating-firewall-rules.adoc b/downstream/modules/security/con-automating-firewall-rules.adoc index f3a130f59d..32eeda0ac8 100644 --- a/downstream/modules/security/con-automating-firewall-rules.adoc +++ b/downstream/modules/security/con-automating-firewall-rules.adoc @@ -1,22 +1,19 @@ -//// -Base the file name and the ID on the module title. For example: -* file name: con-my-concept-module-a.adoc -* ID: [id="con-my-concept-module-a_{context}"] -* Title: = My concept module A -//// +:_mod-docs-content-type: CONCEPT [id="con-automating-firewall-rules_{context}"] = Automate firewall rules -//// -In the title of concept modules, include nouns or noun phrases that are used in the body text. This helps readers and search engines find the information quickly. Do not start the title of concept modules with a verb. See also _Wording of headings_ in _The IBM Style Guide_. -//// -Ansible security automation enables you to automate various firewall policies that require a series of actions across various products. You can use an Ansible role, such as the https://github.com/ansible-security/acl_manager[acl_manager] role to manage your Access Control Lists (ACLs) for many firewall devices such as blocking or unblocking an IP or URL. Roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure. After you group your content in roles, you can easily reuse them and share them with other users. +Ansible security automation enables you to automate various firewall policies that require a series of actions across various products. +You can use an Ansible role, such as the https://github.com/ansible-security/acl_manager[acl_manager] role to manage your _Access Control Lists_ (ACLs) for many firewall devices such as blocking or unblocking an IP or URL. +Roles let you automatically load related vars, files, tasks, handlers, and other Ansible artifacts based on a known file structure. +After you group your content in roles, you can easily reuse them and share them with other users. -The below lab environment is a simplified example of a real-world enterprise security architecture, which can be more complex and include additional vendor-specific tools. This is a typical incident response scenario where you receive an intrusion alert and immediately execute a playbook with the acl_manger role that blocks the attacker’s IP address. +The following lab environment is a simplified example of a real-world enterprise security architecture, which can be more complex and include additional vendor-specific tools. +This is a typical incident response scenario where you receive an intrusion alert and immediately execute a playbook with the acl_manger role that blocks the attacker’s IP address. -Your entire team can use Ansible security automation to address investigations, threat hunting, and incident response all on one platform. https://www.redhat.com/en/technologies/management/ansible[Red Hat Ansible Automation Platform] provides you with certified content collections that are easy to consume and reuse within your security team. +Your entire team can use Ansible security automation to address investigations, threat hunting, and incident response all on one platform. +https://www.redhat.com/en/technologies/management/ansible[Red Hat Ansible Automation Platform] provides you with certified content collections that are easy to consume and reuse within your security team. image::security-lab-environment.png[Simplified security lab environment] diff --git a/downstream/modules/security/con-requirements.adoc b/downstream/modules/security/con-requirements.adoc index 628b13933b..50a89d68b5 100644 --- a/downstream/modules/security/con-requirements.adoc +++ b/downstream/modules/security/con-requirements.adoc @@ -1,8 +1,10 @@ +:_mod-docs-content-type: CONCEPT + [id="con-requirements_{context}"] = Requirements and prerequisites -Before you begin automating your IDPS with Ansible, ensure that you have the proper installations and configurations necessary to successfully manage your IDPS. +Before you begin automating your IDPS with {PlatformNameShort}, ensure that you have the proper installations and configurations necessary to successfully manage your IDPS. * You have installed Ansible-core 2.15 or later. * SSH connection and keys are configured. diff --git a/downstream/modules/security/proc-creating-firewall-rule.adoc b/downstream/modules/security/proc-creating-firewall-rule.adoc index 038c93a712..4c5381e17f 100644 --- a/downstream/modules/security/proc-creating-firewall-rule.adoc +++ b/downstream/modules/security/proc-creating-firewall-rule.adoc @@ -1,15 +1,8 @@ -//// -Base the file name and the ID on the module title. For example: -* file name: proc-doing-procedure-a.adoc -* ID: [id="doing-procedure-a_{context}"] -* Title: = Doing procedure A - -The ID is an anchor that links to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -//// +:_mod-docs-content-type: PROCEDURE [id="proc-creating-firewall-rule_{context}"] -== Creating a new firewall rule += Creating a new firewall rule [role="_abstract"] Use the acl_manager role to create a new firewall rule for blocking a source IP address from accessing a destination IP address. diff --git a/downstream/modules/security/proc-creating-idps-rule.adoc b/downstream/modules/security/proc-creating-idps-rule.adoc index 99c61037df..434e38fffb 100644 --- a/downstream/modules/security/proc-creating-idps-rule.adoc +++ b/downstream/modules/security/proc-creating-idps-rule.adoc @@ -1,3 +1,5 @@ +:_mod-docs-content-type: PROCEDURE + [id="proc-creating-ids-rule_{context}"] = Creating a new IDPS rule diff --git a/downstream/modules/security/proc-deleting-firewall-rule.adoc b/downstream/modules/security/proc-deleting-firewall-rule.adoc index b52f55cee1..a52654700c 100644 --- a/downstream/modules/security/proc-deleting-firewall-rule.adoc +++ b/downstream/modules/security/proc-deleting-firewall-rule.adoc @@ -1,15 +1,8 @@ -//// -Base the file name and the ID on the module title. For example: -* file name: proc-doing-procedure-a.adoc -* ID: [id="doing-procedure-a_{context}"] -* Title: = Doing procedure A - -The ID is an anchor that links to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -//// +:_mod-docs-content-type: PROCEDURE [id="proc-deleting-rule_{context}"] -== Deleting a firewall rule += Deleting a firewall rule [role="_abstract"] Use the acl_manager role to delete a security rule. @@ -27,7 +20,7 @@ Use the acl_manager role to delete a security rule. $ ansible-galaxy install ansible_security.acl_manager ---- -. Using CLI, create a new playbook with the acl_manger role and set the parameters (e.g., source object, destination object, access rule between the two objects): +. Using CLI, create a new playbook with the acl_manger role and set the parameters, for example, source object, destination object, access rule between the two objects: + ---- - name: delete block list entry @@ -43,7 +36,7 @@ $ ansible-galaxy install ansible_security.acl_manager ansible_network_os: checkpoint ---- -. Run the playbook $ ansible-navigator run --ee false : +. Run the playbook `$ ansible-navigator run --ee false `: + image::security-delete-rule.png[Playbook with deleted firewall rule] diff --git a/downstream/modules/security/proc-verifying-idps-install.adoc b/downstream/modules/security/proc-verifying-idps-install.adoc index e590e9cd2c..54a7434880 100644 --- a/downstream/modules/security/proc-verifying-idps-install.adoc +++ b/downstream/modules/security/proc-verifying-idps-install.adoc @@ -1,18 +1,14 @@ -//// -Base the file name and the ID on the module title. For example: -* file name: proc-doing-procedure-a.adoc -* ID: [id="doing-procedure-a_{context}"] -* Title: = Doing procedure A - -The ID is an anchor that links to the module. Avoid changing it after the module has been published to ensure existing links are not broken. -//// +:_mod-docs-content-type: PROCEDURE [id="proc-verifying-ids-install_{context}"] = Verifying your IDPS installation -To verify that Snort has been configured successfully, call it via `sudo` and ask for the version: +Use the following procedure to verify that Snort has been configured successfully: +.Procedure +. Call snort using `sudo` and ask for the version: ++ ---- $ sudo snort --version @@ -26,8 +22,10 @@ To verify that Snort has been configured successfully, call it via `sudo` and as Using ZLIB version: 1.2.7 ---- -Verify that the service is actively running via `sudo systemctl`: - +. Verify that the service is actively running using the following command: ++ +`sudo systemctl`: ++ ---- $ sudo systemctl status snort ● snort.service - Snort service @@ -39,6 +37,6 @@ $ sudo systemctl status snort [...] ---- -If the Snort service is not actively running, restart it with `systemctl restart snort` and recheck the status. +. If the Snort service is not actively running, restart it with `systemctl restart snort` and recheck the status. -Once you confirm the service is actively running, exit the Snort server by simultaneously pressing `CTRL` and `D`, or by typing `exit` on the command line. All further interaction will be done through Ansible from the Ansible control host. +. When you confirm that the service is actively running, exit the Snort server by simultaneously pressing `CTRL` and `D`, or by typing `exit` on the command line. All further interaction will be done through {PlatformNameShort} from the Ansible control host. From d7fa5a748faf3f58f12d28530dad816cd4cbe356 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Tue, 29 Jul 2025 09:48:37 +0100 Subject: [PATCH 09/71] Update backup/restore note (#3918) (#3925) Configuring automation execution - Update backup and restore note to ensure clarity regarding the latest version prerequisite https://issues.redhat.com/browse/AAP-46263 --- .../assembly-ag-controller-backup-and-restore.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc b/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc index 6b332fb986..a11dc60e04 100644 --- a/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc +++ b/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc @@ -10,12 +10,12 @@ For more information, see the link:{URLControllerAdminGuide}/index#controller-ba [NOTE] ==== -Ensure that you restore to the same version from which it was backed up. -However, you must use the most recent minor version of a release to backup or restore your {PlatformNameShort} installation version. -For example, if the current {PlatformNameShort} version you are on is 2.0.x, use only the latest 2.0 installer. +When backing up {PlatformNameShort}, use the installation program that matches your currently installed version of {PlatformNameShort}. -Backup and restore only works on PostgreSQL versions supported by your current platform version. -For more information, see link:{URLPlanningGuide}/platform-system-requirements[System requirements] in the _{TitlePlanningGuide}_. +When restoring {PlatformNameShort}, use the latest installation program available at the time of the restore. For example, if you are restoring a backup taken from version `2.6-1`, use the latest `2.6-x` installation program available at the time of the restore. + +Backup and restore functionality only works with the PostgreSQL versions supported by your current {PlatformNameShort} version. +For more information, see link:{URLPlanningGuide}/platform-system-requirements[System requirements] in _{TitlePlanningGuide}_. ==== The {PlatformNameShort} setup playbook is invoked as `setup.sh` from the path where you unpacked the platform installer tarball. From e342baab92384990b52dde93e948e9403158f720 Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Tue, 29 Jul 2025 13:41:54 +0100 Subject: [PATCH 10/71] AAP-48233 edits to PG (#3928) --- .../platform/proc-operator-external-db-controller.adoc | 4 +++- .../modules/platform/proc-operator-external-db-gateway.adoc | 4 +++- .../modules/platform/proc-operator-external-db-hub.adoc | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/downstream/modules/platform/proc-operator-external-db-controller.adoc b/downstream/modules/platform/proc-operator-external-db-controller.adoc index a386db3774..ddd852a5a4 100644 --- a/downstream/modules/platform/proc-operator-external-db-controller.adoc +++ b/downstream/modules/platform/proc-operator-external-db-controller.adoc @@ -24,7 +24,9 @@ The external database must be a PostgreSQL database that is the version supporte [NOTE] ==== -{PlatformNameShort} {PlatformVers} supports {PostgresVers}. +{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and PostgreSQL 16 and 17 for external databases. + +If you choose to use an externally managed database with version 16 or 17 you must also rely on external backup and restore processes. ==== .Procedure diff --git a/downstream/modules/platform/proc-operator-external-db-gateway.adoc b/downstream/modules/platform/proc-operator-external-db-gateway.adoc index 0d75ae9014..c299fbb532 100644 --- a/downstream/modules/platform/proc-operator-external-db-gateway.adoc +++ b/downstream/modules/platform/proc-operator-external-db-gateway.adoc @@ -44,7 +44,9 @@ The external database must be a PostgreSQL database that is the version supporte [NOTE] ==== -{PlatformNameShort} {PlatformVers} supports {PostgresVers}. +{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and PostgreSQL 16 and 17 for external databases. + +If you choose to use an externally managed database with version 16 or 17 you must also rely on external backup and restore processes. ==== .Procedure diff --git a/downstream/modules/platform/proc-operator-external-db-hub.adoc b/downstream/modules/platform/proc-operator-external-db-hub.adoc index 73f58776ed..27c3e0a137 100644 --- a/downstream/modules/platform/proc-operator-external-db-hub.adoc +++ b/downstream/modules/platform/proc-operator-external-db-hub.adoc @@ -25,7 +25,9 @@ The external postgres instance credentials and connection information will need [NOTE] ==== -{PlatformNameShort} {PlatformVers} supports {PostgresVers}. +{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and PostgreSQL 16 and 17 for external databases. + +If you choose to use an externally managed database with version 16 or 17 you must also rely on external backup and restore processes. ==== .Procedure From 94fd5f826ad52adb8a9fa351b29b90451d626ab6 Mon Sep 17 00:00:00 2001 From: Hala Date: Tue, 29 Jul 2025 09:10:58 -0500 Subject: [PATCH 11/71] adds PaC info to getting started guide intro (#3922) (#3931) --- downstream/modules/platform/con-gs-automation-execution.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/downstream/modules/platform/con-gs-automation-execution.adoc b/downstream/modules/platform/con-gs-automation-execution.adoc index b820c15f6a..7c08cd01ce 100644 --- a/downstream/modules/platform/con-gs-automation-execution.adoc +++ b/downstream/modules/platform/con-gs-automation-execution.adoc @@ -14,3 +14,7 @@ In the automation execution environment, you can use {ControllerName} tasks to b An inventory is a single file, usually in INI or YAML format, containing a list of hosts and groups that can be acted upon using Ansible commands and playbooks. You can use an inventory file to specify your installation scenario and describe host deployments to Ansible. You can also use an inventory file to organize managed nodes in centralized files that give Ansible with system information and network locations. + +== Policy enforcement + +Policy enforcement at automation runtime is a feature that uses encoded rules to define, manage, and enforce policies that govern how your users interact with your {PlatformNameShort} instance. Policy enforcement automates policy management, improving security, compliance, and efficiency. Policy enforcement points can be configured at the level of the inventory, job template, or organization. For more, see link:{URLControllerAdminGuide}/controller-pac[Implementing policy enforcement] in the {TitleControllerAdminGuide} guide. \ No newline at end of file From 56586f09251667f52cb013dea0b1832af1bbffff Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Wed, 30 Jul 2025 09:08:39 +0100 Subject: [PATCH 12/71] AAP-50441-migration-edits (#3929) (#3934) --- .../aap-migration/con-migration-process-overview.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/downstream/modules/aap-migration/con-migration-process-overview.adoc b/downstream/modules/aap-migration/con-migration-process-overview.adoc index e1d8338542..5c5b1eb088 100644 --- a/downstream/modules/aap-migration/con-migration-process-overview.adoc +++ b/downstream/modules/aap-migration/con-migration-process-overview.adoc @@ -3,6 +3,11 @@ [id="migration-process-overview"] = Migration process overview +[IMPORTANT] +==== +You can only migrate to a different installation type of the same {PlatformNameShort} version. For example you can migrate from RPM version {PlatformVers} to containerized {PlatformVers}, but not from RPM version 2.4 to containerized {PlatformVers}. +==== + The migration between {PlatformNameShort} installation types follows this general workflow: . Prepare and assess the source environment - Prepare and assess the existing source environment for migration. From 10d412605710ee8edbe77d799eaa15e5bca69168 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Wed, 30 Jul 2025 11:02:41 +0100 Subject: [PATCH 13/71] 2.6 Update Tested deployment models for 2.6 (#3936) (#3938) Update Tested deployment models for AAP 2.6 https://issues.redhat.com/browse/AAP-47918 --- .../ref-installation-deployment-models.adoc | 19 ++++++++++------- .../modules/topologies/ref-ocp-a-env-a.adoc | 21 ++++++++++++------- .../rpm-env-a-tested-system-config.adoc | 15 +++++++------ downstream/titles/topologies/master.adoc | 6 +++--- 4 files changed, 37 insertions(+), 24 deletions(-) diff --git a/downstream/modules/topologies/ref-installation-deployment-models.adoc b/downstream/modules/topologies/ref-installation-deployment-models.adoc index ffc550ddf2..dd32d55245 100644 --- a/downstream/modules/topologies/ref-installation-deployment-models.adoc +++ b/downstream/modules/topologies/ref-installation-deployment-models.adoc @@ -9,21 +9,24 @@ The following table outlines the different ways to install or deploy {PlatformNa [options="header"] |==== | Mode | Infrastructure | Description | Tested topologies -| RPM | Virtual machines and bare metal | The RPM installer deploys {PlatformNameShort} on {RHEL} by using RPMs to install the platform on host machines. Customers manage the product and infrastructure lifecycle. -a| -* link:{URLTopologies}/rpm-topologies#rpm-a-env-a[RPM {GrowthTopology}] -* link:{URLTopologies}/rpm-topologies#rpm-b-env-a[RPM {EnterpriseTopology}] | Containers | Virtual machines and bare metal | The containerized installer deploys {PlatformNameShort} on {RHEL} by using Podman which runs the platform in containers on host machines. Customers manage the product and infrastructure lifecycle. a| -* link:{URLTopologies}/container-topologies#cont-a-env-a[Container {GrowthTopology}] -* link:{URLTopologies}/container-topologies#cont-b-env-a[Container {EnterpriseTopology}] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/container-topologies#cont-a-env-a[Container {GrowthTopology}] + +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/container-topologies#cont-b-env-a[Container {EnterpriseTopology}] | Operator | Red Hat OpenShift | The Operator uses Red Hat OpenShift Operators to deploy {PlatformNameShort} within Red Hat OpenShift. Customers manage the product and infrastructure lifecycle. a| -* link:{URLTopologies}/ocp-topologies#ocp-a-env-a[Operator {GrowthTopology}] -* link:{URLTopologies}/ocp-topologies#ocp-b-env-a[Operator {EnterpriseTopology}] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/ocp-topologies#ocp-a-env-a[Operator {GrowthTopology}] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/ocp-topologies#ocp-b-env-a[Operator {EnterpriseTopology}] + +| RPM | Virtual machines and bare metal | The RPM installer deploys {PlatformNameShort} on {RHEL} by using RPMs to install the platform on host machines. Customers manage the product and infrastructure lifecycle. +a| +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/rpm-topologies#rpm-a-env-a[RPM {GrowthTopology}] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/tested_deployment_models/rpm-topologies#rpm-b-env-a[RPM {EnterpriseTopology}] + |==== diff --git a/downstream/modules/topologies/ref-ocp-a-env-a.adoc b/downstream/modules/topologies/ref-ocp-a-env-a.adoc index 56139bb13c..0d32df81ef 100644 --- a/downstream/modules/topologies/ref-ocp-a-env-a.adoc +++ b/downstream/modules/topologies/ref-ocp-a-env-a.adoc @@ -44,18 +44,25 @@ Red{nbsp}Hat has tested the following configurations to install and run {Platfor .Tested system configurations [options="header"] |==== -| Type | Description -| Subscription | Valid {PlatformName} subscription -| Operating system | {RHEL} 9.2 or later minor versions of {RHEL} 9 -| CPU architecture | x86_64, AArch64, s390x (IBM Z), ppc64le (IBM Power) +| Type | Description | Notes +| Subscription | Valid {PlatformName} subscription | +| Operating system | {RHEL} 9.2 or later minor versions of {RHEL} 9 | +| CPU architecture | x86_64, AArch64, s390x (IBM Z), ppc64le (IBM Power) | | Red Hat OpenShift a| * Version: 4.14 * num_of_control_nodes: 1 * num_of_worker_nodes: 1 -| Ansible-core | Ansible-core version {CoreUseVers} or later -| Browser | A currently supported version of Mozilla Firefox or Google Chrome. -| Database | {PostgresVers} +| +| Ansible-core | Ansible-core version {CoreUseVers} or later | +| Browser | A currently supported version of Mozilla Firefox or Google Chrome. | +| Database +a| +* For {PlatformNameShort} managed databases: {PostgresVers} +* For customer provided (external) databases: {PostgresVers}, 16, or 17. +a| +* External (customer supported) databases require ICU support. +* External databases using PostgreSQL 16 or 17 must rely on external backup and restore processes. Backup and restore functionality is dependent on utilities provided with {PostgresVers}. |==== == Example custom resource file diff --git a/downstream/snippets/rpm-env-a-tested-system-config.adoc b/downstream/snippets/rpm-env-a-tested-system-config.adoc index 4593c2ffdb..35a89aabeb 100644 --- a/downstream/snippets/rpm-env-a-tested-system-config.adoc +++ b/downstream/snippets/rpm-env-a-tested-system-config.adoc @@ -4,12 +4,15 @@ |==== | Type | Description | | Subscription | Valid {PlatformName} subscription | -| Operating system -a| -* {RHEL} 8.8 or later minor versions of {RHEL} 8. -* {RHEL} 9.2 or later minor versions of {RHEL} 9. | +| Operating system | {RHEL} 9.4 or later minor versions of {RHEL} 9. | | CPU architecture | x86_64, AArch64, s390x (IBM Z), ppc64le (IBM Power) | | `ansible-core` | `ansible-core` version {CoreUseVers} or later | {PlatformNameShort} uses the system-wide ansible-core package to install the platform, but uses ansible-core 2.16 for both its control plane and built-in execution environments. | Browser | A currently supported version of Mozilla Firefox or Google Chrome | -| Database | {PostgresVers} | External (customer supported) databases require ICU support. -|==== \ No newline at end of file +| Database +a| +* For {PlatformNameShort} managed databases: {PostgresVers} +* For customer provided (external) databases: {PostgresVers}, 16, or 17. +a| +* External (customer supported) databases require ICU support. +* External databases using PostgreSQL 16 or 17 must rely on external backup and restore processes. Backup and restore functionality is dependent on utilities provided with {PostgresVers}. +|==== diff --git a/downstream/titles/topologies/master.adoc b/downstream/titles/topologies/master.adoc index 9b3ab3721c..ff960894d4 100644 --- a/downstream/titles/topologies/master.adoc +++ b/downstream/titles/topologies/master.adoc @@ -11,15 +11,15 @@ include::{Boilerplate}[] include::topologies/assembly-overview-tested-deployment-models.adoc[leveloffset=+1] -//RPM topologies -include::topologies/assembly-rpm-topologies.adoc[leveloffset=+1] - //Container topologies include::topologies/assembly-container-topologies.adoc[leveloffset=+1] //Operator topologies include::topologies/assembly-ocp-topologies.adoc[leveloffset=+1] +//RPM topologies +include::topologies/assembly-rpm-topologies.adoc[leveloffset=+1] + //Automation mesh nodes include::topologies/topologies/ref-mesh-nodes.adoc[leveloffset=+1] From 3a6e07e3e390e947f68d40b0c36976dafb8a0bd4 Mon Sep 17 00:00:00 2001 From: EMcWhinn <122449381+EMcWhinn@users.noreply.github.com> Date: Wed, 30 Jul 2025 11:05:55 +0100 Subject: [PATCH 14/71] 2.6 Adding callback URL field info to OIDC auth section (#3883) (#3937) * Adding callback URL field info to OIDC auth section [DOCS] Generic OIDC Authenticator Does Not Provide a Callback URL https://issues.redhat.com/browse/AAP-49860 Affects `titles/central-auth` * Tech review edit --- .../modules/platform/proc-controller-set-up-generic-oidc.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/downstream/modules/platform/proc-controller-set-up-generic-oidc.adoc b/downstream/modules/platform/proc-controller-set-up-generic-oidc.adoc index 50616d77cf..ee31c711d6 100644 --- a/downstream/modules/platform/proc-controller-set-up-generic-oidc.adoc +++ b/downstream/modules/platform/proc-controller-set-up-generic-oidc.adoc @@ -28,6 +28,10 @@ include::snippets/snip-gw-authentication-auto-migrate.adoc[] * *Access Token URL* * *Access Token Method* * *Authorization URL* +* *Callback URL* - The OIDC *Callback URL* field registers the service as a service provider (SP) with each OIDC provider you have configured. +Leave this field blank. +After you save this authentication method, it is auto generated. +Configure your IdP to allow redirects to this URL as part of the authentication flow. * *ID Key* * *ID Token Issuer* * *JWKS URI* From bee5fabc835fe687c36b40296b619d24accb7b12 Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Wed, 30 Jul 2025 13:24:58 +0100 Subject: [PATCH 15/71] DITA migration changes: CAG Ch 8 (#3940) (#3941) Configuring automation execution UI and modular compliance chapter 8 https://issues.redhat.com/browse/AAP-46725 --- .../assembly-controller-log-files.adoc | 44 +--------------- .../platform/ref-controller-log-files.adoc | 51 +++++++++++++++++++ 2 files changed, 52 insertions(+), 43 deletions(-) create mode 100644 downstream/modules/platform/ref-controller-log-files.adoc diff --git a/downstream/assemblies/platform/assembly-controller-log-files.adoc b/downstream/assemblies/platform/assembly-controller-log-files.adoc index abd45e8609..a3254eb983 100644 --- a/downstream/assemblies/platform/assembly-controller-log-files.adoc +++ b/downstream/assemblies/platform/assembly-controller-log-files.adoc @@ -9,48 +9,6 @@ * `/var/log/tower/` * `/var/log/supervisor/` -In the `/var/log/tower/` directory, you can view logfiles captured by: +include::platform/ref-controller-log-files.adoc[leveloffset=+1] -* *tower.log:* Captures the log messages such as runtime errors that occur when the job is executed. -* *callback_receiver.log:* Captures callback receiver logs that handles callback events when running ansible jobs. -* *dispatcher.log:* Captures log messages for the {ControllerName} dispatcher worker service. -* *job_lifecycle.log:* Captures details of the job run, whether it is blocked, and what condition is blocking it. -* *management_playbooks.log:* Captures the logs of management playbook runs, and isolated job runs such as copying the metadata. -* *rsyslog.err:* Captures rsyslog errors authenticating with external logging services when sending logs to them. -* *task_system.log:* Captures the logs of tasks that {ControllerName} is running in the background, such as adding cluster instances and logs related to information gathering or processing for analytics. -* *tower_rbac_migrations.log:* Captures the logs for rbac database migration or upgrade. -* *tower_system_tracking_migrations.log:* Captures the logs of the controller system tracking migration or upgrade. -* *wsbroadcast.log:* Captures the logs of websocket connections in the controller nodes. -In the `/var/log/supervisor/` directory, you can view logfiles captured by: - -* *awx-callback-receiver.log:* Captures the log of callback receiver that handles callback events when running ansible jobs, managed by `supervisord`. -* *awx-daphne.log:* Captures the logs of Websocket communication of WebUI. -* *awx-dispatcher.log:* Captures the logs that occur when dispatching a task to an {ControllerName} instance, such as when running a job. -* *awx-rsyslog.log:* Captures the logs for the `rsyslog` service. -* *awx-uwsgi.log:* Captures the logs related to uWSGI, which is an application server. -* *awx-wsbroadcast.log:* Captures the logs of the websocket service that is used by {ControllerName}. -* *failure-event-handler.stderr.log:* Captures the standard errors for `/usr/bin/failure-event-handler` supervisord's subprocess. -* *supervisord.log:* Captures the logs related to `supervisord` itself. -* *wsrelay.log:* Captures the communication logs within the websocket relay server. -* *ws_heartbeat.log:* Captures the periodic checks on the health of services running on the host. -* *rsyslog_configurer.log:* Captures rsyslog configuration activity associated with authenticating with external logging services. - -The `/var/log/supervisor/` directory includes `stdout` files for all services as well. - -You can expect the following log paths to be generated by services used by {ControllerName} (and {PlatformNameShort}): - -* */var/log/nginx/* -* */var/lib/pgsql/data/pg_log/* -* */var/log/redis/* - -.Troubleshooting - -Error logs can be found in the following locations: - -* {ControllerNameStart} server errors are logged in `/var/log/tower`. -* Supervisors logs can be found in `/var/log/supervisor/`. -* Nginx web server errors are logged in the httpd error log. -* Configure other {ControllerName} logging needs in `/etc/tower/conf.d/`. - -Explore client-side issues using the JavaScript console built into most browsers and report any errors to Ansible through the Red Hat Customer portal at: https://access.redhat.com/. diff --git a/downstream/modules/platform/ref-controller-log-files.adoc b/downstream/modules/platform/ref-controller-log-files.adoc new file mode 100644 index 0000000000..a6d4779e99 --- /dev/null +++ b/downstream/modules/platform/ref-controller-log-files.adoc @@ -0,0 +1,51 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-controller-log-files"] + += Access {ControllerName} logfiles + +In the `/var/log/tower/` directory, you can view logfiles captured by: + +* *tower.log:* Captures the log messages such as runtime errors that occur when the job is executed. +* *callback_receiver.log:* Captures callback receiver logs that handles callback events when running ansible jobs. +* *dispatcher.log:* Captures log messages for the {ControllerName} dispatcher worker service. +* *job_lifecycle.log:* Captures details of the job run, whether it is blocked, and what condition is blocking it. +* *management_playbooks.log:* Captures the logs of management playbook runs, and isolated job runs such as copying the metadata. +* *rsyslog.err:* Captures rsyslog errors authenticating with external logging services when sending logs to them. +* *task_system.log:* Captures the logs of tasks that {ControllerName} is running in the background, such as adding cluster instances and logs related to information gathering or processing for analytics. +* *tower_rbac_migrations.log:* Captures the logs for rbac database migration or upgrade. +* *tower_system_tracking_migrations.log:* Captures the logs of the controller system tracking migration or upgrade. +* *wsbroadcast.log:* Captures the logs of websocket connections in the controller nodes. + +In the `/var/log/supervisor/` directory, you can view logfiles captured by: + +* *awx-callback-receiver.log:* Captures the log of callback receiver that handles callback events when running ansible jobs, managed by `supervisord`. +* *awx-daphne.log:* Captures the logs of Websocket communication of WebUI. +* *awx-dispatcher.log:* Captures the logs that occur when dispatching a task to an {ControllerName} instance, such as when running a job. +* *awx-rsyslog.log:* Captures the logs for the `rsyslog` service. +* *awx-uwsgi.log:* Captures the logs related to uWSGI, which is an application server. +* *awx-wsbroadcast.log:* Captures the logs of the websocket service that is used by {ControllerName}. +* *failure-event-handler.stderr.log:* Captures the standard errors for `/usr/bin/failure-event-handler` supervisord's subprocess. +* *supervisord.log:* Captures the logs related to `supervisord` itself. +* *wsrelay.log:* Captures the communication logs within the websocket relay server. +* *ws_heartbeat.log:* Captures the periodic checks on the health of services running on the host. +* *rsyslog_configurer.log:* Captures rsyslog configuration activity associated with authenticating with external logging services. + +The `/var/log/supervisor/` directory includes `stdout` files for all services as well. + +You can expect the following log paths to be generated by services used by {ControllerName} (and {PlatformNameShort}): + +* */var/log/nginx/* +* */var/lib/pgsql/data/pg_log/* +* */var/log/redis/* + +.Troubleshooting + +Error logs can be found in the following locations: + +* {ControllerNameStart} server errors are logged in `/var/log/tower`. +* Supervisors logs can be found in `/var/log/supervisor/`. +* Nginx web server errors are logged in the httpd error log. +* Configure other {ControllerName} logging needs in `/etc/tower/conf.d/`. + +Explore client-side issues using the JavaScript console built into most browsers and report any errors to Ansible through the Red Hat Customer portal at: https://access.redhat.com/. \ No newline at end of file From 9199a352faea21d3b8cea16b915c4ea932a75254 Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Thu, 31 Jul 2025 10:06:17 +0100 Subject: [PATCH 16/71] Adjusting wording for 2.6 version (#3945) * Adjusting wording for 2.6 version * PR suggestions --- .../modules/platform/proc-operator-external-db-controller.adoc | 2 +- .../modules/platform/proc-operator-external-db-gateway.adoc | 2 +- downstream/modules/platform/proc-operator-external-db-hub.adoc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/downstream/modules/platform/proc-operator-external-db-controller.adoc b/downstream/modules/platform/proc-operator-external-db-controller.adoc index ddd852a5a4..ba3a322c6c 100644 --- a/downstream/modules/platform/proc-operator-external-db-controller.adoc +++ b/downstream/modules/platform/proc-operator-external-db-controller.adoc @@ -24,7 +24,7 @@ The external database must be a PostgreSQL database that is the version supporte [NOTE] ==== -{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and PostgreSQL 16 and 17 for external databases. +{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and additionally supports PostgreSQL 15, 16, and 17 for external databases. If you choose to use an externally managed database with version 16 or 17 you must also rely on external backup and restore processes. ==== diff --git a/downstream/modules/platform/proc-operator-external-db-gateway.adoc b/downstream/modules/platform/proc-operator-external-db-gateway.adoc index c299fbb532..5b8f240de4 100644 --- a/downstream/modules/platform/proc-operator-external-db-gateway.adoc +++ b/downstream/modules/platform/proc-operator-external-db-gateway.adoc @@ -44,7 +44,7 @@ The external database must be a PostgreSQL database that is the version supporte [NOTE] ==== -{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and PostgreSQL 16 and 17 for external databases. +{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and additionally supports PostgreSQL 15, 16, and 17 for external databases. If you choose to use an externally managed database with version 16 or 17 you must also rely on external backup and restore processes. ==== diff --git a/downstream/modules/platform/proc-operator-external-db-hub.adoc b/downstream/modules/platform/proc-operator-external-db-hub.adoc index 27c3e0a137..68e8ef6919 100644 --- a/downstream/modules/platform/proc-operator-external-db-hub.adoc +++ b/downstream/modules/platform/proc-operator-external-db-hub.adoc @@ -25,7 +25,7 @@ The external postgres instance credentials and connection information will need [NOTE] ==== -{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and PostgreSQL 16 and 17 for external databases. +{PlatformNameShort} {PlatformVers} supports {PostgresVers} for its managed databases and additionally supports PostgreSQL 15, 16, and 17 for external databases. If you choose to use an externally managed database with version 16 or 17 you must also rely on external backup and restore processes. ==== From 40abadf1d7aec8a4271b88221117823e06cdeee3 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Thu, 31 Jul 2025 10:19:17 +0100 Subject: [PATCH 17/71] Add backup/restore note to Containerized installation (#3946) (#3948) Containerized installation - Update backup & restore procedures to ensure clarity regarding the latest version prerequisite https://issues.redhat.com/browse/AAP-46266 --- .../modules/platform/proc-backup-aap-container.adoc | 9 +++++++++ .../modules/platform/proc-restore-aap-container.adoc | 11 ++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/downstream/modules/platform/proc-backup-aap-container.adoc b/downstream/modules/platform/proc-backup-aap-container.adoc index 3da00566f9..fde7d061bb 100644 --- a/downstream/modules/platform/proc-backup-aap-container.adoc +++ b/downstream/modules/platform/proc-backup-aap-container.adoc @@ -4,8 +4,17 @@ = Backing up containerized {PlatformNameShort} +[role="_abstract"] Perform a backup of your {ContainerBase} of {PlatformNameShort}. +[NOTE] +==== +When backing up {PlatformNameShort}, use the installation program that matches your currently installed version of {PlatformNameShort}. + +Backup functionality only works with the PostgreSQL versions supported by your current {PlatformNameShort} version. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/aap-containerized-installation#system-requirements[System requirements]. +==== + .Prerequisites * You have logged in to the {RHEL} host as your dedicated non-root user. diff --git a/downstream/modules/platform/proc-restore-aap-container.adoc b/downstream/modules/platform/proc-restore-aap-container.adoc index cba4808307..0be6e84ea0 100644 --- a/downstream/modules/platform/proc-restore-aap-container.adoc +++ b/downstream/modules/platform/proc-restore-aap-container.adoc @@ -3,11 +3,20 @@ [id="proc-restore-aap-container"] = Restoring containerized {PlatformNameShort} +[role="_abstract"] Restore your {ContainerBase} of {PlatformNameShort} from a backup, or to a different environment. +[NOTE] +==== +When restoring {PlatformNameShort}, use the latest installation program available at the time of the restore. For example, if you are restoring a backup taken from version `2.6-1`, use the latest `2.6-x` installation program available at the time of the restore. + +Restore functionality only works with the PostgreSQL versions supported by your current {PlatformNameShort} version. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/aap-containerized-installation#system-requirements[System requirements]. +==== + .Prerequisites * You have logged in to the {RHEL} host as your dedicated non-root user. -* You have a backup of your {PlatformNameShort} deployment. For more information, see link:{URLContainerizedInstall}/aap-containerized-installation#backing-up-containerized-ansible-automation-platform[Backing up container-based {PlatformNameShort}]. +* You have a backup of your {PlatformNameShort} deployment. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/containerized_installation/aap-containerized-installation#backing-up-containerized-ansible-automation-platform[Backing up containerized {PlatformNameShort}]. * If restoring to a different environment with the same hostnames, you have performed a fresh installation on the target environment with the same topology as the original (source) environment. * You have ensured that the administrator credentials on the target environment match the administrator credentials from the source environment. From 50da8b93118002fab4a12edeb9e77210ecda75dc Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Thu, 31 Jul 2025 10:31:23 +0100 Subject: [PATCH 18/71] Update controller version (#3950) (#3951) Incorrect Controller version in documentation https://issues.redhat.com/browse/AAP-44204 --- .../assemblies/platform/assembly-aap-upgrading-platform.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/downstream/assemblies/platform/assembly-aap-upgrading-platform.adoc b/downstream/assemblies/platform/assembly-aap-upgrading-platform.adoc index 85c5056c68..3aec1d6227 100644 --- a/downstream/assemblies/platform/assembly-aap-upgrading-platform.adoc +++ b/downstream/assemblies/platform/assembly-aap-upgrading-platform.adoc @@ -20,7 +20,7 @@ You can then download the desired version of the {PlatformNameShort} installer, * Prior to upgrading your {PlatformName}, ensure you have reviewed {LinkPlanningGuide} for a successful upgrade. You can then download the desired version of the {PlatformNameShort} installer, configure the inventory file in the installation bundle to reflect your environment, and then run the installer. -* Prior to upgrading your {PlatformName}, ensure you have upgraded to {ControllerName} 2.5 or later. +* Before upgrading your {PlatformName}, ensure you have upgraded to {ControllerName} 4.5 or later. * When upgrading to {PlatformNameShort} {PlatformVers}, you must use RPM installer version 2.5-11 or later. If you use an older installer, the installation might fail. If you encounter a failed installation using an older version of the installer, rerun the installation with RPM installer version 2.5-11 or later. From 7f152fe239861f97a313f0781a8ed87612cbbff4 Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:21:38 +0100 Subject: [PATCH 19/71] 2.6 DITA migration changes: CAG Ch 9 (#3953) (#3955) Configuring automation execution UI and modular compliance chapter 9 https://issues.redhat.com/browse/AAP-46726 --- ...assembly-controller-logging-aggregation.adoc | 17 ++++++++++++++++- .../proc-controller-set-up-logging.adoc | 2 +- .../ref-controller-activity-stream-schema.adoc | 10 ++++++++-- .../ref-controller-job-status-changes.adoc | 2 +- .../ref-controller-log-aggregators.adoc | 8 ++++---- .../modules/platform/ref-controller-logs.adoc | 5 +++-- ...ef-controller-scan-fact-tracking-schema.adoc | 2 +- .../ref-controller-troubleshoot-logging.adoc | 16 ++++++---------- 8 files changed, 40 insertions(+), 22 deletions(-) diff --git a/downstream/assemblies/platform/assembly-controller-logging-aggregation.adoc b/downstream/assemblies/platform/assembly-controller-logging-aggregation.adoc index 40b0e37425..0cb305cdce 100644 --- a/downstream/assemblies/platform/assembly-controller-logging-aggregation.adoc +++ b/downstream/assemblies/platform/assembly-controller-logging-aggregation.adoc @@ -46,17 +46,32 @@ For example, if `Splunk` goes offline, `rsyslogd` stores a queue on the disk unt By default, it stores up to 1GB of events (while Splunk is offline) but you can increase that to more than 1GB if necessary, or change the path where you save the queue. include::platform/ref-controller-loggers.adoc[leveloffset=+1] + include::platform/ref-controller-log-message-schema.adoc[leveloffset=+2] + include::platform/ref-controller-activity-stream-schema.adoc[leveloffset=+2] -include::platform/ref-controller-job-event-schema.adoc[leveloffset=+2] + +// Included this in activity-stream +//include::platform/ref-controller-job-event-schema.adoc[leveloffset=+2] + include::platform/ref-controller-scan-fact-tracking-schema.adoc[leveloffset=+2] + include::platform/ref-controller-job-status-changes.adoc[leveloffset=+2] + include::platform/ref-controller-logs.adoc[leveloffset=+2] + include::platform/ref-controller-log-aggregators.adoc[leveloffset=+2] + include::platform/ref-controller-logging-splunk.adoc[leveloffset=+3] + include::platform/ref-controller-logging-loggly.adoc[leveloffset=+3] + include::platform/ref-controller-logging-sumologic.adoc[leveloffset=+3] + include::platform/ref-controller-logging-elastic-stack.adoc[leveloffset=+3] + include::platform/proc-controller-set-up-logging.adoc[leveloffset=+1] + include::platform/proc-controller-api-4xx-error-config.adoc[leveloffset=2] + include::platform/ref-controller-troubleshoot-logging.adoc[leveloffset=+1] diff --git a/downstream/modules/platform/proc-controller-set-up-logging.adoc b/downstream/modules/platform/proc-controller-set-up-logging.adoc index 8555ae8991..efd859654d 100644 --- a/downstream/modules/platform/proc-controller-set-up-logging.adoc +++ b/downstream/modules/platform/proc-controller-set-up-logging.adoc @@ -57,7 +57,7 @@ Equivalent to the `rsyslogd queue.maxdiskspace` setting on the action (e.g. `omh It stores files in the directory specified by `LOG_AGGREGATOR_MAX_DISK_USAGE_PATH`. * *File system location for rsyslogd disk persistence*: Location to persist logs that should be retried after an outage of the external log aggregator (defaults to `/var/lib/awx`). Equivalent to the `rsyslogd queue.spoolDirectory` setting. -* *Log Format For API 4XX Errors*: Configure a specific error message. For more information, see link:{URLControllerAdminGuide}/assembly-controller-logging-aggregation#proc-controller-api-4xx-error-config[API 4XX Error Configuration]. +* *Log Format For API 4XX Errors*: Configure a specific error message. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#proc-controller-api-4xx-error-config[API 4XX Error Configuration]. Set the following options: diff --git a/downstream/modules/platform/ref-controller-activity-stream-schema.adoc b/downstream/modules/platform/ref-controller-activity-stream-schema.adoc index f27fbccc62..cee888b927 100644 --- a/downstream/modules/platform/ref-controller-activity-stream-schema.adoc +++ b/downstream/modules/platform/ref-controller-activity-stream-schema.adoc @@ -4,7 +4,7 @@ = Activity stream schema -This uses the fields common to all loggers listed in xref:ref-controller-log-message-schema[Log message schema]. +This uses the fields common to all loggers listed in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers)/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-log-message-schema[Log message schema]. It has the following additional fields: @@ -12,4 +12,10 @@ It has the following additional fields: * `changes`: JSON summary of what fields changed, and their old or new values. * `operation`: The basic category of the changes logged in the activity stream, for instance, "associate". * `object1`: Information about the primary object being operated on, consistent with what is shown in the activity stream. -* `object2`: If applicable, the second object involved in the action. \ No newline at end of file +* `object2`: If applicable, the second object involved in the action. + +This logger reflects the data being saved into job events, except when they would otherwise conflict with expected standard fields from the logger, in which case the fields are nested. +Notably, the field host on the `job_event` model is given as `event_host`. +There is also a sub-dictionary field, `event_data` within the payload, which contains different fields depending on the specifics of the Ansible event. + +This logger also includes the common fields in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-log-message-schema[Log message schema]. \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-job-status-changes.adoc b/downstream/modules/platform/ref-controller-job-status-changes.adoc index 03d76f4650..edb153c795 100644 --- a/downstream/modules/platform/ref-controller-job-status-changes.adoc +++ b/downstream/modules/platform/ref-controller-job-status-changes.adoc @@ -6,4 +6,4 @@ This is a lower-volume source of information about changes in job states compared to job events, and captures changes to types of unified jobs other than job template based jobs. -This logger also includes the common fields in xref:ref-controller-log-message-schema[Log message schema] and fields present on the job model. \ No newline at end of file +This logger also includes the common fields in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-log-message-schema[Log message schema] and fields present on the job model. \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-log-aggregators.adoc b/downstream/modules/platform/ref-controller-log-aggregators.adoc index f40c63560d..447c733ac6 100644 --- a/downstream/modules/platform/ref-controller-log-aggregators.adoc +++ b/downstream/modules/platform/ref-controller-log-aggregators.adoc @@ -6,7 +6,7 @@ The logging aggregator service works with the following monitoring and data analysis systems: -* xref:ref-controller-logging-splunk[Splunk] -* xref:ref-controller-logging-loggly[Loggly] -* xref:ref-controller-logging-sumologic[Sumologic] -* xref:ref-controller-logging-elastic-stack[Elastic Stack (formerly ELK stack)] \ No newline at end of file +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{Plaformvers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-splunk[Splunk] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-loggly[Loggly] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-sumologic[Sumologic] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlaformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-elastic-stack[Elastic Stack (formerly ELK stack)] \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-logs.adoc b/downstream/modules/platform/ref-controller-logs.adoc index 36b34a2048..1cf63b7b3b 100644 --- a/downstream/modules/platform/ref-controller-logs.adoc +++ b/downstream/modules/platform/ref-controller-logs.adoc @@ -4,8 +4,9 @@ = {ControllerNameStart} logs -This logger also includes the common fields in xref:ref-controller-log-message-schema[Log message schema]. +This logger also includes the common fields in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-log-message-schema[Log message schema]. In addition, this contains a `msg` field with the log message. Errors contain a separate `traceback` field. -From the navigation panel, select {MenuSetLogging}. On the *Logging Settings* page click btn:[Edit] and use the *ENABLE EXTERNAL LOGGING* option to enable or disable the logging components. +From the navigation panel, select {MenuSetLogging}. +On the *Logging Settings* page click btn:[Edit] and use the *ENABLE EXTERNAL LOGGING* option to enable or disable the logging components. diff --git a/downstream/modules/platform/ref-controller-scan-fact-tracking-schema.adoc b/downstream/modules/platform/ref-controller-scan-fact-tracking-schema.adoc index c12dc3baf5..cad23f8648 100644 --- a/downstream/modules/platform/ref-controller-scan-fact-tracking-schema.adoc +++ b/downstream/modules/platform/ref-controller-scan-fact-tracking-schema.adoc @@ -17,4 +17,4 @@ Periods are not allowed by elastic search in names, and are replaced with "_" by * `host`: Name of the host the scan applies to. * `inventory_id`: The inventory id the host is inside of. -This logger also includes the common fields in xref:ref-controller-log-message-schema[Log message schema]. \ No newline at end of file +This logger also includes the common fields in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-log-message-schema[Log message schema]. \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-troubleshoot-logging.adoc b/downstream/modules/platform/ref-controller-troubleshoot-logging.adoc index 2f906669ac..c163c44c29 100644 --- a/downstream/modules/platform/ref-controller-troubleshoot-logging.adoc +++ b/downstream/modules/platform/ref-controller-troubleshoot-logging.adoc @@ -4,27 +4,23 @@ = Troubleshooting logging -[discrete] -=== Logging Aggregation +*Logging Aggregation* If you have sent a message with the test button to your configured logging service through http or https, but did not receive the message, check the `/var/log/tower/rsyslog.err` log file. This is where errors are stored if they occurred when authenticating rsyslog with an http or https external logging service. Note that if there are no errors, this file does not exist. -[discrete] -=== API 4XX Errors +*API 4XX Errors* You can include the API error message for 4XX errors by modifying the log format for those messages. -Refer to the xref:proc-controller-api-4xx-error-config[API 4XX Error Configuration]. +Refer to the link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#proc-controller-api-4xx-error-config[API 4XX Error Configuration]. -[discrete] -=== LDAP +*LDAP* You can enable logging messages for the LDAP adapter. -For more information, see xref:proc-controller-api-4xx-error-config[API 4XX Error Configuration]. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#proc-controller-api-4xx-error-config[API 4XX Error Configuration]. -[discrete] -=== SAML +*SAML* You can enable logging messages for the SAML adapter the same way you can enable logging for LDAP. //Refer to the xref:controller-enable-logging-LDAP[Enabling logging for LDAP] section for more detail. \ No newline at end of file From 1bb1d361c52bab56ee4c082039968d1be9afa7a1 Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Thu, 31 Jul 2025 11:53:48 +0100 Subject: [PATCH 20/71] Add reference to AWS (#3957) (#3959) Include specific reference to AWS Managed coverage within automation mesh docs for operator-based envs. https://issues.redhat.com/browse/AAP-50358 --- downstream/assemblies/platform/assembly-planning-mesh.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/downstream/assemblies/platform/assembly-planning-mesh.adoc b/downstream/assemblies/platform/assembly-planning-mesh.adoc index 9ebccf69cc..7bcd76758e 100644 --- a/downstream/assemblies/platform/assembly-planning-mesh.adoc +++ b/downstream/assemblies/platform/assembly-planning-mesh.adoc @@ -19,7 +19,7 @@ Simple to complex topology examples are included to illustrate the various ways endif::mesh-VM[] ifdef::operator-mesh[] The following topics contain information to help plan an {AutomationMesh} deployment in your operator-based {PlatformName} environment. -The document covers the setting up of {AutomationMesh} on operator-based deployments, such as {OCPShort} and {PlatformNameShort} on {Azure} managed application. +The document covers the setting up of {AutomationMesh} on operator-based deployments, such as {OCPShort} and {PlatformNameShort} on {AWS} (AWS) and {Azure} managed applications. endif::operator-mesh[] include::platform/con-about-automation-mesh.adoc[leveloffset=+1] From 584bba9d865d1c03e908a2caa2c2c6cd52a5c5fa Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Thu, 31 Jul 2025 13:09:24 +0100 Subject: [PATCH 21/71] Corrected links (#3935) (#3961) Broken Link Report July 21 2025 https://issues.redhat.com/browse/AAP-50562 LGTM --- .../platform/ref-controller-credential-hashiCorp-vault.adoc | 2 +- .../modules/platform/ref-controller-credential-network.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc b/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc index 615276f5db..9fd8ee9466 100644 --- a/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc +++ b/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc @@ -6,4 +6,4 @@ This is considered part of the secret management capability. -For more information, see link:{URLControllerAdminGuide}/controller-credentials#ref-controller-credential-hasiCorp-secret[HashiCorp Vault Signed SSH]. \ No newline at end of file +For more information, see link:{URLControllerAdminGuide}/assembly-controller-secret-management#ref-hashicorp-signed-ssh[HashiCorp Vault Signed SSH]. \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-credential-network.adoc b/downstream/modules/platform/ref-controller-credential-network.adoc index 5d183bb299..7c8755369d 100644 --- a/downstream/modules/platform/ref-controller-credential-network.adoc +++ b/downstream/modules/platform/ref-controller-credential-network.adoc @@ -14,7 +14,7 @@ When connecting to network devices, the credential type must match the connectio * For `local` connections using `provider`, credential type should be *Network*. * For all other network connections (`httpapi`, `netconf`, and `network_cli`), the credential type should be *Machine*. -For more information about connection types available for network devices, see link:{URLControllerUserGuide}/using_automation_execution/controller-credentials#ref-controller-multiple-connection-protocols[Multiple Communication Protocols]. +For more information about connection types available for network devices, see link:{URLControllerUserGuide}/controller-credentials#ref-controller-multiple-connection-protocols[Multiple Communication Protocols]. {ControllerNameStart} uses the following environment variables for Network credentials: From bfe9ad143ba9dac8d208de90aa4319fd866a6afd Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Thu, 31 Jul 2025 13:44:00 +0100 Subject: [PATCH 22/71] Update docs for mod docs (#3956) (#3962) Affected titles: - `titles/aap-containerized-install` - `titles/topologies` - `titles/aap-migration` - `titles/troubleshooting-aap` Ansible DITA readiness (2025-07-09) - Michelle https://issues.redhat.com/browse/AAP-49393 --- .../aap-migration/assembly-migration-artifact.adoc | 1 + .../assembly-migration-prerequisites.adoc | 1 + .../aap-migration/assembly-source-containerized.adoc | 1 + .../assemblies/aap-migration/assembly-source-rpm.adoc | 1 + .../aap-migration/assembly-target-containerized.adoc | 1 + .../aap-migration/assembly-target-managed-aap.adoc | 1 + .../assemblies/aap-migration/assembly-target-ocp.adoc | 1 + .../assembly-aap-containerized-installation.adoc | 1 + .../assembly-appendix-inventory-file-vars.adoc | 2 +- ...embly-appendix-troubleshoot-containerized-aap.adoc | 1 + .../platform/assembly-configure-hub-storage.adoc | 1 + .../assembly-setup-postgresql-ext-database.adoc | 11 ++++++----- .../assembly-using-custom-tls-certificates.adoc | 1 + .../assembly-appendix-topology-resources.adoc | 3 +++ .../topologies/assembly-container-topologies.adoc | 2 ++ .../topologies/assembly-ocp-topologies.adoc | 2 ++ .../assembly-overview-tested-deployment-models.adoc | 3 +++ .../topologies/assembly-rpm-topologies.adoc | 1 + .../assembly-diagnosing-the-problem.adoc | 1 + .../assembly-troubleshoot-backup-recovery.adoc | 5 ++++- .../assembly-troubleshoot-controller.adoc | 5 ++++- .../assembly-troubleshoot-execution-environments.adoc | 3 ++- .../assembly-troubleshoot-installation.adoc | 3 ++- .../assembly-troubleshoot-jobs.adoc | 1 + .../assembly-troubleshoot-networking.adoc | 3 ++- .../assembly-troubleshoot-playbooks.adoc | 4 +++- .../assembly-troubleshoot-upgrade.adoc | 5 +++-- .../modules/aap-migration/con-artifact-structure.adoc | 1 + .../con-containerized-to-managed-prerequisites.adoc | 1 + .../con-containerized-to-ocp-prerequisites.adoc | 1 + .../con-introduction-and-objectives.adoc | 1 + .../modules/aap-migration/con-manifest-file.adoc | 1 + .../aap-migration/con-migration-process-overview.adoc | 1 + .../modules/aap-migration/con-out-of-scope.adoc | 1 + .../con-rpm-to-containerized-prerequisites.adoc | 1 + .../con-rpm-to-managed-prerequisites.adoc | 1 + .../aap-migration/con-rpm-to-ocp-prerequisites.adoc | 1 + .../modules/aap-migration/con-secrets-file.adoc | 3 ++- .../aap-migration/proc-containerized-post-import.adoc | 1 + .../proc-containerized-target-import.adoc | 1 + .../aap-migration/proc-containerized-target-prep.adoc | 1 + .../aap-migration/proc-containerized-validation.adoc | 1 + .../aap-migration/proc-managed-post-import.adoc | 1 + .../aap-migration/proc-managed-target-migration.adoc | 3 +++ .../modules/aap-migration/proc-ocp-post-import.adoc | 1 + .../modules/aap-migration/proc-ocp-target-import.adoc | 1 + .../modules/aap-migration/proc-ocp-target-prep.adoc | 1 + .../modules/aap-migration/proc-ocp-validation.adoc | 1 + .../proc-rpm-environment-source-prep.adoc | 1 + .../proc-rpm-source-environment-export.adoc | 1 + .../ref-migration-artifact-checklist.adoc | 1 + .../con-certs-per-service-considerations.adoc | 1 + .../platform/con-installer-generated-certs.adoc | 1 + .../platform/con-receptor-cert-considerations.adoc | 1 + .../platform/proc-add-eda-safe-plugin-var.adoc | 2 +- .../modules/platform/proc-configure-ext-db-mtls.adoc | 1 + .../proc-configure-haproxy-load-balancer.adoc | 1 + .../platform/proc-configure-hub-azure-storage.adoc | 1 + .../platform/proc-configure-hub-nfs-storage.adoc | 1 + .../platform/proc-configure-hub-s3-storage.adoc | 1 + ...roc-containerized-troubleshoot-gathering-logs.adoc | 5 +---- .../platform/proc-downloading-containerized-aap.adoc | 1 + .../platform/proc-enable-hstore-extension.adoc | 1 + ...tomation-hub-collection-and-container-signing.adoc | 1 + .../platform/proc-installing-containerized-aap.adoc | 1 + ...-managed-nodes-for-containerized-installation.adoc | 1 + ...-the-rhel-host-for-containerized-installation.adoc | 1 + .../modules/platform/proc-provide-custom-ca-cert.adoc | 1 + .../proc-provide-custom-tls-certs-per-service.adoc | 1 + .../platform/proc-reinstalling-containerized-aap.adoc | 1 - .../platform/proc-set-registry-username-password.adoc | 1 + .../platform/proc-setup-ext-db-with-admin-creds.adoc | 1 + .../proc-setup-ext-db-without-admin-creds.adoc | 1 + .../platform/proc-uninstalling-containerized-aap.adoc | 1 + .../modules/platform/proc-update-aap-container.adoc | 1 + .../modules/platform/proc-use-custom-ca-certs.adoc | 1 + .../modules/platform/ref-adding-execution-nodes.adoc | 4 +--- .../platform/ref-ansible-inventory-variables.adoc | 1 + .../platform/ref-configuring-inventory-file.adoc | 1 + .../platform/ref-cont-aap-system-requirements.adoc | 1 + .../ref-containerized-troubleshoot-config.adoc | 3 +++ .../ref-containerized-troubleshoot-diagnosing.adoc | 1 + .../ref-containerized-troubleshoot-install.adoc | 3 +++ .../platform/ref-containerized-troubleshoot-ref.adoc | 3 +++ .../modules/platform/ref-controller-variables.adoc | 3 +++ .../platform/ref-database-inventory-variables.adoc | 3 +++ .../platform/ref-eda-controller-variables.adoc | 3 +++ .../modules/platform/ref-gateway-variables.adoc | 4 +++- .../platform/ref-general-inventory-variables.adoc | 3 +++ downstream/modules/platform/ref-hub-variables.adoc | 3 +++ .../platform/ref-images-inventory-variables.adoc | 3 +++ .../platform/ref-receptor-inventory-variables.adoc | 3 +++ .../platform/ref-redis-inventory-variables.adoc | 3 +++ downstream/modules/topologies/ref-cont-a-env-a.adoc | 1 + downstream/modules/topologies/ref-cont-b-env-a.adoc | 1 + .../ref-installation-deployment-models.adoc | 1 + downstream/modules/topologies/ref-mesh-nodes.adoc | 2 ++ downstream/modules/topologies/ref-ocp-a-env-a.adoc | 2 ++ downstream/modules/topologies/ref-ocp-b-env-a.adoc | 2 ++ downstream/modules/topologies/ref-rpm-a-env-a.adoc | 1 + downstream/modules/topologies/ref-rpm-b-env-a.adoc | 1 + .../proc-troubleshoot-aap-packages.adoc | 4 +++- .../proc-troubleshoot-job-pending.adoc | 2 ++ .../proc-troubleshoot-job-permissions.adoc | 1 + .../proc-troubleshoot-job-resolve-module.adoc | 1 + .../proc-troubleshoot-job-timeout.adoc | 1 + .../proc-troubleshoot-must-gather.adoc | 1 + .../proc-troubleshoot-sosreport.adoc | 2 ++ .../proc-troubleshoot-ssl-tls-issues.adoc | 1 + .../proc-troubleshoot-subnet-conflict.adoc | 2 ++ .../proc-troubleshoot-use-in-controller.adoc | 7 +++---- 111 files changed, 171 insertions(+), 30 deletions(-) diff --git a/downstream/assemblies/aap-migration/assembly-migration-artifact.adoc b/downstream/assemblies/aap-migration/assembly-migration-artifact.adoc index 35befe8600..6ab9730bf9 100644 --- a/downstream/assemblies/aap-migration/assembly-migration-artifact.adoc +++ b/downstream/assemblies/aap-migration/assembly-migration-artifact.adoc @@ -3,6 +3,7 @@ [id="migration-artifact"] = Migration artifact structure and verification +[role="_abstract"] The migration artifact is a critical component for successfully transferring your {PlatformNameShort} deployment. It packages all necessary data and configurations from your source environment. This section details the structure of the migration artifact and includes a migration checklist for artifact verification. diff --git a/downstream/assemblies/aap-migration/assembly-migration-prerequisites.adoc b/downstream/assemblies/aap-migration/assembly-migration-prerequisites.adoc index da1e32a941..8abcdd9b69 100644 --- a/downstream/assemblies/aap-migration/assembly-migration-prerequisites.adoc +++ b/downstream/assemblies/aap-migration/assembly-migration-prerequisites.adoc @@ -3,6 +3,7 @@ [id="migration-prerequisites"] = Migration prerequisites +[role="_abstract"] Prerequisites for migrating your {PlatformNameShort} deployment. For your specific migration path, ensure that you meet all necessary conditions before proceeding. include::aap-migration/con-rpm-to-containerized-prerequisites.adoc[leveloffset=+1] diff --git a/downstream/assemblies/aap-migration/assembly-source-containerized.adoc b/downstream/assemblies/aap-migration/assembly-source-containerized.adoc index ea79fe0f99..b380de83f7 100644 --- a/downstream/assemblies/aap-migration/assembly-source-containerized.adoc +++ b/downstream/assemblies/aap-migration/assembly-source-containerized.adoc @@ -3,6 +3,7 @@ [id="source-containerized"] = Container-based {PlatformNameShort} +[role="_abstract"] Prepare and export data from your container-based {PlatformNameShort} deployment. include::aap-migration/proc-containerized-source-environment-preparation-assessment.adoc[leveloffset=+1] diff --git a/downstream/assemblies/aap-migration/assembly-source-rpm.adoc b/downstream/assemblies/aap-migration/assembly-source-rpm.adoc index 9b661f385f..d6b54a9617 100644 --- a/downstream/assemblies/aap-migration/assembly-source-rpm.adoc +++ b/downstream/assemblies/aap-migration/assembly-source-rpm.adoc @@ -3,6 +3,7 @@ [id="source-rpm"] = RPM-based {PlatformNameShort} +[role="_abstract"] Prepare and export data from your RPM-based {PlatformNameShort} deployment. include::aap-migration/proc-rpm-environment-source-prep.adoc[leveloffset=+1] diff --git a/downstream/assemblies/aap-migration/assembly-target-containerized.adoc b/downstream/assemblies/aap-migration/assembly-target-containerized.adoc index bed0505c07..216b25bab3 100644 --- a/downstream/assemblies/aap-migration/assembly-target-containerized.adoc +++ b/downstream/assemblies/aap-migration/assembly-target-containerized.adoc @@ -3,6 +3,7 @@ [id="target-containerized"] = Container-based {PlatformNameShort} +[role="_abstract"] Prepare and assess your target container-based {PlatformNameShort} environment, and import and reconcile your migrated content. include::aap-migration/proc-containerized-target-prep.adoc[leveloffset=+1] diff --git a/downstream/assemblies/aap-migration/assembly-target-managed-aap.adoc b/downstream/assemblies/aap-migration/assembly-target-managed-aap.adoc index 4c075684c6..0baf95c287 100644 --- a/downstream/assemblies/aap-migration/assembly-target-managed-aap.adoc +++ b/downstream/assemblies/aap-migration/assembly-target-managed-aap.adoc @@ -3,6 +3,7 @@ [id="target-managed-aap"] = Managed {PlatformNameShort} +[role="_abstract"] Prepare and migrate your source environment to a Managed {PlatformNameShort} deployment, and reconcile the target environment post-migration. include::aap-migration/proc-managed-target-migration.adoc[leveloffset=+1] diff --git a/downstream/assemblies/aap-migration/assembly-target-ocp.adoc b/downstream/assemblies/aap-migration/assembly-target-ocp.adoc index 85d07a74e9..b18e32454c 100644 --- a/downstream/assemblies/aap-migration/assembly-target-ocp.adoc +++ b/downstream/assemblies/aap-migration/assembly-target-ocp.adoc @@ -3,6 +3,7 @@ [id="target-ocp"] = {OCPShort} +[role="_abstract"] Prepare and assess your target {OCPShort} environment, and import and reconcile your migrated content. include::aap-migration/proc-ocp-target-prep.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc b/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc index 1dacd46dc3..fa22ecada8 100644 --- a/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc +++ b/downstream/assemblies/platform/assembly-aap-containerized-installation.adoc @@ -6,6 +6,7 @@ ifdef::context[:parent-context: {context}] :context: aap-containerized-installation +[role="_abstract"] {PlatformNameShort} is a commercial offering that helps teams manage complex multi-tier deployments by adding control, knowledge, and delegation to Ansible-powered environments. This guide helps you to understand the installation requirements and processes behind the containerized version of {PlatformNameShort}. diff --git a/downstream/assemblies/platform/assembly-appendix-inventory-file-vars.adoc b/downstream/assemblies/platform/assembly-appendix-inventory-file-vars.adoc index 04934674cb..7992e1b5e8 100644 --- a/downstream/assemblies/platform/assembly-appendix-inventory-file-vars.adoc +++ b/downstream/assemblies/platform/assembly-appendix-inventory-file-vars.adoc @@ -3,7 +3,7 @@ [id="appendix-inventory-files-vars"] = Inventory file variables - +[role="_abstract"] The following tables contain information about the variables used in {PlatformNameShort}'s installation `inventory` files. The tables include the variables that you can use for RPM-based installation and {ContainerBase}. include::platform/ref-ansible-inventory-variables.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-appendix-troubleshoot-containerized-aap.adoc b/downstream/assemblies/platform/assembly-appendix-troubleshoot-containerized-aap.adoc index 00013798f5..46750229ab 100644 --- a/downstream/assemblies/platform/assembly-appendix-troubleshoot-containerized-aap.adoc +++ b/downstream/assemblies/platform/assembly-appendix-troubleshoot-containerized-aap.adoc @@ -7,6 +7,7 @@ ifdef::context[:parent-context: {context}] :context: troubleshooting-containerized-aap +[role="_abstract"] Use this information to troubleshoot your containerized {PlatformNameShort} installation. include::platform/proc-containerized-troubleshoot-gathering-logs.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-configure-hub-storage.adoc b/downstream/assemblies/platform/assembly-configure-hub-storage.adoc index 1608429921..6a485f8c68 100644 --- a/downstream/assemblies/platform/assembly-configure-hub-storage.adoc +++ b/downstream/assemblies/platform/assembly-configure-hub-storage.adoc @@ -5,6 +5,7 @@ ifdef::context[:parent-context: {context}] = Configuring storage for {HubName} +[role="_abstract"] Configure storage backends for {HubName} including Amazon S3, Azure Blob Storage, and Network File System (NFS) storage. include::platform/proc-configure-hub-s3-storage.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-setup-postgresql-ext-database.adoc b/downstream/assemblies/platform/assembly-setup-postgresql-ext-database.adoc index fe69b56cbc..0a9dc34854 100644 --- a/downstream/assemblies/platform/assembly-setup-postgresql-ext-database.adoc +++ b/downstream/assemblies/platform/assembly-setup-postgresql-ext-database.adoc @@ -5,6 +5,12 @@ ifdef::context[:parent-context: {context}] = Setting up a customer provided (external) database +[role="_abstract"] +There are two possible scenarios for setting up an external database: + +. An external database with PostgreSQL admin credentials +. An external database without PostgreSQL admin credentials + [IMPORTANT] ==== * When using an external database with {PlatformNameShort}, you must create and maintain that database. Ensure that you clear your external database when uninstalling {PlatformNameShort}. @@ -14,11 +20,6 @@ ifdef::context[:parent-context: {context}] * During configuration of an external database, you must check the external database coverage. For more information, see link:https://access.redhat.com/articles/4010491[{PlatformName} Database Scope of Coverage]. ==== -There are two possible scenarios for setting up an external database: - -. An external database with PostgreSQL admin credentials -. An external database without PostgreSQL admin credentials - include::platform/proc-setup-ext-db-with-admin-creds.adoc[leveloffset=+1] include::platform/proc-setup-ext-db-without-admin-creds.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc b/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc index c5efd3cae5..93369f5119 100644 --- a/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc +++ b/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc @@ -5,6 +5,7 @@ ifdef::context[:parent-context: {context}] = Using custom TLS certificates +[role="_abstract"] {PlatformName} uses X.509 certificate and key pairs to secure traffic both internally between {PlatformNameShort} components and externally for public UI and API connections. There are two primary ways to manage TLS certificates for your {PlatformNameShort} deployment: diff --git a/downstream/assemblies/topologies/assembly-appendix-topology-resources.adoc b/downstream/assemblies/topologies/assembly-appendix-topology-resources.adoc index fc7542e791..466fef5fb2 100644 --- a/downstream/assemblies/topologies/assembly-appendix-topology-resources.adoc +++ b/downstream/assemblies/topologies/assembly-appendix-topology-resources.adoc @@ -1,6 +1,9 @@ +:_mod-docs-content-type: ASSEMBLY + [id="appendix-topology-resources"] = Additional resources for tested deployment models +[role="_abstract"] This appendix provides a reference for the additional resources relevant to the tested deployment models outlined in {TitleTopologies}. * For additional information about each of the tested topologies described in this document, see the link:https://github.com/ansible/test-topologies/[test-topologies GitHub repo]. diff --git a/downstream/assemblies/topologies/assembly-container-topologies.adoc b/downstream/assemblies/topologies/assembly-container-topologies.adoc index 34506d2d90..39331669ae 100644 --- a/downstream/assemblies/topologies/assembly-container-topologies.adoc +++ b/downstream/assemblies/topologies/assembly-container-topologies.adoc @@ -1,7 +1,9 @@ +:_mod-docs-content-type: ASSEMBLY [id="container-topologies"] = Container topologies +[role="_abstract"] The containerized installer deploys {PlatformNameShort} on {RHEL} by using Podman which runs the platform in containers on host machines. Customers manage the product and infrastructure lifecycle. //Container growth topology diff --git a/downstream/assemblies/topologies/assembly-ocp-topologies.adoc b/downstream/assemblies/topologies/assembly-ocp-topologies.adoc index e4bfd573ba..6b4b8b1aa2 100644 --- a/downstream/assemblies/topologies/assembly-ocp-topologies.adoc +++ b/downstream/assemblies/topologies/assembly-ocp-topologies.adoc @@ -1,7 +1,9 @@ +:_mod-docs-content-type: ASSEMBLY [id="ocp-topologies"] = Operator topologies +[role="_abstract"] The {OperatorPlatformNameShort} uses Red Hat OpenShift Operators to deploy {PlatformNameShort} within Red Hat OpenShift. Customers manage the product and infrastructure lifecycle. [IMPORTANT] diff --git a/downstream/assemblies/topologies/assembly-overview-tested-deployment-models.adoc b/downstream/assemblies/topologies/assembly-overview-tested-deployment-models.adoc index 391c04bb42..39a0ce4258 100644 --- a/downstream/assemblies/topologies/assembly-overview-tested-deployment-models.adoc +++ b/downstream/assemblies/topologies/assembly-overview-tested-deployment-models.adoc @@ -1,7 +1,10 @@ +:_mod-docs-content-type: ASSEMBLY + [id="overview-tested-deployment-models"] = Overview of tested deployment models +[role="_abstract"] Red Hat tests {PlatformNameShort} {PlatformVers} with a defined set of topologies to give you opinionated deployment options. Deploy all components of {PlatformNameShort} so that all features and capabilities are available for use without the need to take further action. Red Hat tests the installation of {PlatformNameShort} {PlatformVers} based on a defined set of infrastructure topologies or reference architectures. Enterprise organizations can use one of the {EnterpriseTopologyPlural} for production deployments to ensure the highest level of uptime, performance, and continued scalability. Organizations or deployments that are resource constrained can use a {GrowthTopology}. diff --git a/downstream/assemblies/topologies/assembly-rpm-topologies.adoc b/downstream/assemblies/topologies/assembly-rpm-topologies.adoc index ee511d71c6..9f44dd858f 100644 --- a/downstream/assemblies/topologies/assembly-rpm-topologies.adoc +++ b/downstream/assemblies/topologies/assembly-rpm-topologies.adoc @@ -3,6 +3,7 @@ = RPM topologies +[role="_abstract"] The RPM installer deploys {PlatformNameShort} on {RHEL} by using RPMs to install the platform on host machines. Customers manage the product and infrastructure lifecycle. //RPM growth topology diff --git a/downstream/assemblies/troubleshooting-aap/assembly-diagnosing-the-problem.adoc b/downstream/assemblies/troubleshooting-aap/assembly-diagnosing-the-problem.adoc index 357b5051e9..45c3e7e356 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-diagnosing-the-problem.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-diagnosing-the-problem.adoc @@ -4,6 +4,7 @@ = Diagnosing the problem +[role="_abstract"] To start troubleshooting {PlatformNameShort}, use the `must-gather` command on {OCPShort} or the `sos` utility on a {VMBase} to collect configuration and diagnostic information. You can attach the output of these utilities to your support case. include::troubleshooting-aap/proc-troubleshoot-must-gather.adoc[leveloffset=+1] diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-backup-recovery.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-backup-recovery.adoc index a5436bf521..4cfaa2473b 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-backup-recovery.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-backup-recovery.adoc @@ -1,8 +1,11 @@ - +:_mod-docs-content-type: ASSEMBLY [id="troubleshoot-backup-recovery"] = Backup and recovery +[role="_abstract"] +Use this information to troubleshoot backup and recovery. + * For information about performing a backup and recovery of {PlatformNameShort}, see link:{URLControllerAdminGuide}/controller-backup-and-restore[Backup and restore] in _{TitleControllerAdminGuide}_. * For information about troubleshooting backup and recovery for installations of {OperatorPlatformNameShort} on {OCPShort}, see the link:{URLOperatorBackup}/assembly-aap-troubleshoot-backup-recover[Troubleshooting] section in _{TitleOperatorBackup}_. diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-controller.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-controller.adoc index 786946dc94..dbd0aad0d1 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-controller.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-controller.adoc @@ -1,8 +1,11 @@ - +:_mod-docs-content-type: ASSEMBLY [id="troubleshoot-controller"] = Resources for troubleshooting {ControllerName} +[role="_abstract"] +Use the following resources to troubleshoot {ControllerName}. + * For information about troubleshooting {ControllerName}, see link:{URLControllerAdminGuide}/controller-troubleshooting[Troubleshooting {ControllerName}] in _{TitleControllerAdminGuide}_. * For information about troubleshooting the performance of {ControllerName}, see link:{URLControllerAdminGuide}/assembly-controller-improving-performance#ref-controller-performance-troubleshooting[Performance troubleshooting for {ControllerName}] in _{TitleControllerAdminGuide}_. \ No newline at end of file diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-execution-environments.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-execution-environments.adoc index 9e0f40feeb..5258bcfded 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-execution-environments.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-execution-environments.adoc @@ -1,8 +1,9 @@ - +:_mod-docs-content-type: ASSEMBLY [id="troubleshoot-execution-environments"] = Execution environments +[role="_abstract"] Troubleshoot issues with execution environments. include::troubleshooting-aap/proc-troubleshoot-use-in-controller.adoc[leveloffset=+1] diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-installation.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-installation.adoc index 40a40b586f..7862e6cb29 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-installation.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-installation.adoc @@ -1,8 +1,9 @@ - +:_mod-docs-content-type: ASSEMBLY [id="troubleshoot-installation"] = Installation +[role="_abstract"] Troubleshoot issues with your installation. include::troubleshooting-aap/proc-troubleshoot-aap-packages.adoc[leveloffset=+1] diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc index 1999ca1215..8947d85b74 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc @@ -4,6 +4,7 @@ = Jobs +[role="_abstract"] Troubleshoot issues with jobs. // Michelle - commenting out for now as it refers to upgrade info diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-networking.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-networking.adoc index 47c34db517..cefdeccca5 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-networking.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-networking.adoc @@ -1,8 +1,9 @@ - +:_mod-docs-content-type: ASSEMBLY [id="troubleshoot-networking"] = Networking +[role="_abstract"] Troubleshoot networking issues. include::troubleshooting-aap/proc-troubleshoot-subnet-conflict.adoc[leveloffset=+1] diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-playbooks.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-playbooks.adoc index c88e776aca..749fdbc048 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-playbooks.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-playbooks.adoc @@ -1,9 +1,11 @@ - +:_mod-docs-content-type: ASSEMBLY [id="troubleshoot-playbooks"] = Playbooks +[role="_abstract"] You can use {Navigator} to interactively troubleshoot your playbook. + For more information about troubleshooting a playbook with {Navigator}, see link:{URLNavigatorGuide}/assembly-troubleshooting-navigator_ansible-navigator[Troubleshooting Ansible content with {Navigator}] in the _{TitleNavigatorGuide}_ Guide. diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-upgrade.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-upgrade.adoc index 3a12be1aa0..3e2d6df916 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-upgrade.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-upgrade.adoc @@ -1,8 +1,9 @@ - +:_mod-docs-content-type: ASSEMBLY [id="troubleshoot-upgrade"] = Upgrading -Troubleshoot issues when upgrading to {PlatformNameShort} 2.5. +[role="_abstract"] +Troubleshoot issues when upgrading to {PlatformNameShort} {PlatformVers}. include::troubleshooting-aap/proc-troubleshoot-upgrade-issues.adoc[leveloffset=+1] diff --git a/downstream/modules/aap-migration/con-artifact-structure.adoc b/downstream/modules/aap-migration/con-artifact-structure.adoc index 0ec6612ca5..9d6b3035c0 100644 --- a/downstream/modules/aap-migration/con-artifact-structure.adoc +++ b/downstream/modules/aap-migration/con-artifact-structure.adoc @@ -3,6 +3,7 @@ [id="artifact-structure"] = Artifact structure +[role="_abstract"] The migration artifact serves as a comprehensive package containing all necessary components to successfully transfer your {PlatformNameShort} deployment. Structure the artifact as follows: diff --git a/downstream/modules/aap-migration/con-containerized-to-managed-prerequisites.adoc b/downstream/modules/aap-migration/con-containerized-to-managed-prerequisites.adoc index 286b40bf0c..92ffbcc2fe 100644 --- a/downstream/modules/aap-migration/con-containerized-to-managed-prerequisites.adoc +++ b/downstream/modules/aap-migration/con-containerized-to-managed-prerequisites.adoc @@ -3,6 +3,7 @@ [id="containerized-to-managed-prerequisites"] = Prerequisites for migrating from a container-based deployment to a Managed {PlatformNameShort} deployment +[role="_abstract"] Before migrating from a container-based deployment to a Managed {PlatformNameShort} deployment, ensure that you meet the following prerequisites: * You have a source container-based deployment of {PlatformNameShort}. diff --git a/downstream/modules/aap-migration/con-containerized-to-ocp-prerequisites.adoc b/downstream/modules/aap-migration/con-containerized-to-ocp-prerequisites.adoc index eace6038e1..82b5350ea5 100644 --- a/downstream/modules/aap-migration/con-containerized-to-ocp-prerequisites.adoc +++ b/downstream/modules/aap-migration/con-containerized-to-ocp-prerequisites.adoc @@ -3,6 +3,7 @@ [id="containerized-to-ocp-prerequisites"] = Prerequisites for migrating from a container-based deployment to an {OCPShort} deployment +[role="_abstract"] Before migrating from a container-based deployment to an {OCPShort} deployment, ensure that you meet the following prerequisites: * You have a source container-based deployment of {PlatformNameShort}. diff --git a/downstream/modules/aap-migration/con-introduction-and-objectives.adoc b/downstream/modules/aap-migration/con-introduction-and-objectives.adoc index c9854e14d0..02f656213e 100644 --- a/downstream/modules/aap-migration/con-introduction-and-objectives.adoc +++ b/downstream/modules/aap-migration/con-introduction-and-objectives.adoc @@ -3,6 +3,7 @@ [id="introduction-and-objectives"] = Introduction and objectives +[role="_abstract"] This document outlines the necessary steps and considerations for migrating between different {PlatformNameShort} deployment types for {PlatformNameShort} {PlatformVers}. Specifically, it focuses on these migration paths: [options="header"] diff --git a/downstream/modules/aap-migration/con-manifest-file.adoc b/downstream/modules/aap-migration/con-manifest-file.adoc index 501b7b8d19..c5f291fcf4 100644 --- a/downstream/modules/aap-migration/con-manifest-file.adoc +++ b/downstream/modules/aap-migration/con-manifest-file.adoc @@ -3,6 +3,7 @@ [id="manifest-file"] = Manifest file +[role="_abstract"] The `manifest.yml` file serves as the primary metadata document for the migration artifact, containing critical versioning and component information from your source environment. Structure the manifest as follows: diff --git a/downstream/modules/aap-migration/con-migration-process-overview.adoc b/downstream/modules/aap-migration/con-migration-process-overview.adoc index 5c5b1eb088..9b87c8b75a 100644 --- a/downstream/modules/aap-migration/con-migration-process-overview.adoc +++ b/downstream/modules/aap-migration/con-migration-process-overview.adoc @@ -8,6 +8,7 @@ You can only migrate to a different installation type of the same {PlatformNameShort} version. For example you can migrate from RPM version {PlatformVers} to containerized {PlatformVers}, but not from RPM version 2.4 to containerized {PlatformVers}. ==== +[role="_abstract"] The migration between {PlatformNameShort} installation types follows this general workflow: . Prepare and assess the source environment - Prepare and assess the existing source environment for migration. diff --git a/downstream/modules/aap-migration/con-out-of-scope.adoc b/downstream/modules/aap-migration/con-out-of-scope.adoc index bb86c3b744..487fc33ed4 100644 --- a/downstream/modules/aap-migration/con-out-of-scope.adoc +++ b/downstream/modules/aap-migration/con-out-of-scope.adoc @@ -3,6 +3,7 @@ [id="out-of-scope"] = Out of scope +[role="_abstract"] This guide is focused on the core components of {PlatformNameShort}. The following items are currently out of scope for the migration processes described in this document: * {EDAName}: Configuration and content for {EDAName} must be manually recreated in the target environment. diff --git a/downstream/modules/aap-migration/con-rpm-to-containerized-prerequisites.adoc b/downstream/modules/aap-migration/con-rpm-to-containerized-prerequisites.adoc index e63c6d4587..77ab327864 100644 --- a/downstream/modules/aap-migration/con-rpm-to-containerized-prerequisites.adoc +++ b/downstream/modules/aap-migration/con-rpm-to-containerized-prerequisites.adoc @@ -3,6 +3,7 @@ [id="rpm-to-containerized-prerequisites"] = Prerequisites for migrating from an RPM deployment to a containerized deployment +[role="_abstract"] Before migrating from an RPM-based deployment to a container-based deployment, ensure you meet the following prerequisites: * You have a source RPM-based deployment of {PlatformNameShort}. diff --git a/downstream/modules/aap-migration/con-rpm-to-managed-prerequisites.adoc b/downstream/modules/aap-migration/con-rpm-to-managed-prerequisites.adoc index 24234723cc..1d04f66ac9 100644 --- a/downstream/modules/aap-migration/con-rpm-to-managed-prerequisites.adoc +++ b/downstream/modules/aap-migration/con-rpm-to-managed-prerequisites.adoc @@ -3,6 +3,7 @@ [id="rpm-to-managed-prerequisites"] = Prerequisites for migrating from an RPM-based deployment to a Managed {PlatformNameShort} deployment +[role="_abstract"] Before migrating from an RPM-based deployment to a Managed {PlatformNameShort} deployment, ensure you meet the following prerequisites: * You have a source RPM-based deployment of {PlatformNameShort}. diff --git a/downstream/modules/aap-migration/con-rpm-to-ocp-prerequisites.adoc b/downstream/modules/aap-migration/con-rpm-to-ocp-prerequisites.adoc index 56ab73f851..3055bdcc64 100644 --- a/downstream/modules/aap-migration/con-rpm-to-ocp-prerequisites.adoc +++ b/downstream/modules/aap-migration/con-rpm-to-ocp-prerequisites.adoc @@ -3,6 +3,7 @@ [id="rpm-to-ocp-prerequisites"] = Prerequisites for migrating from an RPM-based deployment to an {OCPShort} deployment +[role="_abstract"] Before migrating from an RPM-based deployment to an {OCPShort} deployment, ensure you meet the following prerequisites: * You have a source RPM-based deployment of {PlatformNameShort}. diff --git a/downstream/modules/aap-migration/con-secrets-file.adoc b/downstream/modules/aap-migration/con-secrets-file.adoc index 2a23dadf0e..1acc35a413 100644 --- a/downstream/modules/aap-migration/con-secrets-file.adoc +++ b/downstream/modules/aap-migration/con-secrets-file.adoc @@ -3,6 +3,7 @@ [id="secrets-file"] = Secrets file +[role="_abstract"] The `secrets.yml` file in the migration artifact includes essential Django `SECRET_KEY` values and other sensitive data required for authentication between services. Structure the secrets file as follows: @@ -20,4 +21,4 @@ hub_db_fields_encryption_key: [NOTE] ==== Ensure the `secrets.yml` file is encrypted kept in a secure location. -==== \ No newline at end of file +==== diff --git a/downstream/modules/aap-migration/proc-containerized-post-import.adoc b/downstream/modules/aap-migration/proc-containerized-post-import.adoc index 30a198f567..6841fc1193 100644 --- a/downstream/modules/aap-migration/proc-containerized-post-import.adoc +++ b/downstream/modules/aap-migration/proc-containerized-post-import.adoc @@ -3,6 +3,7 @@ [id="containerized-post-import"] = Reconciling the target environment post-import +[role="_abstract"] Perform the following post-import reconciliation steps to ensure your target environment is fully functional and correctly configured. .Procedure diff --git a/downstream/modules/aap-migration/proc-containerized-target-import.adoc b/downstream/modules/aap-migration/proc-containerized-target-import.adoc index 0133260beb..cf034c2e00 100644 --- a/downstream/modules/aap-migration/proc-containerized-target-import.adoc +++ b/downstream/modules/aap-migration/proc-containerized-target-import.adoc @@ -3,6 +3,7 @@ [id="containerized-target-import"] = Importing the migration content to the target environment +[role="_abstract"] To import your migration content into the target environment, stop the containerized services, import the database dumps, and then restart the services. .Procedure diff --git a/downstream/modules/aap-migration/proc-containerized-target-prep.adoc b/downstream/modules/aap-migration/proc-containerized-target-prep.adoc index 0f9eda990b..a53c458558 100644 --- a/downstream/modules/aap-migration/proc-containerized-target-prep.adoc +++ b/downstream/modules/aap-migration/proc-containerized-target-prep.adoc @@ -3,6 +3,7 @@ [id="containerized-target-prep"] = Preparing and assessing the target environment +[role="_abstract"] To prepare your target environment, perform the following steps. .Procedure diff --git a/downstream/modules/aap-migration/proc-containerized-validation.adoc b/downstream/modules/aap-migration/proc-containerized-validation.adoc index 81f242c410..75cbd5a9eb 100644 --- a/downstream/modules/aap-migration/proc-containerized-validation.adoc +++ b/downstream/modules/aap-migration/proc-containerized-validation.adoc @@ -3,6 +3,7 @@ [id="containerized-validation"] = Validating the target environment +[role="_abstract"] After completing the migration, validate your target environment to ensure all components are functional and operating as expected. .Procedure diff --git a/downstream/modules/aap-migration/proc-managed-post-import.adoc b/downstream/modules/aap-migration/proc-managed-post-import.adoc index 70f53a6398..11060a5aee 100644 --- a/downstream/modules/aap-migration/proc-managed-post-import.adoc +++ b/downstream/modules/aap-migration/proc-managed-post-import.adoc @@ -3,6 +3,7 @@ [id="managed-post-import"] = Reconciling the target environment post-migration +[role="_abstract"] After a successful migration, perform the following tasks: .Procedure diff --git a/downstream/modules/aap-migration/proc-managed-target-migration.adoc b/downstream/modules/aap-migration/proc-managed-target-migration.adoc index f340f17b91..3c16de889e 100644 --- a/downstream/modules/aap-migration/proc-managed-target-migration.adoc +++ b/downstream/modules/aap-migration/proc-managed-target-migration.adoc @@ -3,6 +3,9 @@ [id="managed-target-migration"] = Migrating to Managed {PlatformNameShort} +[role="_abstract"] +Follow this procedure to migrate to Managed {PlatformNameShort}. + .Prerequisites * You have a migration artifact from your source environment. diff --git a/downstream/modules/aap-migration/proc-ocp-post-import.adoc b/downstream/modules/aap-migration/proc-ocp-post-import.adoc index faf58635f4..91db99d7ad 100644 --- a/downstream/modules/aap-migration/proc-ocp-post-import.adoc +++ b/downstream/modules/aap-migration/proc-ocp-post-import.adoc @@ -3,6 +3,7 @@ [id="ocp-post-import"] = Reconciling the target environment post-import +[role="_abstract"] After importing your migration artifact, perform the following steps to reconcile your target environment. .Procedure diff --git a/downstream/modules/aap-migration/proc-ocp-target-import.adoc b/downstream/modules/aap-migration/proc-ocp-target-import.adoc index 9ca5aa4241..a45f72ce03 100644 --- a/downstream/modules/aap-migration/proc-ocp-target-import.adoc +++ b/downstream/modules/aap-migration/proc-ocp-target-import.adoc @@ -3,6 +3,7 @@ [id="ocp-target-import"] = Importing the migration content to the target environment +[role="_abstract"] To import your environment, scale down {PlatformNameShort} components, restore databases, replace encryption secrets, and scale services back up. [NOTE] diff --git a/downstream/modules/aap-migration/proc-ocp-target-prep.adoc b/downstream/modules/aap-migration/proc-ocp-target-prep.adoc index b185703ea4..45e548457c 100644 --- a/downstream/modules/aap-migration/proc-ocp-target-prep.adoc +++ b/downstream/modules/aap-migration/proc-ocp-target-prep.adoc @@ -3,6 +3,7 @@ [id="ocp-target-prep"] = Preparing and assessing the target environment +[role="_abstract"] To prepare and assess your target environment, perform the following steps. .Procedure diff --git a/downstream/modules/aap-migration/proc-ocp-validation.adoc b/downstream/modules/aap-migration/proc-ocp-validation.adoc index c48b56d9f4..76aff07010 100644 --- a/downstream/modules/aap-migration/proc-ocp-validation.adoc +++ b/downstream/modules/aap-migration/proc-ocp-validation.adoc @@ -3,6 +3,7 @@ [id="ocp-validation"] = Validating the target environment +[role="_abstract"] To validate your migrated environment, perform the following steps. .Procedure diff --git a/downstream/modules/aap-migration/proc-rpm-environment-source-prep.adoc b/downstream/modules/aap-migration/proc-rpm-environment-source-prep.adoc index d7f0a99882..1d49180a8b 100644 --- a/downstream/modules/aap-migration/proc-rpm-environment-source-prep.adoc +++ b/downstream/modules/aap-migration/proc-rpm-environment-source-prep.adoc @@ -3,6 +3,7 @@ [id="rpm-environment-source-prep"] = Preparing and assessing the source environment +[role="_abstract"] Before beginning your migration, document your current RPM deployment. This documentation serves as a reference throughout the migration process and is critical for properly configuring your target environment. .Procedure diff --git a/downstream/modules/aap-migration/proc-rpm-source-environment-export.adoc b/downstream/modules/aap-migration/proc-rpm-source-environment-export.adoc index e400c402c0..96e9b49e0b 100644 --- a/downstream/modules/aap-migration/proc-rpm-source-environment-export.adoc +++ b/downstream/modules/aap-migration/proc-rpm-source-environment-export.adoc @@ -3,6 +3,7 @@ [id="rpm-source-environment-export"] = Exporting the source environment +[role="_abstract"] From your source environment, export the data and configurations needed for migration. .Procedure diff --git a/downstream/modules/aap-migration/ref-migration-artifact-checklist.adoc b/downstream/modules/aap-migration/ref-migration-artifact-checklist.adoc index d067be57bd..f9acaacacc 100644 --- a/downstream/modules/aap-migration/ref-migration-artifact-checklist.adoc +++ b/downstream/modules/aap-migration/ref-migration-artifact-checklist.adoc @@ -3,6 +3,7 @@ [id="migration-artifact-checklist"] = Migration artifact creation checklist +[role="_abstract"] Use this checklist to verify the migration artifact. * Database dumps: Include complete database dumps for each component. diff --git a/downstream/modules/platform/con-certs-per-service-considerations.adoc b/downstream/modules/platform/con-certs-per-service-considerations.adoc index cb9634540c..f8aafb1654 100644 --- a/downstream/modules/platform/con-certs-per-service-considerations.adoc +++ b/downstream/modules/platform/con-certs-per-service-considerations.adoc @@ -3,6 +3,7 @@ [id="certs-per-service-considerations"] = Considerations for certificates provided per service +[role="_abstract"] When providing custom TLS certificates for each individual service, consider the following: * It is possible to provide unique certificates per host. This requires defining the specific `_tls_cert` and `_tls_key` variables in your inventory file as shown in the earlier inventory file example. diff --git a/downstream/modules/platform/con-installer-generated-certs.adoc b/downstream/modules/platform/con-installer-generated-certs.adoc index 5713f0ef99..e63697f81b 100644 --- a/downstream/modules/platform/con-installer-generated-certs.adoc +++ b/downstream/modules/platform/con-installer-generated-certs.adoc @@ -3,6 +3,7 @@ [id="installer-generated-certificates"] = {PlatformNameShort} generated certificates +[role="_abstract"] By default, the installation program creates a self-signed Certificate Authority (CA) and uses it to generate self-signed TLS certificates for all {PlatformNameShort} services. The self-signed CA certificate and key are generated on one node under the `~/aap/tls/` directory and copied to the same location on all other nodes. This CA is valid for 10 years after the initial creation date. Self-signed certificates are not part of any public chain of trust. The installation program creates a certificate truststore that includes the self-signed CA certificate under `~/aap/tls/extracted/` and bind-mounts that directory to each {PlatformNameShort} service container under `/etc/pki/ca-trust/extracted/`. This allows each {PlatformNameShort} component to validate the self-signed certificates of the other {PlatformNameShort} services. The CA certificate can also be added to the truststore of other systems or browsers as needed. diff --git a/downstream/modules/platform/con-receptor-cert-considerations.adoc b/downstream/modules/platform/con-receptor-cert-considerations.adoc index 328172b6e1..2449a6e778 100644 --- a/downstream/modules/platform/con-receptor-cert-considerations.adoc +++ b/downstream/modules/platform/con-receptor-cert-considerations.adoc @@ -3,6 +3,7 @@ [id="receptor-certificate-considerations"] = Receptor certificate considerations +[role="_abstract"] When using a custom certificate for Receptor nodes, the certificate requires the `otherName` field specified in the Subject Alternative Name (SAN) of the certificate with the value `1.3.6.1.4.1.2312.19.1`. For more information, see link:https://ansible.readthedocs.io/projects/receptor/en/latest/user_guide/tls.html#above-the-mesh-tls[Above the mesh TLS]. Receptor does not support the usage of wildcard certificates. Additionally, each Receptor certificate must have the host FQDN specified in its SAN for TLS hostname validation to be correctly performed. diff --git a/downstream/modules/platform/proc-add-eda-safe-plugin-var.adoc b/downstream/modules/platform/proc-add-eda-safe-plugin-var.adoc index 0ccb5fce07..76cdb66fb9 100644 --- a/downstream/modules/platform/proc-add-eda-safe-plugin-var.adoc +++ b/downstream/modules/platform/proc-add-eda-safe-plugin-var.adoc @@ -1,10 +1,10 @@ :_mod-docs-content-type: PROCEDURE - [id="proc-add-eda-safe-plugin-var"] = Adding a safe plugin variable to {EDAcontroller} +[role="_abstract"] When using `redhat.insights_eda` or similar plugins to run rulebook activations in {EDAcontroller}, you must add a safe plugin variable to a directory in {PlatformNameShort}. This ensures connection between {EDAcontroller} and the source plugin, and displays port mappings correctly. .Procedure diff --git a/downstream/modules/platform/proc-configure-ext-db-mtls.adoc b/downstream/modules/platform/proc-configure-ext-db-mtls.adoc index 665ff18b3a..d6f5b0ac40 100644 --- a/downstream/modules/platform/proc-configure-ext-db-mtls.adoc +++ b/downstream/modules/platform/proc-configure-ext-db-mtls.adoc @@ -3,6 +3,7 @@ [id="configure-ext-db-mtls"] = Optional: configuring mutual TLS (mTLS) authentication for an external database +[role="_abstract"] mTLS authentication is disabled by default. To configure each component's database with mTLS authentication, add the following variables to your inventory file under the `[all:vars]` group and ensure each component has a different TLS certificate and key: .Procedure diff --git a/downstream/modules/platform/proc-configure-haproxy-load-balancer.adoc b/downstream/modules/platform/proc-configure-haproxy-load-balancer.adoc index 6325bb3167..75b54ef3b5 100644 --- a/downstream/modules/platform/proc-configure-haproxy-load-balancer.adoc +++ b/downstream/modules/platform/proc-configure-haproxy-load-balancer.adoc @@ -3,6 +3,7 @@ [id="configuring-haproxy-load-balancer"] = Configuring a HAProxy load balancer +[role="_abstract"] To configure a HAProxy load balancer in front of {Gateway} with a custom CA cert, set the following inventory file variables under the `[all:vars]` group: ---- diff --git a/downstream/modules/platform/proc-configure-hub-azure-storage.adoc b/downstream/modules/platform/proc-configure-hub-azure-storage.adoc index 2d59dcd46a..dba5682986 100644 --- a/downstream/modules/platform/proc-configure-hub-azure-storage.adoc +++ b/downstream/modules/platform/proc-configure-hub-azure-storage.adoc @@ -3,6 +3,7 @@ [id="configure-hub-azure-storage"] = Configuring Azure Blob Storage for {HubName} +[role="_abstract"] Azure Blob storage is a type of object storage that is supported in containerized installations. When using an Azure blob storage backend, set `hub_storage_backend` to `azure`. The Azure container needs to exist before running the installation program. .Procedure diff --git a/downstream/modules/platform/proc-configure-hub-nfs-storage.adoc b/downstream/modules/platform/proc-configure-hub-nfs-storage.adoc index 556972b456..fc6ad478ee 100644 --- a/downstream/modules/platform/proc-configure-hub-nfs-storage.adoc +++ b/downstream/modules/platform/proc-configure-hub-nfs-storage.adoc @@ -3,6 +3,7 @@ [id="configure-hub-nfs-storage"] = Configuring Network File System (NFS) storage for {HubName} +[role="_abstract"] NFS is a type of shared storage that is supported in containerized installations. Shared storage is required when installing more than one instance of {HubName} with a `file` storage backend. When installing a single instance of the {HubName}, shared storage is optional. .Procedure diff --git a/downstream/modules/platform/proc-configure-hub-s3-storage.adoc b/downstream/modules/platform/proc-configure-hub-s3-storage.adoc index e8cde7ead0..1514f8d529 100644 --- a/downstream/modules/platform/proc-configure-hub-s3-storage.adoc +++ b/downstream/modules/platform/proc-configure-hub-s3-storage.adoc @@ -3,6 +3,7 @@ [id="configure-hub-s3-storage"] = Configuring Amazon S3 storage for {HubName} +[role="_abstract"] Amazon S3 storage is a type of object storage that is supported in containerized installations. When using an AWS S3 storage backend, set `hub_storage_backend` to `s3`. The AWS S3 bucket needs to exist before running the installation program. .Procedure diff --git a/downstream/modules/platform/proc-containerized-troubleshoot-gathering-logs.adoc b/downstream/modules/platform/proc-containerized-troubleshoot-gathering-logs.adoc index caa829f82d..3cdb5a440d 100644 --- a/downstream/modules/platform/proc-containerized-troubleshoot-gathering-logs.adoc +++ b/downstream/modules/platform/proc-containerized-troubleshoot-gathering-logs.adoc @@ -3,6 +3,7 @@ = Gathering {PlatformNameShort} logs +[role="_abstract"] With the `sos` utility, you can collect configuration, diagnostic, and troubleshooting data, and give those files to Red Hat Technical Support. An `sos` report is a common starting point for Red Hat technical support engineers when performing analysis of a service request for {PlatformNameShort}. You can collect an `sos` report for each host in your containerized {PlatformNameShort} deployment by running the `log_gathering` playbook with the appropriate parameters. @@ -31,19 +32,15 @@ $ ansible-playbook -i ansible.containerized_installer.l [options="header"] |==== | Parameter name | Description | Default - | `target_sos_directory` | Used to change the default location for the `sos` report files. | `/tmp` directory of the current server. - | `case_number` | Specifies the support case number if relevant to the log gathering. | - | `clean` | Obfuscates sensitive data that might be present on the `sos` report. | `false` - | `upload` | Automatically uploads the `sos` report data to Red Hat. | `false` diff --git a/downstream/modules/platform/proc-downloading-containerized-aap.adoc b/downstream/modules/platform/proc-downloading-containerized-aap.adoc index 0e059a3775..2a96ac0dc0 100644 --- a/downstream/modules/platform/proc-downloading-containerized-aap.adoc +++ b/downstream/modules/platform/proc-downloading-containerized-aap.adoc @@ -4,6 +4,7 @@ = Downloading {PlatformNameShort} +[role="_abstract"] Choose the installation program you need based on your {RHEL} environment internet connectivity and download the installation program to your {RHEL} host. .Prerequisites diff --git a/downstream/modules/platform/proc-enable-hstore-extension.adoc b/downstream/modules/platform/proc-enable-hstore-extension.adoc index eaf878e606..7c3eabe6e1 100644 --- a/downstream/modules/platform/proc-enable-hstore-extension.adoc +++ b/downstream/modules/platform/proc-enable-hstore-extension.adoc @@ -4,6 +4,7 @@ = Enabling the hstore extension for the {HubName} PostgreSQL database +[role="_abstract"] The database migration script uses `hstore` fields to store information, therefore the `hstore` extension must be enabled in the {HubName} PostgreSQL database. This process is automatic when using the {PlatformNameShort} installer and a managed PostgreSQL server. diff --git a/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc b/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc index 0840347165..be1320f250 100644 --- a/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc +++ b/downstream/modules/platform/proc-enabling-automation-hub-collection-and-container-signing.adoc @@ -3,6 +3,7 @@ [id="enabling-automation-hub-collection-and-container-signing_{context}"] = Enabling automation content collection and container signing +[role="_abstract"] Automation content signing is disabled by default. To enable it, the following installation variables are required in the inventory file: [source,yaml] diff --git a/downstream/modules/platform/proc-installing-containerized-aap.adoc b/downstream/modules/platform/proc-installing-containerized-aap.adoc index fc182dc49a..cfb8ddbdbe 100644 --- a/downstream/modules/platform/proc-installing-containerized-aap.adoc +++ b/downstream/modules/platform/proc-installing-containerized-aap.adoc @@ -4,6 +4,7 @@ = Installing containerized {PlatformNameShort} +[role="_abstract"] After you prepare the {RHEL} host, download {PlatformNameShort}, and configure the inventory file, run the `install` playbook to install containerized {PlatformNameShort}. .Prerequisites diff --git a/downstream/modules/platform/proc-preparing-the-managed-nodes-for-containerized-installation.adoc b/downstream/modules/platform/proc-preparing-the-managed-nodes-for-containerized-installation.adoc index 34a0191adf..52585fb7cd 100644 --- a/downstream/modules/platform/proc-preparing-the-managed-nodes-for-containerized-installation.adoc +++ b/downstream/modules/platform/proc-preparing-the-managed-nodes-for-containerized-installation.adoc @@ -4,6 +4,7 @@ = Preparing the managed nodes for containerized installation +[role="_abstract"] Managed nodes, also referred to as hosts, are the devices that {PlatformNameShort} is configured to manage. To ensure a consistent and secure setup of containerized {PlatformNameShort}, create a dedicated user on each host. {PlatformNameShort} connects as this user to run tasks on the host. diff --git a/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc b/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc index e9ff12f482..6a6b079517 100644 --- a/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc +++ b/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc @@ -4,6 +4,7 @@ = Preparing the {RHEL} host for containerized installation +[role="_abstract"] Containerized {PlatformNameShort} runs the component services as Podman based containers on top of a {RHEL} host. Prepare the {RHEL} host to ensure a successful installation. .Procedure diff --git a/downstream/modules/platform/proc-provide-custom-ca-cert.adoc b/downstream/modules/platform/proc-provide-custom-ca-cert.adoc index 3db3fc75d1..e8b762e951 100644 --- a/downstream/modules/platform/proc-provide-custom-ca-cert.adoc +++ b/downstream/modules/platform/proc-provide-custom-ca-cert.adoc @@ -3,6 +3,7 @@ [id="providing-a-custom-ca-certificate"] = Providing a custom CA certificate +[role="_abstract"] When you manually provide TLS certificates, those certificates might be signed by a custom CA. Provide a custom CA certificate to ensure proper authentication and secure communication within your environment. If you have multiple custom CA certificates, you must merge them into a single file. .Procedure diff --git a/downstream/modules/platform/proc-provide-custom-tls-certs-per-service.adoc b/downstream/modules/platform/proc-provide-custom-tls-certs-per-service.adoc index 348f8b0de6..29ee2e2ec5 100644 --- a/downstream/modules/platform/proc-provide-custom-tls-certs-per-service.adoc +++ b/downstream/modules/platform/proc-provide-custom-tls-certs-per-service.adoc @@ -3,6 +3,7 @@ [id="proc-provide-custom-tls-certs-per-service"] = Providing custom TLS certificates for each service +[role="_abstract"] Use this method if your organization manages TLS certificates outside of {PlatformNameShort} and requires manual provisioning. .Procedure diff --git a/downstream/modules/platform/proc-reinstalling-containerized-aap.adoc b/downstream/modules/platform/proc-reinstalling-containerized-aap.adoc index 06a712e428..e2dc8a06d1 100644 --- a/downstream/modules/platform/proc-reinstalling-containerized-aap.adoc +++ b/downstream/modules/platform/proc-reinstalling-containerized-aap.adoc @@ -4,7 +4,6 @@ = Reinstalling containerized {PlatformNameShort} [role="_abstract"] - To reinstall a containerized deployment after uninstalling and preserving the database, follow the steps in link:{URLContainerizedInstall}/aap-containerized-installation#installing-containerized-aap[Installing containerized {PlatformNameShort}] and include the existing secret key value in the playbook command: ---- diff --git a/downstream/modules/platform/proc-set-registry-username-password.adoc b/downstream/modules/platform/proc-set-registry-username-password.adoc index e248ee27db..7bff6a9224 100644 --- a/downstream/modules/platform/proc-set-registry-username-password.adoc +++ b/downstream/modules/platform/proc-set-registry-username-password.adoc @@ -4,6 +4,7 @@ = Setting registry_username and registry_password +[role="_abstract"] When using the `registry_username` and `registry_password` variables for an online non-bundled installation, you need to create a new registry service account. Registry service accounts are named tokens that can be used in environments where credentials will be shared, such as deployment systems. diff --git a/downstream/modules/platform/proc-setup-ext-db-with-admin-creds.adoc b/downstream/modules/platform/proc-setup-ext-db-with-admin-creds.adoc index 8a3c2fe975..de784ff3b0 100644 --- a/downstream/modules/platform/proc-setup-ext-db-with-admin-creds.adoc +++ b/downstream/modules/platform/proc-setup-ext-db-with-admin-creds.adoc @@ -3,6 +3,7 @@ [id="setup-ext-db-with-admin-creds"] = Setting up an external database with PostgreSQL admin credentials +[role="_abstract"] If you have PostgreSQL admin credentials, you can supply them in the inventory file and the installation program creates the PostgreSQL users and databases for each component for you. The PostgreSQL admin account must have `SUPERUSER` privileges. .Procedure diff --git a/downstream/modules/platform/proc-setup-ext-db-without-admin-creds.adoc b/downstream/modules/platform/proc-setup-ext-db-without-admin-creds.adoc index 80225bd41e..6eef822ea3 100644 --- a/downstream/modules/platform/proc-setup-ext-db-without-admin-creds.adoc +++ b/downstream/modules/platform/proc-setup-ext-db-without-admin-creds.adoc @@ -3,6 +3,7 @@ [id="setup-ext-db-without-admin-creds"] = Setting up an external database without PostgreSQL admin credentials +[role="_abstract"] If you do not have PostgreSQL admin credentials, then PostgreSQL users and databases need to be created for each component ({Gateway}, {ControllerName}, {HubName}, and {EDAName}) before running the installation program. .Procedure diff --git a/downstream/modules/platform/proc-uninstalling-containerized-aap.adoc b/downstream/modules/platform/proc-uninstalling-containerized-aap.adoc index d900b7f72c..aef7669c0d 100644 --- a/downstream/modules/platform/proc-uninstalling-containerized-aap.adoc +++ b/downstream/modules/platform/proc-uninstalling-containerized-aap.adoc @@ -3,6 +3,7 @@ [id="uninstalling-containerized-aap"] = Uninstalling containerized {PlatformNameShort} +[role="_abstract"] Uninstall your {ContainerBase} of {PlatformNameShort}. .Prerequisites diff --git a/downstream/modules/platform/proc-update-aap-container.adoc b/downstream/modules/platform/proc-update-aap-container.adoc index 7a8b356968..03513bcdc5 100644 --- a/downstream/modules/platform/proc-update-aap-container.adoc +++ b/downstream/modules/platform/proc-update-aap-container.adoc @@ -3,6 +3,7 @@ = Updating containerized {PlatformNameShort} +[role="_abstract"] Perform an upgrade of containerized {PlatformNameShort}. .Prerequisites diff --git a/downstream/modules/platform/proc-use-custom-ca-certs.adoc b/downstream/modules/platform/proc-use-custom-ca-certs.adoc index ff193bd76e..b425367adb 100644 --- a/downstream/modules/platform/proc-use-custom-ca-certs.adoc +++ b/downstream/modules/platform/proc-use-custom-ca-certs.adoc @@ -3,6 +3,7 @@ [id="use-custom-ca-certs"] = Using a custom CA to generate all TLS certificates +[role="_abstract"] Use this method when you want {PlatformNameShort} to generate all of the certificates, but you want them signed by a custom CA rather than the default self-signed certificates. .Procedure diff --git a/downstream/modules/platform/ref-adding-execution-nodes.adoc b/downstream/modules/platform/ref-adding-execution-nodes.adoc index 6fae512a48..2b7aca1f97 100644 --- a/downstream/modules/platform/ref-adding-execution-nodes.adoc +++ b/downstream/modules/platform/ref-adding-execution-nodes.adoc @@ -1,11 +1,9 @@ -:_newdoc-version: 2.15.1 -:_template-generated: 2024-01-12 - :_mod-docs-content-type: REFERENCE [id="adding-execution-nodes_{context}"] = Adding execution nodes +[role="_abstract"] Containerized {PlatformNameShort} can deploy remote execution nodes. You can define remote execution nodes in the `[execution_nodes]` group of your inventory file: diff --git a/downstream/modules/platform/ref-ansible-inventory-variables.adoc b/downstream/modules/platform/ref-ansible-inventory-variables.adoc index 52d4eaf011..0834748f32 100644 --- a/downstream/modules/platform/ref-ansible-inventory-variables.adoc +++ b/downstream/modules/platform/ref-ansible-inventory-variables.adoc @@ -4,6 +4,7 @@ = Ansible variables +[role="_abstract"] The following variables control how {PlatformNameShort} interacts with remote hosts. .Ansible variables diff --git a/downstream/modules/platform/ref-configuring-inventory-file.adoc b/downstream/modules/platform/ref-configuring-inventory-file.adoc index f2a95d0caa..69cdcd6de0 100644 --- a/downstream/modules/platform/ref-configuring-inventory-file.adoc +++ b/downstream/modules/platform/ref-configuring-inventory-file.adoc @@ -3,6 +3,7 @@ [id="configuring-inventory-file"] = Configuring the inventory file +[role="_abstract"] You can control the installation of {PlatformNameShort} with inventory files. Inventory files define the information needed to customize the installation. For example, host details, certificate details, and various component-specific settings. Example inventory files are available in this document that you can copy and change to quickly get started. diff --git a/downstream/modules/platform/ref-cont-aap-system-requirements.adoc b/downstream/modules/platform/ref-cont-aap-system-requirements.adoc index 9a746d1bad..9502c3c085 100644 --- a/downstream/modules/platform/ref-cont-aap-system-requirements.adoc +++ b/downstream/modules/platform/ref-cont-aap-system-requirements.adoc @@ -4,6 +4,7 @@ = System requirements +[role="_abstract"] Use this information when planning your installation of containerized {PlatformNameShort}. == Prerequisites diff --git a/downstream/modules/platform/ref-containerized-troubleshoot-config.adoc b/downstream/modules/platform/ref-containerized-troubleshoot-config.adoc index 2dc10a8ec6..8f4211e9a8 100644 --- a/downstream/modules/platform/ref-containerized-troubleshoot-config.adoc +++ b/downstream/modules/platform/ref-containerized-troubleshoot-config.adoc @@ -3,6 +3,9 @@ = Troubleshooting containerized {PlatformNameShort} configuration +[role="_abstract"] +Use this information to troubleshoot your containerized {PlatformNameShort} configuration. + *Sometimes the post install for seeding my {PlatformNameShort} content errors out* This could manifest itself as output similar to this: diff --git a/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc b/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc index fb8d42e8f5..b871ef0ef4 100644 --- a/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc +++ b/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc @@ -3,6 +3,7 @@ = Diagnosing the problem +[role="_abstract"] For general container-based troubleshooting, you can inspect the container logs for any running service to help troubleshoot underlying issues. *Identifying the running containers* diff --git a/downstream/modules/platform/ref-containerized-troubleshoot-install.adoc b/downstream/modules/platform/ref-containerized-troubleshoot-install.adoc index b5e829eb53..2dd4ef0ddd 100644 --- a/downstream/modules/platform/ref-containerized-troubleshoot-install.adoc +++ b/downstream/modules/platform/ref-containerized-troubleshoot-install.adoc @@ -3,6 +3,9 @@ = Troubleshooting containerized {PlatformNameShort} installation +[role="_abstract"] +Use this information to troubleshoot your containerized installation of {PlatformNameShort}. + *The installation takes a long time, or has errors, what should I check?* . Ensure your system meets the minimum requirements as outlined in link:{URLContainerizedInstall}/aap-containerized-installation#system-requirements[System requirements]. Factors such as improper storage choices and high latency when distributing across many hosts will all have an impact on installation time. diff --git a/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc b/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc index bb56363f43..461e76a0cd 100644 --- a/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc +++ b/downstream/modules/platform/ref-containerized-troubleshoot-ref.adoc @@ -4,6 +4,9 @@ = Containerized {PlatformNameShort} reference +[role="_abstract"] +Use this information to understand the architecture for your containerized {PlatformNameShort} deployment. + *Can you give details of the architecture for the {PlatformNameShort} containerized design?* We use as much of the underlying native {RHEL} technology as possible. Podman is used for the container runtime and management of services. diff --git a/downstream/modules/platform/ref-controller-variables.adoc b/downstream/modules/platform/ref-controller-variables.adoc index ee3da4d132..321439bfea 100644 --- a/downstream/modules/platform/ref-controller-variables.adoc +++ b/downstream/modules/platform/ref-controller-variables.adoc @@ -4,6 +4,9 @@ = {ControllerNameStart} variables +[role="_abstract"] +Inventory file variables for {ControllerName}. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-database-inventory-variables.adoc b/downstream/modules/platform/ref-database-inventory-variables.adoc index cc3b0e41a3..1073fa1d06 100644 --- a/downstream/modules/platform/ref-database-inventory-variables.adoc +++ b/downstream/modules/platform/ref-database-inventory-variables.adoc @@ -4,6 +4,9 @@ = Database variables +[role="_abstract"] +Inventory file variables for the database used with {PlatformNameShort}. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-eda-controller-variables.adoc b/downstream/modules/platform/ref-eda-controller-variables.adoc index a0f8b989c5..dd30231982 100644 --- a/downstream/modules/platform/ref-eda-controller-variables.adoc +++ b/downstream/modules/platform/ref-eda-controller-variables.adoc @@ -4,6 +4,9 @@ = {EDAcontroller} variables +[role="_abstract"] +Inventory file variables for {EDAcontroller}. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-gateway-variables.adoc b/downstream/modules/platform/ref-gateway-variables.adoc index 1a3769f1f3..85e73db7b4 100644 --- a/downstream/modules/platform/ref-gateway-variables.adoc +++ b/downstream/modules/platform/ref-gateway-variables.adoc @@ -1,9 +1,11 @@ :_mod-docs-content-type: REFERENCE [id="platform-gateway-variables"] - = {GatewayStart} variables +[role="_abstract"] +Inventory file variables for {Gateway}. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-general-inventory-variables.adoc b/downstream/modules/platform/ref-general-inventory-variables.adoc index ef9701840b..92d450e34c 100644 --- a/downstream/modules/platform/ref-general-inventory-variables.adoc +++ b/downstream/modules/platform/ref-general-inventory-variables.adoc @@ -4,6 +4,9 @@ = General variables +[role="_abstract"] +General inventory file variables for {PlatformNameShort}. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-hub-variables.adoc b/downstream/modules/platform/ref-hub-variables.adoc index 5bde6f9d01..455b936ee9 100644 --- a/downstream/modules/platform/ref-hub-variables.adoc +++ b/downstream/modules/platform/ref-hub-variables.adoc @@ -4,6 +4,9 @@ = {HubNameStart} variables +[role="_abstract"] +Inventory file variables for {HubName}. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-images-inventory-variables.adoc b/downstream/modules/platform/ref-images-inventory-variables.adoc index 188b6c8328..0e9e1ffc98 100644 --- a/downstream/modules/platform/ref-images-inventory-variables.adoc +++ b/downstream/modules/platform/ref-images-inventory-variables.adoc @@ -4,6 +4,9 @@ = Image variables +[role="_abstract"] +Inventory file variables for images. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-receptor-inventory-variables.adoc b/downstream/modules/platform/ref-receptor-inventory-variables.adoc index f5fbc46901..d8f7a58cf8 100644 --- a/downstream/modules/platform/ref-receptor-inventory-variables.adoc +++ b/downstream/modules/platform/ref-receptor-inventory-variables.adoc @@ -4,6 +4,9 @@ = Receptor variables +[role="_abstract"] +Inventory file variables for Receptor. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/platform/ref-redis-inventory-variables.adoc b/downstream/modules/platform/ref-redis-inventory-variables.adoc index 8f13f49822..fd0da1df38 100644 --- a/downstream/modules/platform/ref-redis-inventory-variables.adoc +++ b/downstream/modules/platform/ref-redis-inventory-variables.adoc @@ -4,6 +4,9 @@ = Redis variables +[role="_abstract"] +Inventory file variables for Redis. + [cols="25%,25%,30%,10%,10%",options="header"] |=== | RPM variable name | Container variable name | Description | Required or optional | Default diff --git a/downstream/modules/topologies/ref-cont-a-env-a.adoc b/downstream/modules/topologies/ref-cont-a-env-a.adoc index cc932ea004..c0c1ebc774 100644 --- a/downstream/modules/topologies/ref-cont-a-env-a.adoc +++ b/downstream/modules/topologies/ref-cont-a-env-a.adoc @@ -2,6 +2,7 @@ [id="cont-a-env-a"] = Container {GrowthTopology} +[role="_abstract"] include::snippets/growth-topologies.adoc[] == Infrastructure topology diff --git a/downstream/modules/topologies/ref-cont-b-env-a.adoc b/downstream/modules/topologies/ref-cont-b-env-a.adoc index 504cfc3377..8a7662a07d 100644 --- a/downstream/modules/topologies/ref-cont-b-env-a.adoc +++ b/downstream/modules/topologies/ref-cont-b-env-a.adoc @@ -2,6 +2,7 @@ [id="cont-b-env-a"] = Container {EnterpriseTopology} +[role="_abstract"] include::snippets/enterprise-topologies.adoc[] == Infrastructure topology diff --git a/downstream/modules/topologies/ref-installation-deployment-models.adoc b/downstream/modules/topologies/ref-installation-deployment-models.adoc index dd32d55245..e9872d65ac 100644 --- a/downstream/modules/topologies/ref-installation-deployment-models.adoc +++ b/downstream/modules/topologies/ref-installation-deployment-models.adoc @@ -3,6 +3,7 @@ = Installation and deployment models +[role="_abstract"] The following table outlines the different ways to install or deploy {PlatformNameShort}: .{PlatformNameShort} installation and deployment models diff --git a/downstream/modules/topologies/ref-mesh-nodes.adoc b/downstream/modules/topologies/ref-mesh-nodes.adoc index 0e3b47b64a..c15eb67d78 100644 --- a/downstream/modules/topologies/ref-mesh-nodes.adoc +++ b/downstream/modules/topologies/ref-mesh-nodes.adoc @@ -1,6 +1,8 @@ +:_mod-docs-content-type: REFERENCE [id="mesh-nodes"] = {AutomationMeshStart} nodes +[role="_abstract"] {AutomationMeshStart} is an overlay network intended to ease the distribution of work across a large and dispersed collection of workers. This is done through nodes that establish peer-to-peer connections with each other by using existing networks. == Tested system configurations diff --git a/downstream/modules/topologies/ref-ocp-a-env-a.adoc b/downstream/modules/topologies/ref-ocp-a-env-a.adoc index 0d32df81ef..e7c9be7115 100644 --- a/downstream/modules/topologies/ref-ocp-a-env-a.adoc +++ b/downstream/modules/topologies/ref-ocp-a-env-a.adoc @@ -1,6 +1,8 @@ +:_mod-docs-content-type: REFERENCE [id="ocp-a-env-a"] = Operator {GrowthTopology} +[role="_abstract"] include::snippets/growth-topologies.adoc[] == Infrastructure topology diff --git a/downstream/modules/topologies/ref-ocp-b-env-a.adoc b/downstream/modules/topologies/ref-ocp-b-env-a.adoc index 3e44787345..838662180e 100644 --- a/downstream/modules/topologies/ref-ocp-b-env-a.adoc +++ b/downstream/modules/topologies/ref-ocp-b-env-a.adoc @@ -1,6 +1,8 @@ +:_mod-docs-content-type: REFERENCE [id="ocp-b-env-a"] = Operator {EnterpriseTopology} +[role="_abstract"] include::snippets/enterprise-topologies.adoc[] == Infrastructure topology diff --git a/downstream/modules/topologies/ref-rpm-a-env-a.adoc b/downstream/modules/topologies/ref-rpm-a-env-a.adoc index 41a943dfc5..239c1604c5 100644 --- a/downstream/modules/topologies/ref-rpm-a-env-a.adoc +++ b/downstream/modules/topologies/ref-rpm-a-env-a.adoc @@ -2,6 +2,7 @@ [id="rpm-a-env-a"] = RPM {GrowthTopology} +[role="_abstract"] include::snippets/growth-topologies.adoc[] == Infrastructure topology diff --git a/downstream/modules/topologies/ref-rpm-b-env-a.adoc b/downstream/modules/topologies/ref-rpm-b-env-a.adoc index f0dfbe22ea..71e4194454 100644 --- a/downstream/modules/topologies/ref-rpm-b-env-a.adoc +++ b/downstream/modules/topologies/ref-rpm-b-env-a.adoc @@ -2,6 +2,7 @@ [id="rpm-b-env-a"] = RPM {EnterpriseTopology} +[role="_abstract"] include::snippets/enterprise-topologies.adoc[] == Infrastructure topology diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-aap-packages.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-aap-packages.adoc index a2d21f4a5f..0d84cbe253 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-aap-packages.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-aap-packages.adoc @@ -1,6 +1,8 @@ +:_mod-docs-content-type: PROCEDURE [id="troubleshoot-aap-packages"] = Issue - Cannot locate certain packages that come bundled with the {PlatformNameShort} installer +[role="_abstract"] You cannot locate certain packages that come bundled with the {PlatformNameShort} installer, or you are seeing a "Repositories disabled by configuration" message. -To resolve this issue, enable the repository by using the `subscription-manager` command in the command line. For more information about resolving this issue, see the _Troubleshooting_ section of link:{URLCentralAuth}/assembly-gateway-licensing#proc-attaching-subscriptions[Attaching your {PlatformName} subscription] in _{TitleCentralAuth}_. \ No newline at end of file +To resolve this issue, enable the repository by using the `subscription-manager` command in the command line. For more information about resolving this issue, see the _Troubleshooting_ section of link:{URLCentralAuth}/assembly-gateway-licensing#proc-attaching-subscriptions[Attaching your {PlatformName} subscription] in _{TitleCentralAuth}_. diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-pending.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-pending.adoc index e393e55b46..0243e50aed 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-pending.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-pending.adoc @@ -1,6 +1,8 @@ +:_mod-docs-content-type: PROCEDURE [id="troubleshoot-job-pending"] = Issue - Jobs in {ControllerName} are stuck in a pending state +[role="_abstract"] After launching jobs in {ControllerName}, the jobs stay in a pending state and do not start. There are a few reasons jobs can become stuck in a pending state. For more information about troubleshooting this issue, see link:{URLControllerAdminGuide}/controller-troubleshooting#controller-playbook-pending[Playbook stays in pending] in _{TitleControllerAdminGuide}_ diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-permissions.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-permissions.adoc index a851de36b1..93c88a3c1e 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-permissions.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-permissions.adoc @@ -2,6 +2,7 @@ [id="troubleshoot-job-permissions"] = Issue - Jobs in {PrivateHubName} are failing with "denied: requested access to the resource is denied, unauthorized: Insufficient permissions" error message +[role="_abstract"] Jobs are failing with the error message "denied: requested access to the resource is denied, unauthorized: Insufficient permissions" when using an {ExecEnvShort} in {PrivateHubName}. This issue happens when your {PrivateHubName} is protected with a password or token and the registry credential is not assigned to the {ExecEnvShort}. diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-resolve-module.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-resolve-module.adoc index 13f6316387..83776b047e 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-resolve-module.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-resolve-module.adoc @@ -3,6 +3,7 @@ [id="troubleshoot-job-resolve-module"] = Issue - Jobs are failing with “ERROR! couldn’t resolve module/action” error message +[role="_abstract"] Jobs are failing with the error message “ERROR! couldn't resolve module/action 'module name'. This often indicates a misspelling, missing collection, or incorrect module path”. This error can happen when the collection associated with the module is missing from the {ExecEnvShort}. diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-timeout.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-timeout.adoc index e8a6d7a3d9..645d003bea 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-timeout.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-job-timeout.adoc @@ -3,6 +3,7 @@ [id="troubleshoot-job-timeout"] = Issue - Jobs are failing with “Timeout (12s) waiting for privilege escalation prompt” error message +[role="_abstract"] This error can happen when the timeout value is too small, causing the job to stop before completion. The default timeout value for connection plugins is `10`. To resolve the issue, increase the timeout value by completing one of the following methods. diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-must-gather.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-must-gather.adoc index 1f6ab25d0d..c6b8842cb4 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-must-gather.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-must-gather.adoc @@ -3,6 +3,7 @@ [id="troubleshoot-must-gather"] = Troubleshooting {PlatformNameShort} on {OCPShort} by using the must-gather command +[role="_abstract"] The `oc adm must-gather` command line interface (CLI) command collects information from your {PlatformNameShort} installation deployed on {OCPShort}. It gathers information that is often needed for debugging issues, including resource definitions and service logs. Running the `oc adm must-gather` CLI command creates a new directory containing the collected data that you can use to troubleshoot or attach to your support case. diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-sosreport.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-sosreport.adoc index 8c8419e31f..fe085d4b5d 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-sosreport.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-sosreport.adoc @@ -1,6 +1,8 @@ +:_mod-docs-content-type: PROCEDURE [id="troubleshoot-sosreport"] = Troubleshooting {PlatformNameShort} on VM-based installations by generating an sos report +[role="_abstract"] The `sos` utility collects configuration, diagnostic, and troubleshooting data from your {PlatformNameShort} on a {VMBase}. For more information about installing and using the `sos` utility, see link:{BaseURL}/red_hat_enterprise_linux/9/html-single/getting_the_most_from_your_support_experience/index#generating-an-sos-report-for-technical-support_getting-the-most-from-your-support-experience[Generating an sos report for technical support]. diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-ssl-tls-issues.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-ssl-tls-issues.adoc index 8d64308bbf..32f19b35cd 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-ssl-tls-issues.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-ssl-tls-issues.adoc @@ -4,6 +4,7 @@ = Troubleshooting SSL/TLS issues +[role="_abstract"] To troubleshoot issues with SSL/TLS, verify the certificate chain, use the correct certificates, and confirm that a trusted Certificate Authority (CA) signed the certificate. .Procedure diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-subnet-conflict.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-subnet-conflict.adoc index 9b4ab507fe..3625049276 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-subnet-conflict.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-subnet-conflict.adoc @@ -1,6 +1,8 @@ +:_mod-docs-content-type: PROCEDURE [id="troubleshoot-subnet-conflict"] = Issue - The default subnet used in {PlatformNameShort} containers conflicts with the internal network +[role="_abstract"] The default subnet used in {PlatformNameShort} containers conflicts with the internal network resulting in "No route to host" errors. To resolve this issue, update the default classless inter-domain routing (CIDR) value so it does not conflict with the CIDR used by the default Podman networking plugin. diff --git a/downstream/modules/troubleshooting-aap/proc-troubleshoot-use-in-controller.adoc b/downstream/modules/troubleshooting-aap/proc-troubleshoot-use-in-controller.adoc index 744f6829f6..3167584127 100644 --- a/downstream/modules/troubleshooting-aap/proc-troubleshoot-use-in-controller.adoc +++ b/downstream/modules/troubleshooting-aap/proc-troubleshoot-use-in-controller.adoc @@ -1,6 +1,9 @@ +:_mod-docs-content-type: PROCEDURE [id="troubleshoot-use-in-controller"] + = Issue - Cannot select the "Use in Controller" option for {ExecEnvShort} image on {PrivateHubName} +[role="_abstract"] You cannot use the *Use in Controller* option for an {ExecEnvShort} image on {PrivateHubName}. You also receive the error message: “No Controllers available”. To resolve this issue, connect {ControllerName} to your {PrivateHubName} instance. @@ -44,10 +47,6 @@ CONNECTED_ANSIBLE_CONTROLLERS = ['__', '_ Date: Fri, 1 Aug 2025 13:28:29 -0500 Subject: [PATCH 23/71] fixes menu formatting in one module (#3969) (#3971) --- .../modules/platform/proc-controller-review-organizations.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/downstream/modules/platform/proc-controller-review-organizations.adoc b/downstream/modules/platform/proc-controller-review-organizations.adoc index 3d023bb6c9..d017dc703a 100644 --- a/downstream/modules/platform/proc-controller-review-organizations.adoc +++ b/downstream/modules/platform/proc-controller-review-organizations.adoc @@ -8,7 +8,7 @@ The *Organizations* page displays the existing organizations for your installati .Procedure -. From the navigation panel, select menu:{MenuAMOrganizations}. +. From the navigation panel, select {MenuAMOrganizations}. . In the Search bar, enter an appropriate keyword for the organization you want to search for and click the arrow icon. . From the menu bar, you can sort the list of organizations by using the arrows for *Name* to toggle your sorting preference. . You can also sort the list by selecting *Name*, *Created* or *Last modified* from the *Sort* list. From bbc7e27dd28becab117283acadd592f2cf64655d Mon Sep 17 00:00:00 2001 From: Jameria Self <73364088+jself-sudoku@users.noreply.github.com> Date: Mon, 4 Aug 2025 10:24:15 -0400 Subject: [PATCH 24/71] AAP-49612 DITA Pre-migration prep work: EDA user guide (Using automation decisions) (#3875) (#3974) * AAP-49612 Updated xref to link in assembly-eda-credential-types.adoc * AAP-49612 Replaced two xrefs with link tagging in DE section * AAP-49612 Changed xref to link in rulebook activations assembly * AAP-49612 Replaced xrefs with links in RHAAP credential for migration prep * AAP-49612 Replaced xrefs with links in EDA user guide overview - migration prep * AAP-49612 Replaced xrefs w/ links in Additional resources of overview * AAP-49612 Migration prep - fix tagging that causes Vale validations * AAP-49612 Updated add'l resources sections for migration prep * AAP-49612 Migration prep - updated Add'l resources to links only * AAP-49612 Migration prep - updated Add'l resources to links only, no period * Revert "AAP-49612 Migration prep - fix tagging that causes Vale validations" This reverts commit ef460ca4904e57a96f6ae3f148f31e64d42c6b71. Changes to be committed: modified: downstream/archive/archived-assemblies/eda/assembly-ansible-rulebooks.adoc modified: downstream/archive/archived-assemblies/eda/assembly-installation-eda-controller.adoc modified: downstream/archive/archived-assemblies/eda/assembly-using-eda-controller.adoc * AAP-49612 Migration prep - updates to multiple file * AAP-49612 Tweaked Example block title for Event filter plugins chapter * AAP-49612 Tweaked Example block title for Event filter plugins chapter --- .../eda/proc-eda-set-up-token.adoc | 1 + .../eda/assembly-eda-credential-types.adoc | 3 +- .../assembly-eda-decision-environments.adoc | 2 +- .../assembly-eda-event-filter-plugins.adoc | 4 ++- .../assembly-eda-rulebook-activations.adoc | 2 +- .../assembly-eda-set-up-rhaap-credential.adoc | 2 +- .../eda/assembly-eda-user-guide-overview.adoc | 34 +++++++++---------- ...on-modifying-simultaneous-activations.adoc | 8 ++--- ...a-build-a-custom-decision-environment.adoc | 14 ++++---- .../proc-eda-config-remote-sys-to-events.adoc | 6 ++-- ...oc-eda-create-event-stream-credential.adoc | 2 ++ .../eda/proc-eda-create-event-stream.adoc | 11 ++++-- .../eda/proc-eda-delete-controller-token.adoc | 4 ++- .../eda/proc-eda-set-up-credential-types.adoc | 2 +- ...c-eda-set-up-new-decision-environment.adoc | 4 ++- .../eda/proc-eda-set-up-new-project.adoc | 4 ++- .../eda/proc-eda-set-up-rhaap-credential.adoc | 2 ++ .../proc-eda-set-up-rulebook-activation.adoc | 6 +++- .../eda/proc-eda-view-activation-output.adoc | 4 ++- .../eda/proc-eda-view-rule-audit-actions.adoc | 4 ++- .../eda/proc-eda-view-rule-audit-details.adoc | 2 ++ ...-modifying-activations-during-install.adoc | 10 +++--- .../modules/eda/ref-eda-logging-samples.adoc | 12 +++---- 23 files changed, 86 insertions(+), 57 deletions(-) diff --git a/downstream/archive/archived-modules/eda/proc-eda-set-up-token.adoc b/downstream/archive/archived-modules/eda/proc-eda-set-up-token.adoc index 05bb0c6831..bc8c323196 100644 --- a/downstream/archive/archived-modules/eda/proc-eda-set-up-token.adoc +++ b/downstream/archive/archived-modules/eda/proc-eda-set-up-token.adoc @@ -28,4 +28,5 @@ The token must be in write-scope. ==== . Select btn:[Create controller token]. +.Results After saving the new token, you are brought to the *Controller Tokens* tab where you can delete the token. diff --git a/downstream/assemblies/eda/assembly-eda-credential-types.adoc b/downstream/assemblies/eda/assembly-eda-credential-types.adoc index 497ef67e28..cff423bab3 100644 --- a/downstream/assemblies/eda/assembly-eda-credential-types.adoc +++ b/downstream/assemblies/eda/assembly-eda-credential-types.adoc @@ -7,8 +7,7 @@ These built-in credential types are not editable. So if you want credential types that support authentication with other systems, you can create your own credential types that can be used in your source plugins. Each credential type contains an input configuration and an injector configuration that can be passed to an Ansible rulebook to configure your sources. -For more information, see xref:eda-custom-credential-types[Custom credential types]. -//[J. Self] Will add the cross-reference/link later. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credential-types#eda-custom-credential-types[Custom credential types]. include::eda/con-custom-credential-types.adoc[leveloffset=+1] diff --git a/downstream/assemblies/eda/assembly-eda-decision-environments.adoc b/downstream/assemblies/eda/assembly-eda-decision-environments.adoc index f7677b4c24..8f20b52629 100644 --- a/downstream/assemblies/eda/assembly-eda-decision-environments.adoc +++ b/downstream/assemblies/eda/assembly-eda-decision-environments.adoc @@ -6,7 +6,7 @@ Decision environments are container images that run Ansible rulebooks. They create a common language for communicating automation dependencies, and give a standard way to build and distribute the automation environment. You can find the default decision environment in the link:https://quay.io/repository/ansible/ansible-rulebook[Ansible-Rulebook]. -To create your own decision environment, see xref:eda-controller-install-builder[Installing ansible-builder] and xref:eda-build-a-custom-decision-environment[Building a custom decision environment for Event-Driven Ansible within Ansible Automation Platform]. +To create your own decision environment, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-decision-environments#eda-controller-install-builder[Installing ansible-builder] and link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-decision-environments#eda-build-a-custom-decision-environment[Building a custom decision environment for Event-Driven Ansible within Ansible Automation Platform]. include::eda/ref-eda-controller-install-builder.adoc[leveloffset=+1] include::eda/proc-eda-build-a-custom-decision-environment.adoc[leveloffset=+1] diff --git a/downstream/assemblies/eda/assembly-eda-event-filter-plugins.adoc b/downstream/assemblies/eda/assembly-eda-event-filter-plugins.adoc index 9d5852e57c..4c21c3bfb6 100644 --- a/downstream/assemblies/eda/assembly-eda-event-filter-plugins.adoc +++ b/downstream/assemblies/eda/assembly-eda-event-filter-plugins.adoc @@ -22,7 +22,8 @@ You can chain event filters one after the other, and the updated data is sent fr Event filters are defined in the rulebook after a source is defined. When the rulebook starts the source plugin it associates the correct filters and transforms the data before putting it into the queue. -.Example +[Example] +==== ---- sources: @@ -45,5 +46,6 @@ Since every event should record the origin of the event the filter `eda.builtin. The `received_at` stores a date time in UTC ISO8601 format and includes the microseconds. The `uuid` stores the unique id for the event. The `meta key` is used to store metadata about the event and its needed to correctly report about the events in the aap-server. +==== include::eda/con-eda-author-event-filters.adoc[leveloffset=+1] diff --git a/downstream/assemblies/eda/assembly-eda-rulebook-activations.adoc b/downstream/assemblies/eda/assembly-eda-rulebook-activations.adoc index 706241d65b..9c391db5aa 100644 --- a/downstream/assemblies/eda/assembly-eda-rulebook-activations.adoc +++ b/downstream/assemblies/eda/assembly-eda-rulebook-activations.adoc @@ -25,7 +25,7 @@ The following actions are currently supported: To view further details, see link:https://ansible.readthedocs.io/projects/rulebook/en/stable/actions.html[Actions]. -A rulebook activation is a process running in the background defined by a decision environment executing a specific rulebook. You can set up your rulebook activation by following xref:eda-set-up-rulebook-activation[Setting up a rulebook activation]. +A rulebook activation is a process running in the background defined by a decision environment executing a specific rulebook. You can set up your rulebook activation by following link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-rulebook-activations#eda-set-up-rulebook-activation[Setting up a rulebook activation]. [WARNING] ==== diff --git a/downstream/assemblies/eda/assembly-eda-set-up-rhaap-credential.adoc b/downstream/assemblies/eda/assembly-eda-set-up-rhaap-credential.adoc index 756b6c18af..fbbde40063 100644 --- a/downstream/assemblies/eda/assembly-eda-set-up-rhaap-credential.adoc +++ b/downstream/assemblies/eda/assembly-eda-set-up-rhaap-credential.adoc @@ -6,7 +6,7 @@ When {EDAcontroller} is deployed on {PlatformNameShort} {PlatformVers}, you can [NOTE] ==== -If you deployed {EDAcontroller} with {PlatformNameShort} 2.4, you probably used controller tokens to connect {ControllerName} and {EDAcontroller}. These controller tokens have been deprecated in {PlatformNameShort} {PlatformVers}. To delete deprecated controller tokens and the rulebook activations associated with them, complete the following procedures starting with xref:replacing-controller-tokens[Replacing controller tokens in {PlatformNameShort} {PlatformVers}] before proceeding with xref:eda-set-up-rhaap-credential[Setting up a {PlatformName} credential]. +If you deployed {EDAcontroller} with {PlatformNameShort} 2.4, you probably used controller tokens to connect {ControllerName} and {EDAcontroller}. These controller tokens have been deprecated in {PlatformNameShort} {PlatformVers}. To delete deprecated controller tokens and the rulebook activations associated with them, complete the following procedures starting with link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-set-up-rhaap-credential-type#replacing-controller-tokens[Replacing controller tokens in {PlatformNameShort} {PlatformVers}] before proceeding with link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-set-up-rhaap-credential-type#eda-set-up-rhaap-credential[Setting up a {PlatformName} credential]. ==== include::eda/con-replacing-controller-tokens.adoc[leveloffset=+1] diff --git a/downstream/assemblies/eda/assembly-eda-user-guide-overview.adoc b/downstream/assemblies/eda/assembly-eda-user-guide-overview.adoc index efac82038d..81609cdc68 100644 --- a/downstream/assemblies/eda/assembly-eda-user-guide-overview.adoc +++ b/downstream/assemblies/eda/assembly-eda-user-guide-overview.adoc @@ -8,18 +8,18 @@ These tools monitor IT solutions and identify events and automatically implement The following procedures form the user configuration: -* xref:eda-credentials[Credentials] -* xref:eda-credential-types[Credential types] -* xref:eda-projects[Projects] -* xref:eda-decision-environments[Decision environments] -* xref:eda-set-up-rhaap-credential-type[Red Hat Ansible Automation Platform credential] -* xref:eda-rulebook-activations[Rulebook activations] -* xref:eda-rulebook-troubleshooting[Rulebook activations troubleshooting] -* xref:eda-rule-audit[Rule audit] -* xref:simplified-event-routing[Simplified event routing] -* xref:eda-performance-tuning[Performance tuning for {EDAcontroller}] -* xref:eda-event-filter-plugins[Event filter plugins] -* xref:eda-logging-strategy[Event-Driven Ansible logging strategy] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credentials[Credentials] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credential-types[Credential types] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects[Projects] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-decision-environments[Decision environments] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-set-up-rhaap-credential-type[Red Hat Ansible Automation Platform credential] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-rulebook-activations[Rulebook activations] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-rulebook-troubleshooting[Rulebook activations troubleshooting] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-rule-audit[Rule audit] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/simplified-event-routing[Simplified event routing] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-performance-tuning[Performance tuning for {EDAcontroller}] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-event-filter-plugins[Event filter plugins] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-logging-strategy[Event-Driven Ansible logging strategy] [NOTE] @@ -31,9 +31,7 @@ The following procedures form the user configuration: [role="_additional-resources"] .Additional resources -* For information on how to set user permissions for {EDAcontroller}, see the following in the link:{URLCentralAuth}/index[Access management and authentication guide]: - -. link:{URLCentralAuth}/gw-managing-access#ref-controller-user-roles[Adding roles for a user] -. link:{URLCentralAuth}/assembly-gw-roles[Roles] - -* If you plan to use {EDAName} 2.5 with a 2.4 {PlatformNameShort}, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.4/html/using_event-driven_ansible_2.5_with_ansible_automation_platform_2.4/index[Using Event-Driven Ansible 2.5 with Ansible Automation Platform 2.4]. +* link:{URLCentralAuth}/index[Access management and authentication guide]: +** link:{URLCentralAuth}/gw-managing-access#ref-controller-user-roles[Adding roles for a user] +** link:{URLCentralAuth}/assembly-gw-roles[Roles] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.4/html/using_event-driven_ansible_2.5_with_ansible_automation_platform_2.4/index[Using Event-Driven Ansible 2.5 with Ansible Automation Platform 2.4]. diff --git a/downstream/modules/eda/con-modifying-simultaneous-activations.adoc b/downstream/modules/eda/con-modifying-simultaneous-activations.adoc index 5b0f93e2cf..c594e55be5 100644 --- a/downstream/modules/eda/con-modifying-simultaneous-activations.adoc +++ b/downstream/modules/eda/con-modifying-simultaneous-activations.adoc @@ -1,8 +1,8 @@ +:_mod-docs-content-type: CONCEPT [id="modifying-simultaneous-activations"] = Modifying the number of simultaneous rulebook activations -[role="_abstract"] By default, {EDAcontroller} allows 12 rulebook activations per node. For example, with two worker or hybrid nodes, it results in a limit of 24 activations in total to run simultaneously. If more than 24 rulebook activations are created, the expected behavior is that subsequent rulebook activations wait until there is an available rulebook activation worker. In this case, the rulebook activation status is displayed as *Pending* even if there is enough free memory and CPU on your {EDAcontroller} instance. @@ -17,6 +17,6 @@ To change this behavior, you must change the default maximum number of running r include::proc-modifying-activations-during-install.adoc[leveloffset=+1] include::proc-modifying-activations-after-install.adoc[leveloffset=+1] -.Additional Resources -* For more information about rulebook activations, see the link:https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.4/html-single/event-driven_ansible_controller_user_guide/index#eda-rulebook-activations[Rulebook activations]. -* For more information about modifying simultaneous rulebook activations during or after {EDAName} on {OCPShort}, see the example in link:{URLOperatorInstallation}/appendix-operator-crs_appendix-operator-crs#eda_max_running_activations_yml[eda_max_running_activations_yml]. \ No newline at end of file +.Additional references +* link:https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.4/html-single/event-driven_ansible_controller_user_guide/index#eda-rulebook-activations[Rulebook activations] +* link:{URLOperatorInstallation}/appendix-operator-crs_appendix-operator-crs#eda_max_running_activations_yml[eda_max_running_activations_yml] \ No newline at end of file diff --git a/downstream/modules/eda/proc-eda-build-a-custom-decision-environment.adoc b/downstream/modules/eda/proc-eda-build-a-custom-decision-environment.adoc index 1a2176da98..cedbc89c42 100644 --- a/downstream/modules/eda/proc-eda-build-a-custom-decision-environment.adoc +++ b/downstream/modules/eda/proc-eda-build-a-custom-decision-environment.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-build-a-custom-decision-environment"] = Building a custom decision environment for {EDAName} @@ -14,12 +15,6 @@ You can create a custom decision environment for {EDAName} that provides a custo * {EDAName} * {Builder} > = 3.0 -.Procedure - -* Use `de-minimal` as the base image with {Builder} to build your custom decision environments. -This image is built from a base image provided by Red Hat at link:https://catalog.redhat.com/software/containers/ansible-automation-platform-25/de-minimal-rhel9/650a5672a370728c710acaab[{PlatformNameShort} minimal decision environment]. - -+ [IMPORTANT] ==== * Use the correct {EDAcontroller} decision environment in {PlatformNameShort} to prevent rulebook activation failure. @@ -28,6 +23,13 @@ This image is built from a base image provided by Red Hat at link:https://catalo ** If you want to connect {EDAcontroller} to {PlatformNameShort} {PlatformVers}, you must use `registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel9:latest` ==== +.Procedure + +* Use `de-minimal` as the base image with {Builder} to build your custom decision environments. +This image is built from a base image provided by Red Hat at link:https://catalog.redhat.com/software/containers/ansible-automation-platform-25/de-minimal-rhel9/650a5672a370728c710acaab[{PlatformNameShort} minimal decision environment]. + +.Example + The following is an example of the {Builder} definition file that uses `de-minimal` as a base image to build a custom decision environment with the ansible.eda collection: ----- version: 3 diff --git a/downstream/modules/eda/proc-eda-config-remote-sys-to-events.adoc b/downstream/modules/eda/proc-eda-config-remote-sys-to-events.adoc index d9820c9936..a8420ead67 100644 --- a/downstream/modules/eda/proc-eda-config-remote-sys-to-events.adoc +++ b/downstream/modules/eda/proc-eda-config-remote-sys-to-events.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-config-remote-sys-to-events"] = Configuring your remote system to send events @@ -15,7 +16,7 @@ The following example demonstrates how to configure webhooks in a remote system . Log in to your GitHub repository. . Click *Your profile name → Your repositories*. - ++ [NOTE] ==== If you do not have a repository, click *New* to create a new one, select an owner, add a *Repository name*, and click *Create repository*. @@ -29,4 +30,5 @@ If you do not have a repository, click *New* to create a new one, select an owne . Enter your *Secret*. . Click *Add webhook*. -After the webhook has been added, it attempts to send a test payload to ensure there is connectivity between the two systems (GitHub and {EDAcontroller}). If it can successfully send the data you will see a green check mark next to the *Webhook URL* with the message, *Last delivery was successful*. \ No newline at end of file +.Results +After the webhook has been added, it attempts to send a test payload to ensure there is connectivity between the two systems (GitHub and {EDAcontroller}). If it can successfully send the data, you will see a green check mark next to the *Webhook URL* with the message, *Last delivery was successful*. \ No newline at end of file diff --git a/downstream/modules/eda/proc-eda-create-event-stream-credential.adoc b/downstream/modules/eda/proc-eda-create-event-stream-credential.adoc index 837841d008..97405a078d 100644 --- a/downstream/modules/eda/proc-eda-create-event-stream-credential.adoc +++ b/downstream/modules/eda/proc-eda-create-event-stream-credential.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-create-event-stream-credential"] = Creating an event stream credential @@ -29,4 +30,5 @@ Type Details:: Add the requested information for the credential type you selecte . Click btn:[Create credential]. +.Results The Details page is displayed. From there or the *Credentials* list view, you can edit or delete it. diff --git a/downstream/modules/eda/proc-eda-create-event-stream.adoc b/downstream/modules/eda/proc-eda-create-event-stream.adoc index 580e5822e6..09882982a3 100644 --- a/downstream/modules/eda/proc-eda-create-event-stream.adoc +++ b/downstream/modules/eda/proc-eda-create-event-stream.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-create-event-stream"] = Creating an event stream @@ -7,7 +8,7 @@ You can create event streams that will be attached to a rulebook activation. .Prerequisites * If you will be attaching your event stream to a rulebook activation, ensure that your activation has a decision environment and project already set up. -* If you plan to connect to {ControllerName} to run your rulebook activation, ensure that you have created a {PlatformName} credential type in addition to the decision environment and project. For more information, see xref:eda-set-up-rhaap-credential[Setting up a {PlatformName} credential]. +* If you plan to connect to {ControllerName} to run your rulebook activation, ensure that you have created a {PlatformName} credential type in addition to the decision environment and project. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-set-up-rhaap-credential-type#eda-set-up-rhaap-credential[Setting up a {PlatformName} credential]. .Procedure @@ -36,13 +37,17 @@ The event stream's event forwarding can be disabled for testing purposes while d . Click btn:[Create event stream]. +.Results After creating your event stream, the following outputs occur: * The Details page is displayed. From there or the Event Streams list view, you can edit or delete it. Also, the Event Streams page shows all of the event streams you have created and the following columns for each event: *Events received*, *Last event received*, and *Event stream type*. As the first two columns receive external data through the event stream, they are continuously updated to let you know they are receiving events from remote systems. * If you disabled the event stream, the Details page is displayed with a warning message, *This event stream is disabled*. -* Your new event stream generates a URL that is necessary when you configure the webhook on the remote system that sends events. - ++ [NOTE] ==== After an event stream is created, the associated credential cannot be deleted until the event stream it is attached to is deleted. ==== + +* Your new event stream generates a URL that is necessary when you configure the webhook on the remote system that sends events. + + diff --git a/downstream/modules/eda/proc-eda-delete-controller-token.adoc b/downstream/modules/eda/proc-eda-delete-controller-token.adoc index eb9d9895b4..bdcc4cf390 100644 --- a/downstream/modules/eda/proc-eda-delete-controller-token.adoc +++ b/downstream/modules/eda/proc-eda-delete-controller-token.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: [id="eda-delete-controller-token"] = Deleting controller tokens @@ -15,4 +16,5 @@ Before you can set up {PlatformName} credentials, you must delete any existing c . Select the *Tokens* tab. . Delete all of your previous controller tokens. -After deleting the controller tokens and rulebook activations, proceed with xref:eda-set-up-rhaap-credential[Setting up a {PlatformName} credential]. +.Next steps +After deleting the controller tokens and rulebook activations, proceed with link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-set-up-rhaap-credential-type#eda-set-up-rhaap-credential[Setting up a {PlatformName} credential]. diff --git a/downstream/modules/eda/proc-eda-set-up-credential-types.adoc b/downstream/modules/eda/proc-eda-set-up-credential-types.adoc index a5bd0af425..dd2ece9b34 100644 --- a/downstream/modules/eda/proc-eda-set-up-credential-types.adoc +++ b/downstream/modules/eda/proc-eda-set-up-credential-types.adoc @@ -97,4 +97,4 @@ Your newly created credential type is displayed in the list of credential types. .Additional resources -For information about how to create a new credential, see xref:eda-set-up-credential[Setting up credentials]. +link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credentials#eda-set-up-credential[Setting up credentials]. diff --git a/downstream/modules/eda/proc-eda-set-up-new-decision-environment.adoc b/downstream/modules/eda/proc-eda-set-up-new-decision-environment.adoc index 14ae014b49..b291931660 100644 --- a/downstream/modules/eda/proc-eda-set-up-new-decision-environment.adoc +++ b/downstream/modules/eda/proc-eda-set-up-new-decision-environment.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-set-up-new-decision-environment"] = Setting up a new decision environment @@ -7,7 +8,7 @@ You can import a decision environment into your {EDAcontroller} using a default .Prerequisites * You have set up a credential, if necessary. -For more information, see the xref:eda-set-up-credential[Setting up credentials] section. +For more information, see the link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credentials#eda-set-up-credential[Setting up credentials] section. * You have pushed a decision environment image to an image repository or you chose to use the `de-minimal` image located in link:http://registry.redhat.io/[registry.redhat.io]. .Procedure @@ -24,6 +25,7 @@ Image:: This is the full image location, including the container registry, image Credential:: This field is optional. This is the credential needed to use the decision environment image. . Select btn:[Create decision environment]. +.Results Your decision environment is now created and can be managed on the *Decision Environments* page. After saving the new decision environment, the decision environment's details page is displayed. diff --git a/downstream/modules/eda/proc-eda-set-up-new-project.adoc b/downstream/modules/eda/proc-eda-set-up-new-project.adoc index 84ccb95c6b..74551bf3e2 100644 --- a/downstream/modules/eda/proc-eda-set-up-new-project.adoc +++ b/downstream/modules/eda/proc-eda-set-up-new-project.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-set-up-new-project"] = Setting up a new project @@ -8,7 +9,7 @@ You can set up projects to manage and store your rulebooks in {EDAcontroller}. // [ddacosta] I'm not sure whether there will be an EDA specific dashboard in the gateway. Step 1 might need to change to something like "Log in to AAP". * You are logged in to the {PlatformNameShort} Dashboard as a Content Consumer. * You have set up a credential, if necessary. -For more information, see the xref:eda-set-up-credential[Setting up credentials] section. +For more information, see the link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credentials#eda-set-up-credential[Setting up credentials][Setting up credentials] section. * You have an existing repository containing rulebooks that are integrated with playbooks contained in a repository to be used by {ControllerName}. .Procedure @@ -41,6 +42,7 @@ You can disable this option if you have a local repository that uses self-signed ==== . Select btn:[Create project]. +.Results Your project is now created and can be managed in the *Projects* page. After saving the new project, the project's details page is displayed. diff --git a/downstream/modules/eda/proc-eda-set-up-rhaap-credential.adoc b/downstream/modules/eda/proc-eda-set-up-rhaap-credential.adoc index 6d349bbc42..d999ee0b55 100644 --- a/downstream/modules/eda/proc-eda-set-up-rhaap-credential.adoc +++ b/downstream/modules/eda/proc-eda-set-up-rhaap-credential.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-set-up-rhaap-credential"] = Setting up a {PlatformName} credential @@ -37,4 +38,5 @@ For {PlatformNameShort} {PlatformVers}, use the following example: \https:// Date: Mon, 4 Aug 2025 15:26:21 +0100 Subject: [PATCH 25/71] DITA migration changes: CAG Ch12 (#3967) (#3976) * DITA migration changes: CAG Ch12 Configuring automation execution UI and modular compliance chapter 12 https://issues.redhat.com/browse/AAP-46732 * DITA migration changes: CAG Ch12 Correction Configuring automation execution UI and modular compliance chapter 12 https://issues.redhat.com/browse/AAP-46732 --- .../platform/assembly-metrics-utility.adoc | 27 ++++- .../con-configuring-the-metrics-utility.adoc | 2 - .../platform/proc-configure-a-config-map.adoc | 8 +- .../proc-controller-metrics-utility-rhel.adoc | 42 +++----- ...oc-controller-modify-run-schedule-OCP.adoc | 10 +- .../platform/proc-deploy-controller.adoc | 2 +- .../platform/proc-fetch-a-report-on-ocp.adoc | 90 ++++++++++++++++ .../platform/proc-fetch-a-report-on-rhel.adoc | 14 +++ .../proc-modifying-the-run-schedule.adoc | 17 +-- .../proc-object-storaage-with-s3.adoc | 27 +++++ .../proc-object-storage-with-rhel.adoc | 16 +++ downstream/modules/platform/ref-ccsp.adoc | 71 ------------ downstream/modules/platform/ref-ccspv2.adoc | 102 +----------------- .../ref-fetching-a-monthly-report.adoc | 98 ----------------- .../platform/ref-filter-by-organization.adoc | 15 +++ .../platform/ref-optional-build-sheets.adoc | 41 +++++++ .../platform/ref-optional-collectors.adoc | 21 ++++ .../ref-optional-gather-collectors.adoc | 21 ++++ .../modules/platform/ref-optional-sheets.adoc | 56 ++++++++++ .../ref-select-a-date-range-ccspv2.adoc | 21 ++++ .../ref-select-report-date-range.adoc | 18 ++++ .../platform/ref-storage-invocation.adoc | 1 + .../platform/ref-supported-storage.adoc | 32 ------ 23 files changed, 393 insertions(+), 359 deletions(-) create mode 100644 downstream/modules/platform/proc-fetch-a-report-on-ocp.adoc create mode 100644 downstream/modules/platform/proc-fetch-a-report-on-rhel.adoc create mode 100644 downstream/modules/platform/proc-object-storaage-with-s3.adoc create mode 100644 downstream/modules/platform/proc-object-storage-with-rhel.adoc create mode 100644 downstream/modules/platform/ref-filter-by-organization.adoc create mode 100644 downstream/modules/platform/ref-optional-build-sheets.adoc create mode 100644 downstream/modules/platform/ref-optional-collectors.adoc create mode 100644 downstream/modules/platform/ref-optional-gather-collectors.adoc create mode 100644 downstream/modules/platform/ref-optional-sheets.adoc create mode 100644 downstream/modules/platform/ref-select-a-date-range-ccspv2.adoc create mode 100644 downstream/modules/platform/ref-select-report-date-range.adoc diff --git a/downstream/assemblies/platform/assembly-metrics-utility.adoc b/downstream/assemblies/platform/assembly-metrics-utility.adoc index a8c1d9cb08..fb8a8ac14b 100644 --- a/downstream/assemblies/platform/assembly-metrics-utility.adoc +++ b/downstream/assemblies/platform/assembly-metrics-utility.adoc @@ -1,10 +1,7 @@ -:_newdoc-version: 2.18.3 -:_template-generated: 2024-07-12 +:_mod-docs-content-type: ASSEMBLY ifdef::context[:parent-context-of-metrics-utility: {context}] -:_mod-docs-content-type: ASSEMBLY - [id="metrics-utility"] :context: metrics-utility @@ -48,16 +45,32 @@ include::platform/proc-deploy-controller.adoc[leveloffset=+3] include::platform/ref-fetching-a-monthly-report.adoc[leveloffset=+1] +include::platform/proc-fetch-a-report-on-rhel.adoc[leveloffset=+2] + +include::platform/proc-fetch-a-report-on-ocp.adoc[leveloffset=+2] + include::platform/proc-modifying-the-run-schedule.adoc[leveloffset=+1] include::platform/proc-controller-modify-run-schedule-OCP.adoc[leveloffset=+2] include::platform/ref-supported-storage.adoc[leveloffset=+1] +include::platform/proc-object-storage-with-rhel.adoc[leveloffset=+2] + +include::platform/proc-object-storaage-with-s3.adoc[leveloffset=+2] + include::platform/ref-report-types.adoc[leveloffset=+1] include::platform/ref-ccspv2.adoc[leveloffset=+2] +include::platform/ref-optional-collectors.adoc[leveloffset=+2] + +include::platform/ref-optional-sheets.adoc[leveloffset=+2] + +include::platform/ref-filter-by-organization.adoc[leveloffset=+2] + +include::platform/ref-select-a-date-range-ccspv2.adoc[leveloffset=+2] + include::platform/ref-renewal-guidance.adoc[leveloffset=+2] include::platform/ref-storage-invocation.adoc[leveloffset=+3] @@ -68,6 +81,12 @@ include::platform/ref-select-a-date-range.adoc[leveloffset=+3] include::platform/ref-ccsp.adoc[leveloffset=+2] +include::platform/ref-optional-gather-collectors.adoc[leveloffset=+2] + +include::platform/ref-optional-build-sheets.adoc[leveloffset=+2] + +include::platform/ref-select-report-date-range.adoc[leveloffset=+2] + ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/modules/platform/con-configuring-the-metrics-utility.adoc b/downstream/modules/platform/con-configuring-the-metrics-utility.adoc index 4a1b780c56..a5e9851ca6 100644 --- a/downstream/modules/platform/con-configuring-the-metrics-utility.adoc +++ b/downstream/modules/platform/con-configuring-the-metrics-utility.adoc @@ -1,5 +1,3 @@ -:_newdoc-version: 2.18.3 -:_template-generated: 2024-07-15 :_mod-docs-content-type: CONCEPT [id="configuring-the-metrics-utility"] diff --git a/downstream/modules/platform/proc-configure-a-config-map.adoc b/downstream/modules/platform/proc-configure-a-config-map.adoc index add3d5833a..e5a5a6e21b 100644 --- a/downstream/modules/platform/proc-configure-a-config-map.adoc +++ b/downstream/modules/platform/proc-configure-a-config-map.adoc @@ -2,7 +2,7 @@ [id="proc-configure-a-config-map"] -= Create a ConfigMap in the OpenShift UI YAML view += Creating a ConfigMap in the OpenShift UI YAML view To inject the `metrics-utility` cronjobs with configuration data, use the following procedure to create a ConfigMap in the OpenShift UI YAML view: @@ -12,8 +12,8 @@ To inject the `metrics-utility` cronjobs with configuration data, use the follow [NOTE] ==== -Metrics-utility runs as indicated by the parameters you set in the configuration file. -You cannot run the utility cannot manually on {OCPShort}. +`metrics-utility` runs as indicated by the parameters you set in the configuration file. +You cannot run the utility manually on {OCPShort}. ==== .Procedure @@ -46,4 +46,4 @@ data: .Verification -* To verify that you created the ConfigMap and the metric utility is installed, select *ConfigMap* from the navigation panel and look for your ConfigMap in the list. +* To verify that you created the ConfigMap and `metrics-utility` is installed, select *ConfigMap* from the navigation panel and look for your ConfigMap in the list. diff --git a/downstream/modules/platform/proc-controller-metrics-utility-rhel.adoc b/downstream/modules/platform/proc-controller-metrics-utility-rhel.adoc index f05e35ce5a..de4eb1931f 100644 --- a/downstream/modules/platform/proc-controller-metrics-utility-rhel.adoc +++ b/downstream/modules/platform/proc-controller-metrics-utility-rhel.adoc @@ -9,13 +9,13 @@ * An active {PlatformNameShort} subscription Metrics-utility is included with {PlatformNameShort}, so you do not need a separate installation. -The following commands gather the relevant data and generate a link:https://connect.redhat.com/en/programs/certified-cloud-service-provider[CCSP] report containing your usage metrics. +The following procedure gathers the relevant data and generate a link:https://connect.redhat.com/en/programs/certified-cloud-service-provider[CCSP] report containing your usage metrics. You can configure these commands as cronjobs to ensure they run at the beginning of every month. See link:https://www.redhat.com/sysadmin/linux-cron-command[How to schedule jobs using the Linux 'cron' utility] for more on configuring using the cron syntax. .Procedure -. Create two scripts in your user's home director in order to set correct variables to ensure that `metrics-utility` gathers all relevant data. +. Create two scripts in your user's home directory to set correct variables to ensure that `metrics-utility` gathers all relevant data. .. In `/home/my-user/cron-gather`: + [source, ] @@ -58,42 +58,28 @@ metrics-utility build_report + . To ensure that these files are executable, run: + -[source, ] ----- -chmod a+x /home/my-user/cron-gather /home/my-user/cron-report ----- -+ +`chmod a+x /home/my-user/cron-gather /home/my-user/cron-report` + . To open the cron file for editing, run: + -[source, ] ----- -crontab -e ----- -+ +`crontab -e` + . To configure the run schedule, add the following parameters to the end of the file and specify how often you want `metrics-utility` to gather information and build a report using link:https://www.redhat.com/sysadmin/linux-cron-command[cron syntax]. In the following example, the `gather` command is configured to run every hour at 00 minutes. The `build_report` command is configured to run on the second day of each month at 4:00 AM. + -[source, ] ----- -0 */1 * * * /home/my-user/cron-gather -0 4 2 * * /home/my-user/cron-report ----- +`0 */1 * * * /home/my-user/cron-gather` + +`0 4 2 * * /home/my-user/cron-report` + . Save and close the file. . To verify that you saved your changes, run: + -[source, ] ----- -crontab -l ----- -+ +`crontab -l` + . To ensure that data is being collected, run: + -[source, ] ----- -cat /var/log/cron ----- +`cat /var/log/cron` + -The following is an example of the output. Note that time and date might vary depending on how your configure the run schedule: +The following is a typical output. Note that time and date might vary depending on how your configure the run schedule: + [source, ] ---- @@ -108,4 +94,4 @@ May 8 09:46:26 ip-10-0-6-23 crontab[51659]: (root) END EDIT (root) ---- + -The generated report will have the default name CCSP--.xlsx and will be deposited in the ship path that you specified in step 1a. +The generated report will have the default name `CCSP--.xlsx` and is saved in the ship path that you specified in step 1a. diff --git a/downstream/modules/platform/proc-controller-modify-run-schedule-OCP.adoc b/downstream/modules/platform/proc-controller-modify-run-schedule-OCP.adoc index 82109397e8..3d36d1c411 100644 --- a/downstream/modules/platform/proc-controller-modify-run-schedule-OCP.adoc +++ b/downstream/modules/platform/proc-controller-modify-run-schedule-OCP.adoc @@ -4,7 +4,7 @@ = Modifying the run schedule on {OCPShort} from the {PlatformNameShort} operator -Adjust the execution schedule of the `metrics-utility` within your {PlatformNameShort} deployment running on {OCPShort}. +To adjust the execution schedule of the `metrics-utility` within your {PlatformNameShort} deployment running on {OCPShort}, use the following procedure: .Procedure @@ -18,12 +18,10 @@ Adjust the execution schedule of the `metrics-utility` within your {PlatformName . On the next screen, select the `YAML` tab. . In the `YAML` file, find the following parameters and enter a variable representing how often `metrics-utility` should gather data and how often it should produce a report: + -[source, ] ----- -metrics_utility_cronjob_gather_schedule: -metrics_utility_cronjob_report_schedule: ----- +`metrics_utility_cronjob_gather_schedule:` + +`metrics_utility_cronjob_report_schedule:` + . Click btn:[Save]. . From the navigation menu, select menu:Deployments[] and then select *automation-controller-operator-controller-manager*. . Increase the number of pods to 1. diff --git a/downstream/modules/platform/proc-deploy-controller.adoc b/downstream/modules/platform/proc-deploy-controller.adoc index eebf7e6b77..e486f3f872 100644 --- a/downstream/modules/platform/proc-deploy-controller.adoc +++ b/downstream/modules/platform/proc-deploy-controller.adoc @@ -4,7 +4,7 @@ = Deploy {ControllerName} -To deploy {ControllerName} and specify variables for how often metrics-utility gathers usage information and generates a report, use the following procedure: +To deploy {ControllerName} and specify variables for how often `metrics-utility` gathers usage information and generates a report, use the following procedure: .Procedure diff --git a/downstream/modules/platform/proc-fetch-a-report-on-ocp.adoc b/downstream/modules/platform/proc-fetch-a-report-on-ocp.adoc new file mode 100644 index 0000000000..5030308b1a --- /dev/null +++ b/downstream/modules/platform/proc-fetch-a-report-on-ocp.adoc @@ -0,0 +1,90 @@ +:_mod-docs-content-type: PROCEDURE + +[id="proc-fetch-a-report-on-ocp"] + += Fetching a monthly report on {OCPShort} from the {PlatformNameShort} Operator + +Use the following playbook to fetch a monthly consumption report for {PlatformNameShort} on {OCPShort}: + +---- +- name: Copy directory from Kubernetes PVC to local machine + hosts: localhost + + vars: + report_dir_path: "/mnt/metrics/reports/{{ year }}/{{ month }}/" + + tasks: + - name: Create a temporary pod to access PVC data + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Pod + metadata: + name: temp-pod + namespace: "{{ namespace_name }}" + spec: + containers: + - name: busybox + image: busybox + command: ["/bin/sh"] + args: ["-c", "sleep 3600"] # Keeps the container alive for 1 hour + volumeMounts: + - name: "{{ pvc }}" + mountPath: "/mnt/metrics" + volumes: + - name: "{{ pvc }}" + persistentVolumeClaim: + claimName: automationcontroller-metrics-utility + restartPolicy: Never + register: pod_creation + + - name: Wait for both initContainer and main container to be ready + kubernetes.core.k8s_info: + kind: Pod + namespace: "{{ namespace_name }}" + name: temp-pod + register: pod_status + until: > + pod_status.resources[0].status.containerStatuses[0].ready + retries: 30 + delay: 10 + + - name: Create a tarball of the directory of the report in the container + kubernetes.core.k8s_exec: + namespace: "{{ namespace_name }}" + pod: temp-pod + container: busybox + command: tar czf /tmp/metrics.tar.gz -C "{{ report_dir_path }}" . + register: tarball_creation + + - name: Copy the report tarball from the container to the local machine + kubernetes.core.k8s_cp: + namespace: "{{ namespace_name }}" + pod: temp-pod + container: busybox + state: from_pod + remote_path: /tmp/metrics.tar.gz + local_path: "{{ local_dir }}/metrics.tar.gz" + when: tarball_creation is succeeded + + - name: Ensure the local directory exists + ansible.builtin.file: + path: "{{ local_dir }}" + state: directory + + - name: Extract the report tarball on the local machine + ansible.builtin.unarchive: + src: "{{ local_dir }}/metrics.tar.gz" + dest: "{{ local_dir }}" + remote_src: yes + extra_opts: "--strip-components=1" + when: tarball_creation is succeeded + + - name: Delete the temporary pod + kubernetes.core.k8s: + api_version: v1 + kind: Pod + namespace: "{{ namespace_name }}" + name: temp-pod + state: absent +---- \ No newline at end of file diff --git a/downstream/modules/platform/proc-fetch-a-report-on-rhel.adoc b/downstream/modules/platform/proc-fetch-a-report-on-rhel.adoc new file mode 100644 index 0000000000..547ed97b82 --- /dev/null +++ b/downstream/modules/platform/proc-fetch-a-report-on-rhel.adoc @@ -0,0 +1,14 @@ +:_mod-docs-content-type: PROCEDURE + +[id="proc-fetch-a-report-on-rhel"] + += Fetching a monthly report on {RHEL} + +Use the following procedure to fetch a monthly report on {RHEL}: + +.Procedure + +* Run: +`scp -r username@controller_host:$METRICS_UTILITY_SHIP_PATH/data/// /local/directory/` + +The system saves the generated report as `CCSP--.xlsx` in the ship path that you specified. diff --git a/downstream/modules/platform/proc-modifying-the-run-schedule.adoc b/downstream/modules/platform/proc-modifying-the-run-schedule.adoc index e0935adf64..20618f658d 100644 --- a/downstream/modules/platform/proc-modifying-the-run-schedule.adoc +++ b/downstream/modules/platform/proc-modifying-the-run-schedule.adoc @@ -1,5 +1,3 @@ -:_newdoc-version: 2.18.3 -:_template-generated: 2024-07-15 :_mod-docs-content-type: PROCEDURE [id="modifying-the-run-schedule_{context}"] @@ -14,17 +12,12 @@ To modify the run schedule on {RHEL} and on {OCPShort}, use one of the following . From the command line, run: + -[source, ] ----- -crontab -e ----- -+ +`crontab -e` + . After the code editor has opened, update the `gather` and `build` parameters using cron syntax as shown below: + -[source, ] ----- -*/2 * * * * metrics-utility gather_automation_controller_billing_data --ship --until=10m -*/5 * * * * metrics-utility build_report ----- +`*/2 * * * * metrics-utility gather_automation_controller_billing_data --ship --until=10m` + +`*/5 * * * * metrics-utility build_report` + . Save and close the file. diff --git a/downstream/modules/platform/proc-object-storaage-with-s3.adoc b/downstream/modules/platform/proc-object-storaage-with-s3.adoc new file mode 100644 index 0000000000..3e9668a08a --- /dev/null +++ b/downstream/modules/platform/proc-object-storaage-with-s3.adoc @@ -0,0 +1,27 @@ +:_mod-docs-content-type: PROCEDURE + +[id="proc-object-storaage-with-s3"] + += Object storage with S3 interface + +To use object storage with S3 interface, for example, with AWS S3, Ceph Object storage, or Minio, you must define environment variables for data gathering and report building commands and cronjobs. ++ +---- +################ +export METRICS_UTILITY_SHIP_TARGET=s3 +# Your path in the object storage +export METRICS_UTILITY_SHIP_PATH=path_to_data_and_reports/... + +################ +# Define S3 config +export METRICS_UTILITY_BUCKET_NAME=metricsutilitys3 +export METRICS_UTILITY_BUCKET_ENDPOINT="https://s3.us-east-1.amazonaws.com" +# For AWS S3, define also a region +export METRICS_UTILITY_BUCKET_REGION="us-east-1" + +################ +# Define S3 credentials +export METRICS_UTILITY_BUCKET_ACCESS_KEY= +export METRICS_UTILITY_BUCKET_SECRET_KEY= +---- + diff --git a/downstream/modules/platform/proc-object-storage-with-rhel.adoc b/downstream/modules/platform/proc-object-storage-with-rhel.adoc new file mode 100644 index 0000000000..3da12e167c --- /dev/null +++ b/downstream/modules/platform/proc-object-storage-with-rhel.adoc @@ -0,0 +1,16 @@ +:_mod-docs-content-type: PROCEDURE + +[id="proc-object-storage-with-rhel"] + += Local disk + +For an installation of {PlatformNameShort} on {RHEL}, the default storage option is a local disk. Using an OpenShift deployment of {OCPShort}, default storage is a path inside the attached Persistent Volume Claim. ++ +---- +# Set needed ENV VARs for gathering data and generating reports +export METRICS_UTILITY_SHIP_TARGET=directory +# Your path on the local disk +export METRICS_UTILITY_SHIP_PATH=/path_to_data_and_reports/... +---- + + diff --git a/downstream/modules/platform/ref-ccsp.adoc b/downstream/modules/platform/ref-ccsp.adoc index be52239410..d18d04bb2b 100644 --- a/downstream/modules/platform/ref-ccsp.adoc +++ b/downstream/modules/platform/ref-ccsp.adoc @@ -5,74 +5,3 @@ = CCSP `CCSP` is the original report format. It does not include many of the customization of CCSPv2, and it is intended to be used only for the CCSP partner program. - -== Optional collectors for `gather` command - -You can use the following optional collectors for the `gather` command: - -* `main_jobhostsummary` -** If present by default, this incrementally collects the `main_jobhostsummary` table from the {ControllerName} database, containing information about jobs runs and managed nodes automated. -* `main_host` -** This collects daily snapshots of the `main_host` table from the {ControllerName} database and has managed nodes/hosts present across {ControllerName} inventories, -* `main_jobevent` -** This incrementally collects the `main_jobevent` table from the {ControllerName} database and contains information about which modules, roles, and ansible collections are being used. -* main_indirectmanagednodeaudit -** This incrementally collects the `main_indirectmanagednodeaudit` table from the {ControllerName} database and contains information about indirectly managed nodes, - ----- -# Example with all optional collectors -export METRICS_UTILITY_OPTIONAL_COLLECTORS="main_host,main_jobevent,main_indirectmanagednodeaudit" ----- - -== Optional sheets for `build_report` command - -You may use the following optional sheets for the `build_report` command: - -* `ccsp_summary` -** This is a landing page specifically for partners under the CCSP program. It shows managed node usage by each {ControllerName} organization. -** This report takes additional parameters to customize the summary page. For more information, see the following example: - ----- -export METRICS_UTILITY_PRICE_PER_NODE=11.55 # in USD -export METRICS_UTILITY_REPORT_SKU=MCT3752MO -export METRICS_UTILITY_REPORT_SKU_DESCRIPTION="EX: Red Hat Ansible Automation Platform, Full Support (1 Managed Node, Dedicated, Monthly)" -export METRICS_UTILITY_REPORT_H1_HEADING="CCSP Reporting : ANSIBLE Consumption" -export METRICS_UTILITY_REPORT_COMPANY_NAME="Company Name" -export METRICS_UTILITY_REPORT_EMAIL="email@email.com" -export METRICS_UTILITY_REPORT_RHN_LOGIN="test_login" -export METRICS_UTILITY_REPORT_COMPANY_BUSINESS_LEADER="BUSINESS LEADER" -export METRICS_UTILITY_REPORT_COMPANY_PROCUREMENT_LEADER="PROCUREMENT LEADER" ----- - -* `managed_nodes` -** This is a deduplicated list of managed nodes automated by {ControllerName}. -* `indirectly_managed_nodes` -** This is a deduplicated list of indirect managed nodes automated by {ControllerName}. -* `inventory_scope` -** This is a deduplicated list of managed nodes present across all inventories of {ControllerName}. -* `usage_by_collections` -** This is a list of Ansible collections used in {ControllerName} job runs. -* `usage_by_roles` -** This is a list of roles used in {ControllerName} job runs. -*`usage_by_modules` -** This is a list of modules used in {ControllerName}job runs. - ----- -# Example with all optional sheets -export METRICS_UTILITY_OPTIONAL_CCSP_REPORT_SHEETS='ccsp_summary,managed_nodes,indirectly_managed_nodes,inventory_scope,usage_by_collections,usage_by_roles,usage_by_modules' ----- - -== Selecting a date range for your CCSP report - -The default behavior of this report is to build a report for the previous month. The following examples describe how to override this default behavior to select a specific date range for your report: - ----- -# Builds report for a previous month -metrics-utility build_report - -# Build report for a specific month -metrics-utility build_report --month=2025-03 - -# Build report for a specific month overriding an existing report -metrics-utility build_report --month=2025-03 --force ----- \ No newline at end of file diff --git a/downstream/modules/platform/ref-ccspv2.adoc b/downstream/modules/platform/ref-ccspv2.adoc index 8964526159..56de2a7c2d 100644 --- a/downstream/modules/platform/ref-ccspv2.adoc +++ b/downstream/modules/platform/ref-ccspv2.adoc @@ -12,104 +12,4 @@ CCSPv2 is a report which shows the following: The primary use of this report is for partners under the link:https://connect.redhat.com/en/programs/certified-cloud-service-provider[CCSP] program, but all customers can use it to obtain on-premise reporting showing managed nodes, jobs and content usage across their {ControllerName} organizations. -Set the report type using `METRICS_UTILITY_REPORT_TYPE=CCSPv2`. - -== Optional collectors for `gather` command - -You can use the following optional collectors for the `gather` command: - -* `main_jobhostsummary` -** If present by default, this incrementally collects data from the `main_jobhostsummary` table in the {ControllerName} database, containing information about jobs runs and managed nodes automated. -* `main_host` -** This collects daily snapshots of the `main_host` table in the {ControllerName} database and has managed nodes and hosts present across {ControllerName} inventories. -* `main_jobevent` -** This incrementally collects data from the `main_jobevent` table in the {ControllerName} database and contains information about which modules, roles, and Ansible collections are being used. -* `main_indirectmanagednodeaudit` -** This incrementally collects data from the `main_indirectmanagednodeaudit` table in the {ControllerName} database and contains information about indirectly managed nodes. - ----- -# Example with all optional collectors -export METRICS_UTILITY_OPTIONAL_COLLECTORS="main_host,main_jobevent,main_indirectmanagednodeaudit" ----- - -== Optional sheets for `build_report` command - -You can use the following optional sheets for the `build_report` command: - -* `ccsp_summary` -** This is a landing page specifically for partners under CCSP program. -This report takes additional parameters to customize the summary page. For more information, see the following example: -+ ----- -export METRICS_UTILITY_PRICE_PER_NODE=11.55 # in USD -export METRICS_UTILITY_REPORT_SKU=MCT3752MO -export METRICS_UTILITY_REPORT_SKU_DESCRIPTION="EX: Red Hat Ansible Automation Platform, Full Support (1 Managed Node, Dedicated, Monthly)" -export METRICS_UTILITY_REPORT_H1_HEADING="CCSP NA Direct Reporting Template" -export METRICS_UTILITY_REPORT_COMPANY_NAME="Partner A" -export METRICS_UTILITY_REPORT_EMAIL="email@email.com" -export METRICS_UTILITY_REPORT_RHN_LOGIN="test_login" -export METRICS_UTILITY_REPORT_PO_NUMBER="123" -export METRICS_UTILITY_REPORT_END_USER_COMPANY_NAME="Customer A" -export METRICS_UTILITY_REPORT_END_USER_CITY="Springfield" -export METRICS_UTILITY_REPORT_END_USER_STATE="TX" -export METRICS_UTILITY_REPORT_END_USER_COUNTRY="US" ----- -* `jobs` -** This is a list of {ControllerName} jobs launched. It is grouped by job template. -* `managed_nodes` -** This is a deduplicated list of managed nodes automated by {ControllerName}. -* `indirectly_managed_nodes` -** This is a deduplicated list of indirect managed nodes automated by {ControllerName}. -* `inventory_scope` -** This is a deduplicated list of managed nodes present across all inventories of {ControllerName}. -* `usage_by_organizations` -** This is a list of all {ControllerName} organizations with several metrics showing the organizations usage. This provides data suitable for doing internal chargeback. -* `usage_by_collections` -** This is a list of Ansible collections used in a {ControllerName} job runs. -* `usage_by_roles` -** This is a list of roles used in {ControllerName} job runs. -* `usage_by_modules` -** This is a list of modules used in {ControllerName} job runs. -* `managed_nodes_by_organization` -** This generates a sheet per organization, listing managed nodes for every organization with the same content as the managed_nodes sheet. -* `data_collection_status` -** This generates a sheet with the status of every data collection done by the `gather` command for the date range the report is built for. - -To outline the quality of data collected it also lists: - -*** unusual gaps between collections (based on collection_start_timestamp) -*** gaps in collected intervals (based on since vs until) -+ ----- -# Example with all optional sheets -export METRICS_UTILITY_OPTIONAL_CCSP_REPORT_SHEETS='ccsp_summary,jobs,managed_nodes,indirectly_managed_nodes,inventory_scope,usage_by_organizations,usage_by_collections,usage_by_roles,usage_by_modules,data_collection_status' ----- - -== Filtering reports by organization -To filter your report so that only certain organizations are present, use this environment variable with a semicolon separated list of organization names. - -`export METRICS_UTILITY_ORGANIZATION_FILTER="ACME;Organization 1"` - -This renders only the data from these organizations in the built report. This filter currently does not have any effect on the following optional sheets: - -* `usage_by_collections` -* `usage_by_roles` -* `usage_by_modules` - -== Selecting a date range for your CCSPv2 report - -The default behavior of the CCSPv2 report is to build a report for the previous month. The following examples describe how to override this default behavior to select a specific date range for your report: - ----- -# Build report for a specific month -metrics-utility build_report --month=2025-03 - -# Build report for a specific date range, icluding the prvided days -metrics-utility build_report --since=2025-03-01 --until=2025-03-31 - -# Build report for a last 6 months from a current date -metrics-utility build_report --since=6months - -# Build report for a last 6 months from a current date overriding an exisitng report -metrics-utility build_report --since=6months --force ----- \ No newline at end of file +Set the report type using `METRICS_UTILITY_REPORT_TYPE=CCSPv2`. \ No newline at end of file diff --git a/downstream/modules/platform/ref-fetching-a-monthly-report.adoc b/downstream/modules/platform/ref-fetching-a-monthly-report.adoc index cc61c1e00f..599f70ea24 100644 --- a/downstream/modules/platform/ref-fetching-a-monthly-report.adoc +++ b/downstream/modules/platform/ref-fetching-a-monthly-report.adoc @@ -6,101 +6,3 @@ Fetch a monthly report from {PlatformNameShort} to gather usage metrics and create a consumption-based billing report. To fetch a monthly report on {RHEL} or on {OCPShort}, use the following procedures: -== Fetching a monthly report on {RHEL} - -Use the following procedure to fetch a monthly report on {RHEL}: - -.Procedure - -. Run: -`scp -r username@controller_host:$METRICS_UTILITY_SHIP_PATH/data/// /local/directory/` - -The system savess the generated report as `CCSP--.xlsx` in the ship path that you specified. - -== Fetching a monthly report on {OCPShort} from the {PlatformNameShort} Operator - -Use the following playbook to fetch a monthly consumption report for {PlatformNameShort} on {OCPShort}: - ----- -- name: Copy directory from Kubernetes PVC to local machine - hosts: localhost - - vars: - report_dir_path: "/mnt/metrics/reports/{{ year }}/{{ month }}/" - - tasks: - - name: Create a temporary pod to access PVC data - kubernetes.core.k8s: - definition: - apiVersion: v1 - kind: Pod - metadata: - name: temp-pod - namespace: "{{ namespace_name }}" - spec: - containers: - - name: busybox - image: busybox - command: ["/bin/sh"] - args: ["-c", "sleep 3600"] # Keeps the container alive for 1 hour - volumeMounts: - - name: "{{ pvc }}" - mountPath: "/mnt/metrics" - volumes: - - name: "{{ pvc }}" - persistentVolumeClaim: - claimName: automationcontroller-metrics-utility - restartPolicy: Never - register: pod_creation - - - name: Wait for both initContainer and main container to be ready - kubernetes.core.k8s_info: - kind: Pod - namespace: "{{ namespace_name }}" - name: temp-pod - register: pod_status - until: > - pod_status.resources[0].status.containerStatuses[0].ready - retries: 30 - delay: 10 - - - name: Create a tarball of the directory of the report in the container - kubernetes.core.k8s_exec: - namespace: "{{ namespace_name }}" - pod: temp-pod - container: busybox - command: tar czf /tmp/metrics.tar.gz -C "{{ report_dir_path }}" . - register: tarball_creation - - - name: Copy the report tarball from the container to the local machine - kubernetes.core.k8s_cp: - namespace: "{{ namespace_name }}" - pod: temp-pod - container: busybox - state: from_pod - remote_path: /tmp/metrics.tar.gz - local_path: "{{ local_dir }}/metrics.tar.gz" - when: tarball_creation is succeeded - - - name: Ensure the local directory exists - ansible.builtin.file: - path: "{{ local_dir }}" - state: directory - - - name: Extract the report tarball on the local machine - ansible.builtin.unarchive: - src: "{{ local_dir }}/metrics.tar.gz" - dest: "{{ local_dir }}" - remote_src: yes - extra_opts: "--strip-components=1" - when: tarball_creation is succeeded - - - name: Delete the temporary pod - kubernetes.core.k8s: - api_version: v1 - kind: Pod - namespace: "{{ namespace_name }}" - name: temp-pod - state: absent ----- - diff --git a/downstream/modules/platform/ref-filter-by-organization.adoc b/downstream/modules/platform/ref-filter-by-organization.adoc new file mode 100644 index 0000000000..f17411cf48 --- /dev/null +++ b/downstream/modules/platform/ref-filter-by-organization.adoc @@ -0,0 +1,15 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-filter-by-organization"] + += Filtering reports by organization + +To filter your report so that only certain organizations are present, use this environment variable with a semicolon separated list of organization names. + +`export METRICS_UTILITY_ORGANIZATION_FILTER="ACME;Organization 1"` + +This renders only the data from these organizations in the built report. This filter currently does not have any effect on the following optional sheets: + +* `usage_by_collections` +* `usage_by_roles` +* `usage_by_modules` diff --git a/downstream/modules/platform/ref-optional-build-sheets.adoc b/downstream/modules/platform/ref-optional-build-sheets.adoc new file mode 100644 index 0000000000..180254ff1b --- /dev/null +++ b/downstream/modules/platform/ref-optional-build-sheets.adoc @@ -0,0 +1,41 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-optional-build-sheets"] + += Optional sheets for `build_report` command + +You may use the following optional sheets for the `build_report` command: + +* `ccsp_summary` +** This is a landing page specifically for partners under the CCSP program. It shows managed node usage by each {ControllerName} organization. +** This report takes additional parameters to customize the summary page. For more information, see the following example: ++ +---- +export METRICS_UTILITY_PRICE_PER_NODE=11.55 # in USD +export METRICS_UTILITY_REPORT_SKU=MCT3752MO +export METRICS_UTILITY_REPORT_SKU_DESCRIPTION="EX: Red Hat Ansible Automation Platform, Full Support (1 Managed Node, Dedicated, Monthly)" +export METRICS_UTILITY_REPORT_H1_HEADING="CCSP Reporting : ANSIBLE Consumption" +export METRICS_UTILITY_REPORT_COMPANY_NAME="Company Name" +export METRICS_UTILITY_REPORT_EMAIL="email@email.com" +export METRICS_UTILITY_REPORT_RHN_LOGIN="test_login" +export METRICS_UTILITY_REPORT_COMPANY_BUSINESS_LEADER="BUSINESS LEADER" +export METRICS_UTILITY_REPORT_COMPANY_PROCUREMENT_LEADER="PROCUREMENT LEADER" +---- + +* `managed_nodes` +** This is a deduplicated list of managed nodes automated by {ControllerName}. +* `indirectly_managed_nodes` +** This is a deduplicated list of indirect managed nodes automated by {ControllerName}. +* `inventory_scope` +** This is a deduplicated list of managed nodes present across all inventories of {ControllerName}. +* `usage_by_collections` +** This is a list of Ansible collections used in {ControllerName} job runs. +* `usage_by_roles` +** This is a list of roles used in {ControllerName} job runs. +*`usage_by_modules` +** This is a list of modules used in {ControllerName}job runs. + +---- +# Example with all optional sheets +export METRICS_UTILITY_OPTIONAL_CCSP_REPORT_SHEETS='ccsp_summary,managed_nodes,indirectly_managed_nodes,inventory_scope,usage_by_collections,usage_by_roles,usage_by_modules' +---- \ No newline at end of file diff --git a/downstream/modules/platform/ref-optional-collectors.adoc b/downstream/modules/platform/ref-optional-collectors.adoc new file mode 100644 index 0000000000..81f2a5a284 --- /dev/null +++ b/downstream/modules/platform/ref-optional-collectors.adoc @@ -0,0 +1,21 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-optional-collectors"] + += Optional collectors for `gather` command + +You can use the following optional collectors for the `gather` command: + +* `main_jobhostsummary` +** If present by default, this incrementally collects data from the `main_jobhostsummary` table in the {ControllerName} database, containing information about jobs runs and managed nodes automated. +* `main_host` +** This collects daily snapshots of the `main_host` table in the {ControllerName} database and has managed nodes and hosts present across {ControllerName} inventories. +* `main_jobevent` +** This incrementally collects data from the `main_jobevent` table in the {ControllerName} database and contains information about which modules, roles, and Ansible collections are being used. +* `main_indirectmanagednodeaudit` +** This incrementally collects data from the `main_indirectmanagednodeaudit` table in the {ControllerName} database and contains information about indirectly managed nodes. ++ +---- +# Example with all optional collectors +export METRICS_UTILITY_OPTIONAL_COLLECTORS="main_host,main_jobevent,main_indirectmanagednodeaudit" +---- \ No newline at end of file diff --git a/downstream/modules/platform/ref-optional-gather-collectors.adoc b/downstream/modules/platform/ref-optional-gather-collectors.adoc new file mode 100644 index 0000000000..65898a2209 --- /dev/null +++ b/downstream/modules/platform/ref-optional-gather-collectors.adoc @@ -0,0 +1,21 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-optional-gather-collectors"] + += Optional collectors for `gather` command + +You can use the following optional collectors for the `gather` command: + +* `main_jobhostsummary` +** If present by default, this incrementally collects the `main_jobhostsummary` table from the {ControllerName} database, containing information about jobs runs and managed nodes automated. +* `main_host` +** This collects daily snapshots of the `main_host` table from the {ControllerName} database and has managed nodes/hosts present across {ControllerName} inventories, +* `main_jobevent` +** This incrementally collects the `main_jobevent` table from the {ControllerName} database and contains information about which modules, roles, and ansible collections are being used. +* main_indirectmanagednodeaudit +** This incrementally collects the `main_indirectmanagednodeaudit` table from the {ControllerName} database and contains information about indirectly managed nodes, + +---- +# Example with all optional collectors +export METRICS_UTILITY_OPTIONAL_COLLECTORS="main_host,main_jobevent,main_indirectmanagednodeaudit" +---- diff --git a/downstream/modules/platform/ref-optional-sheets.adoc b/downstream/modules/platform/ref-optional-sheets.adoc new file mode 100644 index 0000000000..47641fcb68 --- /dev/null +++ b/downstream/modules/platform/ref-optional-sheets.adoc @@ -0,0 +1,56 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-optional-sheets"] + += Optional sheets for `build_report` command + +You can use the following optional sheets for the `build_report` command: + +* `ccsp_summary` +** This is a landing page specifically for partners under CCSP program. +This report takes additional parameters to customize the summary page. For more information, see the following example: ++ +---- +export METRICS_UTILITY_PRICE_PER_NODE=11.55 # in USD +export METRICS_UTILITY_REPORT_SKU=MCT3752MO +export METRICS_UTILITY_REPORT_SKU_DESCRIPTION="EX: Red Hat Ansible Automation Platform, Full Support (1 Managed Node, Dedicated, Monthly)" +export METRICS_UTILITY_REPORT_H1_HEADING="CCSP NA Direct Reporting Template" +export METRICS_UTILITY_REPORT_COMPANY_NAME="Partner A" +export METRICS_UTILITY_REPORT_EMAIL="email@email.com" +export METRICS_UTILITY_REPORT_RHN_LOGIN="test_login" +export METRICS_UTILITY_REPORT_PO_NUMBER="123" +export METRICS_UTILITY_REPORT_END_USER_COMPANY_NAME="Customer A" +export METRICS_UTILITY_REPORT_END_USER_CITY="Springfield" +export METRICS_UTILITY_REPORT_END_USER_STATE="TX" +export METRICS_UTILITY_REPORT_END_USER_COUNTRY="US" +---- +* `jobs` +** This is a list of {ControllerName} jobs launched. It is grouped by job template. +* `managed_nodes` +** This is a deduplicated list of managed nodes automated by {ControllerName}. +* `indirectly_managed_nodes` +** This is a deduplicated list of indirect managed nodes automated by {ControllerName}. +* `inventory_scope` +** This is a deduplicated list of managed nodes present across all inventories of {ControllerName}. +* `usage_by_organizations` +** This is a list of all {ControllerName} organizations with several metrics showing the organizations usage. This provides data suitable for doing internal chargeback. +* `usage_by_collections` +** This is a list of Ansible collections used in a {ControllerName} job runs. +* `usage_by_roles` +** This is a list of roles used in {ControllerName} job runs. +* `usage_by_modules` +** This is a list of modules used in {ControllerName} job runs. +* `managed_nodes_by_organization` +** This generates a sheet per organization, listing managed nodes for every organization with the same content as the managed_nodes sheet. +* `data_collection_status` +** This generates a sheet with the status of every data collection done by the `gather` command for the date range the report is built for. + +To outline the quality of data collected it also lists: + +*** unusual gaps between collections (based on collection_start_timestamp) +*** gaps in collected intervals (based on since vs until) ++ +---- +# Example with all optional sheets +export METRICS_UTILITY_OPTIONAL_CCSP_REPORT_SHEETS='ccsp_summary,jobs,managed_nodes,indirectly_managed_nodes,inventory_scope,usage_by_organizations,usage_by_collections,usage_by_roles,usage_by_modules,data_collection_status' +---- \ No newline at end of file diff --git a/downstream/modules/platform/ref-select-a-date-range-ccspv2.adoc b/downstream/modules/platform/ref-select-a-date-range-ccspv2.adoc new file mode 100644 index 0000000000..c2c6f9f542 --- /dev/null +++ b/downstream/modules/platform/ref-select-a-date-range-ccspv2.adoc @@ -0,0 +1,21 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-select-a-date-range-ccspv2"] + += Selecting a date range for your CCSPv2 report + +The default behavior of the CCSPv2 report is to build a report for the previous month. The following examples describe how to override this default behavior to select a specific date range for your report: + +---- +# Build report for a specific month +metrics-utility build_report --month=2025-03 + +# Build report for a specific date range, icluding the prvided days +metrics-utility build_report --since=2025-03-01 --until=2025-03-31 + +# Build report for a last 6 months from a current date +metrics-utility build_report --since=6months + +# Build report for a last 6 months from a current date overriding an exisitng report +metrics-utility build_report --since=6months --force +---- \ No newline at end of file diff --git a/downstream/modules/platform/ref-select-report-date-range.adoc b/downstream/modules/platform/ref-select-report-date-range.adoc new file mode 100644 index 0000000000..c987298e2a --- /dev/null +++ b/downstream/modules/platform/ref-select-report-date-range.adoc @@ -0,0 +1,18 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-select-report-date-range"] + += Selecting a date range for your CCSP report + +The default behavior of this report is to build a report for the previous month. The following examples describe how to override this default behavior to select a specific date range for your report: + +---- +# Builds report for a previous month +metrics-utility build_report + +# Build report for a specific month +metrics-utility build_report --month=2025-03 + +# Build report for a specific month overriding an existing report +metrics-utility build_report --month=2025-03 --force +---- \ No newline at end of file diff --git a/downstream/modules/platform/ref-storage-invocation.adoc b/downstream/modules/platform/ref-storage-invocation.adoc index 3387ec0857..f8309b338e 100644 --- a/downstream/modules/platform/ref-storage-invocation.adoc +++ b/downstream/modules/platform/ref-storage-invocation.adoc @@ -3,6 +3,7 @@ [id="ref-storage-invocation"] = Storage and invocation + The `RENEWAL_GUIDANCE` report supports the use of only local disk storage to store the report results. This report does not have a gather data step. It reads directly from the controller HostMetric table, so it does not store any raw data under the `METRICS_UTILITY_SHIP_PATH`. ---- diff --git a/downstream/modules/platform/ref-supported-storage.adoc b/downstream/modules/platform/ref-supported-storage.adoc index 04012db9f8..35f23c0f13 100644 --- a/downstream/modules/platform/ref-supported-storage.adoc +++ b/downstream/modules/platform/ref-supported-storage.adoc @@ -6,35 +6,3 @@ Supported storage is available for storing the raw data obtained by using the `metrics-utility gather_automation_controller_billing_data` command and storing the generated reports obtained by using the `metrics-utility build_report` command. Apply the environment variables to this storage based on your {PlatformNameShort} installation. - -== Local disk -For an installation of {PlatformNameShort} on {RHEL}, the default storage option is a local disk. Using an OpenShift deployment of {OCPShort}, default storage is a path inside the attached Persistent Volume Claim. - ----- -# Set needed ENV VARs for gathering data and generating reports -export METRICS_UTILITY_SHIP_TARGET=directory -# Your path on the local disk -export METRICS_UTILITY_SHIP_PATH=/path_to_data_and_reports/... ----- - -== Object storage with S3 interface - -To use object storage with S3 interface, for example, with AWS S3, Ceph Object storage, or Minio, you must define environment variables for data gathering and report building commands and cronjobs. ----- -################ -export METRICS_UTILITY_SHIP_TARGET=s3 -# Your path in the object storage -export METRICS_UTILITY_SHIP_PATH=path_to_data_and_reports/... - -################ -# Define S3 config -export METRICS_UTILITY_BUCKET_NAME=metricsutilitys3 -export METRICS_UTILITY_BUCKET_ENDPOINT="https://s3.us-east-1.amazonaws.com" -# For AWS S3, define also a region -export METRICS_UTILITY_BUCKET_REGION="us-east-1" - -################ -# Define S3 credentials -export METRICS_UTILITY_BUCKET_ACCESS_KEY= -export METRICS_UTILITY_BUCKET_SECRET_KEY= ----- \ No newline at end of file From 4540e63d56c1f8654e56b4f81fb7681915eb798e Mon Sep 17 00:00:00 2001 From: Robert Grange <95885266+rogrange@users.noreply.github.com> Date: Mon, 4 Aug 2025 13:28:58 -0400 Subject: [PATCH 26/71] Relaase notes for async 2.5-20250730 (#3977) (#3978) Resolves:AAP-49775 --- .../release-notes/async/aap-25-20250730.adoc | 125 ++++++++++++++++++ downstream/titles/release-notes/master.adoc | 2 + .../release-notes/topics/tech-preview.adoc | 12 ++ 3 files changed, 139 insertions(+) create mode 100644 downstream/titles/release-notes/async/aap-25-20250730.adoc diff --git a/downstream/titles/release-notes/async/aap-25-20250730.adoc b/downstream/titles/release-notes/async/aap-25-20250730.adoc new file mode 100644 index 0000000000..160c0e8993 --- /dev/null +++ b/downstream/titles/release-notes/async/aap-25-20250730.adoc @@ -0,0 +1,125 @@ +[[aap-25-20250730]] + += {PlatformNameShort} patch release July 30, 2025 + +This release includes the following components and versions: + +[cols="1a,3a", options="header"] +|=== +| Release date | Component versions + +| July 30, 2025| +* {ControllerNameStart} 4.6.18 +* {HubNameStart} 4.10.6 +* {EDAName} 1.1.11 +* Container-based installer {PlatformNameShort} (bundle) 2.5-17 +* Container-based installer {PlatformNameShort} (online) 2.5-17 +* Receptor 1.5.7 +* RPM-based installer {PlatformNameShort} (bundle) 2.5-16 +* RPM-based installer {PlatformNameShort} (online) 2.5-16 + +|=== + +CSV Versions in this release: + +* Namespace-scoped Bundle: aap-operator.v2.5.0-0.1753402603 + +* Cluster-scoped Bundle: aap-operator.v2.5.0-0.1753403065 + + + +== General + +* The `redhat.rhel_system_roles` collection has been updated to 1.95.7.(AAP-49916) + +* The `ansible.windows` collection has been updated to 2.8.0.(AAP-49923) + +* The `ansible.eda` collection has been updated to 2.8.2.(AAP-49997) + + + +== CVE + +With this update, the following CVEs have been addressed: + +* link:https://access.redhat.com/security/cve/CVE-2025-7738[CVE-2025-7738] `python3.11-django-ansible-base`: Hide plain text *OAuth2* secrets on GitHub Enterprise and GitHub Enterprise organization authenticator configuration views in platform-gateway.(AAP-49561) + +* link:https://access.redhat.com/security/cve/CVE-2025-2099[CVE-2025-2099] `ansible-automation-platform-25/lightspeed-chatbot-rhel8`: Regular Expression Denial of Service (ReDoS) in uggingface/transformers.(AAP-48621) + +* link:https://access.redhat.com/security/cve/CVE-2025-5988[CVE-2025-5988] `automation-gateway`: CSRF origin checking is disabled.(AAP-50374) + + + +== {PlatformNameShort} + +=== Features + +* `PosixUIDGroupType` can be selected for LDAP Group Type.(AAP-49347) + +=== Enhancements + +* Optimized the handling of web socket messages from the Workflow Visualizer.(AAP-46800) + +=== Bug fixes + +* Fixed the fields `content_type` for role user assignments to indicate that null values are valid responses from the API.(AAP-49494) + +* Fixed the fields `team_ansible_id` for role team assignments to indicate that null values can be POSTed to the API.(AAP-49812) + +* Fixed an issue where `auto-complete` was not disabled on all forms for sensitive information such as usernames, passwords, secret keys, etc.(AAP-49079) + +* Fixed an issue related to workflow job template limits overriding workflow job template node limits upon save.(AAP-48946) + +* Fixed the *Min* and *Max* Limit values displayed on the *Edit Survey* form.(AAP-39933) + +* Fixed an issue where the case insensitivity for authentication map user attribute names and values and for group names was not available. Feature flag `FEATURE_CASE_INSENSITIVE_AUTH_MAPS` must be set to true to enable case insensitive comparisons.(AAP-49327) + +* Fixed an issue that adds an OIDC Callback URL field that, after creation of authenticator, displays the URL to use in setting up the IdP. The URL field is displayed on the creation page and this field is to be left blank.(AAP-49874) + + + +== {ControllerNameStart} + +=== Enhancements + +* Update the injectors for the {PlatformNameShort} credential type to work across collection.(AAP-47877) + +=== Bug Fixes + +* Removed API version from hard-coded URL in inventory plugin.(AAP-48443) + +* Fixed a *404* error for workflow nodes.(AAP-47362) + +* Fixed an issue where the {ControllerName} pod was not working after an upgrade to `aap-operator.v2.5.0-0.1750901870`.(AAP-48771) + + + +== Container-based {PlatformNameShort} + +=== Enhancements + +* Added an exclusion parameter for Container-based {PlatformNameShort} Backup, allowing users to specify snapshot paths to be excluded from the backup process.(AAP-50114) + +=== Bug Fixes + +* Fixed the issue where execution instances removed from the inventory would still be visible on the Topology View.(AAP-48615) + +* Fixed a bug when restoring {HubName} to a new cluster when using NFS for the hub data filesystem.(AAP-48568) + +* Fixed permission issues when restoring {HubName} when using NFS storage.(AAP-50118) + + + +== RPM-based {PlatformNameShort} + +=== Bug Fixes + +* {EDAName} node type is now properly checked during restore.(AAP-49004) + +* Fixed an issue where *gRPC* server port was not configured properly when non-default value was used.(AAP-48543) + +* Fixed an issue where the firewall role logic improperly restricted {EDAName} event stream ports. Firewall ports are now restricted to event hosts, enhancing network security for {EDAName} users.(AAP-49792) + +* Fixed an issue where the gunicorn timeout to {EDAName} API service unit was not passed.(AAP-49858) + +* Fixed an issue where envoy, nginx, web server, and jwt token timeouts were not aligned, and caused issues where requests time out but work continues, or tokens expire before they are used.(AAP-49153) diff --git a/downstream/titles/release-notes/master.adoc b/downstream/titles/release-notes/master.adoc index 579b9b8054..15b4de17ed 100644 --- a/downstream/titles/release-notes/master.adoc +++ b/downstream/titles/release-notes/master.adoc @@ -34,6 +34,8 @@ include::topics/docs-25.adoc[leveloffset=+1] // == Asynchronous updates include::async/async-updates.adoc[leveloffset=+1] +// Async release 2.5-07-30-2025 +include::async/aap-25-20250730.adoc[leveloffset=+2] // Async release 2.5-07-02-2025 include::async/aap-25-20250702.adoc[leveloffset=+2] // Async release 2.5-06-11-2025 diff --git a/downstream/titles/release-notes/topics/tech-preview.adoc b/downstream/titles/release-notes/topics/tech-preview.adoc index 818c9c6f81..3a748bde54 100644 --- a/downstream/titles/release-notes/topics/tech-preview.adoc +++ b/downstream/titles/release-notes/topics/tech-preview.adoc @@ -20,6 +20,18 @@ include::../snippets/technology-preview.adoc[] // You can now configure the Controller Access Token for each resource with the `connection_secret` parameter, rather than the `tower_auth_secret` parameter. This change is compatible with earlier versions, but the `tower_auth_secret` parameter is now deprecated and will be removed in a future release. +=== Ansible-core 2.19 + +This link:https://access.redhat.com/articles/7128367[technical preview] includes an overhaul of the templating system and a new feature labeled Data Tagging. These changes enable reporting of numerous problematic behaviors that went undetected in previous releases, with wide-ranging positive effects on security, performance, and user experience. + +Backward compatibility has been preserved where practical, but some breaking changes were necessary. This guide describes some common problem scenarios with example content, error messages, and suggested solutions. + +We recommend you test your playbooks and roles in a staging environment with this release to determine where you may need to make changes. + +For further information see the link:https://ansible.readthedocs.io/projects/ansible-core/devel/porting_guides/porting_guide_core_2.19.html#id3[Ansible Porting Guide]. + + + === Availability of {AAPchatbot} The {AAPchatbot} is now available on {PlatformNameShort} 2.5 on {OCP} as a Technology Preview release. It is an intuitive chat interface embedded within the {PlatformNameShort}, utilizing generative artificial intelligence (AI) to answer questions about the {PlatformNameShort}. From 014e75e7077542d9123152b03d70afab3143936c Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Tue, 5 Aug 2025 10:21:52 +0100 Subject: [PATCH 27/71] Add redis cert considerations (#3982) (#3983) Document update for containerised AAP 2.5 custom Redis Cluster certificate https://issues.redhat.com/browse/AAP-48450 --- .../assembly-using-custom-tls-certificates.adoc | 3 +++ .../platform/con-redis-cert-considerations.adoc | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 downstream/modules/platform/con-redis-cert-considerations.adoc diff --git a/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc b/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc index 93369f5119..c243df1c72 100644 --- a/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc +++ b/downstream/assemblies/platform/assembly-using-custom-tls-certificates.adoc @@ -35,5 +35,8 @@ include::platform/proc-provide-custom-ca-cert.adoc[leveloffset=+2] // Receptor certificate considerations include::platform/con-receptor-cert-considerations.adoc[leveloffset=+1] +// Redis certificate considerations +include::platform/con-redis-cert-considerations.adoc[leveloffset=+1] + ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/modules/platform/con-redis-cert-considerations.adoc b/downstream/modules/platform/con-redis-cert-considerations.adoc new file mode 100644 index 0000000000..b9c440d018 --- /dev/null +++ b/downstream/modules/platform/con-redis-cert-considerations.adoc @@ -0,0 +1,11 @@ +:_mod-docs-content-type: CONCEPT + +[id="redis-certificate-considerations"] += Redis certificate considerations + +[role="_abstract"] +When using custom TLS certificates for Redis-related services, consider the following for mutual TLS (mTLS) communication if specifying Extended Key Usage (EKU): + +* The Redis server certificate (`redis_tls_cert`) should include the `serverAuth` (web server authentication) and `clientAuth` (client authentication) EKU. + +* The Redis client certificates (`gateway_redis_tls_cert`, `eda_redis_tls_cert`) should include the `clientAuth` (client authentication) EKU. From f1e4fe52e974768f20d28eecb821398ad65c18d9 Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Tue, 5 Aug 2025 11:05:49 +0100 Subject: [PATCH 28/71] DITA migration changes(2.6) CAG Ch 13 (#3987) Configuring automation execution UI and modular compliance chapter 13 https://issues.redhat.com/browse/AAP-46733 --- ...assembly-controller-secret-management.adoc | 11 +++++++ ...c-controller-configure-secret-lookups.adoc | 20 ++++++------- .../ref-aws-secrets-manager-lookup.adoc | 2 +- ...-controller-metadata-credential-input.adoc | 29 +++++++------------ 4 files changed, 32 insertions(+), 30 deletions(-) diff --git a/downstream/assemblies/platform/assembly-controller-secret-management.adoc b/downstream/assemblies/platform/assembly-controller-secret-management.adoc index afbc61d2a4..f520ad592d 100644 --- a/downstream/assemblies/platform/assembly-controller-secret-management.adoc +++ b/downstream/assemblies/platform/assembly-controller-secret-management.adoc @@ -29,14 +29,25 @@ These external secret values are fetched before running a playbook that needs th For more information about specifying secret management system credentials in the user interface, see link:{URLControllerUserGuide}/index#controller-credentials[Managing user credentials]. include::platform/proc-controller-configure-secret-lookups.adoc[leveloffset=+1] + include::platform/ref-controller-metadata-credential-input.adoc[leveloffset=+2] + include::platform/ref-aws-secrets-manager-lookup.adoc[leveloffset=+2] + include::platform/ref-centrify-vault-lookup.adoc[leveloffset=+2] + include::platform/ref-cyberark-ccp-lookup.adoc[leveloffset=+2] + include::platform/ref-cyberark-conjur-lookup.adoc[leveloffset=+2] + include::platform/ref-hashicorp-vault-lookup.adoc[leveloffset=+2] + include::platform/ref-hashicorp-signed-ssh.adoc[leveloffset=+2] + include::platform/ref-azure-key-vault-lookup.adoc[leveloffset=+2] + include::platform/ref-thycotic-devops-vault.adoc[leveloffset=+2] + include::platform/ref-thycotic-secret-server.adoc[leveloffset=+2] + include::platform/proc-controller-github-app-token.adoc[leveloffset=+2] diff --git a/downstream/modules/platform/proc-controller-configure-secret-lookups.adoc b/downstream/modules/platform/proc-controller-configure-secret-lookups.adoc index 87b479aa11..1cabbac124 100644 --- a/downstream/modules/platform/proc-controller-configure-secret-lookups.adoc +++ b/downstream/modules/platform/proc-controller-configure-secret-lookups.adoc @@ -15,16 +15,16 @@ Use the following procedure to use {ControllerName} to configure and use each of .Procedure . Create an external credential for authenticating with the secret management system. At minimum, give a name for the external credential and select one of the following for the *Credential type* field: + -* xref:ref-aws-secrets-manager-lookup[AWS Secrets Manager Lookup] -* xref:ref-centrify-vault-lookup[Centrify Vault Credential Provider Lookup] -* xref:ref-cyberark-ccp-lookup[CyberArk Central Credential Provider (CCP) Lookup] -* xref:ref-cyberark-conjur-lookup[CyberArk Conjur Secrets Manager Lookup] -* xref:ref-hashicorp-vault-lookup[HashiCorp Vault Secret Lookup] -* xref:ref-hashicorp-signed-ssh[HashiCorp Vault Signed SSH] -* xref:ref-azure-key-vault-lookup[{Azure} Key Vault] -* xref:ref-thycotic-devops-vault[Thycotic DevOps Secrets Vault] -* xref:ref-thycotic-secret-server[Thycotic Secret Server] -* xref:controller-github-app-token[GitHub app token lookup] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-aws-secrets-manager-lookup[AWS Secrets Manager Lookup] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-centrify-vault-lookup[Centrify Vault Credential Provider Lookup] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-cyberark-ccp-lookup[CyberArk Central Credential Provider (CCP) Lookup] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-cyberark-conjur-lookup[CyberArk Conjur Secrets Manager Lookup] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-hashicorp-vault-lookup[HashiCorp Vault Secret Lookup] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-hashicorp-signed-ssh[HashiCorp Vault Signed SSH] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-azure-key-vault-lookup[{Azure} Key Vault] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-thycotic-devops-vault[Thycotic DevOps Secrets Vault] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-thycotic-secret-server[Thycotic Secret Server] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#controller-github-app-token[Configuring a GitHub App Installation Access Token Lookup] + In this example, the _Demo Credential_ is the target credential. diff --git a/downstream/modules/platform/ref-aws-secrets-manager-lookup.adoc b/downstream/modules/platform/ref-aws-secrets-manager-lookup.adoc index 906eccc013..92a5cf448b 100644 --- a/downstream/modules/platform/ref-aws-secrets-manager-lookup.adoc +++ b/downstream/modules/platform/ref-aws-secrets-manager-lookup.adoc @@ -7,7 +7,7 @@ This plugin enables {AWS} to be used as a credential input source to pull secrets from the {AWS} Secrets Manager. The AWS Secrets Manager provides similar service to {Azure} Key Vault, and the AWS collection provides a lookup plugin for it. -When AWS Secrets Manager lookup is selected for **Credential type**, give the following metadata to configure your lookup: +When AWS Secrets Manager lookup is selected for *Credential type*, give the following metadata to configure your lookup: * *AWS Access Key* (required): give the access key used for communicating with AWS key management system * *AWS Secret Key* (required): give the secret as obtained by the AWS IAM console diff --git a/downstream/modules/platform/ref-controller-metadata-credential-input.adoc b/downstream/modules/platform/ref-controller-metadata-credential-input.adoc index 3ad1b88744..8a8595a4a8 100644 --- a/downstream/modules/platform/ref-controller-metadata-credential-input.adoc +++ b/downstream/modules/platform/ref-controller-metadata-credential-input.adoc @@ -6,8 +6,7 @@ The information required for the *Metadata* tab of the input source. -[discrete] -== AWS Secrets Manager Lookup +*AWS Secrets Manager Lookup* [cols="25%,50%",options="header"] |=== @@ -16,9 +15,7 @@ The information required for the *Metadata* tab of the input source. | AWS Secret Name (required) | Specify the AWS secret name that was generated by the AWS access key. |=== - -[discrete] -== Centrify Vault Credential Provider Lookup +*Centrify Vault Credential Provider Lookup* [cols="25%,50%",options="header"] |=== @@ -27,8 +24,7 @@ The information required for the *Metadata* tab of the input source. | System Name | Specify the name used by the Centrify portal. |=== -[discrete] -== CyberArk Central Credential Provider Lookup +*CyberArk Central Credential Provider Lookup* [cols="25%,50%",options="header"] |=== @@ -39,8 +35,7 @@ The information required for the *Metadata* tab of the input source. | Reason | If required for the object's policy, supply a reason for checking out the secret, as CyberArk logs those. |=== -[discrete] -== CyberArk Conjur Secrets Lookup +*CyberArk Conjur Secrets Lookup* [cols="25%,50%",options="header"] |=== @@ -49,8 +44,7 @@ The information required for the *Metadata* tab of the input source. | Secret Version | Specify a version of the secret, if necessary, otherwise, leave it empty to use the latest version. |=== -[discrete] -== HashiVault Secret Lookup +*HashiVault Secret Lookup* [cols="25%,50%",options="header"] |=== @@ -62,8 +56,7 @@ Leave it blank to use the first path segment of the *Path to Secret* field inste | Secret Version (V2 Only) | Specify a version if necessary, otherwise, leave it empty to use the latest version. |=== -[discrete] -== HashiCorp Signed SSH +*HashiCorp Signed SSH* [cols="25%,50%",options="header"] |=== @@ -78,8 +71,7 @@ So you could have a role that is permitted to get a certificate signed for root, Hashi vault has a default user for whom it signs, for example, ec2-user. |=== -[discrete] -== {Azure} KMS +*{Azure} KMS* [cols="25%,50%",options="header"] |=== @@ -88,8 +80,7 @@ Hashi vault has a default user for whom it signs, for example, ec2-user. | Secret Version | Specify a version of the secret, if necessary, otherwise, leave it empty to use the latest version. |=== -[discrete] -== Thycotic DevOps Secrets Vault +*Thycotic DevOps Secrets Vault* [cols="25%,50%",options="header"] |=== @@ -97,8 +88,8 @@ Hashi vault has a default user for whom it signs, for example, ec2-user. | Secret Path (required) |Specify the path to where the secret information is stored, for example, /path/username. |=== -[discrete] -== Thycotic Secret Server +*Thycotic Secret Server* + [cols="25%,50%",options="header"] |=== | Metadata | Description From c1b3b623293c4f2446234e3d934ba4556ca3b05c Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Tue, 5 Aug 2025 11:13:17 +0100 Subject: [PATCH 29/71] Add container details table (#3986) (#3988) Adds a Container details table to Containerized installation guide Containerized installation - update "Diagnosing the problem" with a mapping of container names and their usage https://issues.redhat.com/browse/AAP-42439 --- ...containerized-troubleshoot-diagnosing.adoc | 109 +++++++++++++----- 1 file changed, 82 insertions(+), 27 deletions(-) diff --git a/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc b/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc index b871ef0ef4..e4884292c3 100644 --- a/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc +++ b/downstream/modules/platform/ref-containerized-troubleshoot-diagnosing.adoc @@ -14,36 +14,91 @@ To get a list of the running container names run the following command: $ podman ps --all --format "{{.Names}}" ---- -Example output: - ----- -postgresql -redis-unix -redis-tcp -receptor -automation-controller-rsyslog -automation-controller-task -automation-controller-web -automation-eda-api -automation-eda-daphne -automation-eda-web -automation-eda-worker-1 -automation-eda-worker-2 -automation-eda-activation-worker-1 -automation-eda-activation-worker-2 -automation-eda-scheduler -automation-gateway-proxy -automation-gateway -automation-hub-api -automation-hub-content -automation-hub-web -automation-hub-worker-1 -automation-hub-worker-2 ----- +.Container details +[options="header" cols="1,1,2"] +|=== +|Component group |Container name |Purpose + +|{ControllerNameStart} +|`automation-controller-rsyslog` +|Handles centralized logging for {ControllerName}. + +|{ControllerNameStart} +|`automation-controller-task` +|Manages and runs tasks related to {ControllerName}, such as running playbooks and interacting with inventories. + +|{ControllerNameStart} +|`automation-controller-web` +|A web server that provides a REST API for {ControllerName}. This is accessed and routed through {Gateway} for user interaction. + +|{EDAName} +|`automation-eda-api` +|Exposes the API for {EDAName}, allowing external systems to trigger and manage event-driven automations. + +|{EDAName} +|`automation-eda-daphne` +|A web server for {EDAName}, handling WebSocket connections and serving static files. + +|{EDAName} +|`automation-eda-web` +|A web server that provides a REST API for {EDAName}. This is accessed and routed through {Gateway} for user interaction. + +|{EDAName} +|`automation-eda-worker-` +|These containers run the automation rules and playbooks based on incoming events. + +|{EDAName} +|`automation-eda-activation-worker-` +|These containers manage the activation of automation rules, ensuring they run when specific conditions are met. + +|{EDAName} +|`automation-eda-scheduler` +|Responsible for scheduling and managing recurring tasks and rule activations. + +|{GatewayStart} +|`automation-gateway-proxy` +|Acts as a reverse proxy, routing incoming requests to the appropriate {PlatformNameShort} services. + +|{GatewayStart} +|`automation-gateway` +|Responsible for authentication, authorization, and overall request handling for the platform, all of which is exposed through a REST API and served by a web server. + +|{HubNameStart} +|`automation-hub-api` +|Provides the API for {HubName}, enabling interaction with collection content, user management, and other {HubName} functionality. + +|{HubNameStart} +|`automation-hub-content` +|Manages and serves Ansible Content Collections, roles, and modules stored in {HubName}. + +|{HubNameStart} +|`automation-hub-web` +|A web server that provides a REST API for {HubName}. This is accessed and routed through {Gateway} for user interaction. + +|{HubNameStart} +|`automation-hub-worker-` +|These containers handle background tasks for {HubName}, such as content synchronization, indexing, and validation. + +|Performance Co-Pilot +|`pcp` +|If Performance Co-Pilot Monitoring is enabled, this container is used for system performance monitoring and data collection. + +|PostgreSQL +|`postgresql` +|Hosts the PostgreSQL database for {PlatformNameShort}. + +|Receptor +|`receptor` +|Facilitates secure and reliable communication within {PlatformNameShort}. + +|Redis +|`redis-` +|Responsible for caching, real-time analytics and fast data retrieval. +|=== *Inspecting the logs* -To inspect any running container logs, run the `journalctl` command: +Containerized {PlatformNameShort} uses `journald` for Podman logging. To inspect any running container logs, run the `journalctl` command: ---- $ journalctl CONTAINER_NAME= From c64bef1b62fe3954395c3ca1af2397777c3c6ea1 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Tue, 5 Aug 2025 12:07:42 +0100 Subject: [PATCH 30/71] Update nginx_tls_protocols default value (#3990) (#3991) RPM installer - update nginx_tls_protocols default value in documentation https://issues.redhat.com/browse/AAP-48089 --- downstream/modules/platform/ref-controller-variables.adoc | 2 +- downstream/modules/platform/ref-eda-controller-variables.adoc | 2 +- downstream/modules/platform/ref-gateway-variables.adoc | 2 +- downstream/modules/platform/ref-hub-variables.adoc | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/downstream/modules/platform/ref-controller-variables.adoc b/downstream/modules/platform/ref-controller-variables.adoc index 321439bfea..186d5a0be0 100644 --- a/downstream/modules/platform/ref-controller-variables.adoc +++ b/downstream/modules/platform/ref-controller-variables.adoc @@ -115,7 +115,7 @@ Set this variable to `true` to disable HTTPS. | `controller_nginx_https_protocols` | Protocols that {ControllerName} supports when handling HTTPS traffic. | Optional -| RPM = `[TLSv1.2]`. Container = `[TLSv1.2, TLSv1.3]` +| `[TLSv1.2, TLSv1.3]` | `nginx_user_headers` | `controller_nginx_user_headers` diff --git a/downstream/modules/platform/ref-eda-controller-variables.adoc b/downstream/modules/platform/ref-eda-controller-variables.adoc index dd30231982..183d345a63 100644 --- a/downstream/modules/platform/ref-eda-controller-variables.adoc +++ b/downstream/modules/platform/ref-eda-controller-variables.adoc @@ -305,7 +305,7 @@ eda_extra_settings: | `eda_nginx_https_protocols` | Protocols that {EDAName} supports when handling HTTPS traffic. | Optional -| RPM = `[TLSv1.2]`. Container = `[TLSv1.2, TLSv1.3]`. +| `[TLSv1.2, TLSv1.3]` | | `eda_pg_socket` diff --git a/downstream/modules/platform/ref-gateway-variables.adoc b/downstream/modules/platform/ref-gateway-variables.adoc index 85e73db7b4..dfaa0f1d45 100644 --- a/downstream/modules/platform/ref-gateway-variables.adoc +++ b/downstream/modules/platform/ref-gateway-variables.adoc @@ -267,7 +267,7 @@ Inventory file variables for {Gateway}. | `gateway_nginx_https_protocols` | Protocols that {Gateway} will support when handling HTTPS traffic. | Optional -| RPM = `[TLSv1.2]`. Container = `[TLSv1.2, TLSv1.3]`. +| `[TLSv1.2, TLSv1.3]` | `redis_disable_tls` | `gateway_redis_disable_tls` diff --git a/downstream/modules/platform/ref-hub-variables.adoc b/downstream/modules/platform/ref-hub-variables.adoc index 455b936ee9..427bab5245 100644 --- a/downstream/modules/platform/ref-hub-variables.adoc +++ b/downstream/modules/platform/ref-hub-variables.adoc @@ -373,7 +373,7 @@ For more information about the list of parameters, see link:https://django-stora | `hub_nginx_https_protocols` | Protocols that {HubName} will support when handling HTTPS traffic. | Optional -| RPM = `[TLSv1.2]`. Container = `[TLSv1.2, TLSv1.3]`. +| `[TLSv1.2, TLSv1.3]` | | `hub_pg_socket` From 2a1f006fa212d3d2ec40ee856b45812645dc25f3 Mon Sep 17 00:00:00 2001 From: Jameria Self <73364088+jself-sudoku@users.noreply.github.com> Date: Tue, 5 Aug 2025 08:43:53 -0400 Subject: [PATCH 31/71] AAP-46217 Pre-migration compliance for Using automation decisions, chapter 4 (#3980) (#3995) * AAP-46217 Migration prep on Chapt 5 and one module from Chapt 2 * AAP-46217 Migration prep on Chapt 4 and one module from Chapt 2 --- downstream/assemblies/eda/assembly-eda-projects.adoc | 8 +++++--- downstream/modules/eda/con-credentials-list-view.adoc | 4 ++-- downstream/modules/eda/con-eda-projects-list-view.adoc | 1 + downstream/modules/eda/proc-eda-delete-project.adoc | 1 + downstream/modules/eda/proc-eda-editing-a-project.adoc | 1 + 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/downstream/assemblies/eda/assembly-eda-projects.adoc b/downstream/assemblies/eda/assembly-eda-projects.adoc index a258124017..489e840299 100644 --- a/downstream/assemblies/eda/assembly-eda-projects.adoc +++ b/downstream/assemblies/eda/assembly-eda-projects.adoc @@ -1,10 +1,9 @@ +:_mod-docs-content-type: ASSEMBLY [id="eda-projects"] = Projects -Projects are a logical collection of rulebooks. -They must be a git repository and only http protocol is supported. -The rulebooks of a project must be located in the path defined for {EDAName} content in Ansible collections: `/extensions/eda/rulebooks` at the root of the project. +Projects are a logical collection of rulebooks. They must be a git repository and only http protocol is supported. The rulebooks of a project must be located in the path defined for {EDAName} content in Ansible collections: `/extensions/eda/rulebooks` at the root of the project. [IMPORTANT] ==== @@ -12,6 +11,9 @@ To meet high availability demands, {EDAcontroller} shares centralized link:https ==== include::eda/proc-eda-set-up-new-project.adoc[leveloffset=+1] + include::eda/con-eda-projects-list-view.adoc[leveloffset=+1] + include::eda/proc-eda-editing-a-project.adoc[leveloffset=+1] + include::eda/proc-eda-delete-project.adoc[leveloffset=+1] diff --git a/downstream/modules/eda/con-credentials-list-view.adoc b/downstream/modules/eda/con-credentials-list-view.adoc index e13277096d..707b2fea8b 100644 --- a/downstream/modules/eda/con-credentials-list-view.adoc +++ b/downstream/modules/eda/con-credentials-list-view.adoc @@ -9,9 +9,9 @@ From the menu bar, you can search for credentials in the *Name* search field. You also have the following options in the menu bar: -* Choose how fields are shown in the list view by clicking the btn:[Manage columns] icon. You have four options in which you can arrange your fields: +* *Manage columns* - You can choose how fields are shown in the list view by clicking this option. You have four ways you can arrange your fields: ** *Column* - Shows the column in the table. ** *Description* - Shows the column when the item is expanded as a full width description. ** *Expanded* - Shows the column when the item is expanded as a detail. ** *Hidden* - Hides the column. -* Choose between a btn:[List view] or a btn:[Card view], by clicking the icons. +* *List view* or *Card view* - You can choose between these views by clicking the applicable icons. diff --git a/downstream/modules/eda/con-eda-projects-list-view.adoc b/downstream/modules/eda/con-eda-projects-list-view.adoc index bb6c6ac36b..46e6b7cb9b 100644 --- a/downstream/modules/eda/con-eda-projects-list-view.adoc +++ b/downstream/modules/eda/con-eda-projects-list-view.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-projects-list-view"] = Projects list view diff --git a/downstream/modules/eda/proc-eda-delete-project.adoc b/downstream/modules/eda/proc-eda-delete-project.adoc index ef0a7ba5d5..a000bb5e1f 100644 --- a/downstream/modules/eda/proc-eda-delete-project.adoc +++ b/downstream/modules/eda/proc-eda-delete-project.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-delete-project"] = Deleting a project diff --git a/downstream/modules/eda/proc-eda-editing-a-project.adoc b/downstream/modules/eda/proc-eda-editing-a-project.adoc index 79edf34ba2..9193bd0f3a 100644 --- a/downstream/modules/eda/proc-eda-editing-a-project.adoc +++ b/downstream/modules/eda/proc-eda-editing-a-project.adoc @@ -1,3 +1,4 @@ +:_mod-docs-content-type: PROCEDURE [id="eda-editing-a-project"] = Editing a project From d19b355f7cdc07b456db3a3e2ddcd6f930640499 Mon Sep 17 00:00:00 2001 From: Hala Date: Tue, 5 Aug 2025 15:27:36 -0500 Subject: [PATCH 32/71] AAP-45594: Removes references to component tabs in RBAC docs (#3972) (#3997) * updates to roles assembly for 2.6 release * updates for orgs and teams * 2.6 updates for RBAC users * updates add user step --- .../proc-controller-add-organization-user.adoc | 10 +++++----- .../modules/platform/proc-gw-create-roles.adoc | 6 +++--- .../modules/platform/proc-gw-delete-roles.adoc | 4 ++-- .../modules/platform/proc-gw-edit-roles.adoc | 4 ++-- .../platform/proc-gw-editing-a-user.adoc | 18 +++++++++--------- downstream/modules/platform/proc-gw-roles.adoc | 6 +++--- .../platform/proc-gw-team-add-user.adoc | 10 +++++----- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/downstream/modules/platform/proc-controller-add-organization-user.adoc b/downstream/modules/platform/proc-controller-add-organization-user.adoc index 8724776a51..c589d4d08a 100644 --- a/downstream/modules/platform/proc-controller-add-organization-user.adoc +++ b/downstream/modules/platform/proc-controller-add-organization-user.adoc @@ -7,19 +7,19 @@ You can provide a user with access to an organization by adding them to the organization and managing the roles associated with the user. To add a user to an organization, the user must already exist. For more information, see xref:proc-controller-creating-a-user[Creating a user]. To add roles for a user, the role must already exist. See xref:proc-gw-create-roles[Creating a role] for more information. -The following tab selections are available when adding users to an organization. When user accounts from the {ControllerName} organization have been migrated to {PlatformNameShort} 2.5 during the upgrade process, the *Automation Execution* tab shows content based on whether the users were added to the organization prior to migration. +// [[hherbly] removed for 2.6] The following tab selections are available when adding users to an organization. When user accounts from the {ControllerName} organization have been migrated to {PlatformNameShort} 2.5 during the upgrade process, the *Automation Execution* tab shows content based on whether the users were added to the organization prior to migration. -{PlatformNameShort}:: Reflects all users added to the organization at the platform level. From this tab, you can add users as organization members and, optionally provide specific organization level roles. +// {PlatformNameShort}:: Reflects all users added to the organization at the platform level. From this tab, you can add users as organization members and, optionally provide specific organization level roles. -Automation Execution:: Reflects users that were added directly to the {ControllerName} organization prior to an upgrade and migration. From this tab, you can only view existing memberships in {ControllerName} and remove those memberships but not you can not add new memberships. +// Automation Execution:: Reflects users that were added directly to the {ControllerName} organization prior to an upgrade and migration. From this tab, you can only view existing memberships in {ControllerName} and remove those memberships but not you can not add new memberships. New user memberships to an organization must be added at the platform level. .Procedure . From the navigation panel, select {MenuAMOrganizations}. . From the *Organizations* list view, select the organization to which you want to add a user. -. Click the *Users* tab to add users. -. Select the *{PlatformNameShort}* tab and click btn:[Add users] to add user access to the team, or select the *Automation Execution* tab to view or remove user access from the team. +. Click the *Users* tab, then btn:[Assign Users] to add users. +// . Select the *{PlatformNameShort}* tab and click btn:[Add users] to add user access to the team, or select the *Automation Execution* tab to view or remove user access from the team. . Select one or more users from the list by clicking the checkbox next to the name to add them as members. . Click btn:[Next]. . Select the roles you want the selected user to have. Scroll down for a complete list of roles. diff --git a/downstream/modules/platform/proc-gw-create-roles.adoc b/downstream/modules/platform/proc-gw-create-roles.adoc index 4717952dd3..021f2c6245 100644 --- a/downstream/modules/platform/proc-gw-create-roles.adoc +++ b/downstream/modules/platform/proc-gw-create-roles.adoc @@ -9,12 +9,12 @@ .Procedure . From the navigation panel, select {MenuAMRoles}. -. Select a tab for the component resource for which you want to create custom roles. +// [[hherbly]This may need to be replaced with updated steps for 2.6.]. Select a tab for the component resource for which you want to create custom roles. + -include::snippets/snip-gw-roles-note-multiple-components.adoc[] +// include::snippets/snip-gw-roles-note-multiple-components.adoc[] + . Click btn:[Create role]. . Provide a *Name* and optionally include a *Description* for the role. . Select a *Content Type*. -. Select the *Permissions* you want assigned to this role. +. Select the *Permissions* you want assigned to this role from the drop-down menu. . Click btn:[Create role] to create your new role. diff --git a/downstream/modules/platform/proc-gw-delete-roles.adoc b/downstream/modules/platform/proc-gw-delete-roles.adoc index e67cde04ee..f4df6ffb78 100644 --- a/downstream/modules/platform/proc-gw-delete-roles.adoc +++ b/downstream/modules/platform/proc-gw-delete-roles.adoc @@ -9,9 +9,9 @@ Built in roles can not be deleted, however, you can delete custom roles from the .Procedure . From the navigation panel, select {MenuAMRoles}. -. Select a tab for the component resource for which you want to create custom roles. +// [[hherbly]This may need to be replaced with updated steps for 2.6.]. Select a tab for the component resource for which you want to create custom roles. + -include::snippets/snip-gw-roles-note-multiple-components.adoc[] +// include::snippets/snip-gw-roles-note-multiple-components.adoc[] + . Click the *More Actions* icon *{MoreActionsIcon}* next to the role you want and select *Delete role*. . To delete roles in bulk, select the roles you want to delete from the *Roles* list view, click the *More Actions* icon *{MoreActionsIcon}*, and select *Delete roles*. diff --git a/downstream/modules/platform/proc-gw-edit-roles.adoc b/downstream/modules/platform/proc-gw-edit-roles.adoc index 192a43733d..6b07202acc 100644 --- a/downstream/modules/platform/proc-gw-edit-roles.adoc +++ b/downstream/modules/platform/proc-gw-edit-roles.adoc @@ -9,9 +9,9 @@ Built in roles can not be changed, however, you can modify custom roles from the .Procedure . From the navigation panel, select {MenuAMRoles}. -. Select a tab for the component resource for which you want to modify a custom role. +// [[hherbly]This may need to be replaced with updated steps for 2.6.]. Select a tab for the component resource for which you want to modify a custom role. + -include::snippets/snip-gw-roles-note-multiple-components.adoc[] +// include::snippets/snip-gw-roles-note-multiple-components.adoc[] + . Click the *Edit role* icon image:leftpencil.png[Edit,15,15] next to the role you want and modify the role settings as needed. . Click btn:[Save role] to save your changes. diff --git a/downstream/modules/platform/proc-gw-editing-a-user.adoc b/downstream/modules/platform/proc-gw-editing-a-user.adoc index 527e591176..4f017fd8a0 100644 --- a/downstream/modules/platform/proc-gw-editing-a-user.adoc +++ b/downstream/modules/platform/proc-gw-editing-a-user.adoc @@ -6,13 +6,13 @@ You can modify the properties of a user account after it is created. -In upgrade scenarios, there might be pre-existing user accounts from {ControllerName} or {HubName} services. When editing these user accounts, the *User type* checkboxes indicate whether the account had one of the following service level administrator privileges: +// [[hherbly] removed for 2.6] In upgrade scenarios, there might be pre-existing user accounts from {ControllerName} or {HubName} services. When editing these user accounts, the *User type* checkboxes indicate whether the account had one of the following service level administrator privileges: -Automation Execution Administrator:: A previously defined {ControllerName} administrator with full read and write privileges over automation execution resources only. -Automation Decisions Administrator:: A previously defined {EDAName} administrator with full read and write privileges over automation decision resources only. -Automation Content Administrator:: A previously defined {HubName} administrator with full read and write privileges over automation content resources only. +// Automation Execution Administrator:: A previously defined {ControllerName} administrator with full read and write privileges over automation execution resources only. +// Automation Decisions Administrator:: A previously defined {EDAName} administrator with full read and write privileges over automation decision resources only. +// Automation Content Administrator:: A previously defined {HubName} administrator with full read and write privileges over automation content resources only. -Platform administrators can revoke or assign administrator permissions for the individual services and designate the user as either an *{PlatformNameShort} Administrator*, *{PlatformNameShort} Auditor* or normal user. Assigning administrator privileges to all of the individual services automatically designates the user as an *{PlatformNameShort} Administrator*. See xref:proc-controller-creating-a-user[Creating a user] for more information about user types. +// Platform administrators can revoke or assign administrator permissions for the individual services and designate the user as either an *{PlatformNameShort} Administrator*, *{PlatformNameShort} Auditor* or normal user. Assigning administrator privileges to all of the individual services automatically designates the user as an *{PlatformNameShort} Administrator*. See xref:proc-controller-creating-a-user[Creating a user] for more information about user types. To see whether a user had service level auditor privileges, you must refer to the API. @@ -31,9 +31,9 @@ Users previously designated as {ControllerName} or {HubName} administrators are . The *Edit* user page is displayed where you can modify user details such as, *Password*, *Email*, *User type*, and *Organization*. + -[NOTE] -==== -If the user account was migrated to {PlatformNameShort} 2.5 during the upgrade process and had administrator privileges for an individual service, additional User type checkboxes will be available. You can use these checkboxes to revoke or add individual privileges or designate the user as a platform administrator, system auditor or normal user. -==== +// [NOTE] +// ==== +// If the user account was migrated to {PlatformNameShort} 2.5 during the upgrade process and had administrator privileges for an individual service, additional User type checkboxes will be available. You can use these checkboxes to revoke or add individual privileges or designate the user as a platform administrator, system auditor or normal user. +// ==== + . After your changes are complete, click *Save user*. \ No newline at end of file diff --git a/downstream/modules/platform/proc-gw-roles.adoc b/downstream/modules/platform/proc-gw-roles.adoc index 8c2314b6d5..fadc8392f8 100644 --- a/downstream/modules/platform/proc-gw-roles.adoc +++ b/downstream/modules/platform/proc-gw-roles.adoc @@ -9,9 +9,9 @@ You can display the roles assigned for component resources from the menu:Access .Procedure . From the navigation panel, select {MenuAMRoles}. -. Select a tab for the component resource for which you want to create custom roles. +// [[hherbly]This may need to be replaced with updated steps for 2.6.] Select a tab for the component resource for which you want to create custom roles. + -include::snippets/snip-gw-roles-note-multiple-components.adoc[] +// include::snippets/snip-gw-roles-note-multiple-components.adoc[] + -. From the table header, you can sort the list of roles by using the arrows for *Name*, *Description*, *Created* and *Editable* or by making sort selections in the *Sort* list. +. From the table header, you can sort the list of roles by using the arrows for *Name*, *Description*, *Component*, *Resource Type*, and *Role Creation*, or by making sort selections in the *Sort* list. . You can filter the list of roles by selecting *Name* or *Editable* from the filter list and clicking the arrow. diff --git a/downstream/modules/platform/proc-gw-team-add-user.adoc b/downstream/modules/platform/proc-gw-team-add-user.adoc index 8918eb6eee..f208cde009 100644 --- a/downstream/modules/platform/proc-gw-team-add-user.adoc +++ b/downstream/modules/platform/proc-gw-team-add-user.adoc @@ -5,13 +5,13 @@ = Adding users to a team To add a user to a team, the user must already have been created. For more information, see xref:proc-controller-creating-a-user[Creating a user]. Adding a user to a team adds them as a member only. Use the *Roles* tab to assign a role for different resources to the selected team. -The following tab selections are available when adding users to a team. When user accounts from {ControllerName} or {HubName} organizations have been migrated to {PlatformNameShort} 2.5 during the upgrade process, the *Automation Execution* and *Automation Content* tabs show content based on whether the users were added to those organizations prior to migration. +// [[hherbly]This may need to be replaced with updated steps for 2.6.] The following tab selections are available when adding users to a team. When user accounts from {ControllerName} or {HubName} organizations have been migrated to {PlatformNameShort} 2.5 during the upgrade process, the *Automation Execution* and *Automation Content* tabs show content based on whether the users were added to those organizations prior to migration. -{PlatformNameShort}:: Reflects all users added to the organization at the platform level. From this tab, you can add users as organization members and, optionally provide specific organization level roles. +// {PlatformNameShort}:: Reflects all users added to the organization at the platform level. From this tab, you can add users as organization members and, optionally provide specific organization level roles. -Automation Execution:: Reflects users that were added directly to the {ControllerName} organization prior to an upgrade and migration. From this tab, you can only view existing memberships in {ControllerName} and remove those memberships but you can not add new memberships. New organization memberships must be added through the platform. +// Automation Execution:: Reflects users that were added directly to the {ControllerName} organization prior to an upgrade and migration. From this tab, you can only view existing memberships in {ControllerName} and remove those memberships but you can not add new memberships. New organization memberships must be added through the platform. -Automation Content:: Reflects users that were added directly to the {HubName} organization prior to an upgrade and migration. From this tab, you can only view existing memberships in {HubName} and remove those memberships but you can not add new memberships. +// Automation Content:: Reflects users that were added directly to the {HubName} organization prior to an upgrade and migration. From this tab, you can only view existing memberships in {HubName} and remove those memberships but you can not add new memberships. New user memberships to a team must be added at the platform level. @@ -21,7 +21,7 @@ New user memberships to a team must be added at the platform level. . From the navigation panel, select {MenuAMTeams}. . Select the team to which you want to add users. . Select the *Users* tab. -. Select the *{PlatformNameShort}* tab and click btn:[Add users] to add user access to the team, or select the *Automation Execution* or *Automation Content* tab to view or remove user access from the team. +// . Select the *{PlatformNameShort}* tab and click btn:[Add users] to add user access to the team, or select the *Automation Execution* or *Automation Content* tab to view or remove user access from the team. . Select one or more users from the list by clicking the checkbox next to the name to add them as members of this team. . Click btn:[Add users]. \ No newline at end of file From a362cd5ee8133fb2ef5a74b198f680ae92b9e41a Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Wed, 6 Aug 2025 11:00:15 +0100 Subject: [PATCH 33/71] AAP-50259 PVC edits (#3998) (#4002) * AAP-50259 PVC edits * PR suggestions --- .../platform/assembly-aap-recovery.adoc | 2 + .../proc-aap-platform-ext-DB-restore.adoc | 65 +++++++++++++++ .../proc-aap-platform-gateway-restore.adoc | 13 ++- .../proc-aap-platform-pvc-restore.adoc | 80 +++++++++++++++++++ 4 files changed, 158 insertions(+), 2 deletions(-) create mode 100644 downstream/modules/platform/proc-aap-platform-ext-DB-restore.adoc create mode 100644 downstream/modules/platform/proc-aap-platform-pvc-restore.adoc diff --git a/downstream/assemblies/platform/assembly-aap-recovery.adoc b/downstream/assemblies/platform/assembly-aap-recovery.adoc index 7eb4af62e0..74648579e4 100644 --- a/downstream/assemblies/platform/assembly-aap-recovery.adoc +++ b/downstream/assemblies/platform/assembly-aap-recovery.adoc @@ -12,6 +12,8 @@ ifdef::context[:parent-context: {context}] If you lose information on your system or experience issues with an upgrade, you can use the backup resources of your deployment instances. Use the following procedures to recover your {PlatformNameShort} deployment files. include::platform/proc-aap-platform-gateway-restore.adoc[leveloffset=+1] +include::platform/proc-aap-platform-pvc-restore.adoc[leveloffset=+1] +include::platform/proc-aap-platform-ext-DB-restore.adoc[leveloffset=+1] ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/modules/platform/proc-aap-platform-ext-DB-restore.adoc b/downstream/modules/platform/proc-aap-platform-ext-DB-restore.adoc new file mode 100644 index 0000000000..a2941ae02b --- /dev/null +++ b/downstream/modules/platform/proc-aap-platform-ext-DB-restore.adoc @@ -0,0 +1,65 @@ +:_mod-docs-content-type: PROCEDURE + +[id="aap-platform-ext-DB-restore_{context}"] + += Recovering your {PlatformNameShort} deployment from an external database + +You can restore an external database on {OCP} using the Operator. Use the following procedure to restore from an external database. + +[IMPORTANT] +==== +Restoring from an external database force drops the database, which overrides your existing external database. +==== + +.Prerequisites + +* You have an external database. +* You have installed the {OperatorPlatformNameShort} on {OCPShort}. + +.Procedure + +. Log in to {OCP}. +. Navigate to menu:Operators[Installed Operators]. +. Select your {OperatorPlatformNameShort} deployment. +. Go to your *All Instances* tab, and click btn:[Create New]. +. Select *{PlatformNameShort} Restore* from the list. +. For *Name* enter the name for the recovery deployment. +. For *New {PlatformNameShort} Name* enter the new name for your {PlatformNameShort} instance. +* If restoring to the same name {PlatformNameShort} then you must add `force_drop_db: true` to drop the database on restore. +. *Backup Source* defaults to *CR*. +. For *Backup name* enter the name you chose when creating the backup. +Under *YAML view* paste in the following example: ++ +---- +--- +apiVersion: aap.ansible.com/v1alpha1 +kind: AnsibleAutomationPlatformRestore +metadata: + name: aaprestore +spec: + deployment_name: aap + backup_name: aapbackup + controller: + force_drop_db: true +---- ++ +. Click btn:[Create]. + +.Verification + +Your backups starts restoring under the *AnsibleAutomationPlatformRestores* tab. + +[NOTE] +==== +The recovery is not complete until all the resources are successfully restored. Depending on the size of your database this this can take some time. +==== + +To verify that your recovery was successful you can: + +. Go to menu:Workloads[Pods]. +. Confirm that all pods are in a *Running* or *Completed* state. + +[role="_additional-resources"] +.Additional resources + +* link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/installing_on_openshift_container_platform/index[Installing on OpenShift Container Platform] diff --git a/downstream/modules/platform/proc-aap-platform-gateway-restore.adoc b/downstream/modules/platform/proc-aap-platform-gateway-restore.adoc index 1f1eb1ad9f..97e89f4736 100644 --- a/downstream/modules/platform/proc-aap-platform-gateway-restore.adoc +++ b/downstream/modules/platform/proc-aap-platform-gateway-restore.adoc @@ -3,6 +3,7 @@ [id="aap-platform-gateway-restore_{context}"] = Recovering your {PlatformNameShort} deployment + *{PlatformNameShort}* manages any enabled components (such as, {ControllerName}, {HubName}, and {EDAName}), when you recover *{PlatformNameShort}* you also restore these components. In previous versions of the {OperatorPlatformNameShort}, it was necessary to create a restore object for each component of the platform. @@ -13,11 +14,13 @@ Now, you create a single *AnsibleAutomationPlatformRestore* resource, which cre * EDARestore .Prerequisites + * You must be authenticated with an OpenShift cluster. * You have installed the {OperatorPlatformNameShort} on the cluster. * The *AnsibleAutomationPlatformBackups* deployment is available in your cluster. .Procedure + . Log in to {OCP}. . Navigate to menu:Operators[Installed Operators]. . Select your {OperatorPlatformNameShort} deployment. @@ -26,9 +29,11 @@ Now, you create a single *AnsibleAutomationPlatformRestore* resource, which cre . For *Name* enter the name for the recovery deployment. . For *New {PlatformNameShort} Name* enter the new name for your {PlatformNameShort} instance. . *Backup Source* defaults to *CR*. -. For *Backup name* enter the name your chose when creating the backup. +. For *Backup name* enter the name you chose when creating the backup. . Click btn:[Create]. +.Verification + Your backups starts restoring under the *AnsibleAutomationPlatformRestores* tab. [NOTE] @@ -36,8 +41,12 @@ Your backups starts restoring under the *AnsibleAutomationPlatformRestores* tab. The recovery is not complete until all the resources are successfully restored. Depending on the size of your database this this can take some time. ==== -.Verification To verify that your recovery was successful you can: . Go to menu:Workloads[Pods]. . Confirm that all pods are in a *Running* or *Completed* state. + +[role="_additional-resources"] +.Additional resources + +* link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/installing_on_openshift_container_platform/index[Installing on OpenShift Container Platform] diff --git a/downstream/modules/platform/proc-aap-platform-pvc-restore.adoc b/downstream/modules/platform/proc-aap-platform-pvc-restore.adoc new file mode 100644 index 0000000000..8b120ef949 --- /dev/null +++ b/downstream/modules/platform/proc-aap-platform-pvc-restore.adoc @@ -0,0 +1,80 @@ +:_mod-docs-content-type: PROCEDURE + +[id="aap-platform-pvc-restore_{context}"] + += Recovering your {PlatformNameShort} deployment from a PVC + +A persistent volume claim (PVC) is a storage volume that stores data for {HubName} and {ControllerName} applications. +These PVCs are independent of the applications and persist even if an application is deleted. +You can restore data from a PVC as an alternative to recovering from an *{PlatformNameShort}* backup. + +For more information see the _Finding and deleting PVCs_ section of the link:{BaseURL}/red_hat_ansible_automation_platform/{PlayformVers}/html-single/installing_on_openshift_container_platform/index[Installing on OpenShift Container Platform] guide. + + +.Prerequisites + +* You have an existing PVC containing a backup. +* You have installed the {OperatorPlatformNameShort} on {OCP}. + +.Procedure + +. Log in to {OCP}. +. Navigate to menu:Operators[Installed Operators]. +. Select your {OperatorPlatformNameShort} deployment. +. Go to your *All Instances* tab, and click btn:[Create New]. +. Select *{PlatformNameShort} Restore* from the list. +. For *Name* enter the name for the recovery deployment. +. For *New {PlatformNameShort} Name* enter the new name for your {PlatformNameShort} instance. +. For *Backup Source* select *PVC*. +.. *Backup PVC:* Enter the name of your PVC. +.. *Backup Directory:* Enter the path to your backup directory on your PVC. +. For *Backup name* enter the name you chose when creating the backup. +. Under *YAML view* paste in the following example: ++ +---- +--- +apiVersion: aap.ansible.com/v1alpha1 +kind: AnsibleAutomationPlatformRestore +metadata: + name: aap +spec: + deployment_name: aap + backup_source: PVC + backup_pvc: aap-backup-claim + backup_dir: '/backups/aap-openshift-backup-2025-06-23-18:28:29' + + controller: + backup_source: PVC + backup_pvc: aap-controller-backup-claim + backup_dir: '/backups/tower-openshift-backup-2025-06-23-182910' + + hub: + backup_source: PVC + backup_pvc: aap-hub-backup-claim + backup_dir: '/backups/openshift-backup-2025-06-23-182853' + storage_type: file + + eda: + backup_source: PVC + backup_pvc: aap-eda-backup-claim + backup_dir: '/backups/eda-openshift-backup-2025-06-23-18:29:11' +---- ++ +. Click btn:[Create]. + +.Verification + +Your backups restore under the *AnsibleAutomationPlatformRestores* tab. + +[NOTE] +==== +The recovery is not complete until all the resources are successfully restored. Depending on the size of your database this this can take some time. +==== + +. Go to menu:Workloads[Pods]. +. Confirm that all pods are in a *Running* or *Completed* state. + +[role="_additional-resources"] +.Additional resources + +* link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/installing_on_openshift_container_platform/index[Installing on OpenShift Container Platform] From 78a571d8a734f9b1959bfbb851b80f0b0ca548e7 Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Wed, 6 Aug 2025 11:11:44 +0100 Subject: [PATCH 34/71] DITA fixes for ocp backup and performancde guides (#3999) (#4004) --- .../platform/con-pod-specification-mods.adoc | 2 +- .../proc-aap-platform-gateway-backup.adoc | 23 +++++++++++-------- .../platform/proc-customizing-pod-specs.adoc | 2 ++ .../platform/proc-enable-pods-ref-images.adoc | 6 +++-- .../proc-specify-nodes-job-execution.adoc | 2 +- .../platform/proc-troubleshoot-same-name.adoc | 1 + .../platform/ref-assign-pods-to-nodes.adoc | 2 +- .../modules/platform/ref-resource-types.adoc | 6 ++--- .../platform/ref-set-custom-pod-timeout.adoc | 5 ++-- 9 files changed, 29 insertions(+), 20 deletions(-) diff --git a/downstream/modules/platform/con-pod-specification-mods.adoc b/downstream/modules/platform/con-pod-specification-mods.adoc index 9aa252c450..8fedbc8400 100644 --- a/downstream/modules/platform/con-pod-specification-mods.adoc +++ b/downstream/modules/platform/con-pod-specification-mods.adoc @@ -18,7 +18,7 @@ This custom document uses custom fields, such as `ImagePullSecrets`, that can be A full list of options can be found in the link:https://docs.openshift.com/online/pro/architecture/core_concepts/pods_and_services.html[Openshift Online] documentation. -.Example of a pod that provides a long-running service. +*Example of a pod that provides a long-running service* This example demonstrates many features of pods, most of which are discussed in other topics and thus only briefly mentioned here: diff --git a/downstream/modules/platform/proc-aap-platform-gateway-backup.adoc b/downstream/modules/platform/proc-aap-platform-gateway-backup.adoc index eae1edbe28..628ac720f2 100644 --- a/downstream/modules/platform/proc-aap-platform-gateway-backup.adoc +++ b/downstream/modules/platform/proc-aap-platform-gateway-backup.adoc @@ -3,14 +3,23 @@ [id="aap-platform-gateway-backup_{context}"] = Backing up your {PlatformNameShort} deployment + Regularly backing up your *{PlatformNameShort}* deployment is vital to protect against unexpected data loss and application errors. *{PlatformNameShort}* hosts any enabled components (such as, {ControllerName}, {HubName}, and {EDAName}), when you back up *{PlatformNameShort}* the operator will also back up these components. +[NOTE] +==== +{OperatorPlatformNameShort} creates a PersistentVolumeClaim (PVC) for your {PlatformNameShort} Backup automatically. +You can use your own pre-created PVC by using the `backup_pvc` spec and specifying your PVC. +==== + .Prerequisites + * You must be authenticated on OpenShift cluster. * You have installed {OperatorPlatformNameShort} on the cluster. * You have deployed a *{PlatformNameShort}* instance using the {OperatorPlatformNameShort}. .Procedure + . Log in to {OCP}. . Navigate to menu:Operators[Installed Operators]. . Select your {OperatorPlatformNameShort} deployment. @@ -24,10 +33,8 @@ When creating the *{PlatformNameShort} Backup* resource it also creates backup r + . In the *Name* field, enter a name for the backup. . In the *Deployment name* field, enter the name of the deployed {PlatformNameShort} instance being backed up. For example if your {PlatformNameShort} deployment must be backed up and the deployment name is aap, enter 'aap' in the *Deployment name* field. -. Click btn:[Create]. - -This results in an *AnsibleAutomationPlatformBackup* resource. The the resource YAML is similar to the following: - +. Click btn:[Create]. This results in an *AnsibleAutomationPlatformBackup* resource similar to the following: ++ ---- apiVersion: aap.ansible.com/v1alpha1 kind: AnsibleAutomationPlatformBackup @@ -38,14 +45,10 @@ spec: no_log: true deployment_name: aap ---- - -[NOTE] -==== -{OperatorPlatformNameShort} creates a PersistentVolumeClaim (PVC) for your {PlatformNameShort} Backup automatically. -You can use your own pre-created PVC by using the `backup_pvc` spec and specifying your PVC. -==== ++ .Verification + To verify that your backup was successful you can: . Log in to {OCP}. diff --git a/downstream/modules/platform/proc-customizing-pod-specs.adoc b/downstream/modules/platform/proc-customizing-pod-specs.adoc index b964ce0af1..f09dc3562d 100644 --- a/downstream/modules/platform/proc-customizing-pod-specs.adoc +++ b/downstream/modules/platform/proc-customizing-pod-specs.adoc @@ -13,6 +13,8 @@ You can use the following procedure to customize the pod. . Click btn:[Save]. . Optional: Click btn:[Expand] to view the entire customization window if you want to provide additional customizations. +.Next steps + The image used at job launch time is determined by the {ExecEnvShort} associated with the job. If a Container Registry credential is associated with the {ExecEnvShort}, then {ControllerName} uses `ImagePullSecret` to pull the image. If you prefer not to give the service account permission to manage secrets, you must pre-create the `ImagePullSecret`, specify it on the pod specification, and omit any credential from the {ExecEnvShort} used. diff --git a/downstream/modules/platform/proc-enable-pods-ref-images.adoc b/downstream/modules/platform/proc-enable-pods-ref-images.adoc index 16e9a8df73..dcf332dd92 100644 --- a/downstream/modules/platform/proc-enable-pods-ref-images.adoc +++ b/downstream/modules/platform/proc-enable-pods-ref-images.adoc @@ -11,12 +11,12 @@ Alternatively, if the `ImagePullSecret` already exists in the container group na Note that the image used by a job running in a container group is always overridden by the Execution Environment associated with the job. -.Use of pre-created ImagePullSecrets (Advanced) +*Use of pre-created ImagePullSecrets (Advanced)* If you want to use this workflow and pre-create the `ImagePullSecret`, you can source the necessary information to create it from your local `.dockercfg` file on a system that has previously accessed a secure container registry. +The `.dockercfg file`, or `$HOME/.docker/config.json` for newer Docker clients, is a Docker credentials file that stores your information if you have previously logged into a secured or insecure registry. .Procedure -The `.dockercfg file`, or `$HOME/.docker/config.json` for newer Docker clients, is a Docker credentials file that stores your information if you have previously logged into a secured or insecure registry. . If you already have a `.dockercfg` file for the secured registry, you can create a secret from that file by running the following command: + @@ -66,6 +66,8 @@ $ oc secrets link builder + . Optional: For builds, you must also reference the secret as the pull secret from within your build configuration. +.Verification + When the container group is successfully created, the *Details* tab of the newly created container group remains. This allows you to review and edit your container group information. This is the same menu that is opened if you click the btn:[Edit] icon *✎* from the *Instance Group* link. You can also edit instances and review jobs associated with this instance group. diff --git a/downstream/modules/platform/proc-specify-nodes-job-execution.adoc b/downstream/modules/platform/proc-specify-nodes-job-execution.adoc index 4c247bb4c9..aecff7fd0e 100644 --- a/downstream/modules/platform/proc-specify-nodes-job-execution.adoc +++ b/downstream/modules/platform/proc-specify-nodes-job-execution.adoc @@ -63,7 +63,7 @@ kubectl get nodes --show-labels You can see that the `worker0` node now has a `disktype=ssd` label. + . In the {ControllerName} UI, specify that label in the metadata section of your customized pod specification in the container group. - ++ [options="nowrap" subs="+quotes,attributes"] ---- apiVersion: v1 diff --git a/downstream/modules/platform/proc-troubleshoot-same-name.adoc b/downstream/modules/platform/proc-troubleshoot-same-name.adoc index b5756e911f..2afdf8cf4b 100644 --- a/downstream/modules/platform/proc-troubleshoot-same-name.adoc +++ b/downstream/modules/platform/proc-troubleshoot-same-name.adoc @@ -10,6 +10,7 @@ The name specified for the new AutomationController custom resource must not mat If your AutomationController customer resource matches an existing deployment, perform the following steps to resolve the issue. .Procedure + . Delete the existing AutomationController and the associated postgres PVC: + ----- diff --git a/downstream/modules/platform/ref-assign-pods-to-nodes.adoc b/downstream/modules/platform/ref-assign-pods-to-nodes.adoc index 9bdb82a788..cfc28cf2e6 100644 --- a/downstream/modules/platform/ref-assign-pods-to-nodes.adoc +++ b/downstream/modules/platform/ref-assign-pods-to-nodes.adoc @@ -30,7 +30,7 @@ For example, with the `maxSkew` parameter of this option set to `100`, this mean So if there are three matching compute nodes and three pods, one pod will be assigned to each compute node. This parameter helps prevent the control plane pods from competing for resources with each other. -.Example of a custom configuration for constraining controller pods to specific nodes +*Example of a custom configuration for constraining controller pods to specific nodes* [options="nowrap" subs="+quotes,attributes"] ---- diff --git a/downstream/modules/platform/ref-resource-types.adoc b/downstream/modules/platform/ref-resource-types.adoc index ee63b283fb..2b4ff3d0cc 100644 --- a/downstream/modules/platform/ref-resource-types.adoc +++ b/downstream/modules/platform/ref-resource-types.adoc @@ -30,7 +30,7 @@ For a particular resource, a pod resource request or limit is the sum of the res == Resource units in Kubernetes -.CPU resource units +*CPU resource units* Limits and requests for CPU resources are measured in CPU units. In Kubernetes, one CPU unit is equal to one physical processor core, or one virtual core, depending on whether the node is a physical host or a virtual machine running inside a physical machine. @@ -47,7 +47,7 @@ To specify CPU units less than 1.0 or 1000m you must use the milliCPU form. For example, use 5m, not 0.005 CPU. ==== -.Memory resource units +*Memory resource units* Limits and requests for memory are measured in bytes. You can express memory as a plain integer or as a fixed-point number using one of these quantity suffixes: E, P, T, G, M, k. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki. @@ -61,7 +61,7 @@ For example, the following represent roughly the same value: Pay attention to the case of the suffixes. If you request 400m of memory, this is a request for 0.4 bytes, not 400 mebibytes (400Mi) or 400 megabytes (400M). -.Example CPU and memory specification +*Example CPU and memory specification* The following cluster has enough free resources to schedule a task pod with a dedicated 100m CPU and 250Mi. The cluster can also withstand bursts over that dedicated usage up to 2000m CPU and 2Gi memory. diff --git a/downstream/modules/platform/ref-set-custom-pod-timeout.adoc b/downstream/modules/platform/ref-set-custom-pod-timeout.adoc index 75ad2e90ef..9a110e2652 100644 --- a/downstream/modules/platform/ref-set-custom-pod-timeout.adoc +++ b/downstream/modules/platform/ref-set-custom-pod-timeout.adoc @@ -3,6 +3,7 @@ [id="ref-set-custom-pod-timeout_{context}"] = Extra settings + With `extra_settings`, you can pass many custom settings by using the awx-operator. The parameter `extra_settings` is appended to `/etc/tower/settings.py` and can be an alternative to the `extra_volumes` parameter. @@ -12,7 +13,7 @@ The parameter `extra_settings` is appended to `/etc/tower/settings.py` and can b | `extra_settings` | Extra settings | ‘’ |==== -.Example configuration of `extra_settings` parameter +*Example configuration of `extra_settings` parameter* [options="nowrap" subs="+quotes,attributes"] ---- @@ -28,7 +29,7 @@ The parameter `extra_settings` is appended to `/etc/tower/settings.py` and can b value: "500" ---- -.Custom pod timeouts +*Custom pod timeouts* A container group job in {ControllerName} transitions to the `running` state just before you submit the pod to the Kubernetes API. {ControllerNameStart} then expects the pod to enter the `Running` state before `AWX_CONTAINER_GROUP_POD_PENDING_TIMEOUT` seconds has elapsed. From 1cb99c02d9375e3d39b27c23ac89505638205172 Mon Sep 17 00:00:00 2001 From: Aine Riordan <44700011+ariordan-redhat@users.noreply.github.com> Date: Wed, 6 Aug 2025 11:43:01 +0100 Subject: [PATCH 35/71] AAP-44556 Add registry check in devtools doc (#4000) (#4006) --- ...roc-devtools-setup-registry-redhat-io.adoc | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/downstream/modules/devtools/proc-devtools-setup-registry-redhat-io.adoc b/downstream/modules/devtools/proc-devtools-setup-registry-redhat-io.adoc index bc6f46e694..abfa51767e 100644 --- a/downstream/modules/devtools/proc-devtools-setup-registry-redhat-io.adoc +++ b/downstream/modules/devtools/proc-devtools-setup-registry-redhat-io.adoc @@ -8,9 +8,6 @@ All container images available through the Red Hat container catalog are hosted `registry.redhat.io`. The registry requires authentication for access to images. -To use the `registry.redhat.io` registry, you must have a Red Hat login. -This is the same account that you use to log in to the Red Hat Customer Portal (access.redhat.com) and manage your Red Hat subscriptions. - [NOTE] ==== If you are planning to install the {ToolsName} on a container inside {VSCode}, @@ -22,20 +19,26 @@ or the `devcontainer` to use as an execution environment, you must log in from a terminal prompt within the `devcontainer` from a terminal inside {VSCode}. ==== -You can use the `podman login` or `docker login` commands with your credentials to access content on the registry. +.Prerequisites + +* To use the `registry.redhat.io` registry, you must have a Red Hat login. ++ +This is the same account that you use to log in to the Red Hat Customer Portal (access.redhat.com) and manage your Red Hat subscriptions. + +.Procedure -Podman:: +. Check whether you are already logged in to the `registry.redhat.io` registry: + ---- -$ podman login registry.redhat.io -Username: my__redhat_username -Password: *********** +$ podman login --get-login registry.redhat.io ---- -Docker:: ++ +The command output displays your Red Hat login if you are logged in to `registry.redhat.io`. +. If you are not logged in to `registry.redhat.io`, use the `podman login` command with your credentials to access content on the registry. + ---- -$ docker login registry.redhat.io -Username: my__redhat_username +$ podman login registry.redhat.io +Username: my_redhat_username Password: *********** ---- @@ -43,8 +46,4 @@ For more information about Red Hat container registry authentication, see link:https://access.redhat.com/RegistryAuthentication[Red Hat Container Registry Authentication] on the Red Hat customer portal. -// * If you are an organization administrator, you can create profiles for users in your organization and configure Red Hat customer portal access permissions for them. -// Refer to link:https://access.redhat.com/start/learn:get-set-red-hat/resource/resources:create-and-manage-other-users[Create and manage other users] on the Red Hat customer portal for information. -// * If you are a member of an organization, ask your administrator to create a Red Hat customer portal account for you. -//Troubleshooting link:https://access.redhat.com/articles/3560571[Troubleshooting Authentication Issues with `registry.redhat.io`] From 47daef8ebfc1afcbaa38b0d02d59230283705295 Mon Sep 17 00:00:00 2001 From: Aine Riordan <44700011+ariordan-redhat@users.noreply.github.com> Date: Thu, 7 Aug 2025 08:53:24 +0100 Subject: [PATCH 36/71] AAP-44558 Devtools: Add info about VSCode workspaces (#4007) (#4011) --- .../devtools/proc-devtools-extension-settings.adoc | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/downstream/modules/devtools/proc-devtools-extension-settings.adoc b/downstream/modules/devtools/proc-devtools-extension-settings.adoc index 60592de68b..5b48be6d9c 100644 --- a/downstream/modules/devtools/proc-devtools-extension-settings.adoc +++ b/downstream/modules/devtools/proc-devtools-extension-settings.adoc @@ -9,6 +9,7 @@ The Ansible extension supports multiple configuration options. You can configure the settings for the extension on a user level, on a workspace level, or for a particular directory. User-based settings are applied globally for any instance of VS Code that is opened. +A {VSCode} workspace is a collection of one or more folders that you can open in a single {VSCode} window. Workspace settings are stored within your workspace and only apply when the current workspace is opened. It is useful to configure settings for your workspace for the following reasons: @@ -18,15 +19,21 @@ you can customize your Ansible development environment for individual projects w You can have different settings for a Python project, an Ansible project, and a C++ project, each optimized for the respective stack without the need to manually reconfigure settings each time you switch projects. * If you include workspace settings when setting up version control for a project you want to share with your team, everyone uses the same configuration for that project. +.Prerequisites + +* Open a workspace or folder, or create a new folder, in {VSCode} using the menu:File[Open Folder] menu. +This is necessary because the file that stores settings preferences for workspaces is specific to a folder or workspace. + .Procedure . Open the Ansible extension settings: -.. Click the 'Extensions' icon in the activity bar. +.. Click the image:vscode-extensions-icon.png[Extensions,15,15] *Extensions* icon in the activity bar. .. Select the Ansible extension, and click the 'gear' icon and then *Extension Settings* to display the extension settings. + Alternatively, click menu:Code[Settings>Settings] to open the *Settings* page. .. Enter `Ansible` in the search bar to display the settings for the extension. . Select the *Workspace* tab to configure your settings for the current {VSCode} workspace. +** If the *Workspace* tab is not displayed, open a folder or create a new folder using the menu:File[Open Folder] menu. . The Ansible extension settings are pre-populated. Modify the settings to suit your requirements: ** Check the menu:Ansible[Validation > Lint: Enabled] box to enable ansible-lint. @@ -34,5 +41,8 @@ Modify the settings to suit your requirements: ** Specify the {ExecEnvShort} image you want to use in the *Ansible > Execution Environment: image* field. ** To use {LightspeedShortName}, check the *Ansible > Lightspeed: Enabled* box, and enter the URL for Lightspeed. -The settings are documented on the link:https://marketplace.visualstudio.com/items?itemName=redhat.ansible[Ansible {VSCode} Extension by Red Hat page] in the VisualStudio marketplace documentation. +[role="_additional-resources"] +.Additional resources +* For information about Ansible {VSCode} extension settings, see the link:https://marketplace.visualstudio.com/items?itemName=redhat.ansible[Ansible {VSCode} Extension by Red Hat page] in the VisualStudio marketplace documentation. +* For information about {VSCode} workspaces, see link:https://code.visualstudio.com/docs/editing/workspaces/workspaces[What is a {VSCode} workspace?] in the Visual Studio Code documentation. From ba41e239ac935284bf8327be5211962a641a7108 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Thu, 7 Aug 2025 11:42:55 +0100 Subject: [PATCH 37/71] Add External Redis support statement (#4013) (#4016) External Redis is currently not supported for CONT and RPM topologies. Clarify external Redis support for CONT and RPM topologies Affects: `titles/topologies` https://issues.redhat.com/browse/AAP-50975 --- downstream/modules/topologies/ref-rpm-b-env-a.adoc | 3 ++- downstream/snippets/redis-colocation-containerized.adoc | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/downstream/modules/topologies/ref-rpm-b-env-a.adoc b/downstream/modules/topologies/ref-rpm-b-env-a.adoc index 71e4194454..504c803bae 100644 --- a/downstream/modules/topologies/ref-rpm-b-env-a.adoc +++ b/downstream/modules/topologies/ref-rpm-b-env-a.adoc @@ -31,7 +31,8 @@ include::snippets/rpm-tested-vm-config.adoc[] [NOTE] ==== -6 VMs are required for a Redis high availability (HA) compatible deployment. Redis can be colocated on each {PlatformNameShort} component VM except for {ControllerName}, execution nodes, or the PostgreSQL database. +* 6 VMs are required for a Redis high availability (HA) compatible deployment. Redis can be colocated on each {PlatformNameShort} component VM except for {ControllerName}, execution nodes, or the PostgreSQL database. +* External Redis is not supported for RPM-based deployments of {PlatformNameShort}. ==== == Tested system configurations diff --git a/downstream/snippets/redis-colocation-containerized.adoc b/downstream/snippets/redis-colocation-containerized.adoc index d4de91f5d0..c5f748107d 100644 --- a/downstream/snippets/redis-colocation-containerized.adoc +++ b/downstream/snippets/redis-colocation-containerized.adoc @@ -1,2 +1,3 @@ //This snippet details the colocation configuration for a containerized install of AAP - note that it can be colocated with controller. * 6 VMs are required for a Redis high availability (HA) compatible deployment. When installing {PlatformNameShort} with the containerized installer, Redis can be colocated on any {PlatformNameShort} component VMs of your choice except for execution nodes or the PostgreSQL database. They might also be assigned VMs specifically for Redis use. +* External Redis is not supported for containerized {PlatformNameShort}. \ No newline at end of file From a6682ea030aebe596800ed432759e5de6bf16524 Mon Sep 17 00:00:00 2001 From: EMcWhinn <122449381+EMcWhinn@users.noreply.github.com> Date: Thu, 7 Aug 2025 11:46:56 +0100 Subject: [PATCH 38/71] Adding OAuth2 token creation chapter (#4012) (#4015) Document External User OAuth2 Token Security Considerations https://issues.redhat.com/browse/AAP-50313 Affects `central-auth` --- ...ssembly-gw-token-based-authentication.adoc | 22 ++++++++++++++++--- .../con-gw-manage-oauth2-external-users.adoc | 17 ++++++++++++++ .../proc-gw-enable-oauth2-external-users.adoc | 19 ++++++++++++++++ .../proc-gw-oauth2-security-controls.adoc | 21 ++++++++++++++++++ 4 files changed, 76 insertions(+), 3 deletions(-) create mode 100644 downstream/modules/platform/con-gw-manage-oauth2-external-users.adoc create mode 100644 downstream/modules/platform/proc-gw-enable-oauth2-external-users.adoc create mode 100644 downstream/modules/platform/proc-gw-oauth2-security-controls.adoc diff --git a/downstream/assemblies/platform/assembly-gw-token-based-authentication.adoc b/downstream/assemblies/platform/assembly-gw-token-based-authentication.adoc index 8df2ca1a6d..fb6b35a12b 100644 --- a/downstream/assemblies/platform/assembly-gw-token-based-authentication.adoc +++ b/downstream/assemblies/platform/assembly-gw-token-based-authentication.adoc @@ -25,24 +25,40 @@ You can customize this setting to meet your specific requirements by modifying t OAUTH2_PROVIDER__ACCESS_TOKEN_EXPIRE_SECONDS = 31536000 ---- -For more information on the `settings.py` file and how it can be used to configure aspects of the platform, see link:{URLAAPOperationsGuide}/aap-advanced-config#settings-py_advanced-config[`settings.py`] in {TitleAAPOperationsGuide}. +For more information about the `settings.py` file and how it can be used to configure aspects of the platform, see link:{URLAAPOperationsGuide}/aap-advanced-config#settings-py_advanced-config[`settings.py`] in {TitleAAPOperationsGuide}. -For more information on the OAuth2 specification, see link:https://datatracker.ietf.org/doc/html/rfc6749[The OAuth 2.0 Authorization Framework]. +For more information about the OAuth2 specification, see link:https://datatracker.ietf.org/doc/html/rfc6749[The OAuth 2.0 Authorization Framework]. -For more information on using the `manage` utility to create tokens, see xref:ref-controller-token-session-management[Token and session management]. +For more information about using the `manage` utility to create tokens, see xref:ref-controller-token-session-management[Token and session management]. include::assembly-controller-applications.adoc[leveloffset=+1] + include::platform/proc-controller-apps-create-tokens.adoc[leveloffset=+1] + include::platform/ref-controller-app-token-functions.adoc[leveloffset=+2] + include::platform/ref-controller-refresh-existing-token.adoc[leveloffset=+3] + include::platform/ref-controller-revoke-access-token.adoc[leveloffset=+3] + include::platform/ref-controller-token-session-management.adoc[leveloffset=+2] + include::platform/ref-controller-create-oauth2-token.adoc[leveloffset=+3] + include::platform/ref-controller-revoke-oauth2-token.adoc[leveloffset=+3] + include::platform/ref-controller-clear-tokens.adoc[leveloffset=+3] + //[emcwhinn - Temporarily hiding expire sessions module as it does not yet exist for gateway as per AAP-35735] //include::platform/ref-controller-expire-sessions.adoc[leveloffset=+3] + include::platform/ref-controller-clear-sessions.adoc[leveloffset=+3] +include::platform/con-gw-manage-oauth2-external-users.adoc[leveloffset=+1] + +include::platform/proc-gw-enable-oauth2-external-users.adoc[leveloffset=+2] + +include::platform/proc-gw-oauth2-security-controls.adoc[leveloffset=+2] + ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] \ No newline at end of file diff --git a/downstream/modules/platform/con-gw-manage-oauth2-external-users.adoc b/downstream/modules/platform/con-gw-manage-oauth2-external-users.adoc new file mode 100644 index 0000000000..eb4315bf0a --- /dev/null +++ b/downstream/modules/platform/con-gw-manage-oauth2-external-users.adoc @@ -0,0 +1,17 @@ +:_mod-docs-content-type: CONCEPT + +[id="gw-manage-oauth2-external-users"] + += Manage OAuth2 token creation for external users + +{PlatformName} is designed with a default security posture that prevents users authenticated through external providers, such as LDAP, SAML, or SSO, from creating OAuth2 tokens for programmatic API access. +When an external user tries to generate such a token, the following message appears: +`403: Forbidden' error with the message: '(access_denied) OAuth2 Tokens cannot be created by users associated with an external authentication provider`. + +This default behavior is a deliberate security measure. +{PlatformNameShort} prioritizes centralized control over token generation, which encourages administrators to select the appropriate method for enabling OAuth 2.0 user token generation for external authentication providers. + +It is important to understand that an OAuth2 token is created within {PlatformNameShort}, and {PlatformNameShort} itself manages its lifecycle, including its expiration. +This lifecycle is independent of the user's session with their external Identity Provider (IdP). +For example, if a user generates an {PlatformNameShort} token and their account is later disabled in the external IdP, the {PlatformNameShort} token remains valid until it expires or is manually revoked. +Being aware of this interaction is crucial for a secure configuration, as it highlights the need for compensating controls if you enable token creation for external users. diff --git a/downstream/modules/platform/proc-gw-enable-oauth2-external-users.adoc b/downstream/modules/platform/proc-gw-enable-oauth2-external-users.adoc new file mode 100644 index 0000000000..5aa59ea50e --- /dev/null +++ b/downstream/modules/platform/proc-gw-enable-oauth2-external-users.adoc @@ -0,0 +1,19 @@ +:_mod-docs-content-type: PROCEDURE + +[id="gw-enable-oauth2-external-users"] + += Enabling OAuth2 token creation for external users + +To enable external users to create OAuth2 tokens, change the appropriate setting in your {PlatformNameShort} environment. +Ensure the implementation of compensating security controls after enabling this setting. + +.Procedure + +. From the navigation panel, go to menu:{MenuAEAdminSettings}[Platform gateway]. +. Click btn:[Edit platform gateway] settings. +. Change the *Allow external users to create OAuth2 tokens* setting to *Enabled*. +. Click btn:[Save platform gateway settings]. + +.Next steps + +Implement the recommended security controls as described in _Implementing security controls for external user OAuth2 tokens_. diff --git a/downstream/modules/platform/proc-gw-oauth2-security-controls.adoc b/downstream/modules/platform/proc-gw-oauth2-security-controls.adoc new file mode 100644 index 0000000000..4c0ed96336 --- /dev/null +++ b/downstream/modules/platform/proc-gw-oauth2-security-controls.adoc @@ -0,0 +1,21 @@ +:_mod-docs-content-type: PROCEDURE + +[id="gw-oauth2-security-controls"] + += Implementing security controls for external user OAuth2 tokens + +After enabling OAuth2 token creation for external users, implement the following compensating controls to keep a strong security posture. + +.Procedure + +* *Limit token lifetime*: Configure a shorter duration for OAuth2 tokens to reduce the window of exposure. +** In your {PlatformNameShort} settings, adjust the `OAUTH2_ACCESS_TOKEN_EXPIRE_SECONDS value`. +A value of 28800 (8 hours) is recommended, limiting token validity to a standard workday. +* *Enforce strict role-based access control (RBAC)*: Grant users only the minimum necessary permissions. +** Assign users who create tokens to *Teams* with highly restrictive roles. +Avoid granting broad permissions that could lead to privilege escalation. +* *Establish a clear offboarding process*: Integrate token revocation into your organizational offboarding procedures. +Your HR and IT offboarding processes must include a step for an {PlatformNameShort} administrator to revoke all active tokens for a departing user. +Tokens can be manually revoked from the user's profile under the *Tokens* tab. +* *Audit and monitor*: Regularly review token-related activities for legitimacy in the *Activity Stream*. + From 7d69d0712c3fc49973def720f15b60e2f8b06def Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Thu, 7 Aug 2025 14:47:47 +0100 Subject: [PATCH 39/71] 2.6 AAP-49196 2.6 OCP updates (#4014) (#4019) --- .../platform/assembly-aap-migration.adoc | 2 +- .../assembly-install-aap-gateway.adoc | 2 +- .../platform/assembly-operator-upgrade.adoc | 3 +- downstream/images/AAP-2.6-channels.png | Bin 0 -> 151813 bytes downstream/images/AAP-2.6-view.png | Bin 0 -> 117150 bytes .../platform/con-ocp-supported-install.adoc | 2 +- .../con-operator-channel-upgrade.adoc | 4 +-- .../con-operator-upgrade-overview.adoc | 6 ++-- .../proc-install-cli-aap-operator.adoc | 4 +-- .../proc-operator-deploy-central-config.adoc | 2 +- .../platform/proc-operator-upgrade.adoc | 26 ++++++++++++++---- 11 files changed, 34 insertions(+), 17 deletions(-) create mode 100644 downstream/images/AAP-2.6-channels.png create mode 100644 downstream/images/AAP-2.6-view.png diff --git a/downstream/assemblies/platform/assembly-aap-migration.adoc b/downstream/assemblies/platform/assembly-aap-migration.adoc index aa2f96cf94..4e602e5ad1 100644 --- a/downstream/assemblies/platform/assembly-aap-migration.adoc +++ b/downstream/assemblies/platform/assembly-aap-migration.adoc @@ -16,7 +16,7 @@ You can use the link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers [NOTE] ==== -Upgrades of {EDAName} version 2.4 to 2.5 are not supported. Database migrations between {EDAName} 2.4 and {EDAName} 2.5 are not compatible. +Upgrades of {EDAName} version 2.4 to {PlatformVers} are not supported. Database migrations between {EDAName} 2.4 and {EDAName} {PlatformVers} are not compatible. ==== //[gmurray 07/14/25 ]The following modules will need to be deprecated eventually, commenting out for now incase we need to roll back, I also need to confirm which are used in 2.4. Best thing would be to archive these when we cease supporting 2.4 diff --git a/downstream/assemblies/platform/assembly-install-aap-gateway.adoc b/downstream/assemblies/platform/assembly-install-aap-gateway.adoc index aad2e2244d..da9855780e 100644 --- a/downstream/assemblies/platform/assembly-install-aap-gateway.adoc +++ b/downstream/assemblies/platform/assembly-install-aap-gateway.adoc @@ -22,7 +22,7 @@ If you have not installed {OperatorPlatformNameShort} see link:{BaseURL}/red_hat [NOTE] ==== -{GatewayStart} is only available under {OperatorPlatformNameShort} version 2.5. Every component deployed under {OperatorPlatformNameShort} 2.5 defaults to version 2.5. +{GatewayStart} is only available under {OperatorPlatformNameShort} version {PlatformVers}. Every component deployed under {OperatorPlatformNameShort} {PlatformVers} defaults to version {PlatformVers}. ==== If you have the {OperatorPlatformNameShort} and some or all of the {PlatformNameShort} components installed see link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/installing_on_openshift_container_platform/index#operator-deploy-central-config_install-aap-gateway[Deploying the {Gateway} with existing {PlatformNameShort} components] for how to proceed. diff --git a/downstream/assemblies/platform/assembly-operator-upgrade.adoc b/downstream/assemblies/platform/assembly-operator-upgrade.adoc index 3703232a7c..732d45126a 100644 --- a/downstream/assemblies/platform/assembly-operator-upgrade.adoc +++ b/downstream/assemblies/platform/assembly-operator-upgrade.adoc @@ -25,7 +25,8 @@ include::platform/proc-operator-upgrade.adoc[leveloffset=+1] include::platform/proc-operator-create_crs.adoc[leveloffset=+1] -include::assembly-aap-post-upgrade.adoc[leveloffset=+1] +//[gmurray] This module is not relevant for 2.6 docs, but still in use in 2.5. +//include::assembly-aap-post-upgrade.adoc[leveloffset=+1] ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/images/AAP-2.6-channels.png b/downstream/images/AAP-2.6-channels.png new file mode 100644 index 0000000000000000000000000000000000000000..2452d31dc488a103b9e663fbf9b38bd258347124 GIT binary patch literal 151813 zcmeFZ_dl2Y|2M7_rHl}g5JHkwA!P3)B&lR4MRxW`vJyfwa`zpYQh{xPH5?^X7efpQrJ9y^iPcd_Erc^*DmHG*u`mm?=m|NGR1*6?I5RNH61m z&O6BP9crqm3H;wSM|m~f9r(v{hj|eGd!Lh%zSB8d3nv#7hpQylY;12{J?d!YaP_K< zqou9W6ls|>e(5OjO9~EGO`NXV+OX?hzj>8J*YXy-kQlq%t!wNeLLw*Fg~TOJoRm0m zf?e(myV^P3h8IU(l8~^Is42?nx;_~%xnTFC)opXLn}R=wvNNZsJo)J7WS6buv@HLZJdp7-7xMKvzj+rMvVyZBZ! zSWlH~3T(JGvaxT8jNB3Vrtw?6PidC-2H1{QUWI`4FqrDT|r?!HU1;mLI4;XOC9bK6j3k zDo}y3GLaVVE1yJjr-Gd$V#k|y{@GN5B&{8}`nv^UR=+V^ z@RcR;E@P`Orr~GUWtz)GNlE!@#+7<#mF)ulaCt&0MO&4N_S2Aq>htd^r`}3p!|&L( z)vl=flSLlh`Q_`^ifU>*ucZ3i!#8#WR@xOB>>%^wJ$h8h%#8DMeSO8q9NYY~bc?yj zzA95;d;~7qozu&nKU!Oxdp~ieYVoo&?fy72cQ8&vo|hhHOO}_uCzmx@i&ETiRKQqn=s#iCw+S@vg9O=-7HbA#}OSGyk?YU1t9ipy`Zq{o*| zIz3+PQYJ%aXsG4Qn@TP&VyQZZv0$v9nPOsMW_moPOgueV=I7_d9fxj;+=ljATU$RXEZny_O}!~AdX<+g(N6q+boAb}g@Q8wI`ca^ z=~ca(>%9soP2a3mcNqUv-?eL(>*_>-NnZQ6pFaaa7zLA4QU=22Y5e8gT&3Rq;Ye)6 zLYZ8>x;-y1Pbj{@P9kA?bv;Nq1vgVQt@)Ro__TXTTX(mAyLHX@IKM96-Va4ZO|7kg zlan?asj=OE8XC^r4-e;L4wcVtP0{C<{?q)ti@eU9mLX(2oA=Ve;o;$&!or=|tszbl zp&HzN__91sQPxY16>n)dkHwYC)Ju8(eEY=2#P88jIXAcETnelBhJfeK4~>tH%ko8Y zMAdz}wp&(;wRUMq+`_`bSR{^y!v9&z4PhanX)TWWK079xg8iClbpG;Nu#w69w#X+< zmycj8k2^~~dh|%>V#D%w@n8y*%$_2cKyf94L*bJiI*K9TU%B*`XIxnfvl*kJqL>aGsBVZCt4n@d*(b|R^B_o1I#ES5 z{?O>|`1p9NY+Faioz4kmoL?)eBM;RN>GLySt4gs_J3BkyF6nmuJa7hkBT0*0Fv4j4 z&xM?JYgO(jnvm+3FJH=Dzkc|=fq+QdZd49@y(=ilefN%xM2Km3TYI}4YQwc_Jg;88 zD(|xkyIPE6ED*B`pR3SdQonSdSydp$uXjp?okmuiMH!z-oWH)YyY z>iF^FvT4oT2j9gy4QTOhE9eaMlnyr*QmxTg{#)Lq5?CoW95KKZ-@w7N+Z5|EH#diq z&U^T<+|{c?Q%_XSKG(r6B0dS;;LI7yD?emRQQy|QW!}AeM?w;;c<29Ht)il$_ulIg z-plnyre(&XJ11t;v7T;x|BF8<(z5UtR+Bf5xlaq6M z%5y{#M=3y&!|g|!@-h=W#dg#XgCb|j?2-j$QBlzcjU!3Ad`+F5AunEV>t48^z!&{- zV5WT3>Eo!AsiPyEXnbgD5%!ufZl%v^flo-I&&FJtqhv$4u2f>&bd7~<-w44Hc=T{V$gx;3@BC)G`RQRHNtEA=9Y6xNvtwlS+8oM|l@QeCaoRqRH0 z?AS456ei2#mR44k&1YpoD=OrUi;4L)SoG#YeM(OCMJ@H zRBw%`SMu?ZDV@)>O-f4IqLcpjlmCf4*&EldA3QAEZq1ONpI;R>{eEu#aIJz!+}#EX zbY?#^VQl-y@$pl9Z*yX(UbNhpS#I=Uy?OH{Hio6Ob#aPv;6H!}RCtn#b${;O-DEhx z0hyUcm)5;;0RJv7nz_0%ojG%6v4!W(9!u={l9G}t``5+AEY_l{TDbt45%ohvZ6)wQ z16g>jAF3Q{c;LNz6j;KPvNE=zp&=FJPv}?Z@*3Q9*nGu?f>;&Y5fl#WrJy(kTU)^! zH*Qenn_e+8s*OH!fo3<^LE7MN9UT;Y6+{o5pTG6K+s0IgoiF;A05a394q~{m z_&_M5c+Hb~fFZg1ceQvGuUe)jEYu*2 zynUkal&Fy2Wr?Y`^>lS*GxZeGnv*_!SmA8_DjcwV+4JcS+b!<}{dQ3W0;>2ue$0$* z8&us->T@msQgEmz3Z{YrY3V|Kwj3AjfjA4xT>a_UdO=R6-SQj}#>U1ZSmtjx@&mo4 z6C2T(Os%X!m%xUVoG_fo@ySVfftZ26qs>(--2*ems6VaQ zMk+!~cQv>x=Ne_gb@`N@@Wjm>6%-6qEcAC3I?@Cy#y)=h5paW)#M0KbHvL?h)|D$>D%}io zo+4o{r4y;~g}#Xw!`8s70?=R^zs$%WO>8V1D8+K4a(wyvm8k6`cKua5rRKgIGq*7v zPSfC47*2cih~e-2ycd5=1J1EQp~H5-BCPC{D_4F`P6o&)iT|BLOIA+VgYyj#h(hK% zQ_a}a)pcJ!i3E)w7zn37%Anv{qSvDz8tx^AfP9g!4oB4ydkp6sy;q(uy60F)0dQYT zeZ+FWbyC`p>Q7HnbosO|U-lR*_F0|5N5>9C=j(GW+7nV8R6!ZvpbY4XPWtE1A7Tqf zt1H!97mc^aZp5iV;lmg3(}RJs<>7e!ix&@;StV%&{rPj_iKNS<>_fa6jo8VI7774q zU;tMsD$)2ePY;GF`>m|F^G1I@Ydu>TYY?l!jT0e4jw1c=(WB(#Lb%gr!Uk-(+K`4G$929f4lecBr z*(VHRMFr7w$e-@7*)tn`!BCE!=C*-AE!|nEEpZwFz)nD0;t87D{N!+p9!5vYJ=aM} zOCy&^pc08253?`qwt1bMJ%G{$fUT9T>pJ>8=JqM_OT!m;`^)1U(U)*8m{?ef1^piC z^7$JJxf)9^tghoDV#_?JGk^K&)g8?=h4bfIrk?as_|F!7G2?uP&ig1Prq7`eJp;8t zNL)Oqr^gVb*fZ5Ex7}Lz{Q2(IYYIs;z*@$~nR81^!|*BFCY-sV)E+*3NJB?_Zs4hx zy01tDcPf_?o%Z_mou^Nqu6iNO92yyOSCva%NohNvCCU>SIeAk{i~pN9Z%DU(?X&yU zAl7>qRUSXrOq8ZfYYs;9Xm4*P8SYf`RD}EJh*$cNw)I@I`dbSM5{ExCB7U z8Q}M=fQ39~pH?xJPH*4g|B*9%bl!a?zITlb)eoq_Q<{xAbXY4lT7$dKPFzS@nkuh- zcS_R^lyZcYnT5jZXZO_WeqQYrJ^(POD)=UE_+Md!BU7Yj=Jay02S3h;wyU_H?X_= z%KiKIf3;jNDj6unX2us@j%{fXz-3{<*-o5=UqGOrM`n2^$*;I;PvuaOb@^Jh0iF=*JN4s=MUe-Un(iu=6M&f z3~%g2nRa8F5zGj90yhvCSiq=scSyCv%c5bBS2Tk_j`{5CtA8q|s??cuenpU&K!Tb2S}035)X7M76#4^tmL&k&-t?S)>3(z$bV zANz!u_wNt)tN~CUKsMmvhY#wz??EPjG=Q=LP=osQt-0B+qoYGoF|u)_^6OVB1_lNk zeiJlIbW79{4Q`+lEki>p0Qv+?6$2wmGExF@ESc+kGV+=~kN#qre+e}dbp+Ugs0d(; zhS@PY{-PeE!0x7|PDx22r41gu9ZTsi@AAbBdlIM^WxHZ{nESQfk#_zp5FszGQ~0DS ztE<7h#p{N9DYg?E?z9saJ41+n7a)YfPbzS6ROjDgV+uEKPDGTQLuGTFX$v}<*hr3( zq0f&a8H)4s_wQd853gEm@QwA}%>w``AWi_i^j~p9u$6ImOl@qaeAZiiLXTbh%0hD- zAb$V;{qH@OMZ7oW5;bVc4tIj;qz-9ajTVDJ9 z%LO)l^Q}g;7s^)7dybwqk~cFO@ZElfJIWWLz+%~^7jVte`UYv^MU+i;n)07N8F2Qq z3`_2HbX@X8Ev#Ce8=?NedNuDN-nV$6!^(BOLPD0( zd{%fs%4p+^hvOk?05za~1AznSNv)3OE!BvX+7FVcL)`iJaqGrd*~YHU&Q1svpGM{e z-)l&Gs2!;I{+;%&eBUWbKJWE0qk-9>dej4K^1&YA+Db!7S_>Nk$VSH+rTog)>dQQh z^UHCZjvP5Mc*SYe&1CAp$G4*UATj_S_}cocc7hwS6$Yax1=J6H6!cj>T|EEuGWpZY z^~TKR(YvTFZEZ{h|MZ-&GOD~LJr}2t$BVi=Q^~eL1Hfieuv$KY8iNvm@8%X4-_Q10 zA9LMU9)V6mZ7u%g%a>oFVm;-bKJ5tJm?~pyW8CsapPx98U0p02lT#bSK~rIF!i7JLq;o_#>5I`rdGSYZWK45Wi2&eDMC12_Dx2hAn)xa@b-RA3e=c!T3fH-uh?0l0 z%E!m|48*m`@|iB*L57gJs?Yinf&u~@tl^cG$NK@pDq71nZb8>naN(v4-UiNto%Q(f zV=d5P@PO}zu{$pD(tliAlfw6RlaUgHD)o1%R@@3<66&wNVYUi19&?d)U&~IFLm+IxY*10Wyu66j0^|TXlwu9+wyDJj z(z|fMBv&8r4HerDC0G`kBg9Zb9TPr&d>aWMTsagsR5I0-?&;}i--a+SR?GYj4`m7_ zg{R;h#TzSQ`i6$whh;R_#D+_;Rf+PGmGyCIku$MzK&)(;61(lG`=9h8Wed)T9XJR{ zP&8ud>(;9H2ftVx>z@$^POzK*a~>s@IOgUy?mtjbfnk2nyA#AEqXo?Vc4Z$l<_dEW z6Np-4V`GF`q0b+noFZpyJ9WTOAy>cZ_itXJM&{?AK(hu-f;5$aD~I?3?JKBu0F?ql z0N4aqq%%EOD*(fwJ`jdZ`ok{=z}~o{b^?xIYuv6g{|G3+&CP8r#033irew;Cy2+WdF}je3%JABdf<}x zl{sya%fce3l|SVNO<>&ELCi{fV8-Qz^=5rTq(D(FgI zpPmWI;ulYq1L|aq{7OFtS$=aG4 z2*j#Jig2vbb=4W#+Ah#Ziiq3+6M_iB8?6p?kdPL!0JufCq##8Ov}mx6_x1y1SlGUK z_iz@o%a`|KIlF8YeYclFlY$WeWY^!%fu4Y)@F~w_?B`K*6*Q~3ml5RJU@O#$s52=|P1=xNj*E(#;%6}eS2z}>V(N*?2$uvUr>&lmgk~B(0{B@DAPTAqZm(To7w2Ve z_=Uh{rk0jFy1Tp4Z>z6}82wKc0P+Xi6KpS{`l*o{8X5*b+>SeT4INc|(h)sK^NF}G zU|jyCP{JqB(}PY2G>ZyFm_If)VLvVv83+*l+`VK&HMcr7*~Q7p81Dr#59(KKx(7!U zMo4TzfudQbwb z77xZg-Zg&a!>LoJ(4DbNRS!)z!%mnPH+}nd+h=3Mrv?=jrW6Xir*v1oI*M9*FR zd_hP`%JZ3+Zjx3x)^U1cb*j=dw;VflVCGjPwT$A03yiQ@ZwRug}p(2wHska_6aLl6GrRtoBp4;eGI(*Vaa42o|SCZeM7C77CROUxOX><{~=1 z(}PiG2@AB8k&BuFj32re|Zi<2g7ZG zQGV&trRg8%&YIv5ndZi_gr^@Foty;xl7sfElP*QmF2Wq@I+Eam9r{2sO&i*;%xa!Y zCFDQAOnmg9SksjrVaXK;OX6ND$8o2gXpZ>K(eK#y`_G?`y9A4GH+l{q8+0i*u%Zfd zG`gO?3U6|0Sgb6#IqfXnh}v+ENRuy01NI3));Kvi0lk!<6NASPIZRfPo08^O( zze)T3`#1Z3xi7+JpGv6>r-}7?(%BTm$L0vN4rw>{^n^`$FBZWe3osDiS)}neaarR) zq&|Pme%oSSkf`GIh0fm-6Ni*Z+B`PmE>%N8!TBTH@4UqI@dJ(fqnsbXo72m%N4Fw= zS>*+-^Q~J+nVFRE09XR!PUrBrw%hy~~)vk0dVd_~?QTz@Q3!Be?LHhjWRN@{B{9rBAXD;hzv=DsG7Y5ajA3s=PM;QEwav>&~WWm{$58AB1#xK z%@c9^tq|)7b$59v2J#FcBa6hTCUB4d#`gbd$pC=EDJC4Xg0l6SDA2TKf);BU4ZQIU z1hi2*dNyMpD|S4I7qbOSg7(^nyLsw?#2Yp! zhQLKqn`?7e%)zVgpk@NS0Iql_KLLls-f;Ku(ALunKqG+Yj4I$jxsOMvCYm3e$G|hH z?(Wm4tOoDx`piypcpHF|6b7oCWI>ywV=SJTu_x#~d=4CC9?d80{=EhQF{uwg-RMKA zNkinvgPElh&n9bqF%7jB>FVmLLP`S!03gGDW6dox*+t(;DXkfHJAoc3{QEyiNJgmM zFdYT4Rn=*BAy+s=sODKkpPey+7JYV0vNtR3gE9eiRk`k916$kJ+yUY_ zFbDY(G*eRa9xg*dQWC;&PHyfN2*bGKh=@HfR@@4(rqn%zQ%(1CZ$#>s)h+ zJjzdYE1N`_>6G-(mX^Nn&rcJIBJS03X0#)&2#xWR=S3zXKq&#wu6=z%xDk^p#en@0 z{uA2MuEj+*bh1`W7w>l>aF1m~ci3jJ#QHO+TI}$fWQPRTKIv ztwIQnIUE)6u-^05!j9#TFQEhie-Kz`7o)&4Y@r+ZE8k8&gD4GRh0ILgPZnWV7ZIvI zOcpzgg@DNkQGq=GN^Xc^Zcah2bAij@kZO*v8QA7%;wb1Sbmki}uc_XorfvfgP*L`c z<-G)w32q6(0g5*D_|7FAojU~AJN{T9`!aM)xI;beV@Lb##^DYHE2=Wjf`U;2T~jVRUCU2izhWdz6uibF6fv)v3 z_Bt0GKp29|&o^j2Me!jxosE|Z$P4S?S6d$JCbyVF%_WqDI1Sb%7P|A{$|-8(vhQks?8JDkS@SkOZNOn~DuX$cO z>0$qHW~?*nDfFQJ4u()=DD+gGS%^DC)ft04VhvMYzSrU;w21Lf~i~tZqnDw1j{Hlpe|W40>kKRA~tO@ZP!i8h=O^SRMf} zUP<^E247y5ixwnwM`R)7nS=lVo zsE$S6KX==#MS->f)l`2tVZV+#t>~8u(o-Njgj8i>qs)U39%9FtDd9H?gB+p1y|J(O zyLa`a&|H)*-ysYBCd$2Xn^%q5iz;q2Hc!t0o&>5U1f$0?lHd~Pi{7kGC5grzvIl+gzpFK7>as? zER!)j1#Z07Ki%yJdq z_PrK{U;f38C}2;(c>&E9cbnx>i^xMTF0C2w2ZWIN>B*>EGnflnDQ&lj&X!(0j~izf;J5E51FaDE-b%l_@VK!Wfws?hqCeBhbAjjC>Y=?_zd44Jgw}b z(GDONa=9k5&%sbbl9c{;p=j6h!9o(}ULdk1wMU5^VdRGJ( zflFrk0@*%Vi$>M_{vzoY+;yzUgS&du2K=HXP?gTawQ^z)W_^_l`Qjh)o{AH3S z@A9Obcu>aE1`EHI8>d8QXLuQ2-M7SDTHUpt8x#2*5a8NVHzJ3Xk&$5@cpTe}{vhlr zm{h3t&{Tl2k#kbui0HEKWjYqoyWOUjroA_2M9$IUxcg>F5#yK1jS0#OnL7QrztzB_AB40%}Sg0N4Z9Y9MXE4>- z7;^pYsXmUZem5qT`7Bcof7rqA-RJpwJm<~;NFkSzQ8^VS*1rKw-93#3i#~M0ibP<*`0g#iZCfiM^w#JphGzP5_gsebb>P4OrhWSk zYKKE-K~_XX;N2u**_A{=bm{eCgp&xJ0BWV{pY${$BZs}jOCNMD7E(dzela9Z**<@K zk(zq9`2Ca~+k$;qVej=Bw#^wfnK#>y{tI@?{G?|~0y2s)cKFRbZmTnKhL?gB`=2%)eR0rAG=BR6gIPgq>nXli z)y@=J1K`}$=AGNN(iV2uQihcTedEcD`DnQL8u-Zo8i}K$BlbE7dIiEq0E2SOlPl}q zU~2G0h~ytb$Pk?p$G(NehPKnAtDi5F-XU0BYE9Sb*yl+^-iaWvuWl~@nJU*->BLP{ zF~eBP21w?_or0DGtsN00!tz6!4%sP$?l|Woo12?qhEzgI;oQGiiy&6FFq_ePyDfx_ zp?P;`oi#AsECq)}5QinQehAttA@%{|K)TLVo*W(ZH4rG9>Mlig0KO-%F!Nrvz@s;$ z6M443LaQgSgE|8)u?5KiQ~+QUTx06eJ8&Uj0fCsYwj1gTDLU!TbkZT(Y{zXY>JHQ8 zn-4b3(hxj?gsLwn@XMAPpN3}1#aA|otk;UqUT`{zTNGP;f0foWj>lS{RRpdWOW ztE9hqnkzD}gI6R%l_rYLBKHUaQs>VrRRL9S?{ehc{y;6)L?<|w?7f+p87ii}kx?MB zGRTA}r<`Ob!)2iWRGH40HARgMl#l=PkYYvQM!kjz2(y7LelP4hWhh@4f1z+$+uE}I zPI9J4*TtbgHRUSNf39;%B;FYj3v6HbuK2vklhkxIaScGseRd=sa|~vppg7RTplk#! zH$WdmC}8q>hn*O(IiV%aEh9B|2l**t*+4sxXk%~a8FDy@-kZMXUbQLwjl`v5Xk*aZ zAxzne9*=KeVrG_j(PFI~7SV0cgz;o1=XHgfXR$iXM!t@mHU zxCG*dcvW1AeA2fx9qSoaDL6l*dk$Mvjt_holHRQ#4BK$V)w+sd;M32}&eQJSuphzx zl5zjQ*C6U5Af*z}7H5&F5mkv62jWTODt>otJcHDUs-4;dhbj=kj5^?uk*gsIci1&7 z^?pmV`u0Kt@7CW8bZ0*FGI~fS1_DUIsjaE0xm|Lg56}bk#AD&NX;n_|6we7ZXih&4 zqf)WiahppE#?({qy9Kd7M$eBfPIlzMi9;PinNSOI315B5q&~#?o;7J%GZ=HZsTGxh}z&B zp@bkPaul9q(tdhKgkOk>0)6J+BG(r*GOuEa1>UdF@#9YALU)4sLZF^6dwNb+kW+i| zQ0M|0PeRFJ#Sr8f-7Lcx&s;=1(6zdbAp@51_8%V=64! zFG8FnQnMh_EQPYB98AcS5CYE(q_W)@=-3S1Tx;B{!U0Qe`c29vXePF*#_}L69-Qev zzXX9269hyySIaiB_dLy+ukbTeVhcsILdj9cXz3qs&x2?L1pVG&hyrP(oT4I+)&rv4 z6pm#fUFIUeDBNq)fihLZkcw4nR-e)4ypcU@PUQ8vnzvPerX!0dm9v_T04#(rEGK#i zYo~N!vI27N4*}e43k6K7f z%%ye8MIu3E<53*%-eW#8K@H+H7wtE5k;xKveSZMEZEmCy(>o8`7Gb=_K7Cp`=5Z*h z&NJ1Ge)Y)_BlOie|r*L^)gXJYzTGAlb9KlW{~pi?Oyuu~uSH(r(+E0Nep2(3^C zQA*7hGm)s>Z;OS^%*+fNX63>t4+uFj91-3Es7_GjAyO$|01U<7UZoR=|MO=G#F|tS z<2zyWqi8L4jYzA!9x}^if>%y~kUNY+^#1Sne-1h9IY*2IKxUO%|J%G6-BUL*r;Sy| zZ=lEFDhPi&zQGiy0-_OyN&Jy(Soeg0FMRPLjH-}rHGHL*Jc0`b8MErZS7RY#L>Y0n z#B6&MQK+FUjoyr|Ge;&Kl1KZRXMIpD4KsmQGCA>16qno-?IwVMzxAgov< zBak3XY5D~X4&a0wSooP_6G z8&acJ7{Y7q;qCzsLvV~z&e1s43h9GLSwXAB(n7$%5gxz@TWzF>a~aSCA=~JO1y-66 zhZWufj8xoPt_BEO13xn_W00cE)@&}(*%(^EcjhWl~{8S z_8>PZqyTE`qIif_n%2A%Ef?`FO#Y!-Jo_&pfpBYTViP>JJ?4SyddL#1DO|$lKn=qk zh*16x-v)dKZ4hM&QUl>^O0hOZjMR_JsU4vTKxZZ#YZx$!LBf=UNBH98a+QWw;XgN zqutv3*??;-7!qL6FD!K`b!uf_xuEyVF1$@jK>;HQCKqXSpWOr9PQ+%jvIKx4@BKac zAH0ojGexvKq?)jA&V05id8nZS$3#=Ov5=Iep={^~y{+uxMF-!=#1e+6z31Bw7RK&UE5TkO4_E`XF&nLxyP0Dug!fC?s4C z?s^W80G$r|A3zgIJPtd8JkWII5w|ZXIe=8RB8(-qeZuh#u1MIxliGon0u2eRI7(N2 zTxkenZgvwLCm31M;0j}a4WaBncmSa+@4MhwDv4sMaT z$WGuT6fyLip2fLE!VX3sP!?wiK&FUNJI*2pJRT4oZRk+zBp47;BYq@=q_4&$BpjN* zfq9Zzh*Ry>kng~7iqo#|N^De7Q6Vq1xzBzJ^PR3z_zA3GDC?;aOjrz?(Q&j z?;~KN@)E4w@b1md7!BvkMb`L_P;CM3}LIEsj1|5puE$MyeoLL6FA^U#6}hC4O-g$e%DFnjS^u5d#H4-XI80nD*FWnE1F0wRod0`cb}|58|3$eB{!=D~xi zgsj9fG&&gW5FAi|Aca+hzQKeB4!X{1E{^}n0uZ?rq}%Zk5KTkR#Bl7VVS}@0sZo}I z&hfe8PGj^8sW0@Cok?1*y{5ZJaNvp2hv49y-)sMrEcS4g?F>~`5WNedgcx%DFDC~F z0;LiCyK8Z=n^4YEO-eMlIh#&fq?|_13cCP}_fuZe3az9l!p>Q**pc?MYRzn9{q~{%@S`CBIkgQt7((>Eg-N zFD{jfw|@v+G&?-AN&cH-#;#{BYfgGZYUE@fHCxThKy9_9ufh7wb$4sb5mgZeJ}N2G zZnBx=BiS+Bf=`Zy8)Tln7&&sVZd3_`#&xoA1d_g5qEKFUa2*g3nA7+`SS3dym7fq~Y{TRe=X4l{%xvD5bUIvsIGQL=lcSHUOW zS-0O&2&5t!Dx~72mTd2QlSCuW8KrH06`iHUpR3P1Pj+Ek(3c*Lk^$^ZN+ZKHV}hmK+j#*V2CQ&i@uGWM~r|$?&xo~8~n8AiIkg;r)Cc|((NG0 z8fVY;Y6to~`Opq$4PlPlvazWqjC!d>{#snkHLIm6Ug{4KdlL9ui#Nw-)0;j-2@w9C z`V-{fYQci4=PcG;T7Uc~ADi#7dkAsBq_@^pLct$F33f4Y3Ilr7EL2B(k~su zI1#<67I_yi7fsMmOl3)L@NYg+5b;Zx&kPHf*cx>(R}*wF#}jAVB`CI-+&>E~_?8WuPd?gsWjXbC&v-osCg$+BcWhyF~p z<&t9N2`c$}*O_Gf(S{E@ZR- zGeOKI(k+jUUe0lu>Y*(87Rgm%c|18IgCOUymGL(phw5XLl-}y3bA47stq&P9>3nz7 z^gwJQjFHL^!O|e;KiDOJg2*|C$kRgL!<+?x0=g}M_`p$ZC475N{JprMwp=rE zEHJD7_K)*}9#*Rh6aB1FNAv{*1n!M}MrNQk>;UeJY2EGkP^Qe*j*ffTo;MWF zs!h4noC91YX;QAPha-9*4(|}>OXEc?_(GCs{ z-b%Ra@OT1~1*Dj%L#${3M2}$U5E#(gt7qvUh#`P2UuaMR0ar*y#;0?priG{sVcrpGze*ErV@1PeC62BOyaHr zETQ{~#C^H7i?+jB6wn~#p0>lE9}U><0G8H0#TPxl4mot&`M|J&E)O@6FyR3Hv_I-o z>2!2{j0H#_di zvgagqtt5!VX%J655n@sV_#-a))TvNBRzsWiQl=i#q#==u;KkU^XzuSvC5}U>K)t{z zK(f}lSsBHMc+=v{4{dyVxFw6Fe z!`;OkZ?>c@tY^?!kHtx))2DZRO_T{oLqQ@B4_i2YpQ_%s>cyFOqy{LVWO}z@sEp`) zw!Lr(?f{@soAZBlZoa^z8l9D)r!UU!quK9NA_0WO+(0vggObk=EI`XmdL)IysXa3$yv z$nshM2i@#D;v%s#P^PTt%C96Fj)EzIbcx{@=Jc4#-)ZsEN5kv zp&H{Tkx+0d5IQ1(WD(iH)`4cm!?3^R5=~E67yrF*3}!2J)jFuutQ4MexbeDoiZSsD z)?6TlZtohfK9R6!u)uJG@QD)`Tykw*c7})bfNLj4jBt}Mv9kZ`1rLwa0OQM(zhB{P zA=BU}h|(WvLgjK#02IUmLKPCFUo713u=2L$#@@!;$o$|zDe_LTpRUh>+;h;pYqvI) ze%xhW02l!60Bn{B3%xl7NiSaXCW=5U$RS_eFoj8X6I6n z?hj}@%CTatHbkC(XXwgyN#m3vM9e}sNYbR>m4uiMT6>B&79{WQvMt}O3`S-SWe!V@|yC1#ETr#QugMG z;D2&L(3rZ-K>n&bk0AZ*Ek2{ovBe9KTurRYN*AeO2bIihPpBL6(u;Oon02XNyzRN! zYyCr6x-3pZc^j3>if5z>r_F-r2fDH514CmPJ><&o)m+pLawiK(*HybDU zdShm%y3%sJdxz#qH$Gh1?7THGr)V>>@=IgVuCV14$A#Mu&)Mf+ng|$RXOmp+U2!bh za68=iJbG%c+rjbq)=L}_G^cGat9Cg{@US4iU~d^;^o>f|{fo0-q8P2dj?9U5_s);V zYjzu!O^x|94?22J%(k3`lK}XL(r8oYM{+^GYO{V9FP+o6`9Qa0y_hxY&?ay1 z*UX;_NP~#6gs#1<9rm6okhVLU6OWc51k-d)zQ0d?52_vsgzKki_V^hhU?W+uaGxPg~}@Z3a4~ z-nU58H2KY3+hg6delX1pa!;=Ka}@7GVME&aKpCD$(Zcb^287Qgc4aUoi1^3me#Os` zPe`QOjeb8wxQb3r&k!j_!G*&IhLv2k0m??q0X21UPcaofnL)A)!Ja<w#`-Frhp;`Q`lGtCBJqz)Fs|-y@$HxD&(XKb@$fPv8Y5J>6zeP@ zo}m07eS|qeS$2}5Ztt^W?`gUT;cUDke-|olu%bLa*ZRft7Aa>{@LVaH9lwqkEmNR% z_~zgGIOx!Y*H2XOVHmUicTIcN3;P~y|M#!j+lAUV{{8ccgzWOa52CoY+&F}|prDsq znf~`5oG0-+`tP@rDU5TJ{{5Qnmfi3E{Z~JBd&b20!@T9leN0Byp*MDedk3>4!u)8UZ9n{Fq(syPwT>(ijZt^V0t} z{_3XjI{>c)g%2U3A2;UxY^e6^X&UJvrGAIEfsBpx6Y=zt#Z|FwM*$Qdwf#3Jh3(p} zlxHA7%)sN3JMb1DbdV7K9cH^RKm*h>`KU9zb^u4?E*yf*NnMEq;#m?PkWg~51*ew9 zyENflh{jg~c@hx{x4GeaH^=1SV`F9U$R9-X5#@iVK6EP)Pk#dc0LaAji%(Mp4+(TD zyv;MXE09L{S{iJ-F*xc_c;BILt&rl&;MZ{YM2Oyn*OI0*EfwyNz_lQ|M@)g^;c(D6 zD@UDrnq82@Ai+xY8$HKEvw&4lI}oW)hVF|A7fiMwrE8k&X_IBd!Ld@Gx>i6uEX?Bp zCDM2VpIn_P3-4VU79&h(FtVj7fT*S4DdE$^G$t%kkA?9qKMl8`>kf~M%uE(d{hKkt zd?D_Y{qJuF5obv<5Fnt(qfQx!9~%&9_M-v;!g!Z$hILBgqspw0o<)?Mn6Lvkkg1M% zpO1tLrh(S_8O!iQ#E+$3t9#tc4;2Ns zi#jzkG5Ug$*WR*~mTUr1Y#x2C`a7;a(%%_mF{*#D$ zp_oB#!iW(u`>V@Gh+SCRA%}hXyLym}_a1xyeT5~NJXyI(f~+skr95HoUb+Q(0MsYoZ*PWfzlfX9yamX(>- zLYLr3&>RT&S>yaqbI!5tmBvoP^g8x0%Si{qp#VBXf^e~fk|@Rg0^;xav3eja781zlHR>raNHBr zdls+i19uw{pB%H=uzSx(K6BL5?%~Z>(|@ee^op} z?P1ytI)jiQnl)&jFQ@~aJ%f4ms;av?f(Q>4b{U!$&>XZhJo*H&8B8q z^=(d42e1nK_n^lihh;}$p1{fbTxxi%2CeVU(Bai4zcih6(1aNmpG6leIrPzFJVq|> zAf6xr69}ncC6PGKZw-eyI6hpXR&qL+MvFWev8F6kM0Oq~A%r*F_X&@tECKl6Uc7S^@vT!R?8?tjk~%)K?H2lYVM%@YZ`G|dEgP;Q7= zv8!~5Cjx@O@IHtzH=ZW|eu?J}PA!_%KRRm4;g+uZ5pf&st+@MNULwK)y9hiU`T+67H^kue$C5PhtRBp; z!X*Lkgwv#)0u8<#iYSDIU6^hB@9`u3Khn=}oH#3>Zz>W;NGR|v?7zTxSF9j&GxbKb zMG_Xi1U?W&L1&3cmWDV>4Utzt4MHh}&xX4N1Z3S?x}KGhc1BZ^7(BuP65=tuO^%2l z@c;*kWIS+b)M+dv#;NdhusiZew=q!#DGq865|wCZif1>UpN=75 z9~=Ul_X=xKJQU6pF`yT<@>%5=Qol&RI=It7g4l~7Do_)NffsycJv}|58(_eTA4BKy z4fk#miwav48MGIjmkbQ5;%!R_FB*vo?HoK^%6M+L0hde&q2IneSn@{J@8?fFh^rXJ zwtfF74UcIW;@62M z9SN`U-xDvOLjoE?SHc8XN_x7QwPaLXkh6N^-HFZus5qE8`Csh4c~sAR+x}~w$D|0k zt|Uo{u1rbcQY4j1sHmheMWzrbGeuG)2@#5tN|IWJcKdENql?6%!J!0&Ju@RWARD4W?3lsqyx}A{6?+EK2{>R`VW8fSu0a8h75Qabm z#A5_&Mj_np&>jhZo+0l|m8Ar(L=FNfTWs4q@U6;>E8oqii5+@RSn<(T?`tq?}Q#hFuq6-2pDb_*Q*hnkz_#+j&o!#y)FFIw?l#{$SZOJk1z78Um^@&6 zF2(p8_B^mr`<;&`VDCZr2hm2f%mL)jTPi+!ot?Us5&(sqCTtUWQBVqX2~YfN zZ&@8{>){X(;NTQ9Kz``aKr64*D=f;!|Ak1&|AbaYU1p%F@ua|_v(FsFRU0w;=y?p9 z1l*EZ2&7LvBXlY`Wdmo}AVlYBBnIBerOk_U_#~9uQsGL%wWnzirU~$~Sy}A~APDQXX`Y*!WW|5mz+fWKC-^Dn^NhB; ztT?oc3v){-vET!+LJ=-0$@%UNH;ELHSK%g29|GuYyN{Xcf&Qx2kHN+HC{a5bw;=Eo zrbRC<{7ZRf+j0VfL!M2pqE?brnz`*M*2eOd7<1@gZWH zTJE+-EbX=ItX061tS@@EnuoHY3!UVlemN>fs zuajsVeN5Z|eKKFgpL#hfKi^w8Itkj!4Z}Q`2{Lg1I;hwOsl(lm@WBXIhqrX?&^{~r z??tlH(8stn6%M~hEk)`Tngw1FkDutj-_8xqp6u2%naWj|H1L7MlkBDnh)AW)0jDP6 z9v*t$HSpP%hlR)IDO6H!2?IGJt%gg3%#ZJlV1`_rSwMK|3?k_RJbu=Q&Y`9T8Lya6 zWL^{ND+m=(N&-07iD!}%C*GJ@OCu@Vza&-ZOs03TEI@J1UR(EB_$a^wZ-S zsEC+|=S4~FA~G|YgIyR!3WQ1msx=h%Vcl-=m{19)G$|1{aTf;W6-Ko@3uHOl>#NY2 zfDHcC?`^+ri2LAvDUvYlK;L2mLqY_J+a}SkfB$J8WKY{Dn4o9yOR@*s&AXlFOeRcg(Mb?}f}eUUJc zB#`XetiIgq9}XA!n)ZJ0{dSytlJFni0(pup#aGw9vclAWo}v=8Fz4Q#2XbUjF?4`E zn>dWvAXAk#3UeKBch#GmFbsya73`P(NwYH3S01I>dE`a;4bQ~@J6=KD?F|JFI*ZN$ z%Hh#+?`a1_%Y-VU|-ox=W(#lum{k@gUxEVW*2hu2tRp$Z8&9Z_p@CnD-$zNV1QONdWF`zr|}uHV*lUsLBy zb%=G|IrkP9dO0Eo511IiC&Q-*iyzn8aBCfSAZ*vg-Q=2!rho?zbI^gJKE?}e-^>eT z*Ly>rL|Deza*#=2z-#DQQpQ9k>_M-BC=J1eD5FI(_cL!T7~awzWo__3h0MK+A{N)H zJ)!5e_aNW%+u{zxQ&pa=aP6Ak@+%Ils~1BPf|ch&iRY!)-Ml{6o{c^+_4;*;GsR&R zib5!mRIXnorVJZC4x{fd-*IJ61O*kkMB9I(gzUhj+JR0D{Sr@$5O1Oepavt-h{l8m zUD{>mdn3*&l5==C$n2xTrYeNx;rOLSc4+C z!Qo9_Pa=2q+O@*|H=}qDArfGZLip{QShIrk;u~{ztXa8I;B`@(N(^bCY5NdM3Edq0 z+4n%)j}X&dK086CH=-o)5Fu{L@K+VZzvIMzX?FQZzys>TPL6adB9DvEV_DSsJPIsf z5e#L|@UFHt8xb(s_oS*sxo9)CJe8IM!}E$dX8q`zmv7l3g+7Xkh`I=3S#Ib0%yZMW z)nv^Uxs-X0YP;i1R+g9W=Thx`ACClP+D}})(5?f@{a%;a4Km<=OEK=b{ z2`MCW>g0l_0sl~0PcpDRF5ew26sqT%^r+AaP_>kK1xVfq2SWbx>qp*Uh6d4{ZA-MG zZ-f}`Li?~cw>)WW6hcZ7Tet?u0qOJv0>P{D_}$~MWPSM13(+2M0wR1aA zCMUK@T+`u{!EUcsuGDzSO`MyGjNQ5nWvmgG6pTM{&@Z$ zA~&~9>6dlCIBFpkI$G$+eBMQ?A|_q?{SZ0D5c;1_+<{~h3% zwrXERVx6o&R18Cfng=U68mq%$3n)RDwCMOo>1EpeXTLv70c!EV1duo~_m8ZCFbuGR zU%~;^UjzUOHPK>%Il#CoSZO+I48xEA(RML_;4AOZPUquEYRkkFh7ugh-rIzO4pA#p zIy>rH4Kg=uW;mzgoAe9IBNilP6wlPxKU^>C^5eK>x=Gagp^OlQ9kX8e zw^=+3X)2Er<{&1aKlTr`!Jd>VX8cS6XvC|$&hxc4DfWL)UKl@Vp6oOZJ26F+xyOyP zJdPec+B?OvsKKe~M(3)gFeJFbZLV#6kRdM{`?y@=rAx# z9^fO)Gqe+XKOhgBb1TBHUw;g5&Kdq&PXch4x(vt{)J4J5pO(V&=m}VU*ax|xeb}5* zh=sU#O8k?X>^FEXFPE`);{2ld;i*X4MGZB_mx;TMybB47lg=yfi`HAc)9zcsbc2=f z`m@$=qu)aSOQ`!ZW+kR0s4dYPpg{e6o6G<^`1$PCkHQ6W?&X&|%~58_6Eqe_yy=}e zf^$ZPyBy6d8Ini^%M*P3Dy6LVv|p#{k)F)5vvOR1PW1w1DV>s6 zi*P!1%)2uX{i*3NOF6mVgZKX(=-9bKd!HE9sb^pʍWyjxji}ii?xoWvTtWmvYaHZ=mng*lT`Y;}IvV>NUbmsxw z6a1~caHS9*iBLhaMjMO{VA9#GH_p-469)5LLW5G@5AAjBavwBI1%xx4XR8j}qgh2d zH}mQOYM$DYYv$z5@*CDE7BL0E~cAV1yUa*&%yIT^l%MgT`4Tw!%M${RSksXAXCN#MEKChX`fh zrgo9NwJ=uwur5yV`TD7R@8I55b*Z*YOc-7yhh#54rt6*O@#j z^6Bc5^xBI~8bdQCP423UbT7ZPZjuqnjxu%pyC$o&#P3yZ&(IS-@fq=Xa$4sZJZqHJ z5H-WPPOR!#eAcby{mzrwmyk>__BSzMUrDu#?7s3@{2BM|yC7G?;tTR$m%eM%qbz!*kLuX+x zGHmLW^B8kLs-Rp#HTOAS7&cWn(}A=uLBdRAA=7Co~E(gQIROnOIrO;%%*Wi9--i*(ESx~ z()3q@E7w5)b8FWQ-1MSIwj6PZm3)QYhl?NKXU1CI!Y`g#Dm}^Xbo-03&qFn)^43Jj zkKYmYvMJV#S7zOJ)l#)m-V{GnUB*i>RaM%t0f%aDX4(q**bL7fpr^;80Ei0RJZ;#l zadQ4Hs(y1pA(65NE7$RfxSI?e=v071OI@yYnynH&cDQB39b`vo^&Qsr`UKL6zMiKVU{QJ2J06M<^r4u56Fy6jZeB*QnoeO0*kOInWZk=FR+wA2Y zZ3-bbQQ<+HaOjUpH{8xUH1w72*jgm1o+e+b+#*JGttYZmSWtpd*YIZ`q2TnOC1+oi z)r!3xyeAdWfEh;IRkZ*~{r)x)?VfN!XobGGuA`FUm^WO=r^g8CA1K%T5w;{aki-qlbqHvO-ft0n`Tvv zjP}*4Z--bS*uS1HQeUjDmI{Xu43{M@QM~s&+6RHq4 z?xPn}Ey3G!?~@e8qQ8C^T79VS=fFXF6tE*epyWDtY@my2vKWwyTGsM5&o^8nNwll7 zvbq31@k^w7nw4yv;`4FaMgJ*uq?~dx59!0hf3-`Jp0d<{phR5Sg~cPjK+GZbUUd@8 zDq%@(`Ie!R*Ndsnday|`RyqC-u$kC|g{j0}L79jB8xb*!Hd+`#zj)D)ch zFw|+susOc+p3YCM-dY^!9}9p=50X&*e5ybWn3!R{dJj?(@h>9D!lo#_S$%g1m?LEH z3@m`}?`?CRS*fnnflYS%$Zv->Hf$_722>^%F^J5@oD{`@kO_ir7W^!DNSdUUe@qFy zzW(Pjathmu;HX8H0dhi>mJ^}sTs}T)r8;p-=#J@-X9Juao)A+M8&y=xI)dSShHD)` z^vk}sV8~fuzwO&CuBkfzLx0J$Lvlsim@sF+$r1@f$m{A8mUxZBdseD8g{2z+!oUmzEPi>--*+aW)f(?)*r&d@UA^wb(v3f*`W#Gg zU!>$G)Un{hZoguJ1mg8!1y2Kff>?OP%{nWE8{0hw9UqN9G5gr-)wKtFX2hGe5qT^x zIUIhJ^jc8&;)vt2@~(L$)dKEybzSmQHU8H>kSplj<=Bfr!LDOo&^Y7A{X9555HtZm zWBonUDY5oseMQywNkMRvLQu)%4`3m~xd%m|Bo4x;mb<`pp=(_H;eW|YdX z40d>sgJ@Q`W3+N&Oh%k-@PfjF+D(5m{zxEWOm4AJ>6U4&)VGv+;(Or7g1FE!Gwxi$yO z!{{|RDzph3=9wuC#QCn$FVeNMIA&dkyYAxPi{U%Qg>VLdbc>s}DZ8w;9?8QYSa1O) z^7sNp*d~V0ys$oR%B$5P{NMkt$V=+5hjSy!)t_&ddo#vL)-b+VI^3 zf6n#(xo_f9%4&lVk%;M;`+eR1G8suQ#ka`0G1%lP5(%-MEc(g@jtd6iqd_d-7z-%H zL~s+|ethIYs}lWl)g&E(HUpY@mMQzpIpi5qwbEZ+4{+>1QVB5`fZ`(7VyE@V)qly! zZGRyfW}|=EM0j2E1$h8hu3ULr<(SFU1%fT$4Y|aWNIIpPVnarW_uUZ-ARH4`6iE!)Dy=f_fk__?)$iyVY9Y(0!9B4si}JBM_V?zV}v<;@c5P z`fyKq&%lM2o5(g_0^0m&MJM~Yc>cLH3aT{%4v4j2Iho*`fl{d(5F2dBV+!@KbUjcd z4I(3-AV3QwJ!l5r#;ou@6?rhW;gHd^TFIz|R!O)<^N`b)iRg{gzR9iiz&Gzna;i^h zBE@3`opCwRxrQBG zLCB~Ce@2}QClMPep3+9q;IJE7kI zYQDW#0T{91&Ys~E`S7X?=e}Qm4F*I!wKS-UFXdPbx%4_GN7!y0PZQ`qnPoOEM|8^! z_wa6;v*Ya-_gw$0Jhv+)l^7yp?n1fuU*0Oq#@>5iQQ}3ZiDUyCFd_wvAb3bLgq`N^ zuNTD_;iIpCtOCKKyEojKc2hy$L4yYM%e+AUepn9k2ICV>6*vL$s~ei?H_#06q;p_F z0Qe@xRm0X~J`n*2G)k-tg+yhRqf_x{<6Y+}`^lx*06^swcFUa`^C%CB0!`Z^h#`WD5SUvEC5 znf$lk+_k52_aL_d&en0N`TdDv$z$^b&`;!@91!-xaORbMFDviN1f(1r7D0L_2u_TT ze>&-n(&fCBmV`ItZ>T;U%N$huPRa#;+KmRC3W>Pfvu}pq;2eE<3Av@ufn!hHhoYlC z7~g-XVPTq`8qJ0nu%XKO_AN~Dby8A?((~Cv%MpaFt@F~Gc$f}p=RY^WDAoZzisBmO7lR6!(T48$i#Gt>A=g6uJ z>NVu$9atRdo|RqSSh+zv56U}HG9mA~g>Np^Qp$sTY8qge1>y5Tvp;Y5nf<1yY#suh zs*#f@OTc|-IJewwzLROy*qmZ(e54Bq%!ak;MN^L9Q2uoM@u^ZpyJnorALVX%E?FUe z#KybD)%*l>6&i%jJP+>`Gb?;E%5%$qmFe~@UIWoDP))@5H&->sZV%rT4uo2A%5`j7 z&he)XF&>-m4{!R^Rn$J(&Dq)>Ws9uh46XiIyVD1I(_KjKk4C#1u#Ia&OYuzgstF@2 zXixj?o_BSDg!`z9qP6G;$|JT+teZyPb0To*)vuyI8$u6?C-diF1fWzwYBPepb*2>4X#%Ie`#Sg z7j#xTbVy6}j|#G~Hqw2Vtar(bNeB5!rCpo;M?AY~pLmH`|3`L9`~3eSb#a@9mkhBN zqKg25B85Bzt3SsVRg{3-*+9xpIHFRlMf3T&;^c1OoFMy1(U0YA85P9 z*#5*o{=d+w0Wzc1fg~T)>p<7UF>S9it8eNPHk#jq@T9kEN9d(@b9{fZ^p?ASX32&x zPY1)#c5Ej^W6axKHfb1q^Y=%g)V*D}<>cIvLa=*G{%Y{r5khw!+*r7K(Fj(Y&|eA{ zCr#Ped@5m*`_+lU61)L_bOG*g$)NWaCOivzd_U*gf3*O*@k?}>s8g1@TbQhO*+giJ zQD1hmUEZc?ztgd=rWas`*a1d7Zqp)GA2n@1Qg6>YM>Z}AIX=2IJlD<`uF!c8S%r3$ z3&B>QitQ&b&k`FtsB+lV^Ef6`Ye#PKX#b3DkRx2FN*dO zGy9xguinpiANT~-6d7UZPA7<2q=QT`0TKOVNT1QQ4|Tr=2!Z{yBeM0DPH;0+Mr07a zK2u&5zo#Or1=|p$kNlCXDWG3g<(W`GgV zyIU*RezWY)R6tPAzD*Hv6lBOvh_k@#=jPrf;!_S_R>b0^MVHP(lL@&q7w~6<)6Sl_ z>!~WN6oaDxA7lnWWeY~1qb){SDFj3>iGrHRU{MVn)ve(Zu1CfxB!3)KxZ0q!BorfD zAZ6KYH^uoh3|+?3I#dZ)Z-eu&gMxI-hVF^ zoc*|d-Kd9J+<$%iKILe2dbXR|n*8ux50WZ|beH&`=Oekwu2d1{55v|ji&l@!)_=qR|`NvwDtFn1)vL+ z+m=Yr_m%%ULya0ca+rQ-_V!_>*z{7)>q(#b*FH3J~l{AfCs**FJ`|)j>hOA}to6CRomFMDOpADlkJLx2Xz#*r7spvt^2Fu8F zVCi4!?k>Ylhp?S%@ZiA(?_<}rYbv&G8OdG?Z~JaIh_rq9eodo)UOr5tQgdZCtGjKZ zHMeZmHa)KDwsBE)aFyCLpId?SlR+s7QnnCruuTc)1c3`Zx+0)~76Ade{rV3k|3#Yj08u zUCwuVYNz%gX=k92>wSM4y%*){{3T18o;X{HTP42q{U8bJJ8ymM2eZIZIfK5=)6-Md z(y@4H3y&}~mCr9@Gd~IpjE01>5tOM|t)ec&R5?;SNuB$pn@!Bk)A;W39288RP!|!w zfwDOjk~%X^+9Pv-MOk@TSILjdyq@m}WPrxy)tUruGO)LqnR93|i?xB=gy^SWz0l`j zWj^stBQXw0x)?l{^*|z?DrX=xK@%!A9{J1>!ASFsbCdFYn`2}a6a+$24XhOCIo2SX zeGtXJYs>Iczkz7l!qPH&v9kMun%}S-Ydm%B5NI74`Q^< za-4Gu7nztmfc#&D__U;&u2;|n|DxR#T1QOF?&#s4Lgu`|{5g{ukQyYP>Tv63;l3|c z)PH91WuPUEv2eV?3xcgb^}phhz1Y>XY}sx`5yea?s?pg;hc;X^`KP+{6k!~g>|&S_ zcPY>_VzY*UyhH)V1zEz;;o8@&ak=~R-9MG3`>Vh!cSJ|PytA67CSU2ycUr83(L$U}q{|E;k6}9qNA2>$`DOYj9xrw z`0x@K*17;oSYwm}s~jC)mG~04WM#h~p1%?{m(CekU+zt-F*06i#9d+an_YV8+O;DE z1qIHzR`DD6uT)PL#*R0Tl3>mFxlnUNP^kP0}}HJsU`P%EF0(BiUrDt)2Pv z=Qxl1R1a2d$gTC9y6*NGkWxe8#g2(a~cHBZCIuJTaWrhm(!wSuxKc8_x2Wsgb z9=DTs8^S z7|-1U5M?73pJ(0MOYuCptZ&=R;ka}6?$xlcm)=2hFAJ)zuu^k=yF8E_P*HCoI0Pg- z0WQahpzN9@*M5zz0+%v0JB?8xz7icAAo`tEoecjc>}gc{Nm#lNi%0`3D?(AvgMDYJ zO;Yz8v;(%$O@T6B*s?+v71~$f(vC?Me#=UJ!JJ1%XU^hXzj(k9oMt|OvlXXmw~Y4; zUJoqTQs&+q$%I)DGSY6AWITtLEv)=%TWm$6 zbPard_vXzLfb85?2)zQQmM=~O8%{hi_#KKfRG&MF%EZb`Ql}uKuo_!NdfFN$&yQ07^WFDkw*TK)hs*b->4(PtH|JCD4DDyD|G&Sh)pg(7|GjMgAAj|T z^{-AzVTv+#1D}M+n0MYNb4A8AYwY=v(|zy#wb!^yOfQAK`}CgJ{rAm3jq&Pd8Q9No z)sX`e4)_mL7@@Rjyx+<$YUyELf6E<{KQ?mx>3dH8id$t?)}*P|%YRFpxfVN;Kfi5l zFK^HoynKT7(wCl(=gR2LRN8uSQR}mm1yY4F8Kb@I3`c~zZODpnU6A3>$zLb}aJueX~!R6-@DCS~57|M}jUYBL=pe9UbAj#i2?^!oDEazVh+E7remPJFb+ z?@HwpP16-Nivo7*Mz%k`Y(fu(|Mmsll4QC?$1V(-AhWPx^W1{GyXJekdo9)-5#jpo zpWHzgdo8>;Yqx>z?5n#M1sc5CG17J6h5yMpdm?*SH=d5T8617))#OQ6*Kbiu&9krV z8J_lgdD_)}87m*f$eixdrMuP2aW4z}H+Y_y`M($KevXx+&dYH(uT^DjJ9+=!dgu}ycS`Cug&TEs8bhvuvK=5w8E(i52 z8kdal%XLlaGWc4T?gt0Ut@0|plKy>|pG4#8OW}HlBHR~InQPrv&afVqJ;2P2EQ+p( zK8=>x{3LD-LeIL84adcJj;Z(7G3IGSO-x`T2pvzWxz{YI!vrr~7WT*#6+{9AG_e*w z_Jj3)7oOW;kX;jExKKWg0v z$B7we-ft+E<+}b7nV%{a8%^FKBckOqsfvb>QdHr%#}XA`@P4ZAr64sxDQ=IF^oog@*2*{1zAGPhiBEgdn&V&m zEn!dCjLb88G8M9l8ow#O?c7%(`O0%UwRV$-9*sQmX|B8kI~w;Q>D!1Cs9=GKQ+|G| znM%Xd;oTkQvgKn@swtB%gzz4z&~7nU0&w%RaU!9aB&(20bX?y7a`zTDg0 z@q6A~Y46nP`S)-2r#^h+JQd6`7A&H5@f->XQ zwQ>%4F;Oru4@7-{dDqoz*NPa}a?HKug=mXzPuPp|8R$Wn!jKi4z1uP7Q(9Ig6hLrT zf((CHaGu(Y@Qr26Os1#+9fc$i*(in>4l7q4;x9dV^tcipzMK*pCDt(t8Fho@{1+(b zLqcaT$||oLraCM!tz(x z9ipXpiWm@llQk1~E>qwZLE`@Y)fU@a&0W`~oD7>W?&^j~mp1M+9_ecpc~gGXgwH3W z&HdJOH`r@qVn1^1h1D`jpVah+UKuz4%Zb~X;r;a1NWPc99U>-hF%V!_f>Pu3k?ZgMs2aO7|g(_VZm|adzww5-hk^eoj zX$I61(yu90yl`aTbUYFOn0-I2V09@M2c)n)e3Oug#99bg0BtEV=ldut5NwYKx)`zw z#SDedU~m)(53!>c#`?xna9PSFS}U&9y0{&AE&Pq*k)gbIjwhMt0)Qd_h=ZM#6h;eS-lxC$psM=f`md2C2B{21-RiSH;!Z! zKftF?u}4^#nwHjcu^nph5u0&y(6e&bX}*RJ59NVyoT!flETs#$1Kc0lQAN)OzyNRK zoQCrYG|O7eHKqVWw96kNx}impum(Vfik@dA!i; z@I`|M4SJ!SIeR993^Y(9WxY2cwMkD;N210fb5^Jh3`fBZNoP`7A-Wjgr8{Nw*M2~Z z-c3u|GXGEaz{uFQGS*pxEEWcMe5}w|Iez+XgU?qjMof_Pm_N7h<&g(x?fv%eJMd86 z`19g{TC-R8l6*h%@dKHwXXakE{IYGY&&>|Ym-*?(^e{CZXmDKdmi~e}_A)!w?q+y> z=o9udb;9-MV-h|%UP>RaeB!l`Q6HsO9X}sEJ>;Ik24}0kPrTYZ`HHN8hDx+*~^y_cQ$7imVdpLR9&%Y>5X@>CmPRn&lHeeuu67
6vnVD6*o}iqiMnvt!-B>B-$E5>{dxif@S1HJ!mu!M zl3<1Tzcho)RqXp=?F(8$)Rn($O(pm9xkNike4A=#{unROtz*e@91byYj205})3oYL z?Z}=%bi+*7gXo4SF^{neeHZbrb_2*4LJ~l&_21u)Ck9jey(w7_13_S6sM8LBo6%T8 z+^I8XiV!d{u6>qWYV@n|cyfsE5ajlIG_|dzrG8ttjbm!27~w)_f2&|ZTIjWpTp387 zqq5WHGT4es0?!KLuknOT9$F@f3+oy^X36mp=sLHxG?ZLrvdK;jF-fNQG2$*@99WFW zpAypbs)$v=5j`%HK6xC!_w~AfQQ=+-;zufskg4diqPxNb+rdTqc@m0vb>0Uhe9Nc?v2(QIX( z4F}FXgRxB_z+e|cuF}3SN0zRY{0dDjY!#n5{Cm=Vff?_*Kd7~-grhH3{j!N0l-4}X zUB$nUMP#75F$oDznSp!Gm>mGz%d!j@9?xLBbr8ph)I_);an-C*$xx&7KszB`91sp4 z+vvrF+?S@^-GA;KE~aUeGXPJj*u=~7H{7tuV@1A2}KI+!c z5VQ8hYLRaad+l3b8&GRI=5*HWm}~u>IVMHXxj`x-f_zNNNgzRP^UUF5Lc$q9xShrU zhN1KlR0I7yX4M35i_0~@`(F$MJ#$Dr<-UIXG0Yrh%xI6Im}-z`wXhPl0>8o3JGPCp zM*{JA>5^mmFr*1~2XoG&L`z2t34nuCuGwp=yL)odAROJvE+C^N)y%fd)zR6X)NX;9 zAKL|h#sG%EFGvns?w)1)B`y+TIkm4mm>`*!8*d8MmR)KGe8y`N{fV4BnZn+_4Ob}Z znG3#3+VHUt0JdTRKNG)D;vdC2uOZTMZX-dD_=a;Z(rFK5ovb;psAD&X9_e&pxcDSw zdqkUTQ#G-+7O9_9g@TB;Bdv-8a*0Z4X7R_HcOg%SG+b5)6r{d8@@MATsbO;r+(KXk z&iuE6l`n-1HsZU@zrT%LBhC9VnWG)0HP(Ij!-8?ch7AKa{nm4RJ68TsAaQvGR>t}j z(f&`nVg4BS6&MsBb@akB_4GVi&eA*-tQRPMMzO7}?H)q8v#tI~d#W=)cUTSW`SaEr z&01||w@*~M;1T%2)HIXbMID&6@&w-n9wL?HxjRc(xh0q@5HUh7*njN`rOXv2VCp1e z{2HBe1Hc?SJr$LdEaDOYVr9KMBC)QOoGZGNUvO`cId=`GuZS^MH^_bQp^#@}o|)O} z1Nj3bC9my}vNs1uaU2w_7WnMWeLX$BwB?si_7Dy0PnVyu11(R7M4y^pak!7(u9T?L za&Ju(H#x|qPMrd9y}C%-T>9^PM@HeBGMh7S0!L6DUHPf?BKH(IkpVF3K@*VKNeE zS`6|?aw(EbpVh8E5{=)a~0(7}>U=Cxi_%;g^ugBq18; zpGK`UM)=1a2BDfBqc&NFO25s|(Z|n@Jt>X4Y_?MDqd}AW+?D7M1UIz~t7>naxVOj;8JZ3FrldAT~0I z0#xY+Y{iSlB!W2bFw4t>gYo3e*_jIp_u|#7N0cNy?YtJNU4M@F_VvG7fDs-Mf?+#& zP#|Eeh^gDDswV;2g1<}Y%*}Z5^c}YKAF>CJH9QdK9a&mPbhL5g**j2j0>HbwrQ8-S z5fq9E0fbm(k1<%MRXfN-&ljWEBtU*u7}KEW!#WyLtvlT|AF`byZI4k=ZYK^;oy8FJ2a@=%3=Pj3_TLNHT;&kcwjRB@fhld`sa8YL0Iop;ChgBTYROk0<{l`y z>7e!V;qaDz{u#m-|h^x51KNO05C>?gdM8wc81B^qdap$l)z9Gs!YK;(~R(!`I7rZ9gP6r)WRY? zh)E2Q5Y%NZ^SH8kixEvA+?z>*4CN)57UlCIxeh^{0}Y>1{8GB4BB8nu4k`&%>0`>S zSF;n5F#j3Hx91^0c5wxuWtb&2K(&o<_0<76#Z2b&#rFW8!MsJ_o|Z?ok1SRe_IpB^ zk(X33(Pf!W z&zpMczyJE~AF$XsUL#U%xT&%Fsl#iOADPLYe>K|l^ZWph)u(#TUwM3`%CUy>^;=A% zFRu>YQ#QjOV60S6F!1f3UO8p2cSslW+M`C5GE?g~Q81q?R)nf_P&dF9k1PRAZBJ`) z=dBu#hO3q+Vw9C1IZiAay=~|7Vwe$N1b>bCF1Rei zH%yb;Q24kv3aWcN3e-y0`%u7UzkeT=d6%UlI>z-BoxIWOlx+6B&}#^Y2x0BZckiwq z9(z3P5&9Xtcm%x{B~|<6?sLMs(DkI*z3kb%X7y?+Bk>4>t3cE7JmD?9KX8&$6|NUh z&T|na!LdS=CLTyFSdVMp;2}fUz9*q$JbC@6cHl}dU*GmjRPDe^)ugy2jWXpo_~2!$ zPr+tWDUlkWIN_GF)+{GY(Us{K0l87F2|?QK=Sb2xGrYO{0cfVI(GTJW zATxgwooxa>I3gv(WY)sv8+G{KG*TZap zSJ$*tt{Yrfkq(h=Xb+*!mI&?*pMB+Nq*5;rf2qzI3YM&K)WgHWxwrnXK3$104<5|i z*?--*LBfa%;evbpLH8G?9u(q9lbgPGm}0$&v7CT2XY3#@36Ilc{8QQ5M&+B|Ql7t& zBg|zD3q#9Nxjj*IG_?v1H>0GjU3~<9g(N~PKt5oe+N4QL{7x2bo9}P~KwJz{6BY(s zyotSKT&dd5aSS(>ZhraU!#w2n!_S4r)?DF}QDkMUTwr}{p_!QwYLHQkPdsb95-oK> zX6R6Pzqt(fKZRY3P*p?ujdYST!fucu37qpk^Va2fi5<;C zc;$l1Qv7DDZbO&!urRIp(~B<-_mwZroqaK@cUfAM*Vbx>9%$(E-A61id+nvrGPXGr zf>;!ZKp@O5uzs9L&`)GNfgy9^sKC)akK{Vhs&InY!D$!@>;`9Q?)|g)Y`?BuySn@? z4F!W9!^fuec$uGX#2Bpzn5$NwZ(hB^C$bM1NE7b*7WS5v&F;0dsdyKdV?J&KW1P62b!uV6YK26j=B^z~X z?qw6Yn`~4Ch$5)Wqke^GGbpDnQ=76PNve!G6|@RD#VqC$3oD}%5}Ka)>~p;Y74fwrmEB0Mu>N3o7yZn?ssUi`#xMZ2p0S6%PB zS*?VVMCl}wI_3yj7uPkUY)LX4%Tw5Vv}(_HE65%4FOLcm237^#PWoE6JyC%1$o38T zXB?lDfNqIr=R@55o9`S6%0M$=VG@T^Y7TvTDD?*Q4DvX&apTU19{Ba^7mWv#E}1(= z?*MZJXTs!APtNBPiGU#%R$tyQ@Wvd0%>-^UKm_SKfIA}(@9MmF23$2zOdA``PrFv^ z$Y(j;f_&OVRtqqt7$~!$Xul)+RdyR$se;S0;kgn!rC&+qtiKWuE@U=#m?n!CUkSYJ zDCwLLn07nwN8@kDX??c-_)ze$ueNBNIN{Cj1j`|2->4JucyU--o$osATv(W>;=bp` zc?%T?2(7@N;?@;&j4tERlAQ1T&M}1TU!V)L8Tf*_r&25tzv^n^w)aDu7?D%Feei$q@UPcL<;UEjc&o8Go1rpG7fu0>nJ;Cw@vIa_^0deCvD9>G)4````fW zZe4oMahPyYLdJBAOmC}zl-s*6+x4+OE;+6G{qKnvuN_@8Nv~d6;{GLFwNRgDD`(Ya zEgE5e*>LcSsK9&cnjQvEJN5GGS<`K?DYGu?KVD^JFucZMzhyhu&=uzn=Z^qg%f19iCcLIn#dsm7#`7L(=2x4RWqJ#xK-+qbM5E*>RRtFLtzw z--~`CUAlvUAi6xUO_njW&p|PAC9fAKRa#e5gD;_hveZT3LOox~l}Q@gPOMST^F6l* zWT;}mO{A(NXM^0`3tuSBUl;CvF-~2Fyx~*6{;GW#VB16;efK{`yc&U-9SwPh{keH8inn%l#Ip=vZKoM zPQ5rJ68hELd@w46x?yn~pyd3>sTyozL+k!f02vB{(X2wx4IB2_bn=iUxb+4_=l}|SQ z2)}Q`;u2#MlbKvBdIS1~=0=2ZFen&!0Bs7$8Tjl#>E4Dz>$JQUoV3py`I2cz#U2dq zxd&9=R=Ls^Vw>_mtr>I6PA~YwXw&cW1CCs4RSA9IxZv_ut=W4QIqdLwde%O`@20L= z_=S~gM(smJ8+wRo0!RUpNX; z*+`}(*gHc{8fjK`f7h4@_b>iv+X!gF$U*6ih9!@E)(6c)7rM#I% zW;CW$%4!-K>0lg)RI{a1J%dr%ix!#D`wP+0Y_Z$ocq-j5$i2lvdf>py{FYqz+!~EU zM$BF73l0kQnDF!M>Zyh&7gB8T8exOsRc&n&7|#s>k5&~D7g7&i1Y`mrF+4|=Hqlh< z|LW^{y=tcW=FKO-ND_6&s~#QT(TU%LO#GQXCUQQnba=;`Sq~qY^xPDG#%hPZVJHBF z`HDqJOul2qb+;gi{LtE<-8zaY0xUEJ4K@H5G$b}0|7d9$0?K|IFh;u$;s*b@Z1p3$ zg&i%&QbH_!Dm8FmY3881S$F;kIMVXZy=kfzZ8#a~VX73Ml;8^&mgT+Wxf4TStfad( zJN9;o{fw3rotEl(3J<|{lF6(*l2kPN*@;`2v~q1r!1KEnyl}*T!wu3(4e$TxZj$B! zg=hRV&>S^73lefm_?LxHWRapn8 z|8-BeRw`#85AY`qaRA#UOC&`fjr7Aq_u}@k?}<`~6`>q%+`K6|K0#Tb@Z?D0@&I}y z!aUtNzasnsxBYszf`24>frFq{6C!@kb=3Z__fb*vjn1aezNIxJ0M{yZ;G+7F>`~hD zUn*vfZs{MDH}!dP0h$FA@wm~lw5u0ACN>$z35Nzd^ou)ZgEs?{Qg90E?gm!@GmyE6-Mx6#M?V2uDwP zI=&Ah4xh2AqdA9W9<8GC@x@uj83l?(FD|SOBa?nBk(%CQm;Z-CH>eZft=~{XEF$Rr7jVx=|H4Gkbfu-&rL>n85A8yabaGV-fR2_(44twespQR^#h2gy9i9Agj(h~HqesXj zX$#rIvtli6^?i<%xb2;M7C@YUnhrQCz{B(BaXUR9X#3%=A~I}wslx*6Ah@Tbq(F*w z*nMy3gCntV&6JqHXTpaSm-cndXSOcG=5WWg&Y`J=B60$E!23_ZT^Fi(`-oyRCbUiu znPJ}?&72FpE7-kOOZ{>n3BXg(U+xt?4^WloUNkldjp66RsvAq54-*QKnwpy`He@Es zY2v7+dgm9#8^II$Fmwc&hYc|&0O8j5j-@-wA_3DOw>~7e90yP*ne(db{`1?jr$gS- za&DTiAl~|{j(Q; zt7@_!o#Ag(KomOh>s;eV+YOUY&pB*Vo#xnLdDck`QtfW*%HO^TDf{YcKNQb8FMB#IS+`M-6hL*`i+1;jUXozMNtAFkLn?bNYSOy=91u3}O#~Tb7_yCi{xPx7VxfZES4v-eO&GXU377GJ8kI zBVx!cE;k}H;LDD6)1d4bdYBe9?T_FuXp;4sXtM%~wM#xg7;VzCZ#buWKdj5u4`F}F zbWa2SerqBhbMevicvCswtZt7cgaj-3mq@PbYUU6e?&C4vV%auxd+U^MT9&JioY1fv zs?gnR?*;q);nh7#LKa@Mdzabije2k0he{J<10KGX=yMm)pFAcR1Bq?5$nYi83yhWl`^6N(8BgkqA=B7h4`J_Y zynNgs+R*LR5jzm2eL^iEyw0#xJBj-*T0xj{&U2!ninbAF6)`d+SfNz6=tin=^er{? z6i&uvwN)`e&GW4Hu{=@8H%yJDr7$`fUZ);^)Rva6=3%p?6xWN^~kAM~Dvg*?6T#w7^MNUZ%`gg{R`*(D9w#ckLtqXik$GY>H ze=iW92UQ4D^21&IMZBFIN+u?r6?n~3cGVTW{{$uRNbKum+ zA%5V3cVAa8?uDLi@>7Y4BNq3Pn6lPP{_@7~g%uvLt>)nwYIDM~6b|Y=aOe=DyzH2H z%#NHx4(ba{!n1CAJ?&hs@Y7=C+@Wd(u?|m$yk4XCGHiX5`>j*kLY~iAQMp%Is^Roe z*UjlziqlTHUmN>af9~9xuUV|t__5jF`uo)|bedEeUCd7o9yY94U<{n}@*BRP{knnm zA(m$|1k_s1mqdmtDh~Ti`Utj8QWEuksOF6?52X7X3^;xIWn?vOn+stYYgeG??~hM^ zPFq$tBS)TGt_9g7=X;LNL?3KrYhz=xq6G0Lt0%oWmfEkaH9?8+a;F( z&4BGLtr;oNo!6yAep~*_AbWQrgCU>sDyiAhx8csC%^DHOQBUGL=9~GE!Ju6b9S^y) z^M+JF=IrRI%#;TY_WU@ar03i6^6!e5ijPhTwunyQm+hDU%L%u(H5wlMQ93kkQvW5^ zI#mus%iTKWuO9!>%=SgLO!6F%FvKKH)!ME9P(>s+-c8PpdRHzz!^*L_K2`gRdy{wT zeG0f=m!JMCARy6b*S`PrL65f8YGCVt-Gh1RDFn^Cr)eh?QL**!%WaiCU|G0(-y9mvj{`OXx-Z$}mw+ zdZGTWo<+pqO{e5PoP2%G3PstMnE??xYOmJ~&g^*YV{$h_H@p_YQM;w(IsO=3i#o>1 zy)ie?!jGB8KUvedlMvTGTYP9uug+%cx|sbqAQ>X(-fxNZf}p1f4f}KDj6WZ{vSrBE zpBXo=Pf={sX#7>*`tEMbr`tcu?zQIUHtx~A7(HRjuEpK=$t^Wu4hefkWOmzY~f7sEuRa&pEW=eAPfSHFv{X1FK`OL}xAv4Hu zru^mpd(t=G|F0InD9`G|;@9i8N;WNhQWQR~OVpr&jv={&RYJ}0SAH$)(DUzo{bqLi z`&_&3x7z-&ub*wlIb%-P7=U7aldyhOL?_VRBf{`~n+@4xP!{68=Kf4?9$+h2BEY@{g*xiX*^0~HSmj0?;< z-(!+8E*Cuo#Gx=o4>*^e{htfxx_6qh@mxZUv$G#F%0Qz+L&HQcYf>dUBTKQek|pL- z@(T@En%BG1On?Hun7$k;)!vr8Y@ zMq^wjHg(uWGyAqHZ=L(gP`Uq{BBR+3`fc1GGrsN5lk9=A5B~6CDl2 zAypXE%V=wUUo$i2Fm#M%S2aEzyZu#pa$1qa&gv)Aq&ZrTvcGxE9vK!UpaB9t02**N z+@*Hy{8B;Jt%F3*>%0MoBz`LOg&^I~1b#Y;@gJOV|Ok^~}v1!4}w&{>@gXH^l zd*b~20O1xXpS%QaOKCgX-p91q!@qw>wipaYRLm-JBwlIHpSxY!$u{Ts_;{fk@$*YT zn}CeTJ2mF-Yw?2>y*6u(m`S|(ikjNPl~{c)Xho$H+I&+B{6e9wGF-o4-N z*K>J1?%U(?nnNL7K`Rzg`T6c!4N`Vlx^z_g?PxsMI zZ1kpsOoizbaw5^-oIJ^r0*VN}cI_zQ9(WsR?(R{|xApW)SxTam7lIgy7BPPM#3&Lp zMS==Ft6$L*PZ{7aRgM8RR$Eqm^@+`=D+Z6dUUVNO#D@%^{ zUdMtUxCO-L>eXMaziN4%^7OM)eVGn(vk#q6#O!}yR9g?^17ZY7U44CL!Tpy7XckGn zyXoy{a0NB%%J`Ch7mXA084z;M(@&^DKGc<_IRiDJ3c~Q`Hle&O4yS60 zD8WA1#*p}GN~Tw*wSTX!6SDSg{o@1Z(ebAe;Z456>a`bNqcygTL5slJlyq93$$#tu@ZnLw`%~Vi`Yk0BOIOcc zXSL#`?5n+9D|fC9*c&b@)Q|`QQGjlWyfO1+h(*gNl1llXRx05$!_zMWY*C60sa#N| zsF>n>4#%q8nYDJA)JpQfjxQ}^NF=~QZkv^5X=#bXh@unqI#Biit2wNDURnqbFUJ3xutZ|^7D(h9) zzNTroUD;4k#FbQ+tJ`(>#2k6oIJ?Lto}e(-^tf5B$t8&E4<^k1tL(Lpr6qYQ4$_L{ z{)>aFW3;OLoXT8Hlau_+)fGKgh^y~|MZ@C*H`9*?2gw4?V@@%Nw$9qTQo7-TizWye z{NEuIcWgp}EpFVHOaqcnuR&4=3rwT4&5rI5ky%@kX4{W&PJo$pb!qZmi-QF=4E6}F zLzT#9>lO?P--e2>PG@@hbfL5ntCZnc*-9RG)FILtQc`h#NKqq4I+Mdtp#&u+;vYDH ztTQNRKfEJZ6MHe_->{7IC&7t}fWGbX=g++p+RO(BcaS1EhXGv#J9F&Jw*9(ClS&%K zk#GszFD9fmUCB9`R~1Z*BLenP?`i~-fTJ@2sl=!n7@izARo18o8D$gFxpL&ZZ)z2M zC;=p+hxYwc@P$kRHtxmvct1fk4xF%5L{%oe-++vo;18h&K$^&31tdn6ia_2B)ML5q z<*YSt`QoUCADi9AItz(1gnY`;gO3y1vIg7p*1L6>Y9W=_|9gt>(qj;)D-K$+oPs=K zKzYz|g9wCc_69{JP*bGs@HKI+!K9*z0A&$6BWN#5bt+_$#KMP1y?~sZ-uf1}QU8%@ z^R2DJIwp(WS)^(}UtsLuJ~k)fja`h>herNVP|&7~`k@>uz_Sos08;~x&VQPfbp;}b z$FNdgKP12jp%_*$FoYMNMf4R^<2b%;ZEYdso7ZM}cb#im4s!dMeK%Qh0r5lb49!UK zkLDNgBbXL68cLN=+aR>Z;U*BNckkA-?>UVfqX_w@plA$p_E~DqMYY+~^pu|;$%xMr z?LFs@;eX<+YMjpb_ao|C6O&6Fwv0qsV`%s)<$|A|4hiBs5N0({GtWXVbI zN2BfNMhCf*LBb(|{q1>p`G793RHv?1qJzb%lVRB;t^@2u1}b z(p!_#gXWGx25r_yvSI{igvWvcgUGGD&;w%p(2NnneFGJJuipI$iBQ<}gDAl`rGZ0u z1x`amkQrnlA%*G1Sjm0hPC}t6BJ6MbeEw`jN(+w|!vP@hU$}940F7Xb62nYr)agC1 zdafe>CqM_1WJbr3`J4-^|BB7Yqbu0jh1&55+0JFKm(TvGsHB8m88 zX(_ue$TM%Vf*3JM2hP3`LRGJTwu8e}t=WfOdR{mWI`378VcqMYln;OusttP@JD) zniu3L8k#zwxPSPTvBWmR3u7)nwgml`nglhf$7WQViEI-1a4dN zcF#tb%zels^M zE1M!Otdos@9M;;|BQpKh)y_*wLM+(5@AbiU#z2~*;5i>LMJLyJE*!%X&{knf zL*qy_0>dYQfj~!v#Tr_U&WUb8NT_%*ES0o~)RX$1V}uV#v)M~CkWCMuj`jc@EhWDO zlxw(QsGMl*B7gTkwjqs~08Opp%tw{tmAbR&MrHwi1D+Vl2E4zVc4$!+wyXz~uqepl3GXLi%i^##!9gP6 zXgfEJdfYctPEaTx)&vHAss*cz8buEY>LOemSfHpcT(Wk64^mCDTPq&w&XzV8i(8`= zx9(HEBQd0j=TepVXP?7K;zsIdt?}X#ba0p%xO_`S6bu~Wcj~^qwIO0gn=EB$@bz)K zbmZ^Gt)p-NFy?jXHIEl{$y^|iD<9rL&rrFOD`U>+uXp1{A~OVQq+k(I&_c?;XdKF# z7v&?=w@71zGJ$WhId^JeQ#xl3_YE3OdWM!P1hrU=(U~b{twZd^u4_`-_w>SUI$Zc9 zR<$@(xlk~yj}-{8?kvBh>^%}f3?^&w)(|UOmT8&oujK^cP9|}O6{`MEX=eQzB5g2+ zNqKzAGB*pfyp+9&2I71<9icC!CZ{{hm!tkR3KVJ}f2Zo1%*doDYSCa{L+gZwqBlgt z_bZZjnR^t30p1oIgLCxO)(GICyDHWmwvqkMxlH{-TwUV{&mh^BQPpxgR_dJr8uc!q zlc~%PUPy!#4Bo3HiGccx`Ixk{^gtphsUyd&Wf`@XMnv{}GYw%45X=%GSdenGX0j6} z5*k>c(??oHQIjlP@KY*+s-M?&XF4%?gR!AiKlc!kTJIu+JxGk1Y}$-+HB{_&0rzwC z=;UBa6C!cpFMF@qS>7oeLd!O8eDCt(u*9M)@*|-R*AHCo>TsXR9XeO&BI`IsZ!sN@ z{Bdy`w@_dXlgYbHtGuPTJB2XJ>&5h>9JF z0D+SGvgUE8QDQVz!x*je8kVt{Jhq1l3Wlu-pCJU>&=WqaX$oJn^&*8VMJI`Qe>*wN z0!)UsI4EXG(r(|1jTKH^;O9PHo& zgaU$*5v*20h#|QbGu%tE*TtFtAo8|2l0j5hPEdHG;&$rjN>cngFoa0x?1}T|tEC3v z2>2iZf{I!Tn?#U&&2(B@AdAh6L*on+CTP_+v_qxLHN@wr`C<>n5L`K@g1X&p|MXY` zRypKQh5zIY+>VH=-m3YD8amy+FJMseY8=%11v+wRYhHK z`$s#%f6+K;iz$mYi5b~*4h3=S_xL>5C3e9_a9kjjUeFlo|~ ztaD~>?zlB4P`LB3NV#H+aJ7HPK%a8OoV$uSqs!)^Pp8lT(}Sm`?e|XO^?C`u4s=DQ za&y^|)7s0ue^sinKKN(Pu70D#xc24!yVTUg(iYCO=7!?@rUNA|+h#vx4P`$1JSCl+ zCHJMx!v^oZH4;HM2qvyp0vjENJk>LO(BiC!asvQd8hN{z?-+We1m?rfO(U4}C<@}hG z?y#*Ow(-y1zjEK6!xzs3ax_b=YJ?+#>0qYZ3Vr=3>u=9!AGXhc)8`uB|L~&5vWYoU z>Z%)R>rVVR#!Xh3*OkzgRLf(ij(5uB=P0i;8`# zxMz_W+T6jU$d*R!s=l{ZgO;?f%C<+`SHW>FJeG@1zU=xHnb#kdnu)pb)aZ!wlX$MG zHies66O3~Vk_FLXKVXbA$6wfT!6PL&RE|f;jr$w z{ti0={QYx{&neC|2ssnQz-&D|7wa^~{Nr7y>wDS(?#@$QUVounV&9u{ObTZjm4~)W z&iT5?6a1T~bwnXNV?;<;*i!jOu56+wX>~_AbgadeMmHijtrALSA+{#w1%+z);DY!? z)sU4!Ls_x|U2FAl$qp615rL_R=`aAOAT*?#R@k|KcZgGg1Fq?_ub0<>l#)M1Rohc> zUp^`lzFo&}({f^6F@+!;sq~Xn>_ZqNu*35q6&cT-jTwBrvMO|#hZZ^-P9}jCLW>JC zLXa$KHbktf8|sM{&!2yN?J+Ia%VL5iv4|9)w2%w}3maw^a*D?p6cZy9CS6SJsE#DJ z4SdZcOz_zc^M};i;2F^50+f7wbRfHuct>Gh7ijPG>&Ka&q`P``w9NHE9$KP2(9{IL zd+_O#9Ma79Tr#LsgwG)>`VBxMM}ipX)S_lgK?#b>k9Dg%Z_!*Zri)^OLqueXg1BD} zPr7^W-XelX2_K97T|(UV*BVy!S~m>Nlpc-Cf)#K1>;Z=YnM_m*umGP`YIobs7{P{0 z`2L}fE3VlJOG{=H0*EoYIpLByLmCHi{E4wSVm$L$EIj7^4u>>>#zd9{{gJNC7Y3XH zZa@O7EAAq!AF&NJ$pMi~%L@}FTT;v5tEXr_MxD#X06&5ZG}51F*-<%k?&gA{o4$X4 zHvW(NyOw!ljSu4wuoIZGnVE2abCx-yytRxH(L{h3BWCRq1J7x$kR&ok-u_3wqO)}E zxDqo0Iw}K%1?Yd6^iibty#3-@{KlBy0USqMX~zj5dw#6r*Xyqq1D0?q9)EI6rk-JM z;;GqmezPGUj_r&gS5(DlmG!CZkrgvLB4M29Pjz9c-cLrs|UKya8&+^h*R zWL&ZpY(>mNy`3)*a5!`zWf38~rnBzP2@?*Z+xhC0*yO~Igb!P2mXIg!THA;B3sLce z3$4+yxv(iA1xXASBRCqxF%J$+CnC@pG_u6J121v1!A@AdDXMvMw+|?Dw7({;9ZQXm z8-H5&zcpmhuwF-}b=lCu8r28%Fa6MAKhY1+w9|VYQLbQtm|X$(Et4End=b z@T5PER@f~E762y3AwZxzO<~J%vRbDLOXF}h{XBA;9al#ou|*D%

VBhtIy&_!>|C>r<-_Iq>fOI82=JWk(l)nK_GqG zOiEGC^=_1$(R{b_wNd}`Xerj&72FiqJM@ZFNvW2Vz)5KW0QIq~Y!hkKYJNicNq}I! zl^IF|<0CV?Vp2D^qJI%0i&@`zg?J}_?xlnTqr@`f(&Gm>LdDFad@I_x_zMbN>d(^O zD*9${6w;H>1v=Ut)7HAqC~*0HH?Ca+WW;mRP<@WHQyS4Int_I>pXg;1#53QN7Vnb*IK~dtAA5 zM{+Dhz1YXE!)LAc6g-c|1r;b3S9%bIuY@SquxYy?(bbNS<~YGgV|ouH1_|2 z@Sdh#*>m&fwM1#_QU>^vaUt z-j5siBKpVhqF$v-H=Hs3+0!uasl|qsC-=!k?>lC7^gkYc&-uS2?7inp&HLLUb?>vU z$C4l1dbW9v>C_vyhGribr~L1ynyE==evKMo_B2vXaz@|N=EJYn4t@Qv`Ni4m{wxYB zp0=d8o2@T?Kxy4$bdSI1&t3I6M{8|jQQ+3%<6BRB&uROle?HC5B6;#4^&`uFtVD{50l|Ld$K?~(t@ z(%bWN&prwpGgki9xobNo-MjgRb@yMZz4JZU`*)ca5mI>-=a$yz&p%cjqjdgToUeDI z-ng9NWtKORl|M|JCMU7*`U$I4#YKMyc0KRkmL0Wmju^DKaO%jmE#v;qx_>No>FMBi zl|O7*Zr!OqFmtooV6)i4h4I&a7}~cps;EGrHMr)p`SJ%_?%AD~rI{FzzC%Z1oZirN zdOm%}J-xf;>Fr6YV#mL3anq5BxgonOD?Uf5pPpW$=5EjI4bz|zrw^5OEB!?$r+ewL zy|gaX2A2B`g9s%&Q%Pr?;-PS-0)-U)S8kJrXO3u{TmHRt2e&x~PUX%P|B{;=vt-~@ z&pezy6D6wT0*7MAsPby3)5CU`d4^b6CVLGl_s)7>U0YbA;dbUrO-I{8hm+NX9cclP zg)T8g-x4#-=d)D4hbGiM%zYgC>~NAr*}OL{!;K}?BtO}ah&1S!;m>tnB(hH@FV;4h zdSi#npBbB%Cyk18>EYFLgqeHpn6bX~eNS(mI73@P>bJl5$%iW34|<^hI!=X=frphSjxccG?Vzpd~BjIW-`+qZ2rT# zqL#rN$v_~pwRo*8NwfOH{xPLoeeN2fLqPK!U-Q(Rs{5WQftUcX+nbm_^CdSDzd zNzIO0PXrVnkZ*EZp)TTu9 zOU4HXjhX|jC}C)tn-i7*LxnX-R1cAs|OclXQVGLp0+`C;&&4% zi+**VC3M`i)*iFoJwR#r=$jL-zWFjIee0_2=l@JG+c3WW)Z_D(oH}*O%KgsIc|-C# zwbu8H`Z&y@R?6a=)V(3>hlVEn zUX2F0l4!1xToWPvJZe2Xh5KD!YmLdli zJk|C`-W*K@MHs$`WSXb|O`3|*G;a|eLq|k`M|rU+lG=pQZM>@L5F`)4TzTQf=B!E@ zY`S;W9#Oy|^q4S^HRw{&JSh0^YaqdxjKVxIssf4{IDh&}Q9o1bi2=ptB;|+Mj3SwV zT_qB}DcorW)YBwAw7?)1>Ppheck~r1cC5;j!qD)%qjm`3-+=@vY%y_h#|sxQ00T4~ z=<9KS2^D!s2_^$;6Y3lqx>#X7_nZF_8!NL(Hy^$ZO)kC_Yn?au(hq9}yO$`-sFX_` zl~K-I8eCz#!l$3by~z?!)=1dLMBiRwoOnh3MPM8Xd$Xq%iWuxnB!2&EgGAf)rYJnLo5I_n5fc*K%}T;C9ocrsKca;CN_$Qm%(5ET$qQxPy;X z%fLEYYJHx+poa9XHwLDhm_J5{T2Pb=izjK!816gSur+2@sNh9>oUuE*i%<@SX`=^5CJ!W`2z;=)e1xDes>HO5o3ALgsG1uK>G< z%%ntwv9L5D*=q%l#59Ev3s5oI9D-8x^nA{pgC5Ujyab*5yI)m)+}DHO4*2|4q)$`g z(ocxr$5DI%2{y>6n<)}A)aIPP9N!#m^$fE)PR+*J7OVtEG86jFiRroIn_y}MXcq5G z2#GbnAJ8mj>TDo`Gy~vW)4T;4^jy4D30D-d?DMyUhx%Ryr`Qc;LG*y+? zE0jgG^>beM$Qw^pA`;UVvEGjEeU|!Ovi_9zN(mifFUzTyr$>hVu_Vc0&iH>{ZhtHJ zss2P;gVw)c`I2@UzbrNX%Y9MZuF8!?E6%UHBw=!0u2yo~E2YD7Iv?NK^xm#G*JHzn zqU4ZwKCO3Cw~bD_@wF;)Tw3;Blcp49$H6a7n@`%~_lMQda2fD(8nUjKbHPRfMPgxo zznxI)+0t&skqY$|d9R7XTy(QU(RsY^TQ+@Qt`j z$%GJWFWPP~9Rc0f#3@r=Ex{n^r7BguaxYCR{}nfU`oMMqBmr* zV{xW?$Gt_;#`oT+>VUYY3`8^*tC1@b_=_KdQn8H6+I$W!>TiUHoXNuAAhw}x3>Aq8 zkf*chVEm3d^aLw{?1fGAxni>t1r6SR13 zPQ%Yqf9s7szyH;_WZQ;agXPZ0w$Bm)4o5mJo!i>^lBUTJjY z(YGJQ2F`cXi7-uE8FtQO<&i5&KRbUqU-aWoCDDrZS^Do1leEm1K1T2W3ehcTB65%J z70kRb=1-~xvN+LxiX^s80wRZHIAvDKiS(Bxy#aqbd~BtOGJhbS>TZwa)c zj8|pk5(oYks&qo9IQV(WEq(M@FKF97mX}|Wm4F=NE+W|m-k#8IhF=I6_oqJuG|2pj z(!YITW^pWlw!!&kD=~~wEH|Jb-o~dCv1fz_Gx3uZKqN-O9|WwhVuXMH^8w9>$;meqfS{1gUx0;DDq z6b|)nLXsl}5`k&X&ryPlVO-bcxVYAR^*PA3xFsnAMAQ{D3tzRPPcU{Y04kP=Yn@lX zasz{>?~@KU+NKC=!UrlGba|Y$b4*QxJ7$q8`u2<2h7Eg>oUo{%c8vyF(L@j}!Cu`k z?fdh(EbSyw--0!60iywIa{LOic*#3+5CM8vkr_^+p2tKtK{rut6BSA7;YcdToB7pg zrKc&Wf!(RK8@_;hk&yu1#2tA4i(*fEYGUaTreO|LlnJo@INug8uRSY5pP`YDa>&aXu$D)%a$LK#?;;T;W3e!2@g~P6(l*6V@xxBQ6<{Tn@u5va)f}Asq$=63nIucYz~^6sJSl1d@z~c&`}Lfvb~^ z&NtTf*`3XnC-eFf#U_%z2Q^K0xV7-s z<;D-eM$gTF%arXl;KBsx0J67){S!i)8Sd%aPZXIB73#)o*KTrl9)VpZugb8g*Zs?v z4^ri#sX^4l$;ZgRvAxz&FQ8Zd+S~1GZ_6KU_FbSWIwOp+Xr(v>kr3{w*io}kPY-VF zKQV(i{Ar4MRiEx8h!fy?)RG(>{}l< zFG}yvz(W6JcYkxZZ!>@4YQ4gdi&m6R|N3UIVv42qjrq!LwQo(2r0IH8UQA}G_BN85 z7I7iudEnPgH-Gp1vTN4&2EWI?DP|XgpB|A9nf}2zai7+_UT)fBYxkbaA@^6ohtuT> z@-A8qT6+SZ@YrrAO$zK7xdnS2v>vkNJ-judxr*_dDK>W(xp?D0=1sp}s`AJ>T0CO5 z26CZA7ZmAC|^T61hQnGfE27Uu;Ef&jf`NgW<%!LU0xI0&U0V!%lF z46xs8y^n;3QjG>|XIsLJiV~gT17`p+MRN(40>d{Ca5)R)dCzOXGo@1`j$ibD_3ZvX zHIyDgSp-Thm?#M3hN=q_6w^OEwcF8)=1$Npfpfb z^`;IIoC4sr^mU7;Xh@o`xV22+=Ig-?B{Iy2#0Zab0dwi3Tv{|^1bDGaE5{LU6JeBS zo3a;<$|iXir4%$PI56ehJ$fW!6M)}O2`XblIxz>qoGR$HD(x~j$si=IAc+d7it^`M z;`Sq$7sTBwAfVI0uB8jfIBR1S(d!>=%gedHYFlYV47D*&ocHS&|Gl3#4jwC2e&xlu zoaJAp7f0^PzgQeOah%?wYY~$1Bb6HEgV&sRH+9*C{)L$a`6r6)rJhD#Pd}`je(3GU z{?Q+YHSZZ`U$kLKe9oD#8h_8YxAG*C!z)=yq9gawMsOy4>%i70JUql2;W;515d#lV zZN9UPPOx4|oTE6C36C5QrBFWyC_F6j9iN&XrI#xqX~C-Sz7K*1P1}j@yJM6;P!I`; z6(r`;fN-JKj&B>V0gR|6x||yeYNLJl*YxN{L?yK!7GM&&*n1i8K`4)ry4V&!=(+35 z8~5xjo54j;CQ_}lU65sl4_im&#Wn-ACs!Mh1tSkAJdD?{NekbXRW`*sPVG$Z9G~-slbADNj#p_Q!)n zi{Rp-PBMn&t-%8Td0-21uC$uXQyg|7eaX(rgPkhg=ntdfMUk6jxz-cc0m3+9$fh1K zUVv)a!C}pS*`5sJaCJ>6Gz=%p3OyZV8q1RQ0k=nN%CpT+xz+^ul4F4gf_svHUfv&B zjcEI5z;0MwAS@a&VrZyQ2NM?>{&<&?Z=@^9o)t-RPz}_%wXE<;yKsf_Qy@3C zDvl4;TzYTN;&=UDXtl{T_jgzG+_%De--pRRE?DX=<+;yl(!qgWI}MjcNG%(*md|MTofXU8Rn*Hz3Vd4Si{RNcqMtH4^7uqe)w z_`A`swvLB+hnI3O8aRhS0=BuW&O32^{fY|Pn1&ux>VL2zMU9@26%bwMc%0gNm7d}4 z?^WvM+w=Bwf?OgiuB6d%=Jw*f{_!8eHk1oMf|)EbQXWB}a-593Hn&EjwYAT!h#F>- z0u+dZH;5f{SL|vQRhQKs4!zOARLHE)o~=`Lt5+4GIk)#JKH8hj&BfSDDuRYuI50X- zIzGp}$S^3GM3xzoPehJk)t;jA36i3^rr3oB6ger4%~N?vPRLWJSp@{5sHPU`ZOc3$ z967YRS+VuoX)r}_mDz1!v*3(|Sw~KEkWmVB(g46sN~UZYiVkwwh00V6lp)-Nb8&Y; zZOW$UVBK0Ebkv1Llt_@Yqd3xW#ysS^iifc}TRWnZ~neK1x-CP&+e1KD!LVby} z>GV?VuO0SAFaHYsjbe(*g=O%F60pI%6_E+2CGpLd!(9e>rqG3k}+OL0qTZ#vSo6Qh%E&vzu`|x)jnNT)-q?M_UO}N*f z*s3L#9&h_i`Qhl>VZp5KUQ5ro+m|g;KQ?D}j*(H4*V_hKTC}Kxy5_c*-KJK8(Ju=9+>J))7%h>wl|5IlhsD+ z!`(t3*hP_X9yw+|#P%D=j5JEuK!f8XDH;ndj@VT9D<>)hd_u^-O z3#85q14zs9H8P_`6@m$Had3m>?ZOM^w9PERbb)BQC7f6R3FSu<3#t9Q7+)c+Gn_wK z0;luxo1eW^7`9(~*lL+MF8@$!fPLND_2qoRE>bs1?mHS473H+}TepmshtZqzi70M# zQ6$lQPY4h$m@LTpavuLFg{8-TC9fR}8Xw^#(fJTyeSXZ7C8PK3d+gG0+JRx| zF1vOc?ah&yzjsXhp{I8{0_4sZoUisbH|r7VR`2HDc{~4?vpfh9V`qX;h(5zpj9N;b zS(;l%aR;U=(lz||eE5}C3&_DV=}`3|7f-moJvHJHD4_nda6sk!TOX zG$tS`htWcxcV^p8cnq&25KIxkBQm8IEO-(mGnFHfw%_FDTS3=gL}-6tB{>yBJEwBx z@F;E7JhSG{64%znwp6w}QVV;UAtU)kV_?q2f!Q~Xg(j_NO4YBQw|LUlK4-=s)(d<#J3 z!K>tS3CMPtm6cI#R@$f#{WD4Crp_jYVe?K8$#;8s^VMO`w|DM1+xcgePaJ%_BG!79 z+Ow5sKksS{vIO%rxp^w-{b=vBDeEfPnhj{~DFR5_%u%{@z&K{VovP)QXE`O$OpL0P z?UwYa$ki;WR2MPiv}2+c<(p&%X9`uS5VQc69G`b8tcp`rn7A-N3IlOdbpg{CCp(#> zXIwjhHbm=t+tod@t*sKOY-51mqdoGwvU`^??tAd@VL8dx@jIBE0?1Qh8-xBAqa}Ue zuDJH7E9xNE_xs-;Mk2m!Wf?Z@nvJ`J9)<3#%<- zm!kDY=_j8jo2D1OwM|*lC7PPxw^R{_?zEwgOKpc~ri@ZgxSzL%-)Lr*T#;G1Q;j>> zNGUjSxvZFmOHwvjAkb7)^e47{y_r{DRy1hj=F0y6qXnQw!%`sFS!XUT`<+}pXq(1v zxoH%C9^KpI=G#I);QX(~lZ{IP3%3QmG2Jw#`PA@{{pL;d>!T>==jy&bRol&A?8+At zuO)iul*WhOSLvl=yrt55#l>fV&j(G*cC%B@U8pLXYybR?d)bgtE|br{nmK&M%$F8{ zncIS%U5k*}@W@PmkKLX5lcSyW9&cM|P^wrGHO0j)uu6>)V(*0>s=2ANqo_V6%jINu zvm|1^5eL@>`Id;TRCsrCbA?NV(Q8aisza%dPW;qc>rK!8EY8g|i4CKk6gC7`*TQ>$ zu99@W65x8Ce_Boktc+=Fz&)F~`463(6XhA@^^_EsN(?BQcl@X?op!TCRy9*LS~vXa z)oD_bD`JMN8dLv$?Slz);tcI)$6sl608t}QtM7%i->$0)W~v!Wl*4KqwT z)NlBSf7bb{wD=aa9m+Fu63+`F3KvOyi5)-^;f@qhZnr=05v^w-^M5$mHr|=jS)ojo zE*Qj9i*VmtTe|X%LTn~ynZwaAW)Y#a2qWU3yPxZSq-W2;099OkQTOlmijXIC90KFW zaxPO88>r>PJ<~TIY`J#GW#Xs;My8o2C2pvvXnslck$130ph-Bc3ggv8>^J8us26E7 z{M0nk$svEZrC@iayh*+|;(40!xXBCi?CY9m0}=6m3yhWCz4+e8 z8s6Cw-kff(VV9R-Alk<>4HNsXdtR-Wy?*0|N9kV%osT@29Bw1YDhy7t`GDMUkInkh zwX4Sen?2okbj1pTfzxhZ&(@xO#ct2N`9|*kQUi?*wgpeJ`mo6$So6jyxldQ$%o}92 zu>H|YeMRk%oibjDH;t~gJnC3Kc85pq;(^QT*II;4n=X|%^vKrZq1#85-kxOD_k3-> zcjB*;izLxEQm?7_X1w0R|C<`?^U}VcVv#{d*?HfhSouLxNblLREb3uS+ui5=NjaQM zK`NqPIhmX8L~fy}q2<5d@M6h*Vy{4J#9(d}Uon(kfSRWlk7s>&_$JyOI809qC4_?wI904!;o9G}O*vHK-RIA%3#BiHg`K1do$_|Ut=R?ET;dz1ZTZQ| ziI%ZjT0Qn9a*$elZHkZq0xZ?Q4aPL8efWhD4yYD6dkN5#5nWT)&f2XChA)ELMTnv> z-jdqYZ@3CVZYGWjuP&#Zh_>K6g|?g*_yCC_;DgqyvZbW|2wMQi4ew@{)7|zZT!=#C z$#{bAjp1${VO8QoD_iFBYS089Nq6O@r%YQ&P{zN8---1_4J^jUF;hs4ed9T8QW6ZT z_|p3J?@zXSI>jkVSpcE}6F|`NqQXBl<5)8hj{-Ik&uLwB|L{D^&pCP27?31-dY4uf z6K*ws-8x_0eT-rVndDbGOXm2g{fbvv#D~pYC z0Vz?>m8TUiUo>RrDwn_m8$*7%J*;2AUmFeY`bf0SD_zoavROrg&-OKgG7l+fmEB$7 zJEE#(Ui70t2M;OlM}=mJ3kI3JXqn9S-+T!LLPsN4to4;&DwA zq&8ao^{dq1n~gmI0|lLju8|5HRRYOqiQ76yS-a-oo)L7Bm~iNwCJbUAf*8C+Dj31w zPHX=n<5-jd6bEo$Lh^}1pJm=n3s7io1a~?9=m$~S;E*9bK#|}EKxaI4l!Ota!kWBU z39x~SXETe7he>k3`N45IIk-|TGREB`Z*9!_slxF0WD|B`hSzS^R-bJ1)v@Zl9Q+CR z5IUn`*mMZ~Wy?GxD{TQ1DXqcX5u&&z7QKEq(>ty9=~&MQ$Hq^lHpR!Eh&~NKmiz|< zkSZ!p1G5meo${%R=(Tg6B>QB&pe0hXk|4XI% z#ibLi=w=Q}J0fnIK?WYLqY}CfKxT{5;=lenkUgc|2!KF8+$e)daUR7WOUn2HIFW$` z;r9_l4*`;)YvNQAEDDW2+h=m<3YS&X99C8*sB*Ywgm=d^vD0`&)HA23n`>?#;^R?) z2|W+Q143g^z@ZpI(F*AJsub*qy%Hpwd_EBXkT}!DqkkjlX4pz4av`vO{yDU-l&?XN zqqCmgAo?8?HC)hG)Mq5TJ9;}YF@P?3=$S|$CYq@puM=G2vfFRBwE$jmZz3*(m^o2Y zwc^@ijLX2*3#A)QEEK zuG2}+g;IiKNRiX$famyxvOKP1Zp}-U#@K0v7ZZi}$x)h_kY9Xyr8zs zW+KQJR*-sctZl+X_MW(TVWfgeg}!(AcxvIE&ygu7;$7~U_DkiP6FCkx3C%K3Hl0Ex zE$#Y!qqJMw4&st6?+E{WF?fVpmtckWsrmik0E&4aHx=u5Pr(^1t(?~x4c9l)w7X6> z>+kq!qQ6^*gVCP%y||N3;L2yP9X5#2(BnT4W-#9A+h;KpLJ&?hE;UZhOkOA-&Wsq2 zv5%1{(wFeA2xY$z@v}s^$q0Y=Xcy2r!ub26A!Pk2tlj3DQMSPH5mQy+rNta0>N9`W z7K?5vfpDjZsT&*zEQ8oBCPjGC;NKjuKGTD9c_uW)*A#rq7w%{=%1kBHN9;5h&lG8= z&nE+}@x|wUeCL?thV;b9p>z;?W&vb6RJ7IWh@OUd%ui^`(QNn1RubX7;m)O##5l0a z!NH{`ou*DvJp?8i(3TqT6{ld`fX=T2I5p1TN5GdPLb`=rus)#k{*I;G=&Fg${f-53 zy>Qq}TYGHX_+_EoM^Px$H-Z6V{@#xy z8q<7;(X#M@N>xbAb{aWs+vMQ5k&|tJdc$vAio&SOr|lR3j|0!Ie{<~<;#VEYe9TF& zz8-n>J3^)%aRqI~y)}!4%K?qhL*B!gM@avV1J1p=YUG`_;!KhiqYi7D1XtbBu&nbm zmZiyW{@9RlUb*dX=hsmJY|6r={7CroCEW2@3SkT)@hxqcKZ z*AC9LFJ0UxL+M|4_pk%0zAM|bB@C>qJ@hPAe|;@EVsM14gxWuoC$G9TW|-eQ1t%AW zZ4z^%=UKWR%}<}F`Z!o+wSEt;UlU$zD?PfaPkiIav$U>JU!!849u)NDr#9I*69=R1%VCY+h6+N{}d-)8KlOvBa zRdI0TYJGjILL!)judqAdkm?8t>y*%|+%!|YO}aFcRzFG5WMWl9I7lK&qHBD1+i0&; z0>4tB*_iCW?a@6o^5QBvd~^gzilnIwGcHle2|>+RTPK^{4h)s6-1(-$^>t3p0divu zCL^#A(o^rW$Q>nG>!*6x(pl{|z@bdLOLdpL^EOL*#t3m|fsv0L?bcvtrzS`}UI`Kx zLM8k4>pdyQ2B^mUo|%~`HL?;Q%6;C$ij!-kmo*6LnuxM@>^XS-ldKZeE!v@}wFJunx}Mcuq7&Kg-X89j-oXF`Grt*u8$yQ?NOuDkDW zZLBd+#I>#MyKl^y3UD!9N$Fr{Xmab$s+|vPz0>Qm)-ndA%Z-WJM`i7IZ?`LHzB9bz zCY?>PZ>|xKh@Pj}x$t}X_0UiTJ8^CeYrS^n%89d{S*5ngwWT+Iv{u*PeJd+3m@z^n z*8S`inP@sEwQspum)GYX)4Bxghsc8AQcME8c~d#0;q0tYXRn7X`O;dpQw`+}G{L)i zZ*>Z?$B8emXjqvZQwzM4scAgX)^?sLQv-?}f15aY=c>;QzTcmzO^UZS`yq2#LVYem zP)HT$&eoz7;%>e$!$eN^XI46ANCjgy5Jfmgq>OKPJ}TIln& zf!nVp9b2P&ZqeZ7cik-x4zMj-VXdE~)+Un>`7k+lYmUpWYx#N6Kn1&eN*b(srTwnH z+z2bxm0#}c*t)pX@$>GYr+b3&3{W8Y^)qv<%4k^S`?WCe$Nxn9AG{`PtTH=u^+m$- z4P%Ozf1N3L{*jdGCaK5^OM@;}bsIYGryQ*Mm3Y?%5v{_f4p zbh)DT@GWQF9&P&etuSg><%A3-GZq$RmUwDf-wE!DGx_a<>-U%8`D>TT2HP>Obcp`2 zb2&pjuBVs(x%>8))(LZU2Zvf~#Le?dneP;Q)MKtg8nDzP~xBe z<3B(8pGd^o+6!~cXZakNx>xt^M@6e zxc|5UKtzNg?b5fzy5><$uA6h{CdOeZc=iO{!XG3omD+LyQ6IvEApM}iA%Pw6tf1!4 z|KboIk2w}r)zU6Ke@&#pW{^7y3-&tn_3_Zvv0;}&)+=xFiA}g5-jp(>e_GrEN6=%CT~yb$!1pPK+(()@U+q>;AmI?6}@q z=&?LU33)HS0KylNfKreTEV&?N%9b69&J&OA&oDD-ZxOVxh(6@p$M4!yYX5GEVIErW z3DTZLjWf9l7;O_8I(u~fe+H`B>D8@D^AHSULO8Xkm>j$C@Cm>D^6pg(1tpqXI(^ZP zCvD{5)(Eg!ki2&CV2|=ChaWlt3FD)=py?*fSWAis&2J+N^TbSo*s$9~BUq`tt%+|9 z3adiZBlr-lOYmOQ0>~0!R)Dkk-mc`td~60s0uZBuJ+)|astFu41rN;%rj#1{|33fh zBhp7A_(B$3TeXQAgG>yk1O`{r2^_#Zj8fuNs9s{zj!&^mWxVF**#j5VNILS2D1pjF zP%>=!?mzsLe!xxc6)`R2OX-MQ#01TL9~JG^x3EpSaTVo7AnkX7LH|is@+?W^v_~;8$1_ zg+BAtq8m?V^l|?|h$@aSGn=?=f*p$NDzfcI8s?#@)XAxCx$mUjVPps625E=2|-zXK0TvM<@ER^;gWG2PsHV`!(5-y&*Izki@O!%~v4=9|!L0gt{|Dm3IIA<^icc{vLJg z$(Y!%&P+=OnoiU|E3VDIwyGuGvvxoMU>3a~&+Jn3ksw(Lhn|?S4}^w_k!5He-)811 zdCUt$Bu8~pP`_5C`-|@Qt)M9)SXKgflT4XXTM!%V5GPAU>&Z1cOW)2v@x<0f-U7js z=sdB1bYJ;6Vqq0vf+}J&ky8k-G)Z1$Ux`demiKTKt6~PSqwS)n-tDzKNimCuKu3(Q3A;lNlM3aZ`CqjnmWBME`&*nyFXQGV!< zsefTi-Ii4qRljVEq%P6aTt-=E6uvu^N!T~*%qMnT+6VW{d32UyQ&*D75Rv<8j~!*2sE|#d-GZM?ec8tskHXs56MX$STLJ&Mv#O>1naJ+j9_Ls#hPK7>;r;<1~L#}nj8;m4SB!#G~Qr7&4*?rwc`tIC({gM>m*og!S0 zG&l?c+A_#MJtDUiCA9k&rg$!v@#0|MKdp&(R0cm-BE34yDtN_2+)p!++;Nt#xQ0^U zBFa4!N92D7f9kd=YA9Dby#~_4xXtq8*W6nl=G1>3rxQ&a%^s;JVVOuJ`J%(t$2@}G z5a}$bu#OmfVSfI}Fe9pylP+S{m$fvgY3vJ{-Nf(56E8+Z4faeixwCh`&j$qf2mnCH z)`Gz0#X}Om_Y#zXxn}Dy(HeS8b;en7lBZQ#3RtKJG31DOC0OoPiue_Rvq71VvD4G3+Oj)JKM2xRFCj+-B?QJZ!q zBP$DI&>}id&cEF*Myy7!RJ4msXl8RVs6H^Tr=A|m4)6xWE}r`Zy4bOkcRsP*F1ve0 zgJZmwX(p*`W*JiGy8yo?oLM|9YaKJaL>JyvtsE=m7;lu&@+w@greE^E>f3$O zn4!z0I+Q<|ymvvlSVxO*61au|zPmZkq0fqTxZNo2LW_qA5EVATxoTZeP+Xi-{>1$t zt@MR3BG2vp&_c6vX$iRC#Aq9Nx8@}rMI5kh%QF^qFMWedjtY7aZYy&T)#b9AcMfTr zaXw_asw#;OGQJsj=j`)_kC}9AKe`3P?%nBQ%VlXJIUc#JIE`vT6|m)ohDr^JBELQ~ zl+6S8K)1{FT(SqKj`uGbJ2$(y0z%9MXMgl>{}6?d9~G(Gj1e6wu!T1EMexCo?&dmNUYp$-4ljz^ZcvjljAG=nH8MJj<~qa0XFVPT=Cdh{x}Y(`)5 zH4N>$!r0g?uXTn`hFR{7HGf@O#l5nfv;eVFIM!gTof+j^Dy*5}-m_AI5CRLOj}oG0 zVwRqVt3_Q%#qP4qoHD8Mp zk5^~G2vxC&@}*2$y*bC?zxz{(`*X)_g;nd;p;BHafN>ZQs5-u> zInsFIgkaRf^gPfNd*=?U{x2!2G_9;oGLimG-Tb}Wt;0N_tyErqt97kzXsE#GQLtp& z`~BFvKjR~gBEM#XqvtMY+yj;bF={aR5Mg7bwo@D~;GGBC;RpffNO&9S;G_LBc2M+d zTw+Kh>x(*D-4eg3b(ex{*okKr^VvjX10teip}rxQ>>AU7uUG%G#9nD~XS8kosd<4L zl!kSegdYYJu;lMKl-OVoG`o$An?T{iAr?G;cpBmm4D)zNo(g-1cgE)>y~6v;>1Zk~ z=meHD7cw$!5Ix@eLQiQiWSX3$`ur@{!PYEQ__Bo*t}&v<_Cw9wqW%H- zaeuY7lriQ2Q;kvOndS9dAzTKGZs{s#$%2}WFAfVG627$RS!GSF`EWrhz6?;*UcK5o zyDnjs+^{L1QKa`Id*{B1GFyx1B3yDXy4VuxC?uX|XK&P&zpp3b6}Vh>sPCWUwlh(P z@$Tf$O@NuD*lcx3Cr*7XM9dP z2oM3{rBO?Qkwk1B{au_DoGmPGwha;}wy4J($^;a)x=pjW6g2`!ULW3X`c6YANsb?m z)UHaiH`k)9Bt?0&Izb_$8KI6djoW77=-)0bm;H+QPMpZ7_2+=3>0h@`UA&xsIoyBb z2N)h64+O5I(jYN$xnDorzORXtGK?R>n-B&$p_(s7-Zi`K=~z^v4*8k;(3Zi#1unlx zf)N*VM@LPkKX|*CPQ-bO$3VtA4NuP=%1uEd5q8P8FHE{JuIr$DoM<#))$0#sFEuz{ zAbFuwv}H_oO8i8E1GfMxN7}RZm7L~T(W<-E{6Ihp-4^FpEchQSK&K0c@yW0%Rw|F1 zYg-I=){5IjAw(5F6ZQZ-&}>$?2qZoe?kong*)lf7$hFy&T+(IS8{9Ho0BE#&INBOC z3=k%Dz?l~|EBvaOv>x5?0L`{(=rGbw#<778^d9ho5SAEsHX3_nm2-#lt#dk5t8M8? z{~%IvnH-Z$#VZ;LHT$jE)A>w@07TRy>s5?|k68~pwuH7p@bWR7jN%N1<~Zcrx>Khs z?nGoOlVuZo#rjlt*VJbD?ScE09;{~S@G7$*iG3K=edEUE&`>d<9cPAbhE$G399&wA z-IeT_Syn2y$u6aK!_%u3w`YMam!3>OmKbUiRt0mxYUFyx8N5_kl|@mYYbn zRE(C_R*`@Bn3@*R+;!bya-MdaV->L{Gt9_A!vDiT0mnt?rdT#P7Q7%jGa|s2jqGH` z`ftBP5R-1w8KEt6yJ9E`n^l$kChO?8uYZbdJI|_TtL#+U_S0&^JZk2R>}R@_RE=&F z;={_nvTH(g3P;I`P9o##`GOYx(@i0>9;J z&G#6Ue7caleZ7gowdr2De-E*jkP9$)y`sm0o}T^M`VX|X9=J`z{gvy$f>$zI3uK&k zZ8sRV=f6|wqVCT2f!A|pe}y##n+~@*{e8n)({W*el@}}f^sI7?*DZY>9I?DI)K+fi zcbyTR?nKaLa_ANa6R(<9>Q+|Y}5GMDRew;XLse$~46N$hZkL3P9Y zVs0$HbP+NcZ^?y(BKfGP5 z&d9*`% zm(-`3-GdhD0kdV26cG;+1?504^9AXPDI_Fw32X>Ek@n`}$@*85yWs56PY5tCbOoZ6UD zD2(YGyhsinlkH_ai+mn`4*ID^_n)FTgqnvqBP5xj<-)m28^k9e(T#r86W*qt8P=yz zb8%w)=Rp!Yv4<8VLJyIbfq;kdh{ywOY+wuF)q(@t?QGbs)nRl}8de)Xe#38^Vg}LH zBN?(qC?G{!eVTk*));x67~r2dVV(?04+^ykNtW z@@enyPVAek)RH9S^Y7AN!@!)x2>;OF7YB2Gkm$2<$*aIO!7DfRKHMuaYs;$FLmsWa z5>y-^n|5eQuPqJd4UA2Kq6^dCnv8Go9TaxmPR?H1U0ufv)tPVeK&MGhYGl#J&6sf{ ztcpmE=kMON%{h2;Uf>+42#!`NnlscCpmp%rJXTrBpjC3*%L2|fyFEoMaYPhU;7qNO(XOuyz3IL~zN_KKtD#$eBDMGljSB^sKwBl;fyzJw_)>yb9Hnw06om{f zdb=qO?dyszv7l6}UhfU7TH-o=G>7nwJ19?HC=KhqE*6V8p-je`RN-}@Vt0NaXG5s{@pZ5Zy>UWH;$n3a*g zXd-|DMie@R4bzUG1Ic7+1xFBm4MeFlaa~GxKav7EzS(pR)>+rm$BXs$wanKB?*<3k zap|=3dZ9rQD-quE+N#(uZHS>r9TA%WS5K)h)TP;FsV^kXlo_jCnYyeZOvo|VrRlQy z%_$`hnfue#R0?Y;u%ysre){wXjjgPt@Z8lTv`!UD0jeZX^$N?rP?@&Iis^k_)h;o% zwM*>OU85<5}&B;uXZON>n=KjX*pH?@&E7w?vE|WfXAECEL*Ajj zPuqMWbG4g_zrC6L>JDeNQ3!$-abi=qfSp6Thx*p&2)EWgi8~j%K*9e z+rhTPW(B$ikto{bI@1bhpTSOyhT0WZV<9H~GG|~gP9~rQ&)IdqkiE)9#$A!6-ZTPe zx`Z%CWYdOgd`BH^ikpLpIjD zVB=KkQ0oGSz^d6}iQ9AZXp?e=t~Zr{w^k}2c`!(38(u}Y1B1&oU#4W8P!+5wUH z$kzkXr4hh<1sD}dZC-$8awFF#a_;+0qk=7@u-E_zfF#pja2w*nIy*aIL?}lZr#+ws z>VASz0FQ-xo}nF&xtWFD=(k_s#?gLs*X@KNL~Z?alaGVF(F~(FAVrbgtCb?1%cX^T zPUkS<(Vd^Z*=XrVC^-)L7JV-D?1s^yI~*4WU#`@eHtDKb<(T;jYB|^3pBa>u4artf z{Qg-Y`$ne0ys`f_Z<*H zH+A6opS>T+9c}w?`rOm1^*$@}bMCaQy0a;gqjcl0U1!0bL2*M4l61~}!3d<}NI(D( zQjT5sdHbkm(n`nt_6w<(kO?Ze5x@rkgFM&dRW~5fP&}cc;WU8iPQ!DVW3}dkA3y$ehs|wEN}QkAx-i_Xn6d zv{@nM>&!P+q+N+Zsp$V=?@i-+&fmXp!(b*m*-G{`dlXXHV~EfqMWLkCS|TZ1j3vep zk|a?osZe$i$(AH75=oLuQb|(kd>%Fb^SU0_t?Rsh-k8VZ_Zz0Z-_Pg09LH-rO2%A( zBtfnheDPv?`f`$3PoHk=pTvYPd}Hk?T=Lc`?wtm<1rUx!5RPZhX(p6T!jHuHNNWZ9 z4iCrMoJXVuQ)U=nMIH{qt)MLL;N56$NLSdBYBw!qG-x^~BLE4Hgwl+UDT1HsU+80j zo#}kKJP9|tTy_kah3=li)4;+a_R~60DEtWIpA)2hUEdCd!$2!q3nvjZgzFU&lG3|9MY2GE zBcraRJw5Pq&xsZxiZ9Qu8vD)nw?gA-&P%mT0v80t+xPzW+Pc)q%?(@aT&C1|?{3G6 zP8Sk79bb94N=3ofKG8(+*yF+-FMc{2^hlZJ7qHRWX-(Aub?Q2J6^XFnj7MU|s}_YK z&Aq;M#o^>gv4Nv>7D*N_9Ni%J3%Ktqp1Ma(f(N6L`=NXx)9Zlyw>}pvVxLjzvap4y zu(mddw(BU+MBT^i8fDAJskb1HcvdnWWA*2Zkw89B$5HiPPhkEMZ|Wnu!UzIP~N=6hS93=tU8+&m^Z9aV&#$#h=URR*Leu zjDKX|zG$)QIg1y*F=wK~5(%i`GWwsUskz`*8??L@0Lz5{QM0dlrP2^p3Zgl}w zzzHpfpj6#(AOeiIG&cb&MJ{}pxSVFWccRd%kABwuyZYSP`2D_1i(Gu-*kbX(qg9fc zj=*T;rbY7<>1(9r;GW_^vI?uB(ua21%db3?XbmNQ=KA%YF}@p!DME@mj$(msq-Xa7 zfuV)5pMtcHKIuApI6&JHy{<#OXL5_w1I1D`$TR>rb36|3tj7+bggZ+y467zE-R#+k zC7WGOTqvRnR`L$!6HJ>_90+Q^>Q+T3PCYSe^%(C5eIW%1eSt-FW;!HIUlto)q#>Qq z8$SN==H>z#(G6P9cJ*+Fj1&}IeR351%$is?yL(4kpHUccJTxIO^hkEd+@%YiI~|*0 zyW@q+m*#cJ)2DY(8s6rx&DViiDa&&vhWS+8oYOnDZQSW`em;kvO`SjL`?nWc?AIx! z4)dIDmdM#}oih24T>m%t zFsm-``gJ907cg|NI&Lp!!%={6+9~x~$&%Ho`6}5n?o`AC=F7MQ`eRhGoZ<&ULuF#L z{KFM43R6yg_Ae`I9ZoPR8L1sfAe)^+7|Q@f1xB-@kya12V3k7o(lT!-PaHE2E+5`v zkzx#e8=+SDK(kytL#q~Ymw;c(lHtN3BW1}W-&bpol5{N4vlQO|#4Iq34Y<<+ah~J% zH-ISru&!S{a?TC*G0>@XYS#mfrZeQPq1UdlCwE>%=>MWL=prLpyg;&J{Q@ zJB;yoE=J?b1eb2V`zsIw3|D-g16td%ODO*2)DWJGD^DIC^nT*$iltXn7mRxny9$|e zO!6HjSc^9f^N?(0`WcrKb}nI*^mLD+1Ly9dqXonFC>!7r7ituCq?HZ|7J1wT?Vfn} z4++*XQiJ%?bf?}x`$iRs&=9JK(QcBD1T~935MOZyt3&YI+NT_sYgrvYpE5~7t9ytY z;24pNsdWP$hyDDw`0e5&o^!T_UO4oy;EY0LOqKD#v*piBcHf%aNwY=)KjW+RR(pTO z#m;Ks9ilwaGiRe$m9N*Z2kn*oY&+=en*2Qc-KD`#mv`0}dI1b=!EmRZ-HuzhCSMDk z5_9=$iR6btBYQck&{-%dG?l}_a;7n?QkZc#j&HfOA>y%_#Ftdkq5Q{)h~gA!LDyF8 zDTGg--UegPkbqCGn_iR$+z|WoEm>f;P>kZojusk*08Sb|cX#iaA7x6_|&dg@glrBUWDDmh}6S4C^ z7z^$as){RNtC{J)N2k2t90Vyq&Z*;1T8lRYnUFK_%a*#j9;a>~iWGO14Cn#40y5?d z2R_GS5(hxD=XJ40+INAkczd!ZM5YWUzy(jAcR)ra@v^u;y;jqV?m3Mp(d)vx<&=+f z?O(+~m-o0M4h8JM>`F%H@H>I1Av89<{&u%)lP0)4#2&tN@kvlo_e&q(qt~C!22aG) z3#P{&oYAFZ3gcwDAE2{k$C@bqd<bb>3Rsy=#M9+SqaTF4h5;{UGXOJ~AS^hb{k;q321C{857JMNDh_(j z*c^1Y9E~C^ieL6X@imKnze=6|t?_O4SKltFuFI-^8$Ya5M*QaXJtuDKIZ5H>RD(2WJjW=ayXZLtlX*T)y4H-KhnUo~7tZQ5P=1ocWQ@0~F$4)5GM|}46 zcId-G`-@kvK17s|W%s&#gI4B5uZoojM&qdgD9`O{RWd$}gl`GGugZ4+1A>v%vJK{X#ckBqA#+wUXCybjMz_Lm64SD=$fc3#Js?~rW>nBG-PgfW1t`<5YtzX|za_Vwk#>dA~EtGk!a@$TUKR(VuiV76${0WH-nWn?G z5c!9$DB^2pkJ8R8MVrpa9I;TH>mYQ6nJUgg1I)QyLoQ%HaL~-ASCVZwf`wCKPn_Mn zY2}D63|NK7J~eO;Qng{70m%3PqehO5`f~W%YuvZ2J_=5Wpg3yo`qz!sgz->$lLz%f zoT>Jk6zRlM?aq?<1$ms6>>9k^7L^Ijcf;5$!U;yzCp;z;RiLt2Gd*wO;_c2z%S7~j z5^DlVm04@nlwJ>bWiy%sh_`r(M@-5DQTkxJlDklu?cvWhXa7*`Dsr30MkK{eSU~K9 zI5+~JJHfX}vZkYQV4!AGc6-duujX{m!k@){w~r-NK~j)K&xIRfTD5ldhhOLJO_E5oT6Aj1Kx*Drj6|jb z5-7eyJPkE}l7(khehEzQ^XK#5T_v6(`-fNd9lK~bHzm;m@js6W7JVM=*T>q_udh;5 zp>Tx@(NBw>}s_z&;RU;esWR+T#Y zK*~lH%fSlkEr0X1jqVp2ZkTi^Rkv`D(~f1Dxym;}i#@Fp;-n;cr?z+2#%oe8mUXGbQZ61dfzlw%K zNZ#nJtvQjA(&MVgEwwRdlG@gmwAagnLhQZyD_E*HmtAK!;$ToVR#+Kq?D6t9mGw6^ z&pw5Ug$>CRLe`JzSzW(O>(NT-Dl-Gpi)d&ASuW5B^)^&5ww2|GE}YN6*XK7T@(wF~bd!Wk&uY0!$X<5lb>$F+KyMC2Q55r) zy61HAxiq`0gmg*AM&C*VLW~ zy_^|#eO@`D7qShxzTc)_JDzAAK0kxWi$nzhQ~>ARG%q>6R0(uY(0m=8IdD7_52oIB z+J$XfIXk`?a9}}LF)s_BwBVk$wjtm1ydGJ-c#w%cZ%svE>iD>{_`RLG_UMs+$^X|7 z{@cnolSQoO5F?;=(W!^muWJ;2cQ)J8IBLj{AcY+U3Y@2h=4s~`o}8TXtYTrK2WIKf z*WwDTCS7XRO;;uA{AATDnzmoRn<;&3q`UuR;n#)E8-{A?uKMLL= z&+FQh6_hS?UgT%i%B-rDf|+sP{w% z19~w?1;07=hZwklnW6UN-K}PwSI`Je4mdUYky)O`|7Zawd`P=~g8P11RL1dY&h*Ue z5RaD4?y3AXxs^-djwuxxUgwHE`0w0w^fi1_8*i7>{mB68X|h-^M_br=mKvmxyKqv9?)Pyt2jH!9%PO;0rQu00i8(OvQpcPwNPW($$BC5p(lB1JFJ}-FHrMA zAP%hR5mcH3rH3(+K$n?$Q!mgrCbr0{F!^pRE($ z?Z5Q|$pw{m=Fv8VN{_wHy>4~Rf28xwrDSe$Au$mQJ`KI#i?}1Ec{eF_D5~kq7WfXl z+P&h5uLQ~wGy#S1W$ar@SRztW3Q)%oQXivkarj)dUG(M4BSw!t6Rr8S*3{X>r2}I^ znf1Il_79N`y1&wiUOFqG@c!NQH%=C0WO|ytx*4Zu7_do0|IjMuTSg^rTNPcJsi-U& zQ!w{%YEEZOl^^Fdm2Ne2?ObO6J#Kzpi?F*xVxJw}8-FJ5Y=Kr%n(`o*!mp;zqpQAU z%+_>QJJIh%CWMooX5pTeWA%zGYzFR$lZJn9?2i`il`bAf$yYE{-XW3ssA%7)+ZzC4 zJ>qW=znQ;#z{yhtS>sE?uQP6A*@w**&w+C&H;Jh+O>Oc{41J7ieXsJ{U*X-*vvq5| z%edpu52l@*)lMqaXmwB8S+scN1f<{;1Qbp%PCRK&O0tl2Dz7EIX=m~>dam`QjfvB0 z1~BgNYw;=%Wzy&}AZXwn#8AD=()g{qUhL7HmOXNCSc9`@y*Hd(M?ZQi>`v-|7=vMo;4y zXWjdtNs6Y=BP+5cND7jq(bvVbJ`d6v#)n*o{GNPf#4!NS&@3tK)vHH*v>yaSA3`3& z*$byEidMmv1a8NFB<4y~_0=V@`U4eBD@U$sljTzV%dq*QbFbTUCfuNVy8A@StFDWybsSM1;IiD(5rueP*D-9bE*fG3^yE>FyN2+SwX zs%zJ-OP!n)342B{Kgd3sV^M293-ZaSU8V<4&OCZDY@Lhw39sobZfc*%eWlsQ%Us*S ze$1LRs!7k+ZasTuTTa^ZJwJPEZ`#(ZcR{Mxfl*C8JH>7dY^AGo)0GAKZFr{{RvpV8 z+jVqUap%sLQ@;gv53*DkRa)nA*JtqgIe(q_Tk+iLf{hp6&WJWkFftq6jp+8CB~h#3QC^o8eAPRap90o!j8%uUXW0N{UxE6+*OK;mE=Kx?^s{5-Q@YESREImjBQ2}%&`IT<6@{kyMG6klxbdJL~UV& z*l;OqNWWvMuS^e^Q1wV(LL2D&lUI)C@ymnZPSZH28!Gm@?*05TBhRK!T6}Q-_0y@w zaZ`$P9c`sPqt_?Oj!bhBwIo1W~wcfabDlg%PdK03GUFaO|E zpXSyruqaMj`m!j>x93p{$G)Sxo(jLeCHq34N64Lw$95YGIx0Twq`32F3&qz?-7btg z-MrJkO+S87+xB*)Y52=%Z>6s$V{T`l0cO!K4C+%+QA(PF*Z%!>MF$NL;}I0dw&>ce zTi;H5DK3Hi%rEuVJ-dHg$(JvT-QCw9a=^I*nIl0R^UchvCwd>`sN^0;cd-JIt;qaz zbS@O%qK1lxFd>^hw$uBU>+h0+2M_l*VQKJuycd+rlR3kix9;{_chk|MN7tc4Cs9_0 zW7p5ZIPVzrxw4vy^=gs(lq^$UV>2@*_@spnV`aidmz7}FQhl| zz|&ex5P?0>QRq8~g_j8XW?f`amir_{E`M^Q)$n1dr9b!@{5uNXudcV)3sJ;FaI5{r z0l~HMVzTlT)q_-8Qakr%kRCDNI{quxuAT4u>0$Wy2zFTb_0^chWy}}`e)b~>We56$ zytTk(j#``HZK)Q-{{<7vo~OB^-Cq`E!m_5ACp=IhGI4K-iii(OyGIB)W1-t1NtaQ9 z!-reAsJ_?z<|; zTfr5BdAE~E>f__E76Ad1lw(eRnfDzh0ov+Eh=(q>I-Cyfj}|G9WU`>pP`i7%t(u{s z6(pOx1VcvugEM3>LeI9(GuMssK|$Lp)7=hLG5<^I+^_#RrT==~9*gEfksxhvZKvfL z)2S$=;#1efgWCQT(MtQ#kZ#J4U)(sgLf>aAS4gm3tHa}*rj81`H@ttKLXSE51%AUv zT%Z5EnZvi?9WxfJTw=ESWD{@Q$K5o$1*P7)v2tgNMLvn^thEw0Ozrh+cii#QcjjK5 zxP3uVxmU9}`}4YFF3Gx~`p(30OxDMA%Zzuf+>Z3MNhNi)CFQw2>W(1{=>UKKW@Y-e zgko0qbRv>)kMsuyzhB_QtTqf;Os&sOuFb~+>^a%(Tk>?Faaik(B%_+fBS8|dCVVxY z2K*0+UGJ(daj(1~UaQ!jVX<+HUuQW(*+|Po|D6(Qh475vMkFH=VJxXPj9XX!cQvVQ z-3e|eR<0sswl*)e=4id0pWK@Ff&$D&PnWY=yoaRnoV^h5UK=v?>S0@=$00B3fK;HW}v zv0#`vD47l9MAtl6RnrXQNO^xh{ooW9^j9P{lH!6ues6jaAVHKzox6Y(giw$^Xnv`d zVL(R!E@b2fk;CY6=>1}^*MOEqf{(^Z+IDUph;+&J<$59WvFcWKwYEe-l=8jBxiCxlh}d2v$H%=m-Mx5) z($2Z;0|M-P^vY1ulu={);)a4ehZ* z$kyC|+s{3q7Z6FA=WsVD^*eI@->ynrr8Z&00b+hB7zyF>&&jUw^_W6{^UmK4-%KcR zanE;=J5k(+Rj*@znQ>E%=+Y9gf@Ck;M*JxA3JE_Ypc@qj4lf}qMRI=C+UCK4kc4bN zB@W(lLDopNaJYwBNE=)U2Mhd&XvM%p;K4*+DMe**cC90#iK(0haP-iqBY7}L ze9q49g+@tnK|ylnNlr!IvP~w@Gnof>L2hNrmg`_4kH_=H`g)?7-Q>!)?nce*HeyiyTRAP*uL0OM);1WwZH@22CQHY{)LHL5=vj~Ch55z&z$FO##lmN;aWYWR-q z(h?|$&W5%X00ur7mX~UhuAX~>gB$%9$sjTVR)%CGS~DWbYRQs`${&}E=yLhDW^!WI znv>|uhv&Z$yd04fSzMSCVPO%8;ygT%Qqb2wiEBubEm4(nG1#TFx~6`$ucAV7YUZ{jAnSs8K$XlOr4k$Y%G}ve17O( zxN}p_wb(AvkP4cXx0d$u^6p-LT?#z}+PiAvh0n~B7iQ1Q4OwpZQqjmI&ZA2yK z2L*!Poat1|kYSk*Vz2C)>m2xw+>VOkkPK#kKR&xs*S5 z?b^l6w=*|yE>aaqe)nwe}vTEw4`pz6j5EiBW#F zVCDT)b$J#J(ju_c>T3M!I$$91sAVY9$<9W;(^{F;<$Bb#slN@9JZj6^2zy9b)@%1Im9=Fs)u?D`+NR&r~<#w>i2{z;^C(R5tA8`AL1Z2CGl_B^=QPwlFc z{o^G=0{?jyu~M(*iEI4JzqVW7EBt-x(S^H`g6^$I&AIi&{C^@bcIp4`$OngQ`oBg` zZg?m=GFrC(Z+K_hWgTW@P@Kpg{5`wpQYHx1za)*VJN|ouJ2HO%zkm7v>}ixP^}pi^ z-3J0(pUEKh&w+}KxcfL#VL`Ee<8HgVWJ5;qkcKVM)?Vx1rGrUk(bi6+t>&a*5X`|j z!N8ggl0UjM*dG{B*w!}HhyM$9Sk}t#^uWjWbpAAINYiP^ipS=*H+~y~a)VQTn>$bu zY@a%t^NUu9nK7JcJ-!$G7b~&j;h2a z?%q8(W%ujiw};my=B;gHdbap`+YJ+VsL%qq9+U&99bs%;+G z{lFzA9zrtv=>3~$9X*i=Afz>$3_0Sw%J-2Kg#b4xk=Pf%2v9=)7$gSM{5reW;dPyo9S|W&`hx<)QW2pnfZxZH&V zK$!avT(3s&P}9A8_Q*xdfD0-R&=-%K{E&eP^)B)+T{73izMT7mn9U9?o0SZ9=%~Q!|^F>;X3Q8PKI$C4#WwoIripO7!HZ1v@Fh0tk)OP4S2pk+IKdfC0gM-s5Y1$pe)v5d%zW#x~pFG;fYy(J^Q z0s}D$rpJ#(se5J&>C}fFrm`3`2(Ls+W-bC6kt$OxAfSmN^8>IQ#*x%T6l)?T;I|^3 z96#Aw!?$1i-8jLecL7tI6k+i?K&fRjF;f&ct$e)hq4g!IG88dmqEpo{QeYMoK1m$3 zG`t$cQTN~EtsRFqnIEs$zdTZZdi|Zzx{WsK=*cuRBs!H>xd(L`g&?m!)E@Gidk9CRW- z;vxWHN>-Mhjz5u;_69wPsfX8wLa-0tNuzT+_j}#9TEXvB%sO23rP?|H#WVcLt3Hio0=WG3t2{7Rm^X4g1 z>R?4#PGY8u-qM=B)8@(V6!kx~B!?hpF9|y`8ezc#m+Yc!u*&Nlr#UOpjozi#jW$ic zwHZB=-<-gd0{5Jb;p9$Wf5F^j1td-7#b1LSXGS>afFK!_F~R!&{V76$J!m?Rm8>i- zSWh7+y0o?QvaseYCL;V7?}@%Xhl6flJN)zjMC@3Oc*$#lpj&8S@{RxMK|Rh}r1xWH{k(nI{3!if$7eg)A|7cvL1JnOI(td3~w+dG3Jv zs8Lgf9Zh+5jT8%xfw}YNZ%el6>pgQMaWtrcsN(qyRPnTx!e$}pM4GeBJYog<6izj% z>v-&t7En`woVpa$^ungTwtOY-sLT~(eG~s>7FBQxHwN&`tJ|B$x85~nd_K{g0~Oz+ z@sXjX9QWwCIn61$@qnjyn?V1JEKOTm8&d5b^b&&x^`g|dc(J!dWc}VaSTSSAP%=X1 z1mo^uE?|$V-Xjh@vI+lNx#>3j`HJu!k{U_3_&m++Tq>HL?br_piinK71D$}%X8YYc z@VThlHI49S4|UW4noc49>CfPVGt5YQJS;Dy(dA38ej z;Bw%wmC;Q74<)P0JXC6a!hxDBxFs10gl$jwRiGcOz7Ts>aLOZko|RWN-Rsp64G6$E zL9K-8rp6f~sb>g?1bLt&!RQsKhc=Fw)4YxEpxfG7to*7BqdB z<2Yg>Wy+6|R~g$X&GXLk?&+xl`+Y@&4_A@SS<>=A@k|8_bF zGD9oNWeqY&lxCcR1|){4{eb_M(O0(cuzT0UeR<|asgO#;@&k4ay=8s?T{YRe+S*>J zcAMWt!u|O8`QgjVu5`Leqs@|m<>F_S!6SLmZ&A5$)xqm?6;m`J)TOUwqH~;;TIqCh z>ZExxG~DrK<@AVja#b!D>N4jM5g0^(Q_Z@9-oWn0D@)2oZlqU_0V;{HT( zDmhLK(BW6J*a|ba{|lSGkf;IDv5sjaMiMUNNLFLPZ?HtCS zRhdnUfR)?LqU!Mi&cp!(dSJL0rUZ$5l}p{1?C?MT;IM!^71Fgc)(RP5Z8Z4c3>zcW zEglsSwH;xazznz|=y<4iS)kNDNQr9G>wa3G%`N5W$(_fw%z1(s;%<0S-Y8Y~&;O$Z zfcOv{IwD24+H!vxw7^OfSQ!#z3h5>M0{dsfy=N{}^C5%v_Nm#wFJgMs^a(%P!Hb-_ zdbNw+oCIWZGlEkDB@ygWd|wPHxg-G&4eB@1dlQGkyfXT31YCj@_Ne=jzzF0P0^tEO z3Ht`n&$z7tU0T*IDv6bw@xC=x%abJ|<}&G$DbF0O6MKHW)1e47Og0-A%A!SX*;i)u z7i$pp2}LtnG{h=aYPLfc7J95JQg({2cwAIr7e0sWIurE-q>{eBnmiqUm21t@ghumbWYlYvP1^tNb&@i$)-&=(tdubtlpUC zy#UMR(v>UcgdNuU8>iso#|j*e2|Dhx{2BH((Z!2QCj3kk}Z&Td02| zo7UU=O?tI2cAWTS;#+3)t4>{2(tknwfEZ*v0Q1lQ0scOG_^^p~!fT2nm|P$rGH$-xuf(S0N%7E=fHIPJ zzGTEXqm3o~IKP-%G_^Nt4*?)&>ul$AD>c|unW+ofNjt<1{ebrOFf9n&~~{uIX&Sz8WA`L=fq(^m`_gHie)r3oUXWY(GMVG--Anq zX_SoU=td;A2#P9Pg|x}s(44roX4{eHi9=k&_bdXq7N3!c0@cxoK_R}-6({`P)6=H3 zF@xwJ9GbVm5y53bKHTQT{|w&4j9CT#CL?H{KYxB|@#i;tGjD%de}iX+$eD*X(nqhs zS%=EwcG`iEp)2@7oE_nw!~BydMEGfjs%KRQZz0x`64=%wf9*AKW5eRsFe6Eu9q6Qa z>x(lcP6pt?i~sU0XIoz0baL**A5;cFNb3ZHDxs4G=gr zHp&NbkQHOIV{_~!9FQxA3If>xwin7tn!TO7c5Te{8Y5o3u&@^N#pV&|rY}J5RVo*l zne8PQkOPX;R$ie0ug@!@W9Gc;d_DMI)I5#v(fLqWp?~8K*%~l*C+6g9Phs{#ATi#- zCtdfThT$}cGHJQe>-KOK4iaI83aTr+EU33$pN}5=u|7(KN6CPp@!f;D+Gw8HeZ}h$ zkH#@PlKv&6`+t{+V}cyP4B2@-7; z71$og41`>2VMaBAd>)H}j+i0vGO-aNVrw;d6KppwA*L4lCk1aFNgw(fUpGTxI9~c;sN5b6&v{uN@y`PA{|dc;+tsG?JN7(8N$qR8!<#i_Pef-z9l7s;*96r<&sEIqi&^=%S->fT zi_il|$z>KQ`;$t9bm!W?%r1TZ%cC~m;~D#x3L1KX3Lb3JMSGY3F6KA0AK4y4XWsr* zyh_Y6U=v8_hr8vpVC=w$lf`yi+I%U=As{MSNaIpcc--gdmw~r14G_qMkpl%ic2-0GpH}juEdk~Xy+S#M#r*GeOzgPVzzx>3wb)q{YQGjMWJ#Ed< zVZ-c-mVTK|56pG#=%qZgWC2xmKij}y z3Me+%1GLubRk5=C4D4Mp*zjkXOh=SGV-U%do)R4@`e;Q*+4s4ZR3QG4q#hn;KX~ zbwPzi=@EXqVD(r~9@=RPC~1a2UfQkZpbrXaMm5TyL%N;Im!}RpdL!SmK3+v@CarjU zcngmPBLnXh7N*#j{2Z@jo11+ccn|IW_+8xA7cP9++FgI1A~zJ;K;E&0F3}tM=&dD3 zO&reD$}(4`$(6>Q9HpuY?Yz&;9Z0N5B5E#rMea>*3{ojSQq&h+=r@0gw`)$Q&K2$k zCLlnAxTr*bDcwLD&3xcLDDydX*3XOB*}o#L(;cLJ&P8dhEcPM}LoS0JP4Wf!Kcd-& zWV>9j^UAE?6w~Nu)|a3pj-5P-QyMPn@^|%$IOclqCZH@qEco_C&R@{r&;#saJUP+{ z+D&{?A{Vm0w9tOiXdgXgwHMKth7pBzlek4}GEAIrUi-jH18w6vh`yYmxr!w&uW^8GA^+_OB&3;qSj zLs2eUU&6}plsj&&qBKPE(&?EPRQ2&%{z=5~2J`2~aYRGRfLhpg?B~4sBvr|>C_(3F zVnD>8)Xb_ITcXNi_7KP$8_2?-*Apu>FbZB4wq=w>SU(8wr7%F4&v5lLRcjP#92WGL zyqe7X(cUvbeZfXJ@+sH2W|zUpp@ZhxN^OkRNqcWXZl#fWeY*69F5P`tHjg=tT5zp$ z5u%{$M;43`qAQxd`3@+i5E zxgeRQsL`$Od@v8t2ij%uEc+Cd{Er{$onD46293iK#U0#096H8cLD%hgJp4-^>k(a8 zYe-SZZr6D6Hov?Sk-Yd61=Yd(fOzK)CJ5r?Pn_sWe~r}4f77CkNHTf1oX4O{fTARv z*)=ju+6eP0t!28$uXL(I3Kd8?(^Fb>lSQVefC)ql!qFN77|ck78dq;_MY;u%5E2U} z(=<>N{e^f)Fq@#>p_R^?rcFB=^Kvos9_gBG6Dafnam9X4b)y{fl;%Yy)3G@5e%BnW zE3-(`(?1^)@@ln1jjK4LnKyNLwsXg6AR|_Zxt%+91k#(nVnwjABoJgyy^ZxlGG%xo zKi+L`^DZqDL%|^07K*o&py6-Z_{|Zl5%mQ-O_XxDlMqf`j#sjiMPz(+wsUj@ zK9Pkk(UCk;tQ7UU{E1GT;7LeqXkgqo(3C_6^pU4LW=w;+zo&c|#$f^E)CAXk^JfNp z4rZt`$S!!@_rjNUkn{||O;c~6|9{!F7Bl+kwsHsCKybB=23o;$Tg=kcXsLjllS9v- zB9G< zc;orMW5PUROguS?NiAN#UPe8J4}A{g`s!6kv2z+E|1Wb2N6HE+82~HREc$n8h#SJY zAvh8WoZgpixLn{_&m0~Il~wany?-0E2frpU;Ez6$T}9nPwT$F}*lvznIwHQiy`vNN z7T@ZhCwWrO0kj|tpdrDLi5mdZI;nw6pj!?-Iuq?c6{*$zK+NvXd}EBU>EC~nvU``w z>Npf}cK#pyFDMLKo%#sJY-a5W)HoWgDRS(0ZluOIl~N$}799ssz{TpSg9at1wG6R;hdK#d43&{% zxm9!-O?W`~cvTeV%(Bh{F+Ghn90-#AB7#ql4DLI4CdqW>sZ5(k=Ll`4K6D39n3K^q zHKI8UE!sJns`k5g#Ee@FV$a2dPl3r!AjRxRmJw3*-p~nB%9Ad-Y_t+zemS2Nd`D6r zQM974WpzW@AO(Wu14_?ew33L?&!2agoti>JA~BG((DQ z?Uv*iKQtV^2)oU>z$oqRZ8ZJnR5Nt)MJ;D)xYC*ZIk&S593NTDztLm+-N=>E6CGz= zdR=UKY;JmwkmCJ?$5o=&1`gcQ$%HheCQT=LpB_jPgQ;oQQPK~?qxBab^-i?L4Zxfz z2Mynt+rua^^!i5=kb3a?_c_`+(3||<^4MROz&I~ge@Ih`uu=>0J8(V!$j=(+$M3G8 zCE>2O3xnQh`t3*F0<6wpU**uUo)LSm>*z0TvA%j-SZ+q@>M-}#6E>O`R)@Mw^?ZwwW57BH*?JJku{n&-Q{=HTE?2k4Uv!T%M)i8K+VbVj5zQG;MRsiV96{V3?u2&D$r_A_&BnFLb`!pn{|NoK_bm{T^Pp#12ww^v$ zCl3r7(PMbz;rTN@_B5OOW4V`N@^6|d8T&M|I;rUR?q3^xQZ0D@sVS9D#x;Z)_PU=m zH7?C@ZPOX~9peUhMs@U5ZqXDWXmo9!Yu?A zw_2D#zwT$=yqQXuim70E;r^m*p|jy8DY1N;BqXh2f0_ zt1Q(o#QZqBwr-VU#+~_FXPEYS_dI3c$|d8@j%YXZd8|psSGQZnDqe3>bF;fX8mTxe z^046#8_ferp@$+Xk_e;#Ttg7i2;k4}OR`PV*=OhDBqtSGz;~osXs|#FxMjq^O0Dah zbY<>9W>b&dSk@P0-?Xx}c>VbC>p!0&Tm-_;`2dnZ4l76`YCV3^!6$h@agy0l&z7eq z)pUbCr5hC3g5wvxG{69dvT$5TC#kTDbYh``&_y?JbLCmr-v(|PfHI4D48VOfP+%D3DcjoGf@K1r z6ciQZ0*de{f7N|{W4n4$<;MK#l5w{pCb|Shl_>A_e0LkO_QJHuum0^9-#uYn?#tQz zMja}ft?HAtapbJTmp6|Y<{5EtwL~ZXw$1l;y|%Sq?i;jBo3Yalr>nmeG<{!HQC>s#EpxRfs5!u>n2~KmFnMDQ zqt$OD4#dlsi94PIk3mxPhAf&|+B-~b%YloDbqTWN;6-o96yxB_m%(((c1Qf8pr&LR z4N!ffzX)4f&~l5UZjfnt!< zUX_BM6;9%gPg%>eH{KSj0Cz)7iNqw8eTU zprDah+V&^6UntUj$IOTTpl8~{KwBk1U+@~*LzL5?zg#{mT=#SLQRhkfSyUwLA_x^^ z9*dd&0W^V$ivZJP&V*JE8!}`yY%>IrHXd7g0Kv+*wdjQ@(k#l?Q0bsXrv(HT4UHs# z40r+u`d86GV-pcq`uX~BC~!(3aYTvq25c}2mq30L@B*a=_z8_CYx}BmQ74I|05UuU zkoWlUOr$_mQi6R#i!wN-T?~yaQjDJ6S~CKpHNtx)Ay5ZmK%o>Cqa`tuntnt?<0Qg< zKPBDSX>l;AI=4%TUc6{8E=sR4Z^iveVUhKROo60HlQ0V^Nf2HbWDpuw9J6QFK$c+! zfN5ah4sf51&BH&Qc%~b3CjZdd@NL2R1AhnIvoXolondLUuupZA+o9}ig_HI%k#8eT z57gAYq?DkmKKW0TUE_M(w7aFCpXOuR!sg~%|K(bt^NNf%hNS96E$(&r`M9;?pI8}A zPYJkxFhVD_(;&Caw>(YyTd3R^eaLc^*Y2OEtAqPCwJ9C^`w4}kE7lF^=NwqPMk8p= zx_JSsCIzNOv|s&j%ng4R09YBg*MawqcYtT4(|PIO_Pa%+jJFD0=Ut_HNu{*=6z0&j zYtRn-XPp!LA-_EQdTjj&6xN&+QsR_buix}B(h(=kl1=l@+bW@*k+4Rfr58xrfhkE@ zlo8#OW1@*iJiZZ3j9$G?FKG=$sSKbMuLEj^E4M3#@|jG`%|CKb)qLGG!3q*FyUH({ z;JNb(tQm!-;C7sMhfHqIRpTNvbb9#DQ_>H#E$rw$Tb#}hn*SpPG z79G5Fz4qk4LE6LX7yqGzia#D4A%c9Wa)v7)xSw72IOttKF;nKfpQO6ZOz8`Vvblbo3(%lmWjD9iBZ_AW`u$T9vl80zt8n<$ndR$0N z#*bHB_Dxscd891BR_$MZ)r?U`EmwH&K4lPaVa9Tu3msy^!lUNe+7C1?HBp?SZ}n$C zou3@p|t<=Gh-KUWX{fAQwcmM)?F{Esf~0#L^86^0U(Fd#4pEAksrHQ+Hv zQ-Ii+z^c_rznm8jIP_?Vnh&59Mwi0d9nV)wdOMb8I&+k-(wRd5Ln*PRA^PO~O8hxA zA`K{Srj65Q_BrNRLBK(FB%JiwvpIBvr5n28u|!`1;vy-Rj75%6Smzm|K05{XA>*3@ zofGY%FLbR@`0X3Nk0d}@9UOG~{5v;Z#8JlCD3N9Gt;>wYFGAn|FD|ZrR*cN(6l8%0 z2U5=FxV7Ok^ard5ZX`k=-Q3)aoS)f6U&NyUcqQCk397dY zZzX@EJ{5D;u%m&9&2bum9>{G9F4E@PIAMj|Rc=QTj=OZo`H|6UOPXE?o#-_^?~&%H zJ&n^ljmEe0(58pczw@uTDd#-h^US7iwq}PXA3Q#enBp^Qsaoi|&66w#RV7>AR~w<6 za?LqCcaXyUQB{eDo2>WzzU6VA!~P8)17Dlyy^9`nc$|@9(+f}Sb{q;z8h;|K!0cgE zU|DTy6xbx`5zALviGDTi5G}u7vI}9-9w>eK{}{p^s~iFYdQF zAnA(FFWk&*4kyi4F2f2-Za?&x%fb?jIMIgDwFB^>EwAR(Cz15)Jhq3s$tcwG=k2`nw|xwXL1qd(mF(?$cvzmSynVKXv7FEEpdCm0`)u8A5_wS8Le!XF5 zQ7(&c0)Pc5L}tXY(9N80ut9i>1x~K1*T-CW?RY+=dMtww(2`K{6JK-aNqA|oj|g@C zcH4UI$g`(=9=O%Kt(a$R6p$5uG3x34qF-HyC4HEY|4lvNZc$`t#<1QlonN8I;sh%L-^IDOEGvdG9*k-fW49Q9+G+2+2C1JAdu$GX z7!e!ZZR382#)A$3>w}0dfI|fz!%`!e$H-Cjf|4}+b$s;HP;(1L+q{R{9g1bpR|)*a zKq^>u&}?6JliY6TXUsPht8*W+5W(=NwBF4rN)x6L*oy-R6*ha6g&z|JpcGz zqUj{6m|Akoeh*fZ{20QkCvMz0j{8dbzlQfh%=QTofcw)TEepV~ao+R>Z)7^&C8nPk= z?pdq9r213&O-+Yiz3(YdO32;KK#!W^Mk5)2ap8hUiMfdzY&mr=b30`|Lpo9~*|@vO zw5y|rGP_LN;}ZCF^Ckmi{HxY&xKk89)x5snBO;x>ro^8HRapzMuJsqSZ z)G?dk8 zzkgO}?)%gs!f;_}$QVtY+vb)gCIZS1ia_ zw6gcVFS@qMzVTq+_+G;gKmTj<nuvd)Kw-v!&S86_Y*YFZXA(T;_aWT&A|{hGBAz7IXU^)c zFJ=wr`K|ih`skBs0KgI)iy{I=7z6>eGD;KxZ+)GrzPwvA=g;tC9BL2XqUGd*3!@@q zr@yn@S~iLPmL0gEy7&qgPf+Pbd;AJ0y-@QeIcZUBzhC+@Zs*V~R_lwGypI_;cE~>| z<@W~1g(R&XIpW&sbyj^7wrX}5>h9escK5?KO9wYSG|zKuyxY4yLFK!PzF*Weh??m$ ztKX-&%-D|mOXW~w_g#}$%*}f`b$?D?bZ|%O3OC>P34_gDMuC6SPlo>+gqz|G2M@dz zJwXmDj52{Ln)-x=!hnpa1e;R9FglcOL^>QDw_}{Gh&IX&_$TrJas17_c8+z>%k#)${xMO6IxIErePmN& z=%INck7A(|!>GWafj=@|@IOV=P4kE--E+@B7F4(r)A~A8VG4yOKSbCnNdFGZWB9!> z6(Jx9To6<#pK*?nQL1*y_8?nC^9b7$;3%QNma>BETVKVl0Q05yM>mqikcI)fDNbYN zgM^D)D&?5=qQN1yo6ELRPi@HmmK^S$`hKg9KG&v~t^{p6L=lwASLe3o7eBHp>)hIm zDo)@+`T)2OnF(N}hSPf%2L>32B>W+L#ZUr@wXl3FClBZPw!5e1RSem8-(u0C(c4x~ z?T3Xuv3b4upL8p7B?O~@N@Dp_Y>bX`%5mXFVQt{{MXJ1oSJbsQo(cp|Be4AgzqZj= zuiET;I2@{w5egU$-nwjgxc#B^C75VvF%gzxD8pEV_y-cG^4HCJ#x}0Ari1p7!M1*P z&vwHRwERNNryr*b&fX7c8yV(wc%aE_>rNdsBg|)~jPmVqKI-sGAFqNT_nkwvRlTNZ z9z8U!TPM#`Qv%+Gl?8gYoHDDjN2@wpj*xci6*|x3B%**r`i!3n69)5EX#3IFVG1rS zjyXM$M4FjHsq4Zkf;?=jY)74wh z7fnXu(w0ZDpPwPA38VnGEkGOJhNbf*q%VVX8O0*fIyQo67!WzYfu*+`?AfamDJmS| zf<#+>isMT0TGA%cqpsG-`=9KoS604xPdx^&dy%R2EFGe~u*Q^Q%_^sHX2@5Xk$-Bm z;`hqyxR=0Dh0m9=lRJ?Uo619Q-MZTBy7BdCN(s3ePqq8Ro0JFTRxry#?RM5x>{$`F zf2wi?X1u92&O~J-c@faZzqgO(z?gtgHG;T z=+9Z6;c*`KY9-*B@<{B9NU^(;t4U&p#D5}iDDA9sTWb8UZ=S8qTJPQV=4t38Ma{Nz z3huwCiZ<&vtf~Lvh3X&Pr`TwoSzFahscMpvX7{k2uNiXwF}Q6^)3WN->Yc*$B0lY# z?zGnRcB{x$y<#hkH%HA(a@hZ~xA&=8%a={F?6syY@o1vz)ge{i6RN2wXbnkZPNZPr zgra=z+kWYqHOXC0&AaN@Ai=Iz$^G4Ktb*^Jw<_I0w5%^}OuaqTGjiUsZpJ2kK32Gj z+?y`uMzAXCvVDI#(f`vj0teq+vf9WwATlQuvX}FR3(YdhJxA+HYmz}yZBz!g{4?44 z%^&-a1JL}v`or6ErV;1u$}3<|`?hvw{M@d4QFbY>ClBN?jry*`Ale6;scrT>emwxC z8x>gBfYL7k{j$2QCj-VaG?ZI$S=6zpAWnj=hdzCw`Gi>In5Enfym_>xCrQn85FX=FucDEEi3S| zjX!tp;W^cgp}{VIcpN+pOg=+PZj{`9^5MgW(7hWeo_n@k0;Rzs1xecX$f|ey-B~Wj zCgb&Wf|P$49zv=7?M6QT_V7MJ%oj`|}3}JA5`XDY?JcaV?5UX;>-CQEpOo za^G^MjGPwrbtB_mDF_0KV5u?$qgLukJBZ=prD&wfC_KsN5K_HxV!dWzmXKIwuLiKl( z(|aA?dDcp2b*ifo8J}?>C!%f_=IXiZ8SVL9d+(p0`+H6`9&mC{%jZ8nowV+F+S$5$ zn1(^2;lMQm_hk=iJG8(0u*44=Za&cSTX5HI+mZ3r){Fg;N=l>CT!%iKVEsH~$*4E6 zc7_=bqn~RS|6v9si6<=8PCf1p0v|aw$iAX?v@~7ZE6eKAtLCPw=4E`kJR&h-buX<3 z0}a%D*nSd!b|bh;I;s7@Qc+hYJA8HW@@P}U;`}%It<+c&TXAr73E+qWivgj(k*|aI zm^Wl-q<%8N)SzRF?UM=E2Dw`%JE}2CO6Dn5E)M)wnjSVn^9`;VgJK$6pdSF0kv&g+ zb#=?UoB$q&q++al&DG@Z&H(q^6!q1>+yuWQxnUXZ8_dE)wF7$neRmS>A(ZaNm0uq@ zdKCR2O|V23EnB;GZK5T55vju2$OsB?jcr#jfvTn$jBvnA8uC1-5l||q(9q#)v3L%^*5~u2oZ?qL?a{UM}T;>wAITmErgV$ zC-Kc92T}08X(XWh=pSmIc+(~l5%*W6OPgt)}^Hy4!O^tKZhpFVNw^d z?Haz)lQZn%YDuk$XZEWbvG;SHjp#u01!D*J@?c%vk4>sHk6Nm-CRM9;Z|^t9`&CBa zsw<NT= ze?~6r{tg}Td#1`?8_<(9ML=4(Vz4(BE051)NKD~+*8GgV%XUm;=wy=Pmm`==C_6T| z5MD&VP*ic+R*CLkgyfZ45%@$yLpR)dtG`HjG|!SKa}GT|U747I%d4=eF)5GgrFNoa zNMij^0$5^VPfBdZ>-B99utVC&z9SEstF)bmk(LHuB91t)0||zM&@6*3jv`UqC}48B zv%G$eN8*5%BiEtbYjWdF?Zg8WeWJEd(aCKrg}u=ZV>+IJ_br}b_}y}qF$bpe6$c`}EJLX%b*{D*FO)XrIM zivmDKx54YRu%`YhK_nCQiUvW2`+AM|q<9hwM#QcAr-78mqQJH5ev;IvB_bP^J zDQqqe^9X8^+s>Rjr75O0WVwB$UeyvvYUu&iA zXB@jbSo!J8#QdvK=SJQ=3Fz& znds+py|?G9V{_^z@BcKQWzoQklU6*Rda$^*^FlaP&@aGf=nxdVT?2h4n1>MD0;UJ; z6T)QG>(?_)N-iBS8KR5Jj24(CoV|`YgCxGLxydc;cPdnuxtTth8_=qlVN>JiloN>P zhQqd8b(#U|T<>)3G6ZWz-+g~>VN;^roX;&n?LpBgQxNyYqpFTCUZ1;qtn`3{^H7Fx zm`Z<@tU(a5gW+wRaJ$2gtmx0_Fu_jYTqtkpiqmeI3^#1Au*s$4wqsn=+ycZQD-XMDq7+PMK{wncKn`gilEnfCX0A44kir5B>qFCGJN&{6VDbdyryah z`XZDy{tAw5=`S6?6%*HAkNa>J7{GFP6eLkxPUJ}4TWzgT5DK^j)C>KG<$;<+wxr(kfVHs-0LKEUMLxD#_I zs}tGmIM{P>*vg!3hB}=d$Pq2aGtZhcY{Ylhl+lSccNd$OFof!bO)2fD{ha1Fi*@6f zh-Q0p|VOyh7AAr#ro~ve)zxd zr}w>Hd+*m?)zbI-`CQjI9OrQyXJ`k=3<29mB>6`zjQPAQ=+V(^CAVmUQq$>%8<*UU zEFG!vb;sQcapyB;#;ALR#P7T3@$vj0FMfIyr3`%WW9mXpbEkV&d;5nrc4_z>fBNjR zuq%VtoqOroG9A(yiE7-h+EETmrc9f*K6;Ci;-PnkDd%qZol^v)rmU*a*bMN6e1vX) z_4cRqU_x`t2nos1*S`uHqFJ1kacYknT#rr5)nBIxVHeC;^EA&}dhG8;w3R;a@zA%j{De}nIpE^2qGMA8Us&v9(1;zojIf+PIi z8pRUA5Tsu+w3?!C@{bwR2C61vwAfrBpZQuIT7zq@pqZ@Pmz36e5jfgcJ! zXW3Byel!D*2@^5_e-HgKN9D`n=zKLn-GE6Xx_!2c{2j+u;EyiFU4N?|o3}G%h<{Cc z|Glfc<5lZ>{j+7=lwsq4JT^Gdf3UBf^@x54WPX`ijM}IaeW5zPV_ET(vT*00K5DZw z`lSRHK5-is9e?TB%;Sr!Exh-iopIOpfmzOo^HU1?I5(~vlofNgk%r|9{!51&R(VH! z9ew6>_P9+U8!I|nJAw|*Uu$sJIV4Qdd)}_JmfvZ)FfiP}L^(bjK^56Y)9eR`O(f)7 zvGTH>2zAKm7_vxE)mo2^-<*>fxRt`sXUKpy{Xn>_XmK!=sLXNlte#M@6PtYEe95Ag zpNrh_s1qjn^`b~(aSB)<%UmkaPoD-6=r?1q$2hB%%rdK;4HPUiXCw;s#WR>{}bR zN;^nD)-IicyNWqZ>-Hgr=KO)ijzU`@{+H^ljDd|Xn-(FmVtd85ds-&cFstbgL?K0h zeRs{8H9+Gasz9X|d}gXV3h-jEO$=e#87Axo@Ro>ya%rSB-7y{oVMra5${@aCm$DXjzC?Fz1e2 zAlx@lkf0Z4H#szC`oOAfX|>yKHvM|jy3;{y-h8m8Hyi`dOho9Z8ToMCPVX|+p;_O2 zBM9vvH1T>NuOLTbUknZK2e0ZlV2)h>KiZt~O@trPHy&rN8IRuV&b73r^}399h$;RpzM3WX^hz^CJj7_EwJcZ5}@)_rHpB&NAl-tF`1 zrhE0+XPfKi5gx_&>u{SqRPWbPsSPXFwj4JbU`g%8C89bf5jgm`~~>4{!fxT=Ikqt2NKLtWwKb)nWFDY8}VXl4lj; z;*G5roIcRB_sO=VB^(_8Gy|zCP&cD+fkH!gd;p`nVi8B1TJ> z&bPOZ+L(?*VK$X-z3?7Lu+0xQDf_x%GTgc%niH#cDX#a5x?@d}TXsGn!R2|tL=<~W z0R+1eG!BChp{h4GKW#WsY_%fFwhdk3u0fXrweh_TqA$KDbpPQ4y7&L9kXDj7E7r+S zz?~m&R##ov5K}llV@Gb;gkT>6ITn7}4d=DT|1w>wtRg+)rN)5nq6OeA#l&>uNZ-^4 z$um$~BQ+1?UHA#0gyAFciy$n#4Y5)R?5NCA?nNBNo4_fQm$L`ivCl3h=G)>Z-`d4; z=hJ{A`JI>SD2L;5YDqG?XTUNKNzNO5(W|(B;gZBrwW3}le#{{Mna2EH%A&k9yj1mE zT&kz7uG7{FZD!M@xq3d$-(pl=0r~udvIO-_#%W5Va2U$mUX~W(icy z0*}_b;yY^&%sT3vR%|qc4KqLBw`m@$rvDKms{$|UW{u)2iqB*&c_hB#r%gBz5G&i{ za#rcdlIW@%{i7X5sejnw@u5(kKh1xlrJnkuNj9>>=7fxf-u`DCGaUDpch$Hzv|;V* z`*j5mtPC0JPML3Q$+{@nSQVb5yT*>A*@m)rt{ zL-t^a*%a@85|pBo%>kDpUFWub8{Ni~?H>vp-s$BJKCh#Beu8{na_ZTQL;qgwX1;nz zWG}sv-377A8%E97>asOPQYS*!*UWnR?U@$)=WmX1hd$G1JX)KkM8{v!{VF=(h5rMJF;!AC^Z(fa@Q_^*$jTbKX+r~k+I zP`<;T!T?kJ`O2REbw>1={y!=Q&HvgVe*FJ`G!II%Q|X-T9qb=`8g$fqNxx%#=ax** zpKdtaX~}uM=9utuP^;OD`{|nX|oj=SwQf0`@59Z*Y-U8KD|g?e{#4FZGPQ&KE~Nz9wbYZ)U#g zl`efo7QL0rj`?KKeYfKejjGXm|MSi-Zg*6&D9ic~)9g|7RmG>z>-5#$8ze`Z7 zHm6GC?BkQMn{%>?T9)lJ81S{}heiLhc`X-1_O~4`U61Zc78>2c&u?&*xSVr)=ZKd} zyG{D*jJ)^zsiVCs7kWX==N zkNP<}8C9?MUUY5O^G+6#RipQf^r`;l6ZYMwPm-D*JZocz92W*u={Pks*a|a}8#bRDW>GSW}IqX>=dkb>H@sW$F zYQ0)&Nz_IwR_M>0_h6cp^6>|tTtb{9WX6~RAjf33KbzTZTYHY8-tn6Dm9n;zdnY!3 zXb+2k;2!!@iV}5IIxAoLBdx-DNa3!}i8@odKFH40DlXJy^dkD^2WvobIBQ^Uv?pTI z^u&qQSNljQl$ELMcnWPy&2ZZuSHHJ;*zPOr#M2lx z-}6c5=}IRH@4sx=u{NyT<_Q<=np4B4_8;UW3sFZPuuw%|KR~^|_6BA5+4%Upb;Zh8 zvjCw*Pk>qlUXZ}2+SoRNM}dj*++lEG821Wt-9P^x8nk}GvA zoShXG+<2<4-oG(rY;DKQzrLjC!@NLGBJ7_q^?}|>zNdV(u)vC>BZcJEe3T=rvB-j` z0)K*2BDM;)O0_D1YN)?vw(iQrwILfa4CDFmn>XLO{R31CK1YKp_F6)pAS}?i3KAe+ zkp7f6Y9G7}*+=jF!W&GWjSQFR*_dCzRbkuaEJIW+&ED^i@5Pc#9I12ShLE;Mxx!d zH+n39VSuO?IH}UI`H>gCA3tK7pQnxQfXocOx|m(jzB2t`EXK5n8OO@4TLTI#y@J?6 z*f~u*tr(LE9Ybk;Xf8IO_L`;W2Cla)3S~Rveunrl?%(PA#c;iCF{)Rcj~Af+aA`>) zYdI`G?IEa%*a_aapmX4Z2lE`?rHFMP!bOD^#9n?ZizgWC!F&U57wZ*2U_l|y)uR$Y zF9B~9Ht&;z9{(ZVeMoEixTC$6`(VB>F0?~~O;J;?C6TImRj# zxs=uxY)zV|@bKP=qG#(b{wV#!TC>aY0!D|z>udi^=CBmv#jRs2jt7@i-tP|(u2#P! zOmM~Ml_Rn4ma_5RjBtQEAlSgDV|F(CdD#NXhGV^w_;qFxh=vVV7uE_AbL3#C3eFIg zBt9=*yqK7~UD%WrZa)bM&lwc(7;%34UGhRn-`K~0Ry4hx)nX7&J&XyeRrV93V}-}d!yY&GiwW)dGdI1$ z!Tm>EXB-ou6T!D)l+SQ<{G@lTH}HlDW)Qmu+RTYG-5vRA-MHEWUARFrhgiLRPfKcO zn9c&^L)ySJ8D-U|n(KMxbC`(by{Ov=2~rsHRCtt46>eu6CO>f<2+RRZ zhwuyBE!H@3ej3HHA^?W1nv&G!}4l zJ#YXv=ZT?VI3H{AA7T-V;AWt|uFozOAjxc-Q~&DZt8uCUTAh&9+xmFt?)#X z&d9z>l4#@!<=EZ=ATwd%z@WUcLDVwCr@QcGq<`O1Sd3y;&<>b%fHMiAF(aIFict6= zHaFhxUypAYu?KO@EW_^>O{0w8GaP|J3q${MgF6qHzXikr=^+iYNBtwq)G|%JBP}>V ziyKLy@z+RwiVFLMvm5{j>=Hd!sXDVlDJh9W2!$r>b)nCK6!vYjkzP^ZJuq?0UhBHs>%Gqe_pr(g^>~>wspER-#2L{olFksm9#pkgKhxOnKqv(Nk z^R#}xFd`^TXTJ&W)aH#}8Tj4hucSfRDNV}j#q^CTiR3qPQeX+{I8mXo&0f$t?yfRVXu{R@n7~e%*^%Gj z8{Uf(i_9QUnnu;6=1Xah3DOreCtJRn4~UJ^-3}LPRZngH7W|jo%I?`x-+!mN6<+9m z?3jvq(xekNAHJ5!(pNHH+rw$I<+niN6=6zqOpGoWFY|x5=9-ay45j&%;TBI1Tveo z_IAy=b?thZjRWBdNz(fDqe&U!w3d!-{x}wQ(z~isoE04i-JLsk7IR1LGEP{GPqWIZ z=l#36Agw0&BBX~$_E(}$l>AEX*JI(B(G_X_sR~Jw(LGgm+2uMv2V4MJV znGX@H2|CQkAt4Id?(~)JA2H_(W$MSX6O|wO%f}#IliO%PpHm*sQP?i5Zy1mOWlkQj zVw~JiX7tp00<-*|cO1MUE;%&oI~YSjm!RP!3PGSle}aO>51!^o?fO5V*fYZBgF&b*VVv<1 zBFXry!ZuW_@{RsDdDpF(PN54&%wVzXfbQtHQZCc=Mn*FJgUNOqa-Dr7AQXUgn;?L+ z%ykO4CDjmCXmFPmT3>rZLC++PsKR&VW4T1%c<0DsrqlM(z^2)~e$+=EvywyPpWgH< zy|F$yO~biaK`);M9NQMCc6Pe6yFBNS>k8C-Hapfn@tR<#1tz zdcg@mFsXg{s-2IZ~tH5>;K{pNBjNm5NsTOD1BMR%1KsnN7TARbbG3?`%L$cvN2C0J9Iy& zdvxGUegCJr-u%z>&?=1;|L&&vn13v;rro<8(cLSf(_bD-k2&)Ao4fCaxW{hBBLgPQ zwSSbgU0&K+!y);bWV)_*ziabv6zcj|hD|v8@yggg#zj3F+4ghXJ}U0D@(A`07`aq! zwQApdjg50u>D0l3-l2JQmb&g6I5G~0t+{ku}p~e#X&tz=QFyfk!Ay6=&Dr#Jcr4)%>7zWeU8;@nV)Bl#y==9NedvE6sUwe4t_&@A-ZM$4GCXFQ~$t3uMI)f#u+1{An^%`84S!~9UL`|=kN{@HyG%{dvh z;kaSP8?&s;yyv^dD~)cmMbgzA3?ggqzWv1Gu|8Lpop~BuceZBGyB#;If)sw*7|8VZ zHdXZhk3C0l7t6Z1i82!aZS%Ba6OO38kXkD5qiYhc8)pES+u)xaha}>obtYS@%8u(Y zyxYfDC37sK<1AzXZc6&kQX1Y_a`U6A;?ynJ9VJ1 zluwOoY{55!i?tUWMww_#4BzN9Z>`#@4Yu>o-?@Zr_>ViPQmwc|d#X%>zelcqxTei( znHk-9N*|{D(+ut>Twx<^Q&klSsKN=uOl&P-Q4~IOaqa{(xYml&+qrH*`RE_~JrT#3X_I z4?rbmu@FR%8)^NlS0^ygT`kbjX>VE{+hWFY1%xuiOz4PHLYc!|#p|_nT*~F+`Vow! zySF)q6WnM>nf~PE<*}|<>}^Dq4&&~|cUKC*>cp+LRtUWoBk`21sL1)`9ul_DGt)FP zp=2^LiC94lXonX8%oa)}1nZ|mLduv>3Oz=5ABC;WFmHurHDR2X3iArgiNX}~{nH_# z6lM(H;XJ%_=uvTAzHi?TjA?`~p6CvNq@X^|P!Rq!jV%qjJ~4+RhV}~TG23}hZwUnj znR7_O%+~#kbQqOrP-b{h#q>{UrC|w=>{G&vC2l43>sUP{^Jq!lkIs|4tA=R zQnDV?Il?4ebx>Hkhtb-VI$7ZvMZ5H89esGv*K~;OZsq*fGcrw+7g#L{^DdYgeQ3;= zLt{ppUEgZ6X_xnuZBe%!&AWSid~l+bm4uv!NDBq}u3l|1g$l?$EZhxvtir3&SCr29 zu)%;q8ju1Mqi_bxOkfzP2b5vp1VJ1+knp3Wia{E-GJc65#4!MT`Ry0`*~4xBrEQaK zzI^*eFWerj+yk~t1C{W;Q0i*cl;Z%&o1vP>WO-{c0zsS=LvpidibVb*I5VA&ZMemW z63Q1C7h;hiIwdi4=eY}K$I}zmzK{ZH1Z+ZV^Pr`F^MGMMD9R8@zxoB`I0t(R}BnMrP%qRWJg zA+RCJHT#@m&|R31qD(7TvCS9m_V@R<9tjI`C>Bsc@LREx6J9l}*d*bhTw})m!Xpg_ z6|s#4@CP&VzReC@k+EzfRnUAlH$P5GC76DmvEZCTBx zqX>hKe_yS+5Qv3vmUgpPa4d{nE8T+k#j!;E4$oUSa+lXsi8(wXPIxit(1j5OsVI2- zXb)bEjEXU0fu`u0goLlIvRJ5g#Gw2he(9ueHD9i?wRIaUI3LqcxfjKEu5eclMt8Z0o_Y-V*Xx1jVH(=WEeE?Ox77;5cC~anez%wd^ zR9GhV0|?3VHhVb-Qbzrk0rv$KP>BJ6mXagRT}ta`in zK!VSP&~+tD4Jc3f$W2+$U0nx;+$zX{)W*_Fp-(~MNWroZw*}Zv8tS{y88_4xFAt$wgt68Wbt63Uj(3Qa?~HB_3K zngF3aTAB-6wzc|%z!I~|$-PY`;o+Q_w(SJh1R$|-zlka(%}4c;%EDLEMx>1!_Ld){0iRgqSU<@6Jt$q5dbpW2g?yA5~lYlAIX!HOAn7(}3^HafO*17P4AkVRw>I$}0 zq(lr;h?@LdkoZr)XV8oAS?6Vz79)oSqeM>&a7e6b2PL1X{l)h8!jXx6qBK@kroY_I zMpl3DQE)DMJP<02qN3vM;>u_@586xE#=^rN0VJVBn3Y0U&B)N@JM+_M0q~!vi^7c1 zq=3FT)Bv+!L03pjeBL-M*7c^99Qe(+$&+a|Lc_wm;iB;=VQ7ov`sB%UkUX+8M{ZEh zLG+}ARlppq83=sQ^{H}ub@-+XJFqwu@?4}CNQXHxLhK0Hg)dfG7DIlaql27A;zu7J z-Jr=57I@ZT%{hKxB4@|P$Gb+wGatF*^t#U^htXz9QX^JHIc<Nxc z<$Kb2FxZPI zgn{Mx#tQN`ZS?ZVTcwHk9x((W%NV|4*0IcGZ z09KJ*z$OSiXm*+4^J!OtNY-lO-~C|C6SZ!LD&Kr7{p}RLB)e8y_8>T(IEocfXV2dD zh`|k>?ia^_iZSfsz(0|I%z@(AfmtuD+;%^$2e*U%Q_OrWt8X*l0l+S!(f$55Ia5gc zFuP72GWk=XUyU$M;K+)5_x0;Xki-@7V;-Rz+&?qB46lX|C9wd!DsPSg>MbF!Ckc=9 z!WHZ)h7IKZ>)UF_AQw@-T!2L_)E7ePhYfXqIlb?e$y*XT@5#rI)>1PWbmYMF-bm$F z&s>C`EhzACI5(LDS`b9DPfs9-#v?Qogk=UkIU#)zsEEiGYniV`*?0QXsk8XYaQ9r_ z{HV(6feV(FmZQ9altlZwrzcadmafJ>g}Rw5HU4yV%JVCYWwlSk79hFY2$v5M4&@K+ zdK;6*%*-eAgKA6jJ4ba!UQy5IGghIdv{G(SpQfdy&jeIq`_EopRU^H0Anp|k7kkx{WL^6xfnkJDPw_tDp$ zdi{-MMm>{`dOO#?$1T~+CEdL;4^A09Tz0eZ5;@DKr}Y{eZfZs7&Y6DqoJz%?lVtKA zc>eQr^{W!QzApA*jGZVs(V(b6p?Q$q(x}ngm~S< zV*n#929eAYh3^q6WTu0J%w@^W-a^vMND9V3r8tHE`*zz(oT zG1??eF|h--p!yfX6hb)18yG|s>Y|tflc&}dh8ec@_N(*5^%#+gxGEz5&!1P5Q!hYY zD+}HR#<`hVS8z=0s6rpW{|0mt!5!H^0_jAobmC><3M-%|_p*T)VF?gBF760GF=1L5 z(62FdqW~1*eO6_(a?y~`F)9-zMb0SDxZrqFbyP2vm(muBFmNJ(5#h2y3H_pR`KLc- zT#RHzheh=kR%Vf|W*JIzq4Y7TOOc7Lp}195Rb6Rn@FGRyGIJalQ-Ezo78buRJ=SLP z1r3eZAppi~S>u8o2RUAOFr?)kF-x`|Bfc@)BvlgCs7g%t1Y&Y7cDoBoHyRRVFN`v5 zW+|Vul4Ed$=z&Kdo~pfRsC>;<9?@(~`LgF`mSLdVp;=|l8d_}c0qJMj^Exu=q2D93 z42m$^$$vxy`S%AqYs%G6Yni;&G|{zFd&B_VS4Xb)qrbqeVfd zMyZ6BulfvyzkY-}E(53G@d{#Y4zp{vT-7hEI7zo(X)Z2G`#t%O`ghcxYk2l$`~XME z^{TRYeSJUM%(5T-I?Iy-uQ4vXm!h%T<@cBf3=cLBHa&HJj9I*_k%UVRsS;Hwxg}33 zHDtIglgHt|k+$M^iHnkhazf8X{b;YE{R^K4q%T`lUs(RYYyqcH2%~HgdL6urlukGX zVJ^ZYkBBQ#9z~r|daatSfbK##{EHU`lt;PCS>fCZ7A}E|_s+v&npwJZKlf<+$Dhf6 zuvmwnB^(DZm|z}{c-T}bQ)~)Afh8#^`9#f^5hqR1DQa#4&VVVK_R)+`3yOK4iV7~j zIjBM~`T;Ve2;u0T0f9x;z?=$FA;$-dnQH=RkMqqO95-}Tb@eQ)3&{ffs<1i%v?NgR zZkDJJ13*1<4&*Z}rUj%j0bfOT5DLQ)GAH%KCH^HQCdVP~eR{&6{)q_wVo1n7DxvJ^=^AsClfA;rg+Jp7CS${P$TU z+Uj5$<(L1ghJt+ZB(?iMqGHypFSZ4N982?=R2E^E2Y>I?D=f9TWg zogL|3F<4=$f(7D}!a_{b#a2sdHA4in0QbF;c#`zec%v}7!FNN9rqN+^SA~T^MfBwD z+nYl?G!=nFsH^cNq7Jowbi&myN5QM&{WL~MSXK!*-DKO)+K!KT0XYV!vUtM+e&#E< zYMXI5fQ{Q9ysOJAVLo5lXD|#&%=G(V)5GMAL7IAmI+l_}o2IxU9AopfdVv+2VCbdr zR1nIc@9%CDG&xTPYkWBuonhxA+5IkPz33d)PX5NON2xcP?Z(6pIHcuUc`^OQ42>0b zSFeO+XRPS2GU8-JpV?0(s^{%Kx(^(1_T6+nA4 zbo;}^4VStfRwAEM@7%g|tMO-qw(#c0?)%B>*LH^&FB;Zcw3c|Ee5n0BPHH#R@sIqF z=D(@dftNmi{tT*&G&x-uHZyrf@ef6Rh4@7fEzIl|VCcZ$-o_#bn7MePROVUu26VGb zu&9YBzyO_SEXXi?Igv`m0vet^rM?)4r+H~ZR|0Z_ox&iu7{QcH*Oik8l>WQzi%yuO zp*qNw+2>GntM+}dSSJ8s9%Kx$&Zz5N6M`Y2v~2@`Jzc$hVMM;z;EIq2_XH3KMA$A( z&$vILvlaB;g!yaaBuK#|^rtv-Fg)c`v;@TLpe&~@ObENmtc(~XeiN+;h&7h7xZjH4 zPs<$jdO>x}S%!Hw2R~lLUVHlrnB|Lrk!2%koezemMk-FHu%I{>YU?f6gGhR(?CU6XYCDs3f z#$9V-3MP@fsOHF!LNN2O5E+7+z!G36{d8Mi@P++`;t_p)9wh<`v*Og67^hxR5(Uxv zb^-Tz210&8IpM&SH7Q?%t2*JBwp^G|00MpP$Hlx$x~uEh~e?(N90eKbaa~xYDGHv`R&6%`bz)QxEo-w>ac%T-*}} zpNC$L0(+QXK*PX*ig=t<=75@Sm2TOIvm+yMM841Xj~;Zjt?dKNEzNK0@bDn~Gise> z=vI1qEm5MSPN8M!*tEv+DVMdYUdIqqh1-j=axq4S0_`AgGCT&8A@o(7dDWN+zX+%8 za@f9OG25p19^5tX1!Pf-W_0d$N= zkoH(a=4mhN600DeVWEpb#OqknTq~j*}5>#qrc9R*!5= zHY`~(v1V+*xVbjz=M?{zR&*O6dGzObvun-`&L%3s6PGL;l|4dQvwO#D+udh;GCHYy zFgGLo?EK?q)*~EM`%b+7wdeePj8^`XRZ?@qvzg}n)ap-Vy&F;rR^8IR{J!BxVqyKH z47`3Qd9rh6RhP%hFS{S?WZr+^K(RfDsXWY9$bzhS9oE}CuXIf-9fy{7!orfYoxfU@ zd`#VFM1X8J0#{RF&kHkB9#QG8DG#d-&$5w3H{vS=tJ&y}Jvw!ulEtIzK>4FHgT^;DE8QqH=Ve$aKvgyqp6c7*`zi%ZadbaXZ_jFY<;@%PWknvDw9O8 zSneWY0rif{ahvn>^t}7zPz}W|tuw_CJgUVeCe~Vh?;LT1dJ#R~ZtKDsjq9T9KX&Yx zi45HaF{{+(7UD$VT8Goe<<*!$Et}}6%DT#VvH_53s{|zY#Fm)Sntvzrtgn{iQq~xz=)l~ zmeKtX)7rRuTz=N^rIh8a8BeaFN-K!*+}>L+UmSno+YlORH7l?b(6x2vH%_Pgl+u}* zjrLQ)W=Rjw*TN$rzI^_yn)ZZ`>wsB3iQ1*Z%H_+0`u^?oE@jrnjg<%D{L@Y#&owp) zgOL?FV-`GL`nIat2LT^k?e3RN!gY=d!cV1^I-S*juULXg zln||%g~g4J6{B#bW3WsRXNV+fAr|QnCMbO1b%+9h|5{uWFj!KaP%BdLvaLnzpr6&> z&dVz;IgH)y0>Ufp;z}|<<~jx;>yK?qjWUw*{b7lmM~BwG4b5m(nB0whCqsb z5fU&bnFpsE`ea7Iy-y`Gf^%%(LVjaC{RxI|!qu?NI>l_-3sos_MP3FWMbw4FW+2F$Kc6lr zy`%TNhtw!=(-P;(kd|sM#tKg~EmNnQ4yh{uA{X8D@vhaDV*~(!APPRi)$f({Y5Nk7wUsh#`6C0`c_YLC?-V!eR{nbC4 zZ+CxPnAq3%MQ{Hl_cGq?(;2Zgy5HW=IL%}4RHZ(?`duD%Ml#XSf2vi`kACI1)H*u% zTbGiagGy&deQ_y?+OMi!%#r zzedG6e|{2bvfdTqGax3UQ9-KzwwaJ>786KSAqc6yvva2Zic1t*2G*(BnN~v7(vVzH z;5y0aeKwXKNgwYW{cVC)OBdF9ib>D!vFq#e{5}hl?AkeJv5%A%AbYfo{NHRWs`T?>fxRF&A$(B%I zUg1%B*W|fc>-gte*8xdqAD=fezu=;LwQB9&_Qi%lJ-(MrHdr6}&gp})-jhC0PaPWL zq#LbNv{BJmdeo-QDt8hjPKHlZ8yMiBFVDXFMf5t zzI8*pIZA6)`}-vC(K%~i<(25Y)$gJ1)1ujP*V;C1+pgK&`|*y>*H$<6l!nK}WFKAh z0r%q%oBG!^zE^VxHv|YVK=-hG`9QiCZa;UkU|@Za)6{6zz^#gB2q^ZrL%5!xJPH~; z$?D?8x;x(GpamkDv18`|T@_db@q*;fl52rPK))m;QsHJd#n3~*(`BgLvr8wMA~BMq zcLnZ+4^irAL6BnHLtDu#5m2rxWx(EKk8Nu_bzg6-`gWSk#UP6J{A24akrr6(6B((T zaf0dJ>B4Sd}aWmSoh`iC-MOI0V4ni zsFY5}ZrQZyS+vawfB(~q`&5S<2mILxdc+8t#Zbb=(OzF7yW)+kq&K~|xF|X{(Al8+ zGOHxg`)VBU;@<^`%ODyK2&51AzwBYfYA>yD5fuubU-)6;!VAZrtFtcP9y2kTZXU=F z;9zf_ld%b|DcVLgs%d#uf=ch%G=)Nd@;V@2<2PC!)@W1laC=nchP5twU$2#$xwLC_ zM-?)<9yJt86j1xTb+9k-?ElZ!Z5Ff68;ajy3l(yY#y4=Ugz+8L!k$&fLw*PjIaB>X zJ*VfZQCN$1Am@X+d;J0XDM8`rx08~Rd=3}mJy8PT17zOCs5HxuArFvG-uXF{m8Hh| zSQoV#XQ*PgkZ4~3HzD^xWfe(WRQn7)grK2QhbXN~1}wyOK{limf$_M!*I^g+;S7Vun%axYv_(w#=EWEpE_7I6nXLOPmSTDZR*>6UA`4a>G zl4)_9I{qX3(#$$EC${&zv5Ur>*&pk$dZ9hUlYz1M87KR#uN$D+J1@D9d79EHlfedO zrJy+eiv@b)y9)2J7>X2P8e(WI9J-4Ze3ZLn=~ z2jXVHBmSsJX79I_j}}&}NTNX-l}G$2+5I*GMiuPf4=|&ILP98cn0OI;cqYOM9bprv zJZEL_++pHo(dkh}`FI*q-2pvCV4#Dq6bAG+zjyh)2qy$FvY>c!x>X~KJ0+g)81Myz zZ=@)}32TO#*+~swBPvGcfl?C8=C-c0xNy0gI^GW&{i*Wk7j_Acu5}28titG)6YvU| zJk2>^FxQ@BCO#tBKj3$5SiY_BkP-G7U(M2l)}@6NG{2L~_L(mJ-c>+ya~U8ivN->J@B({04+Df}3_YxB1l+$}R66{mFD zdAR+sbJYxuce?v#XKnqf+sbu@5iibH8T)!erW&a~NM*}tvqverl^(l}SOfVDy+uov zW%B~CHL>#$2ZF}E&Bf0nLHuZC=;1v@?I1*!4wKk-s4=scr3?pYAjRVK9$s}bnEdcM zsX4^rLtNeyea76kJowy>VY|N|0tqU3BM<2#4k4i$qvN0(33?GfKfpevYP}l}weZRi zkPJmu`(A>UgaeW^3F~{I8@!al(x%$NGO%^Abd>rU!~|y-CIai;>3J$hcj;6YR9HVy z+%us~tl|tI0-`(R#3S~vKl9efe%see5rWt&HUzEJ{@qtNj9B7VfwHT#zAS_tyw&M{ zDEvrkE@&Aa<-p)bAhyDm)ZX!a;K})6C_hTYxkm^gKDU1amMWN$MPFR%}8wI^tG?hs3L zettIeY{(Bmr^&FxX8Kn4pXPjB%raoeGw=u#*1JyI^8M`xY#>TyS9C6;Kr5v zPD_jk_ONWwPtX)^sF}3zq z1+&S+uCZjp>P5{Dv_DY%3%mQqf7WVa+kk$Q;76$Xfruyz)7q0ORo6MDt4^LgS5uyi z@9rjD*RIgY7IqFrpq-^H3DgIo-cGGAW05*Ig2n6h&~7!4vYW)-Jw`^&%_R6z{Dz;G zXKVhxJtDKVz%=I$CXxCo9sOrLTHJn`zPEArb6-j}e#_su`^$CxAvYR}G~TTob^fp1 zehafsylMY#bH^Lj^*7;o`R@0TJ@JQA^lQ~uJMxAHxfE+S2k5lydVD*h!D@lY*{K(= zBxdVYPAN~U0FNSDFLfpez@kMf@{B*L%^hFx7YW^EGFuQ~UD zSly99Gwb6?5{{ z=pjiw%y)AfTt0brjwQuYB9j6H*OcLU;M8kZuNGC;Xa9=FwlTFn#|e{<_>W5gj2JDf z1?~k=<;D;>;Yv{Iak#n3E;)-+m*c4h*G>d}crj9m^>)Wu%Y*=I!(<2jp$@E518Jcg z;6>2Jt_^nIOZk=1VQs=ImT_1ksRWU7S?`zmfd!=dPg;7O<^xpM`k(A^IyS9&N-NRt zn$0Opa|A5V4k3fvtgh(Q-okdLlK{1p+bi5JFiD~3g4S;9I8N*J$pn+(f`D+q1&x)gFE>TE4YOCO*3Gp_A~I^%?bbevdCT2C z3W66j+wjnwfg@`z>_)BM;54snY^=?7&6vNMq=&u_>D0ZvYH3V`W1>sk3tjiT^WQ9M z0*RT_o29WW4Y5#JTDSYkzwyl`WC_wh3+k3d&Hv;!9}=d_ekD^{wU>M98Y{9xRL2DB z2F)q)x9Pvg#DbzLvOv321+{V4`M*ah*O(@sG5s+`W~qnLR3#Nnll7t5H9wjX+y0uKA+cjUUVilSzIbkK zx^;q}W1&*cj&KuOgd#{{1GJ!U1I3-29VSm&b-neIMQTt>hP} z(PR9Ug&g{FXS{^%x9YCT4qO><^?-xqPF?SZ=SuePUO!xEV0)R6#p%}D8f9V{OV86* z@yb9(0?wb&?m_v8EClTbN3h4hjiX!tqC2yX#U&mNJCwdKd*yf=)ss)m=k^`uawK0$ zD^`7Bvch%AXi2sK9@|xN+r;pKL1}}}l`E|aNp<&)9r3@k4r@IAwG`3)e=mXff25cA z|L7mS-Ee*E%F(UDnt{i|;hlU0rZ9+|z_ z0N|5JYfP8tcx|zfkuLKa@))opTMLU**MJXjPxma*0ibky+vjM6Z9l>R?9vJB!7#nP zX}RUbGm(){TYwuF5wo#mS9;Ov8;<|}cXiiChF@XzVcUS0{u=;;5u(`J%wMD*@z?SK z`akjGXe$71KdxNA^~;FQUKiRW(vhvGvs@8RoXvph+~VcL>T zjVkJ!&`hvc3Pl&jSeBM8b8|JOPCaNPC#LQ3OD27?8PEP>hI=*%@a#7&XWuk)Y8XAl zYuNrHgGs7nG`_{MF+Sn8r43W?JhzGohIuo07$BqC20WY-ROU@nEoBWnz^Lt?^ zTm~VrWBmpBuFS9bv!DDI_m*<=AapH2h&Dlrdh3*UCLmyyotA)Tw0ITBbNJhe-{fdXG90KwqGK;tG>1TEiENMn+kuUTk>N*f_N_sx~PE$ysdmw zgkT5(NV^}Xou9%Hg04p`BC7u)3i*~9P=b4QDXQ6O<{jfvUL^Q$AW3S*%qBUYq z@8kivNkHF+|Lph0q`4HXapemOC$SZau`iGU1}s_I&0EjX$3LrIW}bj}mSFC3F@5c& zo*YwHvF`a}wSuTw7|9Y6=wx^x)Ro8%INGProSB)g#*i0hf)zD&RAq41gx0*c^2cu| z@$_PRKtmHess-o}5Z+|Er%e?+SpF_IuKtVFfpcfe8`er%^homE{`zhu$Cei+=#Eo@ z+R7^`K4vmdvT%JsdjMIBki(WtDIO#(BlCRDE(Zxn0xcrEYxWlUWnqmj1DLlYCe1Ud zdd65Wvi|3v=ww+HdK;YIIH-}4T0axz_ND_U$uS=#)DRzd`pf_+x`dma#!F@-H&;|d zwtR2p#ev-6-cYbU55hFB{Y05D1)yH*HO}qCkVSbnq<+#wP07k&$Wef@>d*^f( zevTjjyKaZPL_ZJPRhSV|O_%0od{Bjj$f6kr{_wg6V-Je7hC%iv>UNED1@szb~3DJj_EA~fAc1_WN@ELA1; zxi?_oK-PO9Fg1*N4vXe~dFSiM3BVnxRVHfW|cNn%8_tuO@5E}e>DzBXy;Co@~nm!y*@kwpZd!#>)dd~U-4iDSZ z(Ji%Z__?}twD86`MCtWyGd4-|lrSuXnp~f1Q0d$*3V-DreXHpW!H3e zPl^p?n$i+rxW(`a=N`LbmRcpWF!3dCA?`zqE@8O+dDE2UpNm@lM!ra*#ynau=qTu# zKP_thRA{~XTg_G`@0e{=g^k_5pD#5!Yr%-)LYT21VCJ$uX?2~c z6{{xvQ%#wYe4fO`uPe?5z39-OJjr<5A)yq)lb%` zK_{VoM;5|Y0wDuM_Ied*?39k;ZSAnuyp`|WMFaeqA zOYY!0i>2pWI4s^v#d-sZSq0b}A)h#{Cnb5r?vOxuKjjdM(8EjC!&B%EeY1(~pw6dxQs0y~K3 zcIb18sH(-+!b%0b^`DHgqq*KMmBx-`zBOUu#90h2Ck1}nf6n6A zFbu(#SXgA1*I+VSV^Oo=VTm(^b)%;?e!IT2cRyIObya5fAblUEP!5ymsOWvJw8Qn5 zcFXCaGJcDUh@JLHaY^ZZjt#369OCECO{(e}PXylg_m>g)KUB(=AViz@12?mJ2^3V! zf@BY(YobQjcka6N@<-?O4tC8OVJIym%6fX0m01esjV{&UzU_tcZqoXhkt?0qbt1GZ z0{AB!k*s+9^%(C$DEMgETw=)?%P6kAow@I&X|F$HOb_Zu%!tSzhrKyQdyqf{E)Miq zzZBgOY?D1chYz&8@3tlMvI?8bQc?~)xAXR?Su`c+`{JR_=vas#;Ns%wL`2My4Pw5- z?H|;o1O3#M;-S;IVU#_jj&8c>A&<=un>6d2q~1B-*+cvJO6c_Dkq+(I<^G8#?~Bo< zQDF905CAip6HCj49%S$PmEN0fB_>XUz%`v&GMFCR#D}#HZ4w@g9l)GO7!SO1FqN(9 z9AC38#et)IPSF{KA>}1iI1!Y&p(sB9y}cgO>V2xNU~9{*6}ha5h1z{I@b5lfudeW{ zw({73xo(q7MJYTVamfDGx z?D0#G5d8g4RvV}1nKY3DhVzoE_O=*e{zUb}N(C0~(D?ld&jmnWT>y^-j6>|>RnHMj zClC!WutU}HA#|n41HS6-K|hc4>&2UIDA*?%?#mX+4>5lLJ8t zAhP|8&lPKor6nJX7?sBQR&}*6-6eKAFG`+cIpU&mP!d(EFo)Rt^=Wy)`&F3B_noMiX zFn?(MCuDd?{o`3ZJ4s1&bi8Jf)R);mFC6Kkb*15kOyvvL*|$TQ%fKWY_-E=!DbYUcr^;zH=Z*OfoNu(DWi;0FqaWt5HdF0mK z@x$l!rYzbtWpwUFWy!sN!Knue%C@QAo7)5T&Q}gl=6PK}Jr?1^PGFpEWHh9|BJYDX zzptF!5j|ZVVA8uYeYo4AoWg7-eI<>@!;hf`<)p0Dl)DAJXv_ZKL_cuds1FQGDWk%!6ibA1OOUAuTI>ii+bho zD_$?Gv(6E(wccxM4JCaOyIv0UzWBPBTEk5xn+_=4AbW`EwZ!h7 zLK7t=p&n!=J z9fD{$-sny;p&~Xn7h59%1X`UZL(iXI{pjjKLuu=%8r@GHg=M_FpV&^mc=2(EJ%hV+ z0Ab^J%-O`bBn9I@*|fOAQ0F!_o_L^-Q13aWOa7e2ue4}Xbz)3$L9q_4T$l1`n<=80t)P;!+IcciJ&J4u)xl4zU(54XM0Jt`jHw>bqR4HNN9h!`TfVh{CeeTi-;x3$`8{Am!ys%pWzTfO?cgVN$9 zxf$C{E*W#7zJ857Ga{LWSFN9auJVB)uN*cnc=O*g&@rTc{N2o)ja2*mm2f?&s6;Dy zdf`K-PhD$_@9yut+`{ z*nQWav$(}2%{?+~zgW@n_bjs3?Xqg%iX_(wjTq~lfSWA{fmEl$#YC)fNP2vja+KzF zQeYU2LCP!Wag9yo*jDE4YA3L~yvGn=IIA@s&-TF}VIub1>zCg~m&j(h$S;}>X|twK=rAZKA$$JJnS zt)hbC`Byo>4vLlQs`Dd=`G9`zyj{N16_+=(8|M^-Aw+VKWtb65ukL`3QOAqM5*RU$ zWk)k+>{bbOP9DG=I=l?vRN&wd7`nn?`lMb>LLm1DWelaP_y1|{yW_e3-*?*! zO)3&9l}$1tqsUI#naLiJ63I%7P{6G9nTA7mx_T+jOce&?U_-+7$J zd7Q`N^hbR@#oKEwH>#KqbfeS+wL}=LG7~gY+Hw;~2 zOc>9LdBzB1KR+` z^evz?&wl;-^*a~5dIURE$woJBkcy4Po2YZQxkIF%kd{Un*8n#;;sF810|+6Ee92gj zFJD;NRR8)l5TXHF$iih~;MTZ?-yg32JcViu_yY#<)n;He=nlX%fWRPyL|8{HMYQ6> zkjSCL28L3|brok425$=mv}1nG)D$m(eN;Ha*8mM-oScWe4`VxaHg95z_ykb^8GuXb zTpac|$Z+MT#(-^A?J7fJu$@7q3e_wvJ-xBLJq<&tEGu6sSG?iKtP^$?=`u$JOpXQ| z*l3h&7@a*3?#~V!o&0j?{;lhkz7Dp^D3?yhEOYJLuogKx(mFg?Y-PA7L%qO9M~r@m z(3GCP$()bq+`t);u0SY3u}6XwnUN>J+vT#t|iX}5?U+=g!e&Nh>2p5 z5a8{f6c_iCj{A-Ti%8L3mPhqNRo~oZvD?-lz(B_gLI@vJwlbSZhEvG!?1!~9j^}E0 zlM{c!J((3~3Ij=s zVhE^(!siMPF=8U)XdpgXXujr;?S|}-kB*90AbH0RW?cFCi1_7V1yjPioaJiS&KY@$WaS*2{O*JpO`?RVj%|{xo8kX zaPLGnF`1~`Td_|cz>4)VnL|E5A*&&}KZxQ0?IJ?;k-o6xWI5m6mo8nZweTSZKd>G; zwx1HoDN#njxuSb#0#422xC01CiTMz=z88=ND77&H3A_hKKXpUGe}T3VPfK4^kZb`K zx$Y8J<>-qPpk56{{->qI`Z!)fQ5~j+6LYn@(y*F=KH+YF4!_Vy9T4WgPDBb$=Y!2h z+(p4w;$gw#MmkP8qha@kvjSphU)pk?sV$4pGZ2Zh_)(#}W9tmsci0Vi4w7=fB}u{+ zG%WkiB88*eRK6+Z(u=3QKW-IcEczk(?MJ+0zy1>{vtZ51#Z|*~AG4zbBv@wjoWc`7 ziaZHNO@I@pe^w>6WxtO!##D)1I}~|7vkjF9;AtHGNXs$r8!0`rT)>2dSafLD?t|Mm zqu&x`4MM_wCMNI0)y67O&ZuQA^TJ)kxKB&KtN??MFjFTqLU(Z5F}C5Ql~&Y+B;{l^ z^74?QJ5)+ce^+C3$I64dKyueFd=jV&C6*04qDPH+S;Z9)oik*Dn7vSY&#%CKaX#Sz zhAhU%Z$Qz7i_qDOnCDo69G>8iW4CNPkGahi_Y4sGNw>*;ZfD_Qj#fR8ok*}jcud|F z5Zbyo!xd2pyPhjlGOht0E$2`W3PdOh+}S1Nuf}#%rUo~Ap9vKn@^dtFqxYBC{2XrD z{wI?~F59zDUo#6Y{^zR4#GScf;_t9D*0aKin(Axo7pXtcD!|ppACnyZRsRck{r&y6 zB{liJ|Niy!^tYQ9Ph;>&jE}HA*P!r-D*AE$zdk_xr2MD$z}kBK!$eU$$5ujG&K z4tEddgMaz&Uw1aM82$&_{qtr2t1oCZ=zLlw!EXWq8UZ#iqgJn&R+V&RJFSv3&W4bH7(JAk)^7;zlwFO!)s$&e@+`~;D z(Iv?#>-;A-z#q|qK~=5go~_#QhE|IG9}RuqnfMPsm1UZ5A61gOZ^e-9=%u-7X{*=3 z>$iq#hl2t%dS(R#%}KPQvII`L35CTv0Ym(t<9V&-Sf9$V~9km=J9X5>BVcbXVyt| z*zfT%hToA_!ZTT(qyGP-GiEvsF=?78f9FkilSx{)^(L%lxo%-OpI9-O)9 z6@FX#eRR-I>HGo_zR?XLruRa2(-eeE{Wjd)pzfuk;E30mG)&>9uv*Uar*?G_+i@32 z(oQkP7?f1ypfunG0d|vPujC(CAM^^mBtgxK*_VR!R$_UGqYWGcC~T%JQ>UN;K_M=B z>j~xu!w(-N#%+=91U&)+h^$(Tt;MF~8cO7W0TV!zBmjlh;&_FS7XOOo&5)iwQmCrl z<9qRQkw8IWj?W~i6XKp@Mki9XbLbe{^Z;A~=c*%Yk1!&&r^oLv&Kp|m{_e_`>nli2 zP%EPLLBs!Kb( z?u5!2CPi6;E@;{&J)H<=Xhd5MXCrg#7IQ0lYdfR>!qUhQ?GvB|NTFDla$ z3(qO0+jqS<9Ho~T9sbz!tL8r^i`aU7ygeI>!raSQuD?`KEYMN(QJ3=9IODWmPUnIw zWqN<1NT`tjWu692k5x-{z|LX)8gUJ)!t?7MrSiEH>(#D09Q~wXB}(VuEEoTQCA)3C zr9qdbQN{o{{0 z+ESq`04@nr7YrU$Kzd8$ zD*EUH%ol}1{3ibXvg>S%q9KYk+tn4O=7Zs#jS>g=`6%vSk6>{}muJwKqY&qhN6R zW#;yg7$SC#t$cm+?N2EAU01zN!)oB@Gpff=Hnx7^2`KcDS2%k2?0Wr-w#I%XgU0u2 zEOkB=vsFPFB@C0c`#1WwnVZ{sz7g~{65>*}*mb*9LsBZs`;1C&B6qE&gv2@y;k6M4 z%Vn2z?3Y~l6!?yuc=bH4#7^&-^`kX>!fHYLH*N}<-k`dAY-eci?j5bI=_6OuM*G-Z zO0mDcgKK_=0jcO;AR^QT^QE*TDGXSKZwowraFfKci}>^b;Q?k$ntRb~g*1nVuCp}r z>CM2yqU{Oor{{5I6F?cL8pu8^9-579gP8I|C4hr|ZhOOz_d-aahwrJs+)zuLM2vtsZgbun=^ zLD_+#evn;%ej8FUtZoppMMZFNA@0;r?VpQl;B1S59f$t%$R&D_+fRv*9toeGUROSG zA0snZQ02&CZl6aT5=8V`p)(8}EO6h8c49!Hx~IG(>hMqZ zCJ@i8b@?rWcN^y|Jij@ihA38dS4KPXrR7{|Jg2nwR`$(bI z({qt&=L_f^uySmQx4W}6K{p1z36~D7A(U2ACxEFnn3JOngdTj4k(YuhL4*a1K=^r3 z*8Mmjh)q-H;MObfb^{J@>C!&5QsNO>Ij8-}tlqD(m%cJ&=YDT@TXfcjJ%xkqa$4Ir zzO9s8kCzNNWR7uHQ~B%>+LFj@DskP-Uexs!QwN8W`K#3V?Hd&T1YQjKl?OS-R{_O?C% z^au&DERZ9JWB~7PdUZ}Ys3{llGLJaJwSYYBvBcb*_rKlkzkfHK2&@zrE(IvRa|1T2 zWgZ@rQ};qkK03$eP!92i1!b~EUO?yWfKjvMtVhsEl+&YJ&qo7Cqd%E~UBI%L z|9vqk=el^V_LztBit>32fDg%#zc`YfsG-?3h?2t!+B9;P`Yt)aBh)cj0mU~kLD97S8>#lJs!`dr6*T218i>u+Buf*ql;J_0Es_%#jk=g zMRbxaX<_6zHUv;EFdetY^4fmGgHf>AVv?tWbit#4%n`{D)I%RUwgkcq6Jtz9bk8Xp zLoo0M23QXQ+%G*6X&^Xo(YE#e&1_I~93Pu3Ws*d(C%f;e3!2$_4DUSe5IM6n^ zzg1CBEly6kv;#V6#{?d8rfa{o)@aa5{LyRWdoMvGY^n7JZKEXnFPZ8ehXVE{vuG%r z?4qR*={~9y&|1->CL8;X>s6|5xe7<^$PvRDQ%xJ=v|SsPwrXeHHGAr= zx#>U{fYOxU4v54E-%yf3u?aaE;z+2fBmM?>Awqn1cD4k(!-C~eghLOo8A2r_KL8TY zKSEwVG=YE3->?ILiU9}00cwjTyC>3pstL}M*B=beEzS?c`GIc~z)!@viBJGP$Nnn+ zBTz%XP)UX?nl$i1oPi|ce!CSI_C4^qgjrxO>A@{2IS7*XaRPu2gfT1-BTU>w>kCoW*stw z{@F6j>4KmRsN4<|Dv-S*fI%jWH2`4uNaO`D1)l+D33^5%Xd_ueU$!28(P*rcLCJTYR0gp(MZ4tD{KkmT8P>coHY)2;H#MS z0__s`A|5&)+$io37}n(iTqubBLZ?|aYE>$$dr;8Rs)gA;IV=>B&sP$51&ZK>ADHPg9Sf8#+RPh#biHqRkNarJ$t8& z5z1@S^Zya~05Q0bgyv*yPZ*l=o8~yy76NU=F@zrl+8iFM%U?PQp}~Yb(&((=-*Gp< zbaB)j_Wy=d8#hIqrjZL_rd@Ph!GLA}Gs*o)9p_X+1TcWk2>K}<&MZgFRiXB);@-dJ zGOSuSRT(L;n~14YQWGExd{E}OyuZ1w4RYPRJC2;KzSw-7;;tU|l~zd&m;K95H7n{l z2L28oZ@T0umrvW%*;#7Jd8Qp>UMB}c=7X`U@fYrZ8oB-tvqP=F!)5c-E0T}VY=3Z9 zg9;GXb9(7}pLzMqS431}(p4FAdW$@3#S&*^5>#T^Mu}b5-=0TQbR>$gB;GKoSry+fmyH&gReTQ2Wip_J_PjLr;;y^+N*n?;|VOk{@Kau8kc@WtebS2qVQppaLG7z0#m zC-p{j8)4tzK@{*)ouKmpqXjKumgc`+(X0&8*6Z)x<+xSw{t6Gm2iitETX}lrSY9(+ zhAk|r5z>5G!|#NkM!XKi#V^8RgTCeKhzp|78KyIUns;tMxkk+3Vc-6D$OZ;I7{j{o z&C*mY1b)|O9d!XlVZj5i!f`Lo&-NNhZQKo8ux0rq6ht^-AgsCz0no+OnTu#{)}edw z(^GF5MKGjtaPIKNM!>l|(A-sdNN%?{bg1NvK#7O~kTBht5Rhj*63;A$go0RbqKG7Y zxR|SQ;^SXPp=8p1uTB}eA+49!i>e*tCX>{I$!vRBTDLy4U#C%WrbO{m={6v#ABy{g zq}MxU_c~F1vDH2N^eLvDDBI{{cJW%iv!H&Nw{6Ku+mQEn=K)rPKq1c5SG(Bb`|a)Q z&=-Pd|L_t29DqW%ha(-#0f0>7Kla+=Q$hROc9k^WfbX{0FiABV9zK6E~IxYnhBr#F7WM z-gZr0Lt`r4#`Q7LDI4Fut?7G)6OOuQJ%TUMM@%k3)*`cWL!tCAoIS}98K{A2t!0y@T@`Iz`BWFmr&x4@?Q>-+nRX zRg%>&CJZTj#9`bLtXhztox)8o4mV&lUlAA$+1B$@HzWj9h`T89LtiXXg`> zE^sgV-G^onj~T3X;l5BXA`_&A;XPb8(cpR08blYT8eeqh+WOJ z1$j9S$_f;UIKW}p82$P4XGJ4uUaMH$P^{kh_v`e$2+}jc^Wg;%x6a$Y-;*szyuFcw zlHG=iLOcDIPL}%60}MZeyW9y_TTZFAv~Rut)@{*d)rWKdGtqCa-PKL{b$8$eE_j4e zY(&nB+Jr!cP^3Z!n!JVckEW=HUEe$_p>4}h^V5Y7-GWhit0(iAuAE4F9RFpnuY0Gm zCy#s6?$T!u1+$|9%ul90<}A>P{hSh;r2FZWzVXpR+4TAjjJk@lB3rzJXtp+MsXxi^ zzWooIyy7~qf1SL0kNce1_L8xqB{ljAHx5i=hZAecdbsBej2ww)e^90?(C6DCT!NQ; zD*M0oG12`PgD3I#d!$_(QP;+x|SP7RR7e`yU&_EMpx}Qu7_~yUu+7tNx zcNx`2BQJ7%K*9}lW5E2%*$)V+FcTLz7lYFkopdPY=fkYb&CdYvtJ8<#glNZ+K?GKR zK-RMTkz~dwZ^WkqA2h_GF$kP^A4I?%d~i~u0oXXIZIjfZ5UrO~n&1GoiugyPLDb@AmNn($}mlsk>ix+|^s z<=CxW-f+qdQP}w+R@1#$)|hwNMqpIOr$RD^lA+Z#d4utz_ZPKmueSWu_3>EMN=fQq z<2j&_MX%p;H#32GQ^=IasD|oQ)tKE^9!a`4#rLkH$TG2Bi#YaD^+EY7E~bJbkg(zS zM9&U{L}sR@(zjki1z~$cnc+m$YdE?ip(CvJ`D37Q;6yUdxtNqOTRu7KRH8eruBP_E z=Fap1=!M|L*1L^M^gQ08#90(&fRH>NmL=jk>YeJ>*SIA4`0;tk_>4hZlW{fgH zXVg;pjgE{EHz9l3P*p;^4r5 z`%2t!&lADs_m#Kdbo%5B9FC?y!HH!BOHw#|ECORaIa zfK1ZuZmv27J;kPzq(4txUG!Jcwo2!c%Q%1f`{05Etq$sb$WiJb6Yf)N)4P5gN zQ=xA2p~xkPF%i-nM1_-PpRImh{yqUPxg5TnxO7y(^MZP>Kfj+S#hC?4O~vo()Fra^6D{;YrNmS#l%Qoc=+aZ`*)tFL9Yvg%r4D4)o~V| zebFBCKK4OGDgC?VUxu-=>`G>;s_|V;Ih=C4u}}wz4F3}-JRw-zAh$)#A{3I#{FKM# zi%7SOjg2?p^@5q`m#u~f?s{KNVf(G5Q#{#oy-9czkOQG%}=X%j_5keOf^6+b)nwrY* z0EY8SdIB>wF?9si7J-|i9b%n1I{W30{ee1R~S&3>VSv83v;(aKZTb#0?m`!S% zQaV4;kw@WINyf+tx(Z@XQx&63CHdNU2tNauNvD*IC!-X#6w$-|>34#8b;x=X673a!8SnL2a-7=T+@VIF(OhM^xAe8_vCX~Z zYGsy>z3Cp`UGtD3@xWdv7xu=E&g$HH@HWGi-(G{p|H+4^`pnt(LL1iXEjg2_>LXQF zvIVDAANtscvL7nn!aE8;qcJ&_%Ks3~DPS4E4+!djcZWki?7XSM=0ZeJ8(Rbu)I`vu zL3#$360Ujl2vhH_;FKlr$=X(&q#58xf$&!kYoK<|-dYa)40H#=LbZjNyHD@P2;03g zYcSmvR08l6=EV2L@#%D<>z&Za_3Bm2nB{BQG4cQKDE*5lg?QiEls~EC#rs zfP~{ZOmzN8b*=;!>&9Hmcp9$tv1sIbw^dKz;NRI>$*(W-K!1h2m z8B9cve)0)mOKj#3uqg3VyauX+@(k*0jGGjUH^;SKlYQ(OgqH<}auk4O(XJsV&2X$k zwMq6Jn#KZO4gsV!vEMW=D@AT&QkiV-*EH9GYb75`c+b!)*IhlyP^O6nY$k(L_GTM zy{QV=-=S<}eau>lS}yEr;J>DV&dDX8lW%_3RdbNbJ*Ta5`}OernspmqwWzV>A<#5|FU^HZW3kfhWsYcr{T;6i9tc={c>ymbm!UGK?OK3g&U`#z zGxIq%y|^JC#_skwv=Egn5c@ic9WqgKI~xrgo&D^dF4Kmlc)(Uk+Ubc_0?u7*T}w+Y zHo;D!AB9pku6eyjEGNr^w()#*^SRPub#7n#E`fInEwZ&{N2p9G#}4Gre#qth?#=l6P*r0 zW7a1L3N7P>8TJNW4|d(T#;@`&XQug>&Jmd7{fLd&{!vq3x$~rX%I&}}+C9<*D@t!l z`7>H9le@0z&z;FGo#l?MtF`ay&VM<}`LN8wRi_O-*j=X&*n_rph3c#Yuhbrhh~oM4 zGx?LQ^Z@!wrZvSOZ#LfV!Qi%Zqs5Z{p!gkKaE)njlANiR+%cQ@WaHTv=qHO5b=JV> zgI3I4adLPpy7+Gn-TwXcgW{`>;Qyg}gZg6R-e!h+py)GkjLWhWhRX9Um(w*;1v!|b z>w2zRb`{OuhD9_wt+F{%_Z|LZIxYF&1V^okK!ke9<+k_lA^7vAuT*9WZbV0&Jph*y z49jvtlc`!}TON%4p$Z%U7*vWL&7HZ3VOyh$y7Y8(Mb`%E`4kH?QcZJ`u??4} zLd%-b_??I9(7LNg9ev3mU}sWbiFX-#RN>n{Um#f6uPiy1AkA?C^-3h@+*(@cC6&0{J42t{%`+15JHw+bFKZMaroj~oqMZC5*r z>{H2f4p8{6v2(wbb=z8u{6rJURg<1twbT|ne6V#-sU9v94YlO4{<-k>Y$c_Fuz zH>5=X-)@1NSdgmml&?L^q?aKfP)k-@NY{@Jaw^FH5H`%X@}04H*lvcnzO|KvV$PN- znIzC`j-FJ$<^!t?9x-4QG7(QSE{e^^m;Q9;e&xDz&GkwbQ=?kGgyGnjvGs|j@`*nz zC+$P`$YeEB#_zk+)i9hOdwSD(YmV@aoOddpTNdX`-MdcbUEq`wF4&Dd@hd@z;?wxf zCzEetGAC}S&rmvs9HQ-dR;1)L+vupDlp!_c)@R$R+2~yB|8Y98^i4zS>Blj5N?fLM zlqK88w{@;xpJ+QSQwbxF@UXB3(zN(XgT8e_NSl#k^4%BmR(ns4`_N&u9G-5}VDjZm zx1mK$k^=BDgr>J4(U%3v$|5L|5}ukCUZaa(j9Jl*5p zs&N;P`0R&07l+XQSfY8IUS_~n3%!@E4yDrvBgI^`XPxvCEmF$L^vN>rg3h*d59-HK2gO`8fkeTpdgh4h>S9k@XxWm9=;Vhz;9*<$Toj4XFkCiFrT^n2!O+DBykxF!>}~sH4Q$VS>IDt@Xj()E~;`Bg&MEyT+{} ziH*SQ7b8ClJG+@Z;^#A0xyW>x`ipK0s^pp%pi@s`+G4B~LY{rq5x*g5UM57p3S!p) zV9MrDfbDS6cTo-P(|)sw?agZx)J@yQ~rYbF#>X_Nv2-ltQ zs>RJ~&O{G<;bk7slZ=q}*zT((Y#S3N{c~kRDD6WSORBaj6@rw{9}XEgxrVlV@)=epj#5s#bi&@z&gv)`2|d{0kf&+7=bt+;ZZ2 z$45)~_p$ZK+Hju}zA^T3&%fs-JGyNw>Ru$2&U`AUK~g=MoD|haW*s3Wp=Z2mS_I~* zV_&i)wL1;-7)+szMDlH`cPV4ECf}NB`*ur1Lx};~LWjAa*276^Y#6X7ZLt5BMmR?J z#UgBzGvfD$P_OXB_5=UCDm^TC`gEuBmyRr>N8m4COioT-X3-95IUR~twf2ZuO}5}% zgnrlYo6*JN+hehI!6hcQTh;I>l5OQHeO0eG>KybN;8HvEyrB{ z$26xS$IK7OPJdB`N^%f=<#1#Uy3lR)3LHKji}+-TSck^IZ0lmdGv(7F?fL02Psa^n z4WQDT;mXh}6S)QA2+Lr~RUcazpnd(!jGfKKYs)TQLEYMi!pOq{rihAuqQ9P@OUn*g zu2Bt(*19C@!`E{{qwCjiYYmo9=pGq-`}QuRfH%5?&~u#Co!?}b^%8&%5EyJ8n0RXK z5S@8SPN~4PZI{|w#Tnb|`9($3k%HVRPKQMCrFMGF4SKla4Bw1id`@J8l{dsD_ns){ z3A&I(POJISOzF57NZDR?U1N{DFiOs1^hM=j9>StV=>FBQ7Cb@?~)Oc@}4Vb#?XSp$vUFV)oe0HiYvW2QWBV;Gqe4`W8s- zOQItz!s%#f8^C7g+4P9vvbtvS6q}lV{(OaK7LQt|>w0RRPnv#)%kQ7x{X{h}B!28` zp(=WxN_xJ}mhoZe(Oum(b!w>+uc#0cT%#g5hfs3X*%p4KxK??CPe>>k1IDyLbgC8V zuAG}-Tys~a+Ee`VslvrCmZw|8f@N1174^%WQ4Fm9D(0VH3t@E(nGxUqdZ95lJqucQ zuAJ=bSiHue38)|YPx%rp%EBIT-EKBCQnaD}a`vB-bwd$7ONlE8O22*I>{zpA&9{@q z*?C-j`@^}y7ivspv?}ZUrz3Yn_7v&RdgNvqk5tp@Z1%98T@6v^#8M%r|0)?T{F<3&}!Z%uKqPSA$4g$wgo4L?@R|2XBLB9OHa-}RMKY&t6; z@8rcj8znc^H6{kckP~q9l0>A=aCa(AMOW6CgJpTb$_m6YWv+!3u?JQuhr(209A^kk3sy$$%-w@I^M;yJTt&o)Q$p6cyA=fI-^?jlM#57q(tnqeSNgA2}GbwYD8O;v%{&i_%ROavh3F*XMOnYaj@*Ak*vK3{OQgLR$bGv zqV00y%~zYEq%uCQxR=srK+$KQop%el;ZL4_9+&LfNYQ`S<1g0Cu^Lj4KX;$8BA$J~)! z9tKr>itYKFl{bv{f8=zdBJ2N~z+y#(N9pp%?3IC%@E@u7mbUL`a!AcJvaEfYBva5o zqrYRj`C!$U7db;L^HOj)uy}9D*zhbd`TVgsoTRpe&tPlyX)XW=NPg|}1q9ih&8 z-Gn%w^-)u-s`>V#j8oSsKB(;cSfo8R)SI1ou$)ztFR~#~S zk=)=r^Eo)=vQt5wP&ihk;b&e>BQ)%&zydon~d@Bz8+H) zZ;co{P?L0ixw7P_Pw>|C;;=)kePJC!0gZ0m`mMI2&DDh(v6-|UF-S&*BQL~eKA1Z? zAGU`?jsiLAO3UB=98F5BM%5?qt&xXV2lkKDLRqOf_OPz4;>JHpPdYh#`#yZG$nx1q zp0Srv@}3G_s_LAr>CWyZbW>KUH#pptr?RBXyY9%jj;Hm2-WI)_lIjiDaF&*0}hlTVzmJ_-b!vhYf9lZS(ol5dLn@UbEhm3FiqyY-JR$EI; zJ-u70bIv3zk-joyuxMmr;!?7j5?4e?lg(_D6uG6ZkAw}<<}GE+_I3!n<|VWTpSc-) zrgql1_e;I}5w$!T%dFN0+an30eY8}@)`h=H3fSx%kJgJvXUKc-x$KbX8*9E+koV?I z%Hy2S7At{)&G+8(1Q_hk=1}#uPTeE5tz0Ri4{IgtSRaGfpOfI5nA+Tt<>}-U->8h? z_x$>9uQTJ1J5clKzA}mM*n9P0$;q}xhi>iG;+vf6;V}$78ucC`evhIzDzK*(*$sGe z>6OMNSKpx8u_IZHBc*BhWxHjvM(XfXup@eNOmb)kriC0coRfNfi9TA5z%w5|NzvlF zGG?pFU8<_wdU7_eZf^LU*AowleBLP5CZ3>+T5R#0!Hppzo%QG1)mx1QdUFg-Ow`Bn zGpoH$_)zXh*5#_67D4V7G{_oJ%@XpETCU$fIU?e)@c&3uu)P*#xo!muO2sH9A)K8KU0Ddbp9SBv*7>m38?RGJUrnHy4a z59gis7gpwI;|)^KqGK1TDGV`|r4ny!v3xNv|KfR@>wcTfSse!P&&@0(yEWWeL+0+K zdwpVRv^>)6k{2g`GKle`EeC7gt)4pB2IW?M8U<|&yIjrDm8S6zyi}}x;dHFRY-ZLb zdc8lJEDK!S4PLrrq`7bpH2EpRQJ;dI%YJnOE$~f+?Ec_hL_JP)qSDBHLyS zyilEw`MqiAcSOEZYAc6r&r?*k{sw(&*R`t_j#BOtm&5F|QQkIKA-P7&B#lfKW%<*w zFEysT@(FL8Z&4f}r~LKk`B@1a@zbhpQCYd$&zrP_=FKWM)l*5@wn~^U`{~?C!>X%e z)Njb-;9S4uyaB7XJipscq3qDyrCcE{}VlA#(dt`niDPUBy^Z~4U2RAl{NJIL9* z&YJPU@SFq9Y_ZNX9ow7LszRl)A)lL6qDXMc-ZVE$@MHU1G;O-Lcsyr;dq;4dW4$W1 zoQ?jqk%T?!CAVW^3*}{4E9*b5z3689B27kMVE@C(iEl++Io8-b*ej~^l_g9?{x6!8 z6I5C%+7*g!S!>NUdP=J=pUS_NY6|BV z-cD?ie6T(M_O7YIH>Pq`qEd)d!Nft>s?o>VNeog0dZUcJ1xB4)x%E2omDp_-==IOvFa@@!IEDg{M&guYV!u(_#| zO1??zo?8I2><4PzEahk7LERa0{YpU+$GeN?PkO3dl^LnMRq(@gcSwt9U7ithf?-Xg zadaw+?`*4k;vJXR*uES^?6qGP?HQx`G_%iJR9=_gEI1H!L$ReZW=Sx_enw4kf-{$2 z<5uuREn)ti*3Qs~qTJm>4g~}Dw{KoJuvvt&RaiLZOY6T_7HvM+1zdb~ydgE+! z`ViT0cNyAv`{OwWR9VBWcIKZiuQzXK7|+VRe7aMVqIJ=!Q|XZP>}MrfkDzG|#b3o8 zLg8fHAlgi3$3;gbr{V}-EZ(+I61ma3<6AW^<$#Fl9@mUmmJlP_g+W#R<(ZPA{Ot)d zRf*3TqH1b*sVcJ4?>&!ey40zC?V;1M?(&{W<|3WvrdvN z+KTM#sVK15FE0zfT0LuWl2*t!-DP~?rf!G{YovT~S!S9>F|wFL6eL;!GkHa$3INT$fHd(Xks(oIHe0qvg z+@ad+{%)f^yS)A`8Znb(?yIAX@-J}Gl~?$=&8Z!KqHZnYZhmSpA6*7Fsaz0JL~_n$nn3&`34rImsj%m`}e*lBfwN$uDc* zrPS(j0}l8Dc^UI?WUZo9!(!&(qpXn87=+T|J?!2_-wu%SUOG7iwbL!WcLZp#w~T%^oj=Rec4J`i-g}lJqv)2T zzX!dU$F_Wd9Zp#9jpy1M@?(N@JAYT@=omEn94R02Xlk*PnfRP%XIq-!ZYg6gu0mZ= zBIiDKVJ2%`B_CzGsY8STGiwNSMVHro*2*`-LfNN6VqY%Kre8=4HvO`g!xAE`;M?e% z+z=2Ktc(gr<&C0L)vN4kjLlX8_VzcF@%riLhb}c)T3lO6(M}J+_RgQE z<%z$rzh=j}u*BrsV-81x<#Ezh-4x}I;N;}atjgxJf3FlZ2&BIz%evx*gSj+y#faVe z@g1w{k8h=ze{NM7(s!yPxYc><-?OIu&AX<30;aR+mok%|<=b61y0BhIC&P8Q+>+km zk~gKK?LXu4m6PorQLZ<&jE>4|K9=KjTR85y+3?rAeB{?f-EZoDt4&n%#T#}sB0-*3 zC}kM`dg_acZ_K^t>0xUx>OZR$;G$N2e^b6zS?O_=viB2>>hF} z;mbsdoqLrz-9Pq7`BRPX7=$8W+ibQvf!v$SBxjp9n2Sn(V}_7_RkGXP$Ug3vXK!~+ z#qog-4~FoX5hRXIlabyFydkALflX>6bJ5I%0UAJY)srWzhbBS` ze?3r05b^QzeRTYf$@r&h zJ2Bzs`S4|5`pm8t{`Nu3*nd6u=tKt?AVRl{*rOWJC_dVDqbPLyVyR_I(bC&X!hx-C z&y=Y|0mg$vAho-{M(bzoY96)pR%)ry2&taIBHx9@1-q3ctBHR!*dkS8o{qY!3P(16 z`2CEl?$dBb-ch6*`PQ{OR29k&6j#}TM|^_I+Wr6}b1_e@jyM$j$TO*L@+u7RjY=6F z8kW-2-41toAL@hF2jz$FHRLixRgZj6PWzgt9)E#)bd_GK{_$}(wnR=L7)sqwSNW*& zoAqifFBQH)v{aP4Omg6kX`>5U+;?h zAEh7hi}1ZPJj4w+vu-fgb#!lJ8Bc1?Aa{*IAsCr_lj?kqin1G50Xt%~gjq??yEw3$ z3%B^>+b65Z_w^m|rXKFCP;eUa(Z>^~^=P2T^2%!HT%qk^BM{PCSEQ&qa~>4FD!$1p zY3V)f0jdc!Y~Jx{W+~iPQ@O8NuuN3lq@*2*O6}keZ*+6EJCk>dxpHKCYn4+X;un%Y zzV^YI%a4>kEd;K2Em3OHzV5U4plCjS62e@Cwv3{9fHf_ON;>XB zI<8YlQ;|%5_RqDAN-pW6ZCO^j@%3QF2@PAmE`$?GT928xn)0j5SyV{Lqs^y!&BClZ zYX-9E_!WZ{r1G?_aVD^M8*7Ikw?fTsb*!tnlWo9}j)6`MsY0hsZ8k@kN4sdJiGA6} z={KVqFDT3FKm0bIu+l8FTc!m%3_e6)#^F+(w8tZAj~L_q+13j4y5mt@5-fiT%9W5? ziV1qEM;K2^yvaLrpnJZvtn_)7+Gpcjo8EFa0hb3qtCKheR6_);e_mTCp^7`Lo>iQ{ z;i++$N3Z6#_nJ3cl6rQD`I?Un9+gY<|Mx1b$DwlB-%>vhp-}&`3akzH z2bdk$W|Z9RORcOk_mByvy*plzZ}3uIjz#!}Hfzw}=TC-3v;R3XBH|CKI)7|RDUe+L z*27kmO;Rhcl@<{=zBCpa!>rQBDvpLus+TJamZ$fAbuM=oE&?EoqNwY+e~TtuC-7Cp`EdJ$xlv~jQZtkw%b*- zGauO;O=VUuskywh)+&Bj@D3St1g~w|rNh`L{m(@p)!*_x4U=ikIZd9ETAka+?lkHm z*)|f{?a1`iRiv{SG5b-{$%T%=#XM&YPVRT7F8ifH4fPkSxzE0KGzOdmHkvwDsEJl9 zXHTizpQ7J%Ux-U&QAcBN@EIy`jjBEjn09?3hhizM-yF%ZYkOzTiL|b3wR5f*zI*xZ z_f{=NPXn!xKLn)L^S~qj0c|N!2jiyyFQT$Mf;HujdJpmwj>>j~ovN2j{Zn)5nT9IOphaa87gK zo`;{LP73P7|IRvyN-E>RA5UDPKpdP~IFgS=lwA{+N6l?@_T1+8*9KQnh8F_;&WaG- z6$!p{_kHTqt_b?f*@0-CFu@*9&QYq&rl`+HsiwN0D-RkS@99K#D4TQ(O3E=T#z|=h zT^lZZFi7>}(sc!r`@s=qL3hi12Uu+FPK|i+?lEmmomNYID)m9;V#KCrw!Apeh54h- z^1Z@fVWE?Gg}%J;h0|wGpThQ>V5tWy=S8fBo9q&rV$c;ohCO^(-dqvIz5Vb1P)DOS zFNrIxlbzSi-#b$;`S<6@5g4b%HEd{V_LuD7RC?}nkwmh1|MlzD;`n+=agiPl%4YK; z&AR`7Wy6!n3|mDNVq$R-mENZ0+_RBH^8fSF^!Pf-Xx|o>3-5`f{`(g~c%@co-F*Yz zkJ|gi|8Go~H`-A` zAvp=(pjPa6DquoiE28>a4+e0b_MZ0IOOi5Wb6&t{_VaAKt!7sia+Z~;py2i)lcqk=QgauD* zo)2@CSQ~1P=;o8k^r%`t2%EN@`*p* zvv_*?5^Wf|FundH#g}i`&vNTJb}Giauk>Ky?G0@i6}KIWq(Hgp8h_RULCxKU)RuU| zd(7>sX5r*6_;e4N(~bDvcBt`kD^0c+(DW;+6dK2W(L?TD38%NRcnYJ*l?}_};CG#N zDT)ps+ccCd2+*28TzBMZ>ul0cy?sq~Ryg?ez6V#UaKonMnPXxT5@x#7pC#})1wV^n zelJZM)M&81yIW}9LrdA5lAj;`nC4X~J$>@}pCLO+_E`LM#f!rw=9ZTAYkT=a?pDKd zxus(?QBnoQZ6rfOLqd)`8uY{;>+J*jPbz5#;JtU3`JuSEY0`2tGzd+~m+ z#q+d%+TkI`Y5MqkhX=2e!Ajh>INov8A(c_Vbw{sV&ezp*vEHY0QmOq-+{$^udcSIt zTe-FP;FzZk?YhUg+RL@6ncKAe3%|%A%bh3d&$zTu{$A3HjSeGr?JD;usNF)3y%(s> zsQfG8%^R))IIdN?1_fjf9z6K0cwaV2przA$_hDbYo}2(xbBT5LB1ay2YQyy#Qx03u z5PF9Q|GZ6hhl37j56Ar|DdG@urZ!Op;vc#!@1K6|BJFn4+1wX+_Uzf?=re;B#ZtGf z)Ue`f_ou5fDdzN&uU$y)d_qrL$BLib%doYzWmKdANBci#<>r2J>&h)kf;2Q=*tC8e zt)J*Csr1*z8f5;j#@Fb`@Zs~xEj85DYn*hByoG1&Z{UPC_o#Pz_YPEd#|$g4!z zm%p7J5%}8bqyzmoT`>q=pPe1*^hWfyqfWDvPIPp%y1M!&&D@9&)eD5SeDSevqb+ zQ3yQ8f%-1klsATR^<>n>qg{I0{s}-V(a*8)L#a@>I=D-}+tXif*dQ0^J}{-+sHb0&}Md znWXB^57wf(p%jY@CwpyM4M*fxtECuB-!rSLhdtA3nBXoIA1q=Xz&!|7iMPyR2w<5- zS|x*N7g68f*v$z>euHgVfj3^{oWrvoHca+Y67Tbu10C+@7-tzd=!*ruQ!`94+i1&i zBMI4gL_$hngmoB-nXty)Vw+)EiG-ky`Z3&MLaq>3gwE$gr9trO0V<3Oz|->(b&!o z%4ZOo+Tres;o4YL=$3kPV<-i;>q>DykNpg8i&2C=>rXfs(;b6qn3%Y=;Y!(7$m5A& z9Y0=maa+pD{Kga#LdsI;bK(unmrW+pusMv4mshe_v(ZV%-`}6dap4MlvUa(>9|9JT zaSLF?Q;6EMGikQ=0`<)A6fs9fM;OTE?mG-DKh{srcP7(CNp+2lb>!((x-J(qFRZQ6 zk%ubgs_qY0A8Q3S(p0*v&22CC@PyS@IH6rJlL3oMOBIV6(7IuC+5Ffz&w|3x6crU= zJcSMp4t^T3e=jNF3e&l0ne2mggAvyB^CzxueoRslmGjzIds?`Vl$shTtT-P`fX~GK zd@_P;Oq1OFuhGd~!SlncjAO0cJv_>tSIA+C7&(6JE5&s)8 zZWLht_(kG893)qIMw_VM3q>V((RcrKqjW|Sg`s#Kr-%7Pw6v*(fCH`X6E(8s^{bl} zA62U?So8{DX}A+n`5&Ivj?K{@WZv65XO6ez*nF8-yw+a(wQkg5AErPj#-R7Pkj=)f z;|=jw$7fP1H642GZ^)?a2b4yC>7%TeraI92@gXMXBuOZC5?LiB8DlJKp#?O}dDkUP zEF2{+r()gHO&IiG0aUN;q6e))(<9pT1Hwzby-FEHo$fUK@-@gK@B&9hjP%?VNzhB# z7RNFny>$K;zlk^5{>)}7JE$|MOB-7xBr>E};?-B3QdW6xpVicp8T~Wbn$PgOWqcKk zh{Yd`4^7zx3hvddj@@ErRtn+lkck=`ympJ^_d=M5SvZ;U15%k+#WK3?Q_NwP$_v{E zUQ6zahMi!sXE$Cp4Ve%+@Ump+$}OVHpT?@N!0Mh`o?_gPu@4-OACicH$Ab8s~B5-cq()5^&YSw@2)v4mkH1e6V#IzUBQulNW0wi06@c-{4Oew-ZL70ZfX%;`mI4$9 za2BKI9ScizUTBY3yWiN`JL#cm$2YG-XZWna0>cYBIyz+jB3a6*X=%P@96)U0qhMqR z@3+Wd4*IKQ0h+f(Klt3UC{a8!*B*a^jO-RM-g6BSQfBRmLDS@P)tmy8c5-AsW+@xk z+ec6zO0(7G3}$^<16bB^b9Q zR)gJNz9q!Q-i~kQ3X@A$Oc3@-+M4eKDpbCPI<(b^u_$icm~IBZEY|Nt6m<5?nKN%g zL+y?aoceOLnxRt#Jx*1q)y!2jx3;$4KBJS>bcEfj?zB1Xvng;ws}hUfj+KT<_eGgu zpv0@^U~6AMNl8h&()n^*;Xsv#OWIU-i8W;=)w^f^A-_}8>wv;eou-OPdJ_$C~_-M?&{qFZU_dv+#;4UB4+j%K!rD2A)7EcR09*N1j!nx9;&@C+71&zZ1cRDB-b$_>C_cZJY*Bh9CJH@(jxoW)FDbKLgvVaxK(`C#9c_Aw}^a5pE z4bdI$P7{t9{^RlkB~5a_^3$?*gg%{gGH(5FWowHRQ*bBJB@#(gf7ERGg_wcsq~7=9 zP;`BJtaK=Mvs6M7)5iGa=D}g=)O%L8&V>!(a;C0}24SOBr|M8H**YOA7yA8J@Wsu; z$?g`>`fRju1fS;jI1S5Kv?lHSeGToToT=&nLEg*tpNi6MiYwUK6KZoe_;9btw37;kS(a+f-AGAI zO-*u@sIX~PIB0)s-fb~G2Ghiis=X5~P}dYn;dZ!E>W1B)cUvu=2WkgvGL224QZegY zi;?S85Z%Cc^B!wP>6~5$2L}gALH7^#<-ht-yPVD|Lw=p}h6V<&3kuj6qNJuVEiIDX z2R+GCJOnVqJtr^eeNtwygG)^EJ}~b{7M5coNz2Iz5epzlLGxwGC7YaJkC(@*lUG+? zsE;L4he`~V+E5p$zcu4%U0!DD6x^fqIcoO#b%s!&W@2K(y8q}!xptVte8+p)OqiBa zTH^;K{?FgZX7akMQcl`p)V%XA{#8P#`!cx_@ZC6JES#-kh*Mm%DNAV&Nv-Ksj@ro; zq9m1WyQgPIuZ&L7`jvlmJKK@(JgRcx=0ME)1dg|kxWa9!-(;(oY_~O&j7t2`_G;Ji zY<{Up&RQ(5Uj9}p+yHFd)4$bL?_J!==2EY~U_|>&L{J`sQ5%W%RbLySKhmbZYHYp$ zW!cNUC|{(L5xpvanbz&yE%v_*ql!aCz^R?zQ`!?>Ei1 z3T?c;pmua}h56f@*UdMW%+By@L1SfldMwt- za;=4P^^eQCEJ%tP-iD09ugBMHl!?gwy9Ul5HC&Th@6)o`Xri$BX4%gSoFax<=G`2~gQ29KO0hr4KDT6#XQvOTy_>9{NkR)U#)o zU?sTQ+o$FW@D z0-LxiD=VR`kNcg8~@hc8p^>}SicTe2mx#a#IOC!asQDDYqn z75oCF&lZz&3a=-Y+?2L0bgg}ksZQu}TNa^t!A;V0e$nz?!~3l-spWAGmFsjb`|$@v z-p&v1mzOko5UesE*3A1tFtF`|b+Af+`lHG$_TOoY82ogF8%w<^d}&la{6z;Hf2vsl z>20yP+?-`YC(OUo;ni+raaMpKtbUWr{j!R}`XXNY?ZlV!iI%Y?ZKAaXo?S+EZWHgv z)7Vk^29-OvxuaLc*l@X4+-E;OQCfKFYIYeNIzQLN3HYvw^s?f)5Uar#Z{VaPl;oR# zFYVpf{<6G!iIq>!*rK3mZ(P%2oezbCWZ7fi z%&zoim~)-3BQzLxHhks|+Ejcy5$@SC*9`;1_0G`*I!b~fyJ?BJxjA)B%_%?ww}E?C zkIT8Za1WPQL$jVf)A=8@edJQ|knN_kql}2sb&HY^w5Uy8{YhD7(482EAH2F#-B#yR zvi6eC4vbQK-Xai*Tq*lw71QRRGM2=^7RRN*p!p?R)bx)&O8(B#?Ygwo#di<-=^o`< zh3JB?10X&K!)c*fWgw?iyVkXu&9GIad52G-x+%RJZ@3RLSSBENSS8(dJE~NjULD@I zZ@vB1q(^z1-qL2OREAidLF9wp`t~lzsO%kCKV9SUQWK_6rx;aS*T+|a#; zN*}}n647W;#k~;fcwOdPTb3MC|LXc9%I0({zJ+Yj0T;`K(beC?|n z<^qMc-^!`E?P$IteX{v$7JaRDkMIqKR7^qhPLuTod@uDKk^7t`^NOIngi=gj0}-$; z<%;E@yUh)w&79!oY3LK|oScn-8l#O<%!eLK##;}=Y=zNspBV3PngWdIMaP4Zd7aoA z&;m2Yli^IRu4es3Y@_@K`}RrA z))^4kPWIH}TpwjVbU&QD1zH9swMAH`Rf*ji#Y%kd>K|L}kDXcoMoW*&`9UF!6XUDE zyTI*#V`-BcHD9)Ki({ten^jDZcx0*uA^RGQWm%(sWwKGz6pLP>sa8yKZlZUb=)r?m znhZ7@Jw-PxO6uoisS92@H&60@J^PX~#%eIbsN$?3gF>~0(o;QxwYue1FH_f_tzPG< zKmrVQj{nu{gszn?q?>5%GlLV@w^U|7ss`Gzg7Iq9vRXq-HFP1 zUS%5RR$>&{p>?)u=#b!Ax3V8-?lwN}a&^30GsLp>?c7T0I>$PG$FF}&8H|i20x+5Gy?;8Q z=%mgZ!wZr_mU8e-e&^pqL+;J3kE4A{2M0Bz(uumvh;{nybYj$*{Ij#cZt(NHK*$y5 zq7$Q;>)(&QM~pXWhyG?goFL#9QH@1c&$ZAc&oJukBcvN3*JORb4QlF>8V^-sKM=yu z6?Y?B;@uye2KCRx#N@Zrar7&0>IPPPDAri%xr~+JQV{Yg@(jt&!&ssea9z(ZU8-O% zv7X*L9N!Ztv38iOJBOW-!@i+Q_KaWwv<3=;B6ExzqMA6&{nE+zN!N68b^Rz4&!xZ+ z1-jh?SPh8MY}udJ_2&-=DHAtyp8S^-_wc5yi4>Qb(sck`+oi5CIg7+iq&dJ>Kp!QR zA2}eIkJHIVDg9uGo{q>LV2Wb;QBkK~8SW~drtU-^OK=ddEI4p&kG0s$-Z}d*%3zw4 znCMg$+bPc!`D)pL90UFxsz^igNK%$LvZc+Q>kmQLjV+X^P)}y{qFcF|SW7^y#doZo zl)Jthi+_R3e=%_BtiaC7bid;DF-pdbA+z^84|J)tN$)Nw*x<4DoD0cHC(nI;v;U1z zUQ^2k(X)H;d1WFsTGUb>e)W}oWQu$+?CR*}`l$XK)JTQ?bQkdvRaBgpW%m;Eg%68A z#QAKxhG(7|R))V!`6gd@k&L0Q(py?#NyMn#{{BY-M)7yva$dtbe`JySOk=Pw_Ew$kZ1y0iTaH=EMSAbAmo-4+NIq7L%8SaC)Z_8ElP2kmutVUB7}wHDb%@x?hktWrP-3>Zx(LLa_E}b(L-d#N+r=SAHhiKliy?LJKvoE?bi(Sf|5`y1yG?_1*t1JjDHz~*1 z=sCJ+d9_o~#t4A%sV%K)Mz9EK)3?zBuGPV}jk_;|1uqgNvJvXo5vnPvczg1RWf(c= zl_tB&n;LZ8jViJoGet=bWEK>(w<+y4Voo}Y-Jail(vTlvvvZZu4Cd@~nmCkr1j{hK z)Bd3FmAag9ZG|!-KL3~;GM07~%;2zw!Ku*EDiM$sP_!&tZXtfDjkAO7iEO^BuE({+ z*#s?Cp)xB%G}vLamiuk5(#F%SY-T+=cAH_`5sFHW^PR2;y)7J#nKqIf>o+W>tVjc$+7udiP07Rf(zJGsJ*L#1q zN&X}B+3__*M>;y17oHy~woDN8i0LTBEsRut>)_yEQ{SQ)hm?Zer_do29Ex1S@=$R|ULLcuit&pVc~==ugI=})>M20KuxXyq)@}ftfBq1I zvJ`6i-F^+uhKZS(osTcLbN&uh`1FQrV50$Wi*jv~7cas9lcva*EyjAj17mz)fxg!w z%9iIB=*RR?QlQ06@(>6m6IPG2)c(y@1co<4^(se~-d1}Mvqq(NOV4TD4DXV72&Wz4 ziM!3i;|Dvej}#`bs9Rtq?CW{+G*-+VoSh#Zx|w;$!WQg<@sk!}k$ee(PhD3zf2u6= zpMOz$ZTkz9*?z~oCa-hVPaxlISE7}7H{70 z)IT1QO-F0h58T9Qz7+Y01xA1Ccv@Ju(M2=vW0@s{q5aZD#Rg4%OIYxav|c1>b;?-x zc%cRF4?&%|Cz%h8q)38K-&F8DMvDnl+y_l26(@ek%hSW>Qga^ZzFcQ}#Qk9)DWi72 za02SXp7Ub~j8X6SE6y;HSYbQs@BgR}75Eg1Yaz`X$8DXmdjk(0C%DaZBO#VyqgqI? z@r3uU$L zOl31EuB$Rh2$#z6_GHQx zef#zjy7JhMSP*u$YR(XXq7Px|bw>K!ksxy?qYVFo+B zn+Sa{VsMG*{(MuAm4P2MZ9rf5oMqIT%oIMpk9Zow*p2W4>-fhswIH6pe>#(KiX$;G z(G$CsJRhZ|JK0F8_gF;*dt808x4pBo@kdF{ZszCJB#%{Ia7FZF=Mq6X z<{+OfpHG^GRSoNdJ@&Bzao<;sdU)Tes;d7>4`I}i6bDRxR8_TK3bXL3aR1YkWVlMj zl$v#Xy2pt=j|jiJ2Vpp@E&z;WW`?B8$3TzhfM4{=4+1#Z223%S9xKE$x(*rB8G$Cyu zpH=SaEV^{YX`CrbK^kOEn|}5-YWQbsms!Q*_u5xaBRdU63Oi%>@lUcGTVDz`I{t5 zZi6|FAUlrRM`Z#~#0zd)o%YGVzCL`V5b?fV_@1MRgCv}UH5!0Wi8=OeYHkLu20#aV2Sk4QNA_<8WPK|*_4mlg z5h~v|I~xqU5}Wa{FZRFYx4>lJZw{9P zNu)ulV?>#=#ol-hv`$#+;I%!EqXl;bAi4d*@7v6}KL$Sjxfv=^z!XwjD^l`ebcpPC zkZsDx1alOPTV4J@%BF5B#ltGN^L$$&1cRpb zyw~;yiY-Y`CWVgzdUYfIvdP;*VnVJy-~RJg$ntrfy_@jY9Yj>wuXq>f8Xx>{uW~W^ zllk0Cswyi3V=AdY?5L9o57|`!HPm+XuW;62`isu{Ru~48YrVU<=AD-KMeh#D?=B;Y zHDRsn>~5%lwG-?bpjuTA-oLMTgL(VjR&j)8LSgXtoYsnQpd1cFRott<;{3X+_@8j$ z#*Mqf6@TvnlIzJ4{ol}J_PhTin~)b3F#NwS-2EoKukzPV`b-WDhavk*x29K zg3cl}TyOYw*Zn`23m14Iy^vwv=aYiw39B4J|K}dVAx95WOp7#dnA++JAtgk0+Z(cT zIG?gz#$|h*bhP`$6(BmQNfFpPTfrPQ{V6;92ld}8_nd2aM7a?QbP*N=m|OkAhKMc_ zEtS6cK2IjF5~>$;2u&Gm(bK;vG1Fw!(4{NMRNx^XbLDQL?DW?DK#4U4pe9I{d0AP4 z3lF#kXu-$W*ymtzz^eF^&5&P>`l-d;q9-YI+lsFEogH~XnPfB*d zfPgjfb6|ihMLrOP5?ZZX6RMkB7p(N3=22$24%gDdAwbm`kWF*^*`6{0ItQ{)Q4%UC z#v0mXwxHwO2eFw@_=xr9&6_!@b_+ZNhK7d7sDA(cy%s7zn;|aaYN!O#3ZOg9&6&WY z&O_TDVeG&ORUr05!dJb$JB+zNdq5Q~*1TLj9{zk}NUjWA6lvOW*9}A-{0CLeZ8TGx z0$-}`cKUla0}0U&NoDh_x^jChK4u`XgF+^&;TKl>IuC+V;THTu;;F(fgf}ZCf52WG zSG3X~0om_p{^Th6#*G`d-#=Z?$M#lFUDCtUHB-qlGc#{47j+_p3p-nV6eF-ZU`Xa) z>r#EF1N{OdLqiBkxLlV-VGqz?n+gL6xt`p)_uelOE@^dy7dvNz^+){M-CbuYk7YI> zVi)~H_hyRqF4EeJltH4fVcIS(E^ggbU~h&>^%=xT)tL~?I=+^fpHGK571@ zBHH+U+pLfyj!u^H&-pD-jeLwObuYHTZL4jGq=RS)5Z}d~Oh{3EDk|DaIvWU)4bW3I zp7?A(`CeSSkjl_;S?-K*1D)K8>sh(BZm(@OD?U6;;4ct_LGrg;FGdD1OA8CPNJ5^IHPO-PYp`)~ zA)ys;Okkn|Q2e)q38aRV>`1+Y&@xWqF3}|TJBVvz*h~Nw_B68x_&VY72*h^_zlLuM zLSLDlo_-q^7ST34P-qNm>e8=Yzii=*G_|xAS68vc`Ot{|MFQb5?R#RycE*lAGsLuk z>1qc($F4TyV1jwYXuTSsr;O}H= z7(MtC5Lsfa#6+T@tv!R(YOk8!?D}LqyzodW%8~kdzZ09xwH}TZlcJF_JKugiA7nKk z?aeS;u<3Yjyc5z(Pwx_OTc6XhhDExwq=N9>TUYb}tAIX@+N)Y)1~R!9uB4Q@_#h4yA^A^#Vy5)J<*^s^jZTJc<82yHIuC$T095RqRE3xLTI{_8=Iaz4+nO997Erm?#1aWG* zCsOI%W-S|IYhFW)ul_FKk!7WuvT%Ju$@5FSIS8pl2q;X^hk}AK#hS+rXCq6CHpBNF z`P!j3Nv118G66xCRPGD6A&}r*?bDl6qx$-NTMP^679D`G2f(P0%h=fNk#pGJG#>NZ zlHud$w;`{vgNX>@i!m~cftdw0Pivz*W39MCnx~(`%tOq6ol0kjX{3q|%85}z5_c`uI>=|iV z7`<@Epx6AoCMSSE>@KryueC~u_rrOzcyC1(m%Yr+_MGP*hfIC`#xW9A zgw}xkYIk|CK2lDoJAFF* zE|EfTF4V)0&He)>C$_zMpWAA<j zlE+^jDUU=vExD6zxgXoz&yXGo?kX6yAOxp@gaS1HMJZ9PJ(nJ%YhYm!3>7!cb2Lef zy$uryIs_K>0+fOWa;4vi7dAA|$tFxdY#yXGh^l~y4kI5)Q9=#9%0mMJV~&|dJ_~_u z;GKZ923srOrcY6fW6nc;PD6-c4$P2&l6DA!-MD$v*u*5Gi^2h*6(UR`GZ-c-IEsFG zXe73YDmCxPs63E6h43H*4<{3VNekgG>7E&wB*=m!)pdOZ+Yk^Tu~<`QWp*?wsx=Sv zcR;0iXlNJY!%QCT?y6N%X7`pUC@9h({{|sdiJGp#!IodY@BtxBK?oJBLy3=ZvYE(< zKMALTq~CkU!5WaAkIN|d_N|67|A(kha;7>HlHY`s8(_yt2-Dq*Y?-KF26Jk-L=t@I zj*jl3At_iCkQd_PYt2&1EIYv-A`;Ly19-!K^5l%QkzT&iGXb1 z)87x~yU`sSt*mz(GLaA_0<`j*V=p4mSJ1e1+!?bqKp(8s@jaih2yu z3!wTCQY03i1lRS)W-BA29Yd!DZw~srVpap99fQyctOUlsmX=nU;>MpWC1|cN3WK{K zsR-8zk@RVJ9uUB1YO_#Ag@%Q(gM~WH1BLT$w9@4a{~ zK0K5_me_@bI|1O@QU(AHAqr{yX;Kub`_BJ4M@Ef@02S=r0i1ypV!H{b4pr#ZK^Luk z4@(#wIcoWZ-@iA23cN}dtraaUlx*X9{$_LS{FcJM^2jh;p;D2UJ+;mO0uH8rK%_e3eAjKH4-FZ9+v;`qVcIGQ4@o)|gl98277avFCz@##e6 zCrskEOrnB5KYi9`@Sx$vp$SH7Pj-_N5h`6PuK!A@Q_)_u8S&@JKnY_3$;2#M>I-u<+Mm5*@ zM3*w#$3)Y3O238#gzR9vmQ#Cm8`*v%K@|g z975Uv(C{x`wmaOlUL7eHgGoJUyNsvg((x?fER7Y!;$AOCHCc5`qroK7ULke> z7tz<>54qTBIdG7XPgvWVw&nS4QT$Iv{&?9GLOKLD`5K_(Kt#;c+&qX-2!psK@(`A_ zv6%km$HyTO7QFYUQL@Noqt>WbAKYQwBtL8wInOUcz0fs!d zp)fiRP*ETGt@}V1NbYO~1_T8OY6i^l{q=f6$;=+)I>D7fVR!P8#3yz!84Cez4M<8O zUOd^&o8tNXhDC#BT=4>1zaAbPR-f?0mdH$P=B->CuMlXoX^L4u>WmEy|6vY$V;+Q( z5w0N1lTlMY$?Rc+M?Y9(>IR(p{oNoWSYTpcAnMi$EC~h-0hPc{fUh~fdfq;!fuu6D zW>7C8TN(gy`E{8Yf$fC20!TC(sWpV3f(l zzW(Q*x@%Jf_;m5@w4mElaKEs{9=Xxd(ZOb=WHi@mKta);d0#>yq-^ZVKUlZHp;cfo$Si@54a^Wx`gh!+eSMg>DAr7nrDLf+Vn?Ke0?ph%XeZdG z@$POAAgO}y-#;s-`-$FWBDn8XV_$xV8V4HM)YOC- z+e0DEk1sI{Hf%v+3)$rOMEKyU%j(GFRAa~w%v6X+k{&&A8SI?^OWllv{GW_1bbdGo zi{dzV01g0qu^ZGU@7vpD5U|*fRw-c{w{&xhg>5Afo%0vZo~9J?Br6*HdW5JHCnna` zp^R#Izeh)pW9uYyRS_eSAV4fu%)D3=js-{v=Lr`-g7S)o{!RoNIOe#kTiRHve|4oj z=|b-yB~u?jxRpkI9GIK?0MMnLE$o!h$#+55tUrNc1OrRC(V;h&FkOM?X?&v3l$E+~-(C^hx_a58wMy}c@+9>5&4 zFGo6^KI?=n&xi7_CPf;t=I*7iHjxGEgeG}W8jl3<6L=l`AKiMXnxk@h)(1Q9GY7ZN zRUk=c^0R8rEJAtV-}KT_QppHtR-Zx9p+3Ph1AT>L8!5bSDrj8WW9)BU zbnFH&@$+XOd$m*GcId;uS%CSNb3(~-SS^GUiP6UN`i=D+L18HaJgmZs2j>Mj^EKmpIU>>4* zDMaf@Ja(_8X~oL5GX||TH``dYcJh6077hM_o(eWLPy>iBYv}5F(~t;W{MTB6{|-~N z*%qqiT*W`{1|#Sr$XFyHf>(vVt}3rsTUprx;Rn(OSk#OoE>5NP8@QoAob~hg|WOb9$xzg&A#m-j2SQhfPulK!y{< z8F|4?67tWsU+~?X)Wmw5PtxTka-X^Lp05S)1w%@9T zdfjDql=dca()J^8Mt}rS7NuZyr7Nar=7LKDzzw$6*n>iVuxcPIA8xI!M*pc?bmW8A z7pODAHa`Gp&|l!zz{8JW(KCU~e3?C2XX8QUgF866<4#Q`{iS!wYZ&EH*9k!iE-o&0 zJw3IO^W(XixqusFnMe%b-XvqUGxw~iImttbLmI)Ag~0>tWOmjVGDEiI+UiUskRs_a zQ!Xcf>04aPDTKus8Wema`YB+s$|%(_#jH0{U<7+50-f1{Z5oB&zCGeg%*e^P z1lM5|F{aV5t&yGbFcu%44_T-LP~aOB6vI1v|$@OWyM8Ne54*ia)7sRiBhTSh+SDzeKtCjFH8?eDZKyaY&$$sa4Un#1wzZ&b5&c0RzvzH^jT@IfcMw_p%uP3~7 z)AYvjAz4mu_IIW69A$G#?uJv+nta z?rnXN>Z?4->oWURP*97ENMy$~C>qG_7-%5P1_fY_!iLGAJA(58ynXekvCNyfpA@rz z-x<2Py2=^P$ex>|Ymd}{P_`a+Ru9?GoZpXNGI;U;vH_LZ9v|!oFYMI>RB?qbJ@gpx zko?O#L|pBW+c-5v12~%)&rew0HSHY!%X6$}_#U0(c**eYg4CmP7_lF|Qt6_AeE_yX zA_B<%{sq^lV`#W(UHbphG=W}1ghFa~ZWQnmv>oWujLB`FT2s3oCBBJXMbz4h2PdBov18~@U1sb1o&e*xxVgdi2KPnhA+u%iP~OYIS$i)7daU{BG>J43 zRx%^lF$k*?bvU|azx3xm@Fzf8kamVWz@;|h-V=60_q9tjb3qYcgKg`OY9R?((dhfo zVg%aJ+46P|x^<5~KnJ+uS5U)c!jdp_Kt*q!-hkL+Eka7#O~fMZf&vBz_J_?Zrry78 z&%Sc>`}glSkgXXQ839PUeDKu;>mwOqTR93o{#7cx{|xKo7DG~5sfdQ|?uhO&%$F~- zAt^D{OfRpkpLtLt`$j3!w}th}nQr?>8d248;q+fe2Dd$?n=ZpnuKg#r4FPKT{a~8H z_<&9PAaKnU_v=nCbftMvQ3O3kq4tA16?`VgA{?`%-; z6mXDcF36Rz1G;(E-VQngq?Mrv0HM(L)02nV!%sjg0T&n^reJpsEJ&ETQ8&_%eaD!M zX{o0_u7!|DXiNgQ_$W;a zGy%N-%DT2r@RYwCQ6M1=gn`30wQ|B^@9OT?UZsgX{4gWz%fFueNT`%s{?Ml9MJYtB zYTDzG5S0ATck~WlWMm|)6GN_eU^f|vRTR$np9zV3=(b!ZIg_1u?0xHmN%^G&!JRWT zBKpJ&rv&Wfv))&~^KCvaA0yUE#(GKmROzd)l&V6(i#Cl0?_n$%EBri(2I2{l&xcP7 zvoU&eu*DjASZ>Q;JOTzswx)xi^0QOU8PZ4tatugV(0mcB{I5;#%Wi^_5$ZZR z$QECa1)#$Mq(XWXsMByG_w!EJ8K0=ML_`hnCOKoOP_+`Xy#2!12CS!nas5$rj%<&`Y-;5_d z=Re^-o)vbPA`GQe*PL};Bj6oa#yS7$p8n;5h+!1E`pLc7j?E7zE9G$@fd1>Nf)Mov zY7Rbpw3M?LFf!=Lc3`B!6I9pG*#Gk?yVs)8iVMCbrW^z@Xu3^C?DyN0LFeM}KH`Dm zI#d-{1;t0|*+E|)NvMRc5xXSB@N!kRLTx;KO_RN%!DsQxIbE#z07NU~@34mfHlM~O zCc;h!0CrK0%&Iv%s1V+gk`nkHo4X_-b`W(!(tg0?Ry~e^oAWp=5d(<$`t>WTu&^AE zbUEQ;j<&WoPJ^2yPBs{sv209ndIF3)>jow)!L3~>dJta5t#J(%xsm#)=I zCdxhmO@4g8!v(R-Ag(_R)gm=(&JdLf-5j!#8^!rvP?oiw#=Tj8RhZZ7uC7e=Ed~V` zk8{rCZvLOu2#CYa$hAEfQPIDNAya=hTzc)1hqgn_Z~IUur-z5{elh|dAE3BIKwwQ$E3ZVGfXN|&gyW6 zB?q}(xi;`B{PVtw_dh}v==Oq2Gs+y1qclDaCoH&|5y&_2k>nK^igl%yAF{3%zdb^N9%~(%%d)Yf{7h>J08l)5+;DDz%OMpuO)W|)anm7 z2|6=Sxg_QEECNvxI62ya@ipd-eqhXq0ecTb2Sfsc&+1uJ)@_@$2cIADWI&dL?{Nx& zmJ1^rvgUxc;BiDrovYFf2RFlt>z`!^tQjO7YH!SK7-X#jFA)>38WU2judj~-w7Kg4 zVehT~qFTE*U=;-eK@sUtL_k1Vq%n{#5s_}`j-g9LCLr8ab zziT|-bDrmU|AqJEhx74sJ~Mmv-uJp!T%C?Ypqt-jvXN=wQjA?{Q31l16mZ=C0B-8+6(`3BxTgh#96G;(uumaNXz_A$>Gy`# zB9xaPT{2YR7KMveQc{AB(;@3|$sc|i^DJE;_Y$MWt-nb@JTA!Lb{b>^_%e~X16H0} z*?It6>Oy_1`yjmw6ji$5#cOi_cdN2b3MSBJW}Jj}LIk)H+u{E@ln$lnJpkuRLlo#> z{lio4Z%qH;mDkLHUtRRo9}$@!pPa0mtRCu!S9sIOME<~Wpm1QB=jR#AQ;9SjDQ6m{ z?6}W;Ye5cBKREpUSM#8b_27K@SLVwOTgIm-PBBfYt(JLy3w9`XnceyFK{ZPi^k2ls zY=I&r*1hLV1`!8}NiYe(smyPqQ^6eyB{Pu(DQEWpxj{AiIk+D94D?w%#ZuRIlRNK` zUWBp@hf^8zJk9Qbx(}vOU*cydX4YBpPaw*{LSXp;=!Yy2`cRPfa>QPWmaSi3=Lwa> zL#hRe;JDqM}el1WN$dAq$3=0t2udvCqf|wsv;dT7#j|h;0R40WgN3QNt)R zc>N1tTZI4-=$kO>uPiLoEg{%;jyggbp+uny#fR2WY-`5rAz}DpwCq(#I1vlU3&%2y zGT`I_JjGy3d_*EI7YxY59_hH5it(rM1v7&;+ivpA?XZLC04N(g@v2_~T^>z?TT)%M zv9SR>$eceB;s~HVI~AEgSLcamqziwR)Ax|5MoUu@5fIXD66KEWfYr=Uk;x*h^w3bv zQ)i?hVw*wnzCcJZl7M0ekSc*^s1mcjn1q4I3bVd|8xP6-TYc0{tX#UT_;vF3eRTCz zeL}lal=@V05!tu9AM8D&={sH6{QSMqgZuiircV{m^!a@nnm*Dv(}L42I$Q;Sk`VK6 zC6B8`Ut@9_^N|My{aLP7v1~MYk^Z&Me|rhW5su!|TJLT;CAg<<>9D%@szSYym9ry0 zI$Y-jFDdcg@Phk?NLVG;*eAvBb|S2p*k5?DQ(qf|UE1Fqeq$8$)Q$>|B2a9(9<3LN zt-a*%Zcl@J@;@03JW_4cRVOePu=`c=b6v_w?hct+}TO*o)gP+Cn>ey;dr4UG&SGMygz>FzfG`~+4bWF zH=5?m{1j{b296zqHZ(K~2bDM;+-<^^CprX| zE=44z{qNqYOqsP)VI%OP`oKZ(dMnU1rQHN4p#nW8=nz2^1n=x5Li(1E#0{_+Dx_K~%o*WyYe<6ZK#>#bAt;Ps zvq0JdDhm{Z_%uWWP&OJsQw)He`K^P#m-Ca`4%d}EnzkMO%f8P(bd414vL3#7gJrl>Ec9e<{-8j=84#GhsoG* zzi5_o`^zC11&+q_whYOZyFZ{@=#dAJbW1MLnrKB}{ORVbcr2O}0P8wK6DhXdcU%E& zL`|e*hGxcql~~@)zprn#ab4ntVvL`{9)`@#ac3WoZUs>;h*+cmt}*aIM!a@(z`g-R zhXE0&S8?z~f1VNWf5sh3I~TU#{-KD$^klyP9PNM(d%KF@^1GP(F2VHn=N|5QL9S3c z#?oEj7(zo)yRu=x=eM#?ypiu7n+e#bSt1^seuMP|j!3BQLDrP@qXp%Kl~EM&pI=AFT_ zFr{D3tn(|c4`{a--YJEfHe;6*0xlf8N^GiSUYt2($^F(8p$!-(8wi#vS#4?p@*Iij z+F3VbNZgZ&ATiNOqz@jbu)I{xC!FyFveoQbDHy0&2G9| zsa;YFj&@I14_h+Uz5LxzL45~5NLCQ!p8k+O>UJ!rGJEuc$WH1_ z^>#A2@}I7k!>AF2JHxfJ)YK1IdsubD1O1M5e_3qdWygz$Lz2HH5g8r*{IF6D_BlWH z_(by5*B+`a^^j)aXNB&fuA+C>TaZ$>D25owlpr|S3oP0x3B+@fs_W{UyC6wKcvSPK z+={<(eEs5-iun#GH(o4~4d^niH9(DRxpHZ>&C+)r07eh|_TKya(w~1ixi~{(3L*Mg zmGv4C)Iq_3+PZs`?Pv#DAYs9P82ZzUpMsLk{mT;zmrDV+KB<^n@w0JcZup%r{p)P$ zn3X_OIO=gVOD7&7o?>Y%+6`mmEClav30D)tPWfBaL}lLl%=Tp1pgssf5JZf>5IgNn`T8uO}ahWwQ^*<^j2 z)Y6h#!pOcQ`l6)2pIT1fn!gb^{qc>WkEJt3iIEZoU7xzFKJ=J%nr$mmB2`&I`R%(l zx@Ni;^k;~&2CA+2yL+c+cJpqX6&kefUy?29G2?>?fN$TCfY&w-)iM~}BA^f#kYu4T z@iqu5+Cn>*MizRBS{70H<9X2tdY(^gf1{h3-evZ#l{_vXerh~}4c@4(zy>=l?GltY zst*e8Jk3(;??3Nw&_S4H7iYyGh1PAf$h$H-`ym}2>X1=8IJl2c-t^t+?8DY|>We38 z-TauhTWMfYQ0i56KT&~*KH+!$OlqBB@s%)%I6d_nq+x%=>Ar%!&aEuGoUFdGWbOS* z>t=_Sou4s-OoqGC>Yaz_1Ay5Z@=<^)pKe;u!p+#$g5t`D0+6W6-ny3v0ZbE3CnPjD zw=`E{$h|_%$DgPGE@A}&Dar;MO=lvcWq~w-%nJKfA1xZePQSG$i+k5OR z(s=EH_fCh$y4Uk3*PSHaPn_`!*@;$e>vSx~{54e0_`rh+)4)*5p@dJYH z9_|8MA}qBs|HP;i3b5%Qno}HSPU~NpeSad1z)bvUqEiDlg499*CipW&&=Pyy1;-J@ zO^N{VtYUl661btKV3h$g00CUgO!N%JY2wb?eZ0f(^bR(tA=n>g%=WT_?u$L7Fm?E2CJYwhw}V0y!CeC@1O8dtI(QCYc= z3$0cp<1`sr>E4<(@Buk8qiT-DAgut7rm9e#$BfuyQ+J?%!|ol(6rlSEI9}VLNW45* zGOpqMY2ZB<#pdSLcIP;P*FoPEQwlDGq?z$qcR{~3;?SF32(5TQpHsWy5esR98P_uP zI+@&)@4DqR<3E7}dQs1k%^&Y5uAPZdrq+tb2!-XMAl&srLhpCki#VDG?tN}f1E>k2 z!#agUdv~H+-nV+NF+ZE*gDqgj_@>>Y&Wy)lY7i&SNOEP?EHej1a3M&QwcVXd+RicR zMdcxnZg`@pQt}5?_NSxFZG#sBVDOSu?&Tssb&zo+kZ_EOqZS*=xuf;vJ7cbl$&PUNw7Z_j{%>TAGLIs$?(Jk7FfXgS{FIqu z$k^H%4^m^77tG+hVYMJj0P}JAZ1VPpA$!g@!vZW^4uUzn`N4gB{={e-Ar~|X;!Q&X zQ=S<}VA;UMAx1&Z2?BOa``yoh5Q8gi*LW}!v_GD@4+s9rTrn0Wo-+m5^<*UI+8$iB@%&O#^|zjRRTHY!*$ z-5$2km;3XCn>$@Sl+{xXhCGz!zo>yr1@?@e?q^c>xTws9*wfB2SepY1lOKKa8OZkV zi`T(5P3!DrGZL(V?|S{nU~updn~JV~Rc8QqXOO3ESDpkA8+e;FiC0*c&(NA+NRjUB z?x}y^Lm%ql?|ou@A6WB((wUsR9MxCX4king4A z%p2mB!>B+rOSMJy>vM}DAxZz! zncaEAR95^@;+gX$v~{$DC{NzNxA(Hxv~0EX3{)mHQc;c}0z`pe9tWNmGH%#5cWuZK z<)M$#nqXBlkz}#052ZW~zI%v~hP_iX1)9_5wo|ti9}vM*E$>ZvC}-d#*GR%7@5Hw7 zB`Qo+Dy=*_N@$;w&g2EE25U4c$%np$wZam6!Q}oW{;4fsS&T`)H|BYgr#?hy|Dg}I zFQ^uX$O{^0shSww`oi7`wOO3JWRfC*cWOA~4Xn{7w@PHdiYnDO-O;*x^2KaLeOan( zxMTyD-c}{{7^bBoL%X{0W(zgp4Nb|Oi|uY6|H;$M>nM?Kzdn2pd{DFMU+|kuiJ-~` zO?EEIP**hF5Jx77K7WG3*XWB~>Pg0|PfArKkzFj&1NDY$*K%qyVeARAiXYcx*7wd# zB|p8ubc?8*whAMaUMjk-f2*YV=laDgr-YuOdq98$*Mg{`k8KT@N?FPHx5NvNg1Wnu z<%N8V-{~8KZLJ&hF5{nov$NTx6e3x<)7v?BL(3)@OvQ(gGO)p8A`n01d2^J zr^xJdQvCPaO!yNiX(;qRR1rtZ7O@@TLG}z#xnLX1(tf#YM$5FxTRX-xUj&@T)t*SF?_skecBA2;mRnsx=lH35P*1a8Nr-HX=1!pgRX-3)XzQ-TZlgUsXqm9d|_1uk!H^2+cf16PNl70XwExpHV}u6I|!W*yhWja&(6dvnf}zK zUd@PWHc#^|>|SsIRG|sU&xXvWbhUM-YwKGfS(}?%uAVSAaC^B`S;OdXW3y)O(htK6 zWo2h39o-;!)~j62?vb>0A)g?Sx^Pw~R|CmMU?chHeM-mve;7Z39>mS$@rat`86xd+|Zu<<Zjp4Mq~$xaYdgzi~+pyOZ@WeApx%a>?Z858dK}ZV9*|kgsDhS=cIo z0WjZ|XjYC`|CH|>VYFUUS$Fa(^J>ax#2BL$yRG<}O&r@e*`Z-vJ9n)S*b^lGVH}4S z!T!`Z+v~gGAT7xB;u%NN!!gCBe#A?i?PsX=XxZDUtkER$Unh}6$<+_{wmw$hbsL!+ z87#(-!|zL`$5@KHL@@@bluDGU)U4PJ^WI0QWaX9uCxM`2?nYF5etxke3n?JMz_mBC z-Eg$CItw0|%@^`TtAJWkx!ced*UcdacH1Ey#z&_-_~5@4dLv5}__q>JciNi=g#KoN z3eq7o zQVpcz^Y5f$noYxikOQ@uc8O~cc)$+xousEl4nM7Z*R8+&C9TFZ$?(>F>&wQcalet$M&h zQv)LaSge9&HtxOX+WsCnEYQsgtVXUjR4yC_b;NfivkgSd%FG*Zr7f%vSD z0AkV{Y^nb|zTipM?Y;dT@HXJqdH4i;YjQ=gPR!Mnc56IocCY!X!s`N=AlgH+^^VO^ zTt?^nDmAUBZ|j`IBg2=@z>TlLu2f=Tb-n$LN9b-#d{brp#H-ODDYbf_#Z5&BK*=&<0DX+4 z*f8E8!+x*5OD0>Q!vV>DvudQ}eVe>WI#n`&giR763w7ExkRN+J*SD9T++a;kgOaSW zk`4}T$x}}X4ZTsSosup^G_m0ZofQZ|@a_d@5zssXix}8D$LetI)96gy<{j)n)Er;l z?skrs)p}8Ua^lQ(viZj@3aHDzkzFcsPj1I0P9`jqmnsg|FHvmb8|DeDRPLOH611RM zLdk_3Y{#NVl94Jyopr+X$Ji&R4UkU(Kck#osWanJ{{H@g)W_EhSD|w4==^<3RCKsv z^W$HT&RhtnE8O#f-p%0QI;RL7SCr~Mz|olfYQTABONXLKsp{BC%6FNQSH2K^TK+1q z&wlClG7;}{-?{II<)?cLoM&7nKWy5^Q55Ul*3D97fDA*LvCHfi%mA`2r3qVX31vCG zd6f26HiMz06wtQxkuT4(`-18xpzNV)$FFPNf0FNa0Jv1&VoC)o*<+wNFZ4U;OITu z^~fwz$i`H%04DsP$`LinuAJQmEMFQ5I&iA2j%>GO071&lEtFtQ{+v<RwiV`5zl zI(D$cAg&Jp!qJfzh!@{x{MmH+Inc4FLa!<@1~HRZ*}MTj01__vX#>7xqHMU5Ch}^S zM7*9hAXitWM@G#a7v`-U?&_u3ii{%|iN@1Ot}W zpq+^qU`qRP9chR94P>}&lx$}Id7Gb=~M+0+;u7|2UPE-D2#`O*}wc{neqR>HkiVxo~2rh$y9@xfi$(OFV8JWFT(6QX{b9bT35LNAsgH&2tH)#;UP@jEJDJZO{g%C1CH>`@6e7z>Cxq2+D%dd-*F;549Xk_=8zOn0D zwH3sc9!w=#vPqPxj{WXufgP~ss(EU5o>0F?6IV+`-O*Mg05||*z<3ZN6r9-WpINU5 z%gKS4gZ<`SR=)Gv0g@|uemStdg{{@`4GaJZ?-v#kLgxGlu(2<%Kl-v)e;aZ?zc7BL zhQ|KVE)=$K0x}U?HO?OoeQ-$i1vY;PNTrC$2V*m|bJ8BFgXbd+^BfmlK?n;100&ek z2O{BuTeb=#Fo9}V6gRiBWMJSHZ^u|h>nc-FySL(E-9^F%9>lU-d2GI zwx4cJW;Sp21}6D)d3KaBYyEl))p75V;Aj6MFEeKxt8{6}dwh)%5*ygM8E1-~=75Ar zHRLaMYD_a!GJ3iniBzJI2M;04LIH_XKHno+caD)UA(RQ~@RVhaQ($KtvDX0XPalwo zWK{jaa$RoH!HwTvOVzSy>Gw~oT9dpF-R7v7$}%0-sRM=oM5`T$RuPYDNbQ~`{NjpZXV&^-bn}Efh;r6MCYIDI)gw0EnmmDbe1@NOH8S_diY7Y+?AW+x%iM@G) zpQp+0@ru4j=aTc{wi*tB1-1cNQ3{|gc;=RQs*`ZEaA?G>_Kkz%(2$Udm9iC9G7Qr| zdu666pK!Jy!sSyyFIx^{tEF7=Y4n;f{T0HhRq7fp!a6Sffn5Cy{OorbSK^xb1$RC1)0A^jA>B$05!I`d&?R}5 z2D#{8L2EXlvaR_nv217YPQxleJ*hY|TQG(wGcagepmCZ%u0SAmN($`4HH#X4m0sv* z!_Yci!OUC&+yhWuT&l78Y7}bRQkAj6Et~dkTdxi3{^HOnl=P2@3cE3p9JE7#oq#7- zft`)X8<)|OcUq_w$e|TP=#0$luK1#@!h~JOVQ2xSpzP)XE=k2SiJKWY1`~@_z#(P& z6@BMtN)mj$tD4(3N&WPFv$AAlGkEqqcPfF3)R83S%!Ti()(XE&y|@{pzk(TY(urL{ zS|eP_(F;}EMSbzfa~(H$3H_gi)eZ1&9L^H^Jjzp@?x^*W?>07a1hTAjk>)KumesW) z>fxDo>u#&T$#plVHcn>gPkiA~7TVf7oJ=XbC4t=KBoweD@N2%vf2rZvYJ6nuw;NrL zW^yq$IcUdjmiqiz>C9(Vwkwbuz<3YHWk3gCL%jquz?)f~lkE}w!|z+13)&uKa+w}CC;g$m#3^=~tFVw|^_GR=4uA`CT?|5?Msj+n zE(GGpBtmp>$drk-QMz!06&Y$NA6*b^BpgCW4EhfCpMKT)zriPv&Qt*&uVI4NU-djL zWMsgtCcI3G(aVB zZce@Z^VcM^G4whrd1SFEV`Q;`g^M6*?%sFGxw~lHm4LUYnHkdgGpu)Hv(1e8pHqlFMK=4t ztO56@i5$_|w}NGJMZfE`-J@*!bm1&}OEgctN|2p^1PiH9iC1Qip{Yx_TJ{rmvfDI7 zFxp6LA{6lW=9$x%QU|O@NZf9`TNv?v1K??zx`;Z*p*}^IP0_$`>(4nSSkSm|bzOHF z%m$qN(~h)ZUN+`w?w>u67f;y!xqY?sim4KYey{ZC^NnH6RHoC}TH#!z7lAqSMV0OK ztB3d=I`umXi48{FHlsS=V$f3p?psC%awTf1Z9D?rd0?kp^2y!yNT($Kzf45B(7~fT77A5eh$?=7I0~X zfQ@ z%)@A~Q@u3w3<>5;YFycQ#zI=-8yc#xsEb;7tkC@EVI&;C6u+4^;p1fdTK${WNwIbo z9UtZVB1Zr4%uVD=jUU(SIg-Ss7#&JXOrT&Uy%>ohCn{cAG%2kr`Oz><_Id7Bv^+`B z>#V-=mqe?IvnUOQKYyv+j@J~I^=77g6Jg*6VY@wv@-_cWwYs7EMSZd7&7$2VRo86$ z`^_z?QTbCde)m0ws~@8?hE`6~pUOtxo?xC6augRC8XTNf^4{ka!2nGr2{q!Gj-A`_ z!+(%6(`A9;_7cOfJ?iSdA#DMgy>nge^{X0x&DUWQzXcQ_XwTKn@R}8AQAoNpOf@xe zfvvP7t)U0&QFI#VKMDnqhK3F-AHlt=^xs5hHYj(G$kLRrRJrZ05~-ht*;sWAEnzc8 zI7fikL=al5P-rbACW1vaNJ()iM5$$m&Nzqts`6CN>;@brFE6hi-iDsXgfn~c%LDz+c4MLvI!1})(ZQ1*oOXf zf>`RxZ|=eVAwxiaa?oq;F8m2@o=t-`sDYs&m{&}cEC7w~4RB2~f@CzA!kH!1hv$G5 z`6=>(P>NKMnvu12vO~tBJ-VDEu6cFu__#Ae{NL+K;P-uM(`r+A>ue^4#ts#xYXYnokJre}DQ!ixUA z9Kfmo@6$9cBL>16gPx=l8uI{v28Gxc)$9`M*yd(?mFCIJ$_BdSUfOUMJz}`;VYFy* zG2*=XX|Sm^*O0CV15iI`4UXlYEwfFLTCwK>dza@(%^WcU4k|PX&iW5)bbrSp=jIV& zXq8;^1R(sp3B(T)RV7JN$=aqHwb9Y`4Q*Fg<`}A5xnJtJ#zWqb3c{!ME5{7(pO<*$(31R{bh&mpSsi9MZ>F49R^0C(Sc?*zRB=I3B2WXy|BVs7}Pd5P27nXcLNSjqcTm&Ga($-~2j}snoOF-X#<$h58M;O{6Aq=3PqNx_V*N8p{wz9F_X!P0Vg%KGA zc9INp?2t}LBUJoj%5h-zkwF3q*y;UHo5!)LJk5uPH1Hl8!%$c^bn_PV{W~vO+A!@r z0$g@1?-!iP{Dv{3Uc|n6T{d-*HtiUqXxaFK9rETW*p7#Y*(T6h}(>4%hW|vOj3hw0`8*|z1GDph`1yQQ+JaD)vx8A zLiX}5Ky7-2#T~v44aA5D1BS8HTd}hy1%e|dzi-hr8W_9c1aEt{`CZ7DpW5q@?I3u(+9+;dgNRXOJ?A=9T3%gybU<*xOmcxkr=l9; zeN1#|XZb48IheV*O%@8;Fiq1NVE!GcqK^e=4ADOkn*VSCfS%agd_nC+uNi6(7wEiO zeYh5!Jxphm>vE)E2H@~;cn6q^jM4JrZgg-_C>9@yj9k99v!D@1NDPIdx~>LvqoSHW zxy{wLLJv;qNR;@}Ie*9uxp{cxGgPJ~Ea6xJ2F9pi72E@Pu8uwTd;>yz0i(7C_Y(z> zWMg)3O9v<+n~S5NpP8_{U*fSsm#i3AS~{TXt2Ny*T)w!tXec^nGd%pRP|NgZKD&Ik zRF>*z?e8$#Hz%^WXRs=8EE?HNTBGml$}Y+B%ggrapFhDY#mVamEWdQ-v1WW? zI~aF#S>(&#-ke|9H)C{C=L14!+~q3e(3J0^b-QWYd2c^P-*7m=c>gXvKXhh!)5gQc zZI?Wm+dRQ!rFNrPm((ZWvo#E_*P}gx**WeS?U(bu((YUO9=vjQG_3w(QbOXn-`mOM z{o8~=u1RBKH#?HzGrQ+{5#?Sp98l+FA$}cErO)kG= zW#webaxX!FCbNFA&584rY$PYChL)D8i%a-GeAcbuFFS&Y!H@EO414U@3v*;Dw)61q z%5<70Oy4r) z%5%!i9l#Sp-|%p^h#ZJF$LFEc?z^4X4gnb_Hx?b61FGz9vjY5tFhJJuYf``z#$&py zaM|OY=jravryMVurX6sJzp!v!XZ5KuyD#^P(=EfbmbM?F9{?F%fX3a*OR{eX>_J^y z)5Ot|8nZ!UvX(5$i&^lw}dFxxIHDQp9-K(uVM9pkG}K9GUqOWdwGj*yNs zbBY9Hx)(H3J8a5N+9U}nA!Qh(DM$;n7UqEjIyVh(f^z=7X9)U*Z;UAqZx7-pf2^sgtUblulTjEvG>KT7krbFj4y&+fD7v_Zj4)-cnf)O7w? zvF^p*@uZ}<56Udilj(q){h7rGL8~4?1KDz^+W`?2DczeBZnWch6h`PqIBE%W%xde& zJEB^rN>Tlnv3FaA%xroric(w!1mDT<@`(KC?d6AE{fyN)HYS$sxmBas`jnPXl!>eB zTTpkbtrh*+V-qJX!uR$i?d8QM61YFbzpha#HW+dn=Jk_bWOmb!Mf zuK1b#WUpoHtE1E}zu^(~W*0vfcLNhNit%tX=A{M<@JVqf9Od^bBo=MibYINud8LN( zUpuPL@b`LEa|-H>HP<9#5yd=Jz=y{QHRC>~UYfyxYRK*YW&|3Q(TQkH%RfP|-C?R; zZa5*Jh&9^ca`()wWci(kXNM9Wvv`__Od~|u@k5*TDT9}VNQ(v0nb%aE35b9oI1t`ll>;1feE_0<@`Zq z&bJU0 zx}$nHA%ux8m{*v$ojM0y+qTIU^n;n#^;(d?Oh<}|hXky&fL%&pFbKjm)=_3}?^y>2`X!l3DC< z?_9lzA0&B;aoj#8=0!i$w>BtHofw1rsn~01XN9n3k2Q5#rGH)vLMeuWEkZ3Ky-L z<&U};@M_nyp=PbyqDWn9^!I$x0$6R3YY2=4j?SN3BnB}}ZhqNZN1lM#Q0i_k=i#HO#!dB6SP_|>5i@H06%{j;Co{Zi=i)RoV7kbo8Mt$KFgmW@*id>048@B65pe}S_XxtR; z3!pO9?0XQe`n`a}59-c}835$~NcL8u?DP`>np!*>>}Pd$NN&uE%AD8EoDP;201ahk z3c^mC^2L`0!x@;gE6v8^A3BV1swml@&aqZuqfADKFT-?AqIQf^B;Bd1VeGiSY>O1_ zPwA4SI)B61jDN|7%iM)}@T~u7O(ee-77M&=l`O`Z2fnxo$-bdmG#4Y}Z;Lz5jH+d0 zk-~|sSHtTmC%rR7VQfW&DqRHWSekvQTCz9EYDQpv?F| z3;5_c{!jC7z5xq}Ty`H$W4SBm)d_Z9T3RNC%|s~Pz7X&z&_r;s_;Hci65_>jK;Q9* z{KRrU@ye(T%A79|y3`;T8ZAq5A&__pv<~_QM{Xv=%$7^+QZd#VI&bwVdw!CN!(7E$ zriBdvFu?ilRpvhnt>=q`rW^v)%AGqWZ<7RF36_*$94G#zx5*OSf_qy0Cr}=cT~W_$y~*abS<2(D&{@lHoeVWJ|7P;D_K)@Vjh-pFO2 z-@@;~6_AqU!$&Pmwh0pHS3x_W%j|3&*Q`@n=)0DwWe+$Oh@eQY4sA1WP#^|c#%V^S zFx0~yoohX#&p%&R@Co}}4n5)}CX`GB@s(hQEfxcIN@P-?sfObJY>hSMG5?wMt0qs) z_E(nbR{~yb-Z{RACUPH6(m%PN8&y)1-8%iDzfU!>_bMKo=it3^sVDi6{hO|O{24=l zHa1^1PUE$r7xYxpsq46KbLuaAwqESDj~*(3JZ(GY80xKv-gcc#-_k15*4uv|zK)lA zsPUi88Io>P~WgzgdItOb)ZS- zQM5DYB&7FgxNV|{F7EOGF&xVT8xg0iwYqATDtVJ(-I$O1vKpv70Ez>-$7#0e-F^yq z?u$%+hv5_>=JmhqV6q#u1#!pPFs{!gxHD_O2oDGc;6|^FD<4=txf+q#tjpg>?6YYE z%H`+i4r}jM)olLyB%~1h2f-AXQJj2kz#2UcVpA1cy;``*Ru~(G>GplmZ_I{OF%xjJ zxRYUF>>Xouif#QluR>HXc}Mr0t1-`<67uC8B}D;JLkov9#NmGOZyZfA?_@IXS^n*) zCIwv>>Y8Dk7*qtR*4e5a@h9GnZGFm4R#mtkr5Alf)BwmlPLLVohzqd4$GJlpBqj?A z*n@44YE$QSxKiXG8#-*zJ1p`he*DMvNu=;F^K7jH&I_|>^VvE16&3R7UB8E2Mwgs< z5C@_aoNf8+Fy4bBj_wZjRW^X=8<7y|ufO5iw{Jx(6^#YVDeyr_6{MVSn!|th0zhDD zeeW)YWPU6f+W4O#7 zceoFTaqz3DQsa{7B~S((LM0Hye>_W0PWa zTmX&1sR=kXA?Q%R+19-^-<8^f0^HLhHw9i|I4j3f4%8Q(CFNSA87deQLgnbf)C|GRWk>|?N9k*B()@^hmn z;j>mN+a4@>Z?6XXVFW7LR{~eL{VW7R3~0TmMLCq~^SNpp&whKg8ZAeYUO6@9UVb*!$bAhwOb5uZ-mjsC&gK zY+266I2)G>3d#PCt@2MZvHSZy{@INwEIZT5-oy`6m=rHz%xMP}quIPDJM5`^W>zA1 z4}8c+e@IjX{{8v&p{I{&uDX5nOn-bt_o`{;=bh*~M@3bBFF1BQSpNP9hPFM4G=jNh zgZ8MS&VB0Q^i=S$Pobu3`*c@oc2A8nvF)O3BWD4ECU+?vn|-fBab{JruRfdJx^3cK zqFq~vn46ee22aPy&aGEIbA1P*fBTV$nZLjdx#iOlQJh{NKPF5&`8~SOYA42-qjC-- zT!9>Z)c`LX?bl}`UbwdV;Cf??CEc|zy%xX4NWUP4jD(XtibHqaDwD0GVa>!D-dppf zIk)jFv~<1f)y)p=GowLsh8iuyPfkXCdd9ltasHoY0e81Bs*|R<46f zZi>q2lu~>(5%#QgzES$mH6&6jaUX6L;@IR?QbgIfiMcj9Mc-Fce&P0KH%6ESeCAC) z1wAPnNYxeq2tCv2RC(P^lZJjjDFl@unfBn8pGOPgtk#1y|-rxKR%37?Pt7pPe$rcY0`Q5^ySRDr6neDy{~IqdlZ@Y{>=PI z?7cet!9X2C z^jO|uu7lM(2_-8HkIn|j74UYS^=Dr7k`OB}%=S9 zn7RaL1Q_pAv0QZqfJl}iCYb1T&<%RKJuBiaW5(G%42kV)Q9c{YICKnpp$$`V z;D+iEP9JrHHwSRHVb@ACsBS2Rx=#!g$HbXbAhT|GhhvTS9 znH%pucF!pzdw2JQSJuX)=r?96PeePC1s~hp*a)CURqmnAdx;RYD8#06_U!tIv)egl zH>>46Xp?aj*3fn3E=hX=@x8VPq~F0bq)$}1_X^_|pJ$#My-Mu$AzHv)Qx z&l=~6uV-cTK=+2{O1V!=URQ)vhbJI@LnUsB;bN5yi*1_^&ug&9l(;SM;})WAb29Ty zRH>&Qv3OZavhWUwH%(zqO7%cl=eNgSdQ$72ESq6dpw*_7%PtOZ+Zg7gg)>6-_JL^O z49xT!*}KK39wv(4PL^HULX8+hT~>86mm0t1MmP0mNFFr41_p+2r*bN1sX==lRA=zw z`MUocm;Gie?P0rsPt#KQCHA3m;s?MgInTVpJ~Xjhi&iQYKQ}fB-lu9q$tN7GO*9j? z!Co~gQbJ6wS5ke6yaS}xgL)b<70@36th^^2cNi79o`8~Sa{wh~IN$&}i#RY%w{)H1S=6=H z;vj}H^PD{zB*K_TE=0*@;O4JCj>fs_x+IkQ`OS5oz6`wze}6nc^WgxfQZG|KrYQ~z)=gbgqsCs->nLWab^A%VGuApBEgM|5!>sY$ zn$N6Qlp{27Z+ebm?Oo7}A9gJlOMAR)6P-Ge%^gj&O0FyGU@sy+&z3;xN)jiAN9_M~ zxMrjJ1UM1P6Dw=BWM6+R64|y%QoP*@IvYlJfGn26Zsp34b_+($zivTw9X< z5J8}YAJG*1jH=mLrzQHLmKGLRv>dv#Ddb|nVI>2P0Bwx%wf>rrv_Ge6#TR0&hr)u* z_Z5E#+F_kR>kS_|pauEGZ>CV^10N>|-IHUX5MuEI1t=WZF5nECfJYJT=$fHL!a1j}qmPBI0=x>b3P}Gj~T4wre$^p!s5a7>K-|^a!G1Wa9S7It3 zWq>)U!{bbk(#Jx{<5O&$bc1TyJ<#3(WF3xptC~X>-s$@BA^wPe0 zQ^xxgm;|Z)1j=ykn2GzvR0AFXfzHIEffHhs_r{*51cSlnOlD|ISDcJJhh`cDHLbz8 zU$wm+cz5-AMf=f#VIu(Pf#pXMv|A&FSV?4RM1Vzq)XaX0>`~XzGc_~&oyVL5)E&BD zXC>DHjcr5$V5U+XDM0)Kf1=AT1@aQ4gb3Rc4KIr-{n;pFv8zu}hj6R2P)cK;QhgjX zAy>>Ihs<}BkZK~wUP9~T>>7uTv28?@o(Or}lB-^amtdO8)u>>jo8C*Zk#gwY+cGpZ zHkn$n8<{)Vla?HrZ_fO9%oIVO%dz$@{F2eldBs48?^LS>Vgc8bl?<&_q3J>u1j0Ra zu=_<3dblbc2XMdOuVl^|Fv~A5Z*12>*$;=+HXA|o*1hwNB<3X?p746qHXm50r3IO5 z_&j>^f)b20CZ1NLeM?;Ln)Ua>Px4o@!8K`&_D{|?_Qg@qKNHwX8sr>+23C^^bT~o^ z3d*IBy14!(GNH#`8NBuliSk zsUmQ^VFFO;C~{d7-7%sYqvf&;Oo-4?K1y0j6Em}S@D6Dn8g>_3Zc`Ywb_sV|A z>nKo{KJ~h8EOTGcdBHRwo`T+EQmov=1J?$kKk8B{*yfayB z%qa>wDt87{sjZ3oU-5HU%AtEa=2yCKBl0c5g<{7=}5BWVN)+7yj3_S zgH0-|zrLU1A1*-R=V4qxd->Cb4X!`DWs{i->cWDSonMnvC*>r3gb|Phyz4yvq8QBTR3UTZ`lbyZE zb{r!+9eW+y@AmmVe*g7HkK>%z>pAZGy03vYVjQ}Z)|kb4`VX1o=#!(0bJCWl;1nN* zapnC+$cMPMs*E09l+*4-CW;R%K$O;} zy}eh!!#fuFmKBAmzIa82N)$Br=7%QCL!TT5Dx`aLhI zldNcsHZrgX{W?S!Fa1Z;(XY9<*uNa0~G`m_{{& z0go_todZ_C9H=38s+T2BlXZcsH$FL$36plTlTN#Rl>hT*aA?8p7?F>%QYWL)u4`Kp z!k3em=j0RGiHUf7R5azJuC57Qbv#_6eL1MRKb)Om%9p8K(W8D`2Wx?eCYKQfGFk=Au@;wzP6o{zomk3B||-TMGCH3-|$Ew-l50lb3;s z3{F4uqe(SDtJwMnW|#5FZmU<4fpP$&)06m0D0M?Qb`whf)$Xd3g-ZmtBY6{UYNVtR z{uFkvK7C9DyhJ+1*Qlpe)&gDDd589O|> zc8^clN1?~lDEMTB{&}CgduENAoG?&&|DSxk!hCgCe-ol2oZ92FK*&>2EK~}TxOH9#M0xgD6BCoz)YNA%zy(U3K2~$jgeTE| zzP|2|;H8U3p;X1n9sDEHswu*$OgoRVd(A!{vQs|%WwOyrzOIZm5?HqN?q6EW!9~i1 zexKnlSEyPkP1so9>2mZhNq?UmU4ETc^S;V9A$|?w2|8nBi<2|xs%IDj>(VuxD>VO} zPT7mVjaA{>tPOId75)Fdnh_BmPy`*_4LQ6kLq({qXtN0)-N8-xPuZ(jV|lvpRqC`c zay)I)@enCQy1vePH|$Wx{}p@K$DjZ?r!KZpd^TS%zcFLFK$@9phvF#bjZ_+|HLZA(OKm5n<}=1^&76f#ME#V;4V_>WPDae|QVa1N zjuV~UU0bM*?S)(ph?tfW^jzJhAA6rOb}zr6h&WiBf}+E*L3+hAGp5T3EDkC(>NLqw zV{1y3;gYa;TjoiAcUDDX9P3uguUFj!3PvWm;la|@DG@J z*O+4bTskW`I7Ey}9{?jyX=9@ldALN^%)MH<@m){%MW1 z+Ep{H?yAHCO9RHBpXPUs|GN&G-*7PJ1^MZ5w>^FU9W*>{bry%?&lKMpHG6G3g{vP_urCze^UVD>l_se0>i;6{NG=PH2Z3L;h={{ELqoB zfOZ~-b9y&1{jCgq$t^YK_u=#9;3ERFXBYxwPlx}Gk`M;I0JB!$IHoE;gHT3xRpzg< zPz1o%FS#EGg3+3(f2Wo|RZaMP%@W{x01q$F*FZf)O9UavT%4aDP~cLztz#{WN6p`Z zUt7V~7wGp}!bQgpk+@J?sqsR7cKiExP&7S?c?^TpkN~>qa>^99%Z!{vf5z2fqvU!r}8s zu=QJWIWBBzXFJWHw`}fn0g94zrZzY~tpZghZ|2{=GeCk=o zzo7NZxMSh5{}=X&fQGd}2dJ~Ca@bdnwS@2~Im5VD^0mii^$42())y(|D!FZR z7pUN;tTb;Q*F@|*UFvx9o4mq1DY>7VIR;xaB;p~8)BR7h4_^7xKb!7q2=J&|mzNF^ zZ=$GcZ?@C$Z+>8$nU$g@b7^R~nfG*R=P+7kike64sNcZZ&lY}TA!no`kEDzQmc#3bw7i2 z0nBf}M%|Fk%krSUqV5Io;Ok=<@A$hfQUWogV{s?_&W+mXk_k(MS>?N5kO&XnL^+1O zn=gvcCc#$d1@~n=kU#+26C^^YsVRCA!jg)*W&lj->7`W94IM5F(P113Jo&VCR#eZD zJ@E3mc=@Hd<7r9oN@~i`p5d`w3;4i4GWIkeZdhTWj(}Wjhcce)c>*H+NR=Y2dH<;0 zH?l&^95(UFiwF9V9g%OScD4QTEMPCP0V@k2yH%0?kF&5IU_(LRubP+GkNMZEUjfvE zH!s(4PW$pk;Pb#wBc~26rw)(MKOmS4sC;G#{VM!28#wy9w9S7zI3XqbI5hN|nDf$a z(KV+;*@~`X8jqGWA!n$Lec!9Z#(cvdk>w4lEu_5f52pScOmRGdG?|^6%?2ppO^#v znd-XtGRKJkHUd( zhp!A-L|a;|Z8ip~$}rvmg@P`{H7J0gxgc&>gpj`wXvIHGZv4-_XsI#44xT*q#>dt| zG#h849HZ#_m3|Ovyzuk;-+jMsbkU~`PqNNl7meEqpnGg#F`Rgl8|SWkO0tQS!467$ zd*`Z2dc5dn;x#PR@@p9)TqUr0vHARNgyz`JIBUg$)W*`G&bets!>MZ4!C3~wixLGd z=k^`7UZIoG{+$yWG1UCV$r3~m*hjhijb85A`L5=CI3K{`ZCln;SI4;cF?59|js|c0 zF*)%``wWF4AbWQX3@zVhHJeY*(ln_4X?JFsoHYN#Ljb*QXL)O)1DDs9W!OgDXZ~Tm zT4Uz}-HN{R!z_XIbp(o~B75TgH3P3cg6poHh$bCZw&ulP&X4_nkQLX?Ps}4{&c6Th z-aF-r(u+Pno)RA8qtr^q-I+N%x^ijgk5uL36Y}$ZO2GewI(59*nhk$R6)tUa6vZC& zpLGhJFLK=EiNxDH9+RD%s^}b>h!gdD>vyT%Q?zmBV2Re?2EKQ((C_oph_aJr=WV5g z6#xG7-VLYbz{a?g(0RQx%tnO06GKZwz4~mW7&9jcb_aVl(UU4aRk&Od<#15oY+qY8 zd{cO550O*cdGh)*-*Vc?qUumB!o8fTedb*KlUSAN;#eU=r^-7rr$jBZ>1(s<7C%M~ z`HzPfo15E7J9c;UcDCM4Hs}U<-I)SZ`9i^HNY@AazOK+%4r)}^hc`eUqiZBJEMiQlrt`E#s^O+$10 znDyq%nNtMp9U*)yU@MRT&P!=@HcZ9Q;1~})Pd$oj;gZoKBTu}RoxLNHrt17kJU0j0 zJ$~aeEi3eHZO4#b0N0y|j6yXvwb(|fslmG_D$!;s2FeG~GCX`dy?}4WrzCnZik?%0 zUpW-CU~UVy576W(yGx}R-Sp%{z5jBZaD!!u^<;Ig6pd#O;Pc*#d|vn6X4TkJma*p} zH2+=m-q&pSwU@|uQ4z;>J9Cs@zb+sm){ZHv2TA?kKZh%h)#UA!)-$uf^#+&2A=3$H zdvXk;wn`M``}=nWLu27E0W*BRnZv0WA>Klo(^&<=vorYqHSOIou`td6tkHIP{j!iy zjp2@KNb7k@4R$q>L80i>>-OFFyDN1CU91}u5WK=AM8%FB45o9nlXyzvlJWSR^by|W zD_Xd|+Bbgl{l2%7L3`V=`yoecZTI5pLHv)Asl``r8+F0ILp!<(S98t9%6L3|u2Cw- zE8e|(+uI>|=iA$7U!T0;Cc(2mogg(fNt33JDw)}Mo1=1gD0b%ShHTt8$(zx4ut+@h z!@+C4lg2#fRHYV|GT*kBCytDKyHR1B*SdZtin&Eo=1l}WD4mSdf^SluDtlRVDKFz? zC1oQ{iqeX@?jv|9b28Ai;p$eRs$6ENmd8}$Q&N&>ag>xZ1}wK-45E7r?iZ{zs0@XS z5DIA*#o{lIs%gcwFCID77JDWAb>tPZLk@K8DpAOA%x?XR!wWpv#@H~E$S!PO&4f8} zyYJ*+JnOAdnl1RKThle2HeS24!3J4Fch|*SI{MZ{H>TYJZ%w<$0yCW{#j~+J#RIW5 zA$A_xa1Bg{Z1+kL+NiH&dg5d)b9VJ7{}AA-1=?=r5H%|mAl`0FS3h%fqYRwCA%Mc{ zq3%E2&K$ZcdbA18gbq7Kb3p>sC=k!g{ONH>#}f&uFzWbbsL}Ngl4TH)t8Zo(iM5#m z?fQ42QMT;Qku8;IJglB#*YR{n+zX75$>5ov z2L~h3!(NpQo>sX@KnFa_lhn`Ok-KIb7cV+Hn2!6s;@7I449%$WBy}rru~i2rq*w4 zKAAQsw}SE(jg>8S8V7uT8n%$w!+#i?akSWXjXdzIhzpkdX}>}jioavPG2$ZJnN)*4 zn9H+a6s(Ry>fipgalYO#cT{nq!WKPT#Ro?`RrYu3LUicLA5OM4N#8Uz=bgQeD~Yar za6@)3jUpoW5W%e#b`tcQYgbN0r)%E(wFVsWJ(q`y6p$b1^{M4qBqSBz@oW6At`UrM z{)~n@^H=`hp3b7tGcZVOPt^PmXciAbE@Lnez-X0w6>w;CwyH3rChJj&M$TaLo@jFZ zy~*SiE1QLy5`${hLij1N5fCuzN*#%5+8@?tskyt>@hrCoMi3_{&+je?X2FmEO0 zMsOe{3{=xl`*T#$O)N26_PKY_wfHOu?Yv>P(&Rerj%5^0i4}6**jgN`bln)e*;i2T zDKxa*?zm4x^nClV*Syq*gSFLrOD4zjM!^*CttYYU-wd*0kv|;F;q6tyS5^i))o)^z z08D@}D&DDXT|d0b0(sVCu>9b8LTc=U2+@uLJE1Ecq5ywZ@d&B`XnnZSf0pcQ0~E2= zou2+A1|~klkAv=pLrt&w=374bPcy@#gUKU7}-foT6iC`t_JvsKq+O$u` zrsW!z3e=w+5tfMiLTR5h)Cf^H1P5@iE+$#1;$8_O#?C?d7ufPRH{N;t;1T@zJB|?E>cJw0{500kPDSnDlkU3npc!^inSNq+aMymT0)Hub#@m4eS2ae znyPIMl;|v^1-~A4Z={~Cx;#rBznz`B6O?ML^oxZmy9H^N z{KX@$e+{b}*aHemv0i^6?k;s`ZM!o|hbWZER(N>0q{PKnvaGe@v1*WHCR5*Gu%cVA zN2)YGNz3AJZmKUWLPTi}E>YY&d%F@tO6DoaF4s93_hg7B_lpJ&b(YXcGm`SSl^V*6TCIo#u6yFu zI59A4js0gOsmL2@V`9WybZM-nq&yZ-%cb5itFFQB~+>Ux4A+pESSoe;*Tr zx_^Cnp@7U2#tM6%{p>S;y(Bx_L!;$Ldrv&!T|mti*{!!$XU#ep2OHDa&Bip+&}R$Y z2a&NfMdQqs*G_a&$Z{$IPgY*>y_K)a{PyMjH~h}>W0RM@%A{xeUNI?Rg?2*Ibf#lF zfw5Hla)Rbb4-VUW6r3s;HvRNt#p>r0Ue{m#l7Qn?HS)(C{;ZDEwh7-9Ng~cZo=Clb z<@R!AcY2=4+0-$0{>QQ#vU}J63LNHcx(WOHeNa?;5$x3oH;yVKikbg`9h9MiE27ewNFoxh@$I0W;Bp6> zDCK#HKgx2coyIeWwVOE?%sCigY*?sd$_xIL+~gd|kRKA+XDA>XR#H{hEJfq>Yc*`i z#yLGf_zen3=+$-9J3D1s^&Yp8jZcv%+E@--7mDRXv@ONv z@N$PkIHXn%SOBBYGg4W^WG9!Uf;wfMJnRL zjmP5vi7iIu@49&ccF<}cZ(b)~uhueK+@KutRT3$qSHAu(F7Y9^NWilqDNa+_$6%!l zqzkf$2;W;e3Xh8Z=e=KhKFtP&64{XD6_E$uB4jBet=4zlJ(lY)`SZwhF+E71D`FEW!LXp@2+2Fe%>D ze`GPEWW$stX%=2*&Zv3q`T8rX`QxyX%^+#W9g3B&XADw0B?(v@;I56N|+yUAV7rxL+-Se07St&TcaJVZhC{M(zH zFl`RIttJ76I^GE#@~X;u`4X);KWCd+Tfw#mKdIj4SV(Z*;+wAesFyA;)-ARzF|dIJ zjGiIt(Rz_s`i1bW*73R76wU4Qm(*u}Uf+hp%H9*< zS#jO(5~$z%MbAUz7`t^jbU)0__*d**GQzMD`Mn<&P57onT-5%i(Xc~2Vq)$^* zA#jx<)S%4lpUJ7|yR~8=xQD8+x=H#u=>@8WhZVu@b=v(Ed8$y$XK55{qsVmzSInOo z@(kc25=mv4!eth`8v562u&8O&Ls+Cv0>P4*k>Qe1!2h4~9+1y0^17iEahkJHv3T#a zzaJkg&qExp`}^e=SyJvQs#`SHuM3BZ(N=#S2J8Nh?_Z}K+pOjbd0hSHTVh)SHYY&= zhbX%(BYuiO%O8Ioh4{ZYEiIdHeM*jSLvHOyfm;JlUso#dy0vL`}K(S)2;)c&Qi6Z`+ahpb z#{;8QOO;o1#|W#g{~&%2W~|_e0N(Re=YJl6-I#rqZ?E}CZn}bJk(3n|c&|9s^eXZD z59L(!;rsfuFVayE*m|En$cR#T;`Np4lsVnZ)$YSZZO;&;l&A4Bi9x0ueIF{d4EuQK znTU6f2ZHJPtr4F1n;~7D#c%rqU#iSyP-Ais&U04wdza*+{ZX{~h#;2&L0>`ESs(mqI=Eli#SxAW{v#Ygp*T z5Bqm#X2`yjDf^vy(tBe_jmKsMA`FV_b{r^1-68t#kqoU%K7l!ihRNLM{QW92E(g!H zp8R&7A=b!(JyfrARf=iK>q{)Tl4-JZasp43jav%Z88NR(|K3a~>KVB~R4n81)70n* z^E~HDwsYW5Ho-I3vPKSsh1R#hj@cbO;xUt+Z}{CL_i((F`B2b)% z1i36dZUi31rbZJvSrgRT%u}giN>#)bTit9iGXf?i6A!<+Y)}+Qr=1I?GIxz@i#vDy zOs`N^gWH>!?F0Cs=j3ok@cjUyCg9_f)?+Q1m4I(bXBMMZU8L63n`b|Zb6>cGBw4Fk z*d-=j_;6$PpxCsu-gwO#<9cA~_nJBAnN8eJ)vH$=qx{D(dR{7;5Q50|W`zXwO&+O1 zxw+y}JF(4rG^Y;Vb6LPy>ow=EioDpABkF|oL3KjH`AL^$%I=r={x85)A2@`-UNGbi z-|KNKqhY`1cL^lMhTN|>|FmP?M{HbA9FYYlqtgL{+!2;|xv#eTyegNy#)z(7f(4+& zFULvo^sA9<#vQa!4cN=U&X6lLlap6rQHBDgX?f=k*qNM6P^#p`&%REz=WY1Mz>q|U zGHtOQnjox%BmxPB$agv=pBn^~BFtk)+87blW;bfCl)o?}>%}PvoRb4Hv*}5#1886_u+2mf? z*Bm!{hfN-n*HFqBQ$bwAro9{{%ceB&LUD)S*T%F*JsMQ zePbteNan92ol0JS&x}-#)`Mhe``HspvKTC*+MmM^=~GDv5?MCT@||0DOy|-}-`gL~mX^tV-0x z^uwes-6$idLZE4e$dontK>bv4?ij{o>EcRn=rSNQNB;B2b~Y;GwA&uq9L=*nmh2I% z_o^H=E(HeK!NG`o)vy09zH-8=S6u(>Y8X%c>0BK#e?^a5CII7Rh>%No_(ewYE}@ix zu5Z%RyM62}uFg#2h4kE9D09NsBF!Mu#;s1AJAP@PjnVyjAfOcRHM|;b1x|fxF1%d< zg|B?26x3v{W*;(I1BQxPU%$IXBpA76)Ipzo#g$NhD!Z{km1^!|8ELJ)>sfjknYtQXudpec@RZl*}}NoftZ z8m8SJ?VzXxHFoL1(_b6(l;IE$^x0@0zv3Cru=#ua5`V-Pm3zOPed(Kmxni`sh6aD6 zZ{g5N@dPUz@4fbY%dM7N0DHi#wWg8?#-e~0S;xA=zR6XF?FmjK1{E4{NdtXwF+T{Q z141ICqQDR)qmujQq~ut!sO3IB+RfRgiiphzJ#3CskI27Yp8QocBjNPPBFC zV`)U)^55kpy$eHD9a%LhVmzzfJV@#zA~@LkIb~4)%ewM*u$%*27BL~l5BW&(>YO&q zu}owp;H zq!}tIUNUfpqYT~t2`JtczXaYRmb?)4jZ|Z$lex3v`0?}8QZ&O9 zDfbCocd_VVyu5$4hAvC7(P}JCn)1%=xj~WZx@h1%qsL3J={BiV?UIakUbjD97m+LN z8CH_cqdux7#*_S%Yu8DVVShDAUdoWSlLkNnSV`2!cSOui1!@KvySd?)fw}PhEyB*F z?QzS5Tf>UV4xCf~I!Mv}Nx|K4)!fSMl8KO*TME0{pggy8%GfZTA6-cJQ`0iC=q7W; zHOK2Lg17qu-m)v8tuHh$4RVT@f>h*UAT`sIGJDtN8Op zn?aA#pX@y%}{ z9^d9U$It|nBszAqfAO9AAdAeaV7I$B0MuO$px>bL#PN{KZk2JMXqs2I zZKdOO6{LSS>CEcr*lmlQON1N;lU2^MS+B6hO(`Tlt5lxjQ_Zh!&^2Pq7MVw=2X?b^ zVYoJF&IDWK3%eyV{YJ9gAK7mo7k*paJBHjz2sJrB>5fo1nVz>RE3IvzIho#&E5G6< zOq~`<2qAe;|Ld`S7%{%z@0pwXhWTrUaTy2#|7^LvmXfW2la(%VZmAceMTzpKN=2`6 zlM-%iWu-uq^Ar-k%q!%wnT(=)0vs$@S$k%SEgZgdGJqfZ-@W4mw$8=}Q}S5Hilavq zgrw$sg5kzEicI#0bFOslU$zl>F;Ht(Rg8?Cv^99YR(`+wB&nO6-`Scp1siPMY&?W0 zCJO})0N3`E)3?{$q>LbH;p#sUR_JP9NCz(K5U>&DKfhJM{&5!z90 z%TaQfcUkZTvuP(RE5=b%^eNpAhue_%Qs1)sXw5+?*&MnAL&4rgy)Z5Ieg&_S+k7@! z?ek8rJgD<72vV5Ing)3W?%p0bk|bIn!2c~r!+F9j#wWzs0Xbyyf%66OUwW4-E{6)2 znhLHLSnyJSR{cvCDcIg5IbCnvTFXRPfaffO9fgAJ z@w6vhIzS9td3 ziiyr=4zl*No6mkrkKQv;lX+*Soj$elSvnn5Ex=qJb0duS4IPpS=HlQiQ9A$>PT$QO zFLbd}?fpXRKDqbaTi`QbX@nO>!!g8HLRq`VEmgk8k}+w#jlg>k#@N8cgmFD#&1t+r zYVPxfB9TzW=#`3%2#?fX%Q{}Ia=cAd70T9H4T4+8F^dl~Gxf7`pVP%WFB(fJrXzk& z=amu*`2W==V%O%TCMsWMNMn5z`xx3ab{#?WFRr&ckaQh~6{Kkc9S6&Gk$85_8$OcA zPMh-uzF_f8JL;W3O3I|l%7=*!r|yJ=`ja)-|C;wKisa;}soLNrz96|$s8iPjt<&dp zCc4DOvFzJ4@6TJ1?e`|Du#hAC0ZRcXgBm92e_h++iaSO`3Jjow7t ztgRe#h4{Kvao1s3PI2BF`dsy`ycpNE0!G&yS5ltz&&DEG?q1kp%0;p zVhC@@2c`=A=E(^b>q^Y<^(S}YDJ$r#z(=%=_#n}@H4WS#f*NoEa*4RY(5oFobpIG-+DnahBVIKPIQ&L z`gAmuX(BkHN&hPjcY}LhpI2(Td|@aj-QH!V8|oaJ&KTu{x(DP_v$aQ~iB__PMJvxMXizC_LJ{85oOGt*~>{`4upP9^M zK2^&}g>qDn6F+^>S;lK?!UK<@4>BC33$bf{$z3cZlpvynn0cYoqIh9~pH^}>p-%(Q?;?~-_MxyfA0+CiBT6bOBL;N8&(Qp_7buQAClZD$`wL!6a5&e>se!lwXIo7wze$;2d5;VvfZ z8ctc6B3|p@c!d3&)|F@YgCvX_FBC}z?(L4}k1GEC(lM0G$f(}7X#agE7(#(G3PzbZ zcMdT;@FZ-lCdw0C*^O#(KBEGdi zfeaVXVA9M&XK34mT^8#5NXyxG8MKWAF{)@}4hy6-z}da$mgFDjpZ93`*ci%YSCTMJPw2TcL5+RhdL?M>p zMq=;&^Gnhujmvv5NWr~!nYh2*mOmZ6_69CVry60G1EQ+|DAQf>%IPv)L}H10LHe7! z*G`!%24H-Z^G453?}II~KkGe(ZxEaLSLwZPERp1FD!6SI+02aiMr*thJsCLeiP-;c zGtu+{9+TT?{CwaT#@LCm33QXP8L|~B?gk%Z8mtMfz0lvfa`^nVU*l6|ieGDP+?5tH z;o!bY8!25<=?#^LvUZ8$evIwHOY0J~O*fH_tnwHPq{kp0gKHWwnEGpnS0KVxkK zT8C8{DxlxV*Yc?{hYc2#`?ny!)R4DANNmPm<(#oZ$Lb_Si$p?{Zo0P3cV?E;#{VQ- z>-i?tm#AkjgfbB^iLx!u;QqXGT6xY-Q zG8H@$Co}+ub^Mp1_-d?6mD`lxLdIUF-?*$6E|@QQpC`G~L|#$J{CfxJZ zmk^t*|M=w+ycc4RCtR6re7;%klQ?a^>$w(L{5GPKHu>OKQ1O=~5$^b&no(rk^H`1J zoZb)Llg@|saif@Zqu<97(D{D9dUG$Z|KN|L?9UMCeBuLEaf*jpsLw1B7liGbGZ2HmZx63v1S7$w?I!Rj64mbe|;#Z_VdioUhUO z15yGrG^P{9kgozc_WaYEcfs(EkZm>NHFH$&(rc;ou7Qa*O9YhS!AK4ay&x4KkOu)T zgTA!Ri^eEB>}24|HNV;HZprUs8-Um}wOo5mf0S|-DwxD8%QXr|@rqLoL7;Ij4V#WG zzY+|nHDtH$T6E51{M_EX3{X)rnj}2pJ@UJ>C~LG(H2NKqcATm<4{PPZ-z4E*eRbcY zBre4xknt`o%_(c4S)t<>t+v?};^Z$cB1RyT1{#VYtiSkBEoF^HqD5A-9_yzu%wby(|$c`VfiUmxsMf8CzOnC-JhF+Awzt}wqTGss0{u5#7p@&)jcBmBls zqYr4pih<}gx=1-F`u}1X3k=G8cUBBOjJg#a$~o24k&ipvh+`wmt$+*@*Ewo8foxzO zf`E3)`c_sm*N;dyN=B48KZ!We6;Sf@8avP_YPfv7`-NepSPl3Wg0eLtT*LK5;);QA zYON-@O;I17m{M^imY~Fi6* zrrMGL24reOav5Gj8?c?ee`fb*?|fXc)Kv{kU2oyhv*7aOIhF&9cSYMA!E*2xw6JGQ<=#k9+kbVQY2G9nM|2)*&+uS_l{+9VFe9oVlKz^;y)W zsat`hV!<2vb%R4HZU36ZN3%3OcNt$Q?Z1$Iw% zpIwaaJxbBEit7V3x%|C%8tROfZ?Ov=AiD`ahRE7v|6YHjc9YWe(9<_lcQ`d|aQ!g> zDXFq&-If8TQceZwYAIp2!*H?+k}z7EK@&4{zjl)U5gz4AZY~Q;zstrgP9pfB1RoWB zS2{M2Bp!52k}WOs^M^(DfvP=Z+zRor`N8q^K!R&HO%Hmp5=CQRfdyOMvHD#pYLee` ze|5f_S5kZ_R6mXK_zn;m1Z`c-ZbO)%UtolECa+D8Y=$7-$C8rj(w$%hk2#4JonY5%m72*0b^!8B%5M*PQ;jl|I49vp5-(bxlR z2Cze6xAN4;;3Ps{T2A6%TY!6^Pcq22byIY77kQJz3m%O0k#cWXEOM$SbCw^F5Wo_a zcc~Y_%6&qZ;U?S~GqvKQVoBhOlMiI=&dR+d|Dr+c_j8NwtNL3lJUV%~EK}MM@~UML zanz3zcin;^Jq1RQz+sfH3FpOQt~%^{0=yo`FPaH?4{72L$rNBv0169XkAtAV2wB1gH7))DIW|QzQ6z@<%M(tF2)@b= zL;LL9w8hshPiES+iz2w+EPd*)D+>PFL$=d>n3T)n*ZA4(-D4%Tp8nh6a`TSk4fpl8 zuR?$iSK<>r`G%RSDeH!>w3uW6M%$-!sieW01qknB=X2X73uWb2O9WUEZ@Jc8X`mPV z6C~{{D9@6{M2p)Yi32xWwIs*EDxO?Ejr=_?e}k@n^Bnx8wdy+F;2%KfE(^-v~oY<_7XrW>waVENT)>)_w*AioI1+E}Fv zxg3g*Z)261xOw@1b~JyqFE1c%U}?EoN7b2sJNA;FyhUfB)5kBGS=q0=!~YT}4USw2$*uT_5udGiyYw*0=M~w?u5#|$?B9uR zUcb%VpCWl$*fH|TpXzVa=JNf+;&7Y;jZ+X#RETp|5`4i*4M-ntH+Qfh9_TYBS9^%} zKG5oa30LberW<-&>yByTAq|2#bK*!y`{~qP0SGERyg0_fW5LZhb!=^L&HNqyp`u{H zfGIFIW}T{Zgp#mh;ha$e^@J5q7fN6nRXZP$$H)O)zu5P?zp7**`ta){#B?9mG8RMi@x;qnQ7Evc(_*9gbe4tnAk;AXABr4U$(F zT6b)l(aBMwbkEtljx$~7I$tql(Qu2ubQKQC9&vhbbxF?oHTwK^C=hah1_x3VNZ6T* zXo~cnPCO5b(r#kDcl+uG>!O!+15^+5YG9! zAA17a$sW5Cv-AYn$eFBwEyVj%m zJvT_>O&>HnTU1RM+_<&rUYB3MI&V8(5?ArVm@VtipJ4}b@eiPNsziGR_dgCRu!mm+ zemnU^Vi1bWBgW_O@wtbR{M%%Oi3U8_M{wJwrkP&7t1e06b#ULm*Em{^@nwca^P0Wg z;`T$U`%Y~lDRLR`T4gc^59+kR(9z+N-YV)S(=L5*&B@(SsQ+iI())Z-MCbO6z1_+W zke-;8;w^(reQ)czIn72zZ{z6Kxakxb4WnR~YL4y`#+Z|aqIw{9(}f!@|C-*9-HSjt zEG_@ZiCFe{gxi#(EaRh6CV_|rc0p`6IR^|tJBF1gU^dqHokkh)&#)B5XV*m$Ciz?; z32Z*cn$%0x**v)uO}y6ExY9gHLCyk6Sd7sQYU9mSB(TO}QF^ z1Ixjj?#s#nlFrfMHE;JM?S^4?)c>9ep8uw`{9j4 zN3-GevS%$OBN2Qk=)w>|tk)MxXwuT27fzed56$XT_dYA>wyqCtXVK#chQDH%>*-|w zPE_m7Z;by98&QdX)U-6>0AlLUBK$?QuEn8cHM5&PQ!J5VH?FK5bvAg0T~g83e_lZ$ z4#SZj4)5j`sSA>Q(}_QSy6^ElyWE{6$2`T{q+>7pZu>nY^RU!hCK<SpX}oS)*NvrT*U?2wZ-lH`9=c7a&f`rD7jEo(a2wbrR5U++%0Ex- zX)k}dbRbB8f+}J;Bn?n?SQ){sa|xG`N^RCJJ)>*DNf$btptO1ZT-jN}lj7$?Jk${$sJvJJIvVi$d zbZz64$C66mySlpZOn_Uzp#wb!ig!zVyXU_zGel zvrvYEgGpJ>ulO|*&woy1&dyai5hS!)FSb3K{KucZx7D`vGilPg^3|#oM9l~$iD#kX zO{+wFk1pTZDQjy1jxZut>M8z~V5!|dW9@ST80U{bwzv0Ay|>hpSO zFT)CZ!y8O1d-H@-L!8=u-}X-MqNga^A0!$A{?e*%r*!fcIRq$8A8zxkt>NigpiIr- ziwT*`zj~@j5|VKT)E7L&Nyf1Jw+GX{E{Ra`O|#gSj$tCD84j~_PVT6GRgX)AQp|cT zb^qA&f&*IV6qh&>MWAC`B03$Lvh{QnbJKi;@_T7*ZO6#tSjJB_oI(6agfP6d$eP)| zj#F?I#c5{0UW~@QiUYDj;QRL)V>I;^y_sJt$9SYZ6+}Likf5Jv-ehHX`v}giE%A_e z)7|(Y5ntABfZ{**8Nvi6Kc6*;Qez7-&--LzM=3fNFR8vu%xd^>=G@?;wk9V29Y-x*MiS{k#ttmm=j=VMEddOGDQ&s|! zz2RP;v|NVAB3>ox%X43P(#|_+r)hG_t6$`o651``Ji;R?$Jl8yoNdboh-XM;BEF+l zH_^K%rUPwRLN`VE5QluKN&G$4H#Ryyqz$gJsD;lR#M$7zkT7y-6EHT%Ioq-eH)@EC z@v*C2x$~dhf=_xb<*n1S7oljntw!JQ>z#xVL-)7CFG{YZ8Ds{VynSEMN@tfQn%IFjnV5(1fHM(N$sU%Kh^JXE+st#52L8OwZXn zMTy04MBmjqb?Mc!x7;E%xx!S0?V>SKDVih_TI@_0-0`a0k~sl3T}*3Z!LrIbqe>(f zQ_qQiT|7E78`#dp9q4~#>R-bZ@4eBy{gJ+i9cdT!Gtwwt_ZM(OE@0BUCyX+iNZ(G= zd4ye0s#A|--3LovTTGjf#@v1huX-7(Wmw7d3!V3oYj9buBc z>X}p=y_||NeZx#*$G-|QH@mZwiI(baeZ+h*3Sg6dvu-8D5po-Jxlp+^lB5180WNnv z*0z($N&n|M%F0K6q9ra-DmA@LCsd^?Xp2yiE0+SB<$1Y#ySDFuWd^~KC+LEpUK%E% zmvnEKs`CV@$ib=hg(zqhanHIEKX6K3FdFz`JPxckj&XtM(0(s*;@gw$-`>&7I7NlH zKjM0!?z@=g!IL{a4uo0vD`uGpji|TCx_&5!9cu2RTuteJnW_fAFvXO&X;Q(w zOXwl*6fh*25_>xM5>5nIiaABcsi|5yz#YZ~%-hBK;BD5>107~lOtF3>2uT1?e|Q4| zn9ESYt$C-N*mJswH8X??VPZH6gwKp-cV1@0;(7M`sg<2;!Hl`JK8@DAuC56#Z)n&{$Q zR#8XaHN`)%W4T;6jPDJs7WylDV$0iK;&FXNLbwQR9Oh?S)sC(V&+7+t+& zDDy{4dI{Svq^3}bVsku1xxLR%BN%7+$nqsYBXoBx@D|om1)XsJNA* z^51SC9(+pG6B7x=2a4-kE7s8|1*(Ugx#9Q9E-084pPpL|51uklH5$bHq<%8b`%*1T z@N6L=S}CL5t-AMomt1B#sjQTWbFM@dR2J~H>P0QLqLuHBr5P{P*~pLV>_|Nk^o+qS zvAM9`Vf2&a_i`AY1APc6Kb(!(;5bIGr%Ma!eGz4UZGQ8hRV7J9=fNEJ_guMjbFrIQ z>g@#rJSl7O2k>Rjw{EF>m6{u{89rw+w>otXVE3-nMvjguMZ+%_{>mrz%2TsGdj0Q*u>P8$KpqMFeao72bDvWCzcw- ze?U-7E{WvODKh8SmtaH{nR;%y#&FA?%&vV~{1u_LYH+gS({V8gM)?lG`4&6GTyjOj2CKZl$xwG3L9&YQRNuH`9Hv zH`i;oj?7W8e7{t?`CY4Sj5}{#;HF5DII2y3RLm#kjkdF#y#Kg=&NH4iB&B2mQzbDR z9y0<2V(Q-vs^sdIUaz*}=cF2NXjkEjUir}?qOGU%dT{Q3EMNFL*_%-(9-f(Nm7`kx zbdoVgEd;ZiF#N$HdUKD!^Ec+VOPofD<%h$>kvps9$f$d{T6q|!jYPQh2ZZ|wU*i`qo6w2yI;O=q5#C<&9~oZmXRjZDbpy8zdh;ki$i;_By_s~X+D z_qCp6gtcnT*!8uJFU4n#8T`Q2zQbCRn8$-^vOO`X*8(;mD)W2%d+Id!Z6_4f;Bd~f zrHy{8Ehz(Yp3^T9B@<~;G8dY5b3O%a$Ye2+KD$+VzxZ-Fw_Q*9$M4_8v9veKsSn*g zH&mA_%6-OR`n3mOXzz#zYdE|Ac>yMshZ=(~S;CH;8{z8fOQyiy)!0~=*s)xEGzIVg z&H?54g=yP2qQV$V5r~D59-=SjRQa`@w=Ho=H=4#>m%g<$E`6=fQ{mIVxg)qF<#d+& z+rnzts44DEKCcfNrP=zWM-9hem8GMlQa_((3Noy!#je8>Av{1kR4iGN+8e8U%Z+?z z`EVR(ZHmFSil@v#?D1R>^5C%9q-!y@~4f;zl*4Kw6W+Tp^eaA$B7$n{&&SFo&{4C!;fw zU8IP^ioR&+SILJc@!l}1TITljDut?~(lgO#^J-lPjElP$e4qYX`G_x_8ioR3?Qj4Y z$J2uh^NwY7QzYcfOGMXM@FY4ga$KHkdN*=6?_z<@gM(}jS}r4RH{zoEYu+WjICIPC z(_O_jW%_E*#Wp>C#;7FAUHkdhl_xdiG3F$BCXK|zx z{bJgmXq{lZrJ6w>UUR?MvZ=k_zc_zj%k=JFb_lQciRAIds2u&lYfz2+vYh_Juy<`tP?Srszj}=AW}e`{{_KA7?Co0qE(%I~=M+SBf?FQF zZt1b$q+x9`&h5GRC}yK{PhstnrFdX|jO-n%4I9cRlyf#-JgX>qzH*#txIy(JM>Fq% zV+>Xoh5DJY86SS3dKdH9{aO9BXj|pywx^i#R0|6mltY^Y$ggQ!yje!|jwPEiqh9;^ zUE|ihjxSU~Xp33!eN-DHdu?8h+HLJkIW_pnn|Aui^?c?-iMyF^doVPgB9A&n9-rpe zsQ3C?J>y-|T}<`oEj3f9qvAI+NA0`ro>qOmwlf@WH)PwRs&Lhi=DGBtxXs%fU3Ukb zC=FoAq@WF?@(llax21Z{ihRYDrtk z*@vmFLo#ant1ii$S9`p$UZ1L+!yDUR;%hQ}x9fqfO7v2!k3c2bvp7jN)a?(zfF*E2qS_WC^~qE10-^ zCCxB1u*WX2#zt8->SfHp*|^inK$Mb6YOtQ)oTRQDHKF9_I%F%pH#9?c*ZF;SueMtG zw{=m5RBxCgotpI8izK9(m#b}m?UD7U#-B&8hmR}C+Y4Q-H!p}wDw{5uC#&EXQnmg4 zYvn8Nr+8|{8|LHHqlz2qlo&HK*l0tzY;AM&1bI&H-uY8}?+2EH7%ZwTz+`-Y&ALLo zBAlaDeFLZlCEl?@y0G;9aT39b7oDYWghI2X!n!?=o=o7g)$<~;`Y!pvSBD;G?2+V( z=yaKMV!NS4C7q;|%X*NVW=dSVzsaBU#r~?RHA5FYWHJDTHL~t(x+_4oVQ7ZGEkGdj zM8?4ryQ2&5%Ri$HR}Qlg4%3#6IJKKJC2zBBj*z+_Pj}Ug(^26~H8uxc54oT#LGS$P zgvIst&QCW_i3eiNoH=jMTV*;~yKSDOrB7L?OkC|S%aYBtj7vJF$aOVCqu5(NLt`^K zHlJxvx|ggV$?0EX8eBUV+&G4``B5(~4xr3uC9*7c?>^-YtCI*^@~-?sdd~jH$@^bq zX0>8Gz3OblUkzKo))lykX{{Xn3{>?;z2LtzMt=$IeSo?qXgpq?EYO-YCGKjSB)lX(vpDQpB=9lj5YWiloqW^oCBb;Ky zMIMgy(Pu&8V~&oSUm4R=RB-Pu*xdT~nu~PBev*e9F*HRvlEZF+KM!Lh$v4sc!n`9h zIrf@2-^6YzlYaiusa}JrST@3&z_ZU6b%t#AsDQIFhL7_1!c87{wTDr6O z+nle3WR|)BrsFkz=?rzs2$;5x*4EWkJ`i=y$t=N7IQFATLx%RaviPdscvdqu@8&CY4hY^`j{FhN!mEJlR=csg4+ea5~ptrJ4GSYroShwfI zt@|2T#s}{8JC-#y_XfN3=I1xevnviz;@rlA$Jdk&luRpp$mtC{`AC%!y&WwsWrT0n z_gBpb`205abYyM#M6Q~ zJLX~+yG1yYw5P`a2kDMFolog82qo&C2`rh$x=_*3B*t#p~5NM zgmIKt(VO?1vqxNm1w=zr@M|EmS}sK!y?$43_Sx*_mp0;qN9-j$y~>)qdT0uD3(d6C zwX&Kxr>ciszOK|L=yO#Crw&Ag%ga%rz6@taF@>AeZDiS`P*>F9Io-6<#&azPU-z%ccsRild&RxO9Jj`Loy5o$LjWFtJ%@3jDx~7~S zTxZj{t!r-L;=Aj8xeDp$!_9;|6LIiz_~>T+@~9g7%)^_v+EOsDxE@k_&N@95$Wrdz zPL-tmvSERDQ-aG>N2{nMS-Fo;ke~bEn=biO#VSEN<++k&j9;0gaHsF>D&B9rQ^2RF zjVxT%-zb7_KbPS4sJtUt^bRjnBKyV*zE&kUy}I}~$dRP!>!TpM5)J0{LwDbBn5ifo zU}hDg64PlNnfozSMcqE-UbdNbkl(*hC-2Sr@3^f=c0!fwXQ>0X=#=l*>biUBv!Fv- z$MwUWpZzmSPZy4ldaV-{JtMm4%M)Ib|63&J37~cF^ktMb}fShS> zp~8uA+}gV-z@EE!&^^rLz#>-wW)!dCQ5nQS08p# zR;T!U7o*6dHgk8Oo=jRgQfZMyyNQ;27l(a)X$5HQ`g^_pvU$2QX})!vavWDgxm3=C7HAH zENhvrSGWW#wdK?cN1OX}n>@X~EhMUCk~Ye(@+m8iv$9o$)@6-`-{>w(z8y}({k*Uc z<$rcr>^~-cUe(I32?~o9l|7)_WhkKXG|qa5j-K^FS{~`^->jBDp z38WlH{pFXB>gE)E@$z=`U>oBgO+N(>>?)Hizq*S${HCd;JK3d1pKGRBWEEm zu$yWjq&Yc4l5>mcQ_FTn%w=tGj-I75&Fv!!*4BG-scFpY?6}98&rI~dNZwnOCpM!j zduzjn!yhc7S3I-Z#+o0r41C@iX=3U`H7ug9xR2#{rTVh^mvN`G;!KXJ+3tfJCWQkIwc%dF;tbiMGQR$>RHPVTx-sEycuD5>=;uj{9>zB|LmbxUF|Oh z;n=hzpO{@aByjkQy@nu@y7gz#_*0g&i_LC}^bvN{54%2aKG&tWcdy)iB0h7!>lM!E zb1kgpoX4^>1A2{*48JXMud2!_%AVXU7{kaNxut4$>;U{(dLrBK^q}-xWyAiB>`0C`!8zBD}GUZSs#`zx&+CYB&9E zZhtZRW_Hu*V@&za%LCs1mev&91(~p%@^+QX(n4dRxB=HPG`+paA;IGCtw{lq22KNN zW;4F!-@RX29KdV~1TePRzvYa)|62;W+{TX+?M|v$nrYbuq=>lNE)7pj2c1;UvMS3c zm6ic356|qd(tcKw)0Nt=GN3N&GFnMpH)Y298`|##LKs}kPsi=&z1~-R`eys)g72^n zwISQxH(XPF06*Stf5lq z+Y?Pe9A>8sdhJC1KqKo~gVnK<&PRIfv;Yun!wnF-h1P9EY^ z_?pqzH*+YcmZr;Z)%!x9h{};vjbnTUuQbZ9Sw0N#*14^>-SST1<{q_ls&K7C_iU^@ zbmto)&$8_La6C-=^j(JfPyzc>8;UvZSU!IgC9Ji-%J9w39A&YN&+2=~znwhatu10I ztNl_TkCsZ|rE2*#O$8;DJNM~HvJJ_rPKUb|yLM?#Ybw0aeReZOiS0(>b;S&-m^AU` zuE*zi`_-#2YE(by@toCU*`@S}`9sb&hI*}Ad(ZFKpuUGpGF7%^f69f5c4bwvNn<+&{lXhT_^QbGDQDjNj9DY3|zW8NSgjn#zEii<+H0Aggmd z@7xym=dCY>7Wh<-91t*kw%ijkcZwW= zuVFU3*6Mu17@mkXo=TUq@Tpg(+2g1ye1Kth<&AF9c%K=Paq?ZN4A; z?d$XUep`A@;rZV8g;|<{W^$zwN(acZ1c7>Wa&LE_^rld-$bDm-COdQf7an`(?csIi zj|;{2x3TA*ynPMQsV*5{e&Bqz;Nq|Qq$-N}+KCDno8+7`2AS=*=l3amzDW6^S%;`m3{IZ@~k+5qI}YsgeC0a zh1MAu{OnhU%n#^5daD|@1ZmtbKMBN}O_ZHFrGz>A>DkjPk^B-H zCp)Lp1k$txO)g(1SItnQWwxWORyz9xr}|jUzb-7n`CHR;&Uz@BZ8m?#b|-Y#5faV! zo#sZ_H5&^$%FULqp4uG-vF^~Pg=BBEs?fwh_a`i2va-9_!*-t(h?0$UT=qZZ) z@RaOl`SnK%8JNV}ySpe@PTal*-Uw=_DM*tqxbYKzm*we)otTbp$R8pOv(}-nmOIh@ z=?>VAtn(E9q@LA*U`w4Z7h*~_dww<-+vPQB_N8E|U1UIL{} zZiPgiW>lK8@ZVYhLGZxWYX$|FtYeq=?whMd4# zA;!VMaT~4dl~?Xr`pUuy**$IFoCGdd@lacRE*ut$t>2vf>glfQTaTU1b=t#n($aRb z%_vVuxb+iPnoy*M9HhAPl9$Ev!iR=h!+&%uFL9%H30kLrdF-yS=Zq+T6^Q@&o6u4ZzKa122vwV$O8Z8k(;}Sp#W2qYQ|IUa7d2r&ja-LTda)pwfmi< zQ(NtPKB8`9W;S0f`{>Dfbgv3BWvDaP$gNy+IaA*-W^v_8&X-76GuGqhqPGF<=;lyt z2|EedeA;Ehp)mJx;U>UPmJ2&t5rAA~&fmD9kjt!a>`VS&M81PL*Qkro)jk`)qSdin zp$hR`DvBAryeyGBqE29zQ>viKj8AFr{g8`h_xl>!G|YVrXqS70+qkxcniuGN5ZQ+l ztrLs#C$Ew~%VKoN(^J0)zOgG%$m;Igs{KUETCX}<1wKUgyl){@hAL8he8t;wFwoLw z%4QGmV;YC8IDJlk=Cg0x%uBJ1jap&Hde5h63ZBi<6h9Ea_xL=6kWj;n^)?bPJ~)!8 z^rg)N!K{n#vw}R0ER458LS#pD-F^M6&%RZja8}wzRcy_F>JaTs1 zCir+(U!$%2b{{;@u}|r2cl)tNk9&67Q%iMhlUbfPdnNsoD9g$12@Po(QX~Z(&$Clb zGaY+E(T3xVAPM@dXI`WAEh%So7887&;Lv+z%ABCuL2w>Q=0059#nyv|zC|y{-R1*E z`t0hKo0l&5CE4u|`)ONSj&TvbtS>D5?AaB57}`|mu}d-MeVf&xYLjC7<)%_C$Fl42 zd}R$3VXe=GN(FHq!@`*|HwZ|p>C-3bpzStGGAAw_fFqu{pWV>*LDx%>Azzz1%Y|ae zn>$ULLou^ubly)=MTsurhZX&e3v0&pZA_;P+t+6Kujp;{`TE^qW__uY&TsKLsc+fu zy9wfzk6g>uD#D+x&Sc^P#B94}-y$|O+FuK3%}r`)+tJgnoz~+%m2Sh^DdEa3He+nh zl`fLJ>B@H6KZEd^w=qrwnaYQf3@GD`^)J+zt-d_=h&H6Q62i+r@=)1>)w!ki?95wYnrca zP)nal) z{h!ZQH-&JM$rSRa&;Ik&ypJ~pM=L#dV^#Y^dbO+cpW&VJbi}`1V*TAj>i>7)=4t+X zPFw1Kvv4vpb2Ed_?K&^HKAAe7J@$-+SPkB^5U!KQu3I)b=q(IC(G1oU_&K3{_S&8L z@!zT0S-)~4W1i{U*X`-a589~SX`(l$rn>7y(ASBGiole-17gos!>F78d6pjmSsNI} zlek{j&5WG?w$``q*kvF6OzM8=(bgfgT9(iwS*)IQe>>n9;B;W3g6}>5W=-lKk`X1(>79ITWpT(BDLr6z5gUfGE5&w~h zJ>}s|-a{pxB7uJ{97%nCktcyqcPafFUHKaSaB(txTRc)(bT;YQ`V(up!N8y#<*Rm>v?tFyf3!PrL|99 z*NN|Z{y1msT>F#4_0$%H*`Z;Qg7`eYe>U`rLkm|Lnabm|()v^yC8aL+3eoj%eP>sA z)~T~JgP&!SHu<``YqheepZ_V`&FG?wGKALr+qwoaz7kASFJCMlQ4>vY^LwH|C*USU zqnk}CR<`Av>r%AbXC|r*Rv9D%;``lX6kg?}DG ziH>AGk?+sO5_?-}3|0R7bH%Z-tMtN!3;X5eBi7b@-DQ(y)_hfNV`4MI4W(Nr_|O4- zyHgwmZqUpUu>DAS^GovsIKKUIY!24yvzN}F?^*bkTdjhNsDeZf9t_09Y8MxmZb!-Z z#$krA8i&ERG-QDaZ%p^2Gy!6WpOj~8YP$PaUg!%0t&53^zqTs;;&u7YSGkSjtIjex zj(*zJ{lbwnz@bd)QE^daWdz2DZ)XYHfpem_ACwsocA|OPJw6oymN0E2qvNvN$M>-u zwYL|E;F8gr%=oh&J%wdd{KTsrI1o@+c<6c>Wz3I{+!oGz7gkneK?a1@@CK?73u17K zZ*!Ue#*P_ZyhyH<9ivxHNbiXMmE)w2d@8RyJMWdp$VAt5x2i}KU)vO@054%TxEoiN zl1f}S`?0YRfkd0vKWpkX6rsv(-}~Mt4--(nPA|$G{`08SFuEqTwltW%+k0{cu@$9z z%V_^RowT%|{ZQq$gp~Q&a53Vwda^YIyMq*o<)C|RU_X|NFll)9kyf^slj(dMv5%#0 z-e>-dAEkR{5E702r%3tKMp^DgxfD%$GH{J((eCBD4wlE1}l~5Ix@6C`0_=|y~1!lfmlGOzaV!cDG89_`=OcKs_E}Sy-VI}x$^lE z?BSNy)`58X4jW~({r;mWE?aQ^jU|j+Epw~?5fbHe>><7c`@rw^+1ZI78(^5X4Hcoe zm441)Zs*QzT~=enbNf&z(1T^(yZetgZ5c?eRtZvcY_yM%s9LupRr~W5#9y9MQ#;-M z`>)4a{!x-YOQyMPrpQj^F)w?V$(1XGm3#mDR9eVuemVYK_XR@}@BHKHh|i~NkxFD@ zqIx06EhZt+=JxOKV*KKldi#MKy;S-Mj~VelD@y#;Y$tl-f6puse(UegkAMNb|1N4J zhl~3A^FKW+HUA$GBd&WS3}gKFqO%5YUw^OppX|^7sT&Ch>zn=5|_E-6TY|Z{3yU}A$k$wd}6-Ht!FzThvOX?T-E)~Ydt%CRis^*UB z#fn%LBSeEvCDa6*4?XkOAJJ{qQtM4^cqx#ihG}L;Z$I!9xlwsv>8w(|wi3)vs`{e^ zr-`tJ`-cI@6B@pFN&UOSzofj3-`{~jXW6!GznIuHSONH(f7rRWQ@h*8T~R% z1#JJhR04A$7!#^5=jKe_V{!G$+KPvMg(ow9%deLBGWBT4yf@b}3}f};qNK1<<;|rf zk6#N5X2!-O6%`d;zQQWEF>hsu3M1A4K_^pa#qx(Vec{2k;T#yBTKn_oKD8w2pxj(x zJnoa691{lz`eAg^t{!-KV=MpEhl7njJ4*i5FU$3=g#paPR7h2S`S~-Gu>OmyM(e-Z zw6(P{4posi>MGK_4Hkj5gZ{OH3KuSHi{LpN5fMR)6@bsh6lJ;1pTD%V5l+^7(yNc~ zn|LNe_kkc08%Zfy*_&-feq7GZ&hU%!DVU$>dZxISg^K)1ZZ29!B5q2psNfQgwXT=K z&Irc54&m{=ZnW}sn`lA<;`Wh=iD1=?QW2BOatKf{KbqBqyco3!B;4P}`SJQwSTDQ>xrXmJXpQV1>g(x75m5 z)!N?Q%gZ>x#`f2=$eGXkNX9o#YxMh5?9?{D>20E{)L!gr zcU5;$)6to^yR)7=dGdwR5S6ryOmkOPm|`l3nm{Bd799SBDuh?BucYPAZWXk!u$Wq% z^y7h;pk(!JbNcb--d@_2#!batLKn2YJ4pd|p*hn)XQ4Imh5EwV)KcV;sjT4l?`$Ad z$xfpSJ&*ke>LHa4Omj>FeCn^E2au}hS` zLdC_!_3~}wizS|aoq?z1_?W|iltwcP3yQp|HEARZO3TWo3-f$vjz@4RT)M=M;d1YX z4mg!?qO`-V`-T6&fC);a-V8dz#T)O`d?4e78{l7X=da)DqNkR;y|~pv)2`cyhdGsa z*N4g#>e2wB)bjXoq9lP(bXu+ewal)TLRlNA^RtehJ~W#Ob%oRtB{!h?`p1uIvU8u$ zS=!oG*bndg=PA=R)mPH+gRkIYd<7KpdO#Ep#qITT|4K*7DjO28P-Z+0j?Sb0F;R_w zqdy76bb4jBkq`$oj5W+#*it;cF#GA#r;RC%A*vbAhAVbYDjON`&~i$WDA3QljP36^ zjHd|?4@Zj(_m%0|p|KGY%djK=nzt0&zTjw*Z@w;R0*cwKuYtg=3hksUoLNIr%Ta94 zK}{i<^iim*BsMm7y7@SdiIWqNjv+*_w6wI}siY`r;dRg!R(AH+Z{CopCClD0tBpv_ z%)Hd)SZB@%d5w#YfA#wHMod9M69~KkI|qkj|H}<97jdT^+8)(|C4bhjPgz-6^w6Oo z*jBV!J8_%u43E8?owA?bVO#+{Dw@q~xeS5B5J=N2SD2eEnZO<(*~}fe3Fyecz+lR= z0)xu6b#$UK!^?W?@a^uh+=RqjzPuUF0UIgl`AZ;zTMk1|8^5kB&0bgHb)WCJG`%<& zi6bWOq94@O);53nLV-2Z7Y?x$3kB*#j*)JUm6es^nKN`7{jbWFV-~{Z!)w!#3{*i7 z>isC6*4`KFA|39x6zlhj!@eBn;>k!BKgCw^T{u;_I^QMfHNOvK3WlDeyAtJnJi8{% zeSEm~?%n&scU4;J!UcxNT3BpO+D+c_DY61}qb_#Ky%;<=@Ux=;j|W?)tf!Z-;&nPh z1I=1NSz20Iy@t7N>h7j4>!}ReyR;R=F6_(f>}*_eva%@ao8P~sv6xtBs3W@KD5f^q zl9o5HkV5N;eVCa!00{%TgnMEin!CGi25zEzZBbCy)z_FL6H?skxdp~5IyxHt{W009 zcBnpf+Rbml?P=FIj*KHe=Dsu(+uYJZiqg`O5~+Rr_8DV4u)tZGR3-YfNcKVtuqi%1 zK9-j+cg#p27;u0mAdHWrxC+;3Uz5u*|FSEa`^s%t$g;Q3`zkZ z+?JM>?fVn)^G3vP38Ts9yU>KsK{^R5+3R!)z7uY+*L{!%o!Z%2T3SwIwm7|Hq9k*e z`KCfmO?|((c$;gPfuS>8pCsqokr9Djp9KTrv#*TRdrh-jM$vi)?;Z#rK&U+I4Mgsx za>`o>K~~nDn-LLTzt)7I3M9sBleoAzFFob`oSf5!M`3BO>cR%4*Zh8G`UM~?fjpHP ziV!BJrsf!s1cZaglEZwwj@f%*Dv)P|q@bVx{?4iCkc31?ai1?o)$i6k2k4E9t1B-6 z40|{)0@mm{)J&!2=btsKCgcL*i+#b_JOne7x~ z5BJW^zL57d!S;N^)&lO zH+CEvHP)7A2IvtO7)ZbgM0(;0sNXz}uV!awhYyECb@fg}@eXtl2!~kwZNmDu)>jY4 zQ^S+5_#XE3@`BnpPW3B5#~-y?L5BJ>53go%@@@+|hLZ+CLFB+Uz%EDV$zJr>xm>xD znwq)+Q+xvHi-jK#F(FgysPNimfKC;;sA?9$Y?=rdpI_*350Mf0b&jSW%NH8-DK zSs6ZD+uy$(wlh&}*p?t6o`Nfgk7pw!i|~0^0UWP@3d203kC&&X=M>DzVEm+BoKd~8BA=z_LrkBuLm4RNVK%HM1g}2Ui#R7gFpGmcKSzSzr{D*AmkVW3gG^x zmRGTmgu+4yeV4oXzK%4fyN?&PO}*KA=3T`+d_N&gRhYF`1E&EC3U!B}1V)9R0ekM= zy?ZL5Z-v5dR>F@oww@eWBVd%dxhn*^Sgbqa8$d7~vGu9?!u4A}oXcYR{{8#ZKnTy* z)rG#=mNSRLtA1x!-S%?Wcq{v-c=f5OKDxZNu;gTJ?VK+LbobbRVPWe@AbT(!ug2y~ zVbw0=>c7HbeN2=JJkISwMp(ofuq~i>2|$NO%-24Z+ldeg?k}jr=5DdA#GylI`)8Xi zTM^Hvf}+R8=1AXbZoM9xcJAB>dk2%_)Y^~Nd;9k7)R@sadu;?)b!^qj#q#-1YeLhf z^Ck9PIxonK7sukm?16ScUL1p9VV+UJ097q8yEv8^q_{)>g~Nuv<=zF+{riz0B1a}6 zvt={RY-VKaf>S9uZdIb+tF`B5xUsjVC%fPJf?p)ohp=q0ONS?a{17D8XS$YWP@-yy zrgEvl{%cp?nm866q3refFJHb)6{M_E#|j&udM*IC zxySA}B6tYE(`U~Dp!~$LQ#**~Y_>5Mm7e8BAGUN}2wm zXAf%a9dj_Ovt6-XuC#NBK6=L$`G2VpWC=sh9m3rJHAqWK!^{EO64Y9voEPB?SlQTK zEmW=hlyufx6qs09sph)Mg5CkF@rO`=69Ur)90rWKlZguXjMR(_@;_nCcE%h1#H$cH zi-&=FrXPXt_-G=+qgnn6DXO}0*$DcCw_2uUAUEBd2O}Jx>P4cVG&Z`Xd_ut?>rq`#qJDLC= zzBAD&#-^ql0bHt<%c{Z<2YGZ|0Xfudw_v+>Yi4Gq zS(|a97R;TQnb~54y>B4wJY~Suw{MjR#F>hiTI^{D&r(afQ%Vlk>F0NL2^ z*WbSJ$*(P%d2Cr9hZW7~29B;p8sq5A@Nk6;jnt|to<_L^&U=`n(>BHsuI#w_`wHS2 zGZ@}!ckkL-4i1j$vAn8?ux%oWxA};>Mas@xFRzed4}Z`60Jd4u`8y(jEtT_ydBm6b ztquD{IF;O_JG??q1UXoc=ANGLJm0x&;8vs(!O1z*=Y`AzKJ&6_u04$l(z;y;so4Lwo> zLY>IxELunXNjLRRyH70Y|BEO!{g$N@#aO8!QEw$Gr)iKIBtlujLUa^d8d}GZ&7Jg= z+ua!^6Xl1Fy+FmS+)1 zPrcup*Pma@eH32=v4hdbH7MJ?DQFWNHx7a;2r%7l6H#G=ZWE}jd}XFy(&^hfgH>+e zB_d=Wkm*~Z?d<9rI`SBqY3MHWscNxC#9`Qw(= zEN)k98b`<$MhZl-sur?)p^o1y!LyvpB?^$qrf@_tM?Ojpoxv$gd+ z;S-CiR)s33!|h)VPIn(Tf$mQsnSEY%=G{&L%S}V5w;~RQlY@zYt`m?o zv?fhIs`PRJ-5>#iJjaAEb30MigOQ*Ch|mLV2oxd0>H@}=mXyM=TMn;|p22QxF4PT= z=0B4LQUkj>Q`HQVbQ7^295oU5jEs->un1a-vCFQn%+ix7aNmA_!@+;39B>RINoxET zUL_-R6{%eOYG81Ns9DI)j!Q{74ltH=E_3Sj7Lop#3x*v|r+_Vf{SwPHs)~R)c|Gph z*ShpC>Gr4+aB(vUM8|!u^+Iz;$BoFtYpjjZE^T7O z;^M(DgumwJk!?nHo`mC7V}lQ!#9sM?goNhLpZVxWJCTV9hAyM!O8>j4f0lmS-j72( zfd-%%^>rYD!2ly-1{V*g-R0?mo^xP$2Iy-cgkuB-^v;D5g zA?zJgs+MPcnkO9(*5lS!0}XZj@p;dQ+t0_@N5{u&4mQdbTnsBi=SIwXM+s)xWM$Zm z8=HZ#c5p|gs|$2H37iD7CXkh!TsRC6$bDji7o!g^ZPm`vf)b$UBu8uS!W`zP0pB3@ zDP567Awhk8J))Mk@bJ2Ndehy`jRSOR{dC{P+mQ-FYuv@@K|uExj)N2*5t#s%Vm?`V zNy$<~pe$nPbD3&&Re=pu`ZykgBD8Ps7yxq#cLhT|b1SJ~eAEpSsDYI0O`dCI_lUbiyv5?}=UTSk=-Z~{UgRt3a@pdeDh{|6KDZM2o3 z5b#gHsT1yLGj_P$2s*d#yKAd=U*hN|0`tI^#ofF2`u%$<78Vu^Yin+ArvzW3Ku<7C z&^g2yFUMUm9tbTE@gO*sTi;b8Ap~Z}&W;wvHqe_)wWNURfp*4zd_7hUcffU&0Z(&6 z9yC}Wm?pIm?<$%aR0oAiK6_Ey$PpP^nsk4t|KY|hmNou5Wh(HLg8enaPCG?3`!Ybc znV4)yRi}iOLBa>)^o2wxU}g>eAkr6H znCjvjVGOIGzo8@wY%n|AIM`j{jDeL05R(&hXmto(+r=6AYcOHv{2s{`BeD;500N zkdP1okI`KR9t?HO;89HqI$W=)fyoY6CPjn8kg9}pdG;AN5rJJs;EYXz%^)bHL8~g& z4BiXW_Q`I*5CDrZ+(wwd4d0FA*^t-dXNyB-f-#C;2r`+d28d|j_3MD{StsYKx7x;n`X&kVdTMt|ZiwW+d6DL|>6h1{ zC2%;Mh*nR0TUf@t2*QiORsmXrAlS}I{T0s0wkP{hr2kR!`gu39-8aRwki}n zBX}XZ)zZeM`~0q?R;y!2j|OsfUo7a5p=uF7Y6Qq{FI3gjcrHgPs&V+NU<_;oP%VZk zy82Wmac2_8X6$GIqKc`dB)k;w)?Wn6hs-MzRgjFleU>IcWq~EW4rzPxM#_`*` zC@;IM|B-D~K0II$1wzh9goq-zP^j4r_ysshFaY+IOApIq4#n2j$?cHH2G#K+nasR6 zx^Z~uhz8o&<+au8xxt}Kx90gWL+9Wcu{#@K{9&U2V+cB-qeEw9*l&#=2njJMNM1Ov z)Mm?XS0Aej*mV7_=mQmxnx_-D$#S&HE{*m4Y=NN}QhlwF^((&5&H2b$QU*4e&Q%<`EU$sviO_ zz3No5Z=vR|R&T1Uq~)Jol0{^Tc)Pi?lL~FJy5377h=cc@pLa#u4AcSR#XKI}#Lyc& zvp^_v+Vsb!D{~Js-hlkQKOX^Nhqe%5B2xIl01do|9AKXQ38}OV3~H8Uhxa2U2h7zk zcW1~!1A2S=kQ!5eSY5Cb035LD2#s8yB$t(><#D&hpi~O}1#j-*!3Glt7KJv%>43q-h9~c!}j018g2{39954pGxkJ@)XkZ;C68e!TYqZu<-lgs%UkW z0{e%}mUs4wrg;9?v(n77%78IJKARt1(9)WEwTY)cr?@wOPlc70^(Cl^=GInnEcK>Q zLi&FG{F$5sEC13o|9)oXrW;Bd0iUq?GgtfoP4!Eh$j_ZSM+6NZnEz&3(>68zVV_?k z#O?K-J?*_v)>mVlR}q}&J+v1$c`?3#G|M%`9avqs972D;PJZu?1BZWt&*?&|wVNpd z=E1>1z2JUtX;D}K5OD+oUh|uu5EIXx{W!Z?JRf5owQoW%ifPZu2Ld{bd+KgqlnRY~ zbE9lfWp}hnw`F(NK_7dg`^z;Swl7q&-QWMxSkzwF!7+2v{OSiX1?iKSW@WbZ`AOQ( zY&veA8t2#*x?IUp*SX+qbVAnb*fX;ZjrUQ0JXfFYVm>1`{5k8~nbnW$9?9PF_G_{$ zQ`H36S!rAUZG?_4V9Y}mQ;+!g$fc@ZcaZ!5%tEkWmUecPLi&4|s9*pNk}UTe^ID_- zGEBk6%G!^w!|A`rj~^4C8I+B8s~>gIFfuxG{yZ~!@PY{f(tqJP&JF^)m}VAd$uRLc z+`27yKPpw~hYk!2m#5U$j=F%GSG;&}7Yudz`r5KhZ+W~ynQPCp?H~C&)DVP%H^5zB zZ{C4G!KQt;8eix{ZV1qfpYg^Nf{y7n;0N+b6p-2~jvYY{| z1}*X`SDpwLjN7i{L=XFUo+e?Z*8px;1xZ+^V%xF{E4T zPjE;G@iYx>=}(^Aq~Q>6YHl`}82i2Ppm;*Ki*y45il`F+8Nq$a-D6c<9UXP}Qb~^) zJ^~<*y3G7)Ia6@4p5@2b*nq`5S45Kpk&IM~V_DD7?vm)DB5{y}K3pu5)9xdqqXTbl zY$doh#B9zZO*^QojTa_*5CVK%SZ+9Gjd1n@A{v0j(u*>*A%TE4;x_F>Jqs`~aoL^N z*je1L<kr!;O2S8f4-aP_m|MpRX;jXHO~?6Dtdo%f`-b+E?iVCiN^1u}JLwg+vz zc!0#ie#x;$zVSkOMNOTZs@v%S`wmD+)h$m}HRhYu!pCLeL2~qpKLI~ASb#jf1=QyJ zvwi==hY#Betz)G^Qff?h0BK=M5Q;gJ=znf&Yk?EN;HQFu=*miYK*9I$=aZGo!ttkq zLAn7d3+&yCv|uove~R$ZnwpwZBk7T!+S=TVzPEGo@C+k@0>VSS@Uo>PK>I;?`H!Hp zJ;1>d>2!>8zA~nT{FhzUb_1TrKV8ev*6I6)_=5n3&Z!BVow@<9`i~d&;By|c7TkU- zj=TB!**G}NAg-E%HSpRT5_V*wds+G*L~z}wPoMT)sy7lpTDDv_?pk0{O;Kdip$O9e z9p#j9y*V^=5#F)A+~Xit62%8l6Dh>$#D2ny6?fU%)mjvsJ$sf&$Ac!Kw69tf2i=15 zXYkwY&n{w&_IY?Egf@uq5mXl7sZ>=}?KU^Hbum+teR$l0R5Li7M^B!-G0l%-E@5V7 zhOtLbDdo2&3#oelUKLOkv@M=Xtqh68Cnkz*E1mJIAmL-& z3`HVXL%U+gu%dxM&n3^l253)2qpjp+JXXHhrdP(d!Z{>B&aGT)$vi{sDssrST3tB@ zsRLc4PYcGRsS8YHi1^&d^IILWc=>hOop_ltw@C|6&wHpS^j)mxnd$YKgrv}dY-Q!( z7({CCTD8gTx^J~bBGGlg{qJB&?TQod28jOw`H&QR_Usv=naqlcq{GVvht1k@4J<~S zkx4T2TfKs^jrYiUEe(nI)g7giQ$lJ21C*c%#B1y5q&|KeTH&?u>{25)xZf*RuKb#t zo6fQK2?H5><7BKb!LvFdpY*=IJ}W!h%+>WS5)wf22%~T!4&x{$>p2r(;}NRfMIuE* zL&NlAPRY}!F9G=BvN3l6Te$wiXmzjaM7KwMlWTF;X#pl6CWrCPLx!jLQ{v1p9v9o%co85kwlY%5~TiHa50_ zp;)7b*f%(&7dmHskXb~GCLkmm;hBqxkT0feW>uIK&Q>hkF5Xvsxx`PllJSAm-v2D0F0@sgs457SA6 zG!zvV!>(Z75HAuGJRL>&Vk>KFYzE2lg19E$~=C)eqjaoEN^M$Uz#?3vxMI9Fq5rJ_rE!2hC>F>CdlJVdHp&59N z>QA3;>v$AbT6qA!bQRgA=jBCy`lR7}crpXN2X09vv*o*~JYEfU3-RWo++1RzkSd77 zi#uOmEj_aRrCFpL$}5ov5S5mG58?$60_2g_JThquyn>K#x?<8N5||p4OKo>ICsNgj ze~eivFuMZ*-H#tX+ADoz%3Q}mjE~-Z|7N+)s_;{H_Xn(2-H;Qqb@8BvK+Wpt=)f@f z>kAX{BEXineB<0$8^#cp+Ukut-&tEqS(nl)vN16>eyK0C3{ZfW1RR)fY`tsp>CCj5lH~N@Wr13H-PF+V380m8CQZT2FH82Wj6F5GVz3? zH_C-cP!P~KoL*FP7YrY#}BP9-3tRP~X&RA)AY`C>Sh8Kab^)Hi0bUBu1B(hz3NMErL>NE@@v}~A6SGU+^4Pt1<_E9>PSanH zIUhzGnyUUzKdBVxRL*N2y|Eg0tad+nMnkqyc5QJGwn|!qbq-BXXli=tegIjx7k0z0}kp21`Q}1JCE?VVbIwzk!XOauAZ6gk9c4usT{1%5Nc_+r5O0a(IHbpWNC%rABB2Vo;DxR-| zZ+TETh&C~^$FW4;y`nc#zga4wp?9WWZCN~_!P_vFm|ao}Jh5EC{n$g6d&PJCICrL{ zm=*1&h2>R?6Xaq#WPR9f>h}F#8o|i-~pSAKJ`TDfot50wtS{{mIe-lq&!8n3gk zoZn$n%(V<##K*WJNiD$^56e^LSGC*;%1vt>p(nTl3H|~IcNriF(1i)IF%rSif05FQ)m7u zaou@U>Put(oQEQaZ(u2WId%1R?npH1uCpirfe40DEffEBls5{4ldyu*Xm5XIIHZq< z$2amx$~GR~yu6gYzp%V^*x5*`#7^$ki*t`$isi>$k@8l{YPIoF=yT$YDt%liI&F^ZNA@X9W_O{uNG!s5EuSJ#IPW<%w|E(5&_sjyq#wVt7g(Mf{tv zx&H2WbLdv5HbU(tCccZT&xjzRf-v=!#fAU(nMnaZsOd*pP!j!%YC_je}A1R z=(WnA`!_NX5fUOt z`W6MQVLjact<_S%Q&h{5pv$gSc24{FfBzmOLg^*RNwGa?{&s^!=>PhHVJ9gPrxMv< z6Q(k`|CVfqJeAz>zcu^6VxcSAX%;2HdsmBw_E7(Qu&Bt3uvXgpYV6+fBsE@@}{7$ruoWACHXceWJ1Fa zU83yODH0ZKW~p3x-B&eb%;9#zu6*Ix?DhtFh9xBgyH|7dcxOs3vf{*|q0c@%N|YB7 zCH0XHONb6YeUaa!t>W8z1yaN zTVk3P&QI&)fRTvv=etV&()5+n>~STf3Az7qTQgP)MB?VW{;1v`avgLkE1U|y{*EW^ z$ESZR-M1~7w;H1xEZ}Nhblb^tM@l8?DJiWv{Es_@ny{iRDACm=^PID4=yj&3+{%CU zY$hnWen^0o!ZqaR(UQq@_tGQ#&c773Tahvny`Hhfd?t9wZ9zla{^{*^(I0z4!o%MA zq)PD*ZQV~@z0$mCVcWS>_3c=-`k}gEXH2gm0pl*d9L`LQY2Fi(^*s6j45HLF68yQ_ zmPD(sD(*OglU^RH@9{?3FYO9U3cB*Uezx2Ew%Hoh_*Rq}4~UMStEq<>$5J*&Bn+7E zH=m)namxS1fyh>z(G92S8~0(az8YZil)k})ReiL0@Ttzz-rC6A0LQ`dBHew)B_)zg z25Y{%FBscM9epL*u0QN3iXGD@@*GLn%k;nc9QWhEgbA!J7(J7i@gA-hP(-br@$`n^A0 z*Zq5*=k>b(xbDj7Jiq5>9LIYdnTES^9BE`KSWPikxb1~^N#DmobJ|>qiH!j=u__uG zI@-70$0oMi_1UxvO_7I(ylj8P|Fi(B8j2YE`c^MGIHrcMY4NyUe25z9_U*Wj%sJAL z&w%Bo@}a*!X&Fr3s4*Rh(8LpjY6`X5{rnQ6r*>;D zMXqvnN)j)6y}Bw%Z}5=!{tUdqkd5i^oKWL(qWMz^b{{BX&|MS$Eb=p8bZ?%Fv*yfzsBs=@QGedt>K1X0DHC zgs-wpaItN0*;+PfhoL@hqnzV~BirhB9?cb?r^T|)AFB zQd#M~eFuo;@l8P9+z)2z%{RyCdV2iO(0|Q|4D<6$Ll)l1qy?!W! z)VUfBz3mB-w{Kr0Dr?ex{rGXewk7@T+p`b=z?(wwSHiM^X=-c%jEeRYb^j`dLaoCC z1E0}s0RaG;4+yyky}igimn*zMx%H3O}|jF7zj(49x(Y_&yhl5t}{-U^M3 z(DixIuO3im@@z1DM0^Wp#6UYegGI^k$?@UaAFRhG=E^j>O?N)Zs_6d-_jr^hO;PL4p z;;?dEU#Kr00g05Qk%2D-@q9YF{ixLGb#-;01O%|$xf_3M$GTO{;wMVG>!`6r5|hQi z-ab+d-t^qR%j6baiL)*^4v4Hn92d(RndqqMAo6Y*F3=I2gH~*;l-~I5?Ru8@goM#6 zfwO_kQ=UT%j0c(ivi;EB6Nb6m$x*UeJ#F0bboK+6F&`_BYRp|bvxe~z6;iRdlIT) zNqZR?c`&d(?r_kNL&ZE)P{Pg<#E-yGkSkrWvYI(iTn;JBIGjT>fIWdn9Xoc+hOxLD zv(G0XJ$(Z75v7pa$8z|H06U|r{MOKrdatKcHa`iC3s#BXrRiPb zVIg0)Dk^S`5{E&eg_*s`l#h3Y3a7OO?fnay6YDq44+{>@WVIC@c+9)EJT1T6vqP^W zX~gGoE9(~4J{=HL=z`)Dz=fWDB#{Q2`v$hem^gF&-v{tHj6Ohn1h)Wpw%Gw)ng5oeAJ8&qV#T@Bj* z?9{35QKx6<7BD`bJuq!(aR1gn(q7wUEIN8UIYX+`-oKYT6}BwZLO2J}MYoj)EyFPY z&Cuh!_(lAKRRh8bP*Az<#O@^-mJmI2gHSLQ$9Yec#z@mQfB7z{p}`55!+_sSn+|bs zX$(esy1LIR*IrjqR`2aHJo7HgRm7~s=doQXOu;aC%Psgr<2g{WSF0DASK)=<=@G|5 zp?LzeAADWY#s$*23FDRF!ag4?*UpdSH`7&b80SX3=iR8!LMHYfl&V z@?!uWoYHvnG;7xitP>YGL{*%fT0w~%3(EAv!ajH~1}Nn8^mJ|BnVhWeZf*Mbjel}{ z%5^t!yXDx~Jh*s7LceUo!5>ZTZ4@1I^UxfZ_1DU2XcJs+h^;TW!5nh%hq#E=4I81V zxvha1bMdXQ*~4RPMY*= zJikjT>p|nCoW^PQ0S!A_9?61LvR3}xX=*Q2swdh_o?Oe?#<5d^R$SM}PIF$JKl7x` zEiS9>d+nP<_P!G0l3`VOtS9l>n4_~dQ|%3x#TS*Hk83zeP1VCCOf9&|Re5VG2d>AB zHQ!D#P0by?)Hi9$QT9RIBSSYF!HB!bmP z96~XGu(%Fa0W*a172s%D4@3vgswomo)Hs3g$3RIa(KTK=z2>KI7!{%COm7A{0!RsD z;%Y!Gl#K!iEJ$xQx?OvJVXMoUzif2%&Zk_R~Jk-#Qyxl?|< z*_97WLYj_y1cwbij+sx=)J#~*aOvm_o{Q1G%#dcKv~Gd z%6cN-y`#x(TlN{vQs>gwWFIwO0zM2w%H%xkE1TVl(GEcPv9D^Ms}n%7(V39O3wX$Y z>-KvAmWE{J`Sa(v;rl?lhMF2+Ewu5~chQvy#I|91K>jkhe{H9U zAcV#Ej6jEQZdnW0K-GaOGcAo5Gn?jwbJU;W#Ebg+Mkutt%Vei_nMCxp{=4rSlBO4y z5Y5qHo4<0@UDwy8MC?)-%dOi+x*hFjp8E%w8jhWctqIj}aBxB9#LGv%UW~aSJ z+MH_#dYqT*LxpUgZZk~6KV=K0$&p2&gnf*L8e79Mw=M5`(u^L=PSMfPS$_^gx`3PE z)(M=g<)0*&Su^372INl_2S6ySN>wDts}q2 z-ukmK5_nUzh8o4djB(KB>hJ_r_EpuUDzI5xS(z@5ID80gTS$b{kfC~qzIU09rtv_3 zKXj%n`@H~V5Sn&=Y6#ddjFf$Sef^K$>=+%r-|=l|s@>E+JUpBN#tzt_NQA(^3SdXF zeV`P{8H73+{~S0TIvVUlh^(=p=Ip`&f`eVcqlF%(av-P8NWgn$J}{1i8p5r>hDapy{O`U zUJJg?m6*1(+NY|0Rv@cb@^Z#dzg+5J2;*M?awmZc5kRLCII=WT8bcS7va$j}X+cN%iQ8d(DyRB99rpd{M0l4 zrJ544{dD({mPPJJW6V53r`p?atk0jKq=v=uhGH-Q_jGiJV3uK&-N#`mkD=2Q0&><7; z3CLPrh}%kTl9s`+C6jmoQq2ZrAWzH@FLPWlUh%?OfFuC-C1Iz*wF2LVsesh-0t1`E zf`hvkI#xthf%#|h5htV#N_tQUV3Q|6ahHeEr=zMDXF`zay27PlW0WmevxEvXHXiuk zwAOC$idNLScYoy9KgR;}Z#apSSncJ7720JYsH~QIuQ4w*H5~7(b8;T>sMf7WZ^z=QEJ;SfIyTZc%Q@tT!0S>ESi*PkoI?h352EGrGevHqZ;rL4-&&i*XxFtOWVX-I3*KgG@kUj`%-AIYMHK8-9U zOG{esvI~eZzyo=OEmBicBWsb&yj$Y?5xIv&TYe4Q+5Ft!M=}-@RFFVuIns3L_U&U> zB32!zYrcIuflBbiw?_HvY8MO*IdQ%#3(M&B4JSl&?jUg!`e&UBuK?lrVvP=NaUbJ_ZLYT0bP z=#o6vKhaXdlfs7ef$!y-np!1nOfq=;kgOWCX8XVbTHoKZuS+&PUIIkwhz1lj2`VA5l!QeDg$woL%5ukwEp!ys$9No|x*-A*XlIJ73MLOM z|E^tr0+ODb8xUB6HzYi^0-G4#KU(iD>_ae;_aIau(h~xE;BloYKUta3THZ|Tr!;+BL3{XgG>DP4zQHM~hljUjSl>kU!pda`IZxVUW zP*Xx}3H=DzMZMAXe4rt_x40~?((iOGUn8tA)L&j5-Mf`1?Ro#_jH9fVx-ZtRU(Q-m ze8LrzBN(P@eymuuMYCp_vO^}gY_9IAz;Ihtn-;dG8bikInq}yoc)P_EI{HnlVp#?PYVd2Uo}ZI&Lji`)?Xm z_m<=7%yC=$PU%#6@3!_sPt7bus<~y8#>}nuX-pl&Kp;1+P5-hBNNAPm3*LcEdqfYD;t61je3jArgdvT0~0Qv5ViF5PdLdj>s55kV z%b`rbcEw6 zKJ#?dkX7f7Ln2k+C+Ue3^nN~2rjRlm<8Ps0QR}b3?jRaQND?94?=m4?Fx+xr+6N*W zNr?d82tY81;h)LG#w8``K?VlS883zMj;wIQAG+;g2kGc;0EfU0NHh#ITR`m-K6b}xZOm#Y)0Dsf~z+y4EL;klN47vFx71?h@s&Izgr(@KWOQJEZQ9n9ZSgJkequP zThU@D?m<=T-`B?z+23DlE>r1z7~(Y5CP%sv$3-uV`oQudK{M;R3!k=>|k1^ zK=O!!7vdhcjpz`6Lk+)YO5>Fa#a=m5d-v`Q3J))c{#bJ-1FFFse4!*4q0NYt2`JJa z5`-HP{Rv!S006K~AjlSA-*flQou+rUcjFXSP*lXQ10wvuvD*&|9Y1>l*j7kdh>sI3 z3L?=rLymx(W6=CZYas|=d;5H$>XL8Yo~wwZ1JS7)d^gu;i${)mjY@fFkMGS*=pFH) zmuDwB=#we3@TcIOgs)UwL*oFzI{Zr53928U933NiP+b4nIa{WK`1IeZCXurZA~P5| zH*avpEm9MHrn1Gjuo|m6?#&yx9gzaPkAZNQLUh))IOCHAkLzq=6Utt zCWPQ%8WqixHB%NDf(I-mC9jBo@{^LTeI^rKuA8QtE`&@AJ-uj!_3RQ%MhcytpO<_j zqlx$eCjSRe!LPM;Ecua#LEl)3RW=slw|cBM4iAl=`(6Ka2i(* z4D|b;w5}HD=!HFr&h?xa0S%s^dqG)-P1FC-c}RYfJ;d*S?;iL_6B;C;zedR&8A&n- z#^>yy!9#S1Wy?L)!jVI#%pc*O*F_m-6e;N${^UZs! z1}5>v6X}1$9p;^zh)@>U94IxgS;xXg?KYyhgAOxQxhj#`@Xnp6gH$pMg)}PweRzBaVhv z^>0(6wn?sHQF%g{>wjvRdGdZ7yV)~#y6oRd^JU$6W@kzRHta|`x3{PAcK`RZ*-)kM zUu=4JU%BB0oAaEiw*cq8P7!GqZa6YA_tIoywLg@|s;Y2Dc>^<-$CU{ih|NHl6|VfZ zD!X#pBlqK*L>R*{SM9Mc7j}@S9WQJNNSSOTo}LR# zkrNPtz$iluinwI8p>6|%i_5&)W!rME?D8XMUtqg~7*YS$t;eYOCy8bkx~1unwkwF2 z!j^|W+Jj)vXBp4prq)5YQM;pEM^%9B zlLqxAfpl}s2H>wJBmw>~xVQmMjX3k96 znGTCRhbCdqz!q=LF^d&4cph@NbiM!sF>GE;rS0EKOLu@? z|Mu;Dg|*(bqs4=!I17)mb29JuO3kD_yues1%M>BWA3|;#NT6|D;Cjm&FQte0*9=N& zQj8#$1UM>bqeyiQH7zt4e=9KvbMZ*=FGIAxe^1(BVJ666(Dc>`nkSsmq|PN$>Xf{R zEhuvEEkKt=occKAZkU_XMASlodV03Ts^9`nD;!X`e<05#USs!?o4-2>BXG*#g108? z#%hFtc&Dqb)*EGYWOl~_(;Bt}x=p@BG?RF}=MW~7^oJh|+h=mwgIWC~&_iI6zy{5S z>J>Fp)eP>LTp&$3eOBMue+ob`mSl5V1 z7Udr_d!)7u2%yC)ZFh49z>E$8RfjHQukaedKE4Yitctx&7P6O9twZB)FpETBF5$zn z;h3B_AJ_R)N=nyp8}|L^+zF0pM?|A%!+o8n7m=QvG!E=3dBksm(4*h&`SkFOZ9HW6p|i8|KylJk zh|bW3f=2c|jj``h$KXZ_sx5r`_J-07itkj%6$fliXfDai5<&!tSlbT@e@1@~)3G+b z4z%m2ud2V8<(n>&h6ZT&iG?ieSiY5I$aed`ow3@&x|f!g*vPREh|ZCCiTYbV5B);{ zmWUE=(bI998%p!uhU;3y)c`NdI7uqQS&iogaR>S{=%WC)fF}UJiHy|!$e-!PcR{s% zJ5gQ(0GNfgSpp3WfC$(icFPK%!$E-MjP(fca`ab51o~|lt%+)nNX(INhbFB$WC`Ea zA)z&04yvO6cx}8FG(o}T(LD&?WkWlA>&X~0{6rl?#R4j0*OABI{GAtugQsx zZ3klqO!<~AJqhvgL|P8*Ekv(o;hE^U;Qp^c>xdHqR(TRmh4(c(-&kn0VG9s)2u+F1 z9`@i8gdbofal`kSJw6i@85s_^Oo_eDB-coj*TiJ?QIUb^8N7g;XBJt z*8NWlfG>btPY{CgP(dmREpN{#)b+$I1|Jwo5I!`Ic%-OgNl-~QyVl$m2nvAAYiNWC zncKkB8jTNMxL8^EiINV82Nr9vP_Sv|m~^c{RV5`Y4ga4Q&N|dz{d+TkTM@qk95k>! zpl^a*A4WpaIX}@ZqzplQOpn3|JUXtQLrXs|Q`Sq_+b+B`CNUn9l{4tEpynn&-f!_5P6!W=6`?=b_>WPCnOuAU5Fp-E z`UZU?r2Zd4=-?VbPxZnO5SBg+1|$Und?yZ&96W}-+?ubWq8=iut5SHT)r>S>GO=iS z`$)KyasCwTXyJ+oP@evsRivRITK|Co^w)>Mlp~=4#X?J#acq1%{GeXNU7fidOUXi3 z1M_b`W67D_B1Y2Du!GrERO&qy9~1)u0troUy^&@A{$KY_Wt`9b+?KsJVj~2a zNVJ_q9770JBkmU<6+nG7?Z(B(G5~Poe(4p|`!#t!e_*;u$0>;u2qpiw@87$p?xQ>} z7#6~hX{H2{vkY#Kt-!B~yLbkc9LSypvH_|DPah5exFh~E+(F}uBNxO2u90)l_@b(E zTuNCviF@xupDBSB@d=4jLG-APILSG~A?(^_G%z<10sqArQaV>t;^N~WPccQ`Leem_ z>9P*gLqc6sIf$K*oJ@*z1dYzw3DEN1%Z08I3kX*Fi+~|;Phq74T6ywU8~4KB7eN`> zHrW5^Bv$)WSl*wyE2Iel*aiz7zLt~h?ZcL*apl8@h-Z64=9sC#Uz?}+(*=>=%UQVt z1^W7y`d0d*wy7JpugUwc_4TI<&yRgg)jg(Et|W9X{IX)aDRZipu%d*buW89>Xm+?q zs3eD|Z1`)AW?dx z-bsF&Px_p;>HL`*6r1aTk) z#~_>HmPoH^68(-4FjyLmAk!Mx*J9YcMT8%d1TZd)b*^455+5IY&O=hG;^GnQ>D<41fI4{S(s2M(^M`lQS_USH8wlkU@azVp_{E!XZfS zkk*C_C_pTr9^qkmkwk|?AiyoZTe52Hj>f-zog!T~NC5a)z-io=Y&FM+m^3y8b^zYzf=Sx70_DLJs6gN- zLSblD)I%BAfnJ`8`na>FzxFwTPyj1I9}%)ud=KDN+!n}{tkO)u#RV%6DG{M+!R>d# zG3J^t#7Rgxt!4;-D};oq!Ms7)TmXY>PR>3tId~%RtVjtB!w^BjU;`wDs!4TDerl=@ z96wD}rqz9>XuE-n$#T&0rN^>4QzIO1(ER?D`W(?3qx2rjT#V`HHEj$uFQ2$HXlZ7) zyX)%Xe z#>d|fhhXr)OB^O-1Gc~OpB%%3Zwrel>5Y{NHB%@7$JVXb8<$7fiagW{Qd`C=vcD>4}>c zRWpD3TGoHfm4L%=y#v(|;z*53y9M;!2uG-K!5j-t=Br09q91{A2r3+I6r^?p#2{? zEMS!8i@mI($5TXs^PwQaE=Gr1m^AF5sLi|}8F`Nbi z%?CvKce8m)_%}ScB>ZYu<*mivH+=^d?EZXnm^eB1Tk2`0=lX6HFSfw*VI2=SBy>Ga z&0Skv{2<98%46O35M7FnXsix- zB)dQACfx?K%?Pg`9>#P5RlOhKOcMQG)k+Il3P#IlQQ?M06aLe+F~Z9-KhHX;eU54^0I(OTk?bBmG4*nb#+c zceNdRgjdN#!tF+X_cFW^-p7Y(Sfh zF~Ajzf=l&d*G|QvRTd!v1MicKHzYTHu?Ta$wPaYBWilH7XD!-RtSUtDzC8#vG z5-by|&F5*$9<;r(cfP5fUm0|%VMA?y$6kr=&e;bAG?6|k1!G?j|?(4|L>r`m8 zm|XlL!6q-wzT+)mYYO@N5>d#Y4Xm`NcOy$uS-G>b$Qk7*AAo2aw@zmv8kWTIY-?q| zKcw1HBgdwXZ~lZsVaM-=5Rm#Te*FuIYp5E-McK9M(eB{%A5{~AfXilq2> z^gz?Un~M=ST}GNWK#UM`yoo2gd1Ry$mUg#gF7&-PJ0=Lf#(q8dh0_-k!6%JFC-)j< z-ha9%7+C4vF@VT}AL{CH!s_fE=M{M#+fS<2H8nk`9Q?HEPqlmY-Gt++YQf{yMuo4{ zcNQFF8@5k2Y?cqw)DY5AxX-2Jnv9DjPjfUN=J@rI%j`vIl6xc~uktLcHO?5mzQA8Afqz>YoB|Ln+#-AvM$u_E-)Cn()}}*gn$Gb08qh}3T8P1bY-Z(^V{97u zf-#a40qpEAA@*-aRTb{#FNGDgP8v#^j^*hro5AQnBSBgMKlJ1bK0wTjB>HGPdJ0Qz zM$miI?3BEv2*2c1(DP>b(M5WZ#)y3)mOamx6Ieivq?~#TMY1n7+Il+sPU>?D{R?S9gOH*cTmRGq3sJm7v==ZC2~Ak6cbu1PPStT!ahMH6 zx~V|*hQc7ME{dj7O_!QbSxL`5lKQ0xM%2Aybmh}sq&Sg4`=baxeS*6MRYYg-!8<4< z`oHXlGp^+3VTSGX?d>w?UeO8ZBF8eYQVi%KLJOdjhK>pvV+MfP$UTezIJZ2uW919O zDt-`FpmQ?+*tD9igvl(5aNkW8`ZnoR>R2aB0Q-~*U;JtY9;sf#eDdFi5@-tNE0?rxq%z*Yd z*Y9B;;4J2;npBFutgE++ZRaMtn6uwe6A`o$`2_e?gvGB%C^dmlX9r~+iGR^Ra|c`F zYry!(1BvC@e$3-M<4*K7LA#STZro`6b59k;RkyEwMAiS1ON#yQUD6ujYb56 z;G~TKq~!)j>wAux5FB;{ufrF2xRQ6}cf=AOKuuWth^snc>9;<}Jj1!k1ddtc?j#Sr ziJx~bVgzFX;-+wAp|BR?7f3iZfr?=#CR7GWE@*&cMVI~r%yb!H8o}l-qs~r(YR7Xm zZwf{GUbmS46?QRCi6iZukNvF&^=$VHDbyzX^r?xZE5iE*O3sPq?hiehc9BD##ix;n>dlne_~|{< z8QIn|cY?k9O&4qZ?rk@>txl{!({Vju>n*J(*6EC`0vAmt4rZVWjERlSLDn$f6wD_= zp0aoSARrQ6n0ayPdM6JFPge1vuLGG>MV*cO4M<%`)abCKPI@zl9g<{$li@AkODw@E zr*)7Wpg|`DH*!)d{A5KWc<4^V8rN1=2Q5&D$0;1#5?CzUNH-DH98ygQ7`6+II*RX^ zkNpnpwH#%M@$o1{gTVEWdtF)i2J|j~KPQ#ZpaTtx0%_{HN1wm)&>;lbqXZ{ZAyGb5 zvGn1ZLrp3YLEwO_GfNo?Y~Y`e6hLk@G~Zz5wfU|jT-!1c0x5M>>kQQZi5gwOs+sr;4_g|J7F0o7nQg##`@AD{0H|WwhCl52-GpfQDwH@JUXxom8ONG zBgjXN)l?gtkq$}35Qu5wT-)bADUW9W77R4-!y?8s4xB=l@mhfN2-(ouDuspXboK*B z@g$tGmwL+lC7Ge>#SKAh2j9MZ`taewzFWP!({fl@SU@;Eve~YsqS6IT6^fAEo7R!+ zrY`LhK~fV4as@_5zyL^AMsi0@p2stmx9Q zNJ(1Lz#piWSr#No$otbPTARjny8E)bHq@N(otRG z3WUoDwsNSnfBydc8syN;)XzBbjj|mBnaT|+U*F!3>lsfbDjs0mCK$>AD-D{bK?Q); z@78pQ6caVD1d!_0!<<}Pyr)i)LbN47-1igQ|5#~9X^eiBEQc`K7xA)MtW~Ppudi>a z9?aeOw&IPR^LWD%kay9Vhb)%0?DyKJ@3$DAf4d^z25bhO)=Mw0qI3q z4-Ttfc`BuYrz@qdb_mNHl|A&OB!dcl^_%z#a8A~pP8;Ft0Ctgz!wv`?t~GeBL-d~E zOe01OP`cm%x`MBTSI`VqJU=5{kMof=zu9<9)xWeAz$OTHoQs$FLr$`KWMyQGj}`Bj zBq}d}Z@?^xddy&2G#7_45i_9vhb6vv+jFR35gp%4=n07Ge%wtVT{oa`Kt70#QBVXY zr`hPJ&(4<6huG_49unpR&L7MR0&}i3Im)x;yAlYT

4b3TRTS9en#$5B{L{2jFJK z5cpEUu<*y;Z&VA@h*HVl z7BO1-dsWwDLLK`A(vJT*=sgJ|%h>!-3Q4*lsaWUu2+N1~8c?;V=#|r#&XwSb#508z z1@@H-I3AI=&J3U&M+KBFGU)Ju#^3}Z__F9?u_!6ah?H)&%MDwKXeC5Njl)Bls(K-1 zhr$`{8W2nfSHQ_Y)lo3m5nn$@!covSOdig`^$sa89u*QrZh|X-vh>-%QCw)eKy9QK z6v!aX-9uNR%D$!w)*8_5#pVavp#U~vVc<-~R%Fv^{Vup}f z2l&i;LkZtU7=Hl102^l#0|7`h(-t1`yb7!ixRA6w6q4WEr|as1_3I#PB)?3;GlKBd*ATB@Ie}};|o?lhAr`J z3Yqq90{a2P4*K-wd4woJB@b|iB}gjR{(DOF(JkmSD2!>;Z#6VEDX1MlLqQUN&YsjB zBpO^y4%aURC86Aa)~SC0^ZIUVPkD0j2sp#2p;HL&lnOwbIkvX^E*-l1SpTGq zY~PEgd*v!OBpp7zBjY_9)gxD^)7EWI_$1$^DZD+X@JxP9&>%z5&3%Ozx|}F`4`;cQ zve6$bW8E>mYh73SVKh)jy~~Q*^KIv>Rz^C&{2QBqG%;gK(xyW$Yr&sr?r}(%v;=ft zB0!r&mSDF7!vL!kIdlq_VBT!EXC5-QNwSLl(S`YWsJ|UPgcui;BL{6Rw{YP!yi@ph zh=+L*-D%LCh%aQ#>p-w0H(uj1Dz*a@` zik6pz);M75$r!0mKxYzN1d{~%TohGR4bvfd4GI<95n$9nvOrnWhg{kLh=riyM-R|k z=qUR2)}PFDZ8rNaTOZOt9g*Rs1&^}a3Kky2LdpYSSgX89gK$jxpSDE+;Qi)&CA1%(GOcg{@q zaUXb@5gpV?@w?x(Ob8*fXW!8LKrKx{5~_54m2Vaj*^OK_oOPNWc8|o48e2A(g+Z4qAtW3`2-_ zsv44&m94edO0=?g9=lpSOKw7skP5{#-|mAiK~d|6+qfcAjjR_8nKKG-*to`tGcd=I zI-vn6I(*yR!hV^&=<;EQvg_+kuWqmdsvI;PVm09lk6lXippUaZegC%c-RRWg9y;_a zrCUA@NcXi5kzoNuY5Z{vA~)Q&=!Ot$RzxH~p!$$`p5JA+chkCOdO?8uiH!lZWy#I2 z>Wp*WvkJrz(gY7bA~4B-4bYBW0_|kP1@1mMl<+6^pWNG=#YRU(Bu#Q0v~wlg4n+}* z2Lt zbCV>XRuAbSTaHYqLz_>;QpB{t>2$U;pzLmj>LAir5a&rCHn6`Wz3GV0W1$akz$g%< z9?|R*10(Sa#6n$J~N;wy`tIg_h5w+OJV78Sheym~g2*MsS+{7~=8{mAX!8l^fbiZ|qam_wC< zL>*Yt#?wRgJ@&S+Zju`~TffcR{?%&@UnXJ8pvScyQ^D^?Mjkt#D)b+iUwm${HcNx$ zXW9+Av5T>8;i?;b-+j%M_x)hhd~{bWt;Mf3O6r+jtA!o^Sf3PsQI?rrRPMMS!|}51n6g`7xGL*<#n?pp{;LPX z0zLe9))09+w!bBEwEu=vG~z~1j`q$loZbH1(2A&LLah^ zSnn5WMi;k3p^KgtOWB1V_A>*@!mtr032<+Gxuy{Hj5@9?;70h; z+G>!z9}c>M$iRfU2WLzFqcJ#!2pkYxI8;$w&}I~i;6HL&0@beT=rESKVsz(DH(WEU zJ2xSFU9Wu+cRwQ1&+F^QHeWfhbJN%YAe~j%EI~M6*yU4Y6oqBr{6JImnI5p}`>ukm_9ZO-+xXoe7h9HFOGX00KP_ zf=E6zR1gR*!~y^hh*J{g9ViFzA215saJYzTx0F+njEyALJ9*vsI#Ge!aJ)f z(hH6W8Yq)Ane2&3X&EL(((_6Z)(JKia4af*G%zVPB7RKntPyt9Kv&7>TU1=(koE2z z3BQA)2-P(l88l*tsogP&?FxP=j)(X5Z~nZ*@T7t=jE@6xg7-E=iOc3Uf#jxkXPW4D zexvk#Y$5Ma!b5W_i>vhRodwPYW&i==slMGo7CbKRGs%ACOmlVzL8l^=4uNR}dVP}7 zCuT{J8YYvDCl+;-QW*(r(qwxr=ym3=_#u47TU;Ir>FNVk1v>>^kO||ghHUP5N)V8oJPOp? zK2j{3UCvXC%OxN1;z_A^`S-Nt+X?_7#@Y`~k_Kju54Zv8=ua^K4TNuUa!sP{k1XQ| z6&C2+sw}1be^mTc$aM0D7Fa!V*aZ_z(udWS|*t1bCQ{qAD~w! zMnT8f9V<>GTVT|F)RxluM+qSOEU8X4ZTj|rMIjT=FoHJa=#_Q_u0RPE`NWc&iHXU( zyi;BUe5>{?S=G>>9bc@y=+Lp3B3A;EG!^rljJjCYb&b4-18HR$Rw00#=&ZU45H%aO zR-@^64~ABLu{fX-P+j6fB8?UREY76oW6TD0 zQXaO{+IQK4{BBx%FmC#oNqyb$+|JC40eYAs!nx3c(N?XVZ0E#51i*3d^;P zO%Oz%W~*KyY}wxa0Q_Bq*-5Wb<`CSZCU@I&>h|#Yb?0_I(&F9~npX=1)WYHV>6 z0Y)C@A|!+@;WC_?K8Eea`l&zRg%S>@R&WgZU&I<7**&8J9R#dFczK*) zD92)U*QP|rv!P4I8CKE9i{A)9c-KoBBZ)tuG?{96BpC99vJ@A0W2150z+D9Ngj6G? z37Q?8Vl-k1IR=4?ni_yd>MXN?``;`U1w}C*Jz>q`U*vW^I?Z}t#(}?kcP^e6(*`Ll zgIdU3QFnq|wH&QDQ*D$b|F1$Kz_IjB#x;3)vr6}_hm4zM_Tzcny*qSZDYUo?VK5Y|U!4&O=&a@mN-oog?K42j8Iym1ZF z<_{{HIUzt@SAl4(;GqIQ4&|NrifOT|W6YhT{kFHR;@ zNh_u{4>u($(Rf;K$473Gp~YMl5ZV{zo)5Pl`rjj1cP^V9W5D{rfwUZ>^#m+{ZKo$) ztit77?|wn|8a|l;JAyUWzU;Jo75~d})cb#*6k9?OqO!ko%Ui*&@$tQBDpbWEZf4xX z)RYH!kJ=&1Y^x;{6^~Qd=gwUI?~&tyjl@e9O7O4s_lUa6LGxvsGiCsCR7Uw;B|q`l zN$~%CoV~7065vb?EKjE~$+6LXweWfK5560Xi3o(#9|!!F|H*%gZK;lCd)FkxG3LUrL03;8j>|L4bq{a?O*QO8Nf z3H`snEUx#8$Cut|RGSc$#VPQva6%SQO%c14z-Z^BoN2oe&okFtqow1)2Ccs=t;D}%B1 zvbhFpSPjn^KJWw_ki{M_Oyac8KX~u(-gRBcnEa4f(ygAuE6EjD)@NGR)(DIlYRQ6iL zpNiKxz5Ou}0#W;H(QfIzaw>Q`ZudMFTc^DESN_{tE%mOXtVGEv`kS93AjcCgS)S8b zt3Id-U*ZpZm7DH-g9q99Eh8GZUIgAG(%+gdz2Gh8^R_j5_nYJ)Y^4}|O3tZMHM5^k zm8}M|#uf1@{grb-|0TrWTR*@qkLhn5$bK*UaV{u5QSbX_nmXMr`^+zt9bwNNKA0zS zC}a7QCI3j|KXnqHuIIMpF6CgT4>l=yCK|Ekk+vLtL}F;uwH$n*j!+Za1h9F5ngU^k zau$OWa6v);kp@H(Y1XbxZF&181N6WJq;a4Va7>ce3}+ZR*oo;D<4H(uF@eDGGC2gG z%LC1a%nQ8Czsg$thq(sgwxf<#824u5FcInIR?9ZjvwyYNC3DDR+ggRT8;9e3IR_!M zYU0dlSL&Pc-0UwU7n?inr?sN;+``#F0`21SiVg3L7%QQ|`l#mzxoKhrYhhMuPM973 za_P=#4-V~g@oYn0{>txb($q5KO68aiYU$syepDWJ8zu0nA$JUG+RR{i8Zq-%-~1ZM zPi3@|!ME1zE0g@X$Kq)AFuh}C);yoo-b!81Q_R(jo!7>G_}3byEb10WrClv$yD}TL zMYBxbQT!y;TIu@Fx@oZcnJjlR-%J(6%1b@^35jSGdcsC~eZ;+#X@Cx%x}(DEqc+g` zXWvt={IZ-lzTSpKPOVX^^~y4wKG!2Y*6A{LZh84xKs3<5Qt$6|NhH>dL-~V4*hdky zuj1KUwLwsf+~0}4+Z4KKDP)U-qNE}0PRQiK)CJI`W|vzq<4WAuT#K7W@&0}zeUoeT zC%}x&qIa`}xB_fc0>bSexxHv~#@LoeW#^+@*>$WgEdgxLkKNt?eNNx@BL?dg z_4(zxr@Va=DGJL|=@|;PMoWquw@#T2F}G(w(>)$Hky6NTxI5QEqBx9~>al)h-kH$u zR;j0;O$H!XfpWmr(U)2;% z+B^J67+$AtHLxLD{X0BYG*_5)#bVg#bS*5ZsbsLbL6-^2Q{4)lG(v1e8^{7rwv@69)|K1Wop>Kh;DI3z`BZu@!j z`m4$0br_4Z2CF@d2*@_O#Y0vG0wgEVPcnMnfv^uz%GTYfm&M3%wV|pK{aNGDBgkgheL*SZgW45rfgn z4j8i1dP1K7r*~n1eg0l``q0*=53V!wnZi&+5+asH9V1Av8+s|+1h5>V7-I3m%q=sB zGzd5hsNbk5fJp)s*krdSH>3d~sp}ReF+P(3i)4(uHUAF<_s-Xht&X_bns}28o*f&^ z6A0EmbDccC?$nNDmq>%N$*=h$I8vW0e65IRbyaN?&@6m*HOMOv2&C1W<8i!s3O97) z9;ou)+T8r?*-`op>!k<2^wG@uK1Ja;t!(u9<+p7|@0=Q-nA!=3>73EJ6cBm3`(+~i zXKL%;ytFR4w4G?R6;4(AC+Hxij7bI4p@8RpIpGEEqHjFNI|(M=Uelc1$`lJj~z3jNsHeoE!k#Kwu z`&WiExjK;+Ck4qIeTsfiSXdb%Hn$EVeaC|tItcOTdU_TAW-9lK)Jf_Ecgs+a4|L2{ z&>ebmsHbjmy>HH^0EbKUC#iGRxvQ^{ZnSp%6Da&8&AT){hF&uvo(+^XzK(Q&6l%uu z^^Z$#LO6o(|M+-^n4bCU|J?MLY5~w>)~=vKT>U0 zFp2*(KDbLEe@8!nKId!Sp3 zwMvw3W*KQcoA+g&ZTIaxUGn1jQk8UtqJ6j((~e~tM~pJNYNIhg5u$@^yvl#B1HJqG zb2#!<(jMu0o(Jbs#dFk4jnW~^ekSI3j2P^QmF%F4$+7~9`~Od zVPg+ET);E1Es*FAw8-GLF@G_(UIL&xN%VltCJSu=KYuA{Q9p)BIav;BAF6jXSiaeQ8CwkPcWprC*a?ZWrXdSH6l> zaRYs*oqb@$^qq~GZcoGlHrXc5hS3@X)QUX2`Re)U>d*cORNK67WVLMCum)*kBEk#1 zIIE?9|7^>CTf@y26~8~%YFk~MosO#$qupWgohEF;O}{9*sUOS}KiQoxG4e@fH`9cY zy(gN+D5UD2VWal!mxe<|9akpi)>Kxq+nLN$#mCptCFyh0>RTE;g<9un`$1G}N(n9* z%ArrE`7KBH=k;t3NAIPzQ=Q z4+hNq;tYR!GY7n^BrJsRq{xth{n9BuK5y!~8aZfypA&Z_PB1k2pnbrE-lBZnf<6Y< z+F4He#F&#@T)h(g0`n64H_S5d?ke;L2XawH=agpm#QE^A{$2+?QtY3tc=H`ariWbX zv!q$H>I632YSj%1imKVTd!M?cOWCP2?-X0&Ojqu#4ATxK>q=>=Rh&6p_&}QuIA3B? z2}~Rp8~7g{!xFglE*#zr74G`)Kh86Du2hY3Z;H5%k>sC~zEEc#zG7m^>)h5I9c$S$ z`tFTkXfY0~=8lm_uFn21ecvov#P?Ki#4403dGtyao~muI<~-qIU@pecMB^?cr*9B_ zR`@#0^>4?UZY^9DD$Hzby1m0V^dB0PBjF8#$9qFuN8fv?g{p$u_h`j%_oUn{0|Tdi+y zTU@mxQ$*@Yw!gyR@=q0X;|5PM{;(ws?ujb8WY8McsS6kk_97&bzC5}GJ~0@o_(L#N zR~|$n?CX%Nd``2wz;mVk1dcW+iFzT5`ZvjfOydC>1-=f;Zeu_i-W4K7{sjaf znE(IU`|@z8_xRt+IjO9rB%~-Rgk*0}w#Zh^xdHTDqMjU~IW zZ` zyvQ(`3OqLu;{kvY!MVe`q_G`5DnNRI*xVxaCQ~`Tcwp`YLJ^+u^kng6XB$#SK zl=*XD3&L}O1P_>E@UDZugDK<)!MqNrb|Bh? zk<;@Ht{^D9-KT_au2-r4l9bEaEaFo*_b^SA5B^x4JypC4x`M)HnW6o>0>j}a{V$p_r%o#?#Z_#a$|}C|X`*f1TJ&&&jB7tOvPdu)KFkhe7Y1_`1@h;DwK4+wYebl`BGDUJg@K6=o|7ZOpP7Fkg+_ zzorg|j@M4^6(B8H;B|j)`{@Qye2V&G%9s;ltw1f8c3L>d6KDB|+ToAWR>ucit>y=m zJFt0LKG#1!`yu+#QMW6;qFQ%ysr{O{UL?Awd>N&)R7CFrV#;>b3tcYWH`ICartmzL z$`T7QN!50RwPS=p2mW3C(Q@>ucH78WQY>4VE{m3Oi~kV~kJcM@iY z2fsIw?zhCbg`A~IO>J|r%Dt_0^Qs+7Y|Dj}b(sEAW;ARkb^7_{zux`+O>8DsQ%GSE z285?0I0qP%040Vtn|zk9*l~r8Z3xex6u(*yE=3&n&?V78UmPD6Q^h4od+?O0$Elj5qUbX1?u=E!wAmj}e4E z1#IX9KvXi4TL|expr!!&A<&eO=ykYXV4xPl_9{6WvGN5bjkw!4dXPx~)R=7x<36p2 z;FuAtk^2P-8bksO{Ce;lh2;ktGbG9@C;f3ac&~ua-SJ#LH)8~7{G5TQhRChKcnR(s zcp|8o;drh7P1bn`26$qAJ4o9sGxkHt0k4mcWp+1La)8?p6g(tX4P4H^y$WD7W1l5q zm^62x$kZ_Jg)tyvu?Bn}+vVD9TPUdzXN=^-mk>*If6-dLL7Fea*?#v=|EU*`5Jo!2 zd)>!66su#YA@&zJCZOm(7y$VqsK8-R2AsXiN`jkNy1WSM4E%0kM)!&TJZ*DMO)bIt z5-Tk%H`w&nEBBtj)&v9$-V;ww%^m>8b#y|BOA46!2}aZ zgwWuBP;g2F%5^C55c8)D?*Kq1T{$$^o&5Q_a$9-*bLta({MP#<4kbnEyv1<_G@t$&YM{H z8~q^?Bl|BGAS<`6QmGu6V!P^GB(qcdX0?w9JUx#H++o zieJ7$Ol@_$*&W+S|3+uW&yghja^MuS}$6pC@mAY~>a z_id}Y(TU*cE7;M%L(r5xx?Gwz&IZP*0q^C0hCJ4!YrPW^UD)8K zbCq{_AFUop4ajq&HS!;;nB=W4YI^^kPP0dUqZND^=eHs|{XQC0ki1Es=wNxRZ~W>W8*9u`zL_fF7q3y|MK01~Eb>x0 z6U$MoHimU}cTYFph$T09by+`V@JlsGHNR1NJ5&GA#WQLp?xweDOUQT8%W0-rA3GMW z{0^hA*>ttq7IZIDt9eDzH;ZW^F{yn$!IY4YfLzDT(!Xy&M>^>KKX~m7&{MUz&-jx( z{ULR|YT1<{@DRkq?fnduw(QMT1&Yw#apM49 zp@5W;W}>C%5$}7%u)bq!%7@tC<;C*0iW^qgGjn2VloM|b2v@FfainupyO>( z>Y#tv0!VZ@kkkPIMIsR)asByXB~Z!{-WCw9he|Ol(!0Z52%~zdL3&RXP2@^b)6CWK z+FdF`jt~TgLpXk5eb7|Qi<~}CMIajy8Ge4mB`>$<#}cYT%wFEh8aWez*I$Z{HUQ>? zG2;BFe)aT@VNKbLm~Om0R=a_Wf({F@l!a0PAsPLh$O)F0gYG~^nWL26It+oPEkHs1jwxUd zj+Ma;nL6ObH*>C-m3)$ZX2oo2Au^W?YwJ{@DhIalWYP!uishm#emV8M*qr+)%Nwa8 zOs%)yZe)L2-bpq1AXueA>N5azm`3-!_mvfSNlr;prZ~wu75P5@o1E-lUMc^qNaR}@W}%e$8Mvp zD<&ITljdPTnt#GJDR;c6B4RzE6{+Q#(jO<~WL44Gti!F#^};&nJ%`9#WwT68r-99h zXXj&E0|h8@eFA2{Kt<1p;JVYH$7h_J+2gdZv;g7Z0>Xaj72Dq7ji*A)ghZz{HcQ;w ztpyiOPu)M(+>=q+lB_k<6n5@~6$S6?B5XDCB=G3WulbEFr`ji*a2~I9ka^}Z$x|cc4XGDYg8s>xueso zg;OtK9SsT!5@M!7!kj@NSce!1amDIwZf65FF9)+}nDBzq*Jnz> z#KZ*n1;A(nb;ev~C>ughvO%Ns_a%AaPF(Q)c^GV=IAU8z1t$%N&rslI3EX`Umk9w1 zaRDwnfUkTfY=Eu-K=m(@SX2XixfBE1V`3a6*u6s1V}Y{*&|B1#}L&)zj_8-++^l@p~Zyanb@KJ`0c~D@%J0nWPMWh2`)Q2r>c% zA<&T!Dm!8~IOhAJ1`*dG;hZimE=K(mjys=d8tOLvd?&7SbNfP?@>!US1NaLnGYIAZ za|JRm0?mjb>QdXYnA+@>T|{CE_$#kTZ43VmD3Z#uhkiaN64k0ePXjN9)TBt!K6gfg>O5TXXFn)|7B|>WbWMxsha? zzxF*0wUWkfo^IG!^umYs3K2UBuys$5#a6nyr%t@CP}{I;udmxWlcDF0v9UO-#rWfF zBO4c6EvK{NFU1sO%`09z#7psbT4Z84+4ONy8%xfb!~k7d5dqPJh3umrgx!M5IhV&BIkNgqfAid_nZO&>Jcv4 z+(W{HIbS7c8x9eLS`;vU;ktg@OY8Zubk}0^m(JX-mH~DYGBoCXR9t&pS*6Gs>y_Tz z6RloYIg;9Fo6HsF^)x1ioo(b(Y~XKyyh}vObr`;3MiN89FyfZ)jL_fMY)Ic4RMs&K zMXbKQDh<;;tIfkz3(hLNvn^Q-)jO*PQ|o)z{@PGy3{1=pwi+27dSRbzT_w1vR*vQAXQc<-oM2K%CH>VjHFBS(I%4)W?!Suxyac!C|9vqZ?kFV56_G8ps{7Z2 zKkEp#6zU2H3-ow?Q%K0I-DwSG4~TXXP(zR&AZA!22iKV+i$RwHw+nhiTgsQ469Ljlk}+aE3C7P* zXZtTSv62|e1gAg+mq+~>513sCkt{I@HJvyiv7$NL0ilk?N(H>$4E4>vYJ&9NZL$G~Q zDF(5&Me=XTGJFp7p+A5vpNjH+1y~?Z7N(ra_sgmn^}`iyuHorDA{CBFa5<)5``H$T zI@k~5#GPS&VVQihFMTYnCP!qpzqq|Ii#e1pUMv8sfE%iw%}jvLfpcG|r4(5(65 zNjttbxqW^v@@F?g)D2R`7z}YdT21I~W`cx`jo@SMDK^yUSg7s-t zRm9y3{?AosSYWtsXFy*OiSC%s#T@^=C~Y#=ADice73Hc@;CRo$80EfLyMg?shLN%f z%WmmayPIW%c~$m7^2)-hDEFWwpJAS}Z)yF)wsn8D#W|sB>#M^lPLI5Nv%f!asi+^_ zLs3rbKI!jA4WmN>1O53-(&suVz;lNXuhL!&ELk*BX5pTIGP7XBw%A zy1L2&vdN?_$eo3sP`-f{~%&f#0DI3bL5KMmWi^0@eYXDx#JM4H1O3lgU$ZEyA%Tp z7e>NjwAr>mIs)%vE$%pvmKsLw>|R^2;5~LUXsLAhUe;Q0soTUoz*+!Rft=STz>h$l zWoWh!HDHe8*?&hg}^Sk;8EkI%FC+Es^8;r%c%Sps8C& zUrRat^o@a)`bCz}2%ANpefX@a@I09A-6`}Bc)*^S?tv6=U@)U44zYkG^KRUh9#NV z&y+go2_L5~PQk|I7Rqy=Ptu8yoN$ukMZ7z)w0>dpZ(sP%E%UbxmbqMzb`Dp*nXs_@ z-Q3$d*uDZuC%+aiWjn{l#%#G5Pe6}+jKQH5u%jHF^d2f9H)$!Zh0^iW*L}s+9=3FATQ-~aKhzumfv~0&$cr?g=13ez2-GOg5i8yoSsX?qJBjzL3?@0 zpiBTIbX$y7o2TsgXuO5ErG?Qmij$~`cZNL9({0Y^UM^G0bBZ)h6LptE%v{{vqZmq> z#hrd#@8nn0L=)at8}l+h$Ck>bsJ9ELLTO&JqRE#4fZbyKr^lbvvNS$BrxLZTa1TGkwa*bduT~pF z<_B;AAQl*Z{sZnheXbTav_SLeMD(D9JD6-rN=iZ;gu6i_Oy8hqLJnxJy=BqqTT8Kn z)1CO85E*t6htZasU8n{CO{vUV`Z1NUJZ9ul> z1cx?rYS;Pj z&>qk>93OAt$G+;`T93e?{x~aQ{Be)GID^^rM1`AgM#nGA&!U3^_PpW(4sO31yY%45 zFD(C#--U6pSQ576&)*H6$)t+k00*26P4J#sCy*-CT~X}BH&Z*O^Bk&@U6w+^e8x6h zYDTM_*K4Kp=NFca`~Nfz&-^Gmwz0i+FPM(+v~+J%Psk$Zvmw33RxMpZmEGhbOxh~N zait=yUmshXkG{fmj%|8stm@m!iYBrV;w&h?g>Sw*#_7x(8bX}ZSU%Ed2l2DpzXnzW z#LFoL$zuL3}Zp)Q6coh5|+l&lP_cx zR5%IzCW!wT=oQ{clAW;{J?>+_vdx;Ef1;uxnF%!6Fh-cz1asU!g31aQO;SiC@A1m( z9rh&`SR#)CkAe%V!xb;Xd=OSIoREkwjHTslY001OdJvO)#LfgdUO2lURcI-rKp%^v z3Ix^;_}NY(-X#!7j|jJb*?zH!<3OIJZ&|IPbAhw6Y7k3bFhI-E)jbofNn( z^r}k}pu6&hehGdK;)%ROEF%Mxy9$XAtOmCQuu6oM2k)Q%mB%6QwE(MT zn_KxSmOiyDgK4Lzr@o+*f_;OEa2G#emx$~{bcioby+x!@m7-VRm^k5ky?KAuefQRK zk6Vw(eonkWpI^&LeBCQwyz^;F6T3U=)cZ$&cYI_5=E38^?!^QYcY2SME}&j%`#V z=B-YQ>(*^f?QUKfE@2-@5A}YB=kCpPd!o|Eb*^+Pz~izvStambuS;ipD#+F&N{&hG zmXIMlC+F{}Z`>Bchu$Ssl}Q;_#m`K4P*d#tS$;)guo9&LVtjwceh>8E*}OzoWcyCP zLS72HOWB~c$QBpUHJ?tu`qI1kTvZL-;dXR7>8+=9*I3?5i{eb4mOZ<)cM0t%5w=T= zXub;Zvio!TtFfX<_Ks=141y0*0$)YS^?p+~+b+ye+20w!&<5Y7l&mz3LPn>7xQuC%Hj+anq zs6P$820`0lbN*h_O9u0+H|ymlL=;L`obpo&dO-{QcQy;SI&2eb_YI)ShUx-_U$FDP zAnHB%FW5F2JzN|Nekrw|4p;O%Dugc~loLqX0JlvDtaSyqGep0JxOKyF2Ae?7>T_tO zqfiOyV?hOCUsk5@?g64~L~LV_nG}NNmpV?UT|GVBohe)WYs4O@+7WoZsHn)me+dMe zkSXB}n*~V{f<=qu)GRMM0Dl_6??5rQDAl~_r_u|&20;iIfErjID?*~y$rB}vxv_@Y z;qPVMf7JD@gf{}zQULdL!W?TmrFNUe|6ns91Cmw1+4EZ5J-B}$B@CPnw(e=EC1;0C zoG`sb5THi(mdDaaBiwc$Mbz)UdjPZtN9My$JVx)SrH}`<~ttew%+2 zC6=1OCET@3@@|#}h_F13HkMmj6n)5EAQ0W1fvjUt$AICDTCNsgF;Hc~h#v?&$bJ1O z`qaWj!1wS|uFknls}(1Tw0YJvTIWV(;+*O%n@tm!%Y!f?2}J4~3d3^knU!&axBLqN z17{|SB5!a#mgSvgsrJsUYaJLYrcN}@cgYiEYZn5zI;!I}EN={+eFv}zO;5=hACsq; zeRh?ZrUxW~H|Epv&=plKaVdlOAS%vzGR+Yz{ntZHl}FGEG-G5`nQ{d)Wp+4gBKOxb zB}($V<0ylRv%arH3y%oH!}m`Cm8`RBc9E2WD`fE zKO^9JjxiktoZhoK#*9gzhsC_8d(x!yw3ze0_wop~%XO3cWU&_-)fSk`QPS@Ido$*Y zIXl%LS&y$`(RxlHhzowRNTWN}@pgOBbn(Y-5$o&vDl# zN}xPY@Vc1aNJIW#vbdE=hoXlfoKogQ>d*4DXA{IvWG zRLMWiM;FHhpGPUNC25_}kO&8=}4#f#J<6aL+X7kvU_+9J>!CfrjA)LrrE+;ri z)G2b+!C$DO1K(hNPE43gNA^B!bC34wHYX`2`WZ~4K1tqD-&-bn=k;^XX(U;q)bQG1 z2YIu`nc|~?*Mz=}dpjtL6&`O2_y-HBM zfehEqGVjea=P?OMOC{6LJFC>Ik>?+9SQcgS)LmkE%bLpV;#8@~Z5|Uf^amyg_d!)> zlzmo+XZ+IPSe1_zmK`;+b_%8DBsBKzkGnkgz)5Z zdXda-Xu;wT1v=1Bz{p`3l6PRQOaXDKr?QP3mq%Zq#SH@V7vOUc+eHEk7-W+{N>U2A z>^d4{4Pb$E4`t%t8xFQB#46@!=OH0u;G^<{Qjo`1{1e~~ z_2?gpL=&^~@*)uN7m}ZgVB{2(w5G{iV4#jX5!8VzyGx9NNUH{y4^a2E@@jW@z{F|6 zt#ZtP2vC|sASR0XJA&1dkQ6)c?F&F`Cy=BrdVBh;_@4HmpCmrYrgymHySVMov_HpW0jDX zN7J@3&v6mfa$W9oc@evrAyJ*6@o(6DN-?LOl3XjqffL7MAko^%!7jP6(f)@m-eq&$ zZ9>RiUg9nZ%b#OdBp!Yw8QWbnxnn0?EByY~PVL+N@b-mmZVIK)n)i{mOsDOQcTqMU z_46E2UG9zO`Y0t_-y40$al-|rp+!bJBRyPfK{>pwzu}$FtMDU`n>BYAT$)vJIcLnx9XPxXtJ^0 z#kB&g7LW5a<MS+VdZ~Brsgxu1qJiVaj8UIL6)U zH<6=}i`2I;3!ZbSkc>bjseFC(rvub`a0~p3{|OGsP=l6Y%7_?fFTwN*S|vzeEyWlP zT0x2fyx#Ce^QwAmLBY8bkWuohOPepj*(kwOV2D=I(eO3ds{g|vsA=-&$D#A#*7tdUrto@{2>~^ouf}IU3qBo zHFJfrw!|r~K6iyt*-a`^AKUqLO;EF!l&k%hWw9;%YGX!vM=6gEp=x5#BILO8p9~8h zRr)v>KJ8CzVvG0XTBb95HrQQ-OvlOI%W9-2^Q3}7f`Rnke`=r04-=jxnZ7{xZFp@`N^PJ3HIGm*MaA zxaY49guk}uL`^gcUguCtR1~=9_%=H2UDdEuVNhnrCw%JHX&i?U1}wa9&~j5q9I3 zvB8tteBSnY4_0(L(mB{bcC4cN%)vxF(DcD0B3LHVsFfPn4g@H;;e_g@xfMgJA$Dzz z(@Njkp7DMlPZMjSMwl*d)6edU?=CgKH5b#>Kaz@efUVU( zUu{};ethZ^wM|HpL6Q}FZ5= z_Y_AyUsSvJ1pN>lHj|NC%z_CK!xc@+!Cf@A;rx$yt5 zCn3`J-*0+<>9kt-zu%*H_iE~C;&owzXb&+ j{{MPL-i!acqhPD{uPk|wqPT69L-0_NSChlZm_Geq%N84$ literal 0 HcmV?d00001 diff --git a/downstream/modules/platform/con-ocp-supported-install.adoc b/downstream/modules/platform/con-ocp-supported-install.adoc index 07396dcb36..bcf517d957 100644 --- a/downstream/modules/platform/con-ocp-supported-install.adoc +++ b/downstream/modules/platform/con-ocp-supported-install.adoc @@ -8,7 +8,7 @@ You can use the OperatorHub on the {OCP} web console to install {OperatorPlatfor Alternatively, you can install {OperatorPlatformNameShort} from the {OCPShort} command-line interface (CLI), `oc`. See link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/installing_on_openshift_container_platform/index#installing-aap-operator-cli_operator-platform-doc[Installing {OperatorPlatformName} from the {OCPShort} CLI] for help with this. -After you have installed {OperatorPlatformNameShort} you must create an *{PlatformNameShort}* custom resource (CR). This enables you to manage {PlatformNameShort} components from a single unified interface known as the {Gateway}. As of version 2.5, you must create an {PlatformNameShort} CR, even if you have an existing {ControllerName}, {HubName}, or {EDAName}, components. +After you have installed {OperatorPlatformNameShort} you must create an *{PlatformNameShort}* custom resource (CR). This enables you to manage {PlatformNameShort} components from a single unified interface known as the {Gateway}. In version {PlatformVers}, you must create an {PlatformNameShort} CR, even if you have an existing {ControllerName}, {HubName}, or {EDAName}, components. If existing components have already been deployed, you must specify these components on the {PlatformNameShort} CR. You must create the custom resource in the same namespace as the existing components. diff --git a/downstream/modules/platform/con-operator-channel-upgrade.adoc b/downstream/modules/platform/con-operator-channel-upgrade.adoc index 0a8461922c..d09e0d93d6 100644 --- a/downstream/modules/platform/con-operator-channel-upgrade.adoc +++ b/downstream/modules/platform/con-operator-channel-upgrade.adoc @@ -4,11 +4,11 @@ = Channel upgrades -Upgrading to version 2.5 from {PlatformNameShort} 2.4 involves retrieving updates from a “channel”. +Upgrading to version {PlatformVers} from {PlatformNameShort} 2.4 involves retrieving updates from a “channel”. A channel refers to a location where you can access your update. It currently resides in the OpenShift console UI. -image:change_subscription.png[Update channel] +image:AAP-2.6-channels.png[Update channel] == In-channel upgrades diff --git a/downstream/modules/platform/con-operator-upgrade-overview.adoc b/downstream/modules/platform/con-operator-upgrade-overview.adoc index e98a64c0f0..1a34119bf9 100644 --- a/downstream/modules/platform/con-operator-upgrade-overview.adoc +++ b/downstream/modules/platform/con-operator-upgrade-overview.adoc @@ -4,8 +4,8 @@ = Overview -You can use this document for help with upgrading {PlatformNameShort} 2.4 to 2.5 on {OCP}. -This document applies to upgrades of {PlatformNameShort} 2.5 to later versions of 2.5. +You can use this document for help with upgrading {PlatformNameShort} versions 2.4 and 2.5 to {PlatformVers} on {OCP}. +This document applies to upgrades of {PlatformNameShort} {PlatformVers} to later versions of {PlatformVers}. The {OperatorPlatformNameShort} manages deployments, upgrades, backups, and restores of {ControllerName} and {HubName}. It also handles deployments of AnsibleJob and JobTemplate resources from the {PlatformNameShort} Resource Operator. @@ -20,4 +20,4 @@ Most users will not have to interact directly with these resources. They are created when the {OperatorPlatformNameShort} is installed from *OperatorHub* and managed through the *Subscriptions* tab in the OpenShift console UI. For more information, refer to link:https://docs.openshift.com/container-platform/4.16/web_console/web-console.html[Accessing the web console]. -image:Subscription_tab.png[Subscription tab] \ No newline at end of file +image:AAP-2.6-view.png[Subscription tab] \ No newline at end of file diff --git a/downstream/modules/platform/proc-install-cli-aap-operator.adoc b/downstream/modules/platform/proc-install-cli-aap-operator.adoc index 21ed3ffa4d..748119cb39 100644 --- a/downstream/modules/platform/proc-install-cli-aap-operator.adoc +++ b/downstream/modules/platform/proc-install-cli-aap-operator.adoc @@ -49,7 +49,7 @@ metadata: name: ansible-automation-platform namespace: ansible-automation-platform spec: - channel: 'stable-2.5' + channel: 'stable-2.6' installPlanApproval: Automatic name: ansible-automation-platform-operator source: redhat-operators @@ -71,7 +71,7 @@ oc apply -f sub.yaml oc get csv -n ansible-automation-platform NAME DISPLAY VERSION REPLACES PHASE -aap-operator.v2.5.0-0.1728520175 Ansible Automation Platform 2.5.0+0.1728520175 aap-operator.v2.5.0-0.1727875185 Succeeded +aap-operator.v2.6.0-0.1728520175 Ansible Automation Platform 2.6.0+0.1728520175 aap-operator.v2.6.0-0.1727875185 Succeeded ----- + . Create an `AnsibleAutomationPlatform` object called `_example_` in the `ansible-automation-platform` namespace. diff --git a/downstream/modules/platform/proc-operator-deploy-central-config.adoc b/downstream/modules/platform/proc-operator-deploy-central-config.adoc index fdc4d31f1e..1db99dec45 100644 --- a/downstream/modules/platform/proc-operator-deploy-central-config.adoc +++ b/downstream/modules/platform/proc-operator-deploy-central-config.adoc @@ -12,7 +12,7 @@ The following procedure simulates a scenario where you have {ControllerName} as . Log in to {OCP}. . Navigate to menu:Operators[Installed Operators]. . Select your {OperatorPlatformNameShort} deployment. -. Click btn:[Subscriptions] and edit your *Update channel* to *stable-2.5*. +. Click btn:[Subscriptions] and edit your *Update channel* to *stable-2.6*. . Click btn:[Details] and on the *{PlatformNameShort}* tile click btn:[Create instance]. . From the *Create {PlatformNameShort}* page enter a name for your instance in the *Name* field. * When deploying an {PlatformNameShort} instance, ensure that `auto_update` is set to the default value of `false` on your existing {ControllerName} instance in order for the integration to work. diff --git a/downstream/modules/platform/proc-operator-upgrade.adoc b/downstream/modules/platform/proc-operator-upgrade.adoc index a35488a104..36f2424258 100644 --- a/downstream/modules/platform/proc-operator-upgrade.adoc +++ b/downstream/modules/platform/proc-operator-upgrade.adoc @@ -4,13 +4,18 @@ = Upgrading the {OperatorPlatformNameShort} -To upgrade to the latest version of {OperatorPlatformNameShort} on {OCPShort}, you can do the following: +To upgrade to the latest version of {OperatorPlatformNameShort} on {OCPShort}, you can use the following procedure: + +[NOTE] +==== +If you are on version 2.4, it is recommended to skip 2.5 and upgrade straight to version {PlatformVers}. +==== .Prerequisites -* Read the link:{URLReleaseNotes}[{TitleReleaseNotes}] for 2.5 +* Read the {LinkReleaseNotes} for {PlatformVers} -* [Optional] You need to deploy all of your {PlatformName} services ({ControllerNAme}, {HubName}, {EDAName}) to the same, single namespace before upgrading to 2.5 (only for existing deployments). For more information see, link:https://access.redhat.com/solutions/7092056[Migrating from one namespace to another]. +* [Optional] You must deploy all of your {PlatformName} services ({ControllerNAme}, {HubName}, {EDAName}) to the same, single namespace before upgrading to {PlatformVers} (only for existing deployments). For more information see, link:https://access.redhat.com/solutions/7092056[Migrating from one namespace to another]. * Review the link:{URLOperatorBackup}[{TitleOperatorBackup}] guide and backup your services: ** AutomationControllerBackup ** AutomationHubBackup @@ -22,15 +27,26 @@ Upgrading from {EDAName} 2.4 is not supported. If you are using {EDAName} 2.4 in ==== .Procedure + . Log in to {OCPShort}. . Navigate to menu:Operators[Installed Operators]. . Select the {OperatorPlatformNameShort} installed on your project namespace. . Select the *Subscriptions* tab. -. Change the channel from stable-2.4 to stable-2.5. An InstallPlan is created for the user. -. Click btn:[Preview InstallPlan]. +. Depending on your current version change the channel: +.. 2.4: Change from *stable-2.4* to *stable-2.6* +.. 2.5: Change from *stable-2.5* to *stable-2.6* +. This creates an InstallPlan for the user. Click btn:[Preview InstallPlan]. . Click btn:[Approve]. . Create a Custom Resource (CR) using the {PlatformNameShort} UI. The {ControllerName} and {HubName} UIs remain until all SSO configuration is supported in the {Gateway} UI. +.Verification + +You can confirm you have upgraded successfully by navigating to menu:Operators[Installed Operators], here under {PlatformNameShort} you can see the version number, begins with 2.6.x. + +Additionally, go to your {OperatorPlatformNameShort} deployment and click btn:[All instances] to verify if all instances upgraded correctly. +All pods should display either a *Running* or *Completed status*, with no pods displaying an error status. + + [role="_additional-resources"] .Additional resources From 8d605329ddf8a5e96e1ebef6fd468a953a4dd18f Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Mon, 11 Aug 2025 13:26:47 +0100 Subject: [PATCH 40/71] DITA migration changes: CAG Ch14 (#4022) (#4024) Configuring automation execution UI and modular compliance chapter 14 https://issues.redhat.com/browse/AAP-46734 --- ...ssembly-ag-controller-secret-handling.adoc | 20 +++++-------------- .../ref-controller-connection-security.adoc | 18 +++++++++++++++++ .../ref-controller-external-access.adoc | 2 +- .../ref-controller-managed-nodes.adoc | 1 + 4 files changed, 25 insertions(+), 16 deletions(-) create mode 100644 downstream/modules/platform/ref-controller-connection-security.adoc diff --git a/downstream/assemblies/platform/assembly-ag-controller-secret-handling.adoc b/downstream/assemblies/platform/assembly-ag-controller-secret-handling.adoc index a6f8c17bce..a93aaf5517 100644 --- a/downstream/assemblies/platform/assembly-ag-controller-secret-handling.adoc +++ b/downstream/assemblies/platform/assembly-ag-controller-secret-handling.adoc @@ -7,25 +7,15 @@ {ControllerNameStart} handles secrets and connections securely. include::platform/con-controller-secret-handling.adoc[leveloffset=+1] -include::platform/ref-controller-secret-handling-operational-use.adoc[leveloffset=+2] -include::platform/ref-controller-secret-handling-automation-use.adoc[leveloffset=+2] - -== Connection security - -{ControllerNameStart} allows for connections to internal services, external access, and managed nodes. -[NOTE] -==== -You must have 'local' user access for the following users: +include::platform/ref-controller-secret-handling-operational-use.adoc[leveloffset=+2] -* postgres -* awx -* redis -* receptor -* nginx +include::platform/ref-controller-secret-handling-automation-use.adoc[leveloffset=+2] -==== +include::platform/ref-controller-connection-security.adoc[leveloffset=+2] include::platform/ref-controller-internal-services.adoc[leveloffset=+2] + include::platform/ref-controller-external-access.adoc[leveloffset=+2] + include::platform/ref-controller-managed-nodes.adoc[leveloffset=+2] diff --git a/downstream/modules/platform/ref-controller-connection-security.adoc b/downstream/modules/platform/ref-controller-connection-security.adoc new file mode 100644 index 0000000000..7a5e8b41a4 --- /dev/null +++ b/downstream/modules/platform/ref-controller-connection-security.adoc @@ -0,0 +1,18 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-controller-connection-security"] + += Connection security + +{ControllerNameStart} allows for connections to internal services, external access, and managed nodes. + +[NOTE] +==== +You must have 'local' user access for the following users: + +* postgres +* awx +* redis +* receptor +* nginx +==== diff --git a/downstream/modules/platform/ref-controller-external-access.adoc b/downstream/modules/platform/ref-controller-external-access.adoc index 774e3f97f5..223b3e2f63 100644 --- a/downstream/modules/platform/ref-controller-external-access.adoc +++ b/downstream/modules/platform/ref-controller-external-access.adoc @@ -4,7 +4,7 @@ = External access -{ControllerNameStart} is accessed via standard HTTP/HTTPS on standard ports, provided by Nginx. +{ControllerNameStart} is accessed using standard HTTP/HTTPS on standard ports, provided by Nginx. A self-signed certificate or key is installed by default; you can provide a locally appropriate certificate and key. SSL/TLS algorithm support is configured in the `/etc/nginx/nginx.conf` configuration file. An "intermediate" profile is used by default, that you can configure. diff --git a/downstream/modules/platform/ref-controller-managed-nodes.adoc b/downstream/modules/platform/ref-controller-managed-nodes.adoc index b287395fa7..9b9e99bd9f 100644 --- a/downstream/modules/platform/ref-controller-managed-nodes.adoc +++ b/downstream/modules/platform/ref-controller-managed-nodes.adoc @@ -6,4 +6,5 @@ {ControllerNameStart} connects to managed machines and services as part of automation. All connections to managed machines are done by standard secure mechanisms, such as SSH, WinRM, or SSL/TLS. + Each of these inherits configuration from the system configuration for the feature in question, such as the system OpenSSL configuration. From 8f7a48385615fff4a08995e98c5141f099ce710f Mon Sep 17 00:00:00 2001 From: Aine Riordan <44700011+ariordan-redhat@users.noreply.github.com> Date: Mon, 11 Aug 2025 21:26:08 +0100 Subject: [PATCH 41/71] AAP-51375 Migration: Change devtools xrefs to links (#4025) (#4027) --- .../assembly-rhdh-subscription-warnings.adoc | 12 ++++++------ .../modules/devtools/con-devtools-requirements.adoc | 6 +++--- .../con-devtools-roles-collection-prerequisites.adoc | 4 ++-- .../devtools/proc-devtools-install-container.adoc | 2 +- .../proc-devtools-install-vscode-extension.adoc | 2 +- .../proc-rhdh-configure-devtools-server.adoc | 4 ++-- .../proc-rhdh-configure-showcase-location.adoc | 2 +- .../proc-rhdh-warning-invalid-aap-config.adoc | 3 ++- .../devtools/proc-self-service-create-oauth-app.adoc | 4 +++- downstream/modules/devtools/ref-rhdh-dashboard.adoc | 10 +++++----- 10 files changed, 26 insertions(+), 23 deletions(-) diff --git a/downstream/assemblies/devtools/assembly-rhdh-subscription-warnings.adoc b/downstream/assemblies/devtools/assembly-rhdh-subscription-warnings.adoc index 4c12714f67..092161a909 100644 --- a/downstream/assemblies/devtools/assembly-rhdh-subscription-warnings.adoc +++ b/downstream/assemblies/devtools/assembly-rhdh-subscription-warnings.adoc @@ -7,13 +7,13 @@ ifdef::context[:parent-context-of-rhdh-subscription-warnings: {context}] :context: rhdh-subscription-warnings [role="_abstract"] -The Ansible plug-ins display a subscription warning banner in the user interface in the following scenarios: +The {AAPRHDHShort} display a subscription warning banner in the user interface in the following scenarios: -* xref:rhdh-warning-unable-connect-aap_rhdh-subscription-warnings[Unable to connect to Ansible Automation Platform] -* xref:rhdh-warning-unable-authenticate-aap_rhdh-subscription-warnings[Unable to authenticate to Ansible Automation Platform] -* xref:rhdh-warning-invalid-aap-config_rhdh-subscription-warnings[Invalid Ansible Automation Platform configuration] -* xref:rhdh-warning-aap-ooc_rhdh-subscription-warnings[Ansible Automation Platform subscription is out of compliance] -* xref:rhdh-warning-invalid-aap-subscription_rhdh-subscription-warnings[Invalid Ansible Automation Platform subscription] +* link:{URLPluginRHDHInstall}/rhdh-subscription-warnings_aap-plugin-rhdh-installing#rhdh-warning-unable-connect-aap_rhdh-subscription-warnings[Unable to connect to Ansible Automation Platform] +* link:{URLPluginRHDHInstall}/rhdh-subscription-warnings_aap-plugin-rhdh-installing#rhdh-warning-unable-authenticate-aap_rhdh-subscription-warnings[Unable to authenticate to Ansible Automation Platform] +* link:{URLPluginRHDHInstall}/rhdh-subscription-warnings_aap-plugin-rhdh-installing#rhdh-warning-invalid-aap-config_rhdh-subscription-warnings[Invalid Ansible Automation Platform configuration] +* link:{URLPluginRHDHInstall}/rhdh-subscription-warnings_aap-plugin-rhdh-installing#rhdh-warning-aap-ooc_rhdh-subscription-warnings[Ansible Automation Platform subscription is out of compliance] +* link:{URLPluginRHDHInstall}/rhdh-subscription-warnings_aap-plugin-rhdh-installing#rhdh-warning-invalid-aap-subscription_rhdh-subscription-warnings[Invalid Ansible Automation Platform subscription] include::devtools/proc-rhdh-warning-unable-connect-aap.adoc[leveloffset=+1] diff --git a/downstream/modules/devtools/con-devtools-requirements.adoc b/downstream/modules/devtools/con-devtools-requirements.adoc index 6f09cf87f6..5143eed0b0 100644 --- a/downstream/modules/devtools/con-devtools-requirements.adoc +++ b/downstream/modules/devtools/con-devtools-requirements.adoc @@ -10,9 +10,9 @@ Extra requirements for Windows installations and containerized installations are * Python 3.10 or later. * {VSCode} (Visual Studio Code) with the Ansible extension added. See -xref:devtools-install-vsc_installing-devtools[Installing {VScode}]. +link:{URLDevelopAutomationContent}/installing-devtools#devtools-install-vsc_installing-devtools[Installing {VScode}]. * For containerized installations, the Microsoft Dev Containers {VSCode} extension. See -xref:devtools-ms-dev-containers-ext_installing-devtools[Installing and configuring the Dev Containers extension]. +link:{URLDevelopAutomationContent}/installing-devtools#devtools-ms-dev-containers-ext_installing-devtools[Installing and configuring the Dev Containers extension]. * A containerization platform, for example Podman, Podman Desktop, Docker, or Docker Desktop. + [NOTE] @@ -22,5 +22,5 @@ See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_pla ==== * You have a Red Hat account and you can log in to the Red Hat container registry at `registry.redhat.io`. For information about logging in to `registry.redhat.io`, see -xref:devtools-setup-registry-redhat-io_installing-devtools[Authenticating with the Red Hat container registry]. +link:{URLDevelopAutomationContent}/installing-devtools#devtools-setup-registry-redhat-io_installing-devtools[Authenticating with the Red Hat container registry]. diff --git a/downstream/modules/devtools/con-devtools-roles-collection-prerequisites.adoc b/downstream/modules/devtools/con-devtools-roles-collection-prerequisites.adoc index 2b30223c52..a0b19694ef 100644 --- a/downstream/modules/devtools/con-devtools-roles-collection-prerequisites.adoc +++ b/downstream/modules/devtools/con-devtools-roles-collection-prerequisites.adoc @@ -4,12 +4,12 @@ = Prerequisites * You have installed {VSCode} and the Ansible extension. -* You have installed the Microsoft Dev Containers extension in {{VSCode}. +* You have installed the Microsoft Dev Containers extension in {VSCode}. * You have installed {ToolsName}. * You have installed a containerization platform, for example Podman, Podman Desktop, Docker, or Docker Desktop. * You have a Red Hat account and you can log in to the Red Hat container registry at `registry.redhat.io`. For information about logging in to `registry.redhat.io`, see -xref:devtools-setup-registry-redhat-io_installing-devtools[Authenticating with the Red Hat container registry]. +link:{URLDevelopAutomationContent}/installing-devtools#devtools-setup-registry-redhat-io_installing-devtools[Authenticating with the Red Hat container registry]. // * Considerations about environments / isolation (ADE / devcontainer files) diff --git a/downstream/modules/devtools/proc-devtools-install-container.adoc b/downstream/modules/devtools/proc-devtools-install-container.adoc index b895eb9119..07e571fd13 100644 --- a/downstream/modules/devtools/proc-devtools-install-container.adoc +++ b/downstream/modules/devtools/proc-devtools-install-container.adoc @@ -11,7 +11,7 @@ You must use the Ansible extension to scaffold a config file for your dev contai * You have installed a containerization platform, for example Podman, Podman Desktop, Docker, or Docker Desktop. * You have a Red Hat login and you have logged in to the Red Hat registry at `registry.redhat.io`. For information about logging in to `registry.redhat.io`, see -xref:devtools-setup-registry-redhat-io_installing-devtools[Authenticating with the Red Hat container registry]. +link:{URLDevelopAutomationContent}/installing-devtools#devtools-setup-registry-redhat-io_installing-devtools[Authenticating with the Red Hat container registry]. * You have installed {VSCode}. * You have installed the Ansible extension in {VSCode}. * You have installed the link:https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers[Microsoft Dev Containers] extension in {VSCode}. diff --git a/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc b/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc index 9b090a0f59..fb1bca5f4e 100644 --- a/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc +++ b/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc @@ -30,5 +30,5 @@ The following files are assigned the Ansible language: * YAML files whose filename contains "playbook": `*playbook*.yml` or `*playbook*.yaml` If the extension does not identify the language for your playbook files as Ansible, follow the procedure in -xref:devtools-extension-set-language_installing-devtools[Associating the Ansible language to YAML files]. +link:{URLDevelopAutomationContent}/installing-devtools#devtools-extension-set-language_installing-devtools[Associating the Ansible language to YAML files]. diff --git a/downstream/modules/devtools/proc-rhdh-configure-devtools-server.adoc b/downstream/modules/devtools/proc-rhdh-configure-devtools-server.adoc index 81ce7f9044..510fab729b 100644 --- a/downstream/modules/devtools/proc-rhdh-configure-devtools-server.adoc +++ b/downstream/modules/devtools/proc-rhdh-configure-devtools-server.adoc @@ -3,12 +3,12 @@ [id="rhdh-configure-devtools-server_{context}"] = Configuring the Ansible Dev Tools Server -The `creatorService` URL is required for the Ansible plug-ins to provision new projects using the provided software templates. +The `creatorService` URL is required for the {AAPRHDHShort} to provision new projects using the provided software templates. .Procedure . Edit your custom {RHDH} config map, `app-config-rhdh`, that you created in -xref:rhdh-add-custom-configmap_rhdh-ocp-required-installation[Adding a custom ConfigMap]. +link:{URLPluginRHDHInstall}/rhdh-install-ocp-helm_aap-plugin-rhdh-installing#rhdh-add-custom-configmap_rhdh-ocp-required-installation[Adding a custom ConfigMap]. . Add the following code to your {RHDH} `app-config-rhdh.yaml` file. + ---- diff --git a/downstream/modules/devtools/proc-rhdh-configure-showcase-location.adoc b/downstream/modules/devtools/proc-rhdh-configure-showcase-location.adoc index 645e235780..0a25a4a70a 100644 --- a/downstream/modules/devtools/proc-rhdh-configure-showcase-location.adoc +++ b/downstream/modules/devtools/proc-rhdh-configure-showcase-location.adoc @@ -11,7 +11,7 @@ You must configure `showCaseLocation` in your custom config map. .Procedure . Edit your custom {RHDH} config map, `app-config-rhdh`, that you created in -xref:rhdh-add-custom-configmap_rhdh-ocp-required-installation[Adding a custom ConfigMap]. +link:{URLPluginRHDHInstall}/rhdh-install-ocp-helm_aap-plugin-rhdh-installing#rhdh-add-custom-configmap_rhdh-ocp-required-installation[Adding a custom ConfigMap]. . Add the following code to your {RHDH} `app-config-rhdh.yaml` file. + ---- diff --git a/downstream/modules/devtools/proc-rhdh-warning-invalid-aap-config.adoc b/downstream/modules/devtools/proc-rhdh-warning-invalid-aap-config.adoc index a8eebf5b3b..2a613a08cb 100644 --- a/downstream/modules/devtools/proc-rhdh-warning-invalid-aap-config.adoc +++ b/downstream/modules/devtools/proc-rhdh-warning-invalid-aap-config.adoc @@ -12,6 +12,7 @@ For help, please refer to the Ansible plug-ins installation guide. ---- . Verify that the `rhaap` section of the Ansible plug-ins ConfigMap is correctly configured and contains all the necessary entries. -For more information, refer to xref:rhdh-configure-aap-details_rhdh-ocp-required-installation[Configuring Ansible Automation Platform details]. +For more information, refer to +link:{URLPluginRHDHInstall}/rhdh-install-ocp-helm_aap-plugin-rhdh-installing#rhdh-configure-aap-details_rhdh-ocp-required-installation[Configuring Ansible Automation Platform details]. . After correcting the configuration, restart the {RHDH} pod to initiate a subscription query. diff --git a/downstream/modules/devtools/proc-self-service-create-oauth-app.adoc b/downstream/modules/devtools/proc-self-service-create-oauth-app.adoc index a354878de9..f154ee3036 100644 --- a/downstream/modules/devtools/proc-self-service-create-oauth-app.adoc +++ b/downstream/modules/devtools/proc-self-service-create-oauth-app.adoc @@ -12,7 +12,9 @@ because the OAuth configuration requires the URL for your deployment. Create the OAuth Application on your {PlatformNameShort} instance, using a placeholder name for the deployment URL. -After deploying {SelfServiceShort}, you must xref:self-service-add-deployment-url-oauth-app_self-service-accessing-deployment[replace the placeholder value with a URL derived from your deployment URL] in your OAuth application. +After deploying {SelfServiceShort}, you must +link:{URLSelfServiceInstall}/self-service-accessing-deployment_aap-self-service-install#self-service-add-deployment-url-oauth-app_self-service-accessing-deployment[replace the placeholder value with a URL derived from your deployment URL] +in your OAuth application. The steps below describe how to create an OAuth Application in the {PlatformNameShort} Platform console. diff --git a/downstream/modules/devtools/ref-rhdh-dashboard.adoc b/downstream/modules/devtools/ref-rhdh-dashboard.adoc index a08bd4c941..36192a17df 100644 --- a/downstream/modules/devtools/ref-rhdh-dashboard.adoc +++ b/downstream/modules/devtools/ref-rhdh-dashboard.adoc @@ -14,19 +14,19 @@ The plug-in dashboard illustrates the steps you need to take from learning about * *Overview* displays the main dashboard page. * *Learn* provides links to resources curated by Red Hat that introduce you to Ansible and provide step-by-step examples to get you started. For more information, see -xref:rhdh-learning_rhdh-using[Learning about Ansible]. +link:{URLPluginRHDHUsing}/rhdh-using_aap-plugin-rhdh-using#rhdh-learning_rhdh-using[Learning about Ansible]. * *Discover existing collections* links to {PrivateHubName}, if configured in the plug-ins, or to {HubName} hosted on the Red Hat Hybrid Cloud Console. {HubNameStart} stores existing collections and execution environments that you can use in your projects. For more information, see -xref:rhdh-discover-collections_rhdh-using[Discovering existing collections]. +link:{URLPluginRHDHUsing}/rhdh-using_aap-plugin-rhdh-using#rhdh-discover-collections_rhdh-using[Discovering existing collections]. * *Create* creates new projects in your configured Source Control Management platforms such as GitHub. For more information, see -xref:rhdh-create_rhdh-using[Creating a project]. +link:{URLPluginRHDHUsing}/rhdh-using_aap-plugin-rhdh-using#rhdh-create_rhdh-using[Creating a project]. * *Develop* links you to OpenShift Dev Spaces, if configured in the Ansible plug-ins installation. OpenShift Dev Spaces provides on-demand, web-based Integrated Development Environments (IDEs), where you can develop automation content. For more information, see -xref:rhdh-develop-projects_rhdh-using[Developing projects]. +link:{URLPluginRHDHUsing}/rhdh-using_aap-plugin-rhdh-using#rhdh-develop-projects_rhdh-using[Developing projects]. * *Operate* connects you to {PlatformNameShort}, where you can create and run automation jobs that use the projects you have developed. For more information, see -xref:rhdh-set-up-controller-project_rhdh-using[Setting up a controller project to run your playbook project]. +link:{URLPluginRHDHUsing}/rhdh-using_aap-plugin-rhdh-using#rhdh-set-up-controller-project_rhdh-using[Setting up a controller project to run your playbook project]. From 69d035c32d67445e00b3dfcec66f0f67a3c3727e Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Tue, 12 Aug 2025 16:01:25 +0100 Subject: [PATCH 42/71] DITA migration changes: CAG Ch15 (#4033) Configuring automation execution UI and modular compliance chapter 15 https://issues.redhat.com/browse/AAP-46735 --- ...ly-ag-controller-security-best-practices.adoc | 16 +++++++++++++--- .../platform/con-controller-granting-access.adoc | 13 +++++++++++++ .../con-controller-understand-architecture.adoc | 12 ++---------- .../ref-controller-available-resources.adoc | 6 +++--- .../ref-controller-django-password-policies.adoc | 8 +++++--- .../ref-controller-existing-security.adoc | 10 +++++----- 6 files changed, 41 insertions(+), 24 deletions(-) create mode 100644 downstream/modules/platform/con-controller-granting-access.adoc diff --git a/downstream/assemblies/platform/assembly-ag-controller-security-best-practices.adoc b/downstream/assemblies/platform/assembly-ag-controller-security-best-practices.adoc index 10e8c42614..bc554b1804 100644 --- a/downstream/assemblies/platform/assembly-ag-controller-security-best-practices.adoc +++ b/downstream/assemblies/platform/assembly-ag-controller-security-best-practices.adoc @@ -9,17 +9,27 @@ However, managing certain operating system environments, automation, and automat To secure {RHEL} start with the following release-appropriate security guide: -* For Red Hat Enterprise Linux 8, see link:{BaseURL}/red_hat_enterprise_linux/8/html/security_hardening/index[Security hardening]. +* For Red Hat Enterprise Linux 8, see link:link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/security_hardening/index[Security hardening]. -* For Red Hat Enterprise Linux 9, see link:{BaseURL}/red_hat_enterprise_linux/9/html/security_hardening[Security hardening]. +* For Red Hat Enterprise Linux 9, see link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening[Security hardening]. include::platform/con-controller-understand-architecture.adoc[leveloffset=+1] + +include::platform/con-controller-granting-access.adoc[leveloffset=+2] + include::platform/con-controller-minimize-administrative-accounts.adoc[leveloffset=+2] + include::platform/con-controller-minimize-system-access.adoc[leveloffset=+2] + include::platform/con-controller-remove-access-credentials.adoc[leveloffset=+2] + include::platform/con-controller-enforce-separation-duties.adoc[leveloffset=+2] + include::platform/ref-controller-available-resources.adoc[leveloffset=+1] + //include::platform/ref-controller-audit-functionality.adoc[leveloffset=+2] include::platform/ref-controller-existing-security.adoc[leveloffset=+2] + include::platform/ref-controller-external-account-stores.adoc[leveloffset=+2] -include::platform/ref-controller-django-password-policies.adoc[leveloffset=+2] + +include::platform/ref-controller-django-password-policies.adoc[leveloffset=+2] \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-granting-access.adoc b/downstream/modules/platform/con-controller-granting-access.adoc new file mode 100644 index 0000000000..0ba2921cfc --- /dev/null +++ b/downstream/modules/platform/con-controller-granting-access.adoc @@ -0,0 +1,13 @@ +:_mod-docs-content-type: CONCEPT + +[id="con-controller-granting-access"] + += Granting access + +Granting access to certain parts of the system exposes security risks. +Apply the following practices to help secure access: + +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-security-best-practices#controller-minimize-administrative-accounts[Minimize administrative accounts] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-security-best-practices#controller-minimize-system-access[Minimize local system access] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-security-best-practices#controller-remove-access-credentials[Remove access to credentials from users] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-security-best-practices#controller-enforce-separation-duties[Enforce separation of duties] \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-understand-architecture.adoc b/downstream/modules/platform/con-controller-understand-architecture.adoc index a54f6f12d9..f27556593a 100644 --- a/downstream/modules/platform/con-controller-understand-architecture.adoc +++ b/downstream/modules/platform/con-controller-understand-architecture.adoc @@ -15,17 +15,9 @@ At a higher level, tools exist that enable creation of approvals and policy-base These tools can then use Ansible through the {ControllerName}'s API to perform automation. You must use a secure default administrator password at the time of {ControllerName} installation. -For more information, see xref:ref-controller-change-admin-password[Change the {ControllerName} Administrator Password]. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-tips-and-tricks#ref-controller-change-admin-password[Change the {ControllerName} Administrator Password]. {ControllerNameStart} exposes services on certain well-known ports, such as port 80 for HTTP traffic and port 443 for HTTPS traffic. -Do not expose {ControllerName} on the open internet, which reduces the threat surface of your installation. - -== Granting access -Granting access to certain parts of the system exposes security risks. -Apply the following practices to help secure access: +Do not expose {ControllerName} on the open internet, which reduces the threat surface of your installation. -* xref:controller-minimize-administrative-accounts[Minimize administrative accounts] -* xref:controller-minimize-system-access[Minimize local system access] -* xref:controller-remove-access-credentials[Remove access to credentials from users] -* xref:controller-enforce-separation-duties[Enforce separation of duties] diff --git a/downstream/modules/platform/ref-controller-available-resources.adoc b/downstream/modules/platform/ref-controller-available-resources.adoc index 09bdd0c4a8..2e941b3d46 100644 --- a/downstream/modules/platform/ref-controller-available-resources.adoc +++ b/downstream/modules/platform/ref-controller-available-resources.adoc @@ -8,6 +8,6 @@ Several resources exist in {ControllerName} and elsewhere to ensure a secure pla Consider using the following functionalities: //* xref:controller-audit-functionality[Audit and logging functionality] -* xref:controller-existing-security[Existing security functionality] -* xref:controller-external-account-stores[External account stores] -* xref:controller-django-password-policies[Django password policies] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/configuring_automation_execution/controller-security-best-practices#controller-existing-security[Existing security functionality] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/configuring_automation_execution/controller-security-best-practices#controller-external-account-stores[External account stores] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/configuring_automation_execution/controller-security-best-practices#controller-django-password-policies[Django password policies] diff --git a/downstream/modules/platform/ref-controller-django-password-policies.adoc b/downstream/modules/platform/ref-controller-django-password-policies.adoc index 7b5ac56f4c..f1ab53d0fd 100644 --- a/downstream/modules/platform/ref-controller-django-password-policies.adoc +++ b/downstream/modules/platform/ref-controller-django-password-policies.adoc @@ -28,8 +28,10 @@ AUTH_PASSWORD_VALIDATORS = [ ] ---- +Ensure that you restart your {ControllerName} instance for the change to take effect. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-start-stop-controller[Start, stop, and restart {ControllerName}]. + +[role="_additional-resources"] .Additional resources -* For more information, see link:https://docs.djangoproject.com/en/3.2/topics/auth/passwords/#module-django.contrib.auth.password_validation[Password validation] in Django in addition to the preceding example. -* Ensure that you restart your {ControllerName} instance for the change to take effect. -For more information, see xref:controller-start-stop-controller[Start, stop, and restart {ControllerName}]. +link:https://docs.djangoproject.com/en/3.2/topics/auth/passwords/#module-django.contrib.auth.password_validation[Password validation] diff --git a/downstream/modules/platform/ref-controller-existing-security.adoc b/downstream/modules/platform/ref-controller-existing-security.adoc index 5825764461..ca05087742 100644 --- a/downstream/modules/platform/ref-controller-existing-security.adoc +++ b/downstream/modules/platform/ref-controller-existing-security.adoc @@ -4,9 +4,9 @@ = Existing security functionality -Do not disable SELinux or {ControllerName}'s existing multi-tenant containment. -Use {ControllerName}'s role-based access control (RBAC) to delegate the minimum level of privileges required to run automation. -Use teams in {ControllerName} to assign permissions to groups of users rather than to users individually. +Note the following: + +* Do not disable SELinux or {ControllerName}'s existing multi-tenant containment. +* Use {ControllerName}'s role-based access control (RBAC) to delegate the minimum level of privileges required to run automation. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/access_management_and_authentication/gw-managing-access[Managing access with role based access control] +* Use teams in {ControllerName} to assign permissions to groups of users rather than to users individually. -.Additional resources -For more information, see link:https://docs.ansible.com/automation-controller/4.4/html/userguide/security.html#rbac-ug[Role-Based Access Controls] in _{ControllerUG}_. From c4c797b0cb37762dc940823df2df919577e380ca Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Wed, 13 Aug 2025 09:56:34 +0100 Subject: [PATCH 43/71] DITA Readiness - Related Links (#4029) (#4039) * DITA Readiness - DevTools * PR suggestion --- .../assembly-definition-file-breakdown.adoc | 2 +- .../assembly-migrate-ansible-versions.adoc | 4 +-- .../dev-guide/assembly-tools-components.adoc | 4 +-- ...mbly-supported-installation-scenarios.adoc | 2 -- ...ng-rhsso-operator-with-automation-hub.adoc | 3 +- .../ref-complex-patching-scenarios.adoc | 4 ++- .../proc-create-molecule-scenario.adoc | 6 +++- .../proc-rhdh-add-additional-scm.adoc | 8 ++--- ...=> ref-devtools-run-roles-collection.adoc} | 2 +- ...mbly-devtools-create-roles-collection.adoc | 2 +- ...embly-devtools-extension-set-language.adoc | 21 ++++++++++++ .../devtools/assembly-devtools-install.adoc | 2 +- .../assembly-configuring-proxy-support.adoc | 5 +-- ...assembly-controller-secret-management.adoc | 5 +-- .../assembly-platform-install-overview.adoc | 9 ++++-- .../con-platform-components.adoc | 3 +- ...tools-extension-run-ansible-navigator.adoc | 11 ++++--- .../proc-devtools-extension-set-language.adoc | 32 ++----------------- ...evtools-extension-set-persistant-file.adoc | 27 ++++++++++++++++ .../proc-devtools-extension-settings.adoc | 8 ++--- ...roc-devtools-install-vscode-extension.adoc | 8 ++++- ...ols-migrate-existing-roles-collection.adoc | 6 ++-- ...oc-rhdh-add-plugin-software-templates.adoc | 7 ++-- .../devtools/proc-rhdh-configure-pah-url.adoc | 4 +-- .../modules/devtools/proc-rhdh-create.adoc | 2 +- 25 files changed, 115 insertions(+), 72 deletions(-) rename downstream/archive/archived-modules/devtools/{proc-devtools-run-roles-collection.adoc => ref-devtools-run-roles-collection.adoc} (96%) create mode 100644 downstream/assemblies/devtools/assembly-devtools-extension-set-language.adoc create mode 100644 downstream/modules/devtools/proc-devtools-extension-set-persistant-file.adoc diff --git a/downstream/archive/archived-assemblies/builder/assembly-definition-file-breakdown.adoc b/downstream/archive/archived-assemblies/builder/assembly-definition-file-breakdown.adoc index d7f64972ad..8937154765 100644 --- a/downstream/archive/archived-assemblies/builder/assembly-definition-file-breakdown.adoc +++ b/downstream/archive/archived-assemblies/builder/assembly-definition-file-breakdown.adoc @@ -19,4 +19,4 @@ include::builder/con-additional-custom-build-steps.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* For example definition files for common scenarios, see the link:https://ansible.readthedocs.io/projects/builder/en/latest/scenario_guides/scenario_copy/[Common scenarios section] of the _Ansible Builder Documentation_ +* link:https://ansible.readthedocs.io/projects/builder/en/latest/scenario_guides/scenario_copy/[Common scenarios section] \ No newline at end of file diff --git a/downstream/archive/archived-assemblies/dev-guide/assembly-migrate-ansible-versions.adoc b/downstream/archive/archived-assemblies/dev-guide/assembly-migrate-ansible-versions.adoc index 31196fcfd1..93275acd75 100644 --- a/downstream/archive/archived-assemblies/dev-guide/assembly-migrate-ansible-versions.adoc +++ b/downstream/archive/archived-assemblies/dev-guide/assembly-migrate-ansible-versions.adoc @@ -22,8 +22,8 @@ The Ansible _Porting Guide_ is a series of documents that provide information on [role="_additional-resources"] == Additional resources -* Refer to the link:https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.9.html#ansible-2-9-porting-guide[Ansible 2.9] for behavior changes between Ansible 2.8 and Ansible 2.9. -* Refer to the link:https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.10.html[Ansible 2.10] for behavior changes between Ansible 2.9 and Ansible 2.10. +* link:https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.9.html#ansible-2-9-porting-guide[Ansible 2.9] +* link:https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.10.html[Ansible 2.10] ifdef::parent-context[:context: {parent-context}] diff --git a/downstream/archive/archived-assemblies/dev-guide/assembly-tools-components.adoc b/downstream/archive/archived-assemblies/dev-guide/assembly-tools-components.adoc index 14f41d02c6..72e4161057 100644 --- a/downstream/archive/archived-assemblies/dev-guide/assembly-tools-components.adoc +++ b/downstream/archive/archived-assemblies/dev-guide/assembly-tools-components.adoc @@ -28,8 +28,8 @@ include::core/con-about-ansible-cli.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* For more information on how to use Ansible as a command line tool, refer to link:https://docs.ansible.com/ansible/latest/command_guide/command_line_tools.html[Working with command line tools] in the Ansible _User Guide_. -* To upload content to {HubName}, see link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html/getting_started_with_automation_hub/uploading-content-hub[Uploading content to automation hub] in the {PlatformNameShort} product documentation. +* link:https://docs.ansible.com/ansible/latest/command_guide/command_line_tools.html[Working with command line tools] +* link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html/getting_started_with_automation_hub/uploading-content-hub[Uploading content to automation hub] ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/archive/archived-assemblies/platform/assembly-supported-installation-scenarios.adoc b/downstream/archive/archived-assemblies/platform/assembly-supported-installation-scenarios.adoc index fe7ac3ba19..582baeeca4 100644 --- a/downstream/archive/archived-assemblies/platform/assembly-supported-installation-scenarios.adoc +++ b/downstream/archive/archived-assemblies/platform/assembly-supported-installation-scenarios.adoc @@ -4,8 +4,6 @@ Red Hat supports the following installations scenarios for {PlatformName}: -[role="_additional-resources"] -.Additional resources To edit inventory file parameters to specify a supported installation scenario, see link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html/red_hat_ansible_automation_platform_installation_guide/assembly-platform-install-scenario#con-install-scenario-examples[Inventory file examples based on installation scenarios] in the _{PlatformName} Installation Guide_. //[dcd 12/8/2022 Removing links until new guides are published because some topics were removed and others were added.] diff --git a/downstream/archive/archived-assemblies/platform/assembly-using-rhsso-operator-with-automation-hub.adoc b/downstream/archive/archived-assemblies/platform/assembly-using-rhsso-operator-with-automation-hub.adoc index e3cc82310f..8da6cf8516 100644 --- a/downstream/archive/archived-assemblies/platform/assembly-using-rhsso-operator-with-automation-hub.adoc +++ b/downstream/archive/archived-assemblies/platform/assembly-using-rhsso-operator-with-automation-hub.adoc @@ -35,9 +35,10 @@ include::platform/proc-installing-hub-using-operator.adoc[leveloffset=2] include::platform/proc-determine-hub-route.adoc[leveloffset=2] include::platform/proc-update-rhsso-client.adoc[leveloffset=2] +[role="_additional-resources"] == Additional resources -* For more information on running operators on {OCPShort}, see link:{BaseURL}/openshift_container_platform/{OCPLatest}/html/operators/index[Working with Operators in {OCPShort}] in the {OCPShort} product documentation. +* link:{BaseURL}/openshift_container_platform/{OCPLatest}/html/operators/index[Working with Operators in {OCPShort}] ifdef::parent-context[:context: {parent-context}] diff --git a/downstream/archive/archived-modules/aap-hardening/ref-complex-patching-scenarios.adoc b/downstream/archive/archived-modules/aap-hardening/ref-complex-patching-scenarios.adoc index 9c12df076f..600ff2876a 100644 --- a/downstream/archive/archived-modules/aap-hardening/ref-complex-patching-scenarios.adoc +++ b/downstream/archive/archived-modules/aap-hardening/ref-complex-patching-scenarios.adoc @@ -17,5 +17,7 @@ The following workflow visualization shows how the components of the example com image:workflow.png[Workflow representation] +[role="_additional-resources"] .Additional resources -For more information on workflows, see link:{URLControllerUserGuide}/controller-workflows[Workflows in automation controller]. \ No newline at end of file + +* link:{URLControllerUserGuide}/controller-workflows[Workflows in automation controller] \ No newline at end of file diff --git a/downstream/archive/archived-modules/devtools/proc-create-molecule-scenario.adoc b/downstream/archive/archived-modules/devtools/proc-create-molecule-scenario.adoc index 30243c5b2b..ae2fbc5b42 100644 --- a/downstream/archive/archived-modules/devtools/proc-create-molecule-scenario.adoc +++ b/downstream/archive/archived-modules/devtools/proc-create-molecule-scenario.adoc @@ -4,6 +4,10 @@ [role="_abstract"] +You can use this procedure to create a Molecule scenario for testing an Ansible playbook. The `molecule init scenario` command creates a `default/` scenario directory, which you must then rename to correspond with the playbook. + +.Procedure + . Navigate to the top level directory of your playbook project. . Initialize a Molecule scenario: + @@ -51,7 +55,7 @@ molecule └── molecule.yml ---- -== Creating scenarios for every playbook +.Next Steps Create a separate scenario for every playbook in your project. diff --git a/downstream/archive/archived-modules/devtools/proc-rhdh-add-additional-scm.adoc b/downstream/archive/archived-modules/devtools/proc-rhdh-add-additional-scm.adoc index 485255619c..f95c107c12 100644 --- a/downstream/archive/archived-modules/devtools/proc-rhdh-add-additional-scm.adoc +++ b/downstream/archive/archived-modules/devtools/proc-rhdh-add-additional-scm.adoc @@ -12,9 +12,9 @@ Follow the procedure below to add support for additional Source Control Manageme . In your repository, update the `enum` and `enumNames` keys with the SCM values. . Update the software template `action` to match your SCM type. . Register the forked repository with your customized templates in {RHDH}. - ++ For example, if you wanted to add GitLab as an SCM, your software template file would look similar to the following: - ++ ---- ... spec: @@ -35,8 +35,8 @@ spec: ---- -Under the `steps` section, use the appropriate action for your SCM: - +. Under the `steps` section, use the appropriate action for your SCM: ++ ---- steps: ... diff --git a/downstream/archive/archived-modules/devtools/proc-devtools-run-roles-collection.adoc b/downstream/archive/archived-modules/devtools/ref-devtools-run-roles-collection.adoc similarity index 96% rename from downstream/archive/archived-modules/devtools/proc-devtools-run-roles-collection.adoc rename to downstream/archive/archived-modules/devtools/ref-devtools-run-roles-collection.adoc index b72467f11d..34c41f3ef3 100644 --- a/downstream/archive/archived-modules/devtools/proc-devtools-run-roles-collection.adoc +++ b/downstream/archive/archived-modules/devtools/ref-devtools-run-roles-collection.adoc @@ -1,4 +1,4 @@ -:_mod-docs-content-type: PROCEDURE +:_mod-docs-content-type: REFERENCE [id="devtools-run-roles-collection_{context}"] = Running and testing your collection diff --git a/downstream/assemblies/devtools/assembly-devtools-create-roles-collection.adoc b/downstream/assemblies/devtools/assembly-devtools-create-roles-collection.adoc index 0bdd57505d..0c22859ed0 100644 --- a/downstream/assemblies/devtools/assembly-devtools-create-roles-collection.adoc +++ b/downstream/assemblies/devtools/assembly-devtools-create-roles-collection.adoc @@ -42,7 +42,7 @@ include::devtools/proc-devtools-create-new-role-in-collection.adoc[leveloffset=+ include::devtools/proc-devtools-docs-roles-collection.adoc[leveloffset=+1] -// include::devtools/proc-devtools-run-roles-collection.adoc[leveloffset=+1] +// include::devtools/ref-devtools-run-roles-collection.adoc[leveloffset=+1] // include::devtools/proc-devtools-molecule-test-roles-collection.adoc[leveloffset=+1] diff --git a/downstream/assemblies/devtools/assembly-devtools-extension-set-language.adoc b/downstream/assemblies/devtools/assembly-devtools-extension-set-language.adoc new file mode 100644 index 0000000000..9ea41281bc --- /dev/null +++ b/downstream/assemblies/devtools/assembly-devtools-extension-set-language.adoc @@ -0,0 +1,21 @@ +ifdef::context[:parent-context-of-assembly-devtools-install: {context}] +:_mod-docs-content-type: ASSEMBLY +[id="extension-set-language"] + += Manually adding the Ansible language to YAML files + +[role="_abstract"] + +The Ansible {VSCode} extension works only when the language associated with a file is set to Ansible. +The extension provides features that help create Ansible playbooks, such as auto-completion, hover, and diagnostics. + +The Ansible {VSCode} extension automatically associates the Ansible language with some files. +The procedures below describe how to set the language for files that are not recognized as Ansible files. + +include::devtools/proc-devtools-extension-set-language.adoc[leveloffset=+1] + +include::devtools/proc-devtools-extension-set-persistant-file.adoc[leveloffset=+1] + + +ifdef::parent-context-of-assembly-devtools-install[:context: {parent-context-of-assembly-devtools-install}] +ifndef::parent-context-of-assembly-devtools-install[:!context:] diff --git a/downstream/assemblies/devtools/assembly-devtools-install.adoc b/downstream/assemblies/devtools/assembly-devtools-install.adoc index d86f55696e..0138e8ec64 100644 --- a/downstream/assemblies/devtools/assembly-devtools-install.adoc +++ b/downstream/assemblies/devtools/assembly-devtools-install.adoc @@ -31,7 +31,7 @@ include::devtools/proc-devtools-install-vscode-extension.adoc[leveloffset=+2] include::devtools/proc-devtools-extension-settings.adoc[leveloffset=+2] -include::devtools/proc-devtools-extension-set-language.adoc[leveloffset=+2] +include::assembly-devtools-extension-set-language.adoc[leveloffset=+2] include::devtools/proc-devtools-ms-dev-containers-ext.adoc[leveloffset=+2] diff --git a/downstream/assemblies/platform/assembly-configuring-proxy-support.adoc b/downstream/assemblies/platform/assembly-configuring-proxy-support.adoc index c89965fed3..9bf029c5a9 100644 --- a/downstream/assemblies/platform/assembly-configuring-proxy-support.adoc +++ b/downstream/assemblies/platform/assembly-configuring-proxy-support.adoc @@ -25,8 +25,9 @@ include::platform/proc-configuring-reverse-proxy.adoc[leveloffset=+1] include::platform/con-sticky-sessions.adoc[leveloffset=+1] [role="_additional-resources"] -.Additional resources -* Refer to link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html[Sticky sessions for your Application Load Balancer] for more information about enabling sticky sessions. +== Additional resources + +* link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html[Sticky sessions for your Application Load Balancer] ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/downstream/assemblies/platform/assembly-controller-secret-management.adoc b/downstream/assemblies/platform/assembly-controller-secret-management.adoc index f520ad592d..bcac71fd56 100644 --- a/downstream/assemblies/platform/assembly-controller-secret-management.adoc +++ b/downstream/assemblies/platform/assembly-controller-secret-management.adoc @@ -24,9 +24,10 @@ With external credentials backed by credential plugins, you can map credential f These external secret values are fetched before running a playbook that needs them. -.Additional resources +[role="_additional-resources"] +== Additional resources -For more information about specifying secret management system credentials in the user interface, see link:{URLControllerUserGuide}/index#controller-credentials[Managing user credentials]. +* link:{URLControllerUserGuide}/index#controller-credentials[Managing user credentials]. include::platform/proc-controller-configure-secret-lookups.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-platform-install-overview.adoc b/downstream/assemblies/platform/assembly-platform-install-overview.adoc index 896f200c6e..dac11c8ffd 100644 --- a/downstream/assemblies/platform/assembly-platform-install-overview.adoc +++ b/downstream/assemblies/platform/assembly-platform-install-overview.adoc @@ -31,10 +31,13 @@ xref:proc-verify-aap-installation_platform-install-scenario[Verifying your {Plat //xref:assembly-platform-whats-next_platform-install-scenario[Post-installation steps]:: After successful installation, you can begin using the features of {PlatformNameShort}. [role="_additional-resources"] -.Additional resources +== Additional resources -. For more information about the supported installation scenarios, see the {LinkPlanningGuide}. -. For more information on available topologies, see {LinkTopologies}. +* {LinkPlanningGuide} +* {LinkTopologies} + +//[Gmurray] this will work for now, but I'd recommend rejigging this as it appears clunky in the built guide. Perhaps you could merge these additional resources into the prereqs - Something like You have reviewed the planning and tested topology guides or something. +== Next steps include::platform/con-aap-installation-prereqs.adoc[leveloffset=+1] diff --git a/downstream/modules/aap-hardening/con-platform-components.adoc b/downstream/modules/aap-hardening/con-platform-components.adoc index 3e3f5bd50e..04f9ec9e8c 100644 --- a/downstream/modules/aap-hardening/con-platform-components.adoc +++ b/downstream/modules/aap-hardening/con-platform-components.adoc @@ -11,4 +11,5 @@ [role="_additional-resources"] .Additional resources -For more information about the components provided within {PlatformNameShort}, see link:{URLPlanningGuide}/ref-aap-components[Red Hat Ansible Automation Platform components] in _{TitlePlanningGuide}_. + +* link:{URLPlanningGuide}/ref-aap-components[Red Hat Ansible Automation Platform components] diff --git a/downstream/modules/devtools/proc-devtools-extension-run-ansible-navigator.adoc b/downstream/modules/devtools/proc-devtools-extension-run-ansible-navigator.adoc index 63f370eacd..a8ead40d5c 100644 --- a/downstream/modules/devtools/proc-devtools-extension-run-ansible-navigator.adoc +++ b/downstream/modules/devtools/proc-devtools-extension-run-ansible-navigator.adoc @@ -3,6 +3,9 @@ = Running your playbook with `ansible-navigator` +[role="_abstract"] +You can run an Ansible playbook through `ansible-navigator` by right-clicking the playbook name in the Explorer pane. This procedure explains how to view the playbook's output and navigate the results for each play and task within the terminal. + .Prerequisites * In the Ansible extension settings, enable the use of an execution environment in *Ansible Execution Environment > Enabled*. @@ -12,7 +15,7 @@ . To run a playbook, right-click the playbook name in the Explorer pane, then select menu:Run Ansible Playbook via[Run playbook via ansible-navigator run]. + -The output is displayed in the *Terminal* tab of the {VSCode} terminal. +. View the output in the *Terminal* tab of the {VSCode} terminal. The *Successful* status indicates that the playbook ran successfully. + image:devtools-extension-navigator-output.png[Output for ansible-navigator execution] @@ -24,7 +27,7 @@ image:devtools-extension-navigator-tasks.png[Tasks in ansible-navigator output] + Type the number next to a task to review the task results. -For more information on running playbooks with {Navigator}, see -link:{URLNavigatorGuide}/assembly-execute-playbooks-navigator_ansible-navigator#proc-execute-playbook-tui_execute-playbooks-navigator[Executing a playbook from automation content navigator] -in the _{TitleNavigatorGuide}_ Guide. +[role="_additional-resources"] +.Additional resources +* link:{URLNavigatorGuide}/assembly-execute-playbooks-navigator_ansible-navigator#proc-execute-playbook-tui_execute-playbooks-navigator[Executing a playbook from automation content navigator] diff --git a/downstream/modules/devtools/proc-devtools-extension-set-language.adoc b/downstream/modules/devtools/proc-devtools-extension-set-language.adoc index c4c5c848f7..bc2c69b761 100644 --- a/downstream/modules/devtools/proc-devtools-extension-set-language.adoc +++ b/downstream/modules/devtools/proc-devtools-extension-set-language.adoc @@ -4,41 +4,13 @@ = Associating the Ansible language to YAML files [role="_abstract"] - -The Ansible {VSCode} extension works only when the language associated with a file is set to Ansible. -The extension provides features that help create Ansible playbooks, such as auto-completion, hover, and diagnostics. - -The Ansible {VSCode} extension automatically associates the Ansible language with some files. -The procedures below describe how to set the language for files that are not recognized as Ansible files. - -.Manually associating the Ansible language to YAML files - The following procedure describes how to manually assign the Ansible language to a YAML file that is open in {VSCode}. +.Procedure + . Open or create a YAML file in {VSCode}. . Hover the cursor over the language identified in the status bar at the bottom of the {VSCode} window to open the *Select Language Mode* list. . Select *Ansible* in the list. + The language shown in the status bar at the bottom of the {VSCode} window for the file is changed to Ansible. -.Adding persistent file association for the Ansible language to `settings.json` - -Alternatively, you can add file association for the Ansible language in your `settings.json` file. - -. Open the `settings.json` file: -.. Click menu:View[Command Palette] to open the command palette. -.. Enter `Workspace settings` in the search box and select *Open Workspace Settings (JSON)*. -. Add the following code to `settings.json`. -+ ----- -{ - ... - - "files.associations": { - "*plays.yml": "ansible", - "*init.yml": "yaml", - } -} ----- - - diff --git a/downstream/modules/devtools/proc-devtools-extension-set-persistant-file.adoc b/downstream/modules/devtools/proc-devtools-extension-set-persistant-file.adoc new file mode 100644 index 0000000000..3d170d685c --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-extension-set-persistant-file.adoc @@ -0,0 +1,27 @@ +[id="devtools-extension-set-persistant-file_{context}"] +:_mod-docs-content-type: PROCEDURE + += Adding persistent file association for the Ansible language to `settings.json` + +[role="_abstract"] +instread of manually associating the Ansible language to YAML files, you can add file association for the Ansible language in your `settings.json` file. + +.Procedure + +. Open the `settings.json` file: +.. Click menu:View[Command Palette] to open the command palette. +.. Enter `Workspace settings` in the search box and select *Open Workspace Settings (JSON)*. +. Add the following code to `settings.json`. ++ +---- +{ + ... + + "files.associations": { + "*plays.yml": "ansible", + "*init.yml": "yaml", + } +} +---- + + diff --git a/downstream/modules/devtools/proc-devtools-extension-settings.adoc b/downstream/modules/devtools/proc-devtools-extension-settings.adoc index 5b48be6d9c..85dc977a80 100644 --- a/downstream/modules/devtools/proc-devtools-extension-settings.adoc +++ b/downstream/modules/devtools/proc-devtools-extension-settings.adoc @@ -29,8 +29,7 @@ This is necessary because the file that stores settings preferences for workspac . Open the Ansible extension settings: .. Click the image:vscode-extensions-icon.png[Extensions,15,15] *Extensions* icon in the activity bar. .. Select the Ansible extension, and click the 'gear' icon and then *Extension Settings* to display the extension settings. -+ -Alternatively, click menu:Code[Settings>Settings] to open the *Settings* page. +* Alternatively, click menu:Code[Settings>Settings] to open the *Settings* page. .. Enter `Ansible` in the search bar to display the settings for the extension. . Select the *Workspace* tab to configure your settings for the current {VSCode} workspace. ** If the *Workspace* tab is not displayed, open a folder or create a new folder using the menu:File[Open Folder] menu. @@ -43,6 +42,7 @@ Modify the settings to suit your requirements: [role="_additional-resources"] .Additional resources -* For information about Ansible {VSCode} extension settings, see the link:https://marketplace.visualstudio.com/items?itemName=redhat.ansible[Ansible {VSCode} Extension by Red Hat page] in the VisualStudio marketplace documentation. -* For information about {VSCode} workspaces, see link:https://code.visualstudio.com/docs/editing/workspaces/workspaces[What is a {VSCode} workspace?] in the Visual Studio Code documentation. + +* link:https://marketplace.visualstudio.com/items?itemName=redhat.ansible[Ansible {VSCode} Extension by Red Hat page] +* link:https://code.visualstudio.com/docs/editing/workspaces/workspaces[What is a {VSCode} workspace?] diff --git a/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc b/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc index fb1bca5f4e..7595d861ec 100644 --- a/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc +++ b/downstream/modules/devtools/proc-devtools-install-vscode-extension.adoc @@ -12,13 +12,17 @@ For a full description of the Ansible extension, see the link:https://marketplac See link:https://red.ht/aap-lp-vscode-essentials[Learning path - Getting Started with the Ansible {VSCode} Extension] for tutorials on working with the extension. -To install the Ansible {VSCode} extension: +Use the following procedure to install the Ansible {VSCode} extension: + +.Procedure . Open {VSCode}. . Click the *Extensions* (image:vscode-extensions-icon.png[Extensions,15,15]) icon in the Activity Bar, or click menu:View[Extensions], to display the *Extensions* view. . In the search field in the *Extensions* view, type `Ansible Red Hat`. . Select the Ansible extension and click btn:[Install]. +.Verification + When the language for a file is recognized as Ansible, the Ansible extension provides features such as auto-completion, hover, diagnostics, and goto. The language identified for a file is displayed in the Status bar at the bottom of the {VSCode} window. @@ -29,6 +33,8 @@ The following files are assigned the Ansible language: * Certain YAML names recognized by Ansible, for example `site.yml` or `site.yaml` * YAML files whose filename contains "playbook": `*playbook*.yml` or `*playbook*.yaml` +.Troubleshooting + If the extension does not identify the language for your playbook files as Ansible, follow the procedure in link:{URLDevelopAutomationContent}/installing-devtools#devtools-extension-set-language_installing-devtools[Associating the Ansible language to YAML files]. diff --git a/downstream/modules/devtools/proc-devtools-migrate-existing-roles-collection.adoc b/downstream/modules/devtools/proc-devtools-migrate-existing-roles-collection.adoc index 89d4cb6878..c54ea4fd1f 100644 --- a/downstream/modules/devtools/proc-devtools-migrate-existing-roles-collection.adoc +++ b/downstream/modules/devtools/proc-devtools-migrate-existing-roles-collection.adoc @@ -82,8 +82,10 @@ company_namespace + The `run` role is a default role directory that is created when you scaffold the collection. . Update your playbooks to use the fully qualified collection name (FQDN) for your new roles in your collection. - ++ +[NOTE] +==== Not every standalone role will seamlessly integrate into your collection without modification of the code. For example, if a third-party standalone role from Galaxy that contains a plug-in uses the `module_utils/` directory, then the plug-in itself has import statements. - +==== diff --git a/downstream/modules/devtools/proc-rhdh-add-plugin-software-templates.adoc b/downstream/modules/devtools/proc-rhdh-add-plugin-software-templates.adoc index e6e8592681..02569f3e50 100644 --- a/downstream/modules/devtools/proc-rhdh-add-plugin-software-templates.adoc +++ b/downstream/modules/devtools/proc-rhdh-add-plugin-software-templates.adoc @@ -9,6 +9,7 @@ Red Hat Ansible provides software templates for {RHDH} to provision new playbook . Edit your custom {RHDH} config map, for example `app-config-rhdh`. . Add the following code to your {RHDH} `app-config-rhdh.yaml` file. ++ ---- data: app-config-rhdh.yaml: | @@ -22,7 +23,7 @@ data: - allow: [Template] ---- -For more information, refer to the -link:{BaseURL}/red_hat_developer_hub/1.2/html-single/administration_guide_for_red_hat_developer_hub/assembly-admin-templates#assembly-admin-templates[Managing templates] -section of the _Administration guide for Red Hat Developer Hub_. +[role="_additional-resources"] +.Additional resources +* link:{BaseURL}/red_hat_developer_hub/1.2/html-single/administration_guide_for_red_hat_developer_hub/assembly-admin-templates#assembly-admin-templates[Managing templates] diff --git a/downstream/modules/devtools/proc-rhdh-configure-pah-url.adoc b/downstream/modules/devtools/proc-rhdh-configure-pah-url.adoc index 218af264d3..9d57721393 100644 --- a/downstream/modules/devtools/proc-rhdh-configure-pah-url.adoc +++ b/downstream/modules/devtools/proc-rhdh-configure-pah-url.adoc @@ -14,13 +14,13 @@ The {PrivateHubName} configuration is optional but recommended. The Ansible plug-ins will function without it. ==== -.Prerequisites: +.Prerequisites * A {PrivateHubName} instance. + For more information on installing {PrivateHubName}, refer to the installation guides in the link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}[{PlatformNameShort} documentation]. -.Procedure: +.Procedure . Edit your custom {RHDH} config map, for example `app-config-rhdh`. . Add the following code to your {RHDH} `app-config-rhdh.yaml` file. diff --git a/downstream/modules/devtools/proc-rhdh-create.adoc b/downstream/modules/devtools/proc-rhdh-create.adoc index a26d4155d0..01054bcc8b 100644 --- a/downstream/modules/devtools/proc-rhdh-create.adoc +++ b/downstream/modules/devtools/proc-rhdh-create.adoc @@ -8,7 +8,7 @@ * Ensure you have the correct access (RBAC) to view the templates in {RHDH}. Ask your administrator to assign access to you if necessary. -.Procedure: +.Procedure . Log in to your {RHDH} UI. . Click the Ansible `A` icon in the {RHDH} navigation panel. From 792f503aad7e75b8e1da2fbc0d506b597f761c6b Mon Sep 17 00:00:00 2001 From: EMcWhinn <122449381+EMcWhinn@users.noreply.github.com> Date: Wed, 13 Aug 2025 10:15:31 +0100 Subject: [PATCH 44/71] Editing controller files for DITA (#4037) (#4040) Configuring automation execution modular compliance chapter 17 https://issues.redhat.com/browse/AAP-46737 Affects titles/controller-admin-guide --- .../assembly-ag-controller-backup-and-restore.adoc | 7 +++++-- .../platform/con-controller-backup-restore-playbooks.adoc | 2 +- ...f-controller-backup-restore-clustered-environments.adoc | 4 ++-- .../ref-controller-backup-restore-considerations.adoc | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc b/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc index a11dc60e04..50cdbf55d1 100644 --- a/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc +++ b/downstream/assemblies/platform/assembly-ag-controller-backup-and-restore.adoc @@ -4,7 +4,7 @@ = Backup and restore -You can backup and restore your system using the {PlatformNameShort} setup playbook. +You can backup and restore your system by using the {PlatformNameShort} setup playbook. For more information, see the link:{URLControllerAdminGuide}/index#controller-backup-restore-clustered-environments[Backup and restore clustered environments] section. @@ -18,7 +18,7 @@ Backup and restore functionality only works with the PostgreSQL versions support For more information, see link:{URLPlanningGuide}/platform-system-requirements[System requirements] in _{TitlePlanningGuide}_. ==== -The {PlatformNameShort} setup playbook is invoked as `setup.sh` from the path where you unpacked the platform installer tarball. +The {PlatformNameShort} setup playbook is invoked as `setup.sh` from the path where you unpacked the platform installer tar file. It uses the same inventory file used by the install playbook. The setup script takes the following arguments for backing up and restoring: @@ -56,6 +56,9 @@ setup.sh -i ---- include::platform/con-controller-backup-restore-playbooks.adoc[leveloffset=+1] + include::platform/ref-controller-backup-restore-considerations.adoc[leveloffset=+1] + include::platform/ref-controller-backup-restore-clustered-environments.adoc[leveloffset=+1] + include::platform/con-controller-restore-different-cluster.adoc[leveloffset=+2] diff --git a/downstream/modules/platform/con-controller-backup-restore-playbooks.adoc b/downstream/modules/platform/con-controller-backup-restore-playbooks.adoc index 7fc64747d6..a9168427f8 100644 --- a/downstream/modules/platform/con-controller-backup-restore-playbooks.adoc +++ b/downstream/modules/platform/con-controller-backup-restore-playbooks.adoc @@ -16,7 +16,7 @@ These playbooks serve to backup and restore. ** Manual projects * The restore backup restores the backed up files and data to a freshly installed and working second instance of {ControllerName}. -When restoring your system, the installer checks to see that the backup file exists before beginning the restoration. +When restoring your system, installation program checks to see that the backup file exists before beginning the restoration. If the backup file is not available, your restoration fails. [NOTE] diff --git a/downstream/modules/platform/ref-controller-backup-restore-clustered-environments.adoc b/downstream/modules/platform/ref-controller-backup-restore-clustered-environments.adoc index f23fb4535a..a75883f49d 100644 --- a/downstream/modules/platform/ref-controller-backup-restore-clustered-environments.adoc +++ b/downstream/modules/platform/ref-controller-backup-restore-clustered-environments.adoc @@ -8,12 +8,12 @@ The procedure for backup and restore for a clustered environment is similar to a [NOTE] ==== -For more information on installing clustered environments, see the xref:controller-cluster-install[Install and configure] section. +For more information about installing clustered environments, see the xref:controller-cluster-install[Install and configure] section. ==== * If restoring to a new cluster, ensure that the old cluster is shut down before proceeding because they can conflict with each other when accessing the database. * Per-node backups are only restored to nodes bearing the same hostname as the backup. -* When restoring to an existing cluster, the restore contains the following: +* When restoring to an existing cluster, the restore has the following: ** A dump of the PostgreSQL database ** UI artifacts, included in the database dump diff --git a/downstream/modules/platform/ref-controller-backup-restore-considerations.adoc b/downstream/modules/platform/ref-controller-backup-restore-considerations.adoc index 97b1c1df82..9e8d81c16f 100644 --- a/downstream/modules/platform/ref-controller-backup-restore-considerations.adoc +++ b/downstream/modules/platform/ref-controller-backup-restore-considerations.adoc @@ -20,7 +20,7 @@ The {PlatformNameShort} database backups are staged on each node at `/var/backup Version:: You must always use the most recent minor version of a release to backup or restore your {PlatformNameShort} installation version. For example, if the current platform version you are on is 2.0.x, only use the latest 2.0 installer. -File path:: When using `setup.sh` in order to do a restore from the default restore file path, `/var/lib/awx`, `-r` is still required in order to do the restore, but it no longer accepts an argument. +File path:: When using `setup.sh` to do a restore from the default restore file path, `/var/lib/awx`, `-r` is still required to do the restore, but it no longer accepts an argument. If a non-default restore file path is needed, you must provide this as an extra_var (`root@localhost:~# ./setup.sh -e 'restore_backup_file=/path/to/nondefault/backup.tar.gz' -r`). Directory:: If the backup file is placed in the same directory as the `setup.sh` installer, the restore playbook automatically locates the restore files. From 572f70505c701b5cbf4afb932450b702405703c7 Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Wed, 13 Aug 2025 11:15:55 +0100 Subject: [PATCH 45/71] DITA migration changes (2.6): CAG Ch 16 (#4044) Configuring automation execution UI and modular compliance chapter 16 https://issues.redhat.com/browse/AAP-46736 --- .../assembly-controller-awx-manage-utility.adoc | 5 ++++- .../platform/ref-controller-cleanup-old-data.adoc | 10 ++-------- .../ref-controller-cluster-management.adoc | 2 +- .../platform/ref-controller-inventory-import.adoc | 15 +++------------ 4 files changed, 10 insertions(+), 22 deletions(-) diff --git a/downstream/assemblies/platform/assembly-controller-awx-manage-utility.adoc b/downstream/assemblies/platform/assembly-controller-awx-manage-utility.adoc index 245b649c1b..df331fb455 100644 --- a/downstream/assemblies/platform/assembly-controller-awx-manage-utility.adoc +++ b/downstream/assemblies/platform/assembly-controller-awx-manage-utility.adoc @@ -8,13 +8,16 @@ Use the `awx-manage` utility to access detailed internal information of {Control Commands for `awx-manage` must run as the `awx` user only. include::platform/ref-controller-inventory-import.adoc[leveloffset=+1] + include::platform/ref-controller-cleanup-old-data.adoc[leveloffset=+1] + include::platform/ref-controller-cluster-management.adoc[leveloffset=+1] + //include::platform/ref-controller-token-session-management.adoc[leveloffset=+1] //include::platform/ref-controller-create-oauth2-token.adoc[leveloffset=+2] //include::platform/ref-controller-revoke-oauth2-token.adoc[leveloffset=+2] //include::platform/ref-controller-clear-tokens.adoc[leveloffset=+2] //include::platform/ref-controller-expire-sessions.adoc[leveloffset=+2] //include::platform/ref-controller-clear-sessions.adoc[leveloffset=+2] -include::platform/ref-controller-analytics-gathering.adoc[leveloffset=+1] +include::platform/ref-controller-analytics-gathering.adoc[leveloffset=+1] diff --git a/downstream/modules/platform/ref-controller-cleanup-old-data.adoc b/downstream/modules/platform/ref-controller-cleanup-old-data.adoc index 87f598adb7..c13bcbb260 100644 --- a/downstream/modules/platform/ref-controller-cleanup-old-data.adoc +++ b/downstream/modules/platform/ref-controller-cleanup-old-data.adoc @@ -7,16 +7,10 @@ `awx-manage` has a variety of commands used to clean old data from {ControllerName}. {ControllerNameStart} administrators can use the {ControllerName} *Management Jobs* interface for access or use the command line. -[literal, options="nowrap" subs="+attributes"] ----- -awx-manage cleanup_jobs [--help] ----- +* `awx-manage cleanup_jobs [--help]` This permanently deletes the job details and job output for jobs older than a specified number of days. -[literal, options="nowrap" subs="+attributes"] ----- -awx-manage cleanup_activitystream [--help] ----- +* `awx-manage cleanup_activitystream [--help]` This permanently deletes any [Activity stream] data older than a specific number of days. \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-cluster-management.adoc b/downstream/modules/platform/ref-controller-cluster-management.adoc index 9e44018426..ca7d31c048 100644 --- a/downstream/modules/platform/ref-controller-cluster-management.adoc +++ b/downstream/modules/platform/ref-controller-cluster-management.adoc @@ -4,7 +4,7 @@ = Cluster management -For more information about the `awx-manage provision_instance` and `awx-manage deprovision_instance` commands, see xref:controller-clustering[Clustering]. +For more information about the `awx-manage provision_instance` and `awx-manage deprovision_instance` commands, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/controller-clustering[Clustering]. [NOTE] ==== diff --git a/downstream/modules/platform/ref-controller-inventory-import.adoc b/downstream/modules/platform/ref-controller-inventory-import.adoc index 75309c9bab..a032eb8c0d 100644 --- a/downstream/modules/platform/ref-controller-inventory-import.adoc +++ b/downstream/modules/platform/ref-controller-inventory-import.adoc @@ -10,19 +10,13 @@ To use `awx-manage` properly, you must first create an inventory in {ControllerN For help with `awx-manage`, run the following command: -[literal, options="nowrap" subs="+attributes"] ----- -awx-manage inventory_import [--help] ----- +`awx-manage inventory_import [--help]` The `inventory_import` command synchronizes an {ControllerName} inventory object with a text-based inventory file, dynamic inventory script, or a directory of one or more, as supported by core Ansible. When running this command, specify either an `--inventory-id` or `--inventory-name`, and the path to the Ansible inventory source (`--source`). -[literal, options="nowrap" subs="+attributes"] ----- -awx-manage inventory_import --source=/ansible/inventory/ --inventory-id=1 ----- +`awx-manage inventory_import --source=/ansible/inventory/ --inventory-id=1` By default, inventory data already stored in {ControllerName} blends with data from the external source. @@ -32,10 +26,7 @@ To specify that any existing hosts get variable data exclusively from the `--sou The default behavior adds any new variables from the external source, overwriting keys that already exist, but preserving any variables that were not sourced from the external data source. -[literal, options="nowrap" subs="+attributes"] ----- -awx-manage inventory_import --source=/ansible/inventory/ --inventory-id=1 --overwrite ----- +`awx-manage inventory_import --source=/ansible/inventory/ --inventory-id=1 --overwrite` [NOTE] ==== From 52e286385ddb526bbe79925a84c88760a61e7493 Mon Sep 17 00:00:00 2001 From: Aine Riordan <44700011+ariordan-redhat@users.noreply.github.com> Date: Wed, 13 Aug 2025 12:40:57 +0100 Subject: [PATCH 46/71] Added new title for Automation Dashboard (#4034) (#4046) * Added new title for Automation Dashboard Co-authored-by: Elizabeth Murtough <114593312+emurtoug@users.noreply.github.com> --- downstream/attributes/attributes.adoc | 9 ++++++++- .../titles/automation-dashboard/aap-common | 1 + .../titles/automation-dashboard/analytics | 1 + .../titles/automation-dashboard/attributes | 1 + .../titles/automation-dashboard/docinfo.xml | 11 ++++++++++ downstream/titles/automation-dashboard/images | 1 + .../titles/automation-dashboard/master.adoc | 20 +++++++++++++++++++ .../titles/automation-dashboard/snippets | 1 + 8 files changed, 44 insertions(+), 1 deletion(-) create mode 120000 downstream/titles/automation-dashboard/aap-common create mode 120000 downstream/titles/automation-dashboard/analytics create mode 120000 downstream/titles/automation-dashboard/attributes create mode 100644 downstream/titles/automation-dashboard/docinfo.xml create mode 120000 downstream/titles/automation-dashboard/images create mode 100644 downstream/titles/automation-dashboard/master.adoc create mode 120000 downstream/titles/automation-dashboard/snippets diff --git a/downstream/attributes/attributes.adoc b/downstream/attributes/attributes.adoc index c37f2ff991..32015fe5af 100644 --- a/downstream/attributes/attributes.adoc +++ b/downstream/attributes/attributes.adoc @@ -42,6 +42,8 @@ :OpenAI: OpenAI :AzureOpenAI: Microsoft Azure OpenAI +// Automation Dashboard +:AutomationDashboardName: Automation Dashboard // AAP on Clouds :AAPonAzureName: Red Hat Ansible Automation Platform on Microsoft Azure @@ -508,4 +510,9 @@ // Clouds branch titles/saas-aws :TitleSaaSAWSGuide: Red Hat Ansible Automation Platform Service on AWS :URLSaaSAWSGuide: {BaseURL}/ansible_on_clouds/2.x_latest/html/red_hat_ansible_automation_platform_service_on_aws -:LinkSaaSAWSGuide: link:{URLSaaSAWSGuide}[{TitleSaaSAWSGuide}] +:LinkSaaSAWSGuide: {URLSaaSAWSGuide}[{TitleSaaSAWSGuide}] +// +// titles/automation-dashboard +:TitleAutomationDashboard: Using Automation Dashboard +:URLAutomationDashboard: {BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html/using_automation_dashboard +:LinkAutomationDashboard: {URLAutomationDashboard}[{TitleAutomationDashboard}] diff --git a/downstream/titles/automation-dashboard/aap-common b/downstream/titles/automation-dashboard/aap-common new file mode 120000 index 0000000000..472eeb4dac --- /dev/null +++ b/downstream/titles/automation-dashboard/aap-common @@ -0,0 +1 @@ +../../aap-common \ No newline at end of file diff --git a/downstream/titles/automation-dashboard/analytics b/downstream/titles/automation-dashboard/analytics new file mode 120000 index 0000000000..398799683d --- /dev/null +++ b/downstream/titles/automation-dashboard/analytics @@ -0,0 +1 @@ +../../assemblies/analytics/ \ No newline at end of file diff --git a/downstream/titles/automation-dashboard/attributes b/downstream/titles/automation-dashboard/attributes new file mode 120000 index 0000000000..a5caaa73a5 --- /dev/null +++ b/downstream/titles/automation-dashboard/attributes @@ -0,0 +1 @@ +../../attributes \ No newline at end of file diff --git a/downstream/titles/automation-dashboard/docinfo.xml b/downstream/titles/automation-dashboard/docinfo.xml new file mode 100644 index 0000000000..295b72afe2 --- /dev/null +++ b/downstream/titles/automation-dashboard/docinfo.xml @@ -0,0 +1,11 @@ +Using Automation Dashboard +Red Hat Ansible Automation Platform +2.5 +Visualize, measure, and optimize automation usage + +This guide describes how to install and configure Automation Dashboard to evaluate automation usage across your environments and the savings associated with it. + + + Red Hat Customer Content Services + + diff --git a/downstream/titles/automation-dashboard/images b/downstream/titles/automation-dashboard/images new file mode 120000 index 0000000000..5fa6987088 --- /dev/null +++ b/downstream/titles/automation-dashboard/images @@ -0,0 +1 @@ +../../images \ No newline at end of file diff --git a/downstream/titles/automation-dashboard/master.adoc b/downstream/titles/automation-dashboard/master.adoc new file mode 100644 index 0000000000..61c5a2f423 --- /dev/null +++ b/downstream/titles/automation-dashboard/master.adoc @@ -0,0 +1,20 @@ +:imagesdir: images +:numbered: +:toclevels: 1 + +:experimental: + +include::attributes/attributes.adoc[] + + +// Book Title += Using Automation Dashboard + +This guide describes how to install and configure {AutomationDashboardName} to evaluate automation usage across your environments and the savings associated with it. + +// Downstream content only +include::{Boilerplate}[] + +// Contents +// Test assembly: replace with content for Automation Dashboard +include::analytics/assembly-data-dictionary.adoc[leveloffset=+1] diff --git a/downstream/titles/automation-dashboard/snippets b/downstream/titles/automation-dashboard/snippets new file mode 120000 index 0000000000..5a3f5add14 --- /dev/null +++ b/downstream/titles/automation-dashboard/snippets @@ -0,0 +1 @@ +../../snippets/ \ No newline at end of file From 6c5cf49fa3797d645d6739566f2b8b93d8da014a Mon Sep 17 00:00:00 2001 From: Robert Grange <95885266+rogrange@users.noreply.github.com> Date: Wed, 13 Aug 2025 10:20:35 -0400 Subject: [PATCH 47/71] Updated AAP-50374 to indicate it is now enabled (#4049) (#4051) --- downstream/titles/release-notes/async/aap-25-20250730.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/downstream/titles/release-notes/async/aap-25-20250730.adoc b/downstream/titles/release-notes/async/aap-25-20250730.adoc index 160c0e8993..480cd31278 100644 --- a/downstream/titles/release-notes/async/aap-25-20250730.adoc +++ b/downstream/titles/release-notes/async/aap-25-20250730.adoc @@ -46,7 +46,7 @@ With this update, the following CVEs have been addressed: * link:https://access.redhat.com/security/cve/CVE-2025-2099[CVE-2025-2099] `ansible-automation-platform-25/lightspeed-chatbot-rhel8`: Regular Expression Denial of Service (ReDoS) in uggingface/transformers.(AAP-48621) -* link:https://access.redhat.com/security/cve/CVE-2025-5988[CVE-2025-5988] `automation-gateway`: CSRF origin checking is disabled.(AAP-50374) +* link:https://access.redhat.com/security/cve/CVE-2025-5988[CVE-2025-5988] `automation-gateway`: CSRF origin checking is enabled.(AAP-50374) From 5c2d04eaaf180e6a548341da1f56f3796e529ea7 Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Wed, 13 Aug 2025 16:24:34 +0100 Subject: [PATCH 48/71] OCP 2.6 edits after SME review (#4052) (#4053) --- .../modules/platform/con-operator-channel-upgrade.adoc | 2 +- downstream/modules/platform/proc-operator-upgrade.adoc | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/downstream/modules/platform/con-operator-channel-upgrade.adoc b/downstream/modules/platform/con-operator-channel-upgrade.adoc index d09e0d93d6..22b6c17a3d 100644 --- a/downstream/modules/platform/con-operator-channel-upgrade.adoc +++ b/downstream/modules/platform/con-operator-channel-upgrade.adoc @@ -48,5 +48,5 @@ For each major or minor version channel, there is a corresponding "cluster-scope [IMPORTANT] ==== -Cluster-scoped bundles are not compatible with namespace-scoped bundles. Do not try to switch between normal (stable-2.4 for example) channels and cluster-scoped (stable-2.4-cluster-scoped) channels, as this is not supported. +Cluster-scoped bundles are not compatible with namespace-scoped bundles. Do not try to switch between normal (stable-2.6 for example) channels and cluster-scoped (stable-2.6-cluster-scoped) channels, as this is not supported. ==== \ No newline at end of file diff --git a/downstream/modules/platform/proc-operator-upgrade.adoc b/downstream/modules/platform/proc-operator-upgrade.adoc index 36f2424258..858a05bcb1 100644 --- a/downstream/modules/platform/proc-operator-upgrade.adoc +++ b/downstream/modules/platform/proc-operator-upgrade.adoc @@ -32,9 +32,9 @@ Upgrading from {EDAName} 2.4 is not supported. If you are using {EDAName} 2.4 in . Navigate to menu:Operators[Installed Operators]. . Select the {OperatorPlatformNameShort} installed on your project namespace. . Select the *Subscriptions* tab. -. Depending on your current version change the channel: -.. 2.4: Change from *stable-2.4* to *stable-2.6* -.. 2.5: Change from *stable-2.5* to *stable-2.6* +. Change the channel: +.. To upgrade from version 2.4, change the channel to *stable-2.6*. +.. To upgrade from version 2.5, change the channel to *stable-2.6*. . This creates an InstallPlan for the user. Click btn:[Preview InstallPlan]. . Click btn:[Approve]. . Create a Custom Resource (CR) using the {PlatformNameShort} UI. The {ControllerName} and {HubName} UIs remain until all SSO configuration is supported in the {Gateway} UI. From c7a02342ab9393a198332d00f956e36ce32e5e22 Mon Sep 17 00:00:00 2001 From: Jameria Self <73364088+jself-sudoku@users.noreply.github.com> Date: Wed, 13 Aug 2025 18:43:10 -0400 Subject: [PATCH 49/71] AAP-49985 Removal of max_running_activations setting references in AAP documentation (#4028) (#4054) * AAP-49985 Removed eda maximum running activations from appendices * AAP-49985 Removal of EDA max simultaneous activations from Using automation decisions * AAP-49985 Removed sections on maximum simultaneous activations from workload topics * AAP-49985 Removed EDA max simultaneous running activations content from EDA performance chapter * AAP-49985 Removed modules related to eda max activations and updated concept module * AAP-49985 Final deletions of eda max activations content from the EDA user guide * AAP-49985 Remove hidden comment; permanently deleted paragraph * AAP-49985 Final tweak to sentence in EDA requirements --- .../eda/con-characterizing-your-workload.adoc | 2 +- ...on-modifying-simultaneous-activations.adoc | 22 ------------------- .../proc-eda-activation-stuck-pending.adoc | 14 ++---------- ...c-modifying-activations-after-install.adoc | 14 ------------ ...-modifying-activations-during-install.adoc | 14 ------------ .../con-operator-custom-resources.adoc | 10 --------- .../ref-eda-controller-variables.adoc | 6 ----- .../platform/ref-eda-system-requirements.adoc | 3 +-- ...ref-gateway-controller-hub-eda-ext-db.adoc | 2 -- .../modules/platform/ref-operator-crs.adoc | 16 -------------- 10 files changed, 4 insertions(+), 99 deletions(-) delete mode 100644 downstream/modules/eda/con-modifying-simultaneous-activations.adoc delete mode 100644 downstream/modules/eda/proc-modifying-activations-after-install.adoc delete mode 100644 downstream/modules/eda/proc-modifying-activations-during-install.adoc diff --git a/downstream/modules/eda/con-characterizing-your-workload.adoc b/downstream/modules/eda/con-characterizing-your-workload.adoc index cd064c636a..0fe21a864f 100644 --- a/downstream/modules/eda/con-characterizing-your-workload.adoc +++ b/downstream/modules/eda/con-characterizing-your-workload.adoc @@ -8,5 +8,5 @@ In {EDAcontroller}, your workload includes the number of rulebook activations an . Number of simultaneous rulebook activations . Number of events received by {EDAcontroller} -include::con-modifying-simultaneous-activations.adoc[leveloffset=+1] include::con-modifying-memory-limit.adoc[leveloffset=+1] + diff --git a/downstream/modules/eda/con-modifying-simultaneous-activations.adoc b/downstream/modules/eda/con-modifying-simultaneous-activations.adoc deleted file mode 100644 index c594e55be5..0000000000 --- a/downstream/modules/eda/con-modifying-simultaneous-activations.adoc +++ /dev/null @@ -1,22 +0,0 @@ -:_mod-docs-content-type: CONCEPT -[id="modifying-simultaneous-activations"] - -= Modifying the number of simultaneous rulebook activations - -By default, {EDAcontroller} allows 12 rulebook activations per node. For example, with two worker or hybrid nodes, it results in a limit of 24 activations in total to run simultaneously. -If more than 24 rulebook activations are created, the expected behavior is that subsequent rulebook activations wait until there is an available rulebook activation worker. -In this case, the rulebook activation status is displayed as *Pending* even if there is enough free memory and CPU on your {EDAcontroller} instance. -To change this behavior, you must change the default maximum number of running rulebook activations. - -[NOTE] -==== -* The value for `MAX_RUNNING_ACTIVATIONS` does not change when you modify the instance size, so it needs to be adjusted manually. -* If you are installing {EDAName} on {OCPShort}, the 12 rulebook activations per node is a global value since there is no concept of worker nodes when installing {EDAName} on {OCPShort}. For more information, see link:{URLOperatorInstallation}/operator-install-operator_operator-platform-doc#modifying_the_number_of_simultaneous_rulebook_activations_during_or_after_event_driven_ansible_controller_installation[Modifying the number of simultaneous rulebook activations during or after {EDAcontroller} installation] in {LinkOperatorInstallation}. -==== - -include::proc-modifying-activations-during-install.adoc[leveloffset=+1] -include::proc-modifying-activations-after-install.adoc[leveloffset=+1] - -.Additional references -* link:https://access.redhat.com/documentation/en-us/red_hat_ansible_automation_platform/2.4/html-single/event-driven_ansible_controller_user_guide/index#eda-rulebook-activations[Rulebook activations] -* link:{URLOperatorInstallation}/appendix-operator-crs_appendix-operator-crs#eda_max_running_activations_yml[eda_max_running_activations_yml] \ No newline at end of file diff --git a/downstream/modules/eda/proc-eda-activation-stuck-pending.adoc b/downstream/modules/eda/proc-eda-activation-stuck-pending.adoc index 51ac406aff..87238758ab 100644 --- a/downstream/modules/eda/proc-eda-activation-stuck-pending.adoc +++ b/downstream/modules/eda/proc-eda-activation-stuck-pending.adoc @@ -8,18 +8,8 @@ Perform the following steps if your rulebook activation is stuck in *Pending* st . Confirm whether there are other running activations and if you have reached the limits (for example, memory or CPU limits). .. If there are other activations running, terminate one or more of them, if possible. -.. If not, check that the default worker, Redis, and activation worker are all running. If all systems are working as expected, check your eda-server internal logs in the worker, scheduler, API, and nginx containers and services to see if the problem can be determined. -+ -[NOTE] -==== -These logs reveal the source of the issue, such as an exception thrown by the code, a runtime error with network issues, or an error with the rulebook code. If your internal logs do not provide information that leads to resolution, report the issue to Red Hat support. -==== +.. If not, check that the default worker, Redis, and activation worker are all running. +.. If all systems are working as expected, check your eda-server internal logs in the worker, scheduler, API, and nginx containers and services to see if the problem can be determined. These logs reveal the source of the issue, such as an exception thrown by the code, a runtime error with network issues, or an error with the rulebook code. If your internal logs do not provide information that leads to resolution, report the issue to Red Hat support. -.. If you need to make adjustments, see the link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-performance-tuning#modifying-simultaneous-activations[Modifying the number of simultaneous rulebook activations]. -+ -[NOTE] -==== -To adjust the maximum number of simultaneous activations for {OperatorPlatformNameShort} on {OCPShort} deployments, see link:{URLOperatorInstallation}/operator-install-operator_operator-platform-doc#modifying_the_number_of_simultaneous_rulebook_activations_during_or_after_event_driven_ansible_controller_installation[Modifying the number of simultaneous rulebook activations during or after {EDAcontroller} installation] in {LinkOperatorInstallation}. -==== diff --git a/downstream/modules/eda/proc-modifying-activations-after-install.adoc b/downstream/modules/eda/proc-modifying-activations-after-install.adoc deleted file mode 100644 index 48d2c536e4..0000000000 --- a/downstream/modules/eda/proc-modifying-activations-after-install.adoc +++ /dev/null @@ -1,14 +0,0 @@ -[id="modifying-activations-after-install"] - -= Modifying the number of simultaneous rulebook activations after {EDAcontroller} installation - -[role="_abstract"] -By default, {EDAcontroller} allows 12 rulebook activations per node. For example, with two worker or hybrid nodes, it results in a limit of 24 activations in total to run simultaneously. -You can modify this default value after installation by using the following procedure: - -.Procedure -. Navigate to the environment file at `/etc/ansible-automation-platform/eda/settings.yaml`. -. Choose the number of maximum running activations that you need. -For example, `MAX_RUNNING_ACTIVATIONS = 16` -. Use the following command to restart {EDAName} services: `automation-eda-controller-service restart` - diff --git a/downstream/modules/eda/proc-modifying-activations-during-install.adoc b/downstream/modules/eda/proc-modifying-activations-during-install.adoc deleted file mode 100644 index c2a7b8a6f6..0000000000 --- a/downstream/modules/eda/proc-modifying-activations-during-install.adoc +++ /dev/null @@ -1,14 +0,0 @@ -:_mod-docs-content-type: PROCEDURE -[id="modifying-activations-during-install"] - -= Modifying the number of simultaneous rulebook activations during {EDAcontroller} installation - -[role="_abstract"] -By default, {EDAcontroller} allows 12 rulebook activations per node. For example, with two worker or hybrid nodes, it results in a limit of 24 activations in total to run simultaneously. You can modify this default value during installation by using the following procedure: - -.Procedure -. Provide a variable to the VM installer: -.. Navigate to the setup inventory file. -.. Add `automationedacontroller_max_running_activations` in the [all:vars] section. -For example, `automationedacontroller_max_running_activations=16`. -.. Run the setup. \ No newline at end of file diff --git a/downstream/modules/platform/con-operator-custom-resources.adoc b/downstream/modules/platform/con-operator-custom-resources.adoc index 43f09d9fd1..56018c1dc3 100644 --- a/downstream/modules/platform/con-operator-custom-resources.adoc +++ b/downstream/modules/platform/con-operator-custom-resources.adoc @@ -5,13 +5,3 @@ = Custom resources You can define custom resources for each primary installation workflows. - -//[Jameria] Moved this topic from supported installation section to custom resources since that's what the cross-referenced topic links to in the appendix (Custom resources appendix) -== Modifying the number of simultaneous rulebook activations during or after {EDAcontroller} installation - -* If you plan to install {EDAName} on {OCPShort} and modify the number of simultaneous rulebook activations, add the required `EDA_MAX_RUNNING_ACTIVATIONS` parameter to your custom resources. By default, {EDAcontroller} allows 12 activations per node to run simultaneously. For an example see the link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/installing_on_openshift_container_platform/index#eda_max_running_activations_yml[eda-max-running-activations.yml] in the appendix section. - -[NOTE] -==== -`EDA_MAX_RUNNING_ACTIVATIONS` for {OCPShort} is a global value since there is no concept of worker nodes when installing {EDAName} on {OCPShort}. -==== diff --git a/downstream/modules/platform/ref-eda-controller-variables.adoc b/downstream/modules/platform/ref-eda-controller-variables.adoc index 183d345a63..99498338d6 100644 --- a/downstream/modules/platform/ref-eda-controller-variables.adoc +++ b/downstream/modules/platform/ref-eda-controller-variables.adoc @@ -107,12 +107,6 @@ Inventory file variables for {EDAcontroller}. | Optional | RPM = `443`. Container = `8445`. -| `automationedacontroller_max_running_activations` -| `eda_max_running_activations` -| Number of maximum activations running concurrently per node. This is an integer that must be greater than 0. -| Optional -| `12` - | `automationedacontroller_nginx_tls_files_remote` | | Denote whether the web cert sources are local to the installation program (`false`) or on the remote component server (`true`). diff --git a/downstream/modules/platform/ref-eda-system-requirements.adoc b/downstream/modules/platform/ref-eda-system-requirements.adoc index f2203f8dff..427ce834fa 100644 --- a/downstream/modules/platform/ref-eda-system-requirements.adoc +++ b/downstream/modules/platform/ref-eda-system-requirements.adoc @@ -11,7 +11,7 @@ The {EDAcontroller} is a single-node system capable of handling a variable numbe If you want to use {EDAName} 2.5 with a 2.4 {ControllerName} version, see link:{BaseURL}/red_hat_ansible_automation_platform/2.4/html-single/using_event-driven_ansible_2.5_with_ansible_automation_platform_2.4/index[Using {EDAName} 2.5 with {PlatformNameShort} 2.4]. ==== -Use the following minimum requirements to run, by default, a maximum of 12 simultaneous activations: +Use the following minimum requirements for {EDAcontroller}: [cols=2*,options="header"] |=== @@ -34,5 +34,4 @@ However, the actual memory consumption can vary significantly based on the compl In scenarios where a large number of events are anticipated or the rulebook complexity is high, conduct a preliminary assessment of resource usage in a staging environment. This ensures that your maximum number of activations is based on the capacity of your resources. -For an example of setting {EDAController} maximumrunning activations, see xref:ref-gateway-controller-hub-eda-ext-db[Single {ControllerName}, single {HubName}, and single {EDAcontroller} node with external (installer managed) database]. ==== \ No newline at end of file diff --git a/downstream/modules/platform/ref-gateway-controller-hub-eda-ext-db.adoc b/downstream/modules/platform/ref-gateway-controller-hub-eda-ext-db.adoc index 6b449699d8..915e671ba9 100644 --- a/downstream/modules/platform/ref-gateway-controller-hub-eda-ext-db.adoc +++ b/downstream/modules/platform/ref-gateway-controller-hub-eda-ext-db.adoc @@ -16,8 +16,6 @@ Use this example to populate the inventory file to deploy single instances of {G * When an {EDAName} rulebook is activated under standard conditions, it uses approximately 250 MB of memory. However, the actual memory consumption can vary significantly based on the complexity of the rules and the volume and size of the events processed. In scenarios where a large number of events are anticipated or the rulebook complexity is high, conduct a preliminary assessment of resource usage in a staging environment. This ensures that the maximum number of activations is based on the resource capacity. -In the following example, the default `automationedacontroller_max_running_activations` setting is 12, but can be adjusted according to fit capacity. - ==== [literal, subs="+attributes"] diff --git a/downstream/modules/platform/ref-operator-crs.adoc b/downstream/modules/platform/ref-operator-crs.adoc index d99ebc94a7..2ffe940e36 100644 --- a/downstream/modules/platform/ref-operator-crs.adoc +++ b/downstream/modules/platform/ref-operator-crs.adoc @@ -650,19 +650,3 @@ spec: # * {LightspeedShortName} is not deployed ---- -== eda-max-running-activations.yml - -[subs="+attributes"] ----- ---- -apiVersion: aap.ansible.com/v1alpha1 -kind: AnsibleAutomationPlatform -metadata: - name: myaap -spec: - eda: - extra_settings: - - setting: EDA_MAX_RUNNING_ACTIVATIONS - value: "15" # Setting this value to "-1" means there will be no limit - ----- From 0dffb314dd1f500d56cf8fcab82ead020644b693 Mon Sep 17 00:00:00 2001 From: Jameria Self <73364088+jself-sudoku@users.noreply.github.com> Date: Wed, 13 Aug 2025 18:56:17 -0400 Subject: [PATCH 50/71] AAP-51371 Corrected statement about horizontal scaling for EDA by removing high availability (#4035) (#4055) --- downstream/titles/release-notes/topics/aap-25.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/downstream/titles/release-notes/topics/aap-25.adoc b/downstream/titles/release-notes/topics/aap-25.adoc index 0fd57c8997..f4527fc096 100644 --- a/downstream/titles/release-notes/topics/aap-25.adoc +++ b/downstream/titles/release-notes/topics/aap-25.adoc @@ -67,7 +67,7 @@ With {PlatformNameShort} 2.5, {EDAName} functionality has been enhanced with the * Simplified event routing capabilities introduce event streams. Event streams are an easy way to connect your sources to your rulebooks. This new capability lets you create a single endpoint to receive alerts from an event source and then use the events in multiple rulebooks. This simplifies rulebook activation setup, reduces maintenance demands, and helps lower risk by eliminating the need for additional ports to be open to external traffic. -* {EDAName} in the {PlatformNameShort} 2.5 now supports horizontal scalability and enables high-availability deployments of the {EDAController}. These capabilities allow for the installation of multiple {EDAName} nodes and thus enable you to create highly available deployments. +* {EDAName} in the {PlatformNameShort} 2.5 now supports horizontal scaling, allowing you to install multiple {EDAName} nodes to handle increased event volume. * Migration to the new platform-wide {PlatformName} credential type replaces the legacy controller token for enabling rulebook activations to call jobs in the {ControllerName}. From 79c959b30f6a281ec01355efa7151bd0e2c701a5 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Thu, 14 Aug 2025 10:12:42 +0100 Subject: [PATCH 51/71] Adds postgres_extra_settings to inventory appendix (#4059) (#4060) Containerized and RPM Installer Docs - Document postgresql_extra_settings inventory variable https://issues.redhat.com/browse/AAP-50483 --- .../ref-database-inventory-variables.adoc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/downstream/modules/platform/ref-database-inventory-variables.adoc b/downstream/modules/platform/ref-database-inventory-variables.adoc index 1073fa1d06..327b9e0b0e 100644 --- a/downstream/modules/platform/ref-database-inventory-variables.adoc +++ b/downstream/modules/platform/ref-database-inventory-variables.adoc @@ -17,6 +17,24 @@ Inventory file variables for the database used with {PlatformNameShort}. | Optional | `5432` +| `postgres_extra_settings` +| `postgresql_extra_settings` +a| Defines additional settings for use by PostgreSQL. + +Example usage for RPM: +---- +postgresql_extra_settings: + ssl_ciphers: 'HIGH:!aNULL:!MD5' +---- +Example usage for containerized: +---- +postgresql_extra_settings: + - setting: ssl_ciphers + value: 'HIGH:!aNULL:!MD5' +---- +| Optional +| + | `postgres_firewalld_zone` | `postgresql_firewall_zone` | The firewall zone where PostgreSQL related firewall rules are applied. This controls which networks can access PostgreSQL based on the zone's trust level. From fb6af18e12643847e3c04676fe205b994880ee72 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Thu, 14 Aug 2025 10:18:14 +0100 Subject: [PATCH 52/71] Add disconnected install to Containerized installation (#4058) (#4062) Adds the new disconnected install assembly to Containerized installation Containerized installation for Ansible Automation Platform doesn't have any info related to the preparation of the disconnected base operating system https://issues.redhat.com/browse/AAP-49731 --- ...ntainerized-disconnected-installation.adoc | 16 ++++ .../proc-configure-local-repo-iso.adoc | 55 +++++++++++ .../proc-configure-local-repo-reposync.adoc | 91 +++++++++++++++++++ ...btaining-configuring-rpm-dependencies.adoc | 14 +++ ...ntainerized-disconnected-installation.adoc | 31 +++++++ ...l-host-for-containerized-installation.adoc | 11 ++- .../ref-configuring-inventory-file.adoc | 11 --- .../aap-containerized-install/master.adoc | 2 + 8 files changed, 215 insertions(+), 16 deletions(-) create mode 100644 downstream/assemblies/platform/assembly-aap-containerized-disconnected-installation.adoc create mode 100644 downstream/modules/platform/proc-configure-local-repo-iso.adoc create mode 100644 downstream/modules/platform/proc-configure-local-repo-reposync.adoc create mode 100644 downstream/modules/platform/proc-obtaining-configuring-rpm-dependencies.adoc create mode 100644 downstream/modules/platform/proc-perform-containerized-disconnected-installation.adoc diff --git a/downstream/assemblies/platform/assembly-aap-containerized-disconnected-installation.adoc b/downstream/assemblies/platform/assembly-aap-containerized-disconnected-installation.adoc new file mode 100644 index 0000000000..b3011501d6 --- /dev/null +++ b/downstream/assemblies/platform/assembly-aap-containerized-disconnected-installation.adoc @@ -0,0 +1,16 @@ +:_mod-docs-content-type: ASSEMBLY + +[id="aap-containerized-disconnected-installation"] + += Disconnected installation + +[role="_abstract"] +You can install containerized {PlatformNameShort} in an environment that does not have an active internet connection. To do this you need to obtain and configure the RPM source dependencies before performing the disconnected installation. + +include::platform/proc-obtaining-configuring-rpm-dependencies.adoc[leveloffset=+1] + +include::platform/proc-configure-local-repo-reposync.adoc[leveloffset=+2] + +include::platform/proc-configure-local-repo-iso.adoc[leveloffset=+2] + +include::platform/proc-perform-containerized-disconnected-installation.adoc[leveloffset=+1] diff --git a/downstream/modules/platform/proc-configure-local-repo-iso.adoc b/downstream/modules/platform/proc-configure-local-repo-iso.adoc new file mode 100644 index 0000000000..0ac47f3c40 --- /dev/null +++ b/downstream/modules/platform/proc-configure-local-repo-iso.adoc @@ -0,0 +1,55 @@ +:_mod-docs-content-type: PROCEDURE + +[id="configure-local-repo-iso"] + += Configuring a local repository from a mounted ISO + +[role="_abstract"] +You can use a {RHEL} Binary DVD image to access the necessary RPM source dependencies in a disconnected environment. + +.Prerequisites +* You have downloaded the {RHEL} Binary DVD image from the link:https://access.redhat.com/downloads/content/rhel[{RHEL} downloads page] and moved it to your disconnected environment. + +.Procedure +. In your disconnected environment, create a mount point directory to serve as the location for the ISO file: ++ +---- +$ sudo mkdir /media/rhel +---- + +. Mount the ISO image to the mount point. Replace `` and `` with suitable values: ++ +---- +$ sudo mount -o loop rhel---dvd.iso /media/rhel +---- +** Note: The ISO is mounted in a read-only state. + +. Create a Yum repository file at `/etc/yum.repos.d/rhel.repo` with the following content: ++ +---- +[RHEL-BaseOS] +name=Red Hat Enterprise Linux BaseOS +baseurl=file:///media/rhel/BaseOS +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[RHEL-AppStream] +name=Red Hat Enterprise Linux AppStream +baseurl=file:///media/rhel/AppStream +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +---- + +. Import the gpg key to allow the system to verify the packages: ++ +---- +$ sudo rpm --import /media/rhel/RPM-GPG-KEY-redhat-release +---- + +. Verify the repository configuration: ++ +---- +$ sudo yum repolist +---- diff --git a/downstream/modules/platform/proc-configure-local-repo-reposync.adoc b/downstream/modules/platform/proc-configure-local-repo-reposync.adoc new file mode 100644 index 0000000000..48f2024b83 --- /dev/null +++ b/downstream/modules/platform/proc-configure-local-repo-reposync.adoc @@ -0,0 +1,91 @@ +:_mod-docs-content-type: PROCEDURE + +[id="configure-local-repo-reposync"] + += Configuring a local repository using reposync + +[role="_abstract"] +With the `reposync` command you can to synchronize the BaseOS and AppStream repositories to a local directory on a {RHEL} host with an active internet connection. You can then transfer the repositories to your disconnected environment. + +.Prerequisites +* A {RHEL} host with an active internet connection. + +.Procedure +. Attach the BaseOS and AppStream repositories using `subscription-manager`: ++ +---- +$ sudo subscription-manager repos \ + --enable rhel-9-baseos-rhui-rpms \ + --enable rhel-9-appstream-rhui-rpms +---- + +. Install the `yum-utils` package: ++ +---- +$ sudo dnf install yum-utils +---- + +. Synchronize the repositories with the `reposync` command. Replace `` with a suitable value. ++ +---- +$ sudo reposync -m --download-metadata --gpgcheck \ + -p +---- ++ +For example: ++ +---- +$ sudo reposync -m --download-metadata --gpgcheck \ + -p rhel-repos +---- ++ +** Use reposync with the `--download-metadata` option and without the `--newest-only` option for optimal download time. + +. After the `reposync` operation is complete, compress the directory: ++ +---- +$ tar czvf rhel-repos.tar.gz rhel-repos +---- + +. Move the compressed archive to your disconnected environment. +. On the disconnected environment, create a directory to store the repository files: ++ +---- +$ sudo mkdir /opt/rhel-repos +---- + +. Extract the archive into the `/opt/rhel-repos` directory. The following command assumes the archive file is in your home directory: ++ +---- +$ sudo tar xzvf ~/rhel-repos.tar.gz -C /opt +---- + +. Create a Yum repository file at `/etc/yum.repos.d/rhel.repo` with the following content: ++ +---- +[RHEL-BaseOS] +name=Red Hat Enterprise Linux BaseOS +baseurl=file:///opt/rhel-repos/rhel-9-baseos-rhui-rpms +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release + +[RHEL-AppStream] +name=Red Hat Enterprise Linux AppStream +baseurl=file:///opt/rhel-repos/rhel-9-appstream-rhui-rpms +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +---- + +. Import the gpg key to allow the system to verify the packages: ++ +---- +$ sudo rpm --import /opt/rhel-repos/rhel-9-baseos-rhui-rpms/RPM-GPG-KEY-redhat-release +---- + +. Verify the repository configuration: ++ +---- +$ sudo yum repolist +---- diff --git a/downstream/modules/platform/proc-obtaining-configuring-rpm-dependencies.adoc b/downstream/modules/platform/proc-obtaining-configuring-rpm-dependencies.adoc new file mode 100644 index 0000000000..842ab75509 --- /dev/null +++ b/downstream/modules/platform/proc-obtaining-configuring-rpm-dependencies.adoc @@ -0,0 +1,14 @@ +:_mod-docs-content-type: PROCEDURE + +[id="obtaining-and-configuring-rpm-dependencies"] + += Obtaining and configuring RPM source dependencies + +[role="_abstract"] +The {PlatformNameShort} containerized setup bundle installation program does not include RPM source dependencies from the BaseOS and AppStream repositories. It relies on the host system's package manager to resolve these dependencies. + +To access these dependencies in a disconnected environment, you can use one of the following methods: + +* Use link:https://docs.redhat.com/en/documentation/red_hat_satellite/6.16/html/installing_satellite_server_in_a_disconnected_network_environment/index[Red Hat Satellite] to synchronize repositories in your disconnected environment. +* Use a local repository that you create with the `reposync` command on a {RHEL} host that has an active internet connection. +* Use a local repository that you create from a mounted {RHEL} Binary DVD ISO image. diff --git a/downstream/modules/platform/proc-perform-containerized-disconnected-installation.adoc b/downstream/modules/platform/proc-perform-containerized-disconnected-installation.adoc new file mode 100644 index 0000000000..8f742ff739 --- /dev/null +++ b/downstream/modules/platform/proc-perform-containerized-disconnected-installation.adoc @@ -0,0 +1,31 @@ +:_mod-docs-content-type: PROCEDURE + +[id="perform-disconnected-installation"] + += Performing a disconnected installation + +[role="_abstract"] +Use the following steps to perform a disconnected installation of containerized {PlatformNameShort}. + +.Prerequisites + +You have done the following: + +* link:{URLContainerizedInstall}/aap-containerized-installation#preparing-the-rhel-host-for-containerized-installation[Prepared the {RHEL} host] +* link:{URLContainerizedInstall}/aap-containerized-disconnected-installation#obtaining-and-configuring-rpm-dependencies[Obtained and configured the RPM source dependencies]. The installation program uses your host system's `dnf` package manager to resolve these dependencies. +* link:{URLContainerizedInstall}/aap-containerized-installation#preparing-the-managed-nodes-for-containerized-installation[Prepared the managed nodes] +* Downloaded the containerized {PlatformNameShort} setup bundle from the link:{PlatformDownloadUrl}[{PlatformNameShort} download page]. + +.Procedure + +. Log in to the {RHEL} host as your non-root user. +. Update the inventory file by following the steps in link:{URLContainerizedInstall}/aap-containerized-installation#configuring-inventory-file[Configuring the inventory file]. +. Ensure the following variables are included in your inventory file under the `[all:vars]` group: ++ +---- +bundle_install=true +# The bundle directory must include /bundle in the path +bundle_dir='{{ lookup("ansible.builtin.env", "PWD") }}/bundle' +---- + +. Follow the steps in link:{URLContainerizedInstall}/aap-containerized-installation#installing-containerized-aap[Installing containerized {PlatformNameShort}] to install containerized {PlatformNameShort} and verify your installation. diff --git a/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc b/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc index 6a6b079517..60e33bdfbb 100644 --- a/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc +++ b/downstream/modules/platform/proc-preparing-the-rhel-host-for-containerized-installation.adoc @@ -26,13 +26,13 @@ aap.example.org .. If the hostname is not a FQDN, you can set it with the following command: + ---- -sudo hostnamectl set-hostname +$ sudo hostnamectl set-hostname ---- + . Register your {RHEL} host with `subscription-manager`: + ---- -sudo subscription-manager register +$ sudo subscription-manager register ---- + @@ -50,19 +50,20 @@ repo id repo name rhel-9-for-x86_64-appstream-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) rhel-9-for-x86_64-baseos-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) ---- -+ +** For disconnected installations follow the steps in link:{URLContainerizedInstall}/aap-containerized-disconnected-installation#obtaining-and-configuring-rpm-dependencies[Obtaining and configuring RPM source dependencies] to access these repositories. + . Ensure the host can resolve host names and IP addresses using DNS. This is essential to ensure services can talk to one another. . Install `ansible-core`: + ---- -sudo dnf install -y ansible-core +$ sudo dnf install -y ansible-core ---- + . Optional: You can install additional utilities that can be useful for troubleshooting purposes, for example `wget`, `git-core`, `rsync`, and `vim`: + ---- -sudo dnf install -y wget git-core rsync vim +$ sudo dnf install -y wget git-core rsync vim ---- . Optional: To have the installation program automatically pick up and apply your {PlatformNameShort} subscription manifest license, follow the steps in link:{URLCentralAuth}/assembly-gateway-licensing#assembly-aap-obtain-manifest-files[Obtaining a manifest file]. diff --git a/downstream/modules/platform/ref-configuring-inventory-file.adoc b/downstream/modules/platform/ref-configuring-inventory-file.adoc index 69cdcd6de0..862a816ec5 100644 --- a/downstream/modules/platform/ref-configuring-inventory-file.adoc +++ b/downstream/modules/platform/ref-configuring-inventory-file.adoc @@ -42,14 +42,3 @@ include::snippets/inventory-cont-b-env-a.adoc[] .Additional resources * link:{URLTopologies}/container-topologies#infrastructure_topology_6[Container {EnterpriseTopology}] * link:{URLPlanningGuide}/ha-redis_planning[Caching and queueing system] - - -== Performing an offline or bundled installation - -To perform an offline installation, add the following under the `[all:vars]` group: - ----- -bundle_install=true -# The bundle directory must include /bundle in the path -bundle_dir= ----- diff --git a/downstream/titles/aap-containerized-install/master.adoc b/downstream/titles/aap-containerized-install/master.adoc index bd7e1671d3..b7e0a4e175 100644 --- a/downstream/titles/aap-containerized-install/master.adoc +++ b/downstream/titles/aap-containerized-install/master.adoc @@ -14,6 +14,8 @@ include::platform/assembly-gateway-licensing.adoc[leveloffset=+1] include::platform/assembly-aap-containerized-installation.adoc[leveloffset=+1] +include::platform/assembly-aap-containerized-disconnected-installation.adoc[leveloffset=+1] + include::platform/assembly-horizontal-scaling.adoc[leveloffset=+1] [appendix] From 584ad86472a9865995f4dc1fed8b789d42635cfa Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Thu, 14 Aug 2025 10:20:44 +0100 Subject: [PATCH 53/71] DITA Readiness - Navigator modules (#4057) (#4063) * DITA Readiness - Navigator modules * PR fix --- .../modules/navigator/proc-review-ansible-config-tui.adoc | 4 ++-- downstream/modules/navigator/proc-review-artifact.adoc | 2 ++ downstream/modules/navigator/proc-review-docs-tui.adoc | 2 +- downstream/modules/navigator/ref-faq-navigator.adoc | 8 ++++---- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/downstream/modules/navigator/proc-review-ansible-config-tui.adoc b/downstream/modules/navigator/proc-review-ansible-config-tui.adoc index ffa7763aeb..0efb22c687 100644 --- a/downstream/modules/navigator/proc-review-ansible-config-tui.adoc +++ b/downstream/modules/navigator/proc-review-ansible-config-tui.adoc @@ -61,5 +61,5 @@ image::navigator-ansible-config.png[Configuration output] [role="_additional-resources"] .Additional resources -* https://docs.ansible.com/ansible/latest/cli/ansible-config.html[ansible-config]. -* https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html[Introduction to Ansible configuration]. +* link:https://docs.ansible.com/ansible/latest/cli/ansible-config.html[ansible-config] +* link:https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html[Introduction to Ansible configuration] diff --git a/downstream/modules/navigator/proc-review-artifact.adoc b/downstream/modules/navigator/proc-review-artifact.adoc index 0e6cae5710..e1bb9f730b 100644 --- a/downstream/modules/navigator/proc-review-artifact.adoc +++ b/downstream/modules/navigator/proc-review-artifact.adoc @@ -26,6 +26,8 @@ $ ansible-navigator replay simple_playbook_artifact.json + image::navigator-artifact-replay.png[Playbook results] +.Verification + You can now type the number next to the plays and tasks to step into each to review the results, as you would after executing the playbook. [role="_additional-resources"] diff --git a/downstream/modules/navigator/proc-review-docs-tui.adoc b/downstream/modules/navigator/proc-review-docs-tui.adoc index 13f6b492ca..03fd0eed4f 100644 --- a/downstream/modules/navigator/proc-review-docs-tui.adoc +++ b/downstream/modules/navigator/proc-review-docs-tui.adoc @@ -81,7 +81,7 @@ ANSIBLE.UTILS.IP_ADDRESS: Test if something in an IP address + image::navigator-vscode-example.png[Documentation example in editor] + -See xref:ref-navigator-general-settings_settings-navigator[Automation content navigator general settings] for details on how to set up your editor. +See link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/using_content_navigator/index#ref-navigator-general-settings_settings-navigator[Automation content navigator general settings] for details on how to set up your editor. [role="_additional-resources"] .Additional resources diff --git a/downstream/modules/navigator/ref-faq-navigator.adoc b/downstream/modules/navigator/ref-faq-navigator.adoc index 82f29c88b5..4420722ab0 100644 --- a/downstream/modules/navigator/ref-faq-navigator.adoc +++ b/downstream/modules/navigator/ref-faq-navigator.adoc @@ -14,20 +14,20 @@ Where should the `ansible.cfg` file go when not using an {ExecEnvNameSing}?:: Ansible looks for the `ansible.cfg` in the typical locations when not using an {ExecEnvNameSing}. See link:https://docs.ansible.com/ansible/latest/reference_appendices/config.html[Ansible configuration settings] for details. Where should Ansible collections be placed when using an {ExecEnvNameSing}?:: The easiest place to have Ansible collections is in the project directory, in a playbook adjacent collections directory (for example, `ansible-galaxy collections install ansible.utils -p ./collections`). -The playbook directory is automatically mounted in the {ExecEnvNameSing} and {Navigator} finds the collections there. Another option is to build the collections into an {ExecEnvNameSing} using {Builder}. This helps content creators author playbooks that are production ready, since {ControllerName} supports playbook adjacent collection directories. If the collections are in another directory, set the `ANSIBLE_COLLECTIONS_PATHS` variable and configure a custom volume mount for the directory. (See xref:ref-navigator-general-settings_settings-navigator[Automation content navigator general settings] for `execution-environment-volume-mounts`). +The playbook directory is automatically mounted in the {ExecEnvNameSing} and {Navigator} finds the collections there. Another option is to build the collections into an {ExecEnvNameSing} using {Builder}. This helps content creators author playbooks that are production ready, since {ControllerName} supports playbook adjacent collection directories. If the collections are in another directory, set the `ANSIBLE_COLLECTIONS_PATHS` variable and configure a custom volume mount for the directory. (See link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/using_content_navigator/index#ref-navigator-general-settings_settings-navigator[Automation content navigator general settings] for `execution-environment-volume-mounts`). Where should Ansible collections be placed when not using an {ExecEnvNameSing}?:: When not using an {ExecEnvNameSing}, Ansible looks in the default locations for collections. See the link:https://docs.ansible.com/ansible/latest/collections_guide/index.html[Using Ansible collections] guide. Why does the playbook hang when `vars_prompt` or `pause/prompt` is used?:: By default, {Navigator} runs the playbook in the same manner that {ControllerName} runs the playbook. This helps content creators author playbooks that are production ready. If you cannot avoid the use of `vars_prompt` or `pause\prompt`, disabling `playbook-artifact` creation causes {Navigator} to run the playbook in a manner that is compatible with `ansible-playbook` and allows for user interaction. Why does {Navigator} change the terminal colors or look terrible?:: {NavigatorStart} queries the terminal for its OSC4 compatibility. OSC4, 10, 11, 104, 110, 111 indicate the terminal supports color changing and reverting. It is possible that the terminal is misrepresenting its ability. -You can disable OSC4 detection by setting `--osc4 false`. (See xref:ref-navigator-general-settings_settings-navigator[{NavigatorStart} general settings] for how to handle this with an environment variable or in the settings file). +You can disable OSC4 detection by setting `--osc4 false`. (See link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/using_content_navigator/index#ref-navigator-general-settings_settings-navigator[Automation content navigator general settings] for how to handle this with an environment variable or in the settings file). -How can I change the colors used by {Navigator}?:: Use `--osc4 false` to force {Navigator} to use the terminal defined colors. (See xref:ref-navigator-general-settings_settings-navigator[{NavigatorStart} general settings] for how to handle this with an environment variable or in the settings file). +How can I change the colors used by {Navigator}?:: Use `--osc4 false` to force {Navigator} to use the terminal defined colors. (See link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/using_content_navigator/index#ref-navigator-general-settings_settings-navigator[Automation content navigator general settings] for how to handle this with an environment variable or in the settings file). What is with all these `site-artifact-2021-06-02T16:02:33.911259+00:00.json` files in the playbook directory?:: {NavigatorStart} creates a playbook artifact for every playbook run. These can be helpful for reviewing the outcome of automation after it is complete, sharing and troubleshooting with a colleague, or keeping for compliance or change-control purposes. The playbook artifact file has the detailed information about every play and task, and the `stdout` from the playbook run. You can review playbook artifacts with `ansible-navigator replay ` or `:replay ` while in an {Navigator} session. You can review all playbook artifacts with both `--mode stdout` and `--mode interactive`, depending on the required view. -You can disable playbook artifacts writing and the default file naming convention. (See xref:ref-navigator-general-settings_settings-navigator[{NavigatorStart} general settings] for how to handle this with an environment variable or in the settings file). +You can disable playbook artifacts writing and the default file naming convention. (See link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/using_content_navigator/index#ref-navigator-general-settings_settings-navigator[Automation content navigator general settings] for how to handle this with an environment variable or in the settings file). Why does `vi` open when I use `:open`?:: {NavigatorStart} opens anything showing in the terminal in the default editor. The default is set to either `vi +{line_number} {filename}` or the current value of the `EDITOR` environment variable. Related to this is the `editor-console` setting which indicates if the editor is console or terminal based. Here are examples of alternate settings that might be useful: + From 83e6ee0b2b59d085be1d9bfd4a5845244446fc5f Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Thu, 14 Aug 2025 11:14:59 +0100 Subject: [PATCH 54/71] Add controller logs for containerized AAP (#4065) (#4067) Affects title: `titles/controller/controller-admin-guide` [Docs] Improve documentation regarding logs in containerized AAP installation https://issues.redhat.com/browse/AAP-48586 --- .../platform/assembly-controller-log-files.adoc | 10 ++++------ .../ref-controller-log-files-containerized.adoc | 15 +++++++++++++++ .../platform/ref-controller-log-files.adoc | 7 ++++++- 3 files changed, 25 insertions(+), 7 deletions(-) create mode 100644 downstream/modules/platform/ref-controller-log-files-containerized.adoc diff --git a/downstream/assemblies/platform/assembly-controller-log-files.adoc b/downstream/assemblies/platform/assembly-controller-log-files.adoc index a3254eb983..290c725546 100644 --- a/downstream/assemblies/platform/assembly-controller-log-files.adoc +++ b/downstream/assemblies/platform/assembly-controller-log-files.adoc @@ -2,13 +2,11 @@ [id="assembly-controller-log-files"] -= {ControllerNameStart} logfiles += {ControllerNameStart} logs -{ControllerNameStart} logfiles can be accessed from two centralized locations: +[role="_abstract"] +{ControllerNameStart} logs are accessed in different ways depending on whether you have an RPM-based or containerized installation of {PlatformNameShort}. -* `/var/log/tower/` -* `/var/log/supervisor/` +include::platform/ref-controller-log-files-containerized.adoc[leveloffset=+1] include::platform/ref-controller-log-files.adoc[leveloffset=+1] - - diff --git a/downstream/modules/platform/ref-controller-log-files-containerized.adoc b/downstream/modules/platform/ref-controller-log-files-containerized.adoc new file mode 100644 index 0000000000..4a77368e2f --- /dev/null +++ b/downstream/modules/platform/ref-controller-log-files-containerized.adoc @@ -0,0 +1,15 @@ +:_mod-docs-content-type: REFERENCE + +[id="ref-controller-log-files-containerized"] + += Accessing {ControllerName} logs for containerized {PlatformNameShort} + +Logs for containerized {PlatformNameShort} are not saved to specific files. The application logs are sent to the container `stdout` and handled by Podman with `journald`. + +The three containers associated with {ControllerName} are: + +* `automation-controller-rsyslog` +* `automation-controller-task` +* `automation-controller-web` + +For more information about the purpose of each of these containers and how to inspect the logs, see link:{URLContainerizedInstall}/troubleshooting-containerized-ansible-automation-platform#diagnosing-the-problem_troubleshooting-containerized-aap[Diagnosing the problem] in _{TitleContainerizedInstall}_. diff --git a/downstream/modules/platform/ref-controller-log-files.adoc b/downstream/modules/platform/ref-controller-log-files.adoc index a6d4779e99..9880379890 100644 --- a/downstream/modules/platform/ref-controller-log-files.adoc +++ b/downstream/modules/platform/ref-controller-log-files.adoc @@ -2,7 +2,12 @@ [id="ref-controller-log-files"] -= Access {ControllerName} logfiles += Accessing {ControllerName} logs for RPM-based {PlatformNameShort} + +{ControllerNameStart} logfiles can be accessed from two centralized locations: + +* `/var/log/tower/` +* `/var/log/supervisor/` In the `/var/log/tower/` directory, you can view logfiles captured by: From c8a41b04eb4fc947e0e91de794fc43bc289a5c9e Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Thu, 14 Aug 2025 13:12:45 +0100 Subject: [PATCH 55/71] Correct links for 2.6 controller docs (#4070) * Correct links for 2.6 controller docs Broken Link Report August 4 2025 https://issues.redhat.com/browse/AAP-51442 * Correct links for 2.6 Controller docs. Corrections Broken Link Report August 4 2025 https://issues.redhat.com/browse/AAP-51442 * Correct links for 2.6 Controller docs Correction https://issues.redhat.com/browse/AAP-51442 --- .../assemblies/platform/assembly-controller-glossary.adoc | 4 ++-- .../platform/ref-controller-activity-stream-schema.adoc | 2 +- .../platform/ref-controller-credential-hashiCorp-vault.adoc | 2 +- .../modules/platform/ref-controller-credential-network.adoc | 2 +- .../modules/platform/ref-controller-log-aggregators.adoc | 2 +- .../modules/platform/ref-controller-old-job-history.adoc | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/downstream/assemblies/platform/assembly-controller-glossary.adoc b/downstream/assemblies/platform/assembly-controller-glossary.adoc index 42ac109a2c..5df41e0c5a 100644 --- a/downstream/assemblies/platform/assembly-controller-glossary.adoc +++ b/downstream/assemblies/platform/assembly-controller-glossary.adoc @@ -42,7 +42,7 @@ These pods are provisioned on-demand and exist only for the duration of the play Credentials:: Authentication details that can be used by {ControllerName} to launch jobs against machines, to synchronize with inventory sources, and to import project content from a version control system. -For more information, see [Credentials]. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/using_automation_execution/controller-credentials[Managing user credentials]. Credential Plugin:: Python code that contains definitions for an external credential type, its metadata fields, and the code needed for interacting with a secret @@ -116,7 +116,7 @@ Job Slice:: See *Distributed Job*. Job Template:: -The combination of an Ansible playbook and the set of parameters required to launch it. For more information, see link:{ControllerUserGuide}/controller-job-templates[Job templates]. +The combination of an Ansible playbook and the set of parameters required to launch it. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/using_automation_execution/controller-job-templates[Job templates]. JSON:: JSON is a text-based format for representing structured data based on JavaScript object syntax. diff --git a/downstream/modules/platform/ref-controller-activity-stream-schema.adoc b/downstream/modules/platform/ref-controller-activity-stream-schema.adoc index cee888b927..00a1db719c 100644 --- a/downstream/modules/platform/ref-controller-activity-stream-schema.adoc +++ b/downstream/modules/platform/ref-controller-activity-stream-schema.adoc @@ -18,4 +18,4 @@ This logger reflects the data being saved into job events, except when they woul Notably, the field host on the `job_event` model is given as `event_host`. There is also a sub-dictionary field, `event_data` within the payload, which contains different fields depending on the specifics of the Ansible event. -This logger also includes the common fields in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-log-message-schema[Log message schema]. \ No newline at end of file +This logger also includes the common fields in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-log-message-schema[Log message schema].[Log message schema]. \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc b/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc index 9fd8ee9466..593d389330 100644 --- a/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc +++ b/downstream/modules/platform/ref-controller-credential-hashiCorp-vault.adoc @@ -6,4 +6,4 @@ This is considered part of the secret management capability. -For more information, see link:{URLControllerAdminGuide}/assembly-controller-secret-management#ref-hashicorp-signed-ssh[HashiCorp Vault Signed SSH]. \ No newline at end of file +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-secret-management#ref-hashicorp-vault-lookup[HashiCorp Vault Signed SSH]. \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-credential-network.adoc b/downstream/modules/platform/ref-controller-credential-network.adoc index 7c8755369d..d43a982467 100644 --- a/downstream/modules/platform/ref-controller-credential-network.adoc +++ b/downstream/modules/platform/ref-controller-credential-network.adoc @@ -14,7 +14,7 @@ When connecting to network devices, the credential type must match the connectio * For `local` connections using `provider`, credential type should be *Network*. * For all other network connections (`httpapi`, `netconf`, and `network_cli`), the credential type should be *Machine*. -For more information about connection types available for network devices, see link:{URLControllerUserGuide}/controller-credentials#ref-controller-multiple-connection-protocols[Multiple Communication Protocols]. +For more information about connection types available for network devices, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/using_automation_execution/controller-credentials#ref-controller-multiple-connection-protocols[Multiple Communication Protocols]. {ControllerNameStart} uses the following environment variables for Network credentials: diff --git a/downstream/modules/platform/ref-controller-log-aggregators.adoc b/downstream/modules/platform/ref-controller-log-aggregators.adoc index 447c733ac6..a782e81095 100644 --- a/downstream/modules/platform/ref-controller-log-aggregators.adoc +++ b/downstream/modules/platform/ref-controller-log-aggregators.adoc @@ -6,7 +6,7 @@ The logging aggregator service works with the following monitoring and data analysis systems: -* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{Plaformvers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-splunk[Splunk] +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-splunk[Splunk] * link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-loggly[Loggly] * link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlatformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-sumologic[Sumologic] * link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/{PlaformVers}/html/configuring_automation_execution/assembly-controller-logging-aggregation#ref-controller-logging-elastic-stack[Elastic Stack (formerly ELK stack)] \ No newline at end of file diff --git a/downstream/modules/platform/ref-controller-old-job-history.adoc b/downstream/modules/platform/ref-controller-old-job-history.adoc index 2aeb57c2e1..4683985856 100644 --- a/downstream/modules/platform/ref-controller-old-job-history.adoc +++ b/downstream/modules/platform/ref-controller-old-job-history.adoc @@ -19,6 +19,6 @@ retention value. You can review or set a schedule for cleaning up old job history by performing the same procedure described for activity stream management jobs. -For more information, see link:{ControllerAdminGuide}/assembly-controller-management-jobs#proc-controller-scheduling-deletion[Scheduling deletion]. +For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-management-jobs#proc-controller-scheduling-deletion[Scheduling deletion]. -You can also set or review notifications associated with this management job in the same way as described in link:{ControllerAdminGuide}/assembly-controller-management-jobs#proc-controller-management-notifications[Setting notifications] for activity stream management jobs, or for more information, see link:{URLControllerUserGuide}/controller-notifications[Notifiers] in _{ControllerUG}_. +You can also set or review notifications associated with this management job in the same way as described in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/configuring_automation_execution/assembly-controller-management-jobs#proc-controller-management-notifications[Setting notifications] for activity stream management jobs, or for more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/using_automation_execution/controller-notifications[Notifiers]. From 5bc281b7b3dd90bd34a97a857d991cca4383a4c8 Mon Sep 17 00:00:00 2001 From: EMcWhinn <122449381+EMcWhinn@users.noreply.github.com> Date: Thu, 14 Aug 2025 14:58:48 +0100 Subject: [PATCH 56/71] Editing access management files for DITA (#4047) (#4072) * Editing access management files for DITA Chapter 3 & 4 Access management and authentication https://issues.redhat.com/browse/AAP-51507 Affects `titles/central-auth` * Completing DITA prep for chapters 3 and 4 * Fixing typo * Peer review edit --- .../assemblies/platform/assembly-gw-mapping.adoc | 4 ++-- .../platform/con-gw-authenticator-map-examples.adoc | 12 +++++++----- .../platform/con-gw-authenticator-map-triggers.adoc | 8 ++++---- .../platform/con-gw-authenticator-map-types.adoc | 2 +- .../con-gw-understanding-authenticator-mapping.adoc | 2 +- .../platform/proc-aap-enable-disable-auth.adoc | 4 ++-- .../platform/proc-controller-apps-create-tokens.adoc | 2 +- ...doc => proc-controller-organization-mapping.adoc} | 2 +- ...apping.adoc => proc-controller-team-mapping.adoc} | 8 ++++---- .../modules/platform/proc-gw-allow-mapping.adoc | 2 +- .../modules/platform/proc-gw-role-mapping.adoc | 2 +- .../ref-controller-token-session-management.adoc | 5 +++++ 12 files changed, 30 insertions(+), 23 deletions(-) rename downstream/modules/platform/{ref-controller-organization-mapping.adoc => proc-controller-organization-mapping.adoc} (96%) rename downstream/modules/platform/{ref-controller-team-mapping.adoc => proc-controller-team-mapping.adoc} (65%) diff --git a/downstream/assemblies/platform/assembly-gw-mapping.adoc b/downstream/assemblies/platform/assembly-gw-mapping.adoc index 6f6c139fa5..0ea6835f4a 100644 --- a/downstream/assemblies/platform/assembly-gw-mapping.adoc +++ b/downstream/assemblies/platform/assembly-gw-mapping.adoc @@ -18,9 +18,9 @@ include::platform/con-gw-authenticator-map-examples.adoc[leveloffset=+1] include::platform/proc-gw-allow-mapping.adoc[leveloffset=+1] -include::platform/ref-controller-organization-mapping.adoc[leveloffset=+1] +include::platform/proc-controller-organization-mapping.adoc[leveloffset=+1] -include::platform/ref-controller-team-mapping.adoc[leveloffset=+1] +include::platform/proc-controller-team-mapping.adoc[leveloffset=+1] include::platform/proc-gw-role-mapping.adoc[leveloffset=+1] diff --git a/downstream/modules/platform/con-gw-authenticator-map-examples.adoc b/downstream/modules/platform/con-gw-authenticator-map-examples.adoc index 9d36914cfd..264131e522 100644 --- a/downstream/modules/platform/con-gw-authenticator-map-examples.adoc +++ b/downstream/modules/platform/con-gw-authenticator-map-examples.adoc @@ -6,7 +6,8 @@ Use the following examples to explore the different conditions, like groups and attribute values you can implement to control user access to the platform. -.Add users to an organization based on an attribute +*Add users to an organization based on an attribute* + In this example, you will add a user to the *Networking* organization if they have an `Organization` attribute with the value of `Networking`: image::am-org-mapping-full-annotation.png[Add users to an organization mapping example fully annotated with callout numbers that correlate with the following list that describes the function of each field] @@ -21,7 +22,8 @@ image::am-org-mapping-full-annotation.png[Add users to an organization mapping e . The name of the *Organization* to which you are adding members is `Networking`. . Users are added to the *Networking* organization with the `Organization Member` role. -.Add users to a team based on the users group +*Add users to a team based on the users group* + In this example, you will add user to the `Apple` team if they have either of the following groups: ----- @@ -36,13 +38,13 @@ cn=Operators,ou=AAP,ou=example,co=com image::am-apple-team-map-example.png[Add user to a team mapping example] -.Do not escalate privileges +*Do not escalate privileges* In this example, you never escalate users to a superuser. But note, this rule does not revoke a user’s superuser permission because the revoke option is not set. image::am-do-not-escalate-privileges.png[Do not escalate privileges mapping example] -.Escalate privileges based on a user having a group +*Escalate privileges based on a user having a group* In this example, you escalate user privileges to superuser if they belong to the following group: @@ -52,7 +54,7 @@ cn=Administrators,ou=AAP image::am-escalate-privileges.png[Escalate privileges mapping example] -.Using mapping order to create exceptions +*Using mapping order to create exceptions* Since maps are executed in order, it is possible to create exceptions. Expanding on the previous example for __Do not escalate privileges__, you can add another rule with a higher order, such as, __Escalate privileges__. diff --git a/downstream/modules/platform/con-gw-authenticator-map-triggers.adoc b/downstream/modules/platform/con-gw-authenticator-map-triggers.adoc index 96ae787345..503de28fcd 100644 --- a/downstream/modules/platform/con-gw-authenticator-map-triggers.adoc +++ b/downstream/modules/platform/con-gw-authenticator-map-triggers.adoc @@ -28,7 +28,7 @@ See the *Operation* field to determine the behavior of the trigger if more than Group identifiers must be entered in lowercase. For example, `cn=johnsmith,dc=example,dc=com` instead of `CN=johnsmith,DC=example,DC=com`. ==== + -Attribute:: The map is true or false based on a users attributes coming from the source system. See link:{URLCentralAuth}/gw-configure-authentication#gw-authenticator-map-examples[Authenticator map examples] for information on using *Attribute* triggers. +Attribute:: The map is true or false based on a users attributes coming from the source system. See link:{URLCentralAuth}/gw-configure-authentication#gw-authenticator-map-examples[Authenticator map examples] for information about using *Attribute* triggers. + When defining an attribute trigger, the authentication mapping expands to include the following selections: + @@ -36,7 +36,7 @@ When defining an attribute trigger, the authentication mapping expands to includ + [NOTE] ==== -If you would like to experiment with multiple attribute maps you can do that through the API but the UI form will remove multi-attribute maps if the authenticator is saved through the UI. When adding multiple attributes to a map, the *Operation* will also apply to the attributes. +If you want to experiment with multiple attribute maps you can do that through the API but the UI form will remove multi-attribute maps if the authenticator is saved through the UI. When adding multiple attributes to a map, the *Operation* will also apply to the attributes. ==== + * *Attribute:* The name of the attribute coming from the source system this trigger will be evaluated against. For example, if you wanted the trigger to fire based on the user's last name and the last name field in the source system was called `users_last_name` you would enter the value ‘users_last_name’ in this field. @@ -46,10 +46,10 @@ If you would like to experiment with multiple attribute maps you can do that thr ** *matches*: The *Value* on the trigger is treated as a python regular expression and does an link:https://docs.python.org/3/library/re.html#re.match[Regular expression match (re.match)] (with case ignore on) between the specified *Value* and the value returned from the source system. For example, if the trigger's *Value* was ‘Jo’ the trigger would return _True_ if the value from the source was ‘John‘ or ‘Joanne‘ or any other value which matched the regular expression ‘Jo’. The trigger would return _False_ if the sources value for the attribute was ‘Dan’ because ‘Dan’ does not match the regular expression ‘Jo’. ** *ends with*: The trigger will see if the value provided by the source ends with the specified *Value* of the trigger. For example, if the source provided a value of ‘John’ the trigger would be _True_ if its *Value* was set to ‘n’ or ‘on’. The trigger would be _False_ if its *Value* was set to ‘z’ because the value ‘John’ coming from the source does not end with the value ’z’ specified by the trigger. ** *equal*: The trigger will see if the value provided by the source is equal to (in its entirety) the specified *Value* of the trigger. For example, if the source returned the value ‘John’, the trigger would be _True_ if its *Value* was set to ‘John’. Any value other than ‘John’ returned from the source would set this trigger to _False_. -** *in*: The *in* condition will see if the value matches one of several values. When *in* is specified as the *Comparison*, the *Value* field can be a comma separated list. For example, if a trigger had a *Value* of ‘John,Donna’ the trigger would be _True_ if the attribute coming from the source had either the value ‘John’ or ‘Donna’. Otherwise, the trigger would be _False_. +** *in*: The *in* condition checks if the value matches one of several values. When *in* is specified as the *Comparison*, the *Value* field can be a comma-separated list. For example, if a trigger had a *Value* of ‘John,Donna’ the trigger would be _True_ if the attribute coming from the source had either the value ‘John’ or ‘Donna’. Otherwise, the trigger would be _False_. ** *Value*: The value that a users attribute will be matched against based on the *Comparison* field. See examples in the *Comparison* definition in this section. + [NOTE] ==== -If the *Comparison* type is *in*, this field can be a comma separated list (without spaces). +If the *Comparison* type is *in*, this field can be a comma-separated list (without spaces). ==== diff --git a/downstream/modules/platform/con-gw-authenticator-map-types.adoc b/downstream/modules/platform/con-gw-authenticator-map-types.adoc index 20645d38e6..3e38c57cca 100644 --- a/downstream/modules/platform/con-gw-authenticator-map-types.adoc +++ b/downstream/modules/platform/con-gw-authenticator-map-types.adoc @@ -6,7 +6,7 @@ {PlatformNameShort} supports the following rule types: -Allow:: Determine if the user is allowed to log into the system. +Allow:: Determine if the user is allowed to log in to the system. Organization:: Determine if a user should be put into an organization. Team:: Determine if the user should be a member of a team. Role:: Determine if the user is a member of a role (for example, _System Auditor_). diff --git a/downstream/modules/platform/con-gw-understanding-authenticator-mapping.adoc b/downstream/modules/platform/con-gw-understanding-authenticator-mapping.adoc index 532bff1b2f..23924fb9d0 100644 --- a/downstream/modules/platform/con-gw-understanding-authenticator-mapping.adoc +++ b/downstream/modules/platform/con-gw-understanding-authenticator-mapping.adoc @@ -4,7 +4,7 @@ = Understanding authenticator mapping -Authentication:: Validates a user’s identity, typically through a username and password or a trust system. +Authentication:: Validates a user's identity, typically through a username and password or a trust system. Authorization:: Determines what an authenticated user can do once they are authenticated. In {PlatformNameShort}, authenticators manage authentication, validating users and returning details such as their username, first name, email, and group memberships (for example, LDAP groups). Authorization comes from the authenticator’s associated maps. diff --git a/downstream/modules/platform/proc-aap-enable-disable-auth.adoc b/downstream/modules/platform/proc-aap-enable-disable-auth.adoc index c520e894a3..a295edc89a 100644 --- a/downstream/modules/platform/proc-aap-enable-disable-auth.adoc +++ b/downstream/modules/platform/proc-aap-enable-disable-auth.adoc @@ -15,13 +15,13 @@ Dependency on enterprise authentication provider:: If the local authenticator is * You have at least one other authenticator method configured. * You have at least one administrator account that can authenticate using your alternate authenticator. -.Procedure - [CAUTION] ==== Disabling the local authenticator without an alternative authentication in place can result in a locked environment. ==== +.Procedure + . From the navigation panel, select {MenuAMAuthentication}. . Ensure that at least one other authenticator type is configured and enabled. . Select your *Local Authenticator*. diff --git a/downstream/modules/platform/proc-controller-apps-create-tokens.adoc b/downstream/modules/platform/proc-controller-apps-create-tokens.adoc index 7faf8f324b..010d4d4cdc 100644 --- a/downstream/modules/platform/proc-controller-apps-create-tokens.adoc +++ b/downstream/modules/platform/proc-controller-apps-create-tokens.adoc @@ -51,4 +51,4 @@ You can verify that the application now shows the user with the appropriate toke Your token should be displayed in the list of tokens associated with the application you chose. .Additional resources -If you are a system administrator and have to create or remove tokens for other users, see the revoke and create commands in xref:ref-controller-token-session-management[Token and session management]. +* xref:ref-controller-token-session-management[Token and session management] diff --git a/downstream/modules/platform/ref-controller-organization-mapping.adoc b/downstream/modules/platform/proc-controller-organization-mapping.adoc similarity index 96% rename from downstream/modules/platform/ref-controller-organization-mapping.adoc rename to downstream/modules/platform/proc-controller-organization-mapping.adoc index 64f0ded363..e329b31a54 100644 --- a/downstream/modules/platform/ref-controller-organization-mapping.adoc +++ b/downstream/modules/platform/proc-controller-organization-mapping.adoc @@ -1,6 +1,6 @@ :_mod-docs-content-type: PROCEDURE -[id="ref-controller-organization-mapping"] +[id="proc-controller-organization-mapping"] = Organization mapping diff --git a/downstream/modules/platform/ref-controller-team-mapping.adoc b/downstream/modules/platform/proc-controller-team-mapping.adoc similarity index 65% rename from downstream/modules/platform/ref-controller-team-mapping.adoc rename to downstream/modules/platform/proc-controller-team-mapping.adoc index 6240875d83..05cc1530e0 100644 --- a/downstream/modules/platform/ref-controller-team-mapping.adoc +++ b/downstream/modules/platform/proc-controller-team-mapping.adoc @@ -1,16 +1,16 @@ :_mod-docs-content-type: PROCEDURE -[id="ref-controller-team-mapping"] +[id="proc-controller-team-mapping"] = Team mapping Team mapping is the mapping of team members (users) from authenticators. -You can define the options for each team’s membership. For each team, you can specify which users are automatically added as members of the team and also which users can administer the team. +You can define the options for each team's membership. For each team, you can specify which users are automatically added as members of the team and also which users can administer the team. Team mappings can be specified separately for each account authentication. -When Team mapping is positively evaluated, a specified team and its organization are created, if they don’t exist if the related authenticator is allowed to create objects. +When Team mapping is positively evaluated, a specified team and its organization are created, if they don't exist if the related authenticator is allowed to create objects. .Procedure @@ -19,7 +19,7 @@ When Team mapping is positively evaluated, a specified team and its organization . Select *Team* from the *Add authentication mapping* list. . Enter a unique rule *Name* to identify the rule. . Select a *Trigger* from the list. See xref:gw-authenticator-map-triggers[Authenticator map triggers] for more information about map triggers. -. Select *Revoke* to remove the user’s access to the selected organization role and deny user access to the system when the trigger conditions are not matched. +. Select *Revoke* to remove the user's access to the selected organization role and deny user access to the system when the trigger conditions are not matched. . Select the *Team* and *Organization* to which matching users are added or blocked. . Select a *Role* to be applied or removed for matching users (for example, *Team Admin* or *Team Member*). . Click btn:[Next]. diff --git a/downstream/modules/platform/proc-gw-allow-mapping.adoc b/downstream/modules/platform/proc-gw-allow-mapping.adoc index a6805890c8..0f0b0eb688 100644 --- a/downstream/modules/platform/proc-gw-allow-mapping.adoc +++ b/downstream/modules/platform/proc-gw-allow-mapping.adoc @@ -1,4 +1,4 @@ -:_mod-docs-content-type: CONCEPT +:_mod-docs-content-type: PROCEDURE [id="gw-allow-mapping"] diff --git a/downstream/modules/platform/proc-gw-role-mapping.adoc b/downstream/modules/platform/proc-gw-role-mapping.adoc index 37769b6663..1b837d7faa 100644 --- a/downstream/modules/platform/proc-gw-role-mapping.adoc +++ b/downstream/modules/platform/proc-gw-role-mapping.adoc @@ -6,7 +6,7 @@ Role mapping is the mapping of a user either to a global role, such as Platform Auditor, or team or organization role. -When a Team and/or Organization is specified together with the appropriate Role, the behavior is identical with Organization mapping or Team mapping. +When a Team or Organization is specified together with the appropriate Role, the behavior is identical with Organization mapping or Team mapping. Role mapping can be specified separately for each account authentication. diff --git a/downstream/modules/platform/ref-controller-token-session-management.adoc b/downstream/modules/platform/ref-controller-token-session-management.adoc index 9101517bee..62dbcd346d 100644 --- a/downstream/modules/platform/ref-controller-token-session-management.adoc +++ b/downstream/modules/platform/ref-controller-token-session-management.adoc @@ -7,9 +7,14 @@ {PlatformNameShort} supports the following commands for OAuth2 token management: * xref:ref-controller-create-oauth2-token[`create_oauth2_token`] + * xref:ref-controller-revoke-oauth2-token[`revoke_oauth2_tokens`] + * xref:ref-controller-clear-sessions[`cleartokens`] + //[emcwhinn - Temporarily hiding expire sessions module as it does not yet exist for gateway as per AAP-35735] //* xref:ref-controller-expire-sessions[`expire_sessions`] + * xref:ref-controller-clear-sessions[`clearsessions`] + From 212219e483eb6d534d332345c20bec9f102ba964 Mon Sep 17 00:00:00 2001 From: EMcWhinn <122449381+EMcWhinn@users.noreply.github.com> Date: Fri, 15 Aug 2025 10:43:05 +0100 Subject: [PATCH 57/71] Editing access management files for DITA (#4074) (#4075) * Editing access management files for DITA Chapter 5,6 & 7 Access management and authentication https://issues.redhat.com/browse/AAP-51509 Affects titles/central-auth * Final DITA edits in PR * Peer review edit --- .../platform/assembly-controller-organizations.adoc | 2 +- .../assemblies/platform/assembly-controller-teams.adoc | 3 ++- .../assemblies/platform/assembly-controller-users.adoc | 2 +- .../assemblies/platform/assembly-gw-managing-access.adoc | 5 ++++- downstream/assemblies/platform/assembly-gw-roles.adoc | 3 +++ downstream/assemblies/platform/assembly-gw-settings.adoc | 8 ++++++++ .../platform/con-controller-access-organizations.adoc | 1 + .../platform/proc-controller-creating-a-user.adoc | 7 ++++--- ...c => proc-controller-organization-notifications.adoc} | 9 ++++++--- .../platform/proc-controller-user-permissions.adoc | 2 +- ...r-user-roles.adoc => proc-controller-user-roles.adoc} | 7 +++---- downstream/modules/platform/proc-gw-delete-roles.adoc | 2 +- downstream/modules/platform/proc-gw-delete-team.adoc | 2 +- downstream/modules/platform/proc-gw-edit-roles.adoc | 2 +- downstream/modules/platform/proc-gw-editing-a-user.adoc | 4 ++-- .../modules/platform/proc-gw-remove-roles-user.adoc | 1 + .../modules/platform/proc-gw-select-auth-type.adoc | 4 ++-- .../modules/platform/proc-gw-team-access-resources.adoc | 1 + downstream/modules/platform/proc-gw-team-add-user.adoc | 1 + 19 files changed, 44 insertions(+), 22 deletions(-) rename downstream/modules/platform/{ref-controller-organization-notifications.adoc => proc-controller-organization-notifications.adoc} (76%) rename downstream/modules/platform/{ref-controller-user-roles.adoc => proc-controller-user-roles.adoc} (71%) diff --git a/downstream/assemblies/platform/assembly-controller-organizations.adoc b/downstream/assemblies/platform/assembly-controller-organizations.adoc index 744c4a541e..95baaa1584 100644 --- a/downstream/assemblies/platform/assembly-controller-organizations.adoc +++ b/downstream/assemblies/platform/assembly-controller-organizations.adoc @@ -32,7 +32,7 @@ include::platform/proc-gw-add-team-organization.adoc[leveloffset=+2] include::platform/proc-gw-delete-organization.adoc[leveloffset=+2] -include::platform/ref-controller-organization-notifications.adoc[leveloffset=+1] +include::platform/proc-controller-organization-notifications.adoc[leveloffset=+1] include::platform/proc-gw-organizations-exec-env.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-controller-teams.adoc b/downstream/assemblies/platform/assembly-controller-teams.adoc index 2d7657b1e6..9a3bc36a56 100644 --- a/downstream/assemblies/platform/assembly-controller-teams.adoc +++ b/downstream/assemblies/platform/assembly-controller-teams.adoc @@ -8,7 +8,8 @@ ifdef::context[:parent-context: {context}] :context: controller-teams -A team is a subdivision of an organization with associated users, and resources. Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations. For instance, you can grant permissions to a Team rather than each user on the team. +A team is a subdivision of an organization with associated users, and resources. Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations. +For example, you can grant permissions to a Team rather than each user on the team. You can create as many teams as needed for your organization. Teams can only be assigned to one organization while an organization can be made up of multiple teams. Each team can be assigned roles, the same way roles are assigned for users. Teams can also scalably assign ownership for credentials, preventing multiple interface click-throughs to assign the same credentials to the same user. diff --git a/downstream/assemblies/platform/assembly-controller-users.adoc b/downstream/assemblies/platform/assembly-controller-users.adoc index b59f86c46f..6b69ecdce6 100644 --- a/downstream/assemblies/platform/assembly-controller-users.adoc +++ b/downstream/assemblies/platform/assembly-controller-users.adoc @@ -27,7 +27,7 @@ include::platform/proc-gw-editing-a-user.adoc[leveloffset=+1] include::platform/proc-controller-deleting-a-user.adoc[leveloffset=+1] -include::platform/ref-controller-user-roles.adoc[leveloffset=+1] +include::platform/proc-controller-user-roles.adoc[leveloffset=+1] include::platform/proc-gw-remove-roles-user.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-gw-managing-access.adoc b/downstream/assemblies/platform/assembly-gw-managing-access.adoc index c21124dd11..e234ad6ef3 100644 --- a/downstream/assemblies/platform/assembly-gw-managing-access.adoc +++ b/downstream/assemblies/platform/assembly-gw-managing-access.adoc @@ -2,7 +2,7 @@ [id="gw-managing-access"] -= Managing access with role based access control += Managing access with role-based access control :context: gw-manage-rbac @@ -13,7 +13,10 @@ You can control what users can do with the components of {PlatformNameShort} at Roles can be defined with multiple permissions that can then be assigned to resources, teams and users. The permissions that make up a role dictate what the assigned role allows. Permissions are allocated with only the access needed for a user to perform the tasks appropriate for their role. include::assembly-controller-organizations.adoc[leveloffset=+1] + include::assembly-controller-teams.adoc[leveloffset=+1] + include::assembly-controller-users.adoc[leveloffset=+1] + include::assembly-gw-resources.adoc[leveloffset=+1] \ No newline at end of file diff --git a/downstream/assemblies/platform/assembly-gw-roles.adoc b/downstream/assemblies/platform/assembly-gw-roles.adoc index 50a859b546..8234afba6a 100644 --- a/downstream/assemblies/platform/assembly-gw-roles.adoc +++ b/downstream/assemblies/platform/assembly-gw-roles.adoc @@ -7,7 +7,10 @@ Roles are units of organization in the {PlatformName}. When you assign a role to a team or user, you are granting access to use, read, or write credentials. Because of the file structure associated with a role, roles become redistributable units that enable you to share behavior among resources, or with other users. All access that is granted to use, read, or write credentials is handled through roles, and roles are defined for a resource. include::platform/proc-gw-roles.adoc[leveloffset=+1] + include::platform/proc-gw-create-roles.adoc[leveloffset=+1] + include::platform/proc-gw-edit-roles.adoc[leveloffset=+1] + include::platform/proc-gw-delete-roles.adoc[leveloffset=+1] diff --git a/downstream/assemblies/platform/assembly-gw-settings.adoc b/downstream/assemblies/platform/assembly-gw-settings.adoc index 763df5ef21..ae6f41c214 100644 --- a/downstream/assemblies/platform/assembly-gw-settings.adoc +++ b/downstream/assemblies/platform/assembly-gw-settings.adoc @@ -17,11 +17,19 @@ The other selections available from the *Settings* menu are specific to automati ==== include::platform/proc-controller-configure-subscriptions.adoc[leveloffset=+1] + include::platform/proc-settings-platform-gateway.adoc[leveloffset=+1] + include::platform/proc-settings-gw-security-options.adoc[leveloffset=+2] + include::platform/proc-settings-gw-session-options.adoc[leveloffset=+2] + include::platform/proc-settings-gw-password-security.adoc[leveloffset=+2] + include::platform/proc-settings-gw-custom-login.adoc[leveloffset=+2] + include::platform/proc-settings-gw-additional-options.adoc[leveloffset=+2] + include::platform/proc-settings-user-preferences.adoc[leveloffset=+1] + include::platform/proc-settings-troubleshooting.adoc[leveloffset=+1] diff --git a/downstream/modules/platform/con-controller-access-organizations.adoc b/downstream/modules/platform/con-controller-access-organizations.adoc index a89326e8f7..24e9b03ca8 100644 --- a/downstream/modules/platform/con-controller-access-organizations.adoc +++ b/downstream/modules/platform/con-controller-access-organizations.adoc @@ -3,6 +3,7 @@ [id="con-controller-access-organizations"] = Access to organizations + You can manage access to an organization by selecting an organization from the *Organizations* list view and selecting the associated tabs for providing access to xref:proc-controller-add-organization-user[Users], xref:proc-gw-add-admin-organization[Administrators] or xref:proc-gw-add-team-organization[Teams]. diff --git a/downstream/modules/platform/proc-controller-creating-a-user.adoc b/downstream/modules/platform/proc-controller-creating-a-user.adoc index 3871b2ccd4..793a1e1fbc 100644 --- a/downstream/modules/platform/proc-controller-creating-a-user.adoc +++ b/downstream/modules/platform/proc-controller-creating-a-user.adoc @@ -7,7 +7,7 @@ There are three types of users in {PlatformNameShort}: Normal user:: Normal users have read and write access limited to the resources (such as inventory, projects, and job templates) for which that user has been granted the appropriate roles and privileges. Normal users are the default type of user when no other *User type* is specified. -{PlatformNameShort} Administrator:: An administrator (also known as a Superuser) has full system administration privileges — with full read and write privileges over the entire installation. An administrator is typically responsible for managing all aspects of and delegating responsibilities for day-to-day work to various users. +{PlatformNameShort} Administrator:: An administrator (also known as a Superuser) has full system administration privileges, with full read and write privileges over the entire installation. An administrator is typically responsible for managing all aspects of and delegating responsibilities for day-to-day work to various users. {PlatformNameShort} Auditor:: Auditors have read-only capability for all objects within the environment. .Procedure @@ -21,10 +21,11 @@ Normal user:: Normal users have read and write access limited to the resources ( If you are modifying your own password, log out and log back in again for it to take effect. ==== + -. Select the *Organization* to be assigned for this user. For information about creating a new organization, refer to xref:proc-controller-create-organization[Creating an organization]. +. Select the *Organization* to be assigned for this user. For information about creating a new organization, see xref:proc-controller-create-organization[Creating an organization]. . Click btn:[Create user]. -When the user is successfully created, the *User* dialog opens. From here, you can review and modify the user’s Teams, Roles, Tokens and other membership details. +.Next steps +When the user is successfully created, the *User* dialog opens. From here, you can review and change the user's Teams, Roles, Tokens and other membership details. [NOTE] ==== diff --git a/downstream/modules/platform/ref-controller-organization-notifications.adoc b/downstream/modules/platform/proc-controller-organization-notifications.adoc similarity index 76% rename from downstream/modules/platform/ref-controller-organization-notifications.adoc rename to downstream/modules/platform/proc-controller-organization-notifications.adoc index 2f2abdf67b..3b55bb7ed8 100644 --- a/downstream/modules/platform/ref-controller-organization-notifications.adoc +++ b/downstream/modules/platform/proc-controller-organization-notifications.adoc @@ -1,12 +1,13 @@ -:_mod-docs-content-type: REFERENCE +:_mod-docs-content-type: PROCEDURE -[id="ref-controller-organization-notifications"] +[id="proc-controller-organization-notifications"] = Working with notifiers When {ControllerName} is enabled on the platform, you can review any notifier integrations you have set up and manage their settings within the organization resource. .Procedure + . From the navigation panel, select {MenuAMOrganizations}. . From the *Organizations* list view, select the organization to which you want to manage notifications. //ddacosta - this might change to Notifiers tab. @@ -14,4 +15,6 @@ When {ControllerName} is enabled on the platform, you can review any notifier in . Use the toggles to enable or disable the notifications to use with your particular organization. For more information, see link:{URLControllerUserGuide}/controller-notifications#controller-enable-disable-notifications[Enable and disable notifications]. . If no notifiers have been set up, select {MenuAEAdminJobNotifications} from the navigation panel. -For information on configuring notification types, see link:{URLControllerUserGuide}/controller-notifications#controller-notification-types[Notification types]. +.Additional resources + +* link:{URLControllerUserGuide}/controller-notifications#controller-notification-types[Notification types] diff --git a/downstream/modules/platform/proc-controller-user-permissions.adoc b/downstream/modules/platform/proc-controller-user-permissions.adoc index 743388013d..8b64f8adc2 100644 --- a/downstream/modules/platform/proc-controller-user-permissions.adoc +++ b/downstream/modules/platform/proc-controller-user-permissions.adoc @@ -9,7 +9,7 @@ You can set permissions through an inventory, project, job template and other re [NOTE] ==== -Teams can not be assigned to an organization by adding roles. Refer to the steps provided in link:{URLCentralAuth}/gw-managing-access#proc-gw-add-team-organization[Adding a team to an organization] for detailed instructions. +Teams cannot be assigned to an organization by adding roles. Refer to the steps provided in link:{URLCentralAuth}/gw-managing-access#proc-gw-add-team-organization[Adding a team to an organization] for detailed instructions. ==== .Procedure diff --git a/downstream/modules/platform/ref-controller-user-roles.adoc b/downstream/modules/platform/proc-controller-user-roles.adoc similarity index 71% rename from downstream/modules/platform/ref-controller-user-roles.adoc rename to downstream/modules/platform/proc-controller-user-roles.adoc index f1d572669f..8056ebbd0f 100644 --- a/downstream/modules/platform/ref-controller-user-roles.adoc +++ b/downstream/modules/platform/proc-controller-user-roles.adoc @@ -1,5 +1,4 @@ -:_mod-docs-content-type: REFERENCE - +:_mod-docs-content-type: PROCEDURE [id="ref-controller-user-roles"] = Adding roles for a user @@ -8,12 +7,12 @@ You can grant access for users to use, read, or write credentials by assigning r [NOTE] ==== -Users can not be assigned to an organization by adding roles. Refer to the steps provided in link:{URLCentralAuth}/gw-managing-access#proc-controller-add-organization-user[Adding a user to an organization] for detailed instructions. +Users cannot be assigned to an organization by adding roles. Refer to the steps provided in link:{URLCentralAuth}/gw-managing-access#proc-controller-add-organization-user[Adding a user to an organization] for detailed instructions. ==== .Procedure . From the navigation panel, select {MenuAMUsers}. -. From the *Users* list view, click on the user to which you want to add roles. +. From the *Users* list view, click the user to which you want to add roles. . Select the *Roles* tab to display the set of roles assigned to this user. These provide the ability to read, modify, and administer resources. . To add new roles, click btn:[Add roles]. + diff --git a/downstream/modules/platform/proc-gw-delete-roles.adoc b/downstream/modules/platform/proc-gw-delete-roles.adoc index f4df6ffb78..64e0edb746 100644 --- a/downstream/modules/platform/proc-gw-delete-roles.adoc +++ b/downstream/modules/platform/proc-gw-delete-roles.adoc @@ -4,7 +4,7 @@ = Deleting a role -Built in roles can not be deleted, however, you can delete custom roles from the *Roles* list view. +Built-in roles cannot be deleted, however, you can delete custom roles from the *Roles* list view. .Procedure diff --git a/downstream/modules/platform/proc-gw-delete-team.adoc b/downstream/modules/platform/proc-gw-delete-team.adoc index 42b74f96b5..735c5058e8 100644 --- a/downstream/modules/platform/proc-gw-delete-team.adoc +++ b/downstream/modules/platform/proc-gw-delete-team.adoc @@ -9,7 +9,7 @@ Before you can delete a team, you must have team permissions. When you delete a .Procedure . From the navigation panel, select {MenuAMTeams}. -. Select the check box for the team that you want to remove. +. Select the checkbox for the team that you want to remove. . Select the {MoreActionsIcon} icon and select *Delete team*. + [NOTE] diff --git a/downstream/modules/platform/proc-gw-edit-roles.adoc b/downstream/modules/platform/proc-gw-edit-roles.adoc index 6b07202acc..f4170abdc0 100644 --- a/downstream/modules/platform/proc-gw-edit-roles.adoc +++ b/downstream/modules/platform/proc-gw-edit-roles.adoc @@ -4,7 +4,7 @@ = Editing a role -Built in roles can not be changed, however, you can modify custom roles from the *Roles* list view. The *Editable* column in the *Roles* list view indicates whether a role is _Built-in_ or _Editable_. +Built-in roles cannot be changed, however, you can modify custom roles from the *Roles* list view. The *Editable* column in the *Roles* list view indicates whether a role is _Built-in_ or _Editable_. .Procedure diff --git a/downstream/modules/platform/proc-gw-editing-a-user.adoc b/downstream/modules/platform/proc-gw-editing-a-user.adoc index 4f017fd8a0..a313551465 100644 --- a/downstream/modules/platform/proc-gw-editing-a-user.adoc +++ b/downstream/modules/platform/proc-gw-editing-a-user.adoc @@ -25,7 +25,7 @@ Users previously designated as {ControllerName} or {HubName} administrators are . From the navigation panel, select {MenuAMUsers}. -. Select the check box for the user that you want to modify. +. Select the checkbox for the user that you want to modify. . Click the *Pencil* icon and select *Edit user*. @@ -36,4 +36,4 @@ Users previously designated as {ControllerName} or {HubName} administrators are // If the user account was migrated to {PlatformNameShort} 2.5 during the upgrade process and had administrator privileges for an individual service, additional User type checkboxes will be available. You can use these checkboxes to revoke or add individual privileges or designate the user as a platform administrator, system auditor or normal user. // ==== + -. After your changes are complete, click *Save user*. \ No newline at end of file +. After your changes are complete, click *Save user*. diff --git a/downstream/modules/platform/proc-gw-remove-roles-user.adoc b/downstream/modules/platform/proc-gw-remove-roles-user.adoc index f6e47671ce..aa33be9edb 100644 --- a/downstream/modules/platform/proc-gw-remove-roles-user.adoc +++ b/downstream/modules/platform/proc-gw-remove-roles-user.adoc @@ -3,6 +3,7 @@ [id="proc-gw-remove-roles-user"] = Removing roles from a user + You can remove roles from a user by selecting the *-* icon next to the resource. This launches a confirmation dialog, asking you to confirm the removal. .Procedure diff --git a/downstream/modules/platform/proc-gw-select-auth-type.adoc b/downstream/modules/platform/proc-gw-select-auth-type.adoc index 21f90dff6e..955fd76fbe 100644 --- a/downstream/modules/platform/proc-gw-select-auth-type.adoc +++ b/downstream/modules/platform/proc-gw-select-auth-type.adoc @@ -30,9 +30,9 @@ Disabled:: Organizations and teams defined in the authenticator maps will not be + . Enable or disable *Remove Users*. If enabled, any access previously granted to a user is removed when they authenticate from this source. If disabled, permissions are only added or removed from the user based on the results of this authenticator's authenticator mappings. + -For example, assume a user has been granted the `is_superuser` permission in the system. And that user will log into an authenticator whose maps will not formulate an opinion as to whether or not the user should be a superuser. +For example, assume a user has been granted the `is_superuser` permission in the system. And that user will log in to an authenticator whose maps will not formulate an opinion as to whether or not the user should be a superuser. If *Remove Users* is enabled, the `is_superuser` permission will be removed from the user, the authenticator maps will not have an opinion as to whether it should be there or not so, after login the user will not have the `is_superuser` permission. + If *Remove Users* is disabled, the `is_superuser` permission _will not_ be removed from the user. The authenticator maps will not have an opinion as to whether it should be there or not so after login the user _will_ have the `is_superuser` permission. + -. Click btn:[Create mapping] and proceed to xref:gw-define-rules-triggers[Define authentication mapping rules and triggers]. +. Click btn:[Create Authentication Method] and proceed to xref:gw-define-rules-triggers[Define authentication mapping rules and triggers]. diff --git a/downstream/modules/platform/proc-gw-team-access-resources.adoc b/downstream/modules/platform/proc-gw-team-access-resources.adoc index 2ee8b1d0eb..226e0da0b3 100644 --- a/downstream/modules/platform/proc-gw-team-access-resources.adoc +++ b/downstream/modules/platform/proc-gw-team-access-resources.adoc @@ -3,6 +3,7 @@ [id="proc-gw-team-access"] = Providing team access to a resource + You can grant users access based on their team membership. When you add a user as a member of a team, they inherit access to the roles and resources defined for that team. [NOTE] diff --git a/downstream/modules/platform/proc-gw-team-add-user.adoc b/downstream/modules/platform/proc-gw-team-add-user.adoc index f208cde009..8802ae05d9 100644 --- a/downstream/modules/platform/proc-gw-team-add-user.adoc +++ b/downstream/modules/platform/proc-gw-team-add-user.adoc @@ -3,6 +3,7 @@ [id="proc-gw-team-add-user"] = Adding users to a team + To add a user to a team, the user must already have been created. For more information, see xref:proc-controller-creating-a-user[Creating a user]. Adding a user to a team adds them as a member only. Use the *Roles* tab to assign a role for different resources to the selected team. // [[hherbly]This may need to be replaced with updated steps for 2.6.] The following tab selections are available when adding users to a team. When user accounts from {ControllerName} or {HubName} organizations have been migrated to {PlatformNameShort} 2.5 during the upgrade process, the *Automation Execution* and *Automation Content* tabs show content based on whether the users were added to those organizations prior to migration. From 3505ddf48821ea6251c69c18f41f8d521b857224 Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Fri, 15 Aug 2025 11:19:02 +0100 Subject: [PATCH 58/71] Add empty line after conditional titles (#4077) (#4079) Correct error with conditionals for DITA migration https://issues.redhat.com/browse/AAP-51625 --- .../assemblies/platform/assembly-controller-projects.adoc | 2 ++ downstream/assemblies/platform/assembly-planning-mesh.adoc | 2 ++ downstream/modules/platform/con-automation-mesh-node-types.adoc | 1 + downstream/modules/platform/proc-controller-set-up-azure.adoc | 2 ++ downstream/modules/platform/proc-define-mesh-node-types.adoc | 2 ++ 5 files changed, 9 insertions(+) diff --git a/downstream/assemblies/platform/assembly-controller-projects.adoc b/downstream/assemblies/platform/assembly-controller-projects.adoc index 8ef83cb6f7..0f9879240f 100644 --- a/downstream/assemblies/platform/assembly-controller-projects.adoc +++ b/downstream/assemblies/platform/assembly-controller-projects.adoc @@ -3,9 +3,11 @@ [id="controller-projects"] ifdef::controller-GS[] = Managing projects + endif::controller-GS[] ifdef::controller-UG[] = Projects + endif::controller-UG[] A project is a logical collection of Ansible playbooks, represented in {ControllerName}. diff --git a/downstream/assemblies/platform/assembly-planning-mesh.adoc b/downstream/assemblies/platform/assembly-planning-mesh.adoc index 7bcd76758e..590d1046a4 100644 --- a/downstream/assemblies/platform/assembly-planning-mesh.adoc +++ b/downstream/assemblies/platform/assembly-planning-mesh.adoc @@ -5,9 +5,11 @@ ifdef::context[:parent-context: {context}] [id="assembly-planning-mesh"] ifdef::mesh-VM[] = Planning for {AutomationMesh} in your VM-based {PlatformName} environment + endif::mesh-VM[] ifdef::operator-mesh[] = Planning for {AutomationMesh} in your operator-based {PlatformName} environment + endif::operator-mesh[] :context: planning-mesh diff --git a/downstream/modules/platform/con-automation-mesh-node-types.adoc b/downstream/modules/platform/con-automation-mesh-node-types.adoc index aab50af8e4..d0e540a105 100644 --- a/downstream/modules/platform/con-automation-mesh-node-types.adoc +++ b/downstream/modules/platform/con-automation-mesh-node-types.adoc @@ -18,6 +18,7 @@ Learn more about the control and execution plane and their node types before des endif::operator-mesh[] == Control plane + ifdef::mesh-VM[] The *control plane* consists of hybrid and control nodes. Instances in the control plane run persistent {ControllerName} services such as the the web server and task dispatcher, in addition to project updates, and management jobs. diff --git a/downstream/modules/platform/proc-controller-set-up-azure.adoc b/downstream/modules/platform/proc-controller-set-up-azure.adoc index e4b99ceb57..f7f64c8e54 100644 --- a/downstream/modules/platform/proc-controller-set-up-azure.adoc +++ b/downstream/modules/platform/proc-controller-set-up-azure.adoc @@ -4,9 +4,11 @@ ifndef::controller-AG[] = Configuring {MSEntraID} authentication + endif::[] ifdef::controller-AG[] = {Azure} active directory authentication + endif::controller-AG[] ifndef::controller-AG[] diff --git a/downstream/modules/platform/proc-define-mesh-node-types.adoc b/downstream/modules/platform/proc-define-mesh-node-types.adoc index a825259059..690e8681dd 100644 --- a/downstream/modules/platform/proc-define-mesh-node-types.adoc +++ b/downstream/modules/platform/proc-define-mesh-node-types.adoc @@ -4,9 +4,11 @@ ifdef::controller-UG[] = Managing instances + endif::controller-UG[] ifdef::operator-mesh[] = Defining {AutomationMesh} node types + endif::operator-mesh[] To expand job capacity, create a standalone *execution node* that can be added to run alongside a deployment of {ControllerName}. From 49c6c42b8427af83dd6ce5efb3cf8621a3958702 Mon Sep 17 00:00:00 2001 From: Hala Date: Fri, 15 Aug 2025 15:00:08 -0500 Subject: [PATCH 59/71] fixed rss feed flagged as broken link and moves one module to the appropriate assembly (#4080) (#4082) --- .../assemblies/platform/assembly-gs-key-functionality.adoc | 2 ++ downstream/modules/platform/con-aap-notifications-feed.adoc | 3 +-- downstream/titles/getting-started/master.adoc | 2 -- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/downstream/assemblies/platform/assembly-gs-key-functionality.adoc b/downstream/assemblies/platform/assembly-gs-key-functionality.adoc index b70ccf774d..364adb14a2 100644 --- a/downstream/assemblies/platform/assembly-gs-key-functionality.adoc +++ b/downstream/assemblies/platform/assembly-gs-key-functionality.adoc @@ -31,6 +31,8 @@ include::platform/con-gs-automation-mesh.adoc[leveloffset=+1] include::platform/con-gs-ansible-lightspeed.adoc[leveloffset=+1] +include::platform/con-aap-notifications-feed.adoc[leveloffset=+1] + include::platform/con-gs-developer-tools.adoc[leveloffset=+1] include::platform/ref-gs-install-config.adoc[leveloffset=+1] diff --git a/downstream/modules/platform/con-aap-notifications-feed.adoc b/downstream/modules/platform/con-aap-notifications-feed.adoc index d7f6ed9993..944692bd22 100644 --- a/downstream/modules/platform/con-aap-notifications-feed.adoc +++ b/downstream/modules/platform/con-aap-notifications-feed.adoc @@ -9,8 +9,7 @@ Effective July 2025, the {PlatformNameShort} RSS notification feed will be available. This feed serves as a method for communicating various product updates and changes to customers. -Customers can subscribe to the notifications by visiting link:announcements.ansiblecloud.redhat.com/feed.atom[announcements.ansiblecloud.redhat.com/feed.atom]. -Using an RSS feed reader, customers will be updated with events such as {PlatformNameShort} upgrades and system maintenance. +Customers can subscribe to the notifications by visiting announcements.ansiblecloud.redhat.com/feed.atom through an RSS feed reader. This feed is updated with events such as {PlatformNameShort} upgrades and system maintenance. All {PlatformNameShort} customers can subscribe to this content. Messages include categorization tags to specify deployment types: managed, self-managed (on-prem), or a combination. diff --git a/downstream/titles/getting-started/master.adoc b/downstream/titles/getting-started/master.adoc index 20fe389e59..123b7a018f 100644 --- a/downstream/titles/getting-started/master.adoc +++ b/downstream/titles/getting-started/master.adoc @@ -27,5 +27,3 @@ include::platform/assembly-gs-platform-admin.adoc[leveloffset=+1] include::platform/assembly-gs-auto-dev.adoc[leveloffset=+1] include::platform/assembly-gs-auto-op.adoc[leveloffset=+1] - -include::platform/platform/con-aap-notifications-feed.adoc[leveloffset=+1] From a65ac8e5b6eb1071afe32f1f1e3fd3df822309f1 Mon Sep 17 00:00:00 2001 From: Jameria Self <73364088+jself-sudoku@users.noreply.github.com> Date: Mon, 18 Aug 2025 10:17:42 -0400 Subject: [PATCH 60/71] AAP-41466-B Document how to edit a project URL and the impact of edits on rulebook activations (#4083) (#4085) * AAP-41466-B Updated content for editing projects, including SC URL and the impact * AAP-41466-B Corrected formatting for Important admonition --- .../assemblies/eda/assembly-eda-projects.adoc | 2 +- .../modules/eda/proc-eda-editing-a-project.adoc | 17 ++++++++++++++--- .../eda/proc-eda-set-up-new-project.adoc | 15 +++++++-------- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/downstream/assemblies/eda/assembly-eda-projects.adoc b/downstream/assemblies/eda/assembly-eda-projects.adoc index 489e840299..4721f0e99e 100644 --- a/downstream/assemblies/eda/assembly-eda-projects.adoc +++ b/downstream/assemblies/eda/assembly-eda-projects.adoc @@ -3,7 +3,7 @@ = Projects -Projects are a logical collection of rulebooks. They must be a git repository and only http protocol is supported. The rulebooks of a project must be located in the path defined for {EDAName} content in Ansible collections: `/extensions/eda/rulebooks` at the root of the project. +Projects are a logical collection of rulebooks. They must be a git repository and located in the path defined for {EDAName} content in Ansible collections: `/extensions/eda/rulebooks` at the root of the project. [IMPORTANT] ==== diff --git a/downstream/modules/eda/proc-eda-editing-a-project.adoc b/downstream/modules/eda/proc-eda-editing-a-project.adoc index 9193bd0f3a..c5d7d92ff0 100644 --- a/downstream/modules/eda/proc-eda-editing-a-project.adoc +++ b/downstream/modules/eda/proc-eda-editing-a-project.adoc @@ -3,9 +3,20 @@ = Editing a project +You can modify various aspects of a project after you create it. Depending on the changes you make, a rulebook activation might be impacted, requiring you to review and restart it. + .Procedure . From the *Projects* list view, select the btn:[More Actions] icon *{MoreActionsIcon}* next to the desired project. The Edit page is displayed. -. Enter the required changes and select btn:[Save project]. -//[J. Self]replace the following image, if possible -//::eda-edit-project.png[Edit project] \ No newline at end of file +. Edit the desired fields. ++ +[IMPORTANT] +==== +When you update a project's *Source control URL*, *Source control branch/tag/commit*, or *Source control refspec*, {EDAName} automatically triggers a project resync. This process updates the rulebooks available within {EDAcontroller} and can significantly impact existing rulebook activations: + +* *Rulebook Content Updates*: Running activations continue to use old content when a rulebook's content changes. To apply the newer content, you must restart the affected rulebook activation. If the rulebook content you update is attached to an activation that uses event streams, you must re-attach the event stream to that activation after the updates are applied and then, restart the activation. +* *New Rulebooks*: Any new rulebook added to the repository becomes available in the database after the sync. +* *Deleted Rulebooks*: A removed rulebook is deleted from the database upon sync. Its associated activations, however, continue to run and can be restarted. Review and update any activations detached from their source rulebook. +==== ++ +. Select btn:[Save project]. \ No newline at end of file diff --git a/downstream/modules/eda/proc-eda-set-up-new-project.adoc b/downstream/modules/eda/proc-eda-set-up-new-project.adoc index 74551bf3e2..a409e00b94 100644 --- a/downstream/modules/eda/proc-eda-set-up-new-project.adoc +++ b/downstream/modules/eda/proc-eda-set-up-new-project.adoc @@ -6,14 +6,14 @@ You can set up projects to manage and store your rulebooks in {EDAcontroller}. .Prerequisites -// [ddacosta] I'm not sure whether there will be an EDA specific dashboard in the gateway. Step 1 might need to change to something like "Log in to AAP". + * You are logged in to the {PlatformNameShort} Dashboard as a Content Consumer. * You have set up a credential, if necessary. For more information, see the link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credentials#eda-set-up-credential[Setting up credentials][Setting up credentials] section. -* You have an existing repository containing rulebooks that are integrated with playbooks contained in a repository to be used by {ControllerName}. +* You have an existing repository containing rulebooks. .Procedure -// [ddacosta] I'm not sure whether there will be an EDA specific dashboard in the gateway. Step 1 might need to change to something like "Log in to AAP". + . Log in to the {PlatformNameShort} Dashboard. . Navigate to *{MenuADProjects}*. . Click btn:[Create project]. @@ -22,16 +22,15 @@ For more information, see the link:https://docs.redhat.com/en/documentation/red_ Name:: Enter project name. Description:: This field is optional. Source control type:: Git is the only source control type available for use. This field is optional. -Source control URL:: Enter Git, SSH, or HTTP[S] protocol address of a repository, such as GitHub or GitLab. This field is not editable. +Source control URL:: Enter Git, SSH, or HTTP[S] protocol address of a repository, such as GitHub or GitLab. This field is not editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. + [NOTE] ==== This field accepts SSH private key or private key phrase. To enable the use of these private keys, your project URL must begin with `git@`. ==== -Proxy:: This is used to access access HTTP or HTTPS servers. This field is optional. -Source control branch/tag/commit:: This is the branch to checkout. In addition to branches, you can input tags, commit hashes, and arbitrary refs. Some commit hashes and refs may not be available unless you also provide a custom refspec. This field is optional. -Source control refspec:: A refspec to fetch (passed to the Ansible git module). This parameter allows access to references via the branch field not otherwise available. This field is optional. -For more information, see link:https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html#examples[Examples]. +Proxy:: This is used to access HTTP or HTTPS servers. This field is optional and editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. +Source control branch/tag/commit:: This is the branch to checkout. In addition to branches, you can input tags, commit hashes, and arbitrary refs. Some commit hashes and refs may not be available unless you also provide a custom refspec. This field is optional and editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. +Source control refspec:: A refspec to fetch (passed to the Ansible git module). This parameter allows access to references via the branch field not otherwise available. This field is optional. and editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. For more information, see link:https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html#examples[Examples]. Source control credential:: You must have this credential to utilize the source control URL. This field is optional. Content signature validation credential:: Enable content signing to verify that the content has remained secure when a project is synced. If the content has been tampered with, the job will not run. This field is optional. Options:: The Verify SSL option is enabled by default. Enabling this option verifies the SSL with HTTPS when the project is imported. From 9dfc25efdcca0eff99b381516f36352999ae8f30 Mon Sep 17 00:00:00 2001 From: Jameria Self <73364088+jself-sudoku@users.noreply.github.com> Date: Mon, 18 Aug 2025 17:08:45 -0400 Subject: [PATCH 61/71] AAP-51751 Correct part of the description for Source Control URL field for EDA projects (#4087) (#4088) * AAP-51751 Corrected Source control URL and add'l update to SC credential * AAP-51751 Tweaked the source control credential to ensure accuracy --- downstream/modules/eda/proc-eda-set-up-new-project.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/downstream/modules/eda/proc-eda-set-up-new-project.adoc b/downstream/modules/eda/proc-eda-set-up-new-project.adoc index a409e00b94..03e27f710f 100644 --- a/downstream/modules/eda/proc-eda-set-up-new-project.adoc +++ b/downstream/modules/eda/proc-eda-set-up-new-project.adoc @@ -22,7 +22,7 @@ For more information, see the link:https://docs.redhat.com/en/documentation/red_ Name:: Enter project name. Description:: This field is optional. Source control type:: Git is the only source control type available for use. This field is optional. -Source control URL:: Enter Git, SSH, or HTTP[S] protocol address of a repository, such as GitHub or GitLab. This field is not editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. +Source control URL:: Enter Git, SSH, or HTTP[S] protocol address of a repository, such as GitHub or GitLab. This required field is editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. + [NOTE] ==== @@ -30,8 +30,8 @@ This field accepts SSH private key or private key phrase. To enable the use of t ==== Proxy:: This is used to access HTTP or HTTPS servers. This field is optional and editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. Source control branch/tag/commit:: This is the branch to checkout. In addition to branches, you can input tags, commit hashes, and arbitrary refs. Some commit hashes and refs may not be available unless you also provide a custom refspec. This field is optional and editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. -Source control refspec:: A refspec to fetch (passed to the Ansible git module). This parameter allows access to references via the branch field not otherwise available. This field is optional. and editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. For more information, see link:https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html#examples[Examples]. -Source control credential:: You must have this credential to utilize the source control URL. This field is optional. +Source control refspec:: A refspec to fetch (passed to the Ansible git module). This parameter allows access to references via the branch field not otherwise available. This field is optional and editable. See link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-projects#eda-editing-a-project[Editing a project] to view details of how editing this field impacts rulebook activations. For more information, see link:https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html#examples[Examples]. +Source control credential:: This is an optional credential used to authenticate with the provided Source control URL. Content signature validation credential:: Enable content signing to verify that the content has remained secure when a project is synced. If the content has been tampered with, the job will not run. This field is optional. Options:: The Verify SSL option is enabled by default. Enabling this option verifies the SSL with HTTPS when the project is imported. + From 58900c4544aa652365cb70554013ac19a0995718 Mon Sep 17 00:00:00 2001 From: KylaF8 <92089627+KylaF8@users.noreply.github.com> Date: Tue, 19 Aug 2025 12:40:16 +0100 Subject: [PATCH 62/71] AAP-51371 DITA AuthorLine Updates. (#4084) (#4090) --- .../builder/con-ansible-config-file-path.adoc | 1 + .../platform/proc-aap-controller-yaml-restore.adoc | 1 + .../platform/proc-controller-host-metrics.adoc | 1 + .../platform/proc-creating-a-secret.adoc | 1 + .../platform/proc-creating-controller-form-view.adoc | 1 + .../platform/assembly-controller-projects.adoc | 2 ++ .../aap-hardening/con-protect-sensitive-data-no-log.adoc | 1 + downstream/modules/builder/con-galaxy-dependencies.adoc | 1 + .../modules/platform/con-controller-fips-support.adoc | 3 ++- .../modules/platform/con-controller-overview-api.adoc | 1 + .../platform/con-controller-overview-auth-enhance.adoc | 1 + .../platform/con-controller-overview-automation.adoc | 1 + .../platform/con-controller-overview-backup-restore.adoc | 1 + .../con-controller-overview-cloud-autoscaling.adoc | 1 + .../platform/con-controller-overview-cluster-manage.adoc | 1 + .../platform/con-controller-overview-exploration.adoc | 1 + .../modules/platform/con-controller-overview-galaxy.adoc | 1 + .../platform/con-controller-overview-host-limits.adoc | 1 + .../con-controller-overview-inventory-plugins.adoc | 1 + .../platform/con-controller-overview-notifiers.adoc | 1 + .../platform/con-controller-overview-openstack.adoc | 1 + .../modules/platform/con-controller-overview-rbac.adoc | 1 + .../platform/con-controller-overview-remote-exec.adoc | 1 + .../con-controller-overview-secret-management.adoc | 1 + .../platform/con-controller-overview-tracking.adoc | 1 + .../platform/con-controller-overview-virtual-envs.adoc | 1 + .../con-controller-overview-workflow-enhancements.adoc | 1 + downstream/modules/platform/con-gw-activity-stream.adoc | 1 + .../modules/platform/proc-controller-proxy-settings.adoc | 1 + .../platform/proc-deprovision-isolated-groups.adoc | 1 + .../platform/proc-deprovision-isolated-nodes.adoc | 1 + .../modules/platform/proc-enable-proxy-support.adoc | 1 + downstream/modules/platform/proc-set-EDA-proxy.adoc | 1 + .../modules/platform/ref-automation-mesh-proxy.adoc | 9 +++++++++ downstream/modules/platform/ref-deprovisioning.adoc | 1 + downstream/modules/platform/ref-renewal-guidance.adoc | 1 + downstream/modules/platform/ref-report-types.adoc | 1 + downstream/modules/platform/ref-system-proxy-config.adoc | 1 + downstream/modules/platform/ref_proxy-backends.adoc | 1 + .../modules/playbooks/proc-starting-automation.adoc | 1 + downstream/modules/playbooks/ref-create-variables.adoc | 1 + .../modules/playbooks/ref-run-network-command.adoc | 1 + downstream/modules/playbooks/ref-use-meta-groups.adoc | 1 + 43 files changed, 53 insertions(+), 1 deletion(-) diff --git a/downstream/archive/archived-modules/builder/con-ansible-config-file-path.adoc b/downstream/archive/archived-modules/builder/con-ansible-config-file-path.adoc index d962321228..a04ba42988 100644 --- a/downstream/archive/archived-modules/builder/con-ansible-config-file-path.adoc +++ b/downstream/archive/archived-modules/builder/con-ansible-config-file-path.adoc @@ -1,6 +1,7 @@ [id="con-ansible-config-file-path"] = Ansible config file path + The `ansible_config` directive allows specifying the path to an `ansible.cfg` file to pass a token and other settings for a private account to an {HubName} server during the Collection installation stage of the build. The config file path should be relative to the definition file location, and will be copied to the generated container build context. The `ansible.cfg` file should be formatted like the following example: diff --git a/downstream/archive/archived-modules/platform/proc-aap-controller-yaml-restore.adoc b/downstream/archive/archived-modules/platform/proc-aap-controller-yaml-restore.adoc index bdc5dcb316..9422ed7817 100644 --- a/downstream/archive/archived-modules/platform/proc-aap-controller-yaml-restore.adoc +++ b/downstream/archive/archived-modules/platform/proc-aap-controller-yaml-restore.adoc @@ -1,6 +1,7 @@ [id="aap-controller-yaml-restore"] = Using YAML to recover the {ControllerNameStart} deployment + See the following procedure for how to restore a deployment of the {ControllerName} using YAML. .Prerequisite diff --git a/downstream/archive/archived-modules/platform/proc-controller-host-metrics.adoc b/downstream/archive/archived-modules/platform/proc-controller-host-metrics.adoc index f15925c52c..207b45eaac 100644 --- a/downstream/archive/archived-modules/platform/proc-controller-host-metrics.adoc +++ b/downstream/archive/archived-modules/platform/proc-controller-host-metrics.adoc @@ -1,6 +1,7 @@ [id="proc-controller-host-metrics"] = Host Metrics + //[ddacosta] I don't see a Host Metrics menu selection off the standalone navigation panel. Should it be Resources > Hosts? If so, add replace with {MenuInfrastructureHosts} //[ddacosta] For 2.5 Host Metrics is off the Analytics menu. Use {MenuAAHostMetrics} * From the navigation panel, select menu:Host Metrics[] to see the activity associated with hosts, which includes counts on those that have been automated, used in inventories, and deleted. diff --git a/downstream/archive/archived-modules/platform/proc-creating-a-secret.adoc b/downstream/archive/archived-modules/platform/proc-creating-a-secret.adoc index efefaa9855..d54f669912 100644 --- a/downstream/archive/archived-modules/platform/proc-creating-a-secret.adoc +++ b/downstream/archive/archived-modules/platform/proc-creating-a-secret.adoc @@ -1,6 +1,7 @@ [id="proc-creating-a-secret_{context}"] = Creating a {RHSSO} connection secret + Use this procedure to create a connection secret for {RHSSO}. .Procedure diff --git a/downstream/archive/archived-modules/platform/proc-creating-controller-form-view.adoc b/downstream/archive/archived-modules/platform/proc-creating-controller-form-view.adoc index 171958c6d7..28fb282926 100644 --- a/downstream/archive/archived-modules/platform/proc-creating-controller-form-view.adoc +++ b/downstream/archive/archived-modules/platform/proc-creating-controller-form-view.adoc @@ -1,6 +1,7 @@ [id="proc_creating-controller-form-view_{context}"] = Creating your {ControllerName} form-view + Use this procedure to create your {ControllerName} using the form-view. .Procedure diff --git a/downstream/assemblies/platform/assembly-controller-projects.adoc b/downstream/assemblies/platform/assembly-controller-projects.adoc index 0f9879240f..e1821f526d 100644 --- a/downstream/assemblies/platform/assembly-controller-projects.adoc +++ b/downstream/assemblies/platform/assembly-controller-projects.adoc @@ -2,10 +2,12 @@ [id="controller-projects"] ifdef::controller-GS[] + = Managing projects endif::controller-GS[] ifdef::controller-UG[] + = Projects endif::controller-UG[] diff --git a/downstream/modules/aap-hardening/con-protect-sensitive-data-no-log.adoc b/downstream/modules/aap-hardening/con-protect-sensitive-data-no-log.adoc index 60924f07cd..9511168846 100644 --- a/downstream/modules/aap-hardening/con-protect-sensitive-data-no-log.adoc +++ b/downstream/modules/aap-hardening/con-protect-sensitive-data-no-log.adoc @@ -1,5 +1,6 @@ [id="con-protect-sensitive-data-no-log"] = Protecting sensitive data with no_log + If you save Ansible output to a log, you expose any secret data in your Ansible output, such as passwords and usernames. To keep sensitive values out of your logs, mark tasks that expose them with the `no_log: True` attribute. However, the `no_log` attribute does not affect debugging output, so be careful not to debug playbooks in a production environment. \ No newline at end of file diff --git a/downstream/modules/builder/con-galaxy-dependencies.adoc b/downstream/modules/builder/con-galaxy-dependencies.adoc index 31fc292fd5..ead5f912c3 100644 --- a/downstream/modules/builder/con-galaxy-dependencies.adoc +++ b/downstream/modules/builder/con-galaxy-dependencies.adoc @@ -1,6 +1,7 @@ [id="con-galaxy-dependencies"] = Galaxy + The `galaxy` entry points to a valid requirements file or includes inline content for the `ansible-galaxy collection install -r ...` command. The entry `requirements.yml` can be a relative path from the directory of the {ExecEnvNameSing} definition's folder, or an absolute path. diff --git a/downstream/modules/platform/con-controller-fips-support.adoc b/downstream/modules/platform/con-controller-fips-support.adoc index b1b0f29b7d..dd1533431c 100644 --- a/downstream/modules/platform/con-controller-fips-support.adoc +++ b/downstream/modules/platform/con-controller-fips-support.adoc @@ -3,4 +3,5 @@ [id="con-controller-fips-support_{context}"] = Support for deployment in a FIPS-enabled environment -{ControllerNameStart} deploys and runs in restricted modes such as FIPS. \ No newline at end of file + +{ControllerNameStart} deploys and runs in restricted modes such as FIPS \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-api.adoc b/downstream/modules/platform/con-controller-overview-api.adoc index 937d0566a1..f6a5a4ab04 100644 --- a/downstream/modules/platform/con-controller-overview-api.adoc +++ b/downstream/modules/platform/con-controller-overview-api.adoc @@ -3,4 +3,5 @@ [id="con-controller-overview-api_{context}"] = The ideal RESTful API + The {ControllerName} REST API is the ideal RESTful API for a systems management application, with all resources fully discoverable, paginated, searchable, and well modeled. A styled API browser enables API exploration from the API root at `\http:///api/`, showing off every resource and relation. Everything that can be done in the user interface can be done in the API. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-auth-enhance.adoc b/downstream/modules/platform/con-controller-overview-auth-enhance.adoc index 01ddb6591c..6d375bed65 100644 --- a/downstream/modules/platform/con-controller-overview-auth-enhance.adoc +++ b/downstream/modules/platform/con-controller-overview-auth-enhance.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-auth-enhance_{context}"] = Authentication enhancements + {ControllerNameStart} supports: * LDAP diff --git a/downstream/modules/platform/con-controller-overview-automation.adoc b/downstream/modules/platform/con-controller-overview-automation.adoc index 5000808269..8a045d9e27 100644 --- a/downstream/modules/platform/con-controller-overview-automation.adoc +++ b/downstream/modules/platform/con-controller-overview-automation.adoc @@ -3,5 +3,6 @@ [id="con-controller-overview-automation_{context}"] = "Push Button" automation + Use {ControllerName} to access your favorite projects and re-trigger execution from the web interface. {ControllerNameStart} asks for input variables, prompts for your credentials, starts and monitors jobs, and displays results and host history. diff --git a/downstream/modules/platform/con-controller-overview-backup-restore.adoc b/downstream/modules/platform/con-controller-overview-backup-restore.adoc index ccc3ab6ad0..60cac6e40d 100644 --- a/downstream/modules/platform/con-controller-overview-backup-restore.adoc +++ b/downstream/modules/platform/con-controller-overview-backup-restore.adoc @@ -3,4 +3,5 @@ [id="con-controller-overview-backup-restore_{context}"] = Backup and restore + {PlatformNameShort} can backup and restore your systems or systems, making it easy for you to backup and replicate your instance as required. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-cloud-autoscaling.adoc b/downstream/modules/platform/con-controller-overview-cloud-autoscaling.adoc index 72fb28c3c7..88edf3f021 100644 --- a/downstream/modules/platform/con-controller-overview-cloud-autoscaling.adoc +++ b/downstream/modules/platform/con-controller-overview-cloud-autoscaling.adoc @@ -4,6 +4,7 @@ = Cloud and autoscaling flexibility + {ControllerNameStart} includes a powerful optional provisioning callback feature that enables nodes to request configuration on-demand. This is an ideal solution for a cloud auto-scaling scenario and includes the following features: diff --git a/downstream/modules/platform/con-controller-overview-cluster-manage.adoc b/downstream/modules/platform/con-controller-overview-cluster-manage.adoc index 1a568d1070..fb5d764bac 100644 --- a/downstream/modules/platform/con-controller-overview-cluster-manage.adoc +++ b/downstream/modules/platform/con-controller-overview-cluster-manage.adoc @@ -3,4 +3,5 @@ [id="con-controller-overview-cluster-manage_{context}"] = Cluster management + Run time management of cluster groups enables configurable scaling. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-exploration.adoc b/downstream/modules/platform/con-controller-overview-exploration.adoc index 7cabc5ef0a..7f9aa66608 100644 --- a/downstream/modules/platform/con-controller-overview-exploration.adoc +++ b/downstream/modules/platform/con-controller-overview-exploration.adoc @@ -3,5 +3,6 @@ [id="con-controller-overview-exploration_{context}"] = Real-time playbook output and exploration + With {ControllerName} you can watch playbooks run in real time, seeing each host as they check in. You can go back and explore the results for specific tasks and hosts in great detail, search for specific plays or hosts and see just those results, or locate errors that need to be corrected. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-galaxy.adoc b/downstream/modules/platform/con-controller-overview-galaxy.adoc index 40bd64a9f8..9c98c925df 100644 --- a/downstream/modules/platform/con-controller-overview-galaxy.adoc +++ b/downstream/modules/platform/con-controller-overview-galaxy.adoc @@ -3,5 +3,6 @@ [id="con-controller-overview-galaxy_{context}"] = Ansible Galaxy integration + By including an {Galaxy} `requirements.yml` file in your project directory, {ControllerName} automatically fetches the roles your playbook needs from Galaxy, GitHub, or your local source control. For more information, see xref:ref-projects-galaxy-support[Ansible Galaxy Support]. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-host-limits.adoc b/downstream/modules/platform/con-controller-overview-host-limits.adoc index dd24dbc9fa..211d85c5da 100644 --- a/downstream/modules/platform/con-controller-overview-host-limits.adoc +++ b/downstream/modules/platform/con-controller-overview-host-limits.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-host-limits_{context}"] = Limit the number of hosts per organization + Many large organizations have instances shared among many organizations. To ensure that one organization cannot use all the licensed hosts, this feature enables superusers to set a specified upper limit on how many licensed hosts can that you can allocate to each organization. The {ControllerName} algorithm factors changes in the limit for an organization and the number of total hosts across all organizations. diff --git a/downstream/modules/platform/con-controller-overview-inventory-plugins.adoc b/downstream/modules/platform/con-controller-overview-inventory-plugins.adoc index dbb7c5c1a8..f5323ccbe7 100644 --- a/downstream/modules/platform/con-controller-overview-inventory-plugins.adoc +++ b/downstream/modules/platform/con-controller-overview-inventory-plugins.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-inventory-plugins_{context}"] = Inventory plugins + The following inventory plugins are used from upstream collections: * `amazon.aws.aws_ec2` diff --git a/downstream/modules/platform/con-controller-overview-notifiers.adoc b/downstream/modules/platform/con-controller-overview-notifiers.adoc index efc796449c..ad7d3fa47c 100644 --- a/downstream/modules/platform/con-controller-overview-notifiers.adoc +++ b/downstream/modules/platform/con-controller-overview-notifiers.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-notifiers_{context}"] = Integrated notifications + Keep track of the status of your automation. You can configure the following notifications: diff --git a/downstream/modules/platform/con-controller-overview-openstack.adoc b/downstream/modules/platform/con-controller-overview-openstack.adoc index 53a060e166..1bc49eb068 100644 --- a/downstream/modules/platform/con-controller-overview-openstack.adoc +++ b/downstream/modules/platform/con-controller-overview-openstack.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-openstack_{context}"] = Inventory support for OpenStack + Dynamic inventory support is available for OpenStack. With this you can target any of the virtual machines or images running in your OpenStack cloud. For more information, see xref:ref-controller-credential-openstack[OpenStack credential type]. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-rbac.adoc b/downstream/modules/platform/con-controller-overview-rbac.adoc index 0d9b878446..3186f2b2e0 100644 --- a/downstream/modules/platform/con-controller-overview-rbac.adoc +++ b/downstream/modules/platform/con-controller-overview-rbac.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-rbac_{context}"] = Simplified role-based access control and auditing + With {ControllerName} you can: * Grant permissions to perform a specific task to different teams or explicit users through _role-based access control_ (RBAC). diff --git a/downstream/modules/platform/con-controller-overview-remote-exec.adoc b/downstream/modules/platform/con-controller-overview-remote-exec.adoc index b18ca7cb6c..b6eb05a939 100644 --- a/downstream/modules/platform/con-controller-overview-remote-exec.adoc +++ b/downstream/modules/platform/con-controller-overview-remote-exec.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-remote-exec_{context}"] = Remote command execution + Use remote command execution to perform a simple task, such as adding a single user, updating a single security vulnerability, or restarting a failing service. Any task that you can describe as a single Ansible play can be run on a host or group of hosts in your inventory. You can manage your systems quickly and easily. diff --git a/downstream/modules/platform/con-controller-overview-secret-management.adoc b/downstream/modules/platform/con-controller-overview-secret-management.adoc index 8beb452ba6..71a7dabf80 100644 --- a/downstream/modules/platform/con-controller-overview-secret-management.adoc +++ b/downstream/modules/platform/con-controller-overview-secret-management.adoc @@ -3,4 +3,5 @@ [id="con-controller-overview-secret-management_{context}"] = Secret management system + With a secret management system, external credentials are stored and supplied for use in {ControllerName} so you need not provide them directly. diff --git a/downstream/modules/platform/con-controller-overview-tracking.adoc b/downstream/modules/platform/con-controller-overview-tracking.adoc index ea00ae49b1..4144066499 100644 --- a/downstream/modules/platform/con-controller-overview-tracking.adoc +++ b/downstream/modules/platform/con-controller-overview-tracking.adoc @@ -3,5 +3,6 @@ [id="con-controller-overview-tracking_{context}"] = System tracking + You can collect facts by using the fact caching feature. For more information, see xref:controller-fact-caching[Fact Caching]. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-virtual-envs.adoc b/downstream/modules/platform/con-controller-overview-virtual-envs.adoc index 56b452fa80..f1d87c154d 100644 --- a/downstream/modules/platform/con-controller-overview-virtual-envs.adoc +++ b/downstream/modules/platform/con-controller-overview-virtual-envs.adoc @@ -3,4 +3,5 @@ [id="con-controller-overview-virtual-envs_{context}"] = Custom Virtual Environments + With Custom Ansible environment support you can have different Ansible environments and specify custom paths for different teams and jobs. \ No newline at end of file diff --git a/downstream/modules/platform/con-controller-overview-workflow-enhancements.adoc b/downstream/modules/platform/con-controller-overview-workflow-enhancements.adoc index 13a58e91bd..03025538d1 100644 --- a/downstream/modules/platform/con-controller-overview-workflow-enhancements.adoc +++ b/downstream/modules/platform/con-controller-overview-workflow-enhancements.adoc @@ -3,6 +3,7 @@ [id="con-controller-overview-workflow-enhancements_{context}"] = Workflow enhancements + To model your complex provisioning, deployment, and orchestration workflows, you can use {ControllerName} expanded workflows in several ways: * *Inventory overrides for Workflows* You can override an inventory across a workflow at workflow definition time, or at launch time. diff --git a/downstream/modules/platform/con-gw-activity-stream.adoc b/downstream/modules/platform/con-gw-activity-stream.adoc index 2245e67a6d..6c16bf6b59 100644 --- a/downstream/modules/platform/con-gw-activity-stream.adoc +++ b/downstream/modules/platform/con-gw-activity-stream.adoc @@ -3,6 +3,7 @@ [id="con-gw-activity-stream"] = Activity stream + The {Gateway} includes an activity stream that captures changes to {Gateway} resources, such as the creation or modification of organizations, users, and service clusters, among others. For each change, the activity stream collects information about the time of the change, the user that initiated the change, the action performed, and the actual changes made to the object, when possible. The information gathered varies depending on the type of change. You can access the details captured by the activity stream from the API: diff --git a/downstream/modules/platform/proc-controller-proxy-settings.adoc b/downstream/modules/platform/proc-controller-proxy-settings.adoc index 6a3d665605..f3c2cd6c45 100644 --- a/downstream/modules/platform/proc-controller-proxy-settings.adoc +++ b/downstream/modules/platform/proc-controller-proxy-settings.adoc @@ -3,6 +3,7 @@ [id="proc-controller-proxy-settings"] = {ControllerNameStart} settings + After using the RPM installation program, you must configure {ControllerName} to use egress proxy. [NOTE] diff --git a/downstream/modules/platform/proc-deprovision-isolated-groups.adoc b/downstream/modules/platform/proc-deprovision-isolated-groups.adoc index 592d7fd30f..eb3493aaed 100644 --- a/downstream/modules/platform/proc-deprovision-isolated-groups.adoc +++ b/downstream/modules/platform/proc-deprovision-isolated-groups.adoc @@ -3,6 +3,7 @@ [id="proc-deprovision-isolated-groups"] = Deprovisioning isolated instance groups + You have the option to manually remove any isolated instance groups using the `awx-manage` deprovisioning utility. [WARNING] diff --git a/downstream/modules/platform/proc-deprovision-isolated-nodes.adoc b/downstream/modules/platform/proc-deprovision-isolated-nodes.adoc index 5dbccf4dd6..a0b401df2e 100644 --- a/downstream/modules/platform/proc-deprovision-isolated-nodes.adoc +++ b/downstream/modules/platform/proc-deprovision-isolated-nodes.adoc @@ -3,6 +3,7 @@ [id="proc-deprovision-isolated-nodes"] = Deprovisioning isolated nodes + You have the option to manually remove any isolated nodes using the `awx-manage` deprovisioning utility. [WARNING] diff --git a/downstream/modules/platform/proc-enable-proxy-support.adoc b/downstream/modules/platform/proc-enable-proxy-support.adoc index 86d7e87eb3..338bbad845 100644 --- a/downstream/modules/platform/proc-enable-proxy-support.adoc +++ b/downstream/modules/platform/proc-enable-proxy-support.adoc @@ -3,6 +3,7 @@ [id="proc-enable-proxy-support_{context}"] = Enabling proxy support through a load balancer + //FYI - In 2.5 EA, the System menu is specific to controller so do not change to AAP. A forward proxy deals with client traffic, regulating and securing it. To provide proxy server support, {ControllerName} handles proxied requests (such as ALB, NLB , HAProxy, Squid, Nginx and tinyproxy in front of {ControllerName}) using the *REMOTE_HOST_HEADERS* list variable in the {ControllerName} settings. By default, *REMOTE_HOST_HEADERS* is set to `["REMOTE_ADDR", "REMOTE_HOST"]`. diff --git a/downstream/modules/platform/proc-set-EDA-proxy.adoc b/downstream/modules/platform/proc-set-EDA-proxy.adoc index 3ff3255e95..695184390e 100644 --- a/downstream/modules/platform/proc-set-EDA-proxy.adoc +++ b/downstream/modules/platform/proc-set-EDA-proxy.adoc @@ -3,6 +3,7 @@ [id="proc-set-EDA-proxy"] = Configuring proxy settings on {EDAName} + For {EDAName}, there are no global settings to set a proxy. You must specify the proxy for every project. diff --git a/downstream/modules/platform/ref-automation-mesh-proxy.adoc b/downstream/modules/platform/ref-automation-mesh-proxy.adoc index 152021bb4c..02ca397bf1 100644 --- a/downstream/modules/platform/ref-automation-mesh-proxy.adoc +++ b/downstream/modules/platform/ref-automation-mesh-proxy.adoc @@ -3,7 +3,16 @@ [id="ref-automation-mesh-proxy"] = Configuring proxy settings for {AutomationMesh} +<<<<<<< HEAD You can route outbound communication from the receptor on an {AutomatioinMesh} node through a proxy server. +======= +<<<<<<< HEAD +You can route outbound communication from the receptor on an {AutomationMesh} node through a proxy server. +======= + +You can route outbound communication from the receptor on an {AutomatioinMesh} node through a proxy server. +>>>>>>> 5b13ebf5 (AAP-51371 DITA AuthorLine Updates. (#4084)) +>>>>>>> 936077c8 (AAP-51371 DITA AuthorLine Updates. (#4084)) If your proxy does not strip out TLS certificates then an installation of {PlatformNameShort} automatically supports the use of a proxy server. Every node on the mesh must have a Certifying Authority that the installer creates on your behalf. diff --git a/downstream/modules/platform/ref-deprovisioning.adoc b/downstream/modules/platform/ref-deprovisioning.adoc index e6db948a1d..35b2ac9d92 100644 --- a/downstream/modules/platform/ref-deprovisioning.adoc +++ b/downstream/modules/platform/ref-deprovisioning.adoc @@ -3,6 +3,7 @@ [id="ref-deprovisioning"] = Deprovisioning nodes or groups + You can deprovision nodes and instance groups using the {PlatformNameShort} installer. Running the installer will remove all configuration files and logs attached to the nodes in the group. diff --git a/downstream/modules/platform/ref-renewal-guidance.adoc b/downstream/modules/platform/ref-renewal-guidance.adoc index 82cfc7cf07..3de0ee8811 100644 --- a/downstream/modules/platform/ref-renewal-guidance.adoc +++ b/downstream/modules/platform/ref-renewal-guidance.adoc @@ -3,6 +3,7 @@ [id="ref-renewal-guidance"] = `RENEWAL_GUIDANCE` + The `RENEWAL_GUIDANCE` report provides historical usage from the HostMetric table, applying deduplication and showing real historical usage for renewal guidance purposes. To generate this report, set the report type to diff --git a/downstream/modules/platform/ref-report-types.adoc b/downstream/modules/platform/ref-report-types.adoc index f7aae82afe..b20ad7132a 100644 --- a/downstream/modules/platform/ref-report-types.adoc +++ b/downstream/modules/platform/ref-report-types.adoc @@ -3,6 +3,7 @@ [id="ref-report-types"] = Report types + This section provides additional configurations for data gathering and report building based on a report type. Apply the environment variables to each report type based on your {PlatformNameShort} installation. //// diff --git a/downstream/modules/platform/ref-system-proxy-config.adoc b/downstream/modules/platform/ref-system-proxy-config.adoc index 7d399ae3b3..fec3776322 100644 --- a/downstream/modules/platform/ref-system-proxy-config.adoc +++ b/downstream/modules/platform/ref-system-proxy-config.adoc @@ -3,6 +3,7 @@ [id="ref-system-proxy-config"] = System proxy configuration + The outbound proxy is configured on the system level for all the nodes in the control plane. The following environment variables must be set: diff --git a/downstream/modules/platform/ref_proxy-backends.adoc b/downstream/modules/platform/ref_proxy-backends.adoc index a1b6c47361..7a11f6e0db 100644 --- a/downstream/modules/platform/ref_proxy-backends.adoc +++ b/downstream/modules/platform/ref_proxy-backends.adoc @@ -3,6 +3,7 @@ [id="ref_proxy-backends"] = Proxy backends + For HTTP and HTTPS proxies you can use a squid server. Squid is a forward proxy for the Web supporting HTTP, HTTPS, and FTP, reducing bandwidth and improving response times by caching and reusing frequently-requested web pages. It is licensed under the GNU GPL. diff --git a/downstream/modules/playbooks/proc-starting-automation.adoc b/downstream/modules/playbooks/proc-starting-automation.adoc index 24e22c9a19..ea1f4c5d7a 100644 --- a/downstream/modules/playbooks/proc-starting-automation.adoc +++ b/downstream/modules/playbooks/proc-starting-automation.adoc @@ -1,6 +1,7 @@ [id="proc-starting-automation"] = Starting automation with Ansible + Get started with Ansible by creating an automation project, building an inventory, and creating a `Hello World` playbook. .Prerequisites diff --git a/downstream/modules/playbooks/ref-create-variables.adoc b/downstream/modules/playbooks/ref-create-variables.adoc index 15d9d514a4..b2f85edf3d 100644 --- a/downstream/modules/playbooks/ref-create-variables.adoc +++ b/downstream/modules/playbooks/ref-create-variables.adoc @@ -1,6 +1,7 @@ [id="ref-create-variables"] = Create variables + Variables set values for managed nodes, such as the IP address, FQDN, operating system, and SSH user, so you do not need to pass them when running Ansible commands. Variables can apply to specific hosts. diff --git a/downstream/modules/playbooks/ref-run-network-command.adoc b/downstream/modules/playbooks/ref-run-network-command.adoc index e6f43ed122..aa8130f183 100644 --- a/downstream/modules/playbooks/ref-run-network-command.adoc +++ b/downstream/modules/playbooks/ref-run-network-command.adoc @@ -1,6 +1,7 @@ [id="ref-run-network-command"] = Run a network Ansible command + Instead of manually connecting and running a command on the network device, you can retrieve its configuration with a single Ansible command. ---- diff --git a/downstream/modules/playbooks/ref-use-meta-groups.adoc b/downstream/modules/playbooks/ref-use-meta-groups.adoc index 0338fec612..2294a0bde8 100644 --- a/downstream/modules/playbooks/ref-use-meta-groups.adoc +++ b/downstream/modules/playbooks/ref-use-meta-groups.adoc @@ -1,6 +1,7 @@ [id="ref-use-meta-groups"] = Use metagroups + Create a metagroup that organizes multiple groups in your inventory with the following syntax: ---- From 5bace59831755c3043d45e6cf02e55f26cf42f44 Mon Sep 17 00:00:00 2001 From: Jonquil Date: Tue, 19 Aug 2025 13:32:15 -0400 Subject: [PATCH 63/71] CCSTOOLS-1519: DITA pre-migration tasks: Legal and Common Content (#4091) (#4093) * Completed tasks for DITA pre-migration * Fixed link formatting --- downstream/aap-common/apache-2.0-license.adoc | 2 +- .../aap-common/assembly-aap-common.adoc | 2 + downstream/aap-common/gplv3-license-text.adoc | 54 +++++++++---------- 3 files changed, 29 insertions(+), 29 deletions(-) diff --git a/downstream/aap-common/apache-2.0-license.adoc b/downstream/aap-common/apache-2.0-license.adoc index ee991a7b92..58c9198756 100644 --- a/downstream/aap-common/apache-2.0-license.adoc +++ b/downstream/aap-common/apache-2.0-license.adoc @@ -4,7 +4,7 @@ = Open Source license -.Apache license +*Apache license* Version 2.0, January 2004 diff --git a/downstream/aap-common/assembly-aap-common.adoc b/downstream/aap-common/assembly-aap-common.adoc index 3f3f998b4f..90612da64a 100644 --- a/downstream/aap-common/assembly-aap-common.adoc +++ b/downstream/aap-common/assembly-aap-common.adoc @@ -1,3 +1,5 @@ +:_mod-docs-content-type: ASSEMBLY + ifdef::context[:parent-context: {context}] [preface] [id='ansible-automation-platform'] diff --git a/downstream/aap-common/gplv3-license-text.adoc b/downstream/aap-common/gplv3-license-text.adoc index eedc09a976..7fd30c18e0 100644 --- a/downstream/aap-common/gplv3-license-text.adoc +++ b/downstream/aap-common/gplv3-license-text.adoc @@ -4,16 +4,15 @@ = Open Source license -.GNU GENERAL PUBLIC LICENSE +*GNU GENERAL PUBLIC LICENSE* Version 3, 29 June 2007 -Copyright © 2007 Free Software Foundation, Inc.<> +Copyright © 2007 Free Software Foundation, Inc. link:https://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. -[discrete] -==== Preamble +*Preamble* The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. @@ -34,10 +33,9 @@ Finally, every program is threatened constantly by software patents. States shou The precise terms and conditions for copying, distribution and modification follow. -[discrete] -==== TERMS AND CONDITIONS +*TERMS AND CONDITIONS* -.0. Definitions. +*0. Definitions.* “This License” refers to version 3 of the GNU General Public License. “Copyright” also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. @@ -54,7 +52,7 @@ To “convey” a work means any kind of propagation that enables other parties An interactive user interface displays “Appropriate Legal Notices” to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. -.1. Source Code. +*1. Source Code.* The “source code” for a work means the preferred form of the work for making modifications to it. “Object code” means any non-source form of a work. A “Standard Interface” means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. @@ -67,24 +65,24 @@ The Corresponding Source need not include anything that users can regenerate aut The Corresponding Source for a work in source code form is that same work. -.2. Basic Permissions. +*2. Basic Permissions.* All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. -.3. Protecting Users' Legal Rights From Anti-Circumvention Law. +*3. Protecting Users' Legal Rights From Anti-Circumvention Law.* No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. -.4. Conveying Verbatim Copies. +*4. Conveying Verbatim Copies.* You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. -.5. Conveying Modified Source Versions. +*5. Conveying Modified Source Versions.* You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: * a) The work must carry prominent notices stating that you modified it, and giving a relevant date. @@ -93,7 +91,7 @@ You may convey a work based on the Program, or the modifications to produce it f * d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. -.6. Conveying Non-Source Forms. +*6. Conveying Non-Source Forms.* You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: * a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. @@ -114,7 +112,7 @@ The requirement to provide Installation Information does not include a requireme Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. -.7. Additional Terms. +*7. Additional Terms.* “Additional permissions” are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. @@ -134,7 +132,7 @@ If you add terms to a covered work in accord with this section, you must place, Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. -.8. Termination. +*8. Termination.* You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. @@ -143,17 +141,17 @@ Moreover, your license from a particular copyright holder is reinstated permanen Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. -.9. Acceptance Not Required for Having Copies. +*9. Acceptance Not Required for Having Copies.* You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. -.10. Automatic Licensing of Downstream Recipients. +*10. Automatic Licensing of Downstream Recipients.* Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An “entity transaction” is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. -.11. Patents. +*11. Patents.* A “contributor” is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's “contributor version”. A contributor's “essential patent claims” are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, “control” includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. @@ -170,13 +168,13 @@ A patent license is “discriminatory” if it does not include within the scope Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. -.12. No Surrender of Others' Freedom. +*12. No Surrender of Others' Freedom.* If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. -.13. Use with the GNU Affero General Public License. +*13. Use with the GNU Affero General Public License.* Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. -.14. Revised Versions of this License. +*14. Revised Versions of this License.* The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License “or any later version” applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. @@ -185,18 +183,18 @@ If the Program specifies that a proxy can decide which future versions of the GN Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. -.15. Disclaimer of Warranty. +*15. Disclaimer of Warranty.* THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. -.16. Limitation of Liability. +*16. Limitation of Liability.* IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. -.17. Interpretation of Sections 15 and 16. +*17. Interpretation of Sections 15 and 16.* If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS -[discrete] -==== How to Apply These Terms to Your New Programs + +*How to Apply These Terms to Your New Programs* If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found. @@ -228,7 +226,7 @@ If the program does terminal interaction, make it output a short notice like thi ---- The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an “about box”. -You should also get your employer (if you work as a programmer) or school, if any, to sign a “copyright disclaimer” for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see <>. +You should also get your employer (if you work as a programmer) or school, if any, to sign a “copyright disclaimer” for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see link:https://www.gnu.org/licenses/. -The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read <>. +The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read link:https://www.gnu.org/licenses/why-not-lgpl.html. From ae2b21cc1dd72de145f1e722cfe46a8268900fef Mon Sep 17 00:00:00 2001 From: Ian Fowler <77341519+ianf77@users.noreply.github.com> Date: Wed, 20 Aug 2025 12:27:52 +0100 Subject: [PATCH 64/71] Changes to system and gateway settings (#4086) (#4095) * Changes to system and gateway settings Changes to system settings [Docs] Document CSRF Trusted Origins feature and how to configure vanity URL in AAP https://issues.redhat.com/browse/AAP-47498 * Changes to system and gateway settings More changes to gateway settings [Docs] Document CSRF Trusted Origins feature and how to configure vanity URL in AAP https://issues.redhat.com/browse/AAP-47498 * Changes to system and gateway settings Correction [Docs] Document CSRF Trusted Origins feature and how to configure vanity URL in AAP https://issues.redhat.com/browse/AAP-47498 * Changes to system and gateway settings Corrections and fix xrefs [Docs] Document CSRF Trusted Origins feature and how to configure vanity URL in AAP https://issues.redhat.com/browse/AAP-47498 * Changes to system and gateway settings Correction [Docs] Document CSRF Trusted Origins feature and how to configure vanity URL in AAP https://issues.redhat.com/browse/AAP-47498 --- .../assembly-ag-controller-config.adoc | 2 ++ .../platform/assembly-gw-settings.adoc | 9 ++++-- .../proc-controller-configure-system.adoc | 28 +++++++++++++------ .../proc-controller-set-up-azure.adoc | 2 +- .../proc-gw-define-rules-triggers.adoc | 4 +-- .../proc-gw-settings-insights-settings.adoc | 19 +++++++++++++ .../proc-settings-gw-additional-options.adoc | 7 +++-- .../proc-settings-gw-authentication.adoc | 16 +++++++++++ .../proc-settings-gw-security-options.adoc | 18 ++++++------ 9 files changed, 79 insertions(+), 26 deletions(-) create mode 100644 downstream/modules/platform/proc-gw-settings-insights-settings.adoc create mode 100644 downstream/modules/platform/proc-settings-gw-authentication.adoc diff --git a/downstream/assemblies/platform/assembly-ag-controller-config.adoc b/downstream/assemblies/platform/assembly-ag-controller-config.adoc index 53d8685613..3139900ef8 100644 --- a/downstream/assemblies/platform/assembly-ag-controller-config.adoc +++ b/downstream/assemblies/platform/assembly-ag-controller-config.adoc @@ -34,3 +34,5 @@ include::platform/con-controller-additional-settings.adoc[leveloffset=+1] //include::platform/proc-controller-obtaining-subscriptions.adoc[leveloffset=+1] //include::platform/con-controller-keep-subscription-in-compliance.adoc[leveloffset=+2] //include::platform/con-controller-host-metric-utilities.adoc[leveloffset=+2] + +include::platform/proc-settings-troubleshooting.adoc[leveloffset=+1] \ No newline at end of file diff --git a/downstream/assemblies/platform/assembly-gw-settings.adoc b/downstream/assemblies/platform/assembly-gw-settings.adoc index ae6f41c214..77f32a056b 100644 --- a/downstream/assemblies/platform/assembly-gw-settings.adoc +++ b/downstream/assemblies/platform/assembly-gw-settings.adoc @@ -26,10 +26,13 @@ include::platform/proc-settings-gw-session-options.adoc[leveloffset=+2] include::platform/proc-settings-gw-password-security.adoc[leveloffset=+2] -include::platform/proc-settings-gw-custom-login.adoc[leveloffset=+2] +//Not included at 2.6 +//include::platform/proc-settings-gw-custom-login.adoc[leveloffset=+2] include::platform/proc-settings-gw-additional-options.adoc[leveloffset=+2] -include::platform/proc-settings-user-preferences.adoc[leveloffset=+1] +include::platform/proc-settings-gw-authentication.adoc[leveloffset=+2] + +include::platform/proc-gw-settings-insights-settings.adoc[leveloffset=+2] -include::platform/proc-settings-troubleshooting.adoc[leveloffset=+1] +include::platform/proc-settings-user-preferences.adoc[leveloffset=+1] diff --git a/downstream/modules/platform/proc-controller-configure-system.adoc b/downstream/modules/platform/proc-controller-configure-system.adoc index 508f4b594a..bfe4eb9019 100644 --- a/downstream/modules/platform/proc-controller-configure-system.adoc +++ b/downstream/modules/platform/proc-controller-configure-system.adoc @@ -21,25 +21,30 @@ The *System Settings* page is displayed. * *Proxy IP allowed list*: If the service is behind a reverse proxy or load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom `REMOTE_HOST_HEADERS` header values. + If this setting is an empty list (the default), the headers specified by `REMOTE_HOST_HEADERS` are trusted unconditionally. -* *CSRF Trusted Origins List*: If the service is behind a reverse proxy or load balancer, use this setting to configure the `schema://addresses` from which the service should trust Origin header values. -* *Red Hat customer username*: This username is used to send data to Automation Analytics. -* *Red Hat customer password*: This password is used to send data to Automation Analytics. -* *Red Hat or Satellite username*: This username is used to send data to Automation Analytics. -* *Red Hat or Satellite password*: This password is used to send data to Automation Analytics. +* *Red Hat Client ID for anaytics* Client ID used to send data to {Analytics}. +* *Red Hat Client Secret for analytics* Client secret used to send data to {Analytics}. +* *Red Hat Client ID for subscriptions* Client ID used to retrieve subscription and content information. +* *Red Hat Client Secret for Subsciptions* Client secret used to retrieve subscription and content information +//* *CSRF Trusted Origins List*: If the service is behind a reverse proxy or load balancer, use this setting to configure the `schema://addresses` from which the service should trust Origin header values. +//* *Red Hat customer username*: This username is used to send data to Automation Analytics. +//* *Red Hat customer password*: This password is used to send data to Automation Analytics. +//* *Red Hat or Satellite username*: This username is used to send data to Automation Analytics. +//* *Red Hat or Satellite password*: This password is used to send data to Automation Analytics. * *Global default {ExecEnvShort}*: The {ExecEnvShort} to be used when one has not been configured for a job template. * *Custom virtual environment paths*: Paths where {ControllerName} looks for custom virtual environments. + Enter one path per line. + -* *Last gather date for Automation Analytics*: Set the date and time. +//* *Last gather date for Automation Analytics*: Set the date and time. //This field has been removed by https://github.com/ansible/awx/pull/15497 +//Aparently inclusion in the editable fields is a bug. //* *Last gathered entries from the data collection service of {Analytics}*: Do not enter anything in this field. * *{Analytics} Gather Interval*: Interval (in seconds) between data gathering. + If *Gather data for {Analytics}* is set to false, this value is ignored. + -* *Last cleanup date for HostMetrics*: Set the date and time. -* *Last computing date of HostMetricSummaryMonthly*: Set the date and time. +//* *Last cleanup date for HostMetrics*: Set the date and time. +//* *Last computing date of HostMetricSummaryMonthly*: Set the date and time. * *Remote Host Headers*: HTTP headers and meta keys to search to decide remote hostname or IP. Add additional items to this list, such as `HTTP_X_FORWARDED_FOR`, if behind a reverse proxy. For more information, see link:{URLAAPOperationsGuide}/assembly-configuring-proxy-support[Configuring proxy support for {PlatformName}]. @@ -49,10 +54,15 @@ This setting is used to configure the upload URL for data collection for Automat + You can select the following options: + +** No subscription: Deletion of host_metrics will not be considered for purposes of managed host counting. +** Usage based on unique managed nodes ina large hostorical time frame and delete functionality for no longer used managed nodes. + +. You can set the following options: ++ * *Enable Activity Stream*: Set to enable capturing activity for the activity stream. * *Enable Activity Stream for Inventory Sync*: Set to enable capturing activity for the activity stream when running inventory sync. * *All Users Visible to Organization Admins*: Set to control whether any organization administrator can view all users and teams, even those not associated with their organization. -* *Organization Admins Can Manage Users and Teams*: Set to control whether any organization administrator has the privileges to create and manage users and teams. +* *Organization Admins Can Manage Users and Teams*: Set to control whether an organization administrator has the privileges to create and manage users and teams. + You might want to disable this ability if you are using an LDAP or SAML integration. * *Gather data for Automation Analytics*: Set to enable the service to gather data on automation and send it to {Analytics}. diff --git a/downstream/modules/platform/proc-controller-set-up-azure.adoc b/downstream/modules/platform/proc-controller-set-up-azure.adoc index f7f64c8e54..f70484368a 100644 --- a/downstream/modules/platform/proc-controller-set-up-azure.adoc +++ b/downstream/modules/platform/proc-controller-set-up-azure.adoc @@ -96,7 +96,7 @@ Once the application is registered, Azure displays the Application ID and Object Following Azure AD's documentation for connecting your app to {Azure} Active Directory, supply the key (shown at one time only) to the client for authentication. + . Copy and paste the secret key created for your Azure AD application to the *Azure AD OAuth2 Secret* field of the Settings - Authentication screen. -. For more information on completing the Azure AD OAuth2 Organization Map and Azure AD OAuth2 Team Map fields, see xref:ref-controller-organization-mapping[Organization mapping] and xref:ref-controller-team-mapping[Team mapping]. +. For more information on completing the Azure AD OAuth2 Organization Map and Azure AD OAuth2 Team Map fields, see xref:proc-controller-organization-mapping[Organization mapping] and xref:proc-controller-team-mapping[Team mapping]. . Click btn:[Save]. .Verification diff --git a/downstream/modules/platform/proc-gw-define-rules-triggers.adoc b/downstream/modules/platform/proc-gw-define-rules-triggers.adoc index 60bcefc454..826178fa8a 100644 --- a/downstream/modules/platform/proc-gw-define-rules-triggers.adoc +++ b/downstream/modules/platform/proc-gw-define-rules-triggers.adoc @@ -15,8 +15,8 @@ Authentication map types can be used with any type of authenticator. Each map ha . Select a map type from the *Authentication mapping* list. See xref:gw-authenticator-map-types[Authenticator map types] for detailed descriptions of the different map types. Choices include: + * xref:gw-allow-mapping[Allow] -* xref:ref-controller-organization-mapping[Organization] -* xref:ref-controller-team-mapping[Team] +* xref:proc-controller-organization-mapping[Organization] +* xref:proc-controller-team-mapping[Team] * xref:gw-role-mapping[Role] * xref:gw-superuser-mapping[Is Superuser] + diff --git a/downstream/modules/platform/proc-gw-settings-insights-settings.adoc b/downstream/modules/platform/proc-gw-settings-insights-settings.adoc new file mode 100644 index 0000000000..71eef01e10 --- /dev/null +++ b/downstream/modules/platform/proc-gw-settings-insights-settings.adoc @@ -0,0 +1,19 @@ +[id="proc-gw-settings-insights-settings"] + += = Configuring miscellaneous options + +From the {Gateway} settings page, you can configure options for Insights, subscriptions and notifications. + +.Procedure +. From the navigation panel, select {MenuSetGateway}. +. The *{GatewayStart} settings* page is displayed. +. To configure the options, click btn:[Edit {Gateway} settings]. +. You can configure the following options: + +* *Insights tracking state*: Enables the service to gather data on automation and send it to {Analytics}. +* *Red Hat console URL*: This setting is used to to configure the upload URL for data collection for Automation Analytics. +* *Red Hat password*: This password is used to send data to {Analytics}. +* *Subscriptions password*: This password is used to retrieve subscription and content information. +* *Automation analytics gather interval*: The maximum number of items allowed on a list page. +* *Notification rss feed url*: URL for RSS feeds from which to load user notifications. +* *Notifications rss feed enabled*: Enable or disable user notifications \ No newline at end of file diff --git a/downstream/modules/platform/proc-settings-gw-additional-options.adoc b/downstream/modules/platform/proc-settings-gw-additional-options.adoc index 3923df9b52..8fc50016ff 100644 --- a/downstream/modules/platform/proc-settings-gw-additional-options.adoc +++ b/downstream/modules/platform/proc-settings-gw-additional-options.adoc @@ -27,10 +27,11 @@ This setting defaults to 2 seconds. If you have a large latency between {Gateway} and your services and observe 401 responses you must increase this setting to lower the number of 401 responses. * *Status endpoint backend timeout seconds*: Timeout (in seconds) for the status endpoint to wait when trying to connect to a backend. * *Status endpoint backend verify*: Specifies whether SSL certificates of the services are verified when calling individual nodes for statuses. +* *Resource client request timeout*: The timeout (in seconds) before the resource client will drop requests after forming connections. * *Request timeout*: Specifies, in seconds, the length of time before the proxy will report a timeout and generate a 504. -* *Allow external users to create OAuth2 tokens *: For security reasons, users from external authentication providers, such as LDAP, SAML, SSO, Radius, and others, are not allowed to create OAuth2 tokens. -To change this behavior, enable this setting. -Existing tokens are not deleted when this setting is turned off. +* *Stream idle timeout*: Timeout in seconds for idle streaming connections, for example, for the {PlatformNameShort} Lightspeed chatbot. Stream is closed if no data is transmitted within this period. +* *Max stream duration*: Maximum total duration in seconds for streaming connections, for example, for the {PlatformNameShort} Lightspeed chatbot. Stream is closed after this time regardless of activity. +* *Aap deployment type*: The deployment type for this AAP instance. + . Click btn:[Save {Gateway} settings] to save the changes or proceed to configure the other platform options available. diff --git a/downstream/modules/platform/proc-settings-gw-authentication.adoc b/downstream/modules/platform/proc-settings-gw-authentication.adoc new file mode 100644 index 0000000000..44ad6b7433 --- /dev/null +++ b/downstream/modules/platform/proc-settings-gw-authentication.adoc @@ -0,0 +1,16 @@ +[id="proc-settings-gw-authentication"] + += Enabling OAuth2 token creation for external users + +To enable external users to create OAuth2 tokens, change the appropriate setting in your {PlatformNameShort} environment. Ensure the implementation of compensating security controls after enabling this setting. + +.Procedure + +. From the navigation panel, go to {MenuSetGateway}. +. Click btn:[Edit platform gateway settings]. +. Change the *Allow external users to create OAuth2 tokens* setting to *Enabled*. +. Click btn:[Save platform gateway settings]. + +.Next steps + +Implement the recommended security controls as described in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/access_management_and_authentication/gw-token-based-authentication#gw-oauth2-security-controls[Implementing security controls for external user OAuth2 tokens]. \ No newline at end of file diff --git a/downstream/modules/platform/proc-settings-gw-security-options.adoc b/downstream/modules/platform/proc-settings-gw-security-options.adoc index 847743508e..b38d58b39e 100644 --- a/downstream/modules/platform/proc-settings-gw-security-options.adoc +++ b/downstream/modules/platform/proc-settings-gw-security-options.adoc @@ -14,23 +14,17 @@ From the *{GatewayStart} settings* page, you can configure platform security set . To configure the options, click btn:[Edit]. . You can configure the following *Security* settings: + -* *Allow admin to set insecure*: Whether a superuser account can save an insecure password when editing any local user account. +* *Allow system administrators to set insecure user passwords*: Whether a superuser account can save an insecure password when editing any local user account. * *Gateway basic auth enabled*: Enable basic authentication to the {Gateway} API. + Turning this off prevents all basic authentication (local users), so customers need to make sure they have their alternative authentication mechanisms correctly configured before doing so. + Turning it off with only local authentication configured also prevents all access to the UI. + -*Social auth username is full email*: Enabling this setting alerts social authentication to use the full email as username instead of the full name. -+ *Gateway token name*: The header name to push from the proxy to the backend service. + -[WARNING] -==== -If this name is changed, backends must be updated to compensate. -==== -+ * *Gateway access token expiration*: How long the access tokens are valid for. ++ * *Jwt private key*: The private key used to encrypt the JWT tokens sent to backend services. + This should be a private RSA key and one should be generated automatically on installation. @@ -49,4 +43,12 @@ This should be a private RSA key and one should be generated automatically on in See other services' documentation on how they consume this key. ==== + +[WARNING] +==== +If this name is changed, backends must be updated to compensate. +==== ++ +*Social auth username is full email*: Enabling this setting alerts social authentication to use the full email as username instead of the full name. ++ +* *Csrf trusted origins*: If the service is behind a reverse proxy or load balancer, use this setting to configure the `schema://addresses` from which the service should trust Origin header values. . Click btn:[Save changes] to save the changes or proceed to configure the other platform options available. \ No newline at end of file From 4ac2b64644b91b0693683a0b3c6cd56f666c0cd7 Mon Sep 17 00:00:00 2001 From: Robert Grange <95885266+rogrange@users.noreply.github.com> Date: Wed, 20 Aug 2025 11:38:16 -0400 Subject: [PATCH 65/71] Clarified AAP-42781, AAP-40798 with updates from dev (#4096) (#4097) --- downstream/titles/release-notes/async/aap-25-20250409.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/downstream/titles/release-notes/async/aap-25-20250409.adoc b/downstream/titles/release-notes/async/aap-25-20250409.adoc index e028310664..80ceed8dec 100644 --- a/downstream/titles/release-notes/async/aap-25-20250409.adoc +++ b/downstream/titles/release-notes/async/aap-25-20250409.adoc @@ -62,11 +62,11 @@ With this update, the following CVEs have been addressed: === Container based {PlatformNameShort} -* Fixed an issue where backup and restore jobs would fail to restore on `CONT` jobs. Implemented validation and cleanup for service nodes on a restore to a new cluster.(AAP-42781) +* Fixed an issue where the restore to a new node would fail. Implemented validation and cleanup for service nodes on a restore to a new cluster.(AAP-42781) * Fixed an issue where podman logs did not show any log messages if the user was not part of the local *administrator* or `systemd-journal` group.(AAP-42755) -* Fixed an issue where the {PlatformNameShort} 2.5 containerized installer was unable to read custom configurations.(AAP-40798) +* Fixed an issue where the containerized installer was unable to apply extra settings for {ControllerName}, {EDAName}, {Gateway}, and {HubName}.(AAP-40798) * Fixed an issue where a remote user was not part of the `systemd-journal` group and could not access container logs.(AAP-42755) From 15b2a7c63bc451d9da7f0b0f8189d7a107a0ee61 Mon Sep 17 00:00:00 2001 From: Hala Date: Thu, 21 Aug 2025 15:01:00 -0500 Subject: [PATCH 66/71] minor formatting update to fix a heading (#4103) (#4105) --- .../troubleshooting-aap/assembly-troubleshoot-jobs.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc index 8947d85b74..17c9824c9d 100644 --- a/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc +++ b/downstream/assemblies/troubleshooting-aap/assembly-troubleshoot-jobs.adoc @@ -11,6 +11,7 @@ Troubleshoot issues with jobs. // include::troubleshooting-aap/proc-troubleshoot-job-localhost.adoc[leveloffset=+1] include::troubleshooting-aap/proc-troubleshoot-job-resolve-module.adoc[leveloffset=+1] + include::troubleshooting-aap/proc-troubleshoot-job-timeout.adoc[leveloffset=+1] include::troubleshooting-aap/proc-troubleshoot-job-pending.adoc[leveloffset=+1] From 51f6f9b39a81e4ad4d0fff4afacbc2ab17737926 Mon Sep 17 00:00:00 2001 From: Jameria Self <73364088+jself-sudoku@users.noreply.github.com> Date: Thu, 21 Aug 2025 16:08:52 -0400 Subject: [PATCH 67/71] AAP-46850 Document external credential support in EDA (#4099) (#4106) * AAP-46850 Document external credential support in EDA * AAP-46850 Minor fixes for peer review * AAP-46850 Fixed title in last link in external credentials module * AAP-46850 Fixed title in last link in external credentials module --- .../eda/assembly-eda-credential-types.adoc | 8 ++++--- .../eda/con-external-credential-types.adoc | 24 +++++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 downstream/modules/eda/con-external-credential-types.adoc diff --git a/downstream/assemblies/eda/assembly-eda-credential-types.adoc b/downstream/assemblies/eda/assembly-eda-credential-types.adoc index cff423bab3..de9bdd5aea 100644 --- a/downstream/assemblies/eda/assembly-eda-credential-types.adoc +++ b/downstream/assemblies/eda/assembly-eda-credential-types.adoc @@ -3,13 +3,15 @@ = Credential types -{EDAcontroller} comes with several built-in credental types that you can use for syncing projects, running rulebook activations, executing job templates through {MenuTopAE} ({ControllerName}), fetching images from container registries, and processing data through event streams. +{EDAcontroller} comes with several built-in credential types that you can use for syncing projects, running rulebook activations, executing job templates through {MenuTopAE} ({ControllerName}), fetching images from container registries, and processing data through event streams. -These built-in credential types are not editable. So if you want credential types that support authentication with other systems, you can create your own credential types that can be used in your source plugins. Each credential type contains an input configuration and an injector configuration that can be passed to an Ansible rulebook to configure your sources. +These built-in credential types are not editable. So if you want credential types that support authentication with other systems, you can create your own credential types that can be used in your source plugins. Each credential type contains an input configuration and an injector configuration that can be passed to an Ansible rulebook to configure your sources. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credential-types#eda-custom-credential-types[Custom credential types]. -For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credential-types#eda-custom-credential-types[Custom credential types]. +If you will be executing job templates through {ControllerName}, you can retrieve credential values from external secret management systems listed in link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/using_automation_decisions/eda-credential-types#eda-external-credential-types[External secret management credential types]. +include::eda/con-external-credential-types.adoc[leveloffset=+1] + include::eda/con-custom-credential-types.adoc[leveloffset=+1] include::eda/con-credential-types-input-config.adoc[leveloffset=+2] diff --git a/downstream/modules/eda/con-external-credential-types.adoc b/downstream/modules/eda/con-external-credential-types.adoc new file mode 100644 index 0000000000..14483fe721 --- /dev/null +++ b/downstream/modules/eda/con-external-credential-types.adoc @@ -0,0 +1,24 @@ +:_mod-docs-content-type: +[id="eda-external-credential-types"] + += External secret management credential types + +In addition to the built-in credential types, {EDAName} supports a variety of external secret management credential types. These credential types allow rulebooks to securely retrieve sensitive information, such as API keys and passwords, directly from your organization's centralized secret vault. + +The following external credential types are available for use in {EDAcontroller}: + +* AWS Secrets Manager +* Azure Key Vault +* Centrify Vault Credential Provider +* CyberArk Central Credential Provider +* CyberArk Conjur Secrets Manager +* HashiCorp Vault Secret +* HashiCorp Vault Signed SSH +* Thycotic DevOps Secrets Vault +* Thycotic Secret Server +* GitHub App Installation Access Token + +The process for using these credentials in a rulebook activation is consistent with how they are used in {ControllerName}. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/configuring_automation_execution/assembly-controller-secret-management[Secret management system]. + +.Additional references +* link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/configuring_automation_execution/index[Configuring automation execution] \ No newline at end of file From cb69a786041f2998c67f6e9cd322c60a8ce237d3 Mon Sep 17 00:00:00 2001 From: g-murray <147741787+g-murray@users.noreply.github.com> Date: Mon, 25 Aug 2025 09:19:02 +0100 Subject: [PATCH 68/71] AAP-51877 edits to Hub variables and backup sections (#4101) (#4108) --- .../platform/proc-backup-aap-container.adoc | 14 ++++++++++++++ downstream/modules/platform/ref-hub-variables.adoc | 6 ++++++ 2 files changed, 20 insertions(+) diff --git a/downstream/modules/platform/proc-backup-aap-container.adoc b/downstream/modules/platform/proc-backup-aap-container.adoc index fde7d061bb..471d030ce1 100644 --- a/downstream/modules/platform/proc-backup-aap-container.adoc +++ b/downstream/modules/platform/proc-backup-aap-container.adoc @@ -67,3 +67,17 @@ This backs up the important data deployed by the containerized installer such as * Data files . By default, the backup directory is set to `./backups`. You can change this by using the `backup_dir` variable in your `inventory` file. + +.Next steps + +To customize the backup, use the following variables in your `inventory` file. +* Change the backup destination directory from the default `./backups` by using the `backup_dir` variable. +* Exclude paths that contain duplicated data, such as snapshot subdirectories, by using the `hub_data_path_exclude` variable. For instance, to exclude a .snapshots subdirectory, specify hub_data_path_exclude=['*/.snapshots/*'] in your inventory file. +** Alternatively, you can use the command-line interface with the `-e` flag to pass this variable at runtime: ++ +---- +$ ansible-playbook -i inventory ansible.containerized_installer.backup -e hub_data_path_exclude="['*/.snapshots/*']" +---- + + + diff --git a/downstream/modules/platform/ref-hub-variables.adoc b/downstream/modules/platform/ref-hub-variables.adoc index 427bab5245..4db6b79b43 100644 --- a/downstream/modules/platform/ref-hub-variables.adoc +++ b/downstream/modules/platform/ref-hub-variables.adoc @@ -89,6 +89,12 @@ Valid options include: `true`, `false`, `auto` | Optional | `false` +| +| `hub_data_path_exclude` +| {HubName} backup path to exclude. +| Optional +| `[]` + | `automationhub_disable_hsts` | `hub_nginx_disable_hsts` | Controls whether HTTP Strict Transport Security (HSTS) is enabled or disabled for {HubName}. From d15a8e44dbdc74e1f5f2e8afe8a9639c0eeafd0d Mon Sep 17 00:00:00 2001 From: EMcWhinn <122449381+EMcWhinn@users.noreply.github.com> Date: Mon, 25 Aug 2025 11:27:57 +0100 Subject: [PATCH 69/71] Updating RHEM container image build (#4031) (#4110) * Updating RHEM container image build [Docs] Update Containerfile in RHEM doc https://issues.redhat.com/browse/AAP-50654 Affects `titles/edge-manager-user-guide` * Removing remaining `rhacm` mentions * Tech review edits --- .../platform/proc-edge-manager-build-bootc-image.adoc | 11 +++++------ .../modules/platform/proc-edge-manager-virt.adoc | 2 +- .../modules/platform/proc-edge-manager-vmware.adoc | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/downstream/modules/platform/proc-edge-manager-build-bootc-image.adoc b/downstream/modules/platform/proc-edge-manager-build-bootc-image.adoc index 23cd241bb2..b6c5cd9191 100644 --- a/downstream/modules/platform/proc-edge-manager-build-bootc-image.adoc +++ b/downstream/modules/platform/proc-edge-manager-build-bootc-image.adoc @@ -17,16 +17,15 @@ Complete the following steps: .Procedure . Create a `Containerfile` file with the following content to build a RHEL 9-based operating system image that includes the {RedHatEdge} agent and configuration: -//The following containerfile includes RHACM, confirm step for AAP. + + [source,bash] ---- FROM registry.redhat.io/rhel9/rhel-bootc: <1> -RUN subscription-manager repos --enable rhacm-2.13-for-rhel-9-$(uname -m)-rpms && \ - dnf -y install flightctl-agent && \ +RUN dnf --enablerepo ansible-automation-platform-2.5-for-rhel-9-x86_64-rpms -y install flightctl-agent-0.7.2-1.el9fc && \ dnf -y clean all && \ systemctl enable flightctl-agent.service && \ - systemctl mask bootc-fetch-apply-updates.timer <2> + systemctl mask bootc-fetch-apply-updates.timer <2> ---- <1> The base image that is referenced in `FROM` is a bootable container (`bootc`) image that already has a Linux kernel, which allows you to reuse existing standard container build tools and workflows. <2> Disables the default automatic updates. The updates are managed by the {RedHatEdge}. @@ -43,7 +42,7 @@ The pull secret must exist on the device before the secret can be consumed. + [source,bash] ---- -RUN dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ +RUN dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ dnf -y install podman-compose && \ dnf -y clean all && \ systemctl enable podman.service @@ -89,5 +88,5 @@ OCI_IMAGE_TAG=v1 + [source,bash] ---- -sudo podman build -t ${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG} +sudo podman build -t ${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG} . ---- diff --git a/downstream/modules/platform/proc-edge-manager-virt.adoc b/downstream/modules/platform/proc-edge-manager-virt.adoc index 78412eefd8..4c9eb551d4 100644 --- a/downstream/modules/platform/proc-edge-manager-virt.adoc +++ b/downstream/modules/platform/proc-edge-manager-virt.adoc @@ -22,7 +22,7 @@ Complete the generic steps with changes to the following steps: [source,bash] ---- FROM registry.redhat.io/rhel9/bootc-image-builder:latest -RUN subscription-manager repos --enable rhacm-2.13-for-rhel-9-$(uname -m)-rpms && \ +RUN subscription-manager repos --enable ansible-automation-platform-2.5-for-rhel-9-x86_64-rpms dnf -y install flightctl-agent && \ dnf -y clean all && \ systemctl enable flightctl-agent.service diff --git a/downstream/modules/platform/proc-edge-manager-vmware.adoc b/downstream/modules/platform/proc-edge-manager-vmware.adoc index 47c3418ff0..89354cb90f 100644 --- a/downstream/modules/platform/proc-edge-manager-vmware.adoc +++ b/downstream/modules/platform/proc-edge-manager-vmware.adoc @@ -22,7 +22,7 @@ Complete the generic steps with changes to the following steps: [source,bash] ---- FROM registry.redhat.io/rhel9/bootc-image-builder:latest -RUN subscription-manager repos --enable rhacm-2.13-for-rhel-9-$(uname -m)-rpms && \ +RUN subscription-manager repos --enable ansible-automation-platform-2.5-for-rhel-9-x86_64-rpms dnf -y install flightctl-agent && \ dnf -y clean all && \ systemctl enable flightctl-agent.service && \ From 849ca6c2a0df32427f4d95a533ca10861fd922f6 Mon Sep 17 00:00:00 2001 From: Michelle McCausland <141345897+michellemacrh@users.noreply.github.com> Date: Mon, 25 Aug 2025 13:45:58 +0100 Subject: [PATCH 70/71] Adds gateway_uwsgi_processes to inventory appendix (#4109) (#4112) Adds automationgateway_uwsgi_processes (RPM) and gateway_uwsgi_processes (Cont) to inventory vars appendix Affects: Containerized installation and RPM installation Document automationgateway_uwsgi_processes parameter in rpm installer https://issues.redhat.com/browse/AAP-52025 --- downstream/modules/platform/ref-gateway-variables.adoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/downstream/modules/platform/ref-gateway-variables.adoc b/downstream/modules/platform/ref-gateway-variables.adoc index dfaa0f1d45..e58807df68 100644 --- a/downstream/modules/platform/ref-gateway-variables.adoc +++ b/downstream/modules/platform/ref-gateway-variables.adoc @@ -221,6 +221,12 @@ Inventory file variables for {Gateway}. | Optional | `false` +| `automationgateway_uwsgi_processes` +| `gateway_uwsgi_processes` +| The number of `uwsgi` processes for the {Gateway} container. The value is calculated based on the number of available vCPUs (virtual CPUs). +| Optional +| The number of vCPUs multiplied by two, plus one. + | `automationgateway_use_archive_compression` | `gateway_use_archive_compression` | Controls whether archive compression is enabled or disabled for {Gateway}. You can control this functionality globally by using `use_archive_compression`. From 9604b70e258ce0e8c9bf972be8991b931e1ebd1e Mon Sep 17 00:00:00 2001 From: Greg Murray Date: Tue, 26 Aug 2025 10:00:38 +0100 Subject: [PATCH 71/71] Fix conflict issues in 2.6 --- .../modules/platform/ref-automation-mesh-proxy.adoc | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/downstream/modules/platform/ref-automation-mesh-proxy.adoc b/downstream/modules/platform/ref-automation-mesh-proxy.adoc index 02ca397bf1..72dea081dd 100644 --- a/downstream/modules/platform/ref-automation-mesh-proxy.adoc +++ b/downstream/modules/platform/ref-automation-mesh-proxy.adoc @@ -3,16 +3,8 @@ [id="ref-automation-mesh-proxy"] = Configuring proxy settings for {AutomationMesh} -<<<<<<< HEAD -You can route outbound communication from the receptor on an {AutomatioinMesh} node through a proxy server. -======= -<<<<<<< HEAD -You can route outbound communication from the receptor on an {AutomationMesh} node through a proxy server. -======= -You can route outbound communication from the receptor on an {AutomatioinMesh} node through a proxy server. ->>>>>>> 5b13ebf5 (AAP-51371 DITA AuthorLine Updates. (#4084)) ->>>>>>> 936077c8 (AAP-51371 DITA AuthorLine Updates. (#4084)) +You can route outbound communication from the receptor on an {AutomationMesh} node through a proxy server. If your proxy does not strip out TLS certificates then an installation of {PlatformNameShort} automatically supports the use of a proxy server. Every node on the mesh must have a Certifying Authority that the installer creates on your behalf.