From 4190f5155b1547fc855bbddb24a577896ac4f23f Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 2 Nov 2023 15:56:13 +0200 Subject: [PATCH 001/494] Add initial checklist for the 30m timeboxed investigation --- docs/howto/troubleshoot/logs.md | 2 ++ docs/index.md | 2 +- docs/sre-guide/support/index.md | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/howto/troubleshoot/logs.md b/docs/howto/troubleshoot/logs.md index fd1305ad36..40117f86f2 100644 --- a/docs/howto/troubleshoot/logs.md +++ b/docs/howto/troubleshoot/logs.md @@ -1,3 +1,5 @@ +(howto-troubleshoot:cloud-logs)= + # Look at logs to troubleshoot issues Looking at and interpreting logs produced by various components is the easiest diff --git a/docs/index.md b/docs/index.md index 1ab70d0e9d..ddd12b1bc6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -88,7 +88,7 @@ topic/access-creds/index.md topic/infrastructure/index.md topic/monitoring-alerting/index.md topic/features.md -topic/resource-allocations.md +topic/resource-allocation.md ``` ## Reference diff --git a/docs/sre-guide/support/index.md b/docs/sre-guide/support/index.md index 132735033a..f258422c76 100644 --- a/docs/sre-guide/support/index.md +++ b/docs/sre-guide/support/index.md @@ -12,4 +12,5 @@ decrypt-age build-image-remotely credits grafana-account +timeboxed-initial-ticket-evaluation ``` From 3f34aed9ba1fbf7bdc511b4d775bd48d88e0a620 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 2 Nov 2023 15:57:11 +0200 Subject: [PATCH 002/494] Add the docs page --- .../timeboxed-initial-ticket-evaluation.md | 158 ++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md diff --git a/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md b/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md new file mode 100644 index 0000000000..b770c5bd8b --- /dev/null +++ b/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md @@ -0,0 +1,158 @@ +# Initial timeboxed (30m) ticket resolution checklist + +In the [non-incident support response process](https://compass.2i2c.org/projects/managed-hubs/support/#non-incident-response-process), an initial 30m timeboxed ticket resolution process is documented. + +The support triagers use these 30m time interval to try an resolve a ticket, before opening a follow-up issue about it. + +The next sections represents an not-complete initial checklist that the support triager can follow in order to resolve the ticket or decide on opening a tracking issue about it, with the context they gained during this investigation. + +The steps to follow depend greatly on the type of ticket. To simplify, only three big ticket categories will be addressed. + +```{list-table} Category 1: [](something-is-not-working) +:name: steps-table +:widths: 30 30 +:header-rows: 1 + +* - [](something-is-not-working:app-logs) + - [](something-is-not-working:infra-logs) +* - ☑[](something-is-not-working:app-logs:check-component) + - ☑[](something-is-not-working:infra-logs:via-kubectl) +* - ☑[](something-is-not-working:app-logs:check-user) + - ☑[](something-is-not-working:infra-logs:via-ui) +``` + +```{list-table} Category 2: [](new-feature-request) +:widths: 30 +:header-rows: 1 + +* - Is the feature requested documented at [](hub-features)? +* - ☑ Yes? Then enable it after checking it is in the scope of the contract. +* - ▫️ No? Then open a GitHub tracking issue about it and continue following the non-incident process. +``` + + +```{list-table} Category 3: [](technical-advice) +:widths: 30 +:header-rows: 1 + +* - Is the question about an area where the support triager has insight into? +* - ☑ Yes? Then answer the ticket. +* - ▫️ No? Then open a GitHub tracking issue about it and continue following the non-incident process +``` + +(something-is-not-working)= +## Something is not working + +````{important} +If something is not working, you might be dealing with an incident, so depending on the scale of the issue and its nature, you might want to consider following the [Incident Response Process](https://compass.2i2c.org/projects/managed-hubs/incidents/#incident-response-process). + +```{list-table} Checklist when something is not working if not an incident +:widths: 30 +:header-rows: 0 +* - ☑ ask any additional info +* - ☑ [check the logs](#steps-table) +* - ☑ save the ones that look "interesting" +* - ☑ identify if it's any of the issues described at [](troubleshooting) +``` +```` + +(something-is-not-working:app-logs)= +### Check the logs at the application level + +Get the name of the cluster and hub you want to debug and export their names as env vars. Example: + +```bash +export CLUSTER_NAME=2i2c; export HUB_NAME=staging +``` + +```{note} +You can pass `--no-follow` to each of the commands below to provide just logs up to the current point in time and then stop. If the pod has restarted due to an error, you can pass `--previous` to look at the logs of the pod prior to the last restart. +``` +(something-is-not-working:app-logs:check-component)= +#### Component logs + +Get the logs of each component or the ones you suspect might have useful info + +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME hub +``` + +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME proxy +``` + +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME dask-gateway-api +``` + +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME dask-gateway-controller +``` + +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME traefik +``` + +(something-is-not-working:app-logs:check-user)= +#### User logs + +Display logs from the notebook pod of a given user: + +```bash +deployer debug user-logs $CLUSTER_NAME $HUB_NAME +``` + +(something-is-not-working:infra-logs)= +### Check the logs at the infrastructure level + +(something-is-not-working:infra-logs:via-kubectl)= +#### Using `kubectl` + +1. Authenticate into the desired cluster using the deployer's credentials and pop a new shell there. + + ```bash + deployer use-cluster-credentials $CLUSTER_NAME + ``` + +2. Execute the desired `kubectl` commands into this shell + + - Get current running nodes and their status + ```bash + kubectl get nodes + ``` + - Get the most important events in a given namespace + ```bash + kubectl get events -n + ``` + - Get the most important events in all namespaces of the cluster + ```bash + kubectl get events --all-namespaces + ``` + - Get all the running pods in a namespace and their status + ```bash + kubectl get pods -n + ``` + - Get all the running pods in all namespaces of the cluster + ```bash + kubectl get pods --all-namespaces + ``` + +(something-is-not-working:infra-logs:via-ui)= +#### [Accessing the cloud provider's UI](howto-troubleshoot:cloud-logs). + +(new-feature-request)= +## New feature requested + +```{important} +Q: Is the feature something that already exist and documented at [](hub-features)? +A: Yes? Then enable it after checking it is in the scope of the contract. +``` + +(technical-advice)= +## Technical advice + +```{important} +Q: Is the question about an area where the support triager has insight into? +A: Yes? Then answer the ticket + No? Then open a GitHub tracking issue about it and continue following the non-incident process. +``` From 015a8177919cbb79f1b6179be18b7b8ae1a92c5c Mon Sep 17 00:00:00 2001 From: Georgiana Date: Thu, 2 Nov 2023 17:02:44 +0200 Subject: [PATCH 003/494] Fix typo Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md b/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md index b770c5bd8b..77f27c4671 100644 --- a/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md +++ b/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md @@ -4,7 +4,7 @@ In the [non-incident support response process](https://compass.2i2c.org/projects The support triagers use these 30m time interval to try an resolve a ticket, before opening a follow-up issue about it. -The next sections represents an not-complete initial checklist that the support triager can follow in order to resolve the ticket or decide on opening a tracking issue about it, with the context they gained during this investigation. +The next sections represents an incomplete initial checklist that the support triager can follow in order to resolve the ticket or decide on opening a tracking issue about it, with the context they gained during this investigation. The steps to follow depend greatly on the type of ticket. To simplify, only three big ticket categories will be addressed. From c52828bf9354dd8bc32d42a9233b945167249068 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 14 Nov 2023 09:51:09 +0000 Subject: [PATCH 004/494] Add GitHub Actions workflow to automatically provide readthedocs preview links in PRs that touch docs --- .../autolink-readthedocs-previews-to-prs.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/autolink-readthedocs-previews-to-prs.yaml diff --git a/.github/workflows/autolink-readthedocs-previews-to-prs.yaml b/.github/workflows/autolink-readthedocs-previews-to-prs.yaml new file mode 100644 index 0000000000..c2123a910f --- /dev/null +++ b/.github/workflows/autolink-readthedocs-previews-to-prs.yaml @@ -0,0 +1,21 @@ +name: Add readthedocs preview link to pull requests + +on: + pull_request: + types: + - opened + branches: + - main + paths: + - "docs/**" + +jobs: + autolink-rtd-previews: + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - uses: readthedocs/actions/preview@v1 + with: + # The project slug in RTD still has the old repo name + project-slug: "2i2c-pilot-hubs" From 3b4e79bca1ef03e93816da795c79b136102a78f3 Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Tue, 14 Nov 2023 09:55:44 +0000 Subject: [PATCH 005/494] Fix default branch name --- .github/workflows/autolink-readthedocs-previews-to-prs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/autolink-readthedocs-previews-to-prs.yaml b/.github/workflows/autolink-readthedocs-previews-to-prs.yaml index c2123a910f..7bb42ab574 100644 --- a/.github/workflows/autolink-readthedocs-previews-to-prs.yaml +++ b/.github/workflows/autolink-readthedocs-previews-to-prs.yaml @@ -5,7 +5,7 @@ on: types: - opened branches: - - main + - master paths: - "docs/**" From 6eee14990144dc5fc69b32d5c63fa56805e22b8f Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 17 Nov 2023 13:07:51 +0530 Subject: [PATCH 006/494] veda: Provide QGIS based desktop image here too copied from GHG Ref https://github.com/2i2c-org/infrastructure/issues/3367#issuecomment-1815751331 --- config/clusters/nasa-veda/common.values.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index b6a21b4ec7..54ac12fbb5 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -129,6 +129,19 @@ basehub: securityContext: runAsUser: 1000 runAsGroup: 1000 + qgis: + display_name: QGIS on Linux Desktop + slug: qgis + kubespawner_override: + # Explicitly unset this - we set this to 'jupyterhub-singleuser' + # in basehub/values.yaml. We instead want to leave this unset, + # so the default command for the docker image is used instead. + # This is required for .desktop files to show up correctly. + cmd: null + # Launch people directly into the Linux desktop when they start + default_url: /desktop + # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 + image: "quay.io/jupyter-remote-desktop-proxy/qgis:2023-09-27" rocker: display_name: Rocker Geospatial with RStudio slug: rocker From fe425da2b99ce73f4722582e95705132c3a8190b Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 17 Nov 2023 12:02:10 +0200 Subject: [PATCH 007/494] Simplify and change format of the event new issue template --- .github/ISSUE_TEMPLATE/6_event-hub.md | 80 --------------------------- 1 file changed, 80 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/6_event-hub.md diff --git a/.github/ISSUE_TEMPLATE/6_event-hub.md b/.github/ISSUE_TEMPLATE/6_event-hub.md deleted file mode 100644 index f367f62e4d..0000000000 --- a/.github/ISSUE_TEMPLATE/6_event-hub.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -name: "\U0001F4C5 Event for a community" -about: Coordination and planning around an event for a community -title: "[EVENT] {{ HUB NAME }}" -labels: 'event' -assignees: '' - ---- - -### Summary - - - -### Event Info - - - -- **Community Representative:** -- **Event begin:** - - **In your timezone:** -- **Event end:** - - **In your timezone:** -- **Active times:** - - **In your timezone:** -- **Number of attendees:** -- [**Hub Events Calendar**](https://calendar.google.com/calendar/u/2?cid=Y19rdDg0c2g3YW5tMHNsb2NqczJzdTNqdnNvY0Bncm91cC5jYWxlbmRhci5nb29nbGUuY29t) - -### Hub info - -- **Hub URL**: -- **Hub decommisioned after event?**: - -### Task List - -**Before the event** - -- [ ] Dates confirmed with the community representative and added to Hub Events Calendar. -- [ ] Quotas from the cloud provider are high-enough to handle expected usage. -- [ ] **One week before event** Hub is running. -- [ ] Confirm with Community Representative that their workflows function as expected. - -
- 👉Template message to send to community representative - - ``` - Hey {{ COMMUNITY REPRESENTATIVE }}, the date of your event is getting close! - - Could you please confirm that your hub environment is ready-to-go, and matches your hub's infrastructure setup, by ensuring the following things: - - [ ] Confirm that the "Event Info" above is correct - - [ ] On your hub: log-in and authentication works as-expected - - [ ] `nbgitpuller` links you intend to use resolve properly - - [ ] Your notebooks and content run as-expected - ``` - -
-- [ ] **1 day before event**, either a separate nodegroup is provisioned for the event or the cluster is scaled up. - -**During and after event** - -- [ ] Confirm event is finished. -- [ ] Nodegroup created for the hub is decommissioned / cluster is scaled down. -- [ ] Hub decommissioned (if needed). -- [ ] Debrief with community representative. - -
- 👉Template debrief to send to community representative - - ``` - Hey {{ COMMUNITY REPRESENTATIVE }}, your event appears to be over 🎉 - - We hope that your hub worked out well for you! We are trying to understand where we can improve our hub infrastructure and setup around events, and would love any feedback that you're willing to give. Would you mind answering the following questions? If not, just let us know and that is no problem! - - - Did the infrastructure behave as expected? - - Anything that was confusing or could be improved? - - Any extra functionality you wish you would have had? - - Could you share a story about how you used the hub? - - - Any other feedback that you'd like to share? - - ``` - -
From 7415ed30bf007f5d44616b16f004f2d3951013ca Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 17 Nov 2023 12:10:05 +0200 Subject: [PATCH 008/494] Add the yaml file --- .github/ISSUE_TEMPLATE/6_event-hub.yml | 134 +++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/6_event-hub.yml diff --git a/.github/ISSUE_TEMPLATE/6_event-hub.yml b/.github/ISSUE_TEMPLATE/6_event-hub.yml new file mode 100644 index 0000000000..547e34637c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/6_event-hub.yml @@ -0,0 +1,134 @@ +name: 📅 Event for a community +description: Coordination and planning around an event for a community +title: "[EVENT] {{ HUB NAME }}" +labels: ["event"] +body: + - type: markdown + attributes: + value: | + # Event Info + + The following information is needed to determine if additional changes need to be done to the infrastructure. + Get this information from the community representative via support if not already provided. + + - type: input + id: ticket_id + attributes: + label: The link towards the Freshdesk ticket this event was reported + description: | + Copy-paste the Freshdesk link here + validations: + required: true + + - type: input + id: community_rep + attributes: + label: The GitHub handle or name of the community representative + description: | + Type the GitHub handle of the community representative or their name if the handle is not known. + validations: + required: true + + - type: textarea + id: event_begin + attributes: + label: The date when the event will start + description: | + Make sure to specify the timezone or to add an https://arewemeetingyet.com/ link or similar so team members can translate to their timezone. + validations: + required: true + + - type: textarea + id: event_end + attributes: + label: The date when the event will end + description: | + Make sure to specify the timezone or to add an https://arewemeetingyet.com/ link or similar so team members can translate to their timezone. + validations: + required: true + + - type: textarea + id: active_times + attributes: + label: What hours of the day will participants be active? (e.g., 5am - 5pm US/Pacific) + validations: + required: true + + - type: checkboxes + id: enough_notice + attributes: + label: Are we three weeks before the start date of the event? + options: + - label: "Yes" + - label: "No" + + - type: input + id: user_number + attributes: + label: Number of attendees + description: | + How many attendees should we expect simultaneously each day. + validations: + required: true + + - type: checkboxes + id: calendar + attributes: + label: Make sure to add the event into the calendar + description: | + The [Hub Events Calendar link](https://calendar.google.com/calendar/u/2?cid=Y19rdDg0c2g3YW5tMHNsb2NqczJzdTNqdnNvY0Bncm91cC5jYWxlbmRhci5nb29nbGUuY29t) + options: + - label: Done + + - type: markdown + attributes: + value: | + # Hub info + + General info about the hub that will be used for the event. + + - type: checkboxes + id: hub_exists + attributes: + label: Does the hub already exist? + options: + - label: "Yes" + - label: "No" + + - type: input + id: hub_url + attributes: + label: The URL of the hub that will be used for the event + validations: + required: true + + - type: checkboxes + id: hub_decommision + attributes: + label: Will this hub be decommissioned after the event is over? + options: + - label: "Yes" + - label: "No" + + - type: markdown + attributes: + value: | + # Engineer task list + + General checks to perform before the event. + + - type: checkboxes + id: info_available + attributes: + label: Was all the info filled in above? + options: + - label: "Yes" + - label: "No" + + - type: checkboxes + id: quotas_ok + attributes: + label: Quotas from the cloud provider are high-enough to handle expected usage? + options: + - label: "Yes" + - label: "No" From 360a0021368ccf13e11bd3e6092414e108a7a1a4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 19 Nov 2023 12:52:39 +0100 Subject: [PATCH 009/494] eksctl: workaround whitespace bug in template.jsonnet For some reason, the left whitespace chomping is behaving weirdly, removing a new line it shouldn't. --- eksctl/template.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eksctl/template.jsonnet b/eksctl/template.jsonnet index 3c58638e6c..c57f3e7bf8 100644 --- a/eksctl/template.jsonnet +++ b/eksctl/template.jsonnet @@ -65,10 +65,10 @@ local daskNodes = []; metadata+: { name: "<< cluster_name >>", region: clusterRegion, - {#- + {# version should be the latest support version by the eksctl CLI, see https://eksctl.io/introduction/ for a list of supported versions. - #} + -#} version: '1.25' }, availabilityZones: masterAzs, From b76bd70fd81561f4993c7727e9f251e7c6b1dea2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 19 Nov 2023 12:54:08 +0100 Subject: [PATCH 010/494] eksctl: bump default eks version from 1.25 to 1.27 --- eksctl/template.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eksctl/template.jsonnet b/eksctl/template.jsonnet index c57f3e7bf8..537e08d520 100644 --- a/eksctl/template.jsonnet +++ b/eksctl/template.jsonnet @@ -69,7 +69,7 @@ local daskNodes = []; version should be the latest support version by the eksctl CLI, see https://eksctl.io/introduction/ for a list of supported versions. -#} - version: '1.25' + version: "1.27", }, availabilityZones: masterAzs, iam: { From 298246f3a9d1fe438ae2f3f153ab7d831aba32d0 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 19 Nov 2023 15:43:56 +0100 Subject: [PATCH 011/494] docs: add small details to aws upgrade docs --- docs/howto/upgrade-cluster/aws.md | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/docs/howto/upgrade-cluster/aws.md b/docs/howto/upgrade-cluster/aws.md index 98f1c16204..05e0fa23c7 100644 --- a/docs/howto/upgrade-cluster/aws.md +++ b/docs/howto/upgrade-cluster/aws.md @@ -151,22 +151,23 @@ eksctl upgrade cluster --config-file=$CLUSTER_NAME.eksctl.yaml --approve ```{note} If you see the error `Error: the server has asked for the client to provide credentials` don't worry, if you try it again you will find that the cluster is now upgraded. ``` -#### 3.2. Upgrade EKS add-ons (takes ~3*5s) + +#### 3.2. Upgrade EKS add-ons As documented in `eksctl`'s documentation[^1], we also need to upgrade three EKS add-ons enabled by default, and one we have added manually. ```bash -# upgrade the kube-proxy daemonset +# upgrade the kube-proxy daemonset (takes ~5s) eksctl utils update-kube-proxy --config-file=$CLUSTER_NAME.eksctl.yaml --approve -# upgrade the aws-node daemonset +# upgrade the aws-node daemonset (takes ~5s) eksctl utils update-aws-node --config-file=$CLUSTER_NAME.eksctl.yaml --approve -# upgrade the coredns deployment +# upgrade the coredns deployment (takes ~5s) eksctl utils update-coredns --config-file=$CLUSTER_NAME.eksctl.yaml --approve -# upgrade the aws-ebs-csi-driver addon's deployment and daemonset +# upgrade the aws-ebs-csi-driver addon's deployment and daemonset (takes ~60s) eksctl update addon --config-file=$CLUSTER_NAME.eksctl.yaml ``` @@ -234,10 +235,17 @@ this command, either from `core-a` to `core-b` or the other way around, then create the new nodegroup. ```bash -# create a copy of the current nodegroup +# create a copy of the current nodegroup (takes ~5 min) eksctl create nodegroup --config-file=$CLUSTER_NAME.eksctl.yaml --include="core-b" ``` +```{important} +The `eksctl create nodegroup` can fail quietly when re-creating a node group +that has been deleted recently (last ~60 seconds). If you see messages like _# +existing nodegroup(s) (...) will be excluded_ and _created 0 nodegroup(s)_, you +can just re-run the `create` command. +``` + #### 5.3. Renaming node groups part 2: delete all old node groups (like `core-a,nb-*,dask-*`) Rename the core node group again in the config to its previous name, @@ -245,10 +253,16 @@ so the old node group can be deleted with the following command, then delete the original nodegroup. ```bash -# delete the original nodegroup +# delete the original nodegroup (takes ~20s if the node groups has no running nodes) eksctl delete nodegroup --config-file=$CLUSTER_NAME.eksctl.yaml --include="core-a,nb-*,dask-*" --approve --drain=true ``` +```{note} +The `eksctl` managed drain operation may get stuck but you could help it along +by finding the pods that fail to terminate with `kubectl get pod -A`, and then +manually forcefully terminating them with `kubectl delete pod --force <...>`. +``` + #### 5.4. Renaming node groups part 3: re-create all non-core node groups (like `nb-*,dask-*`) Rename the core node group one final time in the config to its From 4b228f9afd07a3ed395e57864bf43bd5115acf37 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 19 Nov 2023 15:44:38 +0100 Subject: [PATCH 012/494] eksctl: upgrade 7 EKS clusters at 1.25 to 1.27 --- eksctl/2i2c-aws-us.jsonnet | 4 ++-- eksctl/gridsst.jsonnet | 14 +++++++++++--- eksctl/jupyter-meets-the-earth.jsonnet | 7 +++++-- eksctl/nasa-cryo.jsonnet | 6 ++++-- eksctl/nasa-veda.jsonnet | 4 ++-- eksctl/smithsonian.jsonnet | 4 ++-- eksctl/victor.jsonnet | 7 +++++-- 7 files changed, 31 insertions(+), 15 deletions(-) diff --git a/eksctl/2i2c-aws-us.jsonnet b/eksctl/2i2c-aws-us.jsonnet index 68c28f9912..167d2940d0 100644 --- a/eksctl/2i2c-aws-us.jsonnet +++ b/eksctl/2i2c-aws-us.jsonnet @@ -57,7 +57,7 @@ local daskNodes = [ metadata+: { name: "2i2c-aws-us", region: clusterRegion, - version: '1.25' + version: '1.27', }, availabilityZones: masterAzs, iam: { @@ -85,7 +85,7 @@ local daskNodes = [ ], nodeGroups: [ ng { - name: 'core-a', + name: 'core-b', availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/2i2c-aws-us.key.pub' diff --git a/eksctl/gridsst.jsonnet b/eksctl/gridsst.jsonnet index f78b896e0b..b39b5f7f4c 100644 --- a/eksctl/gridsst.jsonnet +++ b/eksctl/gridsst.jsonnet @@ -25,10 +25,19 @@ local nodeAz = "us-west-2a"; // A `node.kubernetes.io/instance-type label is added, so pods // can request a particular kind of node with a nodeSelector local notebookNodes = [ + # FIXME: Ensure gridsst wants minSize 1. Before an event it was set to 0, + # but as part of scaling down after the event it stayed at one. + # + # scale up: https://github.com/2i2c-org/infrastructure/pull/1836 + # scale down: https://github.com/2i2c-org/infrastructure/pull/1844 + # { instanceType: "m5.large", minSize: 1 }, { instanceType: "m5.xlarge", minSize: 0 }, { instanceType: "m5.2xlarge", minSize: 0 }, { instanceType: "m5.8xlarge", minSize: 0 }, + { instanceType: "r5.xlarge", minSize: 0 }, + { instanceType: "r5.4xlarge", minSize: 0 }, + { instanceType: "r5.16xlarge", minSize: 0 }, { instanceType: "g4dn.xlarge", minSize: 0, tags+: { @@ -58,7 +67,7 @@ local daskNodes = [ metadata+: { name: "gridsst", region: clusterRegion, - version: '1.25' + version: "1.27", }, availabilityZones: masterAzs, iam: { @@ -86,7 +95,7 @@ local daskNodes = [ ], nodeGroups: [ ng { - name: 'core-a', + name: 'core-b', availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/gridsst.key.pub' @@ -119,7 +128,6 @@ local daskNodes = [ "hub.jupyter.org_dedicated": "user:NoSchedule", "hub.jupyter.org/dedicated": "user:NoSchedule" }, - } + n for n in notebookNodes ] + [ ng { diff --git a/eksctl/jupyter-meets-the-earth.jsonnet b/eksctl/jupyter-meets-the-earth.jsonnet index 49cd8e1dce..ceca855558 100644 --- a/eksctl/jupyter-meets-the-earth.jsonnet +++ b/eksctl/jupyter-meets-the-earth.jsonnet @@ -25,6 +25,9 @@ local nodeAz = "us-west-2a"; // A `node.kubernetes.io/instance-type label is added, so pods // can request a particular kind of node with a nodeSelector local notebookNodes = [ + { instanceType: "r5.xlarge" }, + { instanceType: "r5.4xlarge" }, + { instanceType: "r5.16xlarge" }, { instanceType: "m5.xlarge" }, { instanceType: "m5.4xlarge" }, { instanceType: "m5.16xlarge" }, @@ -78,7 +81,7 @@ local daskNodes = [ metadata+: { name: "jupyter-meets-the-earth", region: clusterRegion, - version: '1.25' + version: "1.27", }, availabilityZones: masterAzs, iam: { @@ -106,7 +109,7 @@ local daskNodes = [ ], nodeGroups: [ ng { - name: 'core-a', + name: 'core-b', availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/jupyter-meets-the-earth.key.pub' diff --git a/eksctl/nasa-cryo.jsonnet b/eksctl/nasa-cryo.jsonnet index 73f1b85c88..b36552cd0c 100644 --- a/eksctl/nasa-cryo.jsonnet +++ b/eksctl/nasa-cryo.jsonnet @@ -25,6 +25,8 @@ local nodeAz = "us-west-2a"; // A `node.kubernetes.io/instance-type label is added, so pods // can request a particular kind of node with a nodeSelector local notebookNodes = [ + # FIXME: The r5.xlarge node group is still at version 1.25 and should be + # upgraded by deleting it and adding it back when possible. { instanceType: "r5.xlarge" }, { instanceType: "r5.4xlarge" }, { instanceType: "r5.16xlarge" }, @@ -60,7 +62,7 @@ local daskNodes = [ metadata+: { name: "nasa-cryo", region: clusterRegion, - version: '1.25' + version: "1.27", }, availabilityZones: masterAzs, iam: { @@ -88,7 +90,7 @@ local daskNodes = [ ], nodeGroups: [ ng { - name: 'core-a', + name: 'core-b', availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/nasa-cryo.key.pub' diff --git a/eksctl/nasa-veda.jsonnet b/eksctl/nasa-veda.jsonnet index c3ba17b009..b1b2b0a8ee 100644 --- a/eksctl/nasa-veda.jsonnet +++ b/eksctl/nasa-veda.jsonnet @@ -51,7 +51,7 @@ local daskNodes = [ metadata+: { name: "nasa-veda", region: clusterRegion, - version: '1.25' + version: "1.27", }, availabilityZones: masterAzs, iam: { @@ -79,7 +79,7 @@ local daskNodes = [ ], nodeGroups: [ ng { - name: 'core-b', + name: 'core-a', availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/nasa-veda.key.pub' diff --git a/eksctl/smithsonian.jsonnet b/eksctl/smithsonian.jsonnet index 47eb77cfd4..300e0b2893 100644 --- a/eksctl/smithsonian.jsonnet +++ b/eksctl/smithsonian.jsonnet @@ -56,7 +56,7 @@ local daskNodes = [ metadata+: { name: "smithsonian", region: clusterRegion, - version: '1.25' + version: "1.27", }, availabilityZones: masterAzs, iam: { @@ -84,7 +84,7 @@ local daskNodes = [ ], nodeGroups: [ ng { - name: 'core-a', + name: 'core-b', availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/smithsonian.key.pub' diff --git a/eksctl/victor.jsonnet b/eksctl/victor.jsonnet index bf1e9dce7e..7f3633cee5 100644 --- a/eksctl/victor.jsonnet +++ b/eksctl/victor.jsonnet @@ -29,6 +29,9 @@ local notebookNodes = [ { instanceType: "m5.xlarge" }, { instanceType: "m5.2xlarge" }, { instanceType: "m5.8xlarge" }, + { instanceType: "r5.xlarge" }, + { instanceType: "r5.4xlarge" }, + { instanceType: "r5.16xlarge" }, ]; local daskNodes = [ @@ -52,7 +55,7 @@ local daskNodes = [ metadata+: { name: "victor", region: clusterRegion, - version: '1.25' + version: "1.27", }, availabilityZones: masterAzs, iam: { @@ -80,7 +83,7 @@ local daskNodes = [ ], nodeGroups: [ ng { - name: 'core-b', + name: 'core-a', availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/victor.key.pub' From 95e3807afe5d795f7cc9b0aa16ddec9d54d68121 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 19 Nov 2023 18:43:41 +0100 Subject: [PATCH 013/494] eksctl: upgrade 2 EKS clusters at 1.24 to 1.27 --- eksctl/openscapes.jsonnet | 2 +- eksctl/ubc-eoas.jsonnet | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/eksctl/openscapes.jsonnet b/eksctl/openscapes.jsonnet index 265101f73f..13262155a2 100644 --- a/eksctl/openscapes.jsonnet +++ b/eksctl/openscapes.jsonnet @@ -55,7 +55,7 @@ local daskNodes = [ metadata+: { name: "openscapeshub", region: clusterRegion, - version: '1.24' + version: "1.27", }, availabilityZones: masterAzs, iam: { diff --git a/eksctl/ubc-eoas.jsonnet b/eksctl/ubc-eoas.jsonnet index 2fc44d5a2f..67ff4325f0 100644 --- a/eksctl/ubc-eoas.jsonnet +++ b/eksctl/ubc-eoas.jsonnet @@ -25,10 +25,10 @@ local nodeAz = "ca-central-1a"; // A `node.kubernetes.io/instance-type label is added, so pods // can request a particular kind of node with a nodeSelector local notebookNodes = [ - # TODO: this m5 instance type is to be deleted when its no longer has user pods - # running on it, we have transitioned to use r5 instance types (highmem) - { instanceType: "m5.large" }, + { instanceType: "r5.xlarge" }, { instanceType: "r5.2xlarge" }, + { instanceType: "r5.4xlarge" }, + { instanceType: "r5.16xlarge" }, ]; local daskNodes = []; @@ -40,7 +40,7 @@ local daskNodes = []; metadata+: { name: "ubc-eoas", region: clusterRegion, - version: '1.24' + version: "1.27", }, availabilityZones: masterAzs, iam: { From 7bfe7934de002faa3b2544a38e8e195536ab54e4 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 20 Nov 2023 11:21:40 +0000 Subject: [PATCH 014/494] Move the current docs on moving hubs to a subfolder --- .../other-hub-ops/{move-hub.md => move-hubs/across-clusters.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/hub-deployment-guide/hubs/other-hub-ops/{move-hub.md => move-hubs/across-clusters.md} (100%) diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hub.md b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md similarity index 100% rename from docs/hub-deployment-guide/hubs/other-hub-ops/move-hub.md rename to docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md From 7361fc5025864607b4c9c016925983fecaee8da4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 30 Oct 2023 12:51:16 +0100 Subject: [PATCH 015/494] Add BASEHUB_CLOUD_PROVIDER env to hub pod and dask-gateway api pod --- .../templates/configmap-cluster-info.yaml | 19 +++++++++++++++++++ helm-charts/basehub/values.yaml | 6 ++++++ helm-charts/daskhub/values.yaml | 6 ++++++ 3 files changed, 31 insertions(+) create mode 100644 helm-charts/basehub/templates/configmap-cluster-info.yaml diff --git a/helm-charts/basehub/templates/configmap-cluster-info.yaml b/helm-charts/basehub/templates/configmap-cluster-info.yaml new file mode 100644 index 0000000000..abdf94a888 --- /dev/null +++ b/helm-charts/basehub/templates/configmap-cluster-info.yaml @@ -0,0 +1,19 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: basehub-cluster-info + labels: + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/name: basehub + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + {{- $cloud_provider := "" }} + {{- if (.Capabilities.KubeVersion.Version | contains "gke") }} + {{- $cloud_provider = "gke" }} + {{- else if (.Capabilities.KubeVersion.Version | contains "eks") }} + {{- $cloud_provider = "eks" }} + {{- else }} + {{- $cloud_provider = "aks" }} + {{- end }} + cloudProvider: {{ $cloud_provider }} diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index c2b494e781..0fb9441470 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -461,6 +461,12 @@ jupyterhub: - value: "/rstudio" title: RStudio description: An IDE For R, created by the RStudio company + extraEnv: + BASEHUB_CLOUD_PROVIDER: + valueFrom: + configMapKeyRef: + name: basehub-cluster-info + key: cloudProvider initContainers: - name: templates-clone image: alpine/git:2.40.1 diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index 6ca37074f6..15f3407016 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -146,6 +146,12 @@ dask-gateway: nodeSelector: # Dask workers get their own pre-emptible pool k8s.dask.org/node-purpose: worker + env: + - name: BASEHUB_CLOUD_PROVIDER + valueFrom: + configMapKeyRef: + name: basehub-cluster-info + key: cloudProvider # TODO: figure out a replacement for userLimits. extraConfig: From 9782d75af3df7b7e9fa8e4439b85826f206d74ce Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 30 Oct 2023 15:58:36 +0100 Subject: [PATCH 016/494] daskhub: provider suitable options for worker requests/limits --- .../common.values.yaml | 62 -------- helm-charts/daskhub/values.yaml | 143 +++++++++++++----- 2 files changed, 104 insertions(+), 101 deletions(-) diff --git a/config/clusters/jupyter-meets-the-earth/common.values.yaml b/config/clusters/jupyter-meets-the-earth/common.values.yaml index bfbb057556..11ee63bdd2 100644 --- a/config/clusters/jupyter-meets-the-earth/common.values.yaml +++ b/config/clusters/jupyter-meets-the-earth/common.values.yaml @@ -284,65 +284,3 @@ dask-gateway: memory: request: 2G limit: 500G - - # Note that we are overriding options provided in 2i2c's helm chart that has - # default values for these config entries. - # - extraConfig: - # This configuration represents options that can be presented to users - # that want to create a Dask cluster using dask-gateway. For more - # details, see https://gateway.dask.org/cluster-options.html - # - # The goal is to provide a simple configuration that allow the user some - # flexibility while also fitting well well on AWS nodes that are all - # having 1:4 ratio between CPU and GB of memory. By providing the - # username label, we help administrators to track user pods. - option_handler: | - from dask_gateway_server.options import Options, Select, String, Mapping - def cluster_options(user): - def option_handler(options): - if ":" not in options.image: - raise ValueError("When specifying an image you must also provide a tag") - extra_labels = {} - scheduler_extra_pod_annotations = { - "prometheus.io/scrape": "true", - "prometheus.io/port": "8787", - } - chosen_worker_cpu = int(options.worker_specification.split("CPU")[0]) - chosen_worker_memory = 4 * chosen_worker_cpu - # We multiply the requests by a fraction to ensure that the - # worker fit well within a node that need some resources - # reserved for system pods. - return { - # A default image is suggested via DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE env variable - "image": options.image, - "scheduler_extra_pod_labels": extra_labels, - "scheduler_extra_pod_annotations": scheduler_extra_pod_annotations, - "worker_extra_pod_labels": extra_labels, - "worker_cores": 0.85 * chosen_worker_cpu, - "worker_cores_limit": chosen_worker_cpu, - "worker_memory": "%fG" % (0.85 * chosen_worker_memory), - "worker_memory_limit": "%fG" % chosen_worker_memory, - "environment": options.environment, - } - return Options( - Select( - "worker_specification", - [ - "1CPU, 4GB", - "2CPU, 8GB", - "4CPU, 16GB", - "8CPU, 32GB", - "16CPU, 64GB", - "32CPU, 128GB", - "64CPU, 256GB", - ], - default="1CPU, 4GB", - label="Worker specification", - ), - # The default image is set via DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE env variable - String("image", label="Image"), - Mapping("environment", {}, label="Environment variables"), - handler=option_handler, - ) - c.Backend.cluster_options = cluster_options diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index 15f3407016..8479dedd3b 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -153,68 +153,133 @@ dask-gateway: name: basehub-cluster-info key: cloudProvider - # TODO: figure out a replacement for userLimits. extraConfig: - optionHandler: | - from dask_gateway_server.options import Options, Integer, Float, String, Mapping - import string + # This configuration represents options that can be presented to users + # that want to create a Dask cluster using dask-gateway client. + # + # This configuration is meant to enable the user to request dask worker + # pods that fits well on 2i2c's clusters. Currently the only kind of + # instance types used are n2-highmem-16 or r5.4xlarge. + # + # - Documentation about exposing cluster options to users: + # https://gateway.dask.org/cluster-options.html and the + # - Reference for KubeClusterConfig, which is what can be configured: + # https://gateway.dask.org/api-server.html#kubeclusterconfig. + # + option_handler: | + import os + from dask_gateway_server.options import Integer, Mapping, Options, Select, String - # Escape a string to be dns-safe in the same way that KubeSpawner does it. - # Reference https://github.com/jupyterhub/kubespawner/blob/616f72c4aee26c3d2127c6af6086ec50d6cda383/kubespawner/spawner.py#L1828-L1835 - # Adapted from https://github.com/minrk/escapism to avoid installing the package - # in the dask-gateway api pod which would have been problematic. - def escape_string_label_safe(to_escape): - safe_chars = set(string.ascii_lowercase + string.digits) - escape_char = "-" - chars = [] - for c in to_escape: - if c in safe_chars: - chars.append(c) - else: - # escape one character - buf = [] - # UTF-8 uses 1 to 4 bytes per character, depending on the Unicode symbol - # so we need to transform each byte to its hex value - for byte in c.encode("utf8"): - buf.append(escape_char) - # %X is the hex value of the byte - buf.append('%X' % byte) - escaped_hex_char = "".join(buf) - chars.append(escaped_hex_char) - return u''.join(chars) + # Decide on available instance types and their resource allocation + # choices to expose based on cloud provider. For each daskhub hub + # managed by 2i2c, there should be these instance types available. + # + cloud_provider = os.environ["BASEHUB_CLOUD_PROVIDER"] # gke, eks, or aks + instance_types = { + "gke": ["n2-highmem-16"], + "eks": ["r5.4xlarge"], + } + resource_allocations = { + # n2-highmem-16 nodes in our clusters have 15.89 allocatable cores + # and 116.549Gi allocatable memory, and daemonset are expected to + # not add more than 400m cores and 800Mi (0.781Gi) memory with some + # margin, so we get 15.49 cores and 115.768Gi available for worker + # pods to request. + # + # This is an initial conservative strategy, allowing a slight + # oversubscription of CPU but not any oversubscription of memory. + # + # To workaround https://github.com/dask/dask-gateway/issues/765, we + # round worker_cores down from [0.968, 1.936, 3.872, 7.745, 15.49] + # to [0.9, 1.9, 3.8, 7.7, 15.4]. + # + "n2-highmem-16": { + "1CPU, 7.2Gi": {"worker_cores": 0.9, "worker_cores_limit": 1, "worker_memory": "7.235G", "worker_memory_limit": "7.235G"}, + "2CPU, 14.5Gi": {"worker_cores": 1.9, "worker_cores_limit": 2, "worker_memory": "14.471G", "worker_memory_limit": "14.471G"}, + "4CPU, 28.9Gi": {"worker_cores": 3.8, "worker_cores_limit": 4, "worker_memory": "28.942G", "worker_memory_limit": "28.942G"}, + "8CPU, 57.9Gi": {"worker_cores": 7.7, "worker_cores_limit": 8, "worker_memory": "57.884G", "worker_memory_limit": "57.884G"}, + "16CPU, 115.8Gi": {"worker_cores": 15.4, "worker_cores_limit": 16, "worker_memory": "115.768G", "worker_memory_limit": "115.768G"}, + }, + # r5.4xlarge nodes in our clusters have 15.89 allocatable cores and + # 121.504Gi allocatable memory, and daemonset are expected to not + # add more than 400m cores and 800Mi (0.781Gi) memory with some + # margin, so we get 15.49 cores and 120.723Gi available for worker + # pods to request. + # + # This is an initial conservative strategy, allowing a slight + # oversubscription of CPU but not any oversubscription of memory. + # + # To workaround https://github.com/dask/dask-gateway/issues/765, we + # round worker_cores down from [0.968, 1.936, 3.872, 7.745, 15.49] + # to [0.9, 1.9, 3.8, 7.7, 15.4]. + # + "r5.4xlarge": { + "1CPU, 7.5Gi": {"worker_cores": 0.9, "worker_cores_limit": 1, "worker_memory": "7.545G", "worker_memory_limit": "7.545G"}, + "2CPU, 15.1Gi": {"worker_cores": 1.9, "worker_cores_limit": 2, "worker_memory": "15.090G", "worker_memory_limit": "15.090G"}, + "4CPU, 30.2Gi": {"worker_cores": 3.8, "worker_cores_limit": 4, "worker_memory": "30.180G", "worker_memory_limit": "30.180G"}, + "8CPU, 60.4Gi": {"worker_cores": 7.7, "worker_cores_limit": 8, "worker_memory": "60.361G", "worker_memory_limit": "60.361G"}, + "16CPU, 120.7Gi": {"worker_cores": 15.4, "worker_cores_limit": 16, "worker_memory": "120.723G", "worker_memory_limit": "120.723G"}, + }, + } + + # for now we support only on one instance type per cluster, listing it + # as an option is a way to help convey how things work a bit better + it = instance_types[cloud_provider][0] + ra = resource_allocations[it] + ra_keys = list(ra.keys()) def cluster_options(user): - safe_username = escape_string_label_safe(user.name) def option_handler(options): if ":" not in options.image: raise ValueError("When specifying an image you must also provide a tag") + extra_labels = {} scheduler_extra_pod_annotations = { - "hub.jupyter.org/username": safe_username, + "hub.jupyter.org/username": user.name, "prometheus.io/scrape": "true", "prometheus.io/port": "8787", } - extra_labels = { - "hub.jupyter.org/username": safe_username, + worker_extra_pod_annotations = { + "hub.jupyter.org/username": user.name, } + picked_ra = ra[options.worker_resource_allocation] + return { - "worker_cores_limit": options.worker_cores, - "worker_cores": options.worker_cores, - "worker_memory": "%fG" % options.worker_memory, + # A default image is suggested via DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE env variable "image": options.image, - "scheduler_extra_pod_annotations": scheduler_extra_pod_annotations, "scheduler_extra_pod_labels": extra_labels, + "scheduler_extra_pod_annotations": scheduler_extra_pod_annotations, "worker_extra_pod_labels": extra_labels, + "worker_extra_pod_annotations": worker_extra_pod_annotations, + "worker_cores": picked_ra["worker_cores"], + "worker_cores_limit": picked_ra["worker_cores_limit"], + "worker_memory": picked_ra["worker_memory"], + "worker_memory_limit": picked_ra["worker_memory_limit"], "environment": options.environment, + "idle_timeout": options.idle_timeout, } return Options( - Integer("worker_cores", 2, min=1, label="Worker Cores"), - Float("worker_memory", 4, min=1, label="Worker Memory (GiB)"), - # The default image is set via DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE env variable + Select( + "instance_type", + [it], + default=it, + label="Instance type running worker containers", + ), + Select( + "worker_resource_allocation", + ra_keys, + default=ra_keys[0], + label="Resources per worker container", + ), + # The default image is pre-specified by the dask-gateway client + # via the env var DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE set on + # the jupyterhub user pods String("image", label="Image"), - Mapping("environment", {}, label="Environment Variables"), + Mapping("environment", {}, label="Environment variables (YAML)"), + Integer("idle_timeout", 1800, min=0, label="Idle cluster terminated after (seconds)"), handler=option_handler, ) c.Backend.cluster_options = cluster_options + idle: | # timeout after 30 minutes of inactivity c.KubeClusterConfig.idle_timeout = 1800 From a4b49cb9e18d48a33dd2a92f9ceb43c028262451 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 31 Oct 2023 10:24:59 +0100 Subject: [PATCH 017/494] Rename BASEHUB_CLOUD_PROVIDER to BASEHUB_K8S_DIST --- .../basehub/templates/configmap-cluster-info.yaml | 10 +++++----- helm-charts/basehub/values.yaml | 4 ++-- helm-charts/daskhub/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/helm-charts/basehub/templates/configmap-cluster-info.yaml b/helm-charts/basehub/templates/configmap-cluster-info.yaml index abdf94a888..38527de654 100644 --- a/helm-charts/basehub/templates/configmap-cluster-info.yaml +++ b/helm-charts/basehub/templates/configmap-cluster-info.yaml @@ -8,12 +8,12 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} data: - {{- $cloud_provider := "" }} + {{- $k8s_dist := "" }} {{- if (.Capabilities.KubeVersion.Version | contains "gke") }} - {{- $cloud_provider = "gke" }} + {{- $k8s_dist = "gke" }} {{- else if (.Capabilities.KubeVersion.Version | contains "eks") }} - {{- $cloud_provider = "eks" }} + {{- $k8s_dist = "eks" }} {{- else }} - {{- $cloud_provider = "aks" }} + {{- $k8s_dist = "aks" }} {{- end }} - cloudProvider: {{ $cloud_provider }} + K8S_DIST: {{ $k8s_dist }} diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index 0fb9441470..75062c5d2c 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -462,11 +462,11 @@ jupyterhub: title: RStudio description: An IDE For R, created by the RStudio company extraEnv: - BASEHUB_CLOUD_PROVIDER: + BASEHUB_K8S_DIST: valueFrom: configMapKeyRef: name: basehub-cluster-info - key: cloudProvider + key: K8S_DIST initContainers: - name: templates-clone image: alpine/git:2.40.1 diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index 8479dedd3b..d8da51a313 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -147,11 +147,11 @@ dask-gateway: # Dask workers get their own pre-emptible pool k8s.dask.org/node-purpose: worker env: - - name: BASEHUB_CLOUD_PROVIDER + - name: BASEHUB_K8S_DIST valueFrom: configMapKeyRef: name: basehub-cluster-info - key: cloudProvider + key: K8S_DIST extraConfig: # This configuration represents options that can be presented to users @@ -174,7 +174,7 @@ dask-gateway: # choices to expose based on cloud provider. For each daskhub hub # managed by 2i2c, there should be these instance types available. # - cloud_provider = os.environ["BASEHUB_CLOUD_PROVIDER"] # gke, eks, or aks + cloud_provider = os.environ["BASEHUB_K8S_DIST"] # gke, eks, or aks instance_types = { "gke": ["n2-highmem-16"], "eks": ["r5.4xlarge"], From fd2c19ccd81325f64b2601c5087af4aba2f10bfa Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 31 Oct 2023 12:28:18 +0100 Subject: [PATCH 018/494] daskhub: retain escaped username label for dask scheduler/worker pods --- helm-charts/daskhub/values.yaml | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index d8da51a313..e1aa202cde 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -166,10 +166,36 @@ dask-gateway: # - Reference for KubeClusterConfig, which is what can be configured: # https://gateway.dask.org/api-server.html#kubeclusterconfig. # - option_handler: | + optionHandler: | import os + import string + from dask_gateway_server.options import Integer, Mapping, Options, Select, String + # Escape a string to be dns-safe in the same way that KubeSpawner does it. + # Reference https://github.com/jupyterhub/kubespawner/blob/616f72c4aee26c3d2127c6af6086ec50d6cda383/kubespawner/spawner.py#L1828-L1835 + # Adapted from https://github.com/minrk/escapism to avoid installing the package + # in the dask-gateway api pod which would have been problematic. + def escape_string_label_safe(to_escape): + safe_chars = set(string.ascii_lowercase + string.digits) + escape_char = "-" + chars = [] + for c in to_escape: + if c in safe_chars: + chars.append(c) + else: + # escape one character + buf = [] + # UTF-8 uses 1 to 4 bytes per character, depending on the Unicode symbol + # so we need to transform each byte to its hex value + for byte in c.encode("utf8"): + buf.append(escape_char) + # %X is the hex value of the byte + buf.append('%X' % byte) + escaped_hex_char = "".join(buf) + chars.append(escaped_hex_char) + return u''.join(chars) + # Decide on available instance types and their resource allocation # choices to expose based on cloud provider. For each daskhub hub # managed by 2i2c, there should be these instance types available. @@ -232,7 +258,9 @@ dask-gateway: def option_handler(options): if ":" not in options.image: raise ValueError("When specifying an image you must also provide a tag") - extra_labels = {} + extra_labels = { + "hub.jupyter.org/username": escape_string_label_safe(user.name), + } scheduler_extra_pod_annotations = { "hub.jupyter.org/username": user.name, "prometheus.io/scrape": "true", From 3a736e0b938ffb9346f8cd14c24bcff57855b567 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 2 Nov 2023 15:55:09 +0100 Subject: [PATCH 019/494] daskhub: add note about not being prepared for AKS yet --- helm-charts/daskhub/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index e1aa202cde..b50ff2fba6 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -204,6 +204,11 @@ dask-gateway: instance_types = { "gke": ["n2-highmem-16"], "eks": ["r5.4xlarge"], + # 2i2c doesn't yet manage any dask-gateway installations on AKS, so + # this hasn't been configured yet and may cause an error - but that + # is good as we really should have this if we setup dask-gateway for + # AKS anyhow. + # aks: [], } resource_allocations = { # n2-highmem-16 nodes in our clusters have 15.89 allocatable cores From 0af97a37ba74d71cc6427e0e6537f5de5d34747b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 2 Nov 2023 16:03:20 +0100 Subject: [PATCH 020/494] daskhub: add note about origin of data for resource allocation choices --- helm-charts/daskhub/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index b50ff2fba6..f482f2114f 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -210,6 +210,11 @@ dask-gateway: # AKS anyhow. # aks: [], } + + # NOTE: Data mentioned below comes from manual inspection of data + # collected and currently only available at + # https://github.com/2i2c-org/infrastructure/pull/3337. + # resource_allocations = { # n2-highmem-16 nodes in our clusters have 15.89 allocatable cores # and 116.549Gi allocatable memory, and daemonset are expected to From 8b9f12eb83af26b145db72f0c2d17f84123dfae1 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 2 Nov 2023 16:08:28 +0100 Subject: [PATCH 021/494] daskhub: configure idle timeout in minutes --- helm-charts/daskhub/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index f482f2114f..9b156d135f 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -293,7 +293,7 @@ dask-gateway: "worker_memory": picked_ra["worker_memory"], "worker_memory_limit": picked_ra["worker_memory_limit"], "environment": options.environment, - "idle_timeout": options.idle_timeout, + "idle_timeout": options.idle_timeout_minutes * 60, } return Options( Select( @@ -313,7 +313,7 @@ dask-gateway: # the jupyterhub user pods String("image", label="Image"), Mapping("environment", {}, label="Environment variables (YAML)"), - Integer("idle_timeout", 1800, min=0, label="Idle cluster terminated after (seconds)"), + Integer("idle_timeout_minutes", 30, min=0, label="Idle cluster terminated after (minutes)"), handler=option_handler, ) c.Backend.cluster_options = cluster_options From 8ac8085693806c4ce44c2d0076ba09145fdff2e7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 2 Nov 2023 16:08:58 +0100 Subject: [PATCH 022/494] daskhub: add note about keeping idle_timeout's default in sync --- helm-charts/daskhub/values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index 9b156d135f..202d220105 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -318,8 +318,9 @@ dask-gateway: ) c.Backend.cluster_options = cluster_options - idle: | - # timeout after 30 minutes of inactivity + # timeout after 30 minutes of inactivity by default, keep this in sync + # with the user exposed option idle_timeout_minutes's default value + # configured above c.KubeClusterConfig.idle_timeout = 1800 prefix: "/services/dask-gateway" # Users connect to the Gateway through the JupyterHub service. auth: From cb36d1db62c4370a035319f2ed2375342a5a2f19 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 21 Nov 2023 00:41:19 +0100 Subject: [PATCH 023/494] eksctl: set nodegroup name based on namePrefix, nameBase, and nameSuffix --- eksctl/libsonnet/nodegroup.jsonnet | 64 ++++++++++++++++++++---------- eksctl/template.jsonnet | 18 ++++----- 2 files changed, 50 insertions(+), 32 deletions(-) diff --git a/eksctl/libsonnet/nodegroup.jsonnet b/eksctl/libsonnet/nodegroup.jsonnet index 63cd61f3a2..8fe1e2fb5c 100644 --- a/eksctl/libsonnet/nodegroup.jsonnet +++ b/eksctl/libsonnet/nodegroup.jsonnet @@ -1,34 +1,54 @@ -// This file is referenced by ../template.jsonnet. It declares an object -// representing a node group that is used as a common foundation for all -// our node groups. -// +/* + This file is imported by ../template.jsonnet and its generated files. -// Make Auto Scaling Group (ASG) tags for given set of k8s labels -local makeCloudLabels(labels) = { - ['k8s.io/cluster-autoscaler/node-template/label/%s' % key]: labels[key] - for key in std.objectFields(labels) -}; + Exports an object representing a node group's default fields, and is supposed + to be merged with other objects. -# Make ASG tags for given set of k8s taints -local makeCloudTaints(taints) = { - ['k8s.io/cluster-autoscaler/node-template/taint/%s' % key]: taints[key] - for key in std.objectFields(taints) -}; + Note that the "name" output field is declared to be calculated based on hidden + fields that objects merging into this can influence. +*/ +// Exported object { - name: '', + // If using spot instances where a Auto Scaling Group (ASG) has multiple + // instances associated with it, label using the first instance type. + // FIXME: Clarify the limitations of picking one of multiple instance types + local instanceType = if 'instanceType' in $ then $.instanceType else $.instancesDistribution.instanceTypes[0], + local escapedInstanceType = std.strReplace(instanceType, ".", "-"), + + // The cluster autoscaler reads specific tags on a Auto Scaling Group's default + // launch template version about the k8s labels and taints that the node group + // has in order to correctly pick the right node group to scale up. These tags + // can't be changed. + local caLabelTags(labels) = { + ['k8s.io/cluster-autoscaler/node-template/label/%s' % key]: labels[key] + for key in std.objectFields(labels) + }, + local caTaintTags(taints) = { + ['k8s.io/cluster-autoscaler/node-template/taint/%s' % key]: taints[key] + for key in std.objectFields(taints) + }, + local tags = caLabelTags(self.labels) + caTaintTags(self.taints), + + local nameParts = [self.namePrefix, self.nameBase, self.nameSuffix], + + // Hidden fields (due to ::) are used as inputs from merged objects to compute + // output fields + namePrefix:: "", + nameIncludeInstanceType:: true, + nameBase:: if self.nameIncludeInstanceType then escapedInstanceType else "", + nameSuffix:: "", + preventScaleUp:: false, + + // Output fields + name: std.join("-", std.filter(function(x) x != "", nameParts)), availabilityZones: [], minSize: 0, desiredCapacity: self.minSize, volumeSize: 80, - labels+: { - // Add instance type as label to nodegroups, so they - // can be picked up by the autoscaler. If using spot instances, - // pick the first instancetype - 'node.kubernetes.io/instance-type': if std.objectHas($, 'instanceType') then $.instanceType else $.instancesDistribution.instanceTypes[0], - }, + labels+: { 'node.kubernetes.io/instance-type': instanceType }, taints+: {}, - tags+: makeCloudLabels(self.labels) + makeCloudTaints(self.taints), + tags+: tags, iam: { withAddonPolicies: { autoScaler: true, diff --git a/eksctl/template.jsonnet b/eksctl/template.jsonnet index 537e08d520..6a4502c29c 100644 --- a/eksctl/template.jsonnet +++ b/eksctl/template.jsonnet @@ -96,8 +96,10 @@ local daskNodes = []; }, ], nodeGroups: [ - ng { - name: 'core-a', + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/<< cluster_name >>.key.pub' @@ -111,10 +113,8 @@ local daskNodes = []; }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: 'nb', availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -133,10 +133,8 @@ local daskNodes = []; } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: 'dask', availabilityZones: [nodeAz], minSize: 0, maxSize: 500, From edb83dd9083952f3bdcd87113075f43cf8165cda Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 21 Nov 2023 01:53:21 +0100 Subject: [PATCH 024/494] eksctl: systematically update projects' jsonnet files --- eksctl/2i2c-aws-us.jsonnet | 18 ++++++++---------- eksctl/carbonplan.jsonnet | 18 ++++++++---------- eksctl/catalystproject-africa.jsonnet | 18 ++++++++---------- eksctl/gridsst.jsonnet | 18 ++++++++---------- eksctl/jupyter-meets-the-earth.jsonnet | 18 ++++++++---------- eksctl/nasa-cryo.jsonnet | 18 ++++++++---------- eksctl/nasa-ghg.jsonnet | 18 ++++++++---------- eksctl/nasa-veda.jsonnet | 18 ++++++++---------- eksctl/openscapes.jsonnet | 18 ++++++++---------- eksctl/smithsonian.jsonnet | 18 ++++++++---------- eksctl/ubc-eoas.jsonnet | 18 ++++++++---------- eksctl/victor.jsonnet | 18 ++++++++---------- 12 files changed, 96 insertions(+), 120 deletions(-) diff --git a/eksctl/2i2c-aws-us.jsonnet b/eksctl/2i2c-aws-us.jsonnet index 167d2940d0..4d09a164b6 100644 --- a/eksctl/2i2c-aws-us.jsonnet +++ b/eksctl/2i2c-aws-us.jsonnet @@ -84,8 +84,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-b', + ng + { + namePrefix: 'core', + nameSuffix: 'b', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/2i2c-aws-us.key.pub' @@ -99,10 +101,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -122,10 +122,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/carbonplan.jsonnet b/eksctl/carbonplan.jsonnet index 17bde1ac8f..7064246d0b 100644 --- a/eksctl/carbonplan.jsonnet +++ b/eksctl/carbonplan.jsonnet @@ -101,8 +101,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-a', + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/carbonplan.key.pub' @@ -116,10 +118,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -138,10 +138,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/catalystproject-africa.jsonnet b/eksctl/catalystproject-africa.jsonnet index 32f23e1153..e666160685 100644 --- a/eksctl/catalystproject-africa.jsonnet +++ b/eksctl/catalystproject-africa.jsonnet @@ -65,8 +65,10 @@ local daskNodes = []; }, ], nodeGroups: [ - ng { - name: 'core-a', + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/catalystproject-africa.key.pub' @@ -80,10 +82,8 @@ local daskNodes = []; }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -102,10 +102,8 @@ local daskNodes = []; } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/gridsst.jsonnet b/eksctl/gridsst.jsonnet index b39b5f7f4c..63d7fab420 100644 --- a/eksctl/gridsst.jsonnet +++ b/eksctl/gridsst.jsonnet @@ -94,8 +94,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-b', + ng + { + namePrefix: 'core', + nameSuffix: 'b', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/gridsst.key.pub' @@ -109,10 +111,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: n.minSize, maxSize: 500, @@ -130,10 +130,8 @@ local daskNodes = [ }, } + n for n in notebookNodes ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/jupyter-meets-the-earth.jsonnet b/eksctl/jupyter-meets-the-earth.jsonnet index ceca855558..17bce3787c 100644 --- a/eksctl/jupyter-meets-the-earth.jsonnet +++ b/eksctl/jupyter-meets-the-earth.jsonnet @@ -108,8 +108,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-b', + ng + { + namePrefix: 'core', + nameSuffix: 'b', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/jupyter-meets-the-earth.key.pub' @@ -123,10 +125,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -145,10 +145,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/nasa-cryo.jsonnet b/eksctl/nasa-cryo.jsonnet index b36552cd0c..37fdfa979e 100644 --- a/eksctl/nasa-cryo.jsonnet +++ b/eksctl/nasa-cryo.jsonnet @@ -89,8 +89,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-b', + ng + { + namePrefix: 'core', + nameSuffix: 'b', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/nasa-cryo.key.pub' @@ -104,10 +106,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -126,10 +126,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/nasa-ghg.jsonnet b/eksctl/nasa-ghg.jsonnet index a0a5749574..63983a7570 100644 --- a/eksctl/nasa-ghg.jsonnet +++ b/eksctl/nasa-ghg.jsonnet @@ -77,8 +77,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-a', + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/nasa-ghg.key.pub' @@ -92,10 +94,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -114,10 +114,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/nasa-veda.jsonnet b/eksctl/nasa-veda.jsonnet index b1b2b0a8ee..c7147b6177 100644 --- a/eksctl/nasa-veda.jsonnet +++ b/eksctl/nasa-veda.jsonnet @@ -78,8 +78,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-a', + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/nasa-veda.key.pub' @@ -93,10 +95,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -115,10 +115,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/openscapes.jsonnet b/eksctl/openscapes.jsonnet index 13262155a2..a66541f19c 100644 --- a/eksctl/openscapes.jsonnet +++ b/eksctl/openscapes.jsonnet @@ -92,8 +92,10 @@ local daskNodes = [ }, ], nodeGroups: [n + {clusterName:: $.metadata.name} for n in [ - ng { - name: 'core-b', + ng + { + namePrefix: 'core', + nameSuffix: 'b', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/openscapes.key.pub' @@ -112,10 +114,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -133,10 +133,8 @@ local daskNodes = [ }, } + n for n in notebookNodes ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/smithsonian.jsonnet b/eksctl/smithsonian.jsonnet index 300e0b2893..d24aa33500 100644 --- a/eksctl/smithsonian.jsonnet +++ b/eksctl/smithsonian.jsonnet @@ -83,8 +83,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-b', + ng + { + namePrefix: 'core', + nameSuffix: 'b', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/smithsonian.key.pub' @@ -98,10 +100,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -120,10 +120,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/ubc-eoas.jsonnet b/eksctl/ubc-eoas.jsonnet index 67ff4325f0..9cc16594eb 100644 --- a/eksctl/ubc-eoas.jsonnet +++ b/eksctl/ubc-eoas.jsonnet @@ -67,8 +67,10 @@ local daskNodes = []; }, ], nodeGroups: [ - ng { - name: 'core-a', + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/ubc-eoas.key.pub' @@ -87,10 +89,8 @@ local daskNodes = []; }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -110,10 +110,8 @@ local daskNodes = []; } + n for n in notebookNodes ] + ( if daskNodes != null then [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, diff --git a/eksctl/victor.jsonnet b/eksctl/victor.jsonnet index 7f3633cee5..ed873e1e2e 100644 --- a/eksctl/victor.jsonnet +++ b/eksctl/victor.jsonnet @@ -82,8 +82,10 @@ local daskNodes = [ }, ], nodeGroups: [ - ng { - name: 'core-a', + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, availabilityZones: [nodeAz], ssh: { publicKeyPath: 'ssh-keys/victor.key.pub' @@ -97,10 +99,8 @@ local daskNodes = [ }, }, ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + ng + { + namePrefix: "nb", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, @@ -119,10 +119,8 @@ local daskNodes = [ } + n for n in notebookNodes ] + [ - ng { - // NodeGroup names can't have a '.' in them, while - // instanceTypes always have a . - name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + ng + { + namePrefix: "dask", availabilityZones: [nodeAz], minSize: 0, maxSize: 500, From 8c52d19a0addba475c3d037e1e8748afbd937b7f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 21 Nov 2023 13:21:28 +0000 Subject: [PATCH 025/494] Add an index file for other-hub-ops/move-hubs subfolder --- docs/hub-deployment-guide/hubs/other-hub-ops/index.md | 2 +- .../hubs/other-hub-ops/move-hubs/index.md | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/index.md diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/index.md b/docs/hub-deployment-guide/hubs/other-hub-ops/index.md index 25d96618d3..c1a4a925c2 100644 --- a/docs/hub-deployment-guide/hubs/other-hub-ops/index.md +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/index.md @@ -6,6 +6,6 @@ They also cover more specific use-cases for special infrastructure set-ups. ```{toctree} :maxdepth: 2 manual-deploy.md -move-hub.md +move-hubs/index.md delete-hub.md ``` diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/index.md b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/index.md new file mode 100644 index 0000000000..c504146aef --- /dev/null +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/index.md @@ -0,0 +1,7 @@ +# Moving Hubs + +```{toctree} +:maxdepth: 2 +new-url.md +across-clusters.md +``` From 7fecc08f0deb56de6d431e0061dfd788b313fb5b Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 21 Nov 2023 13:21:50 +0000 Subject: [PATCH 026/494] Write up process for moving a hub to a new URL --- .../hubs/other-hub-ops/move-hubs/new-url.md | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/new-url.md diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/new-url.md b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/new-url.md new file mode 100644 index 0000000000..23aea2edbe --- /dev/null +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/new-url.md @@ -0,0 +1,50 @@ +# Move a Hub to a new URL + +Sometimes we may want to change the URL and naming convention of a hub +we have deployed, e.g., renaming the previous 'researchdelight' hub to 'showcase' . + +1. Rename config files and update file references + + Our [naming conventions](config) mean that we have config files in the + form `.values.yaml` and these are explicitly listed as a hub + entry within the associated `cluster.yaml` file where the hub is + deployed. These files should be renamed `.values.yaml` + --> `.values.yaml` and updated in the associated + `cluster.yaml` file. + +1. Update instance of the old hub name _within_ the config files + + This will mostly be related to URLs, e.g., `jupyterhub.ingress.hosts` and OAuth callback URLs for authentication. + + ```{attention} + Some variables, e.g. references to scratch buckets or kubernetes + annotations, may remain the same, unless you also update the related + terraform config. This is optional, and only recommended if consistency + of the scratch bucket names is crucial for the community. + ``` + +1. Update any instances of the old hub name in the `cluster.yaml` file + + ```{warning} + If the `name` field is changed (as opposed to only the `display_name` + field), this will cause the deployer/helm to deploy a new hub under a + new namespace bearing the new hubname. The namespace bearing the old + hub name will continue to exist and will need cleaning up manually, + since helm does not have the concept of renaming a namespace. + Depending on how different the new name is from the old, this is a + judgment call to make. + ``` + +1. [Add a redirect](domain-redirects) from the old URL to the new one + +1. Open a Pull Request with the changes for review + +1. Once the PR has been approved: + + 1. Update A/CNAME records in Namecheap for the new URL + 1. Update the relevant OAuth app for the new URL + 1. Merge the PR + +1. If you also changed the `name` field within the + `cluster.yaml` file, [delete the old hub namespace in helm](delete-a-hub). It is recommended to + [migrate the data](copy-home-dirs) first. From 223b128b410a7f3201c152cc692b95812da7d673 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 21 Nov 2023 13:22:11 +0000 Subject: [PATCH 027/494] Add some myst references --- docs/howto/manage-domains/redirects.md | 1 + docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md | 1 + .../hubs/other-hub-ops/move-hubs/across-clusters.md | 1 + 3 files changed, 3 insertions(+) diff --git a/docs/howto/manage-domains/redirects.md b/docs/howto/manage-domains/redirects.md index 6c527c399a..9e22d87f64 100644 --- a/docs/howto/manage-domains/redirects.md +++ b/docs/howto/manage-domains/redirects.md @@ -1,3 +1,4 @@ +(domain-redirects)= # Setup Domain Redirects Sometimes, when we move a hub, we want to redirect users from the diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md b/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md index 85d24172ff..a1c91b52da 100644 --- a/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md @@ -1,3 +1,4 @@ +(delete-a-hub)= # Delete a hub If you'd like to delete a hub, there are a few steps that we need to take: diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md index 11fa244b46..d8bb00f782 100644 --- a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md @@ -8,6 +8,7 @@ to ensure data is preserved. Setup [a new hub](../../../topic/infrastructure/config.md) in the target cluster, mimicking the config of the old hub as much as possible. +(copy-home-dirs)= ## 2. Copy home directories Next, copy home directory contents from the old cluster to the new cluster. From f1b7c8a5dd868a46f74e227902fcb82fd014de0c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 21 Nov 2023 14:34:31 +0100 Subject: [PATCH 028/494] eksctl: refine comments in nodegroup.jsonnet --- eksctl/libsonnet/nodegroup.jsonnet | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/eksctl/libsonnet/nodegroup.jsonnet b/eksctl/libsonnet/nodegroup.jsonnet index 8fe1e2fb5c..fded775cca 100644 --- a/eksctl/libsonnet/nodegroup.jsonnet +++ b/eksctl/libsonnet/nodegroup.jsonnet @@ -10,10 +10,15 @@ // Exported object { - // If using spot instances where a Auto Scaling Group (ASG) has multiple - // instances associated with it, label using the first instance type. - // FIXME: Clarify the limitations of picking one of multiple instance types + // Note that spot instances configured via an Auto Scaling Group (ASG) can have + // multiple instance types associated with it (with the same CPU/RAM/GPU), we + // label them using the first instance type in the ASG as a compromise. + // + // More details at: + // https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#using-mixed-instances-policies-and-spot-instances + // local instanceType = if 'instanceType' in $ then $.instanceType else $.instancesDistribution.instanceTypes[0], + // NodeGroup names can't have a '.' in them as instanceTypes has local escapedInstanceType = std.strReplace(instanceType, ".", "-"), // The cluster autoscaler reads specific tags on a Auto Scaling Group's default From 16a687abba979a4bbdfff8aaa7effde920189f74 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 21 Nov 2023 15:14:08 +0100 Subject: [PATCH 029/494] nasa-cryo: phase out outdated node pool to finalize k8s upgrade --- eksctl/nasa-cryo.jsonnet | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/eksctl/nasa-cryo.jsonnet b/eksctl/nasa-cryo.jsonnet index 37fdfa979e..592135f026 100644 --- a/eksctl/nasa-cryo.jsonnet +++ b/eksctl/nasa-cryo.jsonnet @@ -25,9 +25,11 @@ local nodeAz = "us-west-2a"; // A `node.kubernetes.io/instance-type label is added, so pods // can request a particular kind of node with a nodeSelector local notebookNodes = [ - # FIXME: The r5.xlarge node group is still at version 1.25 and should be - # upgraded by deleting it and adding it back when possible. + # FIXME: Delete the r5.xlarge node group when empty. It has an old k8s + # version and is tainted to prevent it from scaling up or scheduling + # new pods on it. { instanceType: "r5.xlarge" }, + { instanceType: "r5.xlarge", nameSuffix: "b" }, { instanceType: "r5.4xlarge" }, { instanceType: "r5.16xlarge" }, { From bf901e7509b8200fe1e5a84ef24d398ea8d52a15 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Nov 2023 12:45:56 +0200 Subject: [PATCH 030/494] Split the logs section --- docs/howto/troubleshoot/index.md | 2 +- docs/howto/troubleshoot/{logs.md => logs/cloud-logs.md} | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) rename docs/howto/troubleshoot/{logs.md => logs/cloud-logs.md} (95%) diff --git a/docs/howto/troubleshoot/index.md b/docs/howto/troubleshoot/index.md index a4dbad1aba..c5f59a6dd5 100644 --- a/docs/howto/troubleshoot/index.md +++ b/docs/howto/troubleshoot/index.md @@ -5,7 +5,7 @@ issues that may arise. ```{toctree} :maxdepth: 2 -logs.md +logs/index.md ssh.md prometheus.md cilogon-user-accounts.md diff --git a/docs/howto/troubleshoot/logs.md b/docs/howto/troubleshoot/logs/cloud-logs.md similarity index 95% rename from docs/howto/troubleshoot/logs.md rename to docs/howto/troubleshoot/logs/cloud-logs.md index 40117f86f2..bd185253e3 100644 --- a/docs/howto/troubleshoot/logs.md +++ b/docs/howto/troubleshoot/logs/cloud-logs.md @@ -1,10 +1,6 @@ (howto-troubleshoot:cloud-logs)= -# Look at logs to troubleshoot issues - -Looking at and interpreting logs produced by various components is the easiest -way to debug most issues, and should be the first place to look at when issues -are reported. +# Cloud specific logs This page describes how to look at various logs in different cloud providers. From de7820ef809627ebb42c016451b38fbda997303f Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Nov 2023 16:45:31 +0200 Subject: [PATCH 031/494] Add a new docs page about kubectl lgos --- docs/howto/troubleshoot/logs/cloud-logs.md | 2 +- docs/howto/troubleshoot/logs/index.md | 14 ++ docs/howto/troubleshoot/logs/kubectl-logs.md | 155 +++++++++++++++++++ 3 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 docs/howto/troubleshoot/logs/index.md create mode 100644 docs/howto/troubleshoot/logs/kubectl-logs.md diff --git a/docs/howto/troubleshoot/logs/cloud-logs.md b/docs/howto/troubleshoot/logs/cloud-logs.md index bd185253e3..b88e09ae88 100644 --- a/docs/howto/troubleshoot/logs/cloud-logs.md +++ b/docs/howto/troubleshoot/logs/cloud-logs.md @@ -1,6 +1,6 @@ (howto-troubleshoot:cloud-logs)= -# Cloud specific logs +# Cloud specific logging This page describes how to look at various logs in different cloud providers. diff --git a/docs/howto/troubleshoot/logs/index.md b/docs/howto/troubleshoot/logs/index.md new file mode 100644 index 0000000000..868699ea11 --- /dev/null +++ b/docs/howto/troubleshoot/logs/index.md @@ -0,0 +1,14 @@ +# Look at logs to troubleshoot issues + +Looking at and interpreting logs produced by various components is the easiest +way to debug most issues, and should be the first place to look at when issues +are reported. + +This page describes how to look at various logs in different cloud providers or +by using cloud-agnostic kubectl and deployer commands. + +```{toctree} +:maxdepth: 2 +cloud-logs +kubectl-logs +``` diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md new file mode 100644 index 0000000000..ff5ad2eb34 --- /dev/null +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -0,0 +1,155 @@ +(howto-troubleshoot:kubectl-logs)= +# Kubectl logging + +This page describes how to look at various logs by using some deployer commands that wrap the most common kubectl commands or by using kubectl directly. + +## Look at logs via deployer sub-commands + +There are some `deployer debug` sub-commands that wrap up the most relevant `kubectl logs` arguments that allow conveniently checking logs with only one command. + +### Look at hub component logs + +The JupyterHub components's logs can be fetched with the `deployer debug component-logs` command, ran for each hub component. + +These commands are standalone and **don't require** running `deployer use-cluster-credentials` before. + +```{tip} +1. The `--no-follow` flag + + You can pass `--no-follow` to each of the deployer commands below to provide just logs up to the current point in time and then stop. + +2. The `--previous` flag + + If the pod has restarted due to an error, you can pass `--previous` to look at the logs of the pod prior to the last restart. +``` + +#### Hub pod logs +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME hub +``` + +#### Proxy pod logs +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME proxy +``` + +#### Traefik pod logs +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME traefik +``` + +### Look at dask-gateway logs + +Display the logs from the dask-gateway's most important component pods. + +#### Dask-gateway-api pod logs +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME dask-gateway-api +``` + +#### Dask-gateway-controller pod logs +```bash +deployer debug component-logs $CLUSTER_NAME $HUB_NAME dask-gateway-controller +``` + +### Look at a specific user's logs + +Display logs from the notebook pod of a given user with the following command: + +```bash +deployer debug user-logs $CLUSTER_NAME $HUB_NAME +``` + +Note that you don't need the *escaped* username, with this command. + +## Look at logs via kubectl + +### Pre-requisites + +Get the name of the cluster you want to debug and export its name as and env vars. Then use the `deployer` to gain `kubectl` access into this specific cluster. + +Example: + +```bash +export CLUSTER_NAME=2i2c; +deployer use-cluster-credentials $CLUSTER_NAME +``` + +### Kubernetes autoscaler logs + +You can find scale up or scale down events by looking for decision events + +``` +kubectl describe -n kube-system configmap cluster-autoscaler-status +``` + +### Kubernetes node events and status + +1. Running nodes and their status + ```bash + kubectl get nodes + ``` + +2. Get a node's events from the past 1h + ```bash + kubectl get events --field-selector involvedObject.kind=Node --field-selector involvedObject.name= + ``` + +3. Describe a node and any related events + ```bash + kubectl describe node --show-events=true + ``` + +### Kubernetes pod events and status +1. Running pods in a namespace and their status + ```bash + kubectl get pods -n + ``` + +2. Running pods in all namespaces of the cluster and their status + ```bash + kubectl get pods --all-namespaces + ``` + +3. Get a pod's events from the past 1h + ```bash + kubectl get events --field-selector involvedObject.kind=Pod --field-selector involvedObject.name= + ``` + +4. Describe a pod and any related events + ```bash + kubectl describe pod --show-events=true + ``` + +### Kubernetes pod logs +You can access any pod's logs by using the `kubectl logs` commands. Bellow are some of the most common debugging commands. + +```{tip} +1. The `--no-follow` flag + + You can pass `--no-follow` to each of the `kubectl logs` command below to provide just logs up to the current point in time and then stop. + +2. The `--previous` flag + + If the pod has restarted due to an error, you can pass `--previous` to look at the logs of the pod prior to the last restart. +``` + +1. Print the logs of a pod + ```bash + kubectl logs --namespace + ``` + +2. Print the logs for a container in a pod + ```bash + kubectl logs -c --namespace + ``` + +3. View the logs for a previously failed pod + ```bash + kubectl logs --previous --namespace + ``` + +4. View the logs for all containers in a pod + ```bash + kubectl logs --all-containers --namespace + ``` \ No newline at end of file From ad30f47b0f0975294d1984fd2e0847cb756e00b3 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 21 Nov 2023 17:04:28 +0200 Subject: [PATCH 032/494] Reference the new logs category --- .../timeboxed-initial-ticket-evaluation.md | 146 ++---------------- 1 file changed, 16 insertions(+), 130 deletions(-) diff --git a/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md b/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md index 77f27c4671..f4747661f2 100644 --- a/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md +++ b/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md @@ -8,20 +8,23 @@ The next sections represents an incomplete initial checklist that the support tr The steps to follow depend greatly on the type of ticket. To simplify, only three big ticket categories will be addressed. -```{list-table} Category 1: [](something-is-not-working) -:name: steps-table -:widths: 30 30 -:header-rows: 1 -* - [](something-is-not-working:app-logs) - - [](something-is-not-working:infra-logs) -* - ☑[](something-is-not-working:app-logs:check-component) - - ☑[](something-is-not-working:infra-logs:via-kubectl) -* - ☑[](something-is-not-working:app-logs:check-user) - - ☑[](something-is-not-working:infra-logs:via-ui) +(something-is-not-working)= +## Category 1: Something is not working + +```{important} +If something is not working, you might be dealing with an incident, so depending on the scale of the issue and its nature, you might want to consider following the [Incident Response Process](https://compass.2i2c.org/projects/managed-hubs/incidents/#incident-response-process). ``` -```{list-table} Category 2: [](new-feature-request) +1. ✅ Ask for any additional info might be needed +1. ✅ Check the [](howto-troubleshoot:kubectl-logs) +1. ✅ Check the [](howto-troubleshoot:cloud-logs) +1. ✅ Save any of the logs that look useful +1. ✅ Check if there's any of the issues described at [](troubleshooting) + 1. ❌ If not, then open a new GitHub issue, sharing as much context from the previous steps as possible and continue with the [non-incident response process](https://compass.2i2c.org/projects/managed-hubs/support/#non-incident-response-process) + +## Category 2: New feature requested +```{list-table} :widths: 30 :header-rows: 1 @@ -30,8 +33,8 @@ The steps to follow depend greatly on the type of ticket. To simplify, only thre * - ▫️ No? Then open a GitHub tracking issue about it and continue following the non-incident process. ``` - -```{list-table} Category 3: [](technical-advice) +## Category 3: Technical advice +```{list-table} :widths: 30 :header-rows: 1 @@ -39,120 +42,3 @@ The steps to follow depend greatly on the type of ticket. To simplify, only thre * - ☑ Yes? Then answer the ticket. * - ▫️ No? Then open a GitHub tracking issue about it and continue following the non-incident process ``` - -(something-is-not-working)= -## Something is not working - -````{important} -If something is not working, you might be dealing with an incident, so depending on the scale of the issue and its nature, you might want to consider following the [Incident Response Process](https://compass.2i2c.org/projects/managed-hubs/incidents/#incident-response-process). - -```{list-table} Checklist when something is not working if not an incident -:widths: 30 -:header-rows: 0 -* - ☑ ask any additional info -* - ☑ [check the logs](#steps-table) -* - ☑ save the ones that look "interesting" -* - ☑ identify if it's any of the issues described at [](troubleshooting) -``` -```` - -(something-is-not-working:app-logs)= -### Check the logs at the application level - -Get the name of the cluster and hub you want to debug and export their names as env vars. Example: - -```bash -export CLUSTER_NAME=2i2c; export HUB_NAME=staging -``` - -```{note} -You can pass `--no-follow` to each of the commands below to provide just logs up to the current point in time and then stop. If the pod has restarted due to an error, you can pass `--previous` to look at the logs of the pod prior to the last restart. -``` -(something-is-not-working:app-logs:check-component)= -#### Component logs - -Get the logs of each component or the ones you suspect might have useful info - -```bash -deployer debug component-logs $CLUSTER_NAME $HUB_NAME hub -``` - -```bash -deployer debug component-logs $CLUSTER_NAME $HUB_NAME proxy -``` - -```bash -deployer debug component-logs $CLUSTER_NAME $HUB_NAME dask-gateway-api -``` - -```bash -deployer debug component-logs $CLUSTER_NAME $HUB_NAME dask-gateway-controller -``` - -```bash -deployer debug component-logs $CLUSTER_NAME $HUB_NAME traefik -``` - -(something-is-not-working:app-logs:check-user)= -#### User logs - -Display logs from the notebook pod of a given user: - -```bash -deployer debug user-logs $CLUSTER_NAME $HUB_NAME -``` - -(something-is-not-working:infra-logs)= -### Check the logs at the infrastructure level - -(something-is-not-working:infra-logs:via-kubectl)= -#### Using `kubectl` - -1. Authenticate into the desired cluster using the deployer's credentials and pop a new shell there. - - ```bash - deployer use-cluster-credentials $CLUSTER_NAME - ``` - -2. Execute the desired `kubectl` commands into this shell - - - Get current running nodes and their status - ```bash - kubectl get nodes - ``` - - Get the most important events in a given namespace - ```bash - kubectl get events -n - ``` - - Get the most important events in all namespaces of the cluster - ```bash - kubectl get events --all-namespaces - ``` - - Get all the running pods in a namespace and their status - ```bash - kubectl get pods -n - ``` - - Get all the running pods in all namespaces of the cluster - ```bash - kubectl get pods --all-namespaces - ``` - -(something-is-not-working:infra-logs:via-ui)= -#### [Accessing the cloud provider's UI](howto-troubleshoot:cloud-logs). - -(new-feature-request)= -## New feature requested - -```{important} -Q: Is the feature something that already exist and documented at [](hub-features)? -A: Yes? Then enable it after checking it is in the scope of the contract. -``` - -(technical-advice)= -## Technical advice - -```{important} -Q: Is the question about an area where the support triager has insight into? -A: Yes? Then answer the ticket - No? Then open a GitHub tracking issue about it and continue following the non-incident process. -``` From a4002651a9af3d5a39ad0cc3537ce4adcbea52dd Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Nov 2023 11:00:12 +0200 Subject: [PATCH 033/494] Mention more flags --- docs/howto/troubleshoot/logs/kubectl-logs.md | 21 +++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md index ff5ad2eb34..aeebeff9f4 100644 --- a/docs/howto/troubleshoot/logs/kubectl-logs.md +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -5,7 +5,14 @@ This page describes how to look at various logs by using some deployer commands ## Look at logs via deployer sub-commands -There are some `deployer debug` sub-commands that wrap up the most relevant `kubectl logs` arguments that allow conveniently checking logs with only one command. +There are some `deployer debug` sub-commands that wrap up the most relevant `kubectl logs` arguments that allow conveniently checking logs with only one command. + +````{tip} +You can export the cluster's and hub's names as environmental variables to directly use the copy-pasted commands in the sections below. + +```bash +export CLUSTER_NAME=2i2c; export HUB_NAME=staging +```` ### Look at hub component logs @@ -125,13 +132,21 @@ kubectl describe -n kube-system configmap cluster-autoscaler-status You can access any pod's logs by using the `kubectl logs` commands. Bellow are some of the most common debugging commands. ```{tip} -1. The `--no-follow` flag +1. The `--follow` flag - You can pass `--no-follow` to each of the `kubectl logs` command below to provide just logs up to the current point in time and then stop. + You can pass the `--follow` flag to each of the `kubectl logs` command below to stream the logs as they are happening, otherwise, they will just be presented up to the current point in time and then stop. 2. The `--previous` flag If the pod has restarted due to an error, you can pass `--previous` to look at the logs of the pod prior to the last restart. + +3. The `--tail` flag + + With `--tail=` flag you can pass the number of lines of recent log file to display, otherwise, it will show all log lines. + +4. The `--since` flag + + This flag can be used like `--since=1h` to only return logs newer than 1h in this case, or any other relative duration like 5s, 2m, or 3h. ``` 1. Print the logs of a pod From ca11fb13259a42a4dc3713a2eaa4777486d47354 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Nov 2023 12:51:47 +0200 Subject: [PATCH 034/494] Add info about the Azure and Amazon --- docs/howto/troubleshoot/logs/cloud-logs.md | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/howto/troubleshoot/logs/cloud-logs.md b/docs/howto/troubleshoot/logs/cloud-logs.md index b88e09ae88..6acdb4afd4 100644 --- a/docs/howto/troubleshoot/logs/cloud-logs.md +++ b/docs/howto/troubleshoot/logs/cloud-logs.md @@ -151,3 +151,39 @@ labels.k8s-pod/component="singleuser-server" resource.labels.namespace_name="" textPayload=~"some-string" ``` + +## Microsoft Azure + +On Azure, the logs produced by all containers and other components are sent to [Microsoft Azure Monitoring](https://learn.microsoft.com/en-us/azure/azure-monitor/overview), if the service is configured. + +### Accessing the Azure Monitoring + +Go to the [Azure Monitoring, container Insights](https://portal.azure.com/#view/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/~/containerInsights) section on your browser. + +Check if your cluster is in the list of monitored clusters. + +If yes, then you can go the the [logs section](https://portal.azure.com/#view/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/~/logs) and run queries on this data. + +Otherwise, it means that Azure Monitoring was not setup for your cluster and you are not able to access container logs from the portal. + +```{note} +Azure Monitoring is not configured on any of the 2i2c Azure clusters (i.e. the utoronto `hub-cluster`). +``` + +## Amazon AWS https://aws.amazon.com/cloudwatch/ + +On Amazon, the logs produced by all containers and other components are sent to [Amazon Cloud Watch](https://aws.amazon.com/cloudwatch), if the service is configured. + +### Accessing the CloudWatch + +Go to the [Amazon CloudWatch](https://console.aws.amazon.com/cloudwatch) section on your browser. + +Check if `Application Insights` was configured for the desired aws account and cluster. + +If yes, then you can go the the [logs section](https://ca-central-1.console.aws.amazon.com/cloudwatch/home?region=ca-central-1#logsV2:logs-insights) and run queries on the data generated by the cluster. + +Otherwise, it means that Cloud Watch was not setup for your cluster and you are not able to access the logs from the console. + +```{note} +Amazon CloudWatch is not configured on the 2i2c Amazon clusters. +``` \ No newline at end of file From 2c604d2d4dfe823a2a630c2ee973b3ea81d90b61 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Nov 2023 12:55:42 +0200 Subject: [PATCH 035/494] Rm unused link --- docs/howto/troubleshoot/logs/cloud-logs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/troubleshoot/logs/cloud-logs.md b/docs/howto/troubleshoot/logs/cloud-logs.md index 6acdb4afd4..0ae81887b5 100644 --- a/docs/howto/troubleshoot/logs/cloud-logs.md +++ b/docs/howto/troubleshoot/logs/cloud-logs.md @@ -170,7 +170,7 @@ Otherwise, it means that Azure Monitoring was not setup for your cluster and you Azure Monitoring is not configured on any of the 2i2c Azure clusters (i.e. the utoronto `hub-cluster`). ``` -## Amazon AWS https://aws.amazon.com/cloudwatch/ +## Amazon AWS On Amazon, the logs produced by all containers and other components are sent to [Amazon Cloud Watch](https://aws.amazon.com/cloudwatch), if the service is configured. From aa37e6e819271bd1146cf43130f277a78b47c6e8 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Nov 2023 14:13:28 +0200 Subject: [PATCH 036/494] Rm the 30m checklist from the infra docs --- docs/sre-guide/support/index.md | 1 - .../timeboxed-initial-ticket-evaluation.md | 44 ------------------- 2 files changed, 45 deletions(-) delete mode 100644 docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md diff --git a/docs/sre-guide/support/index.md b/docs/sre-guide/support/index.md index f258422c76..132735033a 100644 --- a/docs/sre-guide/support/index.md +++ b/docs/sre-guide/support/index.md @@ -12,5 +12,4 @@ decrypt-age build-image-remotely credits grafana-account -timeboxed-initial-ticket-evaluation ``` diff --git a/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md b/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md deleted file mode 100644 index f4747661f2..0000000000 --- a/docs/sre-guide/support/timeboxed-initial-ticket-evaluation.md +++ /dev/null @@ -1,44 +0,0 @@ -# Initial timeboxed (30m) ticket resolution checklist - -In the [non-incident support response process](https://compass.2i2c.org/projects/managed-hubs/support/#non-incident-response-process), an initial 30m timeboxed ticket resolution process is documented. - -The support triagers use these 30m time interval to try an resolve a ticket, before opening a follow-up issue about it. - -The next sections represents an incomplete initial checklist that the support triager can follow in order to resolve the ticket or decide on opening a tracking issue about it, with the context they gained during this investigation. - -The steps to follow depend greatly on the type of ticket. To simplify, only three big ticket categories will be addressed. - - -(something-is-not-working)= -## Category 1: Something is not working - -```{important} -If something is not working, you might be dealing with an incident, so depending on the scale of the issue and its nature, you might want to consider following the [Incident Response Process](https://compass.2i2c.org/projects/managed-hubs/incidents/#incident-response-process). -``` - -1. ✅ Ask for any additional info might be needed -1. ✅ Check the [](howto-troubleshoot:kubectl-logs) -1. ✅ Check the [](howto-troubleshoot:cloud-logs) -1. ✅ Save any of the logs that look useful -1. ✅ Check if there's any of the issues described at [](troubleshooting) - 1. ❌ If not, then open a new GitHub issue, sharing as much context from the previous steps as possible and continue with the [non-incident response process](https://compass.2i2c.org/projects/managed-hubs/support/#non-incident-response-process) - -## Category 2: New feature requested -```{list-table} -:widths: 30 -:header-rows: 1 - -* - Is the feature requested documented at [](hub-features)? -* - ☑ Yes? Then enable it after checking it is in the scope of the contract. -* - ▫️ No? Then open a GitHub tracking issue about it and continue following the non-incident process. -``` - -## Category 3: Technical advice -```{list-table} -:widths: 30 -:header-rows: 1 - -* - Is the question about an area where the support triager has insight into? -* - ☑ Yes? Then answer the ticket. -* - ▫️ No? Then open a GitHub tracking issue about it and continue following the non-incident process -``` From e815c9108c844ac1d00c7e2e7c4054ffb2768647 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 22 Nov 2023 16:23:49 +0200 Subject: [PATCH 037/494] Add common errors and logs --- docs/howto/troubleshoot/logs/cloud-logs.md | 2 ++ docs/howto/troubleshoot/logs/common-errors.md | 17 +++++++++++++++++ docs/howto/troubleshoot/logs/index.md | 1 + docs/howto/troubleshoot/logs/kubectl-logs.md | 4 ++++ 4 files changed, 24 insertions(+) create mode 100644 docs/howto/troubleshoot/logs/common-errors.md diff --git a/docs/howto/troubleshoot/logs/cloud-logs.md b/docs/howto/troubleshoot/logs/cloud-logs.md index 0ae81887b5..6e2db98741 100644 --- a/docs/howto/troubleshoot/logs/cloud-logs.md +++ b/docs/howto/troubleshoot/logs/cloud-logs.md @@ -30,6 +30,7 @@ logs are kept for 30 days, and are searchable. ### Common queries +(howto-troubleshoot:gcp-autoscaler-logs)= #### Kubernetes autoscaler logs You can find scale up or scale down events by looking for decision events @@ -105,6 +106,7 @@ special characters, highly recommend using the script instead - escaping errors can be frustrating! ``` +(howto-troubleshoot:gcloud-dask-gateway-logs)= #### Look at dask-gateway logs The following query will show logs from all the components of dask-gateway - diff --git a/docs/howto/troubleshoot/logs/common-errors.md b/docs/howto/troubleshoot/logs/common-errors.md new file mode 100644 index 0000000000..e636320cef --- /dev/null +++ b/docs/howto/troubleshoot/logs/common-errors.md @@ -0,0 +1,17 @@ +# Common errors and what logs to check + +Based on the errors experienced, specific logs can have more information about the underlying issue. + +## 5xx errors during login or server start + +These kind of errors are reported by the hub, so checking the [hub pod logs](howto-troubleshoot:hub-pod-logs) might provide more insight on why they are happening. + +## Scaling issues + +If any scaling-related errors are reported, then the first thing to check is the cluster autoscaler logs from the [cloud console](howto-troubleshoot:gcp-autoscaler-logs) or through [kubectl](howto-troubleshoot:kubectl-autoscaler-logs) + +### Dask issues + +If users are experiencing issues related to Dask, then maybe something is going on with `dask-gateway` and the logs of the pods related with this service might have more useful info or there might be some connectivity issue and the traefik logs might help. + +You can look at dask-gateway logs either with [kubectl](howto-troubleshoot:kubectl-dask-gateway-logs) or [from the cloud console]()(howto-troubleshoot:gcloud-dask-gateway-logs). Traefik pod logs are available from `kubectl` using the commands described in [this troubleshooting section](howto-troubleshoot:kubectl-traefik). \ No newline at end of file diff --git a/docs/howto/troubleshoot/logs/index.md b/docs/howto/troubleshoot/logs/index.md index 868699ea11..573749efa1 100644 --- a/docs/howto/troubleshoot/logs/index.md +++ b/docs/howto/troubleshoot/logs/index.md @@ -11,4 +11,5 @@ by using cloud-agnostic kubectl and deployer commands. :maxdepth: 2 cloud-logs kubectl-logs +common-errors ``` diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md index aeebeff9f4..f271fa9b04 100644 --- a/docs/howto/troubleshoot/logs/kubectl-logs.md +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -30,6 +30,7 @@ These commands are standalone and **don't require** running `deployer use-cluste If the pod has restarted due to an error, you can pass `--previous` to look at the logs of the pod prior to the last restart. ``` +(howto-troubleshoot:hub-pod-logs)= #### Hub pod logs ```bash deployer debug component-logs $CLUSTER_NAME $HUB_NAME hub @@ -40,11 +41,13 @@ deployer debug component-logs $CLUSTER_NAME $HUB_NAME hub deployer debug component-logs $CLUSTER_NAME $HUB_NAME proxy ``` +(howto-troubleshoot:kubectl-traefik-logs)= #### Traefik pod logs ```bash deployer debug component-logs $CLUSTER_NAME $HUB_NAME traefik ``` +(howto-troubleshoot:kubectl-dask-gateway-logs)= ### Look at dask-gateway logs Display the logs from the dask-gateway's most important component pods. @@ -82,6 +85,7 @@ export CLUSTER_NAME=2i2c; deployer use-cluster-credentials $CLUSTER_NAME ``` +(howto-troubleshoot:kubectl-autoscaler-logs)= ### Kubernetes autoscaler logs You can find scale up or scale down events by looking for decision events From d0848c50441eb5fe71e7fe8a14ca0b7558fe103b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 22 Nov 2023 19:00:11 +0100 Subject: [PATCH 038/494] Pin deployer deps to major-like versions --- requirements.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/requirements.txt b/requirements.txt index cfa5713645..0fe51ac9f8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,15 +31,14 @@ pandas pandera prometheus_pandas pytest-mock -google-cloud-bigquery==3.13.* -google-cloud-bigquery[pandas]==3.13.* -gspread==5.12.* +google-cloud-bigquery[pandas]==3.* +gspread==5.* # requests is used by deployer/commands/cilogon.py requests==2.* # this is used by the generator of dedicated cluster files deployer/commands/dedicated_cluster -GitPython==3.1.40 +GitPython==3.* # Used to parse units that kubernetes understands (like GiB) kubernetes \ No newline at end of file From 4e4614397892c6c4ae65e3c6a76e0d4df04bf35b Mon Sep 17 00:00:00 2001 From: Georgiana Date: Thu, 23 Nov 2023 10:14:48 +0200 Subject: [PATCH 039/494] Close the code section properly Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/troubleshoot/logs/kubectl-logs.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md index f271fa9b04..cd7cfd4fed 100644 --- a/docs/howto/troubleshoot/logs/kubectl-logs.md +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -12,6 +12,7 @@ You can export the cluster's and hub's names as environmental variables to direc ```bash export CLUSTER_NAME=2i2c; export HUB_NAME=staging +``` ```` ### Look at hub component logs From 202977c7c98bacce3ad3dababdbb2721fad76ac5 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Thu, 23 Nov 2023 10:15:02 +0200 Subject: [PATCH 040/494] Fix typo Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/troubleshoot/logs/kubectl-logs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md index cd7cfd4fed..6608e701a4 100644 --- a/docs/howto/troubleshoot/logs/kubectl-logs.md +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -17,7 +17,7 @@ export CLUSTER_NAME=2i2c; export HUB_NAME=staging ### Look at hub component logs -The JupyterHub components's logs can be fetched with the `deployer debug component-logs` command, ran for each hub component. +The JupyterHub component's logs can be fetched with the `deployer debug component-logs` command, ran for each hub component. These commands are standalone and **don't require** running `deployer use-cluster-credentials` before. From 13979bf890214b3f882d6e701baec51128ff5f85 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Thu, 23 Nov 2023 10:15:22 +0200 Subject: [PATCH 041/494] Rm unnecesary word Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/troubleshoot/logs/kubectl-logs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md index 6608e701a4..518f4c6015 100644 --- a/docs/howto/troubleshoot/logs/kubectl-logs.md +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -77,7 +77,7 @@ Note that you don't need the *escaped* username, with this command. ### Pre-requisites -Get the name of the cluster you want to debug and export its name as and env vars. Then use the `deployer` to gain `kubectl` access into this specific cluster. +Get the name of the cluster you want to debug and export its name as env vars. Then use the `deployer` to gain `kubectl` access into this specific cluster. Example: From b931ce0241b6c57df42c078fe0821bf8e35b0be6 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 23 Nov 2023 10:26:11 +0200 Subject: [PATCH 042/494] Fix a few more rendering issues --- docs/howto/troubleshoot/logs/common-errors.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/howto/troubleshoot/logs/common-errors.md b/docs/howto/troubleshoot/logs/common-errors.md index e636320cef..dae5369b7d 100644 --- a/docs/howto/troubleshoot/logs/common-errors.md +++ b/docs/howto/troubleshoot/logs/common-errors.md @@ -8,10 +8,12 @@ These kind of errors are reported by the hub, so checking the [hub pod logs](how ## Scaling issues -If any scaling-related errors are reported, then the first thing to check is the cluster autoscaler logs from the [cloud console](howto-troubleshoot:gcp-autoscaler-logs) or through [kubectl](howto-troubleshoot:kubectl-autoscaler-logs) +If any scaling-related errors are reported, then the first thing to check is the cluster `autoscaler` logs from the [cloud console](howto-troubleshoot:gcp-autoscaler-logs) or through [kubectl](howto-troubleshoot:kubectl-autoscaler-logs). ### Dask issues -If users are experiencing issues related to Dask, then maybe something is going on with `dask-gateway` and the logs of the pods related with this service might have more useful info or there might be some connectivity issue and the traefik logs might help. - -You can look at dask-gateway logs either with [kubectl](howto-troubleshoot:kubectl-dask-gateway-logs) or [from the cloud console]()(howto-troubleshoot:gcloud-dask-gateway-logs). Traefik pod logs are available from `kubectl` using the commands described in [this troubleshooting section](howto-troubleshoot:kubectl-traefik). \ No newline at end of file +If users are experiencing issues related to Dask, then: +- something might be going on with `dask-gateway` and the logs of the pods related with this service might have more useful info. + You can look at dask-gateway logs either with [kubectl](howto-troubleshoot:kubectl-dask-gateway-logs) or [from the cloud console](howto-troubleshoot:gcloud-dask-gateway-logs). +- there might be some connectivity issue and the traefik logs might help. + Traefik pod logs are available from `kubectl` using the commands described in [this troubleshooting section](howto-troubleshoot:kubectl-traefik-logs). \ No newline at end of file From 50089047e7819ade7e7fd0e9f977bfe08ee6f834 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 23 Nov 2023 10:29:11 +0200 Subject: [PATCH 043/494] Add tip about namespace being the hub Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/troubleshoot/logs/kubectl-logs.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md index 518f4c6015..b379443fc2 100644 --- a/docs/howto/troubleshoot/logs/kubectl-logs.md +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -113,6 +113,11 @@ kubectl describe -n kube-system configmap cluster-autoscaler-status ``` ### Kubernetes pod events and status + +```{tip} +The following commands require passing the namespace where a specific pod is running. Usually this namespace is the same with the hub name. +``` + 1. Running pods in a namespace and their status ```bash kubectl get pods -n From 5b4f04362ea85aed12853e64e29920febf492cfb Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 24 Nov 2023 13:50:01 +0100 Subject: [PATCH 044/494] sops: configure indentation and get YAML valid .json output --- .sops.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.sops.yaml b/.sops.yaml index 1d2d4cf0e3..3a8809d442 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,3 +5,14 @@ creation_rules: gcp_kms: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - path_regex: deployer/keys/.*key.* gcp_kms: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + +# stores configuration is supported by sops 3.9.0+ only +stores: + # By configuring json indent, we get spaces instead of tabs for json files, + # which makes them valid YAML files as well. + json: + indent: 4 + json_binary: + indent: 4 + yaml: + indent: 2 From 70e84dd2642c6b57f644c5faf3dcec68306007b8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 15:45:21 +0100 Subject: [PATCH 045/494] basehub: bump z2jh from 3.1.0 to 3.2.0 --- helm-charts/basehub/Chart.yaml | 2 +- helm-charts/images/hub/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm-charts/basehub/Chart.yaml b/helm-charts/basehub/Chart.yaml index d34a07f055..bfb959e31f 100644 --- a/helm-charts/basehub/Chart.yaml +++ b/helm-charts/basehub/Chart.yaml @@ -12,7 +12,7 @@ dependencies: # images/hub/Dockerfile, and will also involve manually building and pushing # the Dockerfile to https://quay.io/2i2c/pilot-hub. Details about this can # be found in the Dockerfile's comments. - version: 3.1.0 + version: 3.2.0 repository: https://jupyterhub.github.io/helm-chart/ - name: binderhub-service version: 0.1.0-0.dev.git.110.hd833d08 diff --git a/helm-charts/images/hub/Dockerfile b/helm-charts/images/hub/Dockerfile index 50aacb4637..c6a2e0cee7 100644 --- a/helm-charts/images/hub/Dockerfile +++ b/helm-charts/images/hub/Dockerfile @@ -12,7 +12,7 @@ # `chartpress --push --builder docker-buildx --platform linux/amd64` # Ref: https://cloudolife.com/2022/03/05/Infrastructure-as-Code-IaC/Container/Docker/Docker-buildx-support-multiple-architectures-images/ # -FROM jupyterhub/k8s-hub:3.1.0 +FROM jupyterhub/k8s-hub:3.2.0 # chartpress.yaml defines multiple hub images differentiated only by a # requirements.txt file with dependencies, this build argument allows us to From 473bf968528b0ef3d6bd70a60190e9fa56879fc8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 15:51:35 +0100 Subject: [PATCH 046/494] basehub: update our hub image overrides --- docs/howto/custom-jupyterhub-image.md | 2 +- helm-charts/basehub/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/howto/custom-jupyterhub-image.md b/docs/howto/custom-jupyterhub-image.md index 0a59631679..1112062246 100644 --- a/docs/howto/custom-jupyterhub-image.md +++ b/docs/howto/custom-jupyterhub-image.md @@ -148,7 +148,7 @@ You will need to put a config similar to the one below in your hub configuration hub: image: name: quay.io/2i2c/new-experiment - tag: "0.0.1-0.dev.git.7130.h0bdc2d30" + tag: "0.0.1-0.dev.git.7130.h70e84dd2" ``` ```{important} diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index 75062c5d2c..bdadc86664 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -579,7 +579,7 @@ jupyterhub: admin: true image: name: quay.io/2i2c/pilot-hub - tag: "0.0.1-0.dev.git.7130.h0bdc2d30" + tag: "0.0.1-0.dev.git.7655.h70e84dd2" networkPolicy: enabled: true # interNamespaceAccessLabels=accept makes the hub pod's associated From ab0fffe2fd1789752a5ab90da27577d7001a6f7e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 16:02:22 +0100 Subject: [PATCH 047/494] callysto: cleanup functionality now bundled with oauthenticator 16.2.0 --- config/clusters/callysto/common.values.yaml | 72 +-------------------- 1 file changed, 2 insertions(+), 70 deletions(-) diff --git a/config/clusters/callysto/common.values.yaml b/config/clusters/callysto/common.values.yaml index 3cbfe0c883..568c1c76c9 100644 --- a/config/clusters/callysto/common.values.yaml +++ b/config/clusters/callysto/common.values.yaml @@ -55,76 +55,6 @@ jupyterhub: CallystoHub {% endblock %} hub: - extraConfig: - # FIXME: If the following issues are resolved, we should remove this - # custom authenticator class and use CILogonOAuthenticator - # directly instead. - # - # https://github.com/jupyterhub/oauthenticator/issues/547 - # https://github.com/jupyterhub/oauthenticator/issues/692 - # - 001-cilogon-email-auth: | - from fnmatch import fnmatch - - from oauthenticator.cilogon import CILogonOAuthenticator - - - class EmailAuthenticatingCILogonOAuthenticator(CILogonOAuthenticator): - """ - Custom override of CILogonOAuthenticator to allow access control via - one property (email) while the username itself is a different - property (oidc), and to allow `allowed_domains` to involve wildcards - like *. - - This allows us to restrict access based on the *email* of the - authenticated user without having to store the actual email in our - servers or use it as a username. - """ - - async def check_allowed(self, username, auth_model): - """ - Replaces the default implementation of check_allowed as it - otherwise would error, not finding a `@` symbol in the non-email - username. - - Mostly a copy of OAuthenticator 16.1, for comparison see: - https://github.com/jupyterhub/oauthenticator/blob/16.1.0/oauthenticator/cilogon.py#L349-L373 - """ - if await super(CILogonOAuthenticator, self).check_allowed(username, auth_model): - return True - - user_info = auth_model["auth_state"][self.user_auth_state_key] - user_idp = user_info["idp"] - - idp_allow_all = self.allowed_idps[user_idp].get("allow_all") - if idp_allow_all: - return True - - user_info = auth_model["auth_state"][self.user_auth_state_key] - user_idp = user_info["idp"] - - idp_allowed_domains = self.allowed_idps[user_idp].get("allowed_domains") - if idp_allowed_domains: - # this was the part we wanted to replace - email = auth_model["auth_state"][self.user_auth_state_key]["email"] - email_domain = email.split("@", 1)[1].lower() - for ad in idp_allowed_domains: - # fnmatch allow us to use wildcards like * and ?, but - # not the full regex. For simple domain matching this is - # good enough. If we were to use regexes instead, people - # will have to escape all their '.'s, and since that is - # actually going to match 'any character' it is a - # possible security hole. For details see - # https://docs.python.org/3/library/fnmatch.html. - if fnmatch(email_domain, ad): - return True - - # users should be explicitly allowed via config, otherwise they aren't - return False - - - c.JupyterHub.authenticator_class = EmailAuthenticatingCILogonOAuthenticator - config: CILogonOAuthenticator: # Usernames are based on a unique "oidc" claim and not email, so we need @@ -143,6 +73,7 @@ jupyterhub: http://google.com/accounts/o8/id: username_derivation: username_claim: "oidc" + allowed_domains_claim: email allowed_domains: &allowed_domains - 2i2c.org - btps.ca @@ -164,4 +95,5 @@ jupyterhub: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: username_derivation: username_claim: "oidc" + allowed_domains_claim: email allowed_domains: *allowed_domains From 3eaf413ad16fe0974d7eb7dd865363efc713c375 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 16:18:37 +0100 Subject: [PATCH 048/494] carbonplan, qcl, ubc-eoas: cleanup no longer needed pullPolicy --- config/clusters/carbonplan/common.values.yaml | 4 ---- config/clusters/qcl/common.values.yaml | 4 ---- config/clusters/ubc-eoas/common.values.yaml | 4 ---- 3 files changed, 12 deletions(-) diff --git a/config/clusters/carbonplan/common.values.yaml b/config/clusters/carbonplan/common.values.yaml index 33691c26b5..0529899771 100644 --- a/config/clusters/carbonplan/common.values.yaml +++ b/config/clusters/carbonplan/common.values.yaml @@ -35,10 +35,6 @@ basehub: serviceAccountName: cloud-user-sa image: name: carbonplan/trace-python-notebook - # pullPolicy set to "Always" because we use the changing over time tag - # "latest". - pullPolicy: Always - tag: "latest" profileList: # The mem-guarantees are here so k8s doesn't schedule other pods # on these nodes. diff --git a/config/clusters/qcl/common.values.yaml b/config/clusters/qcl/common.values.yaml index d333a9ddcc..76a1f9f056 100644 --- a/config/clusters/qcl/common.values.yaml +++ b/config/clusters/qcl/common.values.yaml @@ -50,10 +50,6 @@ jupyterhub: # Cull idle kernels after 24h (24 * 60 * 60) # Ref https://2i2c.freshdesk.com/a/tickets/1120 cull_idle_timeout: 86400 - image: - # Required when using :latest, until https://github.com/jupyterhub/kubespawner/pull/807 - # is merged - pullPolicy: Always profileList: # NOTE: About node sharing # diff --git a/config/clusters/ubc-eoas/common.values.yaml b/config/clusters/ubc-eoas/common.values.yaml index b09bc129ac..3e9439e5c9 100644 --- a/config/clusters/ubc-eoas/common.values.yaml +++ b/config/clusters/ubc-eoas/common.values.yaml @@ -54,10 +54,6 @@ jupyterhub: - hmodzelewski # Technical representative, Henryk Modzelewski singleuser: - image: - # Required when using :latest, until https://github.com/jupyterhub/kubespawner/pull/807 - # is merged - pullPolicy: Always defaultUrl: /lab memory: # https://2i2c.freshdesk.com/a/tickets/955 From b243b230aaa1c45b0e4cae0b90f1fb9b7b472967 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 16:10:21 +0100 Subject: [PATCH 049/494] cilogon hubs: declare first allowed_idps entry as default I've historically refactored these to put the community's IdP on the top, so this should be the community's IdP. Could be worth to verify again though. --- .../clusters/2i2c-aws-us/cosmicds.values.yaml | 1 + config/clusters/2i2c-uk/staging.values.yaml | 1 + config/clusters/2i2c/aup.values.yaml | 1 + .../clusters/2i2c/binder-staging.values.yaml | 1 + config/clusters/2i2c/dask-staging.values.yaml | 1 + config/clusters/2i2c/demo.values.yaml | 1 + config/clusters/2i2c/mtu.values.yaml | 1 + .../clusters/2i2c/neurohackademy.values.yaml | 1 + config/clusters/2i2c/staging.values.yaml | 1 + config/clusters/2i2c/temple.values.yaml | 1 + .../clusters/2i2c/ucmerced-common.values.yaml | 29 +++++++------------ config/clusters/callysto/common.values.yaml | 1 + config/clusters/carbonplan/common.values.yaml | 1 + .../nm-aist.values.yaml | 1 + .../unitefa-conicet.values.yaml | 1 + config/clusters/cloudbank/bcc.values.yaml | 1 + config/clusters/cloudbank/ccsf.values.yaml | 1 + config/clusters/cloudbank/csm.values.yaml | 1 + config/clusters/cloudbank/csulb.values.yaml | 1 + config/clusters/cloudbank/csum.values.yaml | 1 + config/clusters/cloudbank/demo.values.yaml | 1 + config/clusters/cloudbank/dvc.values.yaml | 1 + .../clusters/cloudbank/elcamino.values.yaml | 1 + config/clusters/cloudbank/evc.values.yaml | 1 + config/clusters/cloudbank/fresno.values.yaml | 1 + .../clusters/cloudbank/glendale.values.yaml | 1 + config/clusters/cloudbank/howard.values.yaml | 1 + .../clusters/cloudbank/humboldt.values.yaml | 1 + config/clusters/cloudbank/lacc.values.yaml | 1 + config/clusters/cloudbank/laney.values.yaml | 1 + config/clusters/cloudbank/mills.values.yaml | 1 + .../clusters/cloudbank/miracosta.values.yaml | 1 + config/clusters/cloudbank/mission.values.yaml | 1 + config/clusters/cloudbank/norco.values.yaml | 1 + config/clusters/cloudbank/palomar.values.yaml | 1 + .../clusters/cloudbank/pasadena.values.yaml | 1 + .../clusters/cloudbank/sacramento.values.yaml | 1 + .../clusters/cloudbank/saddleback.values.yaml | 1 + .../clusters/cloudbank/santiago.values.yaml | 1 + .../clusters/cloudbank/sbcc-dev.values.yaml | 1 + config/clusters/cloudbank/sbcc.values.yaml | 1 + config/clusters/cloudbank/sjcc.values.yaml | 1 + config/clusters/cloudbank/sjsu.values.yaml | 1 + config/clusters/cloudbank/skyline.values.yaml | 1 + config/clusters/cloudbank/srjc.values.yaml | 1 + config/clusters/cloudbank/staging.values.yaml | 1 + .../clusters/cloudbank/tuskegee.values.yaml | 1 + config/clusters/hhmi/common.values.yaml | 1 + .../common.values.yaml | 1 + .../clusters/pangeo-hubs/coessing.values.yaml | 1 + config/clusters/ubc-eoas/common.values.yaml | 1 + config/clusters/utoronto/common.values.yaml | 1 + .../configure-auth/cilogon.md | 2 ++ 53 files changed, 63 insertions(+), 19 deletions(-) diff --git a/config/clusters/2i2c-aws-us/cosmicds.values.yaml b/config/clusters/2i2c-aws-us/cosmicds.values.yaml index d0e047e245..bc47f8526b 100644 --- a/config/clusters/2i2c-aws-us/cosmicds.values.yaml +++ b/config/clusters/2i2c-aws-us/cosmicds.values.yaml @@ -83,6 +83,7 @@ jupyterhub: oauth_callback_url: https://cosmicds.2i2c.cloud/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" allow_all: true diff --git a/config/clusters/2i2c-uk/staging.values.yaml b/config/clusters/2i2c-uk/staging.values.yaml index 789a684aba..0ec5159734 100644 --- a/config/clusters/2i2c-uk/staging.values.yaml +++ b/config/clusters/2i2c-uk/staging.values.yaml @@ -41,5 +41,6 @@ jupyterhub: oauth_callback_url: "https://staging.uk.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/aup.values.yaml b/config/clusters/2i2c/aup.values.yaml index beec96e623..a7175cdaf0 100644 --- a/config/clusters/2i2c/aup.values.yaml +++ b/config/clusters/2i2c/aup.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: "https://aup.pilot.2i2c.cloud/hub/oauth_callback" allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 5927be3c88..4b801044cf 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -74,6 +74,7 @@ binderhub: oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" Authenticator: diff --git a/config/clusters/2i2c/dask-staging.values.yaml b/config/clusters/2i2c/dask-staging.values.yaml index 7782eb276f..7fd99282c3 100644 --- a/config/clusters/2i2c/dask-staging.values.yaml +++ b/config/clusters/2i2c/dask-staging.values.yaml @@ -47,5 +47,6 @@ basehub: oauth_callback_url: "https://dask-staging.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/demo.values.yaml b/config/clusters/2i2c/demo.values.yaml index 22faef42d8..dbabd12084 100644 --- a/config/clusters/2i2c/demo.values.yaml +++ b/config/clusters/2i2c/demo.values.yaml @@ -34,6 +34,7 @@ jupyterhub: allowed_idps: # UTexas hub https://enterprise.login.utexas.edu/idp/shibboleth: + default: true username_derivation: username_claim: "eppn" allow_all: true diff --git a/config/clusters/2i2c/mtu.values.yaml b/config/clusters/2i2c/mtu.values.yaml index b24deeaacf..be833a1e13 100644 --- a/config/clusters/2i2c/mtu.values.yaml +++ b/config/clusters/2i2c/mtu.values.yaml @@ -38,6 +38,7 @@ jupyterhub: allowed_idps: # Allow MTU to login via Shibboleth https://sso.mtu.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/2i2c/neurohackademy.values.yaml b/config/clusters/2i2c/neurohackademy.values.yaml index 17764ea812..4db1082b4f 100644 --- a/config/clusters/2i2c/neurohackademy.values.yaml +++ b/config/clusters/2i2c/neurohackademy.values.yaml @@ -59,6 +59,7 @@ jupyterhub: oauth_callback_url: https://neurohackademy.2i2c.cloud/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/2i2c/staging.values.yaml b/config/clusters/2i2c/staging.values.yaml index 0c0b444eea..f60f64113a 100644 --- a/config/clusters/2i2c/staging.values.yaml +++ b/config/clusters/2i2c/staging.values.yaml @@ -58,5 +58,6 @@ jupyterhub: oauth_callback_url: "https://staging.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/temple.values.yaml b/config/clusters/2i2c/temple.values.yaml index ae5fd3e702..b62d10f4bd 100644 --- a/config/clusters/2i2c/temple.values.yaml +++ b/config/clusters/2i2c/temple.values.yaml @@ -51,6 +51,7 @@ jupyterhub: oauth_callback_url: https://temple.2i2c.cloud/hub/oauth_callback allowed_idps: https://fim.temple.edu/idp/shibboleth: + default: true username_derivation: username_claim: "eppn" allow_all: true diff --git a/config/clusters/2i2c/ucmerced-common.values.yaml b/config/clusters/2i2c/ucmerced-common.values.yaml index bed6bf9c3d..80cbd04529 100644 --- a/config/clusters/2i2c/ucmerced-common.values.yaml +++ b/config/clusters/2i2c/ucmerced-common.values.yaml @@ -19,28 +19,19 @@ jupyterhub: name: University of California, Merced url: http://www.ucmerced.edu/ hub: - extraConfig: - 100-cilogon-ordering: | - # Explicitly specify allowed_idps here, so their sort order is - # preserved. Otherwise, the keys get sorted lexicographically, - # and Google comes before UC Merced - # https://github.com/2i2c-org/infrastructure/issues/3267 - c.CILogonOAuthenticator.allowed_idps = { - "urn:mace:incommon:ucmerced.edu": { - "username_derivation": { - "username_claim": "eppn" - }, - "allow_all": True - }, - "http://google.com/accounts/o8/id": { - "username_derivation": { - "username_claim": "email" - } - } - } config: JupyterHub: authenticator_class: cilogon + CILogonOAuthenticator: + allowed_idps: + urn:mace:incommon:ucmerced.edu: + default: true + username_derivation: + username_claim: "eppn" + allow_all: true + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" Authenticator: admin_users: - schadalapaka@ucmerced.edu diff --git a/config/clusters/callysto/common.values.yaml b/config/clusters/callysto/common.values.yaml index 3cbfe0c883..9904e84ecd 100644 --- a/config/clusters/callysto/common.values.yaml +++ b/config/clusters/callysto/common.values.yaml @@ -141,6 +141,7 @@ jupyterhub: - "106951135662332329542" # Elmar Bouwer (Cybera) allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "oidc" allowed_domains: &allowed_domains diff --git a/config/clusters/carbonplan/common.values.yaml b/config/clusters/carbonplan/common.values.yaml index 33691c26b5..20ab228c80 100644 --- a/config/clusters/carbonplan/common.values.yaml +++ b/config/clusters/carbonplan/common.values.yaml @@ -190,6 +190,7 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/catalystproject-africa/nm-aist.values.yaml b/config/clusters/catalystproject-africa/nm-aist.values.yaml index 40e013fc10..88b7961cf1 100644 --- a/config/clusters/catalystproject-africa/nm-aist.values.yaml +++ b/config/clusters/catalystproject-africa/nm-aist.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://nm-aist.af.catalystproject.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: email allowed_domains: diff --git a/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml b/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml index 5f446c27ec..548682c149 100644 --- a/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml +++ b/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://unitefa-conicet.latam.catalystproject.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/bcc.values.yaml b/config/clusters/cloudbank/bcc.values.yaml index 9020355723..1d26feba32 100644 --- a/config/clusters/cloudbank/bcc.values.yaml +++ b/config/clusters/cloudbank/bcc.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://bcc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/ccsf.values.yaml b/config/clusters/cloudbank/ccsf.values.yaml index 786b32d16f..7039b61fff 100644 --- a/config/clusters/cloudbank/ccsf.values.yaml +++ b/config/clusters/cloudbank/ccsf.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: "https://ccsf.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/csm.values.yaml b/config/clusters/cloudbank/csm.values.yaml index e7409cc5e9..98e27c05bc 100644 --- a/config/clusters/cloudbank/csm.values.yaml +++ b/config/clusters/cloudbank/csm.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://csm.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/csulb.values.yaml b/config/clusters/cloudbank/csulb.values.yaml index 8eb30c3e91..27c86f1c8b 100644 --- a/config/clusters/cloudbank/csulb.values.yaml +++ b/config/clusters/cloudbank/csulb.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://csulb.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://its-shib.its.csulb.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/csum.values.yaml b/config/clusters/cloudbank/csum.values.yaml index e4338d28d3..1ed5006e23 100644 --- a/config/clusters/cloudbank/csum.values.yaml +++ b/config/clusters/cloudbank/csum.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: "https://csum.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://cma-shibboleth.csum.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/demo.values.yaml b/config/clusters/cloudbank/demo.values.yaml index dbf15f28a6..c36670feec 100644 --- a/config/clusters/cloudbank/demo.values.yaml +++ b/config/clusters/cloudbank/demo.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: https://demo.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" Authenticator: diff --git a/config/clusters/cloudbank/dvc.values.yaml b/config/clusters/cloudbank/dvc.values.yaml index dce9039f10..5e36654eea 100644 --- a/config/clusters/cloudbank/dvc.values.yaml +++ b/config/clusters/cloudbank/dvc.values.yaml @@ -35,6 +35,7 @@ jupyterhub: oauth_callback_url: https://dvc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/elcamino.values.yaml b/config/clusters/cloudbank/elcamino.values.yaml index 670bffc31a..a733bd3171 100644 --- a/config/clusters/cloudbank/elcamino.values.yaml +++ b/config/clusters/cloudbank/elcamino.values.yaml @@ -36,6 +36,7 @@ jupyterhub: oauth_callback_url: "https://elcamino.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/evc.values.yaml b/config/clusters/cloudbank/evc.values.yaml index ac04f1379d..c48f0a6d55 100644 --- a/config/clusters/cloudbank/evc.values.yaml +++ b/config/clusters/cloudbank/evc.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://evc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/fresno.values.yaml b/config/clusters/cloudbank/fresno.values.yaml index 5a333e8abc..8035067bf9 100644 --- a/config/clusters/cloudbank/fresno.values.yaml +++ b/config/clusters/cloudbank/fresno.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://fresno.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://idp.scccd.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/glendale.values.yaml b/config/clusters/cloudbank/glendale.values.yaml index 080bab4d51..cba325c70c 100644 --- a/config/clusters/cloudbank/glendale.values.yaml +++ b/config/clusters/cloudbank/glendale.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://glendale.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/howard.values.yaml b/config/clusters/cloudbank/howard.values.yaml index f2fa446aa4..2657e9b94d 100644 --- a/config/clusters/cloudbank/howard.values.yaml +++ b/config/clusters/cloudbank/howard.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://howard.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/humboldt.values.yaml b/config/clusters/cloudbank/humboldt.values.yaml index 80ef787324..7578b35d37 100644 --- a/config/clusters/cloudbank/humboldt.values.yaml +++ b/config/clusters/cloudbank/humboldt.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: https://humboldt.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://sso.humboldt.edu/idp/metadata: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/lacc.values.yaml b/config/clusters/cloudbank/lacc.values.yaml index d147fff1e5..9054bfee6b 100644 --- a/config/clusters/cloudbank/lacc.values.yaml +++ b/config/clusters/cloudbank/lacc.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://lacc.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/laney.values.yaml b/config/clusters/cloudbank/laney.values.yaml index f431f69e26..ffe42b2b76 100644 --- a/config/clusters/cloudbank/laney.values.yaml +++ b/config/clusters/cloudbank/laney.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://laney.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/mills.values.yaml b/config/clusters/cloudbank/mills.values.yaml index 74b846e6d3..073aeea1d6 100644 --- a/config/clusters/cloudbank/mills.values.yaml +++ b/config/clusters/cloudbank/mills.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://datahub.mills.edu/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/miracosta.values.yaml b/config/clusters/cloudbank/miracosta.values.yaml index 9864706df3..7c83e77524 100644 --- a/config/clusters/cloudbank/miracosta.values.yaml +++ b/config/clusters/cloudbank/miracosta.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://miracosta.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://miracosta.fedgw.com/gateway: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/mission.values.yaml b/config/clusters/cloudbank/mission.values.yaml index 6ec0d56592..42eacb4bfd 100644 --- a/config/clusters/cloudbank/mission.values.yaml +++ b/config/clusters/cloudbank/mission.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://mission.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/norco.values.yaml b/config/clusters/cloudbank/norco.values.yaml index 2e64440c0c..914637f178 100644 --- a/config/clusters/cloudbank/norco.values.yaml +++ b/config/clusters/cloudbank/norco.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://norco.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/palomar.values.yaml b/config/clusters/cloudbank/palomar.values.yaml index 2d5e8ce8f8..aa601ff2df 100644 --- a/config/clusters/cloudbank/palomar.values.yaml +++ b/config/clusters/cloudbank/palomar.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://palomar.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/pasadena.values.yaml b/config/clusters/cloudbank/pasadena.values.yaml index c5ce436305..1ebd4ea014 100644 --- a/config/clusters/cloudbank/pasadena.values.yaml +++ b/config/clusters/cloudbank/pasadena.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://pasadena.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sacramento.values.yaml b/config/clusters/cloudbank/sacramento.values.yaml index ff03773762..0b5c108fe2 100644 --- a/config/clusters/cloudbank/sacramento.values.yaml +++ b/config/clusters/cloudbank/sacramento.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://sacramento.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/saddleback.values.yaml b/config/clusters/cloudbank/saddleback.values.yaml index ffaa5de787..0e617ecafb 100644 --- a/config/clusters/cloudbank/saddleback.values.yaml +++ b/config/clusters/cloudbank/saddleback.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://saddleback.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/santiago.values.yaml b/config/clusters/cloudbank/santiago.values.yaml index 14837ede12..433b093639 100644 --- a/config/clusters/cloudbank/santiago.values.yaml +++ b/config/clusters/cloudbank/santiago.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://santiago.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sbcc-dev.values.yaml b/config/clusters/cloudbank/sbcc-dev.values.yaml index bb470db2b6..70bfb1d21a 100644 --- a/config/clusters/cloudbank/sbcc-dev.values.yaml +++ b/config/clusters/cloudbank/sbcc-dev.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://sbcc-dev.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://idp.sbcc.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" http://google.com/accounts/o8/id: diff --git a/config/clusters/cloudbank/sbcc.values.yaml b/config/clusters/cloudbank/sbcc.values.yaml index f186ee3386..7edbf3a6ca 100644 --- a/config/clusters/cloudbank/sbcc.values.yaml +++ b/config/clusters/cloudbank/sbcc.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://sbcc.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://idp.sbcc.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" http://google.com/accounts/o8/id: diff --git a/config/clusters/cloudbank/sjcc.values.yaml b/config/clusters/cloudbank/sjcc.values.yaml index 7aa427950e..baf38bb3ad 100644 --- a/config/clusters/cloudbank/sjcc.values.yaml +++ b/config/clusters/cloudbank/sjcc.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://sjcc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sjsu.values.yaml b/config/clusters/cloudbank/sjsu.values.yaml index 7984a92a8f..8e9eaba333 100644 --- a/config/clusters/cloudbank/sjsu.values.yaml +++ b/config/clusters/cloudbank/sjsu.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: https://sjsu.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://idp01.sjsu.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/skyline.values.yaml b/config/clusters/cloudbank/skyline.values.yaml index 03b16084f1..83d312e02c 100644 --- a/config/clusters/cloudbank/skyline.values.yaml +++ b/config/clusters/cloudbank/skyline.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://skyline.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/srjc.values.yaml b/config/clusters/cloudbank/srjc.values.yaml index 03c6802287..dd2228325f 100644 --- a/config/clusters/cloudbank/srjc.values.yaml +++ b/config/clusters/cloudbank/srjc.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://srjc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/staging.values.yaml b/config/clusters/cloudbank/staging.values.yaml index 83ec5fe872..44a897ee0d 100644 --- a/config/clusters/cloudbank/staging.values.yaml +++ b/config/clusters/cloudbank/staging.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://staging.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/tuskegee.values.yaml b/config/clusters/cloudbank/tuskegee.values.yaml index 9ff5994406..fcd3225ddd 100644 --- a/config/clusters/cloudbank/tuskegee.values.yaml +++ b/config/clusters/cloudbank/tuskegee.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://tuskegee.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index f6a2a84f42..c6796075c0 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -125,6 +125,7 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/jupyter-meets-the-earth/common.values.yaml b/config/clusters/jupyter-meets-the-earth/common.values.yaml index 11ee63bdd2..4e99ea5003 100644 --- a/config/clusters/jupyter-meets-the-earth/common.values.yaml +++ b/config/clusters/jupyter-meets-the-earth/common.values.yaml @@ -215,6 +215,7 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/pangeo-hubs/coessing.values.yaml b/config/clusters/pangeo-hubs/coessing.values.yaml index 0235e3e56c..fd165be81a 100644 --- a/config/clusters/pangeo-hubs/coessing.values.yaml +++ b/config/clusters/pangeo-hubs/coessing.values.yaml @@ -40,6 +40,7 @@ basehub: oauth_callback_url: "https://coessing.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/ubc-eoas/common.values.yaml b/config/clusters/ubc-eoas/common.values.yaml index b09bc129ac..adbd4b20fa 100644 --- a/config/clusters/ubc-eoas/common.values.yaml +++ b/config/clusters/ubc-eoas/common.values.yaml @@ -39,6 +39,7 @@ jupyterhub: CILogonOAuthenticator: allowed_idps: https://authentication.ubc.ca: + default: true username_derivation: username_claim: email action: strip_idp_domain diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index a675f835c0..f564cb0faa 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -82,6 +82,7 @@ jupyterhub: CILogonOAuthenticator: allowed_idps: https://idpz.utorauth.utoronto.ca/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/docs/hub-deployment-guide/configure-auth/cilogon.md b/docs/hub-deployment-guide/configure-auth/cilogon.md index a6816937cd..5b72443e95 100644 --- a/docs/hub-deployment-guide/configure-auth/cilogon.md +++ b/docs/hub-deployment-guide/configure-auth/cilogon.md @@ -75,6 +75,7 @@ jupyterhub: # In this example, all authenticated users are authorized via the idp # specific allow_all config. https://idp2.anu.edu.au/idp/shibboleth: + default: true username_derivation: username_claim: email allow_all: true # authorize all users authenticated by the idp @@ -132,6 +133,7 @@ jupyterhub: oauth_callback_url: https://{{ HUB_DOMAIN }}/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" ``` From dddd6d7b59481068ebfac3e33f3cab60929b080f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 16:36:09 +0100 Subject: [PATCH 050/494] 2i2c, jackeddy: cleanup redundant dask-gateway idle_timeout config --- config/clusters/2i2c/jackeddy.values.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/config/clusters/2i2c/jackeddy.values.yaml b/config/clusters/2i2c/jackeddy.values.yaml index 14eccb4f31..a222dd89f6 100644 --- a/config/clusters/2i2c/jackeddy.values.yaml +++ b/config/clusters/2i2c/jackeddy.values.yaml @@ -162,9 +162,3 @@ basehub: admin_users: - dan800 # Dan Marsh - rmcgranaghan # Ryan McGranaghan -dask-gateway: - gateway: - extraConfig: - idle: | - # timeout after 30 minutes of inactivity - c.KubeClusterConfig.idle_timeout = 1800 From 77a68274c952d80fe90d397e01069a1560121b1a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 16:43:47 +0100 Subject: [PATCH 051/494] 2i2c, imagebuilding-demo: adjust resource allocations based on n2 machines --- .../2i2c/imagebuilding-demo.values.yaml | 58 +++++++++---------- 1 file changed, 26 insertions(+), 32 deletions(-) diff --git a/config/clusters/2i2c/imagebuilding-demo.values.yaml b/config/clusters/2i2c/imagebuilding-demo.values.yaml index 55aa2a4c0a..b34845e2e8 100644 --- a/config/clusters/2i2c/imagebuilding-demo.values.yaml +++ b/config/clusters/2i2c/imagebuilding-demo.values.yaml @@ -69,49 +69,43 @@ jupyterhub: resources: display_name: Resource Allocation choices: - mem_2_7: - display_name: 2.7 GB RAM, upto 3.479 CPUs - description: Use this for the workshop on 2023 September + mem_3_4: + display_name: 3.4 GB RAM, upto 3.485 CPUs kubespawner_override: - mem_guarantee: 2904451072 - mem_limit: 2904451072 - cpu_guarantee: 0.434875 - cpu_limit: 3.479 + mem_guarantee: 3662286336 + mem_limit: 3662286336 + cpu_guarantee: 0.435625 + cpu_limit: 3.485 node_selector: - # FIXME: guarantee/limits initialized for n1-highmem-4, not n2- node.kubernetes.io/instance-type: n2-highmem-4 default: true - mem_5_4: - display_name: 5.4 GB RAM, upto 3.479 CPUs + mem_6_8: + display_name: 6.8 GB RAM, upto 3.485 CPUs kubespawner_override: - mem_guarantee: 5808902144 - mem_limit: 5808902144 - cpu_guarantee: 0.86975 - cpu_limit: 3.479 + mem_guarantee: 7324572672 + mem_limit: 7324572672 + cpu_guarantee: 0.87125 + cpu_limit: 3.485 node_selector: - # FIXME: guarantee/limits initialized for n1-highmem-4, not n2- node.kubernetes.io/instance-type: n2-highmem-4 - mem_10_8: - display_name: 10.8 GB RAM, upto 3.479 CPUs + mem_13_6: + display_name: 13.6 GB RAM, upto 3.485 CPUs kubespawner_override: - mem_guarantee: 11617804288 - mem_limit: 11617804288 - cpu_guarantee: 1.7395 - cpu_limit: 3.479 + mem_guarantee: 14649145344 + mem_limit: 14649145344 + cpu_guarantee: 1.7425 + cpu_limit: 3.485 node_selector: - # FIXME: guarantee/limits initialized for n1-highmem-4, not n2- node.kubernetes.io/instance-type: n2-highmem-4 - mem_21_6: - display_name: 21.6 GB RAM, upto 3.479 CPUs - description: Largest amount of RAM, might take a few minutes to start + mem_27_3: + display_name: 27.3 GB RAM, upto 3.485 CPUs kubespawner_override: - mem_guarantee: 23235608576 - mem_limit: 23235608576 - cpu_guarantee: 3.479 - cpu_limit: 3.479 - node_selector: - # FIXME: guarantee/limits initialized for n1-highmem-4, not n2- - node.kubernetes.io/instance-type: n2-highmem-4 + mem_guarantee: 29298290688 + mem_limit: 29298290688 + cpu_guarantee: 3.485 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 hub: # Allows for multiple concurrent demos allowNamedServers: true From 84a2c7ce2c4edec3cd02431e15d425f5a28820e1 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 17:26:17 +0100 Subject: [PATCH 052/494] Disable dirsize reporter for four hubs its crash-looping in --- config/clusters/gridsst/common.values.yaml | 3 +++ config/clusters/nasa-ghg/common.values.yaml | 3 +++ config/clusters/nasa-veda/common.values.yaml | 3 +++ config/clusters/ubc-eoas/common.values.yaml | 3 +++ 4 files changed, 12 insertions(+) diff --git a/config/clusters/gridsst/common.values.yaml b/config/clusters/gridsst/common.values.yaml index 9ee3afea19..515cf7193a 100644 --- a/config/clusters/gridsst/common.values.yaml +++ b/config/clusters/gridsst/common.values.yaml @@ -1,5 +1,8 @@ basehub: nfs: + # FIXME: Enable after https://github.com/yuvipanda/prometheus-dirsize-exporter/pull/7 is used + dirsizeReporter: + enabled: false pv: # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html mountOptions: diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index e575bcda33..83580a08cf 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -1,5 +1,8 @@ basehub: nfs: + # FIXME: Enable after https://github.com/yuvipanda/prometheus-dirsize-exporter/pull/7 is used + dirsizeReporter: + enabled: false pv: # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html mountOptions: diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index 5ad487ce79..2a3baee1bd 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -1,5 +1,8 @@ basehub: nfs: + # FIXME: Enable after https://github.com/yuvipanda/prometheus-dirsize-exporter/pull/7 is used + dirsizeReporter: + enabled: false pv: # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html mountOptions: diff --git a/config/clusters/ubc-eoas/common.values.yaml b/config/clusters/ubc-eoas/common.values.yaml index b09bc129ac..f4f34d33e0 100644 --- a/config/clusters/ubc-eoas/common.values.yaml +++ b/config/clusters/ubc-eoas/common.values.yaml @@ -1,4 +1,7 @@ nfs: + # FIXME: Enable after https://github.com/yuvipanda/prometheus-dirsize-exporter/pull/7 is used + dirsizeReporter: + enabled: false pv: # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html mountOptions: From 1c3570e4f16e9271468e673f0b177d4db4aa2f74 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 18:20:59 +0100 Subject: [PATCH 053/494] Revert "cilogon hubs: declare first allowed_idps entry as default" --- .../clusters/2i2c-aws-us/cosmicds.values.yaml | 1 - config/clusters/2i2c-uk/staging.values.yaml | 1 - config/clusters/2i2c/aup.values.yaml | 1 - .../clusters/2i2c/binder-staging.values.yaml | 1 - config/clusters/2i2c/dask-staging.values.yaml | 1 - config/clusters/2i2c/demo.values.yaml | 1 - config/clusters/2i2c/mtu.values.yaml | 1 - .../clusters/2i2c/neurohackademy.values.yaml | 1 - config/clusters/2i2c/staging.values.yaml | 1 - config/clusters/2i2c/temple.values.yaml | 1 - .../clusters/2i2c/ucmerced-common.values.yaml | 29 ++++++++++++------- config/clusters/callysto/common.values.yaml | 1 - config/clusters/carbonplan/common.values.yaml | 1 - .../nm-aist.values.yaml | 1 - .../unitefa-conicet.values.yaml | 1 - config/clusters/cloudbank/bcc.values.yaml | 1 - config/clusters/cloudbank/ccsf.values.yaml | 1 - config/clusters/cloudbank/csm.values.yaml | 1 - config/clusters/cloudbank/csulb.values.yaml | 1 - config/clusters/cloudbank/csum.values.yaml | 1 - config/clusters/cloudbank/demo.values.yaml | 1 - config/clusters/cloudbank/dvc.values.yaml | 1 - .../clusters/cloudbank/elcamino.values.yaml | 1 - config/clusters/cloudbank/evc.values.yaml | 1 - config/clusters/cloudbank/fresno.values.yaml | 1 - .../clusters/cloudbank/glendale.values.yaml | 1 - config/clusters/cloudbank/howard.values.yaml | 1 - .../clusters/cloudbank/humboldt.values.yaml | 1 - config/clusters/cloudbank/lacc.values.yaml | 1 - config/clusters/cloudbank/laney.values.yaml | 1 - config/clusters/cloudbank/mills.values.yaml | 1 - .../clusters/cloudbank/miracosta.values.yaml | 1 - config/clusters/cloudbank/mission.values.yaml | 1 - config/clusters/cloudbank/norco.values.yaml | 1 - config/clusters/cloudbank/palomar.values.yaml | 1 - .../clusters/cloudbank/pasadena.values.yaml | 1 - .../clusters/cloudbank/sacramento.values.yaml | 1 - .../clusters/cloudbank/saddleback.values.yaml | 1 - .../clusters/cloudbank/santiago.values.yaml | 1 - .../clusters/cloudbank/sbcc-dev.values.yaml | 1 - config/clusters/cloudbank/sbcc.values.yaml | 1 - config/clusters/cloudbank/sjcc.values.yaml | 1 - config/clusters/cloudbank/sjsu.values.yaml | 1 - config/clusters/cloudbank/skyline.values.yaml | 1 - config/clusters/cloudbank/srjc.values.yaml | 1 - config/clusters/cloudbank/staging.values.yaml | 1 - .../clusters/cloudbank/tuskegee.values.yaml | 1 - config/clusters/hhmi/common.values.yaml | 1 - .../common.values.yaml | 1 - .../clusters/pangeo-hubs/coessing.values.yaml | 1 - config/clusters/ubc-eoas/common.values.yaml | 1 - config/clusters/utoronto/common.values.yaml | 1 - .../configure-auth/cilogon.md | 2 -- 53 files changed, 19 insertions(+), 63 deletions(-) diff --git a/config/clusters/2i2c-aws-us/cosmicds.values.yaml b/config/clusters/2i2c-aws-us/cosmicds.values.yaml index bc47f8526b..d0e047e245 100644 --- a/config/clusters/2i2c-aws-us/cosmicds.values.yaml +++ b/config/clusters/2i2c-aws-us/cosmicds.values.yaml @@ -83,7 +83,6 @@ jupyterhub: oauth_callback_url: https://cosmicds.2i2c.cloud/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: - default: true username_derivation: username_claim: "preferred_username" allow_all: true diff --git a/config/clusters/2i2c-uk/staging.values.yaml b/config/clusters/2i2c-uk/staging.values.yaml index 0ec5159734..789a684aba 100644 --- a/config/clusters/2i2c-uk/staging.values.yaml +++ b/config/clusters/2i2c-uk/staging.values.yaml @@ -41,6 +41,5 @@ jupyterhub: oauth_callback_url: "https://staging.uk.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/aup.values.yaml b/config/clusters/2i2c/aup.values.yaml index a7175cdaf0..beec96e623 100644 --- a/config/clusters/2i2c/aup.values.yaml +++ b/config/clusters/2i2c/aup.values.yaml @@ -40,7 +40,6 @@ jupyterhub: oauth_callback_url: "https://aup.pilot.2i2c.cloud/hub/oauth_callback" allowed_idps: http://github.com/login/oauth/authorize: - default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 4b801044cf..5927be3c88 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -74,7 +74,6 @@ binderhub: oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" Authenticator: diff --git a/config/clusters/2i2c/dask-staging.values.yaml b/config/clusters/2i2c/dask-staging.values.yaml index 7fd99282c3..7782eb276f 100644 --- a/config/clusters/2i2c/dask-staging.values.yaml +++ b/config/clusters/2i2c/dask-staging.values.yaml @@ -47,6 +47,5 @@ basehub: oauth_callback_url: "https://dask-staging.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/demo.values.yaml b/config/clusters/2i2c/demo.values.yaml index dbabd12084..22faef42d8 100644 --- a/config/clusters/2i2c/demo.values.yaml +++ b/config/clusters/2i2c/demo.values.yaml @@ -34,7 +34,6 @@ jupyterhub: allowed_idps: # UTexas hub https://enterprise.login.utexas.edu/idp/shibboleth: - default: true username_derivation: username_claim: "eppn" allow_all: true diff --git a/config/clusters/2i2c/mtu.values.yaml b/config/clusters/2i2c/mtu.values.yaml index be833a1e13..b24deeaacf 100644 --- a/config/clusters/2i2c/mtu.values.yaml +++ b/config/clusters/2i2c/mtu.values.yaml @@ -38,7 +38,6 @@ jupyterhub: allowed_idps: # Allow MTU to login via Shibboleth https://sso.mtu.edu/idp/shibboleth: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/2i2c/neurohackademy.values.yaml b/config/clusters/2i2c/neurohackademy.values.yaml index 4db1082b4f..17764ea812 100644 --- a/config/clusters/2i2c/neurohackademy.values.yaml +++ b/config/clusters/2i2c/neurohackademy.values.yaml @@ -59,7 +59,6 @@ jupyterhub: oauth_callback_url: https://neurohackademy.2i2c.cloud/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: - default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/2i2c/staging.values.yaml b/config/clusters/2i2c/staging.values.yaml index f60f64113a..0c0b444eea 100644 --- a/config/clusters/2i2c/staging.values.yaml +++ b/config/clusters/2i2c/staging.values.yaml @@ -58,6 +58,5 @@ jupyterhub: oauth_callback_url: "https://staging.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/temple.values.yaml b/config/clusters/2i2c/temple.values.yaml index b62d10f4bd..ae5fd3e702 100644 --- a/config/clusters/2i2c/temple.values.yaml +++ b/config/clusters/2i2c/temple.values.yaml @@ -51,7 +51,6 @@ jupyterhub: oauth_callback_url: https://temple.2i2c.cloud/hub/oauth_callback allowed_idps: https://fim.temple.edu/idp/shibboleth: - default: true username_derivation: username_claim: "eppn" allow_all: true diff --git a/config/clusters/2i2c/ucmerced-common.values.yaml b/config/clusters/2i2c/ucmerced-common.values.yaml index 80cbd04529..bed6bf9c3d 100644 --- a/config/clusters/2i2c/ucmerced-common.values.yaml +++ b/config/clusters/2i2c/ucmerced-common.values.yaml @@ -19,19 +19,28 @@ jupyterhub: name: University of California, Merced url: http://www.ucmerced.edu/ hub: + extraConfig: + 100-cilogon-ordering: | + # Explicitly specify allowed_idps here, so their sort order is + # preserved. Otherwise, the keys get sorted lexicographically, + # and Google comes before UC Merced + # https://github.com/2i2c-org/infrastructure/issues/3267 + c.CILogonOAuthenticator.allowed_idps = { + "urn:mace:incommon:ucmerced.edu": { + "username_derivation": { + "username_claim": "eppn" + }, + "allow_all": True + }, + "http://google.com/accounts/o8/id": { + "username_derivation": { + "username_claim": "email" + } + } + } config: JupyterHub: authenticator_class: cilogon - CILogonOAuthenticator: - allowed_idps: - urn:mace:incommon:ucmerced.edu: - default: true - username_derivation: - username_claim: "eppn" - allow_all: true - http://google.com/accounts/o8/id: - username_derivation: - username_claim: "email" Authenticator: admin_users: - schadalapaka@ucmerced.edu diff --git a/config/clusters/callysto/common.values.yaml b/config/clusters/callysto/common.values.yaml index 9904e84ecd..3cbfe0c883 100644 --- a/config/clusters/callysto/common.values.yaml +++ b/config/clusters/callysto/common.values.yaml @@ -141,7 +141,6 @@ jupyterhub: - "106951135662332329542" # Elmar Bouwer (Cybera) allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "oidc" allowed_domains: &allowed_domains diff --git a/config/clusters/carbonplan/common.values.yaml b/config/clusters/carbonplan/common.values.yaml index 20ab228c80..33691c26b5 100644 --- a/config/clusters/carbonplan/common.values.yaml +++ b/config/clusters/carbonplan/common.values.yaml @@ -190,7 +190,6 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: - default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/catalystproject-africa/nm-aist.values.yaml b/config/clusters/catalystproject-africa/nm-aist.values.yaml index 88b7961cf1..40e013fc10 100644 --- a/config/clusters/catalystproject-africa/nm-aist.values.yaml +++ b/config/clusters/catalystproject-africa/nm-aist.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: https://nm-aist.af.catalystproject.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: email allowed_domains: diff --git a/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml b/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml index 548682c149..5f446c27ec 100644 --- a/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml +++ b/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://unitefa-conicet.latam.catalystproject.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/bcc.values.yaml b/config/clusters/cloudbank/bcc.values.yaml index 1d26feba32..9020355723 100644 --- a/config/clusters/cloudbank/bcc.values.yaml +++ b/config/clusters/cloudbank/bcc.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://bcc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/ccsf.values.yaml b/config/clusters/cloudbank/ccsf.values.yaml index 7039b61fff..786b32d16f 100644 --- a/config/clusters/cloudbank/ccsf.values.yaml +++ b/config/clusters/cloudbank/ccsf.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: "https://ccsf.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/csm.values.yaml b/config/clusters/cloudbank/csm.values.yaml index 98e27c05bc..e7409cc5e9 100644 --- a/config/clusters/cloudbank/csm.values.yaml +++ b/config/clusters/cloudbank/csm.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: https://csm.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/csulb.values.yaml b/config/clusters/cloudbank/csulb.values.yaml index 27c86f1c8b..8eb30c3e91 100644 --- a/config/clusters/cloudbank/csulb.values.yaml +++ b/config/clusters/cloudbank/csulb.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://csulb.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://its-shib.its.csulb.edu/idp/shibboleth: - default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/csum.values.yaml b/config/clusters/cloudbank/csum.values.yaml index 1ed5006e23..e4338d28d3 100644 --- a/config/clusters/cloudbank/csum.values.yaml +++ b/config/clusters/cloudbank/csum.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: "https://csum.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://cma-shibboleth.csum.edu/idp/shibboleth: - default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/demo.values.yaml b/config/clusters/cloudbank/demo.values.yaml index c36670feec..dbf15f28a6 100644 --- a/config/clusters/cloudbank/demo.values.yaml +++ b/config/clusters/cloudbank/demo.values.yaml @@ -40,7 +40,6 @@ jupyterhub: oauth_callback_url: https://demo.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" Authenticator: diff --git a/config/clusters/cloudbank/dvc.values.yaml b/config/clusters/cloudbank/dvc.values.yaml index 5e36654eea..dce9039f10 100644 --- a/config/clusters/cloudbank/dvc.values.yaml +++ b/config/clusters/cloudbank/dvc.values.yaml @@ -35,7 +35,6 @@ jupyterhub: oauth_callback_url: https://dvc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/elcamino.values.yaml b/config/clusters/cloudbank/elcamino.values.yaml index a733bd3171..670bffc31a 100644 --- a/config/clusters/cloudbank/elcamino.values.yaml +++ b/config/clusters/cloudbank/elcamino.values.yaml @@ -36,7 +36,6 @@ jupyterhub: oauth_callback_url: "https://elcamino.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/evc.values.yaml b/config/clusters/cloudbank/evc.values.yaml index c48f0a6d55..ac04f1379d 100644 --- a/config/clusters/cloudbank/evc.values.yaml +++ b/config/clusters/cloudbank/evc.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://evc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/fresno.values.yaml b/config/clusters/cloudbank/fresno.values.yaml index 8035067bf9..5a333e8abc 100644 --- a/config/clusters/cloudbank/fresno.values.yaml +++ b/config/clusters/cloudbank/fresno.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: https://fresno.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://idp.scccd.edu/idp/shibboleth: - default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/glendale.values.yaml b/config/clusters/cloudbank/glendale.values.yaml index cba325c70c..080bab4d51 100644 --- a/config/clusters/cloudbank/glendale.values.yaml +++ b/config/clusters/cloudbank/glendale.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: https://glendale.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/howard.values.yaml b/config/clusters/cloudbank/howard.values.yaml index 2657e9b94d..f2fa446aa4 100644 --- a/config/clusters/cloudbank/howard.values.yaml +++ b/config/clusters/cloudbank/howard.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://howard.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/humboldt.values.yaml b/config/clusters/cloudbank/humboldt.values.yaml index 7578b35d37..80ef787324 100644 --- a/config/clusters/cloudbank/humboldt.values.yaml +++ b/config/clusters/cloudbank/humboldt.values.yaml @@ -40,7 +40,6 @@ jupyterhub: oauth_callback_url: https://humboldt.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://sso.humboldt.edu/idp/metadata: - default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/lacc.values.yaml b/config/clusters/cloudbank/lacc.values.yaml index 9054bfee6b..d147fff1e5 100644 --- a/config/clusters/cloudbank/lacc.values.yaml +++ b/config/clusters/cloudbank/lacc.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://lacc.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/laney.values.yaml b/config/clusters/cloudbank/laney.values.yaml index ffe42b2b76..f431f69e26 100644 --- a/config/clusters/cloudbank/laney.values.yaml +++ b/config/clusters/cloudbank/laney.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://laney.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/mills.values.yaml b/config/clusters/cloudbank/mills.values.yaml index 073aeea1d6..74b846e6d3 100644 --- a/config/clusters/cloudbank/mills.values.yaml +++ b/config/clusters/cloudbank/mills.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://datahub.mills.edu/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/miracosta.values.yaml b/config/clusters/cloudbank/miracosta.values.yaml index 7c83e77524..9864706df3 100644 --- a/config/clusters/cloudbank/miracosta.values.yaml +++ b/config/clusters/cloudbank/miracosta.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: https://miracosta.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://miracosta.fedgw.com/gateway: - default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/mission.values.yaml b/config/clusters/cloudbank/mission.values.yaml index 42eacb4bfd..6ec0d56592 100644 --- a/config/clusters/cloudbank/mission.values.yaml +++ b/config/clusters/cloudbank/mission.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://mission.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/norco.values.yaml b/config/clusters/cloudbank/norco.values.yaml index 914637f178..2e64440c0c 100644 --- a/config/clusters/cloudbank/norco.values.yaml +++ b/config/clusters/cloudbank/norco.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://norco.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/palomar.values.yaml b/config/clusters/cloudbank/palomar.values.yaml index aa601ff2df..2d5e8ce8f8 100644 --- a/config/clusters/cloudbank/palomar.values.yaml +++ b/config/clusters/cloudbank/palomar.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://palomar.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/pasadena.values.yaml b/config/clusters/cloudbank/pasadena.values.yaml index 1ebd4ea014..c5ce436305 100644 --- a/config/clusters/cloudbank/pasadena.values.yaml +++ b/config/clusters/cloudbank/pasadena.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://pasadena.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sacramento.values.yaml b/config/clusters/cloudbank/sacramento.values.yaml index 0b5c108fe2..ff03773762 100644 --- a/config/clusters/cloudbank/sacramento.values.yaml +++ b/config/clusters/cloudbank/sacramento.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://sacramento.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/saddleback.values.yaml b/config/clusters/cloudbank/saddleback.values.yaml index 0e617ecafb..ffaa5de787 100644 --- a/config/clusters/cloudbank/saddleback.values.yaml +++ b/config/clusters/cloudbank/saddleback.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://saddleback.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/santiago.values.yaml b/config/clusters/cloudbank/santiago.values.yaml index 433b093639..14837ede12 100644 --- a/config/clusters/cloudbank/santiago.values.yaml +++ b/config/clusters/cloudbank/santiago.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://santiago.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sbcc-dev.values.yaml b/config/clusters/cloudbank/sbcc-dev.values.yaml index 70bfb1d21a..bb470db2b6 100644 --- a/config/clusters/cloudbank/sbcc-dev.values.yaml +++ b/config/clusters/cloudbank/sbcc-dev.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://sbcc-dev.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://idp.sbcc.edu/idp/shibboleth: - default: true username_derivation: username_claim: "email" http://google.com/accounts/o8/id: diff --git a/config/clusters/cloudbank/sbcc.values.yaml b/config/clusters/cloudbank/sbcc.values.yaml index 7edbf3a6ca..f186ee3386 100644 --- a/config/clusters/cloudbank/sbcc.values.yaml +++ b/config/clusters/cloudbank/sbcc.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://sbcc.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://idp.sbcc.edu/idp/shibboleth: - default: true username_derivation: username_claim: "email" http://google.com/accounts/o8/id: diff --git a/config/clusters/cloudbank/sjcc.values.yaml b/config/clusters/cloudbank/sjcc.values.yaml index baf38bb3ad..7aa427950e 100644 --- a/config/clusters/cloudbank/sjcc.values.yaml +++ b/config/clusters/cloudbank/sjcc.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: https://sjcc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sjsu.values.yaml b/config/clusters/cloudbank/sjsu.values.yaml index 8e9eaba333..7984a92a8f 100644 --- a/config/clusters/cloudbank/sjsu.values.yaml +++ b/config/clusters/cloudbank/sjsu.values.yaml @@ -40,7 +40,6 @@ jupyterhub: oauth_callback_url: https://sjsu.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://idp01.sjsu.edu/idp/shibboleth: - default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/skyline.values.yaml b/config/clusters/cloudbank/skyline.values.yaml index 83d312e02c..03b16084f1 100644 --- a/config/clusters/cloudbank/skyline.values.yaml +++ b/config/clusters/cloudbank/skyline.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://skyline.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/srjc.values.yaml b/config/clusters/cloudbank/srjc.values.yaml index dd2228325f..03c6802287 100644 --- a/config/clusters/cloudbank/srjc.values.yaml +++ b/config/clusters/cloudbank/srjc.values.yaml @@ -37,7 +37,6 @@ jupyterhub: oauth_callback_url: https://srjc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/staging.values.yaml b/config/clusters/cloudbank/staging.values.yaml index 44a897ee0d..83ec5fe872 100644 --- a/config/clusters/cloudbank/staging.values.yaml +++ b/config/clusters/cloudbank/staging.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://staging.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/tuskegee.values.yaml b/config/clusters/cloudbank/tuskegee.values.yaml index fcd3225ddd..9ff5994406 100644 --- a/config/clusters/cloudbank/tuskegee.values.yaml +++ b/config/clusters/cloudbank/tuskegee.values.yaml @@ -31,7 +31,6 @@ jupyterhub: oauth_callback_url: "https://tuskegee.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index c6796075c0..f6a2a84f42 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -125,7 +125,6 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: - default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/jupyter-meets-the-earth/common.values.yaml b/config/clusters/jupyter-meets-the-earth/common.values.yaml index 4e99ea5003..11ee63bdd2 100644 --- a/config/clusters/jupyter-meets-the-earth/common.values.yaml +++ b/config/clusters/jupyter-meets-the-earth/common.values.yaml @@ -215,7 +215,6 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: - default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/pangeo-hubs/coessing.values.yaml b/config/clusters/pangeo-hubs/coessing.values.yaml index fd165be81a..0235e3e56c 100644 --- a/config/clusters/pangeo-hubs/coessing.values.yaml +++ b/config/clusters/pangeo-hubs/coessing.values.yaml @@ -40,7 +40,6 @@ basehub: oauth_callback_url: "https://coessing.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/ubc-eoas/common.values.yaml b/config/clusters/ubc-eoas/common.values.yaml index 663e0d78f4..f4f34d33e0 100644 --- a/config/clusters/ubc-eoas/common.values.yaml +++ b/config/clusters/ubc-eoas/common.values.yaml @@ -42,7 +42,6 @@ jupyterhub: CILogonOAuthenticator: allowed_idps: https://authentication.ubc.ca: - default: true username_derivation: username_claim: email action: strip_idp_domain diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index f564cb0faa..a675f835c0 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -82,7 +82,6 @@ jupyterhub: CILogonOAuthenticator: allowed_idps: https://idpz.utorauth.utoronto.ca/shibboleth: - default: true username_derivation: username_claim: "email" allow_all: true diff --git a/docs/hub-deployment-guide/configure-auth/cilogon.md b/docs/hub-deployment-guide/configure-auth/cilogon.md index 5b72443e95..a6816937cd 100644 --- a/docs/hub-deployment-guide/configure-auth/cilogon.md +++ b/docs/hub-deployment-guide/configure-auth/cilogon.md @@ -75,7 +75,6 @@ jupyterhub: # In this example, all authenticated users are authorized via the idp # specific allow_all config. https://idp2.anu.edu.au/idp/shibboleth: - default: true username_derivation: username_claim: email allow_all: true # authorize all users authenticated by the idp @@ -133,7 +132,6 @@ jupyterhub: oauth_callback_url: https://{{ HUB_DOMAIN }}/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: - default: true username_derivation: username_claim: "preferred_username" ``` From 770bfe911bf8e24cb19eb6d2584f53c63a1ab3ed Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 27 Nov 2023 19:52:41 -0800 Subject: [PATCH 054/494] Tell cluster autoscaler to leave the hub pod alone Prevents the autoscaler from evicting the hub pod, and resolves an outage caused by the autoscaler bouncing around a lot. Ref: https://github.com/2i2c-org/infrastructure/issues/3461 --- config/clusters/leap/common.values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index 1cd7a4c6b9..234662894e 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -37,6 +37,10 @@ basehub: name: LEAP url: https://leap-stc.github.io hub: + annotations: + # Prevents the core node on which this pod is present from being drained + # See https://github.com/2i2c-org/infrastructure/issues/3461 + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" allowNamedServers: true config: JupyterHub: From fd1b116d0e114560c6f54f9477e7e7df9cc79872 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Nov 2023 07:30:45 +0100 Subject: [PATCH 055/494] basehub: bump z2jh to 3.2.1 --- helm-charts/basehub/Chart.yaml | 2 +- helm-charts/images/hub/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm-charts/basehub/Chart.yaml b/helm-charts/basehub/Chart.yaml index bfb959e31f..90f4d3a210 100644 --- a/helm-charts/basehub/Chart.yaml +++ b/helm-charts/basehub/Chart.yaml @@ -12,7 +12,7 @@ dependencies: # images/hub/Dockerfile, and will also involve manually building and pushing # the Dockerfile to https://quay.io/2i2c/pilot-hub. Details about this can # be found in the Dockerfile's comments. - version: 3.2.0 + version: 3.2.1 repository: https://jupyterhub.github.io/helm-chart/ - name: binderhub-service version: 0.1.0-0.dev.git.110.hd833d08 diff --git a/helm-charts/images/hub/Dockerfile b/helm-charts/images/hub/Dockerfile index c6a2e0cee7..c58effa62d 100644 --- a/helm-charts/images/hub/Dockerfile +++ b/helm-charts/images/hub/Dockerfile @@ -12,7 +12,7 @@ # `chartpress --push --builder docker-buildx --platform linux/amd64` # Ref: https://cloudolife.com/2022/03/05/Infrastructure-as-Code-IaC/Container/Docker/Docker-buildx-support-multiple-architectures-images/ # -FROM jupyterhub/k8s-hub:3.2.0 +FROM jupyterhub/k8s-hub:3.2.1 # chartpress.yaml defines multiple hub images differentiated only by a # requirements.txt file with dependencies, this build argument allows us to From 8e477a0a806310723a1c7395522e7c5c288ab81e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Nov 2023 07:34:20 +0100 Subject: [PATCH 056/494] basehub: update our hub image to be z2jh 3.2.1 based --- helm-charts/basehub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index bdadc86664..665b2a12cf 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -579,7 +579,7 @@ jupyterhub: admin: true image: name: quay.io/2i2c/pilot-hub - tag: "0.0.1-0.dev.git.7655.h70e84dd2" + tag: "0.0.1-0.dev.git.7670.hfd1b116d" networkPolicy: enabled: true # interNamespaceAccessLabels=accept makes the hub pod's associated From e45db32eed541dd7ac59b33229d2189269c2ba82 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 16:10:21 +0100 Subject: [PATCH 057/494] cilogon hubs: declare first allowed_idps entry as default I've historically refactored these to put the community's IdP on the top, so this should be the community's IdP. Could be worth to verify again though. --- .../clusters/2i2c-aws-us/cosmicds.values.yaml | 1 + config/clusters/2i2c-uk/staging.values.yaml | 1 + config/clusters/2i2c/aup.values.yaml | 1 + .../clusters/2i2c/binder-staging.values.yaml | 1 + config/clusters/2i2c/dask-staging.values.yaml | 1 + config/clusters/2i2c/demo.values.yaml | 1 + config/clusters/2i2c/mtu.values.yaml | 1 + .../clusters/2i2c/neurohackademy.values.yaml | 1 + config/clusters/2i2c/staging.values.yaml | 1 + config/clusters/2i2c/temple.values.yaml | 1 + .../clusters/2i2c/ucmerced-common.values.yaml | 29 +++++++------------ config/clusters/callysto/common.values.yaml | 1 + config/clusters/carbonplan/common.values.yaml | 1 + .../nm-aist.values.yaml | 1 + .../unitefa-conicet.values.yaml | 1 + config/clusters/cloudbank/bcc.values.yaml | 1 + config/clusters/cloudbank/ccsf.values.yaml | 1 + config/clusters/cloudbank/csm.values.yaml | 1 + config/clusters/cloudbank/csulb.values.yaml | 1 + config/clusters/cloudbank/csum.values.yaml | 1 + config/clusters/cloudbank/demo.values.yaml | 1 + config/clusters/cloudbank/dvc.values.yaml | 1 + .../clusters/cloudbank/elcamino.values.yaml | 1 + config/clusters/cloudbank/evc.values.yaml | 1 + config/clusters/cloudbank/fresno.values.yaml | 1 + .../clusters/cloudbank/glendale.values.yaml | 1 + config/clusters/cloudbank/howard.values.yaml | 1 + .../clusters/cloudbank/humboldt.values.yaml | 1 + config/clusters/cloudbank/lacc.values.yaml | 1 + config/clusters/cloudbank/laney.values.yaml | 1 + config/clusters/cloudbank/mills.values.yaml | 1 + .../clusters/cloudbank/miracosta.values.yaml | 1 + config/clusters/cloudbank/mission.values.yaml | 1 + config/clusters/cloudbank/norco.values.yaml | 1 + config/clusters/cloudbank/palomar.values.yaml | 1 + .../clusters/cloudbank/pasadena.values.yaml | 1 + .../clusters/cloudbank/sacramento.values.yaml | 1 + .../clusters/cloudbank/saddleback.values.yaml | 1 + .../clusters/cloudbank/santiago.values.yaml | 1 + .../clusters/cloudbank/sbcc-dev.values.yaml | 1 + config/clusters/cloudbank/sbcc.values.yaml | 1 + config/clusters/cloudbank/sjcc.values.yaml | 1 + config/clusters/cloudbank/sjsu.values.yaml | 1 + config/clusters/cloudbank/skyline.values.yaml | 1 + config/clusters/cloudbank/srjc.values.yaml | 1 + config/clusters/cloudbank/staging.values.yaml | 1 + .../clusters/cloudbank/tuskegee.values.yaml | 1 + config/clusters/hhmi/common.values.yaml | 1 + .../common.values.yaml | 1 + .../clusters/pangeo-hubs/coessing.values.yaml | 1 + config/clusters/ubc-eoas/common.values.yaml | 1 + config/clusters/utoronto/common.values.yaml | 1 + .../configure-auth/cilogon.md | 2 ++ 53 files changed, 63 insertions(+), 19 deletions(-) diff --git a/config/clusters/2i2c-aws-us/cosmicds.values.yaml b/config/clusters/2i2c-aws-us/cosmicds.values.yaml index d0e047e245..bc47f8526b 100644 --- a/config/clusters/2i2c-aws-us/cosmicds.values.yaml +++ b/config/clusters/2i2c-aws-us/cosmicds.values.yaml @@ -83,6 +83,7 @@ jupyterhub: oauth_callback_url: https://cosmicds.2i2c.cloud/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" allow_all: true diff --git a/config/clusters/2i2c-uk/staging.values.yaml b/config/clusters/2i2c-uk/staging.values.yaml index 789a684aba..0ec5159734 100644 --- a/config/clusters/2i2c-uk/staging.values.yaml +++ b/config/clusters/2i2c-uk/staging.values.yaml @@ -41,5 +41,6 @@ jupyterhub: oauth_callback_url: "https://staging.uk.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/aup.values.yaml b/config/clusters/2i2c/aup.values.yaml index beec96e623..a7175cdaf0 100644 --- a/config/clusters/2i2c/aup.values.yaml +++ b/config/clusters/2i2c/aup.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: "https://aup.pilot.2i2c.cloud/hub/oauth_callback" allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 5927be3c88..4b801044cf 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -74,6 +74,7 @@ binderhub: oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" Authenticator: diff --git a/config/clusters/2i2c/dask-staging.values.yaml b/config/clusters/2i2c/dask-staging.values.yaml index 7782eb276f..7fd99282c3 100644 --- a/config/clusters/2i2c/dask-staging.values.yaml +++ b/config/clusters/2i2c/dask-staging.values.yaml @@ -47,5 +47,6 @@ basehub: oauth_callback_url: "https://dask-staging.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/demo.values.yaml b/config/clusters/2i2c/demo.values.yaml index 22faef42d8..dbabd12084 100644 --- a/config/clusters/2i2c/demo.values.yaml +++ b/config/clusters/2i2c/demo.values.yaml @@ -34,6 +34,7 @@ jupyterhub: allowed_idps: # UTexas hub https://enterprise.login.utexas.edu/idp/shibboleth: + default: true username_derivation: username_claim: "eppn" allow_all: true diff --git a/config/clusters/2i2c/mtu.values.yaml b/config/clusters/2i2c/mtu.values.yaml index b24deeaacf..be833a1e13 100644 --- a/config/clusters/2i2c/mtu.values.yaml +++ b/config/clusters/2i2c/mtu.values.yaml @@ -38,6 +38,7 @@ jupyterhub: allowed_idps: # Allow MTU to login via Shibboleth https://sso.mtu.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/2i2c/neurohackademy.values.yaml b/config/clusters/2i2c/neurohackademy.values.yaml index 17764ea812..4db1082b4f 100644 --- a/config/clusters/2i2c/neurohackademy.values.yaml +++ b/config/clusters/2i2c/neurohackademy.values.yaml @@ -59,6 +59,7 @@ jupyterhub: oauth_callback_url: https://neurohackademy.2i2c.cloud/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/2i2c/staging.values.yaml b/config/clusters/2i2c/staging.values.yaml index 0c0b444eea..f60f64113a 100644 --- a/config/clusters/2i2c/staging.values.yaml +++ b/config/clusters/2i2c/staging.values.yaml @@ -58,5 +58,6 @@ jupyterhub: oauth_callback_url: "https://staging.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" diff --git a/config/clusters/2i2c/temple.values.yaml b/config/clusters/2i2c/temple.values.yaml index ae5fd3e702..b62d10f4bd 100644 --- a/config/clusters/2i2c/temple.values.yaml +++ b/config/clusters/2i2c/temple.values.yaml @@ -51,6 +51,7 @@ jupyterhub: oauth_callback_url: https://temple.2i2c.cloud/hub/oauth_callback allowed_idps: https://fim.temple.edu/idp/shibboleth: + default: true username_derivation: username_claim: "eppn" allow_all: true diff --git a/config/clusters/2i2c/ucmerced-common.values.yaml b/config/clusters/2i2c/ucmerced-common.values.yaml index bed6bf9c3d..80cbd04529 100644 --- a/config/clusters/2i2c/ucmerced-common.values.yaml +++ b/config/clusters/2i2c/ucmerced-common.values.yaml @@ -19,28 +19,19 @@ jupyterhub: name: University of California, Merced url: http://www.ucmerced.edu/ hub: - extraConfig: - 100-cilogon-ordering: | - # Explicitly specify allowed_idps here, so their sort order is - # preserved. Otherwise, the keys get sorted lexicographically, - # and Google comes before UC Merced - # https://github.com/2i2c-org/infrastructure/issues/3267 - c.CILogonOAuthenticator.allowed_idps = { - "urn:mace:incommon:ucmerced.edu": { - "username_derivation": { - "username_claim": "eppn" - }, - "allow_all": True - }, - "http://google.com/accounts/o8/id": { - "username_derivation": { - "username_claim": "email" - } - } - } config: JupyterHub: authenticator_class: cilogon + CILogonOAuthenticator: + allowed_idps: + urn:mace:incommon:ucmerced.edu: + default: true + username_derivation: + username_claim: "eppn" + allow_all: true + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" Authenticator: admin_users: - schadalapaka@ucmerced.edu diff --git a/config/clusters/callysto/common.values.yaml b/config/clusters/callysto/common.values.yaml index 3cbfe0c883..9904e84ecd 100644 --- a/config/clusters/callysto/common.values.yaml +++ b/config/clusters/callysto/common.values.yaml @@ -141,6 +141,7 @@ jupyterhub: - "106951135662332329542" # Elmar Bouwer (Cybera) allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "oidc" allowed_domains: &allowed_domains diff --git a/config/clusters/carbonplan/common.values.yaml b/config/clusters/carbonplan/common.values.yaml index 33691c26b5..20ab228c80 100644 --- a/config/clusters/carbonplan/common.values.yaml +++ b/config/clusters/carbonplan/common.values.yaml @@ -190,6 +190,7 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/catalystproject-africa/nm-aist.values.yaml b/config/clusters/catalystproject-africa/nm-aist.values.yaml index 40e013fc10..88b7961cf1 100644 --- a/config/clusters/catalystproject-africa/nm-aist.values.yaml +++ b/config/clusters/catalystproject-africa/nm-aist.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://nm-aist.af.catalystproject.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: email allowed_domains: diff --git a/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml b/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml index 5f446c27ec..548682c149 100644 --- a/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml +++ b/config/clusters/catalystproject-latam/unitefa-conicet.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://unitefa-conicet.latam.catalystproject.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/bcc.values.yaml b/config/clusters/cloudbank/bcc.values.yaml index 9020355723..1d26feba32 100644 --- a/config/clusters/cloudbank/bcc.values.yaml +++ b/config/clusters/cloudbank/bcc.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://bcc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/ccsf.values.yaml b/config/clusters/cloudbank/ccsf.values.yaml index 786b32d16f..7039b61fff 100644 --- a/config/clusters/cloudbank/ccsf.values.yaml +++ b/config/clusters/cloudbank/ccsf.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: "https://ccsf.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/csm.values.yaml b/config/clusters/cloudbank/csm.values.yaml index e7409cc5e9..98e27c05bc 100644 --- a/config/clusters/cloudbank/csm.values.yaml +++ b/config/clusters/cloudbank/csm.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://csm.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/csulb.values.yaml b/config/clusters/cloudbank/csulb.values.yaml index 8eb30c3e91..27c86f1c8b 100644 --- a/config/clusters/cloudbank/csulb.values.yaml +++ b/config/clusters/cloudbank/csulb.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://csulb.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://its-shib.its.csulb.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/csum.values.yaml b/config/clusters/cloudbank/csum.values.yaml index e4338d28d3..1ed5006e23 100644 --- a/config/clusters/cloudbank/csum.values.yaml +++ b/config/clusters/cloudbank/csum.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: "https://csum.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://cma-shibboleth.csum.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/demo.values.yaml b/config/clusters/cloudbank/demo.values.yaml index dbf15f28a6..c36670feec 100644 --- a/config/clusters/cloudbank/demo.values.yaml +++ b/config/clusters/cloudbank/demo.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: https://demo.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" Authenticator: diff --git a/config/clusters/cloudbank/dvc.values.yaml b/config/clusters/cloudbank/dvc.values.yaml index dce9039f10..5e36654eea 100644 --- a/config/clusters/cloudbank/dvc.values.yaml +++ b/config/clusters/cloudbank/dvc.values.yaml @@ -35,6 +35,7 @@ jupyterhub: oauth_callback_url: https://dvc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/elcamino.values.yaml b/config/clusters/cloudbank/elcamino.values.yaml index 670bffc31a..a733bd3171 100644 --- a/config/clusters/cloudbank/elcamino.values.yaml +++ b/config/clusters/cloudbank/elcamino.values.yaml @@ -36,6 +36,7 @@ jupyterhub: oauth_callback_url: "https://elcamino.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/evc.values.yaml b/config/clusters/cloudbank/evc.values.yaml index ac04f1379d..c48f0a6d55 100644 --- a/config/clusters/cloudbank/evc.values.yaml +++ b/config/clusters/cloudbank/evc.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://evc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/fresno.values.yaml b/config/clusters/cloudbank/fresno.values.yaml index 5a333e8abc..8035067bf9 100644 --- a/config/clusters/cloudbank/fresno.values.yaml +++ b/config/clusters/cloudbank/fresno.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://fresno.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://idp.scccd.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/glendale.values.yaml b/config/clusters/cloudbank/glendale.values.yaml index 080bab4d51..cba325c70c 100644 --- a/config/clusters/cloudbank/glendale.values.yaml +++ b/config/clusters/cloudbank/glendale.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://glendale.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/howard.values.yaml b/config/clusters/cloudbank/howard.values.yaml index f2fa446aa4..2657e9b94d 100644 --- a/config/clusters/cloudbank/howard.values.yaml +++ b/config/clusters/cloudbank/howard.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://howard.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/humboldt.values.yaml b/config/clusters/cloudbank/humboldt.values.yaml index 80ef787324..7578b35d37 100644 --- a/config/clusters/cloudbank/humboldt.values.yaml +++ b/config/clusters/cloudbank/humboldt.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: https://humboldt.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://sso.humboldt.edu/idp/metadata: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/lacc.values.yaml b/config/clusters/cloudbank/lacc.values.yaml index d147fff1e5..9054bfee6b 100644 --- a/config/clusters/cloudbank/lacc.values.yaml +++ b/config/clusters/cloudbank/lacc.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://lacc.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/laney.values.yaml b/config/clusters/cloudbank/laney.values.yaml index f431f69e26..ffe42b2b76 100644 --- a/config/clusters/cloudbank/laney.values.yaml +++ b/config/clusters/cloudbank/laney.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://laney.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/mills.values.yaml b/config/clusters/cloudbank/mills.values.yaml index 74b846e6d3..073aeea1d6 100644 --- a/config/clusters/cloudbank/mills.values.yaml +++ b/config/clusters/cloudbank/mills.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://datahub.mills.edu/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/miracosta.values.yaml b/config/clusters/cloudbank/miracosta.values.yaml index 9864706df3..7c83e77524 100644 --- a/config/clusters/cloudbank/miracosta.values.yaml +++ b/config/clusters/cloudbank/miracosta.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://miracosta.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://miracosta.fedgw.com/gateway: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/mission.values.yaml b/config/clusters/cloudbank/mission.values.yaml index 6ec0d56592..42eacb4bfd 100644 --- a/config/clusters/cloudbank/mission.values.yaml +++ b/config/clusters/cloudbank/mission.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://mission.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/norco.values.yaml b/config/clusters/cloudbank/norco.values.yaml index 2e64440c0c..914637f178 100644 --- a/config/clusters/cloudbank/norco.values.yaml +++ b/config/clusters/cloudbank/norco.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://norco.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/palomar.values.yaml b/config/clusters/cloudbank/palomar.values.yaml index 2d5e8ce8f8..aa601ff2df 100644 --- a/config/clusters/cloudbank/palomar.values.yaml +++ b/config/clusters/cloudbank/palomar.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://palomar.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/pasadena.values.yaml b/config/clusters/cloudbank/pasadena.values.yaml index c5ce436305..1ebd4ea014 100644 --- a/config/clusters/cloudbank/pasadena.values.yaml +++ b/config/clusters/cloudbank/pasadena.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://pasadena.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sacramento.values.yaml b/config/clusters/cloudbank/sacramento.values.yaml index ff03773762..0b5c108fe2 100644 --- a/config/clusters/cloudbank/sacramento.values.yaml +++ b/config/clusters/cloudbank/sacramento.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://sacramento.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/saddleback.values.yaml b/config/clusters/cloudbank/saddleback.values.yaml index ffaa5de787..0e617ecafb 100644 --- a/config/clusters/cloudbank/saddleback.values.yaml +++ b/config/clusters/cloudbank/saddleback.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://saddleback.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/santiago.values.yaml b/config/clusters/cloudbank/santiago.values.yaml index 14837ede12..433b093639 100644 --- a/config/clusters/cloudbank/santiago.values.yaml +++ b/config/clusters/cloudbank/santiago.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://santiago.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sbcc-dev.values.yaml b/config/clusters/cloudbank/sbcc-dev.values.yaml index bb470db2b6..70bfb1d21a 100644 --- a/config/clusters/cloudbank/sbcc-dev.values.yaml +++ b/config/clusters/cloudbank/sbcc-dev.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://sbcc-dev.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://idp.sbcc.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" http://google.com/accounts/o8/id: diff --git a/config/clusters/cloudbank/sbcc.values.yaml b/config/clusters/cloudbank/sbcc.values.yaml index f186ee3386..7edbf3a6ca 100644 --- a/config/clusters/cloudbank/sbcc.values.yaml +++ b/config/clusters/cloudbank/sbcc.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://sbcc.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: https://idp.sbcc.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" http://google.com/accounts/o8/id: diff --git a/config/clusters/cloudbank/sjcc.values.yaml b/config/clusters/cloudbank/sjcc.values.yaml index 7aa427950e..baf38bb3ad 100644 --- a/config/clusters/cloudbank/sjcc.values.yaml +++ b/config/clusters/cloudbank/sjcc.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://sjcc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://login.microsoftonline.com/common/oauth2/v2.0/authorize: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/sjsu.values.yaml b/config/clusters/cloudbank/sjsu.values.yaml index 7984a92a8f..8e9eaba333 100644 --- a/config/clusters/cloudbank/sjsu.values.yaml +++ b/config/clusters/cloudbank/sjsu.values.yaml @@ -40,6 +40,7 @@ jupyterhub: oauth_callback_url: https://sjsu.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: https://idp01.sjsu.edu/idp/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/config/clusters/cloudbank/skyline.values.yaml b/config/clusters/cloudbank/skyline.values.yaml index 03b16084f1..83d312e02c 100644 --- a/config/clusters/cloudbank/skyline.values.yaml +++ b/config/clusters/cloudbank/skyline.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://skyline.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/srjc.values.yaml b/config/clusters/cloudbank/srjc.values.yaml index 03c6802287..dd2228325f 100644 --- a/config/clusters/cloudbank/srjc.values.yaml +++ b/config/clusters/cloudbank/srjc.values.yaml @@ -37,6 +37,7 @@ jupyterhub: oauth_callback_url: https://srjc.cloudbank.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" allowed_domains: diff --git a/config/clusters/cloudbank/staging.values.yaml b/config/clusters/cloudbank/staging.values.yaml index 83ec5fe872..44a897ee0d 100644 --- a/config/clusters/cloudbank/staging.values.yaml +++ b/config/clusters/cloudbank/staging.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://staging.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/cloudbank/tuskegee.values.yaml b/config/clusters/cloudbank/tuskegee.values.yaml index 9ff5994406..fcd3225ddd 100644 --- a/config/clusters/cloudbank/tuskegee.values.yaml +++ b/config/clusters/cloudbank/tuskegee.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: "https://tuskegee.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index f6a2a84f42..c6796075c0 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -125,6 +125,7 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/jupyter-meets-the-earth/common.values.yaml b/config/clusters/jupyter-meets-the-earth/common.values.yaml index 11ee63bdd2..4e99ea5003 100644 --- a/config/clusters/jupyter-meets-the-earth/common.values.yaml +++ b/config/clusters/jupyter-meets-the-earth/common.values.yaml @@ -215,6 +215,7 @@ basehub: CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" OAuthenticator: diff --git a/config/clusters/pangeo-hubs/coessing.values.yaml b/config/clusters/pangeo-hubs/coessing.values.yaml index 0235e3e56c..fd165be81a 100644 --- a/config/clusters/pangeo-hubs/coessing.values.yaml +++ b/config/clusters/pangeo-hubs/coessing.values.yaml @@ -40,6 +40,7 @@ basehub: oauth_callback_url: "https://coessing.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: "email" OAuthenticator: diff --git a/config/clusters/ubc-eoas/common.values.yaml b/config/clusters/ubc-eoas/common.values.yaml index f4f34d33e0..663e0d78f4 100644 --- a/config/clusters/ubc-eoas/common.values.yaml +++ b/config/clusters/ubc-eoas/common.values.yaml @@ -42,6 +42,7 @@ jupyterhub: CILogonOAuthenticator: allowed_idps: https://authentication.ubc.ca: + default: true username_derivation: username_claim: email action: strip_idp_domain diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index a675f835c0..f564cb0faa 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -82,6 +82,7 @@ jupyterhub: CILogonOAuthenticator: allowed_idps: https://idpz.utorauth.utoronto.ca/shibboleth: + default: true username_derivation: username_claim: "email" allow_all: true diff --git a/docs/hub-deployment-guide/configure-auth/cilogon.md b/docs/hub-deployment-guide/configure-auth/cilogon.md index a6816937cd..5b72443e95 100644 --- a/docs/hub-deployment-guide/configure-auth/cilogon.md +++ b/docs/hub-deployment-guide/configure-auth/cilogon.md @@ -75,6 +75,7 @@ jupyterhub: # In this example, all authenticated users are authorized via the idp # specific allow_all config. https://idp2.anu.edu.au/idp/shibboleth: + default: true username_derivation: username_claim: email allow_all: true # authorize all users authenticated by the idp @@ -132,6 +133,7 @@ jupyterhub: oauth_callback_url: https://{{ HUB_DOMAIN }}/hub/oauth_callback allowed_idps: http://github.com/login/oauth/authorize: + default: true username_derivation: username_claim: "preferred_username" ``` From 6cceafdc392f145124aa924504ed55c81670cb95 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Nov 2023 09:22:13 +0100 Subject: [PATCH 058/494] callysto: fix for migration of authenticator --- config/clusters/callysto/common.values.yaml | 24 ++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/config/clusters/callysto/common.values.yaml b/config/clusters/callysto/common.values.yaml index f4d0a3595d..11d3dab4ef 100644 --- a/config/clusters/callysto/common.values.yaml +++ b/config/clusters/callysto/common.values.yaml @@ -56,19 +56,9 @@ jupyterhub: {% endblock %} hub: config: + JupyterHub: + authenticator_class: cilogon CILogonOAuthenticator: - # Usernames are based on a unique "oidc" claim and not email, so we need - # to reference these names when declaring admin_users. The custom - # authenticator class used will reject any user not having an associated - # email with a specific domain name though. - admin_users: - - "117859169473992122769" # Georgiana (2i2c) - - "115722756968212778437" # Sarah (2i2c) - - "103849660365364958119" # Erik (2i2c) - - "115240156849150087300" # Ian Allison (PIMS) - - "102749090965437723445" # Byron Chu (Cybera) - - "115909958579864751636" # Michael Jones (Cybera) - - "106951135662332329542" # Elmar Bouwer (Cybera) allowed_idps: http://google.com/accounts/o8/id: default: true @@ -98,3 +88,13 @@ jupyterhub: username_claim: "oidc" allowed_domains_claim: email allowed_domains: *allowed_domains + # Usernames are based on a unique "oidc" claim and not email, so we need + # to reference these names when declaring admin_users. + admin_users: + - "117859169473992122769" # Georgiana (2i2c) + - "115722756968212778437" # Sarah (2i2c) + - "103849660365364958119" # Erik (2i2c) + - "115240156849150087300" # Ian Allison (PIMS) + - "102749090965437723445" # Byron Chu (Cybera) + - "115909958579864751636" # Michael Jones (Cybera) + - "106951135662332329542" # Elmar Bouwer (Cybera) From 6dfcd75331c763a1dcbf78676f1d6cc2cfbfccb4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Nov 2023 09:22:42 +0100 Subject: [PATCH 059/494] 2i2c, binder-staging: don't use optional z2jh 3.2.1+ config --- config/clusters/2i2c/binder-staging.values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 4b801044cf..5927be3c88 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -74,7 +74,6 @@ binderhub: oauth_callback_url: "https://binder-staging.hub.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: - default: true username_derivation: username_claim: "email" Authenticator: From e036e95c96564443d910d7c5bd2e5f3f1fee88f9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Nov 2023 11:47:18 +0100 Subject: [PATCH 060/494] terraform, gcp: fix bug for use of default node version --- terraform/gcp/cluster.tf | 2 +- terraform/gcp/variables.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf index 050aa1364c..3b1472c7b6 100644 --- a/terraform/gcp/cluster.tf +++ b/terraform/gcp/cluster.tf @@ -251,7 +251,7 @@ resource "google_container_node_pool" "notebook" { cluster = google_container_cluster.cluster.name project = google_container_cluster.cluster.project location = google_container_cluster.cluster.location - version = try(each.value.node_version, var.k8s_versions.notebook_nodes_version) + version = coalesce(each.value.node_version, var.k8s_versions.notebook_nodes_version) # terraform treats null same as unset, so we only set the node_locations # here if it is explicitly overriden. If not, it will just inherit whatever diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index df5d6095b6..0acd6963f3 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -133,6 +133,7 @@ variable "dask_nodes" { temp_opt_out_node_purpose_label : optional(bool, false), resource_labels : optional(map(string), {}), zones : optional(list(string), []) + node_version : optional(string, ""), })) description = "Dask node pools to create. Defaults to notebook_nodes" default = {} From 2026a4ffc6486f995abe4205a9919e5bbefa11fb Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Nov 2023 11:47:44 +0100 Subject: [PATCH 061/494] terraform, gcp: misc cleanup and node pool upgrades --- terraform/gcp/projects/2i2c-uk.tfvars | 7 +++- terraform/gcp/projects/callysto.tfvars | 7 +++- terraform/gcp/projects/cloudbank.tfvars | 3 +- .../gcp/projects/daskhub-template.tfvars | 2 +- terraform/gcp/projects/hhmi.tfvars | 18 ++++++---- terraform/gcp/projects/leap.tfvars | 32 +++++------------ terraform/gcp/projects/linked-earth.tfvars | 9 ++--- terraform/gcp/projects/m2lines.tfvars | 2 +- terraform/gcp/projects/meom-ige.tfvars | 2 +- terraform/gcp/projects/pilot-hubs.tfvars | 36 ++++++++++++++----- terraform/gcp/projects/qcl.tfvars | 7 ---- 11 files changed, 66 insertions(+), 59 deletions(-) diff --git a/terraform/gcp/projects/2i2c-uk.tfvars b/terraform/gcp/projects/2i2c-uk.tfvars index 2e8bc5e603..091fed4b98 100644 --- a/terraform/gcp/projects/2i2c-uk.tfvars +++ b/terraform/gcp/projects/2i2c-uk.tfvars @@ -19,12 +19,17 @@ enable_filestore = true filestore_capacity_gb = 1024 notebook_nodes = { - # FIXME: Rename this to "n2-highmem-4" when given the chance and no such nodes are running + # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4 "user" : { min : 0, max : 100, machine_type : "n2-highmem-4", }, + "n2-highmem-4" : { + min : 0, + max : 100, + machine_type : "n2-highmem-4", + }, "n2-highmem-16" : { min : 0, max : 100, diff --git a/terraform/gcp/projects/callysto.tfvars b/terraform/gcp/projects/callysto.tfvars index ec3a021a2d..7dd737e961 100644 --- a/terraform/gcp/projects/callysto.tfvars +++ b/terraform/gcp/projects/callysto.tfvars @@ -19,12 +19,17 @@ enable_filestore = true filestore_capacity_gb = 1024 notebook_nodes = { - # FIXME: Rename this to "n2-highmem-4" when given the chance and no such nodes are running + # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4 "user" : { min : 0, max : 100, machine_type : "n2-highmem-4", }, + "n2-highmem-4" : { + min : 0, + max : 100, + machine_type : "n2-highmem-4", + }, "n2-highmem-16" : { min : 0, max : 100, diff --git a/terraform/gcp/projects/cloudbank.tfvars b/terraform/gcp/projects/cloudbank.tfvars index 057aa9de2b..36fa4075d4 100644 --- a/terraform/gcp/projects/cloudbank.tfvars +++ b/terraform/gcp/projects/cloudbank.tfvars @@ -23,8 +23,7 @@ enable_filestore = true filestore_capacity_gb = 1024 notebook_nodes = { - # FIXME: Remove this node pool when unused, its been replaced by the - # n2-highmem-4 node pool + # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4 "user" : { min : 0, max : 100, diff --git a/terraform/gcp/projects/daskhub-template.tfvars b/terraform/gcp/projects/daskhub-template.tfvars index 98fc4adfb3..1bcf3e668a 100644 --- a/terraform/gcp/projects/daskhub-template.tfvars +++ b/terraform/gcp/projects/daskhub-template.tfvars @@ -65,7 +65,7 @@ notebook_nodes = { # node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. # dask_nodes = { - "worker" : { + "n2-highmem-16" : { min : 0, max : 200, machine_type : "n2-highmem-16", diff --git a/terraform/gcp/projects/hhmi.tfvars b/terraform/gcp/projects/hhmi.tfvars index 97ab5049c2..71e7431642 100644 --- a/terraform/gcp/projects/hhmi.tfvars +++ b/terraform/gcp/projects/hhmi.tfvars @@ -9,6 +9,13 @@ regional_cluster = true core_node_machine_type = "n2-highmem-4" +k8s_versions = { + min_master_version : "1.27.5-gke.200", + core_nodes_version : "1.27.5-gke.200", + notebook_nodes_version : "1.27.5-gke.200", + dask_nodes_version : "1.27.5-gke.200", +} + # Network policy is required to enforce separation between hubs on multi-tenant clusters # Tip: uncomment the line below if this cluster will be multi-tenant # enable_network_policy = true @@ -22,16 +29,15 @@ hub_cloud_permissions = {} # Setup notebook node pools notebook_nodes = { - # FIXME: Rename this to "n2-highmem-16" when given the chance and no such nodes are running - "medium" : { + "n2-highmem-4" : { min : 0, max : 100, - machine_type : "n2-highmem-16", + machine_type : "n2-highmem-4", }, - "n2-highmem-4" : { + "n2-highmem-16" : { min : 0, max : 100, - machine_type : "n2-highmem-4", + machine_type : "n2-highmem-16", }, "n2-highmem-64" : { min : 0, @@ -46,7 +52,7 @@ notebook_nodes = { # node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. # dask_nodes = { - "worker" : { + "n2-highmem-16" : { min : 0, max : 200, machine_type : "n2-highmem-16", diff --git a/terraform/gcp/projects/leap.tfvars b/terraform/gcp/projects/leap.tfvars index b154c4dd2b..a4cb7c439d 100644 --- a/terraform/gcp/projects/leap.tfvars +++ b/terraform/gcp/projects/leap.tfvars @@ -11,10 +11,6 @@ k8s_versions = { dask_nodes_version : "1.27.4-gke.900", } -# FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be -# done. See https://github.com/2i2c-org/infrastructure/issues/3405. -temp_opt_out_node_purpose_label_core_nodes = true - # GPUs not available in us-central1-b zone = "us-central1-c" region = "us-central1" @@ -79,44 +75,35 @@ hub_cloud_permissions = { # Setup notebook node pools notebook_nodes = { - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. "n2-highmem-4" : { min : 0, max : 100, machine_type : "n2-highmem-4", - temp_opt_out_node_purpose_label : true, }, - # FIXME: Rename this to "n2-highmem-16" when given the chance and no such nodes are running - # FIXME: Remove node pool specific node_version pin when given the chance and no such nodes are running - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. + # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-16 "medium" : { + min : 0, + max : 100, + machine_type : "n2-highmem-16", + node_version : "1.25.6-gke.1000", + temp_opt_out_node_purpose_label : true + }, + "n2-highmem-16" : { # A minimum of one is configured for LEAP to ensure quick startups at all # time. Cost is not a greater concern than optimizing startup times. min : 1, max : 100, machine_type : "n2-highmem-16", - node_version : "1.25.6-gke.1000", - temp_opt_out_node_purpose_label : true }, - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. "n2-highmem-64" : { min : 0, max : 100, machine_type : "n2-highmem-64" - temp_opt_out_node_purpose_label : true } - # FIXME: Remove node pool specific node_version pin when given the chance and no such nodes are running - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. "gpu-t4" : { min : 0, max : 100, machine_type : "n1-standard-8", - node_version : "1.25.6-gke.1000", - temp_opt_out_node_purpose_label : true gpu : { enabled : true, type : "nvidia-tesla-t4", @@ -139,8 +126,6 @@ notebook_nodes = { # node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. # dask_nodes = { - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. "n2-highmem-16" : { min : 0, max : 200, @@ -149,6 +134,5 @@ dask_nodes = { # See https://github.com/2i2c-org/infrastructure/issues/2396 preemptible : false, machine_type : "n2-highmem-16" - temp_opt_out_node_purpose_label : true }, } diff --git a/terraform/gcp/projects/linked-earth.tfvars b/terraform/gcp/projects/linked-earth.tfvars index 351be2a025..4234fb37a8 100644 --- a/terraform/gcp/projects/linked-earth.tfvars +++ b/terraform/gcp/projects/linked-earth.tfvars @@ -29,19 +29,16 @@ user_buckets = { # Setup notebook node pools notebook_nodes = { - # FIXME: Rename this to "n2-highmem-4" when given the chance and no such nodes are running - "small" : { + "n2-highmem-4" : { min : 0, max : 100, machine_type : "n2-highmem-4", }, - # FIXME: Rename this to "n2-highmem-16" when given the chance and no such nodes are running - "medium" : { + "n2-highmem-16" : { min : 0, max : 100, machine_type : "n2-highmem-16", }, - # FIXME: Rename this to "n2-highmem-64" when given the chance and no such nodes are running "n2-highmem-64" : { min : 0, max : 100, @@ -55,7 +52,7 @@ notebook_nodes = { # node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. # dask_nodes = { - "worker" : { + "n2-highmem-16" : { min : 0, max : 100, machine_type : "n2-highmem-16", diff --git a/terraform/gcp/projects/m2lines.tfvars b/terraform/gcp/projects/m2lines.tfvars index 10357ef41c..837160bc0f 100644 --- a/terraform/gcp/projects/m2lines.tfvars +++ b/terraform/gcp/projects/m2lines.tfvars @@ -100,7 +100,7 @@ notebook_nodes = { # node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. # dask_nodes = { - "worker" : { + "n2-highmem-16" : { min : 0, max : 100, machine_type : "n2-highmem-16", diff --git a/terraform/gcp/projects/meom-ige.tfvars b/terraform/gcp/projects/meom-ige.tfvars index dff374140e..3c25ebda9a 100644 --- a/terraform/gcp/projects/meom-ige.tfvars +++ b/terraform/gcp/projects/meom-ige.tfvars @@ -63,7 +63,7 @@ notebook_nodes = { # node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. # dask_nodes = { - "worker" : { + "n2-highmem-16" : { min : 0, max : 100, machine_type : "n2-highmem-16", diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index cb64c46e84..458acd3af4 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -12,10 +12,6 @@ k8s_versions = { dask_nodes_version : "1.27.4-gke.900", } -# FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be -# done. See https://github.com/2i2c-org/infrastructure/issues/3405. -temp_opt_out_node_purpose_label_core_nodes = true - core_node_machine_type = "n2-highmem-4" enable_network_policy = true @@ -23,14 +19,18 @@ enable_filestore = true filestore_capacity_gb = 5120 notebook_nodes = { - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. + # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4-b "n2-highmem-4" : { min : 0, max : 100, machine_type : "n2-highmem-4", temp_opt_out_node_purpose_label : true, }, + "n2-highmem-4-b" : { + min : 0, + max : 100, + machine_type : "n2-highmem-4", + }, "n2-highmem-16" : { min : 0, max : 100, @@ -60,9 +60,7 @@ notebook_nodes = { }, }, # Nodepool for temple university. https://github.com/2i2c-org/infrastructure/issues/3158 - # FIXME: Remove node pool specific node_version pin when given the chance and no such nodes are running - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. + # FIXME: Delete this node pool when its empty, its replaced by temple-b "temple" : { # Expecting upto ~120 users at a time min : 0, @@ -85,6 +83,26 @@ notebook_nodes = { "community" : "temple" }, }, + "temple-b" : { + # Expecting upto ~120 users at a time + min : 0, + max : 100, + # Everyone gets a 256M guarantee, and n2-highmem-8 has about 60GB of RAM. + # This fits upto 100 users on the node, as memory guarantee isn't the constraint. + # This works ok. + machine_type : "n2-highmem-8", + labels : { + "2i2c.org/community" : "temple" + }, + taints : [{ + key : "2i2c.org/community", + value : "temple", + effect : "NO_SCHEDULE" + }], + resource_labels : { + "community" : "temple" + }, + }, # Nodepool for jackeddy symposium. https://github.com/2i2c-org/infrastructure/issues/3166 "jackeddy" : { min : 0, diff --git a/terraform/gcp/projects/qcl.tfvars b/terraform/gcp/projects/qcl.tfvars index 42d37235dd..369de24c76 100644 --- a/terraform/gcp/projects/qcl.tfvars +++ b/terraform/gcp/projects/qcl.tfvars @@ -11,10 +11,6 @@ k8s_versions = { notebook_nodes_version : "1.27.4-gke.900", } -# FIXME: Remove temp_opt_out_node_purpose_label_core_nodes when a node upgrade can be -# done. See https://github.com/2i2c-org/infrastructure/issues/3405. -temp_opt_out_node_purpose_label_core_nodes = true - core_node_machine_type = "n2-highmem-2" enable_network_policy = true @@ -31,13 +27,10 @@ user_buckets = { } notebook_nodes = { - # FIXME: Remove temp_opt_out_node_purpose_label when a node upgrade can be - # done. See https://github.com/2i2c-org/infrastructure/issues/3405. "n2-highmem-4" : { min : 0, max : 100, machine_type : "n2-highmem-4", - temp_opt_out_node_purpose_label : true, }, "n2-highmem-16" : { min : 0, From a3516dd19a5566db11fba77b9a1284e72de86f38 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Fri, 10 Nov 2023 11:21:05 -0300 Subject: [PATCH 062/494] Add must hub in catalystproject-africa cluster --- .../catalystproject-africa/cluster.yaml | 8 ++++ .../enc-must.secret.values.yaml | 20 ++++++++++ .../catalystproject-africa/must.values.yaml | 40 +++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 config/clusters/catalystproject-africa/enc-must.secret.values.yaml create mode 100644 config/clusters/catalystproject-africa/must.values.yaml diff --git a/config/clusters/catalystproject-africa/cluster.yaml b/config/clusters/catalystproject-africa/cluster.yaml index 845dfb5809..6e217fdec6 100644 --- a/config/clusters/catalystproject-africa/cluster.yaml +++ b/config/clusters/catalystproject-africa/cluster.yaml @@ -26,3 +26,11 @@ hubs: - common.values.yaml - nm-aist.values.yaml - enc-nm-aist.secret.values.yaml + - name: must + display_name: "MUST" + domain: must.af.catalystproject.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - must.values.yaml + - enc-must.secret.values.yaml diff --git a/config/clusters/catalystproject-africa/enc-must.secret.values.yaml b/config/clusters/catalystproject-africa/enc-must.secret.values.yaml new file mode 100644 index 0000000000..e5e33bafac --- /dev/null +++ b/config/clusters/catalystproject-africa/enc-must.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:2E7tJnf4SpX8K+VwbMK13MLc6v3Z0x3su2pCraZGaFL4qXLagBRqT/VIxafTzmQ3NJwo,iv:V/Z6ljoJXjLpsnvrXgGPFRwLLp6Ukmi1EUc0dDxkc8A=,tag:zgud3MrNP78bwud8c2mw/Q==,type:str] + client_secret: ENC[AES256_GCM,data:fyzPqoP2dAdkSfOTc/XF7JCKrt1lghgKWCInAd+O2fIRC1/r2W3Z58brsvikApSjOg4JDylii9rBhH7WnsEkqqYrOtMjciwnvQC028pk/SZ0aHsohQk=,iv:MpLIXxMwwiSd8ABiy+bKD5F+HyJ8WL6EbLt9KwzBKdw=,tag:FIiOa9W5aQl1z+3clAItPA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-11-10T14:12:21Z" + enc: CiUA4OM7eFJPLVZ4EC2xTOPEmjgFGeekvAhGvuFPz4vPMEGadQW/EkkAq2nhVe2r7M8dfw5C1IUcVq+XV+u18JYFrM9cdvyq5CopDsmuM4a2rbyT2LqkxzcZaNl4lM9lLineOFRMkxa3jLm6IIYyTpOl + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-11-10T14:12:22Z" + mac: ENC[AES256_GCM,data:BZrtuglIXecAYRD0qyx33zSJwhPQSLzVl3MWBiYmfzT2DsE+6uZImTbSH2PEi0QlsFei5DOPe3yfkTKy+ldOHdcegJ9slWb8qY/mETgr+gRvS2t3smF1rSKptvbj8Mq9EqaNsQqlumVJDcGwgbQtvPveaMQ2eR6eKCxtVzEbKWI=,iv:Yo0CUYTVSGkpTAzPJBlvPmnKTiewbNYUEHkTtoMOkW8=,tag:woxje0oFDhuH8D5hkK2ZBg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/catalystproject-africa/must.values.yaml b/config/clusters/catalystproject-africa/must.values.yaml new file mode 100644 index 0000000000..f763745e1a --- /dev/null +++ b/config/clusters/catalystproject-africa/must.values.yaml @@ -0,0 +1,40 @@ +jupyterhub: + ingress: + hosts: [must.af.catalystproject.2i2c.cloud] + tls: + - hosts: [must.af.catalystproject.2i2c.cloud] + secretName: https-auto-tls + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: "MUST" + url: https://www.must.ac.mw/ + logo_url: https://www.must.ac.mw/wp-content/themes/mustwebsite/images/must-logo.png + designed_by: + name: "2i2c" + url: https://2i2c.org + operated_by: + name: "2i2c" + url: https://2i2c.org + funded_by: + name: Chan Zuckerberg Initiative - Open Science + url: "https://chanzuckerberg.com/science/programs-resources/open-science/" + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: https://must.af.catalystproject.2i2c.cloud/hub/oauth_callback + allowed_idps: + http://google.com/accounts/o8/id: + username_derivation: + username_claim: email + allowed_domains: + - must.ac.mw + Authenticator: + admin_users: + - "bkankuzi@must.ac.mw" From 86b6ed79a9ec9b07560c9716e2abd545283e2a2e Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Mon, 13 Nov 2023 14:45:14 -0300 Subject: [PATCH 063/494] Change image of must hub in catalystproject-africa cluster --- config/clusters/catalystproject-africa/must.values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/config/clusters/catalystproject-africa/must.values.yaml b/config/clusters/catalystproject-africa/must.values.yaml index f763745e1a..27f40a5fe1 100644 --- a/config/clusters/catalystproject-africa/must.values.yaml +++ b/config/clusters/catalystproject-africa/must.values.yaml @@ -23,6 +23,13 @@ jupyterhub: funded_by: name: Chan Zuckerberg Initiative - Open Science url: "https://chanzuckerberg.com/science/programs-resources/open-science/" + singleuser: + image: + # This image specification is likely overridden via the configurator. + # jupyter/scipy-notebook is maintained at: https://github.com/jupyter/docker-stacks + # tags can be viewed at: https://hub.docker.com/r/jupyter/scipy-notebook/tags + name: jupyter/scipy-notebook + tag: "2023-07-06" hub: config: JupyterHub: From 698e21d9a23177576e96bf1983fe70011bf2d3b3 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 14 Nov 2023 14:05:06 +0000 Subject: [PATCH 064/494] Move image definition out of common.values.yaml This is a shared cluster and each hub may want different profile options, so let's move this config out of common - since it is no longer common! --- .../catalystproject-africa/common.values.yaml | 186 ----------------- .../catalystproject-africa/must.values.yaml | 187 +++++++++++++++++- .../nm-aist.values.yaml | 185 +++++++++++++++++ .../staging.values.yaml | 185 +++++++++++++++++ 4 files changed, 550 insertions(+), 193 deletions(-) diff --git a/config/clusters/catalystproject-africa/common.values.yaml b/config/clusters/catalystproject-africa/common.values.yaml index d9ca1de63e..9aae404931 100644 --- a/config/clusters/catalystproject-africa/common.values.yaml +++ b/config/clusters/catalystproject-africa/common.values.yaml @@ -10,189 +10,3 @@ nfs: - noresvport serverIP: fs-040edb72334e4ac26.efs.af-south-1.amazonaws.com baseShareName: / -jupyterhub: - singleuser: - image: - # rocker/binder is maintained at: https://github.com/rocker-org/rocker-versioned2 - # tags can be viewed at: https://hub.docker.com/r/rocker/binder/tags - name: rocker/binder - tag: "4.3" - # Below config was copied from OpenScapes common.values.yaml with choices - # for images removed - # https://github.com/2i2c-org/infrastructure/blob/22a2c4b5f80c63d1a06d59bef148da087d339d3b/config/clusters/openscapes/common.values.yaml#L47-L237 - profileList: - # NOTE: About node sharing - # - # CPU/Memory requests/limits are actively considered still. This - # profile list is setup to involve node sharing as considered in - # https://github.com/2i2c-org/infrastructure/issues/2121. - # - # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB - # overhead for misc system pods, and transitioning from GB in - # description to GiB in mem_guarantee. - # - CPU requests are lower than the description, with a factor of - # 10%. - # - - display_name: "Small: up to 4 CPU / 32 GB RAM" - description: &profile_list_description "Start a container with at least a chosen share of capacity on a node of this type" - slug: small - default: true - profile_options: - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_1: - default: true - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.904G - cpu_guarantee: 0.013 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.809G - cpu_guarantee: 0.025 - mem_4: - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.617G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.234G - cpu_guarantee: 0.1 - mem_16: - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 14.469G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 28.937G - cpu_guarantee: 0.4 - kubespawner_override: - cpu_limit: null - mem_limit: null - working_dir: /home/rstudio - default_url: /rstudio - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - - display_name: "Medium: up to 16 CPU / 128 GB RAM" - description: *profile_list_description - slug: medium - profile_options: - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_1: - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.942G - cpu_guarantee: 0.013 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.883G - cpu_guarantee: 0.025 - mem_4: - default: true - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.766G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.532G - cpu_guarantee: 0.1 - mem_16: - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 15.064G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 30.128G - cpu_guarantee: 0.4 - mem_64: - display_name: ~64 GB, ~8.0 CPU - kubespawner_override: - mem_guarantee: 60.257G - cpu_guarantee: 0.8 - mem_128: - display_name: ~128 GB, ~16.0 CPU - kubespawner_override: - mem_guarantee: 120.513G - cpu_guarantee: 1.6 - kubespawner_override: - cpu_limit: null - mem_limit: null - working_dir: /home/rstudio - default_url: /rstudio - node_selector: - node.kubernetes.io/instance-type: r5.4xlarge - - display_name: "Large: up to 64 CPU / 512 GB RAM" - description: *profile_list_description - slug: large - profile_options: - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_4: - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.821G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.643G - cpu_guarantee: 0.1 - mem_16: - default: true - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 15.285G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 30.571G - cpu_guarantee: 0.4 - mem_64: - display_name: ~64 GB, ~8.0 CPU - kubespawner_override: - mem_guarantee: 61.141G - cpu_guarantee: 0.8 - mem_128: - display_name: ~128 GB, ~16.0 CPU - kubespawner_override: - mem_guarantee: 122.282G - cpu_guarantee: 1.6 - mem_256: - display_name: ~256 GB, ~32.0 CPU - kubespawner_override: - mem_guarantee: 244.565G - cpu_guarantee: 3.2 - mem_512: - display_name: ~512 GB, ~64.0 CPU - kubespawner_override: - mem_guarantee: 489.13G - cpu_guarantee: 6.4 - kubespawner_override: - cpu_limit: null - mem_limit: null - working_dir: /home/rstudio - default_url: /rstudio - node_selector: - node.kubernetes.io/instance-type: r5.16xlarge diff --git a/config/clusters/catalystproject-africa/must.values.yaml b/config/clusters/catalystproject-africa/must.values.yaml index 27f40a5fe1..521e39b5e1 100644 --- a/config/clusters/catalystproject-africa/must.values.yaml +++ b/config/clusters/catalystproject-africa/must.values.yaml @@ -23,13 +23,6 @@ jupyterhub: funded_by: name: Chan Zuckerberg Initiative - Open Science url: "https://chanzuckerberg.com/science/programs-resources/open-science/" - singleuser: - image: - # This image specification is likely overridden via the configurator. - # jupyter/scipy-notebook is maintained at: https://github.com/jupyter/docker-stacks - # tags can be viewed at: https://hub.docker.com/r/jupyter/scipy-notebook/tags - name: jupyter/scipy-notebook - tag: "2023-07-06" hub: config: JupyterHub: @@ -45,3 +38,183 @@ jupyterhub: Authenticator: admin_users: - "bkankuzi@must.ac.mw" + singleuser: + image: + # This image specification is likely overridden via the configurator. + # jupyter/scipy-notebook is maintained at: https://github.com/jupyter/docker-stacks + # tags can be viewed at: https://hub.docker.com/r/jupyter/scipy-notebook/tags + name: jupyter/scipy-notebook + tag: "2023-07-06" + # Below config was copied from OpenScapes common.values.yaml with choices + # for images removed + # https://github.com/2i2c-org/infrastructure/blob/22a2c4b5f80c63d1a06d59bef148da087d339d3b/config/clusters/openscapes/common.values.yaml#L47-L237 + profileList: + # NOTE: About node sharing + # + # CPU/Memory requests/limits are actively considered still. This + # profile list is setup to involve node sharing as considered in + # https://github.com/2i2c-org/infrastructure/issues/2121. + # + # - Memory requests are different from the description, based on: + # whats found to remain allocate in k8s, subtracting 1GiB + # overhead for misc system pods, and transitioning from GB in + # description to GiB in mem_guarantee. + # - CPU requests are lower than the description, with a factor of + # 10%. + # + - display_name: "Small: up to 4 CPU / 32 GB RAM" + description: &profile_list_description "Start a container with at least a chosen share of capacity on a node of this type" + slug: small + default: true + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_1: + default: true + display_name: ~1 GB, ~0.125 CPU + kubespawner_override: + mem_guarantee: 0.904G + cpu_guarantee: 0.013 + mem_2: + display_name: ~2 GB, ~0.25 CPU + kubespawner_override: + mem_guarantee: 1.809G + cpu_guarantee: 0.025 + mem_4: + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.617G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.234G + cpu_guarantee: 0.1 + mem_16: + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 14.469G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 28.937G + cpu_guarantee: 0.4 + kubespawner_override: + cpu_limit: null + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + - display_name: "Medium: up to 16 CPU / 128 GB RAM" + description: *profile_list_description + slug: medium + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_1: + display_name: ~1 GB, ~0.125 CPU + kubespawner_override: + mem_guarantee: 0.942G + cpu_guarantee: 0.013 + mem_2: + display_name: ~2 GB, ~0.25 CPU + kubespawner_override: + mem_guarantee: 1.883G + cpu_guarantee: 0.025 + mem_4: + default: true + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.766G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.532G + cpu_guarantee: 0.1 + mem_16: + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 15.064G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 30.128G + cpu_guarantee: 0.4 + mem_64: + display_name: ~64 GB, ~8.0 CPU + kubespawner_override: + mem_guarantee: 60.257G + cpu_guarantee: 0.8 + mem_128: + display_name: ~128 GB, ~16.0 CPU + kubespawner_override: + mem_guarantee: 120.513G + cpu_guarantee: 1.6 + kubespawner_override: + cpu_limit: null + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: "Large: up to 64 CPU / 512 GB RAM" + description: *profile_list_description + slug: large + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_4: + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.821G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.643G + cpu_guarantee: 0.1 + mem_16: + default: true + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 15.285G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 30.571G + cpu_guarantee: 0.4 + mem_64: + display_name: ~64 GB, ~8.0 CPU + kubespawner_override: + mem_guarantee: 61.141G + cpu_guarantee: 0.8 + mem_128: + display_name: ~128 GB, ~16.0 CPU + kubespawner_override: + mem_guarantee: 122.282G + cpu_guarantee: 1.6 + mem_256: + display_name: ~256 GB, ~32.0 CPU + kubespawner_override: + mem_guarantee: 244.565G + cpu_guarantee: 3.2 + mem_512: + display_name: ~512 GB, ~64.0 CPU + kubespawner_override: + mem_guarantee: 489.13G + cpu_guarantee: 6.4 + kubespawner_override: + cpu_limit: null + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.16xlarge diff --git a/config/clusters/catalystproject-africa/nm-aist.values.yaml b/config/clusters/catalystproject-africa/nm-aist.values.yaml index 88b7961cf1..0c8d95a4ae 100644 --- a/config/clusters/catalystproject-africa/nm-aist.values.yaml +++ b/config/clusters/catalystproject-africa/nm-aist.values.yaml @@ -39,3 +39,188 @@ jupyterhub: Authenticator: admin_users: - "beatus.lyimo@nm-aist.ac.tz" + singleuser: + image: + # rocker/binder is maintained at: https://github.com/rocker-org/rocker-versioned2 + # tags can be viewed at: https://hub.docker.com/r/rocker/binder/tags + name: rocker/binder + tag: "4.3" + # Below config was copied from OpenScapes common.values.yaml with choices + # for images removed + # https://github.com/2i2c-org/infrastructure/blob/22a2c4b5f80c63d1a06d59bef148da087d339d3b/config/clusters/openscapes/common.values.yaml#L47-L237 + profileList: + # NOTE: About node sharing + # + # CPU/Memory requests/limits are actively considered still. This + # profile list is setup to involve node sharing as considered in + # https://github.com/2i2c-org/infrastructure/issues/2121. + # + # - Memory requests are different from the description, based on: + # whats found to remain allocate in k8s, subtracting 1GiB + # overhead for misc system pods, and transitioning from GB in + # description to GiB in mem_guarantee. + # - CPU requests are lower than the description, with a factor of + # 10%. + # + - display_name: "Small: up to 4 CPU / 32 GB RAM" + description: &profile_list_description "Start a container with at least a chosen share of capacity on a node of this type" + slug: small + default: true + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_1: + default: true + display_name: ~1 GB, ~0.125 CPU + kubespawner_override: + mem_guarantee: 0.904G + cpu_guarantee: 0.013 + mem_2: + display_name: ~2 GB, ~0.25 CPU + kubespawner_override: + mem_guarantee: 1.809G + cpu_guarantee: 0.025 + mem_4: + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.617G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.234G + cpu_guarantee: 0.1 + mem_16: + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 14.469G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 28.937G + cpu_guarantee: 0.4 + kubespawner_override: + cpu_limit: null + mem_limit: null + working_dir: /home/rstudio + default_url: /rstudio + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + - display_name: "Medium: up to 16 CPU / 128 GB RAM" + description: *profile_list_description + slug: medium + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_1: + display_name: ~1 GB, ~0.125 CPU + kubespawner_override: + mem_guarantee: 0.942G + cpu_guarantee: 0.013 + mem_2: + display_name: ~2 GB, ~0.25 CPU + kubespawner_override: + mem_guarantee: 1.883G + cpu_guarantee: 0.025 + mem_4: + default: true + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.766G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.532G + cpu_guarantee: 0.1 + mem_16: + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 15.064G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 30.128G + cpu_guarantee: 0.4 + mem_64: + display_name: ~64 GB, ~8.0 CPU + kubespawner_override: + mem_guarantee: 60.257G + cpu_guarantee: 0.8 + mem_128: + display_name: ~128 GB, ~16.0 CPU + kubespawner_override: + mem_guarantee: 120.513G + cpu_guarantee: 1.6 + kubespawner_override: + cpu_limit: null + mem_limit: null + working_dir: /home/rstudio + default_url: /rstudio + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: "Large: up to 64 CPU / 512 GB RAM" + description: *profile_list_description + slug: large + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_4: + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.821G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.643G + cpu_guarantee: 0.1 + mem_16: + default: true + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 15.285G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 30.571G + cpu_guarantee: 0.4 + mem_64: + display_name: ~64 GB, ~8.0 CPU + kubespawner_override: + mem_guarantee: 61.141G + cpu_guarantee: 0.8 + mem_128: + display_name: ~128 GB, ~16.0 CPU + kubespawner_override: + mem_guarantee: 122.282G + cpu_guarantee: 1.6 + mem_256: + display_name: ~256 GB, ~32.0 CPU + kubespawner_override: + mem_guarantee: 244.565G + cpu_guarantee: 3.2 + mem_512: + display_name: ~512 GB, ~64.0 CPU + kubespawner_override: + mem_guarantee: 489.13G + cpu_guarantee: 6.4 + kubespawner_override: + cpu_limit: null + mem_limit: null + working_dir: /home/rstudio + default_url: /rstudio + node_selector: + node.kubernetes.io/instance-type: r5.16xlarge diff --git a/config/clusters/catalystproject-africa/staging.values.yaml b/config/clusters/catalystproject-africa/staging.values.yaml index a2dd77065d..bb78aa00ac 100644 --- a/config/clusters/catalystproject-africa/staging.values.yaml +++ b/config/clusters/catalystproject-africa/staging.values.yaml @@ -36,3 +36,188 @@ jupyterhub: # Authenticator: # admin_users: # - future-community-champion + singleuser: + image: + # rocker/binder is maintained at: https://github.com/rocker-org/rocker-versioned2 + # tags can be viewed at: https://hub.docker.com/r/rocker/binder/tags + name: rocker/binder + tag: "4.3" + # Below config was copied from OpenScapes common.values.yaml with choices + # for images removed + # https://github.com/2i2c-org/infrastructure/blob/22a2c4b5f80c63d1a06d59bef148da087d339d3b/config/clusters/openscapes/common.values.yaml#L47-L237 + profileList: + # NOTE: About node sharing + # + # CPU/Memory requests/limits are actively considered still. This + # profile list is setup to involve node sharing as considered in + # https://github.com/2i2c-org/infrastructure/issues/2121. + # + # - Memory requests are different from the description, based on: + # whats found to remain allocate in k8s, subtracting 1GiB + # overhead for misc system pods, and transitioning from GB in + # description to GiB in mem_guarantee. + # - CPU requests are lower than the description, with a factor of + # 10%. + # + - display_name: "Small: up to 4 CPU / 32 GB RAM" + description: &profile_list_description "Start a container with at least a chosen share of capacity on a node of this type" + slug: small + default: true + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_1: + default: true + display_name: ~1 GB, ~0.125 CPU + kubespawner_override: + mem_guarantee: 0.904G + cpu_guarantee: 0.013 + mem_2: + display_name: ~2 GB, ~0.25 CPU + kubespawner_override: + mem_guarantee: 1.809G + cpu_guarantee: 0.025 + mem_4: + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.617G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.234G + cpu_guarantee: 0.1 + mem_16: + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 14.469G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 28.937G + cpu_guarantee: 0.4 + kubespawner_override: + cpu_limit: null + mem_limit: null + working_dir: /home/rstudio + default_url: /rstudio + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + - display_name: "Medium: up to 16 CPU / 128 GB RAM" + description: *profile_list_description + slug: medium + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_1: + display_name: ~1 GB, ~0.125 CPU + kubespawner_override: + mem_guarantee: 0.942G + cpu_guarantee: 0.013 + mem_2: + display_name: ~2 GB, ~0.25 CPU + kubespawner_override: + mem_guarantee: 1.883G + cpu_guarantee: 0.025 + mem_4: + default: true + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.766G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.532G + cpu_guarantee: 0.1 + mem_16: + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 15.064G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 30.128G + cpu_guarantee: 0.4 + mem_64: + display_name: ~64 GB, ~8.0 CPU + kubespawner_override: + mem_guarantee: 60.257G + cpu_guarantee: 0.8 + mem_128: + display_name: ~128 GB, ~16.0 CPU + kubespawner_override: + mem_guarantee: 120.513G + cpu_guarantee: 1.6 + kubespawner_override: + cpu_limit: null + mem_limit: null + working_dir: /home/rstudio + default_url: /rstudio + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: "Large: up to 64 CPU / 512 GB RAM" + description: *profile_list_description + slug: large + profile_options: + requests: + # NOTE: Node share choices are in active development, see comment + # next to profileList: above. + display_name: Node share + choices: + mem_4: + display_name: ~4 GB, ~0.5 CPU + kubespawner_override: + mem_guarantee: 3.821G + cpu_guarantee: 0.05 + mem_8: + display_name: ~8 GB, ~1.0 CPU + kubespawner_override: + mem_guarantee: 7.643G + cpu_guarantee: 0.1 + mem_16: + default: true + display_name: ~16 GB, ~2.0 CPU + kubespawner_override: + mem_guarantee: 15.285G + cpu_guarantee: 0.2 + mem_32: + display_name: ~32 GB, ~4.0 CPU + kubespawner_override: + mem_guarantee: 30.571G + cpu_guarantee: 0.4 + mem_64: + display_name: ~64 GB, ~8.0 CPU + kubespawner_override: + mem_guarantee: 61.141G + cpu_guarantee: 0.8 + mem_128: + display_name: ~128 GB, ~16.0 CPU + kubespawner_override: + mem_guarantee: 122.282G + cpu_guarantee: 1.6 + mem_256: + display_name: ~256 GB, ~32.0 CPU + kubespawner_override: + mem_guarantee: 244.565G + cpu_guarantee: 3.2 + mem_512: + display_name: ~512 GB, ~64.0 CPU + kubespawner_override: + mem_guarantee: 489.13G + cpu_guarantee: 6.4 + kubespawner_override: + cpu_limit: null + mem_limit: null + working_dir: /home/rstudio + default_url: /rstudio + node_selector: + node.kubernetes.io/instance-type: r5.16xlarge From c7db0ad68b50be6647755d98c8c45d7ebc730d4e Mon Sep 17 00:00:00 2001 From: Alejandro Ismael Silva Date: Wed, 15 Nov 2023 11:23:50 -0300 Subject: [PATCH 065/494] Change default url in must hub Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- config/clusters/catalystproject-africa/must.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/catalystproject-africa/must.values.yaml b/config/clusters/catalystproject-africa/must.values.yaml index 521e39b5e1..e56d87d01f 100644 --- a/config/clusters/catalystproject-africa/must.values.yaml +++ b/config/clusters/catalystproject-africa/must.values.yaml @@ -39,6 +39,7 @@ jupyterhub: admin_users: - "bkankuzi@must.ac.mw" singleuser: + defaultUrl: "/lab" image: # This image specification is likely overridden via the configurator. # jupyter/scipy-notebook is maintained at: https://github.com/jupyter/docker-stacks From b0b459e0fd6dab17dd7eb5d150700eeeb88f8494 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 28 Nov 2023 16:21:39 +0000 Subject: [PATCH 066/494] Use pull_request_target trigger instead --- .github/workflows/autolink-readthedocs-previews-to-prs.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/autolink-readthedocs-previews-to-prs.yaml b/.github/workflows/autolink-readthedocs-previews-to-prs.yaml index 7bb42ab574..1e86ba9e0b 100644 --- a/.github/workflows/autolink-readthedocs-previews-to-prs.yaml +++ b/.github/workflows/autolink-readthedocs-previews-to-prs.yaml @@ -1,11 +1,7 @@ name: Add readthedocs preview link to pull requests on: - pull_request: - types: - - opened - branches: - - master + pull_request_target: paths: - "docs/**" From f3bfd6180312a3e2183789802a14440462d7aa2e Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Fri, 24 Nov 2023 15:43:44 -0300 Subject: [PATCH 067/494] Change image of must hub in catalystproject-africa cluster, again --- .../catalystproject-africa/must.values.yaml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/config/clusters/catalystproject-africa/must.values.yaml b/config/clusters/catalystproject-africa/must.values.yaml index e56d87d01f..88501779b6 100644 --- a/config/clusters/catalystproject-africa/must.values.yaml +++ b/config/clusters/catalystproject-africa/must.values.yaml @@ -31,6 +31,7 @@ jupyterhub: oauth_callback_url: https://must.af.catalystproject.2i2c.cloud/hub/oauth_callback allowed_idps: http://google.com/accounts/o8/id: + default: true username_derivation: username_claim: email allowed_domains: @@ -39,13 +40,12 @@ jupyterhub: admin_users: - "bkankuzi@must.ac.mw" singleuser: - defaultUrl: "/lab" + defaultUrl: /lab image: - # This image specification is likely overridden via the configurator. - # jupyter/scipy-notebook is maintained at: https://github.com/jupyter/docker-stacks - # tags can be viewed at: https://hub.docker.com/r/jupyter/scipy-notebook/tags - name: jupyter/scipy-notebook - tag: "2023-07-06" + # rocker/binder is maintained at: https://github.com/rocker-org/rocker-versioned2 + # tags can be viewed at: https://hub.docker.com/r/rocker/binder/tags + name: rocker/binder + tag: "4.3" # Below config was copied from OpenScapes common.values.yaml with choices # for images removed # https://github.com/2i2c-org/infrastructure/blob/22a2c4b5f80c63d1a06d59bef148da087d339d3b/config/clusters/openscapes/common.values.yaml#L47-L237 @@ -107,6 +107,7 @@ jupyterhub: kubespawner_override: cpu_limit: null mem_limit: null + working_dir: /home/rstudio node_selector: node.kubernetes.io/instance-type: r5.xlarge - display_name: "Medium: up to 16 CPU / 128 GB RAM" @@ -162,6 +163,7 @@ jupyterhub: kubespawner_override: cpu_limit: null mem_limit: null + working_dir: /home/rstudio node_selector: node.kubernetes.io/instance-type: r5.4xlarge - display_name: "Large: up to 64 CPU / 512 GB RAM" @@ -217,5 +219,6 @@ jupyterhub: kubespawner_override: cpu_limit: null mem_limit: null + working_dir: /home/rstudio node_selector: node.kubernetes.io/instance-type: r5.16xlarge From 3690918dac32060916d957bbc08ff08f26b30865 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 9 Oct 2023 16:44:28 +0100 Subject: [PATCH 068/494] [nasa-esdis] Add cluster config --- config/clusters/nasa-esdis/cluster.yaml | 12 ++ .../enc-deployer-credentials.secret.json | 25 ++++ eksctl/nasa-esdis.jsonnet | 128 ++++++++++++++++++ eksctl/ssh-keys/nasa-esdis.key.pub | 1 + eksctl/ssh-keys/secret/nasa-esdis.key | 21 +++ terraform/aws/projects/nasa-esdis.tfvars | 28 ++++ 6 files changed, 215 insertions(+) create mode 100644 config/clusters/nasa-esdis/cluster.yaml create mode 100644 config/clusters/nasa-esdis/enc-deployer-credentials.secret.json create mode 100644 eksctl/nasa-esdis.jsonnet create mode 100644 eksctl/ssh-keys/nasa-esdis.key.pub create mode 100644 eksctl/ssh-keys/secret/nasa-esdis.key create mode 100644 terraform/aws/projects/nasa-esdis.tfvars diff --git a/config/clusters/nasa-esdis/cluster.yaml b/config/clusters/nasa-esdis/cluster.yaml new file mode 100644 index 0000000000..36afd7f53b --- /dev/null +++ b/config/clusters/nasa-esdis/cluster.yaml @@ -0,0 +1,12 @@ +name: nasa-esdis +provider: aws +aws: + key: enc-deployer-credentials.secret.json + clusterType: eks + clusterName: nasa-esdis + region: us-west-2 +support: + helm_chart_values_files: + - support.values.yaml + - enc-support.secret.values.yaml +hubs: [] diff --git a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json new file mode 100644 index 0000000000..4f6aa1cfe3 --- /dev/null +++ b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json @@ -0,0 +1,25 @@ +{ + "AccessKey": { + "AccessKeyId": "ENC[AES256_GCM,data:OIfYt6u0fS+1jOWGtvYGmCpfQ6E=,iv:7TwYcXCyPQee1jivFrpMu0vEGmIid4KpQjorLFiZFls=,tag:ST7Jsc2IMht0sDaCqIHrjw==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:sejOP1oMhqmLBMxBwXM39uStZ1lhD5xeP3HJeTOan5IINY9euVsMxw==,iv:1bgN0a/nOU3mcbJp7Md7y7GVcGqIx6bgv/GWhvUQ8E0=,tag:nCCNKq05QG3pmLrHmKIqfw==,type:str]", + "UserName": "ENC[AES256_GCM,data:pQlaKgIgS9p+QGYPQWiM0Ru4TsFj+1E=,iv:ed3hBvn3OjrIh+oVUwSkZ98l0zoMA49Mkp+6b+fKNKI=,tag:D/hJ39D1KJapB7OOMWupeQ==,type:str]" + }, + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2023-10-09T15:31:10Z", + "enc": "CiUA4OM7eH4xJQXevXCKXptecUhLJd3hFZgTnrmXafhtsRedVmN2EkkAq2nhVWOF8VhmjbyNdsvgtD/qaSYcI9uosszCwh4AI+yDDqMCvSVfjhyV6oize4db3UxG/oso64R+x54QmghyTo8lBwJw7M5K" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2023-10-09T15:31:11Z", + "mac": "ENC[AES256_GCM,data:Vqza5EGpfrQBGJXYEgdfzA07BiYrpAUPm2bppyYPMZBbMw5d56vBmCd1bdMWp2/nXIkwf/7Z6Er+zm2PG16stDe3U7sTRmozuB7kNa09ZdbgUJPMK6OBRqoBRWtPRvIrYbj8+UfOUA1yH/GYFPl8WdDQhHDNlKrDkNdqm5vZcxI=,iv:eCUFG6QJPL4Lj/5T5xovw8w9nV575vrCHO02sufWgg8=,tag:H+HcDGwdP4tYcQbc7etvnQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/eksctl/nasa-esdis.jsonnet b/eksctl/nasa-esdis.jsonnet new file mode 100644 index 0000000000..b642ffd3aa --- /dev/null +++ b/eksctl/nasa-esdis.jsonnet @@ -0,0 +1,128 @@ +/* + This file is a jsonnet template of a eksctl's cluster configuration file, + that is used with the eksctl CLI to both update and initialize an AWS EKS + based cluster. + + This file has in turn been generated from eksctl/template.jsonnet which is + relevant to compare with for changes over time. + + To use jsonnet to generate an eksctl configuration file from this, do: + + jsonnet nasa-esdis.jsonnet > nasa-esdis.eksctl.yaml + + References: + - https://eksctl.io/usage/schema/ +*/ +local ng = import "./libsonnet/nodegroup.jsonnet"; + +// place all cluster nodes here +local clusterRegion = "us-west-2"; +local masterAzs = ["us-west-2a", "us-west-2b", "us-west-2c"]; +local nodeAz = "us-west-2a"; + +// Node definitions for notebook nodes. Config here is merged +// with our notebook node definition. +// A `node.kubernetes.io/instance-type label is added, so pods +// can request a particular kind of node with a nodeSelector +local notebookNodes = [ + { instanceType: "r5.xlarge" }, + { instanceType: "r5.4xlarge" }, + { instanceType: "r5.16xlarge" }, +]; +local daskNodes = []; + + +{ + apiVersion: 'eksctl.io/v1alpha5', + kind: 'ClusterConfig', + metadata+: { + name: "nasa-esdis", + region: clusterRegion, version: '1.27' + }, + availabilityZones: masterAzs, + iam: { + withOIDC: true, + }, + // If you add an addon to this config, run the create addon command. + // + // eksctl create addon --config-file=nasa-esdis.eksctl.yaml + // + addons: [ + { + // aws-ebs-csi-driver ensures that our PVCs are bound to PVs that + // couple to AWS EBS based storage, without it expect to see pods + // mounting a PVC failing to schedule and PVC resources that are + // unbound. + // + // Related docs: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html + // + name: 'aws-ebs-csi-driver', + wellKnownPolicies: { + ebsCSIController: true, + }, + }, + ], + nodeGroups: [ + ng { + name: 'core-a', + availabilityZones: [nodeAz], + ssh: { + publicKeyPath: 'ssh-keys/nasa-esdis.key.pub' + }, + instanceType: "r5.xlarge", + minSize: 1, + maxSize: 6, + labels+: { + "hub.jupyter.org/node-purpose": "core", + "k8s.dask.org/node-purpose": "core" + }, + }, + ] + [ + ng { + // NodeGroup names can't have a '.' in them, while + // instanceTypes always have a . + name: "nb-%s" % std.strReplace(n.instanceType, ".", "-"), + availabilityZones: [nodeAz], + minSize: 0, + maxSize: 500, + instanceType: n.instanceType, + ssh: { + publicKeyPath: 'ssh-keys/nasa-esdis.key.pub' + }, + labels+: { + "hub.jupyter.org/node-purpose": "user", + "k8s.dask.org/node-purpose": "scheduler" + }, + taints+: { + "hub.jupyter.org_dedicated": "user:NoSchedule", + "hub.jupyter.org/dedicated": "user:NoSchedule" + }, + } + n for n in notebookNodes + ] + ( if daskNodes != null then + [ + ng { + // NodeGroup names can't have a '.' in them, while + // instanceTypes always have a . + name: "dask-%s" % std.strReplace(n.instancesDistribution.instanceTypes[0], ".", "-"), + availabilityZones: [nodeAz], + minSize: 0, + maxSize: 500, + ssh: { + publicKeyPath: 'ssh-keys/nasa-esdis.key.pub' + }, + labels+: { + "k8s.dask.org/node-purpose": "worker" + }, + taints+: { + "k8s.dask.org_dedicated" : "worker:NoSchedule", + "k8s.dask.org/dedicated" : "worker:NoSchedule" + }, + instancesDistribution+: { + onDemandBaseCapacity: 0, + onDemandPercentageAboveBaseCapacity: 0, + spotAllocationStrategy: "capacity-optimized", + }, + } + n for n in daskNodes + ] else [] + ) +} \ No newline at end of file diff --git a/eksctl/ssh-keys/nasa-esdis.key.pub b/eksctl/ssh-keys/nasa-esdis.key.pub new file mode 100644 index 0000000000..06bae6a39e --- /dev/null +++ b/eksctl/ssh-keys/nasa-esdis.key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYPNlvvuJDeQUU6QQOLeiW5XlwDuUhPzY+X3hebLiA3GSW6CZQXDFdGHxJD9hNVJlcAFTNGrORhQ8NyTgeWlg78jwKB5Bn5VJk29c6tj52hUU8bAwh80vUW7kQcL97NgAX2tfakJb0USZyGpCLfKMjEVKTEL5P23Ak6sxSxXZPS6cEx2Mb1Vv2ES9YlSFZkLDm0vjzUODurQ6kuJdcE2jDg6vGahSZv1Mri06tNfx/gW9ppUYdwdLfKn/crJb63cYVrOi/sffuO4GTd8xhA1DJJEUvOFWBcdYtX3k9wtNFhEj6iuqfjefhWfAnSx2HgNiQQ9zG6wn9AiuBFr59sg1/QPY4IyM/loJ8+sEe1n1E0xWnDkBvMm6FLST9Cq5Jz9vMbPHOQf5zhpl7CbD0NT03t8ckWD0ewLUfNE2eCa5pSsXLNX8SZz7yciJtgatHVLjmN2yjwvpo+bEPN3aUn3HSjX9IrOR+1lWQxNrn6ziMnB3P5mvkvAUI2D3qwV0AHJE= sgibson@Athena.local diff --git a/eksctl/ssh-keys/secret/nasa-esdis.key b/eksctl/ssh-keys/secret/nasa-esdis.key new file mode 100644 index 0000000000..a6f9af1aab --- /dev/null +++ b/eksctl/ssh-keys/secret/nasa-esdis.key @@ -0,0 +1,21 @@ +{ + "data": "ENC[AES256_GCM,data:hJi0PAGI+Nwb2HoA4yyxHLnqZbUCGW5SzCn44M5GR+o7tzHVh9XiKL552ZJDSm84wwFrJvwSioz7rG2iwZTZMZN8dxB9udd55OFn/e0tvilU9xPUwiwadrGT5mpVVJfwew3rdW5FLlGDRjCM/BCah9q/gaScK4QMuv4mhYp/qN2TZ8E+nzyMf08BTzKAq6H4yTO0LTZ3rxploeFPsI7DwJcLHAnuKtCrwEU7rEumg8bbH5qvBeLUX1FhUvjEmP+A7VD1MShL4nieS/pLtdFlWoUtuTDRMuMSG4tF3QninVo7KfdxNHE3pURfZfMe8RZ6mTfqN66x8Q9cnERPYWPJot4s3E26ngrOF5JLuQyCbXszxbK4CdIOlv7ZGMpYOL5QE6sN3uvDyKBMQ5yiv57Tn/ivVqPKJNxAwg8JrS8JyVvJTi7IeRnQJHLQmnB6hLGvnJha82SisODC9dNSyLvueJN8ZjDzL6mxNtoUrzr08p6u/LjkXM4WuuzK4BkooKD9RbJP5gRcNE2pvrhGJ/wzVDSGoSo9Dwk40WxblqUWixbI/GlCp2O4xnBDO5/LcXouz6xoeB9OPcvAwlj759+ZehaRctqXHpI4/JtKyDABAHlToii79K40pRyzaS03seI0R3C9BM0HTc8smIthtNw+7oXstoe3+z5/03TiDaNqTUJw79R8QgJP0BeD0Ee/l59dKEMlt9DJPC/2/5ohtcFCvpG94CF6Ts/+efNHcKt6+ZvIlrVk8x7qYl0LMdHZpqz9sF89iKIy20+32kIjjf/CwQrQsMJwcpfZbPD1Uz+DXjT8rgPjpyBhLopkim4Gt2NrWjOH2bAjzvFyK3EWSUQJxyZ+o8TBL6BPHzYJQsDtsAashJcBsDIkrXN7r2SeqA6XwrmP+/qw/ddoix/AxTiY8qICQ5KD544L8eL20VYoqRnY201rYS5KixvjIvI0oQ9W9Yjno8QaJJ4nz1gJhLse4UoLUouaujyzQUymCm2AnQCAswow2QEQkCQDiaWi4qNmpCnxbDitw6zp0Yx2x36VdFiQjogSt3XJlWRZKRUs8cvYtUwu+DdteOb/dxXD9hA1l9LXU46NT0YoII7k/6szivQB7y9mSC4wmmM88W611BztaoHgddXD9TlHZUaVFGk+/NicV6EBq9NKfA6D/UyNpRBJo2uOzvxwlgoNmmlL9A7YsBXGbMf5Az/dCzxkb1EE20rsw5BeQtpbXl/Kkh3fZMxiOlY7eZ+v+IlUgM0bcqRnJnx0YFPkSjG3iUy80VN0wDx7WWtmbHClfqsF5ZUl7a9FjnTwWYg4Y8tfOuZmUyUkmKkYiYOOfLFOz3B7tCqO0S+Fp/xX35eGlWV/ZvNFs88lCi1PeNcRiE3KWXdL0VidZ4ssoFvGxw9zMFHyTSRu3aQKsqu+PBCr1UoJru53SizbH2/bFqUjSjUrTGP0dmwcvebmBNj84e7vi/IyP0l0YsoV62b6QSQvkjBPKqvnDwkh8HMMAk57rMQlSkLrpveC1WbbP29iUoKcbk/pe5pmCkgRy1+7hsEgL6huHXV1Sug+8Dz4e4iQD1qQygJO38hZS44OR+r/GufI/98AWdjv4jK3sVe/sbLu3LJXgzHzGv0krr0bQXiXOsrEbPkdkKQzfuJ/RTjlzQew9jMI1ZvWOjfyLJXkfsX1zTwNd7DBtZdvZPpLUCyzH7lC4RRQjuP2Q/UpLSwl0J0Igy71eDcdg0NqupTyAIS+LGw5YcTooeQucEkISiJXXyGj9oe2lBr2fSfVFAyPsfPsur5s2zdczl1gAr7L6VRVASnlLqmk4JQj59y7jb50OCrssVPDWxfnX4TL8iV96vJeDTe4+F81if/lZLnmYMbhRTHB745yb0EzGsll/yezB2x2q1LEENDJeVJ4Mc0TVGFbxjHNsqP33zEVgTjp/KzsvmHofbe4oTHW8nXW3TayRrlTCrfnJOUXIgqU4cNfoUdo27sGtQjNOq9nCr6pJk6bTFCQlbjEYIsu1PcCwdh9iKCKTLaz0Pd0O+Ck8IUsiNxZRIK/YsZSEWOVmWT7avixqnO+IDZFYeD2ynmWvzVbjVZ+hq7mzeBm4/luC33csV5Z2PGgt8opKujZaNPJ4JucosgNh+3EK2Hwbk4u0b50lWjBxeZ8rE+dvVgCj6jIANhgTps2Gk5LPSLdTFV2I2hUj6iIpExo42Wuq7hUEyWsrvY/FyVwR1rfnpcACvS0oSkWYI81jSSiKfNd5acObT/q3JGcIPq3XLMejG3zXSfyc4NjGfelA/PDr6/+idAgrzfHjrskMBn5gKObFc3ljw/KrbyPSWzAuF7leWvqg+dsYTj8iotdDq2r0dWhcfi2Oblo5sC1pewer/A6xDg7dKtJXia59nyzVmnbiVkxgj+hJHIa+AWaZJFkN/hB1xjnRzxVHZr297ufR6tL18NDWXrlO91/RVUz7yBCk8NMPzOrptk2bwuPFn6vePM2OcN/KqhV8RzDX3zbGzwJcwAbzVV0rkR+ELOGhEHY+xOtQ4g0Ac2IVB0ROOgSeGo8MZaa/Q0UwW+GkOIPzEBEn0qWnguQ82AqRZ6NVF6OlnmQ1I0OVPpgOQkhtzahGT2CEUF58N1VyCmag2E6rGcWDN/lwY6g89xzgSWTAxIMgSqi4fBFwlKzyXDt9S0BNWAQXvYAFdbA618UvGNg1jCRjskIyzXPusirp2t0VZew/aBCQHwFWiuqzqzc26zTdYjwsw1L3I2ihHtlTC6RK9U5J4odeAj8ipfQRXf8yK+iU3FpJ1Xaf3uQe7y+koZWNwx5UIKMcXlNydApcYgLpPBG4s0kjQn069VI3nzvCSQwgZKg2OtBB3nAhOLATWEsq8TCQpWpeOOFXIxilW9RUDQgjJ2YYnZw5HO34tV8DuTCmLJ0kWF3H6TPUgwX48HoHYTm0+PV+PrpX4CFeNoW8u5cSOOBDz2M2CsHn/LvkcMInzNC6dReQCI1IBU/5zYs/NrW8WEeMfiTdTNYKY8feTRf2cUu9GFfppXnon8U9ORCg1jLwbvmHjUo4EM1/upVupn1BTyFFk1D/RZ3Epj8uuevFTAJb4BWbIr1UEoIGPMfkPa1BEqLafJHy4XZ+VdJN5+4gQuCeSNJf8mZvAeppjQEOFO0/5kt1qtOISUMCWLMM+tmpYsY4vUUd/rtOsp1Db0EUZZ9C95+KJGQovBWA4OoJpVjMt5JSocMFFEsaPuaavHKOFjG7IIL10b3isEMrU3zPPUnC/kjT3SmQdbsthfAtCC3Vk145rJGh/RLPH74BO6Tiszzpd8HMe7RAafq8O46Snx94XgGI/+krUJWYKM5qEUfSTs8NPX1N8yoWSgNz9VtNaD2GX9S7qE8U5aMsSue2A4Xnnu2OYYaAAJ8clg2JaugdIM0vr3MMFjBoiYfmu988LNkHmu7CYTpxjbCAfs1pBSp8CU4ME7xyftyKbrSFsx3df8IRB64cq9dSlNY,iv:fOWxuNdH0m1F4JS6joSaAGPAr1JxPI/dX5CHjcHSeQ4=,tag:OdUVAnrfoOGlZuGRkZ7now==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2023-10-09T13:05:12Z", + "enc": "CiUA4OM7eCzkzcjr7SRn5pI17wc9T7/Ym+KqhJQR/Z1iG2Alk5bQEkkAq2nhVYZlhIgvOpgSz4s0TqvUhKuHgUivjeSvMG7CaHndXLBtWFiPxMob/M8kw7WyVitOUoGlf2UuBOoDFnbNoq7K1rc9cfVM" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2023-10-09T13:05:13Z", + "mac": "ENC[AES256_GCM,data:mfE23cGyI5tcq2xVZECumnK3+cZLaAtkaY1oVlcA0qOzWm8pW7rL0uWIwXf2dcQ3XHDRCLGEkdtuH0UAnq4Y0IJrWCuLFxciwi+6aiAJityYNsSwQAcJmiqqvKxHrryo+leFA9ynZJlE6VStdBIHMC+AmMgfES3fZBUzcEom9O4=,iv:LekB9vi9XFRMGAl5ue6Q5za+f3wcyKhC+zoU/gVuKu8=,tag:rWNWePdo6pS88C4kDg1kFQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/terraform/aws/projects/nasa-esdis.tfvars b/terraform/aws/projects/nasa-esdis.tfvars new file mode 100644 index 0000000000..186632f934 --- /dev/null +++ b/terraform/aws/projects/nasa-esdis.tfvars @@ -0,0 +1,28 @@ +region = "us-west-2" + +cluster_name = "nasa-esdis" + +cluster_nodes_location = "us-west-2a" + +user_buckets = { + "scratch-staging" : { + "delete_after" : 7 + }, + "scratch" : { + "delete_after" : 7 + }, +} + + +hub_cloud_permissions = { + "staging" : { + requestor_pays : true, + bucket_admin_access : ["scratch-staging"], + extra_iam_policy : "" + }, + "prod" : { + requestor_pays : true, + bucket_admin_access : ["scratch"], + extra_iam_policy : "" + }, +} \ No newline at end of file From 8df251c2cc6507afd111bf407edfa59797e3db57 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 9 Oct 2023 16:44:48 +0100 Subject: [PATCH 069/494] [nasa-esdis] Add support config --- .../nasa-esdis/enc-support.secret.values.yaml | 17 ++++++++++ .../clusters/nasa-esdis/support.values.yaml | 34 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 config/clusters/nasa-esdis/enc-support.secret.values.yaml create mode 100644 config/clusters/nasa-esdis/support.values.yaml diff --git a/config/clusters/nasa-esdis/enc-support.secret.values.yaml b/config/clusters/nasa-esdis/enc-support.secret.values.yaml new file mode 100644 index 0000000000..bc8b2ee6fd --- /dev/null +++ b/config/clusters/nasa-esdis/enc-support.secret.values.yaml @@ -0,0 +1,17 @@ +prometheusIngressAuthSecret: + username: ENC[AES256_GCM,data:Pz6bbBswj30Zt/Rv5ARw9raY5rvb8yqetIwCYCZnF7lx4gccvWldkP1m2ELShhocEDfi57g04e4voJKXv2WO7g==,iv:2SX84HKE91rAGVkf+p3OxNwB6vffWJnbba7QiUEpz5E=,tag:6aYPVmS3BYw2egPY6CdgBw==,type:str] + password: ENC[AES256_GCM,data:MLYiKI8V8YQ0NCgaDnyu2Bin2etxNe10CfuF0D8NERxD0CbNTUdG1it9uPjgThNa8q0oOX4TcKyKTkflJN0oLQ==,iv:BQ1ttOfsqy0k9J8TnRVefe37QHwIEuyU/ibMWXeY+iA=,tag:eW9vuGW9w6AR3b5u+98maw==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-10-09T13:05:13Z" + enc: CiUA4OM7eIAIlHpZkcgBadhUBd8FPBL7U/SWqPvrYz3XiBc8KD7/EkkAq2nhVcEwgBvz6CpEnx44szACgO0ch0Q6J2TaR8Sv/NTSafO8lgbAKKIygR7jnlf8Kw95NAiJhwWcvElumpz3Vylet3MYHnDx + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-10-09T13:05:13Z" + mac: ENC[AES256_GCM,data:e4HwG/ieB4MUlFRfv40hIT0ZyVVUsqiygn/h8lmnj+JV7aZeHc2ptFy7g/1qWTHKbo5BxY7gNv2icpeXuw6XXVu3OpjExogy6bpmA1d+j6KRP/77R78jaMnbxYJ6cOxnPVT61mG6ZgT57ugUoBNteNvXZ8ULhrwZvy3KXe87Jvo=,iv:ni55q20UJOtcPBqrLgZ7Xq32ICTIjuNeDNHm0DlC67I=,tag:kD+miYFmI1gLUyI/ynofMA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/nasa-esdis/support.values.yaml b/config/clusters/nasa-esdis/support.values.yaml new file mode 100644 index 0000000000..1d5f36d5e5 --- /dev/null +++ b/config/clusters/nasa-esdis/support.values.yaml @@ -0,0 +1,34 @@ +prometheusIngressAuthSecret: + enabled: true + +prometheus: + server: + ingress: + enabled: true + hosts: + - prometheus.nasa-esdis.2i2c.cloud + tls: + - secretName: prometheus-tls + hosts: + - prometheus.nasa-esdis.2i2c.cloud + +grafana: + grafana.ini: + server: + root_url: https://grafana.nasa-esdis.2i2c.cloud/ + auth.github: + enabled: true + allowed_organizations: 2i2c-org + ingress: + hosts: + - grafana.nasa-esdis.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.nasa-esdis.2i2c.cloud + +cluster-autoscaler: + enabled: true + autoDiscovery: + clusterName: nasa-esdis + awsRegion: us-west-2 \ No newline at end of file From e493a2d98213de9967bfacaf23393f7de2e7e813 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 9 Oct 2023 16:45:06 +0100 Subject: [PATCH 070/494] [nasa-esdis] Add to CI/CD workflow files --- .github/workflows/deploy-grafana-dashboards.yaml | 1 + .github/workflows/deploy-hubs.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 3b4bf41510..586e63c019 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -28,6 +28,7 @@ jobs: - cluster_name: m2lines - cluster_name: meom-ige - cluster_name: nasa-cryo + - cluster_name: nasa-esdis - cluster_name: nasa-veda - cluster_name: openscapes - cluster_name: pangeo-hubs diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 85248d5eb9..10b9356a51 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -206,6 +206,7 @@ jobs: failure_catalystproject-latam: "${{ env.failure_catalystproject-latam }}" failure_catalystproject-africa: "${{ env.failure_catalystproject-africa }}" failure_hhmi: "${{ env.failure_hhmi }}" + failure_nasa-esdis: "${{ env.failure_nasa-esdis }}" # Only run this job on pushes to the default branch and when the job output is not # an empty list From 0996e2d28815a7cb29a287f8e027fa15210f3e6f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 23 Oct 2023 17:43:51 +0100 Subject: [PATCH 071/494] Change URL --- config/clusters/nasa-esdis/support.values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/clusters/nasa-esdis/support.values.yaml b/config/clusters/nasa-esdis/support.values.yaml index 1d5f36d5e5..87900645dc 100644 --- a/config/clusters/nasa-esdis/support.values.yaml +++ b/config/clusters/nasa-esdis/support.values.yaml @@ -6,26 +6,26 @@ prometheus: ingress: enabled: true hosts: - - prometheus.nasa-esdis.2i2c.cloud + - prometheus.esdis.2i2c.cloud tls: - secretName: prometheus-tls hosts: - - prometheus.nasa-esdis.2i2c.cloud + - prometheus.esdis.2i2c.cloud grafana: grafana.ini: server: - root_url: https://grafana.nasa-esdis.2i2c.cloud/ + root_url: https://grafana.esdis.2i2c.cloud/ auth.github: enabled: true allowed_organizations: 2i2c-org ingress: hosts: - - grafana.nasa-esdis.2i2c.cloud + - grafana.esdis.2i2c.cloud tls: - secretName: grafana-tls hosts: - - grafana.nasa-esdis.2i2c.cloud + - grafana.esdis.2i2c.cloud cluster-autoscaler: enabled: true From 96dec7e5c2b63c23655b60c599b26c4bd29dc10f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 23 Oct 2023 17:44:03 +0100 Subject: [PATCH 072/494] Add a grafana token --- .../nasa-esdis/enc-grafana-token.secret.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 config/clusters/nasa-esdis/enc-grafana-token.secret.yaml diff --git a/config/clusters/nasa-esdis/enc-grafana-token.secret.yaml b/config/clusters/nasa-esdis/enc-grafana-token.secret.yaml new file mode 100644 index 0000000000..e085b51241 --- /dev/null +++ b/config/clusters/nasa-esdis/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:uyKUZxP+puls6Ht40AygajtccsJyZyHY74q3Nbx5FfgiH49TMm1IyYrKLeAtdQ==,iv:c7XXzezDGJ5fCkvNYNajT2cE2Fd83xNNoc46bebE37w=,tag:8X6UoyR9sEql/Ddhw7TAVA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-10-23T10:40:41Z" + enc: CiUA4OM7eMrbEisfh3RnojiraK+TDneCOOgmhpP0wZc2XpdwTpJuEkkAq2nhVZoCgFbgrh3xd8as3UWZvEGX/sg73sMNyH/4AqdRWkpclW6sWIzYIUS5DWbrbH80gJ5UL8Mo+PjRs+MfIo6+JYMkm5Kt + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-10-23T10:40:42Z" + mac: ENC[AES256_GCM,data:jpkY5AbJjqCNpOHKtM5QN+7DBCzvROaaNHgowohw04MsDkXnSacDFPLWSZ7eDJq/S72bFZgE2yCVMKIgkm6vDLw/jVSwrJkRU0bB2L+FI7O0spyIFa8KdOj1eQtz5tEr2ihEXO97U0yqhypaIqEfB/ekyimrN6U8BvK2DLbSK9U=,iv:aZr4nqjXCMg1frBIdPf5R1EThnGCfqhKSvsSXwpQIPQ=,tag:oxB4MfeykVfwZSpmzVWY0g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From b69322a3f9d578b332052178ed5986ea5690d7a7 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 23 Oct 2023 17:44:26 +0100 Subject: [PATCH 073/494] Add common hub values --- config/clusters/nasa-esdis/common.values.yaml | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 config/clusters/nasa-esdis/common.values.yaml diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml new file mode 100644 index 0000000000..f8f072e2c2 --- /dev/null +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -0,0 +1,143 @@ +nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-0013506a2d5ee70fc.efs.us-west-2.amazonaws.com + baseShareName: / +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: ESDIS + logo_url: "" + url: https://www.earthdata.nasa.gov/esdis + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "" + url: "" + hub: + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + allowed_organizations: + - 2i2c-org:hub-access-for-2i2c-staff + scope: + - read:org + Authenticator: + admin_users: + - bilts # Patrick Quinn + - freitagb # Brian Freitag + singleuser: + profileList: + - display_name: Python + description: Python datascience environment + default: true + kubespawner_override: + image: openscapes/python:6ee57a9 + profile_options: &profile_options + requests: + display_name: Resource Allocation + choices: + mem_1_9: + display_name: 1.9 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 1992701952 + mem_limit: 1992701952 + cpu_guarantee: 0.234375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_3_7: + display_name: 3.7 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 3985403904 + mem_limit: 3985403904 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_7_4: + display_name: 7.4 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 7970807808 + mem_limit: 7970807808 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 15941615616 + mem_limit: 15941615616 + cpu_guarantee: 1.875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 31883231232 + mem_limit: 31883231232 + cpu_guarantee: 3.75 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_60_6: + display_name: 60.6 GB RAM, upto 15.72 CPUs + kubespawner_override: + mem_guarantee: 65105797120 + mem_limit: 65105797120 + cpu_guarantee: 7.86 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + mem_121_3: + display_name: 121.3 GB RAM, upto 15.72 CPUs + kubespawner_override: + mem_guarantee: 130211594240 + mem_limit: 130211594240 + cpu_guarantee: 15.72 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: R + description: R (with RStudio) + Python environment + kubespawner_override: + image: openscapes/rocker:a7596b5 + profile_options: *profile_options + - display_name: Matlab + description: Matlab environment + kubespawner_override: + image: openscapes/matlab:2023-06-29 + profile_options: *profile_options + - display_name: QGIS + description: QGIS environment + kubespawner_override: + # Explicitly unset this - we set this to 'jupyterhub-singleuser' + # in basehub/values.yaml. We instead want to leave this unset, + # so the default command for the docker image is used instead. + # This is required for .desktop files to show up correctly. + cmd: null + # Launch people directly into the Linux desktop when they start + default_url: /desktop + # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 + image: "quay.io/jupyter-remote-desktop-proxy/qgis:2023-09-27" + profile_options: *profile_options From adb2919d4b03556b2e7bff7a317da7b60850e2f6 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 23 Oct 2023 17:44:48 +0100 Subject: [PATCH 074/494] Add staging hub values --- config/clusters/nasa-esdis/cluster.yaml | 10 +++++++++- .../nasa-esdis/enc-staging.secret.values.yaml | 20 +++++++++++++++++++ .../clusters/nasa-esdis/staging.values.yaml | 16 +++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 config/clusters/nasa-esdis/enc-staging.secret.values.yaml create mode 100644 config/clusters/nasa-esdis/staging.values.yaml diff --git a/config/clusters/nasa-esdis/cluster.yaml b/config/clusters/nasa-esdis/cluster.yaml index 36afd7f53b..030b77f840 100644 --- a/config/clusters/nasa-esdis/cluster.yaml +++ b/config/clusters/nasa-esdis/cluster.yaml @@ -9,4 +9,12 @@ support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml -hubs: [] +hubs: + - name: staging + display_name: "ESDIS (staging)" + domain: staging.esdis.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml diff --git a/config/clusters/nasa-esdis/enc-staging.secret.values.yaml b/config/clusters/nasa-esdis/enc-staging.secret.values.yaml new file mode 100644 index 0000000000..7e797883bb --- /dev/null +++ b/config/clusters/nasa-esdis/enc-staging.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:lgPuF/Ccu9ntp3XUG1lkQfHAklI=,iv:QUawJ/pnyvUiPAviG/lEsHZdq5D/1B6ctYF0VLlBA5o=,tag:eT3uAWdQ63XjdPTzEsWKug==,type:str] + client_secret: ENC[AES256_GCM,data:gEGxqh4OATMqcAYFS99ps715VhtflFeCwD1y0gvCDpmYgej0xjK4pw==,iv:Xcq1gtf9TKKM2YejIyNMZP9esdpJwIRRVy6zZekSqoA=,tag:xx1SZpzKGbh3N+DYxnEJKQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-10-23T10:17:16Z" + enc: CiUA4OM7eD87wY66POe9D5m+Z9tdiqNzUWoaZbHqyCI7gYUiuu32EkkAq2nhVbEI/L0WVm+YW6Io8TlpkGVZECpphS8xNk9K5nWJWKJE+ehRQ2lxWjxMkNqk8WNU24zvwiCxIdtRCnYXd18Csws7vw85 + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-10-23T10:17:17Z" + mac: ENC[AES256_GCM,data:J99yZKLdaWCfpcs2oKgHJCC2KvMZ4Oy9zhxS4hfNGEG72OuKTJXLWwNwcYPRdv9B39+8BoCtoMYubX4/l5DoUNc7JwgWNBIi2u0EZXaHwavaMhNaDBKWTS/Kl9wxwiqKTY6bAu5yGxxw/xRGiQwILIK4su0UXQ+DDq817Vw1PK4=,iv:sVHuo85geO5XVWJodOSU9V0r2uijxjAxDPCfoL+LbEM=,tag:41LNvuUva4JIAL7gwbyoWw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/nasa-esdis/staging.values.yaml b/config/clusters/nasa-esdis/staging.values.yaml new file mode 100644 index 0000000000..c8d620de13 --- /dev/null +++ b/config/clusters/nasa-esdis/staging.values.yaml @@ -0,0 +1,16 @@ +userServiceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::942325726017:role/nasa-esdis-staging +jupyterhub: + ingress: + hosts: [staging.esdis.2i2c.cloud] + tls: + - hosts: [staging.esdis.2i2c.cloud] + secretName: https-auto-tls + singleuser: + extraEnv: + SCRATCH_BUCKET: s3://nasa-esdis-scratch-staging/$(JUPYTERHUB_USER) + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: "https://staging.esdis.2i2c.cloud/hub/oauth_callback" From 655917073ca729358561733348a93696a5754749 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 15:46:07 +0000 Subject: [PATCH 075/494] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/nasa-esdis/support.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/nasa-esdis/support.values.yaml b/config/clusters/nasa-esdis/support.values.yaml index 87900645dc..7873dae2ea 100644 --- a/config/clusters/nasa-esdis/support.values.yaml +++ b/config/clusters/nasa-esdis/support.values.yaml @@ -1,6 +1,6 @@ prometheusIngressAuthSecret: enabled: true - + prometheus: server: ingress: @@ -31,4 +31,4 @@ cluster-autoscaler: enabled: true autoDiscovery: clusterName: nasa-esdis - awsRegion: us-west-2 \ No newline at end of file + awsRegion: us-west-2 From 58e0c4013bb3d2ac719107e90628bed57194432e Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 24 Oct 2023 10:15:18 +0100 Subject: [PATCH 076/494] Add community team to Authenticator config --- config/clusters/nasa-esdis/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index f8f072e2c2..fed6a9d8ba 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -37,6 +37,7 @@ jupyterhub: GitHubOAuthenticator: allowed_organizations: - 2i2c-org:hub-access-for-2i2c-staff + - nasa:earthdata-cloud-hub-maintainer scope: - read:org Authenticator: From 9351bb576f705719d92d3491b54c817122fa5b01 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 24 Oct 2023 10:15:38 +0100 Subject: [PATCH 077/494] Add prod hub config --- config/clusters/nasa-esdis/cluster.yaml | 8 ++++++++ .../nasa-esdis/enc-prod.secret.values.yaml | 20 +++++++++++++++++++ config/clusters/nasa-esdis/prod.values.yaml | 16 +++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 config/clusters/nasa-esdis/enc-prod.secret.values.yaml create mode 100644 config/clusters/nasa-esdis/prod.values.yaml diff --git a/config/clusters/nasa-esdis/cluster.yaml b/config/clusters/nasa-esdis/cluster.yaml index 030b77f840..6dd2d8407e 100644 --- a/config/clusters/nasa-esdis/cluster.yaml +++ b/config/clusters/nasa-esdis/cluster.yaml @@ -18,3 +18,11 @@ hubs: - common.values.yaml - staging.values.yaml - enc-staging.secret.values.yaml + - name: prod + display_name: "ESDIS" + domain: esdis.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - prod.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/nasa-esdis/enc-prod.secret.values.yaml b/config/clusters/nasa-esdis/enc-prod.secret.values.yaml new file mode 100644 index 0000000000..6fa6cca51c --- /dev/null +++ b/config/clusters/nasa-esdis/enc-prod.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:OiqOHcO1+3DGyXRiBht2l5vHH1o=,iv:dwBeTe+8xakdrIr09rZT9b9+wWvflIE6pDm36pU9YcI=,tag:k0hpKiafQ8aqEI2HwXOzlA==,type:str] + client_secret: ENC[AES256_GCM,data:YGoTpQ3fivk0Ax9IAkjEmx63r2M4GrCbBYsAwa7wbmV8sbG6ZQrDDA==,iv:jemvx79SGsYUPch8NkRpRErsx2Ze4osLFCaJN30732Q=,tag:CA0V/T2AhjQ+bpQLO/kGDQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-10-24T09:12:24Z" + enc: CiUA4OM7eIXRJ1ZnAaA+iseq8LageDtI0yFUj6vX51qxjMXvdCpXEkkAq2nhVeb7uSbMwycRzDo0pjN7SfYdvzXlJTnrzOa4pIgisTqBYfHDynb+BZ5BQV/AUQkrq4K5vLYJp8MKTD4MFM9ZDzqqO5zj + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-10-24T09:12:24Z" + mac: ENC[AES256_GCM,data:Zwk0TsPcB/R3j1cXSlscdJ29tF2qP7MGoazhC90/nOJSYnuqCJ9eyP7hZZCk4XPro+GmPswcV9auG25r+5DZ3SoMYqi8/xsQg5dcCkG/Ljmu5aqQx7mpLbsgnfDthknEQLkOh+HBn4CUZeZNjOKR/U9FR2MHA3G7Q22dTqFwWE4=,iv:Wzx/tJybpdO+9BDLqJqN+8l9PRIrmLE8wURyHaKfqcI=,tag:BiGy+pHRQRlpbKnhVmBq+A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/nasa-esdis/prod.values.yaml b/config/clusters/nasa-esdis/prod.values.yaml new file mode 100644 index 0000000000..2c10065f75 --- /dev/null +++ b/config/clusters/nasa-esdis/prod.values.yaml @@ -0,0 +1,16 @@ +userServiceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::942325726017:role/nasa-esdis-prod +jupyterhub: + ingress: + hosts: [esdis.2i2c.cloud] + tls: + - hosts: [esdis.2i2c.cloud] + secretName: https-auto-tls + singleuser: + extraEnv: + SCRATCH_BUCKET: s3://nasa-esdis-scratch/$(JUPYTERHUB_USER) + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: "https://esdis.2i2c.cloud/hub/oauth_callback" From b784690d4e7a22997537898f59d0e6a11e8208a9 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 16:45:12 +0000 Subject: [PATCH 078/494] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/nasa-esdis/common.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index fed6a9d8ba..ad7c00f2a8 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -42,8 +42,8 @@ jupyterhub: - read:org Authenticator: admin_users: - - bilts # Patrick Quinn - - freitagb # Brian Freitag + - bilts # Patrick Quinn + - freitagb # Brian Freitag singleuser: profileList: - display_name: Python From 6bb887498decf4fa85bf2fb9212108209e36a650 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 26 Oct 2023 11:21:26 +0100 Subject: [PATCH 079/494] Add beta testers team to auth config --- config/clusters/nasa-esdis/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index ad7c00f2a8..6efba80602 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -38,6 +38,7 @@ jupyterhub: allowed_organizations: - 2i2c-org:hub-access-for-2i2c-staff - nasa:earthdata-cloud-hub-maintainer + - veda-analytics-access:esdis-hub-beta-testers scope: - read:org Authenticator: From 9667c2152dcc635c108105f336ed7d49cf0aa28c Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 27 Oct 2023 09:43:28 +0100 Subject: [PATCH 080/494] Change team name Requested in https://github.com/2i2c-org/infrastructure/issues/3068#issuecomment-1781386350 --- config/clusters/nasa-esdis/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index 6efba80602..8f85340f62 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -37,7 +37,7 @@ jupyterhub: GitHubOAuthenticator: allowed_organizations: - 2i2c-org:hub-access-for-2i2c-staff - - nasa:earthdata-cloud-hub-maintainer + - nasa:earthdata-cloud-playground-maintainer - veda-analytics-access:esdis-hub-beta-testers scope: - read:org From 29fd9a4f13ae139ed282a973458a48e0b5779bf1 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 30 Oct 2023 08:59:59 +0000 Subject: [PATCH 081/494] Add another testing team --- config/clusters/nasa-esdis/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index 8f85340f62..e0cdd79b07 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -39,6 +39,7 @@ jupyterhub: - 2i2c-org:hub-access-for-2i2c-staff - nasa:earthdata-cloud-playground-maintainer - veda-analytics-access:esdis-hub-beta-testers + - NASA-Openscapes:esdis_hub_testers scope: - read:org Authenticator: From dda17054ac790f2adc5235b56826bed5cc17bacf Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 29 Nov 2023 10:38:29 +0000 Subject: [PATCH 082/494] Update homepage variables --- config/clusters/nasa-esdis/common.values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index e0cdd79b07..0abae7aa55 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -19,7 +19,7 @@ jupyterhub: templateVars: org: name: ESDIS - logo_url: "" + logo_url: "https://private-user-images.githubusercontent.com/61120/286372889-3380676a-1f2e-400d-8471-79496510c1e7.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTEiLCJleHAiOjE3MDEyNTQ0NDAsIm5iZiI6MTcwMTI1NDE0MCwicGF0aCI6Ii82MTEyMC8yODYzNzI4ODktMzM4MDY3NmEtMWYyZS00MDBkLTg0NzEtNzk0OTY1MTBjMWU3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFJV05KWUFYNENTVkVINTNBJTJGMjAyMzExMjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjMxMTI5VDEwMzU0MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTlmOThmYTZmMzQyMWY2YjIyYzE5OTU2ZDhlZGVjOGI3ZDE4MzUzMDc0MDE3ZGVkNmM0MDliNDhmYmM0M2U1OTImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.1HKSBVV0WEBcY1CoEr-YtXdjev-D6hViaIWEALdT5G4" url: https://www.earthdata.nasa.gov/esdis designed_by: name: 2i2c @@ -28,8 +28,8 @@ jupyterhub: name: 2i2c url: https://2i2c.org funded_by: - name: "" - url: "" + name: NASA + url: "https://www.earthdata.nasa.gov/esds" hub: config: JupyterHub: From f8d37eabff0119fbfb4dec5dcff8f9dd1d323696 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 29 Nov 2023 11:00:56 +0000 Subject: [PATCH 083/494] Fix logo URL --- config/clusters/nasa-esdis/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index 0abae7aa55..be3a3c0ab1 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -19,7 +19,7 @@ jupyterhub: templateVars: org: name: ESDIS - logo_url: "https://private-user-images.githubusercontent.com/61120/286372889-3380676a-1f2e-400d-8471-79496510c1e7.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTEiLCJleHAiOjE3MDEyNTQ0NDAsIm5iZiI6MTcwMTI1NDE0MCwicGF0aCI6Ii82MTEyMC8yODYzNzI4ODktMzM4MDY3NmEtMWYyZS00MDBkLTg0NzEtNzk0OTY1MTBjMWU3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFJV05KWUFYNENTVkVINTNBJTJGMjAyMzExMjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjMxMTI5VDEwMzU0MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTlmOThmYTZmMzQyMWY2YjIyYzE5OTU2ZDhlZGVjOGI3ZDE4MzUzMDc0MDE3ZGVkNmM0MDliNDhmYmM0M2U1OTImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.1HKSBVV0WEBcY1CoEr-YtXdjev-D6hViaIWEALdT5G4" + logo_url: "https://github.com/2i2c-org/infrastructure/assets/61120/3380676a-1f2e-400d-8471-79496510c1e7" url: https://www.earthdata.nasa.gov/esdis designed_by: name: 2i2c From 7aab003a712aa30272e3fa891998214ced230cc1 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 29 Nov 2023 11:03:47 +0000 Subject: [PATCH 084/494] Update list of allowed GitHub teams to authorise --- config/clusters/nasa-esdis/common.values.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index be3a3c0ab1..e2fd102445 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -36,10 +36,7 @@ jupyterhub: authenticator_class: github GitHubOAuthenticator: allowed_organizations: - - 2i2c-org:hub-access-for-2i2c-staff - - nasa:earthdata-cloud-playground-maintainer - - veda-analytics-access:esdis-hub-beta-testers - - NASA-Openscapes:esdis_hub_testers + - nasa-esdis:cloud-users scope: - read:org Authenticator: From 53e4661bbfd9aa4ea8959e999276252c7cb13f27 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 29 Nov 2023 11:25:56 +0000 Subject: [PATCH 085/494] [openscapes] Bump matlab image tag Requested in https://2i2c.freshdesk.com/a/tickets/1142 --- config/clusters/openscapes/prod.values.yaml | 2 +- config/clusters/openscapes/staging.values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/openscapes/prod.values.yaml b/config/clusters/openscapes/prod.values.yaml index cb2dae1997..5e77d5edcc 100644 --- a/config/clusters/openscapes/prod.values.yaml +++ b/config/clusters/openscapes/prod.values.yaml @@ -96,7 +96,7 @@ basehub: - display_name: Matlab description: Matlab environment kubespawner_override: - image: openscapes/matlab:2023-06-29 + image: openscapes/matlab:2023-11-28 profile_options: *profile_options hub: config: diff --git a/config/clusters/openscapes/staging.values.yaml b/config/clusters/openscapes/staging.values.yaml index 17fbf0ac7f..52c24d64f5 100644 --- a/config/clusters/openscapes/staging.values.yaml +++ b/config/clusters/openscapes/staging.values.yaml @@ -122,7 +122,7 @@ basehub: unlisted_choice: *unlisted_choice choices: default: - display_name: openscapes/matlab:2023-06-29 + display_name: openscapes/matlab:2023-11-28 default: true kubespawner_override: image: openscapes/matlab:2023-06-29 From 3fd4c81c0789b2183f84883dbaee9d57ae2564bd Mon Sep 17 00:00:00 2001 From: James Munroe Date: Wed, 29 Nov 2023 08:02:44 -0500 Subject: [PATCH 086/494] add new gh org and update image tags --- config/clusters/2i2c-aws-us/showcase.values.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index 9416fc4a23..fc549e926d 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -40,6 +40,7 @@ basehub: allowed_organizations: - 2i2c-org:research-delight-team - 2i2c-demo-hub-access:showcase-topst + - ScienceCore-ClimateRisk scope: - read:org Authenticator: @@ -54,6 +55,7 @@ basehub: allowed_teams: - 2i2c-demo-hub-access:showcase-topst - 2i2c-org:hub-access-for-2i2c-staff + - ScienceCore-ClimateRisk profile_options: image: display_name: Image @@ -70,7 +72,7 @@ basehub: default: true slug: opera kubespawner_override: - image: quay.io/2i2c/researchdelight-image:c799b705ce90 + image: quay.io/2i2c/sciencecore-climaterisk-image:ea0618a408e2 kubespawner_override: mem_guarantee: 7.234G cpu_guarantee: 0.1 @@ -93,6 +95,11 @@ basehub: kubespawner_override: image: "{value}" choices: + handbook: + display_name: Handbook Authoring + slug: handbook + kubespawner_override: + image: quay.io/2i2c/handbook-authoring-image:bbe4225a7940 pangeo: display_name: Pangeo Notebook default: true From 5f74590b6ac4c4c2cdd56d15799e946638ebc16a Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 29 Nov 2023 16:09:20 +0200 Subject: [PATCH 087/494] Collect service labels for kube_service_ metrics to be usable --- helm-charts/support/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index 97f6099380..86b82d09ce 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -83,6 +83,7 @@ prometheus: metricLabelsAllowlist: - pods=[app,component,hub.jupyter.org/username,app.kubernetes.io/component] - nodes=[*] + - services=[app, component] # prometheus-node-exporter is an optional prometheus chart dependency that we # rely on to collect metrics about the nodes From 6027820165c17439c00605f1fc7039957951fde6 Mon Sep 17 00:00:00 2001 From: James Munroe Date: Wed, 29 Nov 2023 16:59:14 -0500 Subject: [PATCH 088/494] add public readwrite shared folder --- config/clusters/hhmi/common.values.yaml | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index c6796075c0..9010da5f21 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -51,6 +51,37 @@ basehub: - name: MYSQL_ROOT_PASSWORD value: "tutorial" defaultUrl: /lab + storage: + extraVolumeMounts: + - name: home + mountPath: /home/jovyan/shared-public + subPath: _shared-public + readOnly: false + - name: home + mountPath: /home/jovyan/shared-readonly + subPath: _shared + readOnly: true + initContainers: + - name: volume-mount-ownership-fix + image: busybox:1.36.1 + command: + - sh + - -c + - id && chown 1000:1000 /home/jovyan /home/jovyan/shared-readonly /home/jovyan/shared-public && ls -lhd /home/jovyan + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + # Mounted without readonly attribute here, + # so we can chown it appropriately + - name: home + mountPath: /home/jovyan/shared-readonly + subPath: _shared + - name: home + mountPath: /home/jovyan/shared-public + subPath: _shared-public profileList: - display_name: "Loren Frank Lab" default: true From dcc4163c10ac4bb11f176a0af94ffe4073ee60cc Mon Sep 17 00:00:00 2001 From: James Munroe Date: Wed, 29 Nov 2023 17:20:24 -0500 Subject: [PATCH 089/494] prettier fix --- .../clusters/2i2c-aws-us/showcase.values.yaml | 48 +++++++++++++++---- 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index fc549e926d..cabb6e0534 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -40,22 +40,31 @@ basehub: allowed_organizations: - 2i2c-org:research-delight-team - 2i2c-demo-hub-access:showcase-topst - - ScienceCore-ClimateRisk + - ScienceCore scope: - read:org Authenticator: enable_auth_state: true singleuser: - image: - name: quay.io/2i2c/researchdelight-image - tag: "872f0c4578af" profileList: - - display_name: "NASA TOPS-T ScienceCore" + - display_name: "NASA TOPS-T ScienceCore-ClimateRisk" description: "For collaborative work on 2i2c/MD's NASA TOPS-T ScienceCore Module" allowed_teams: - 2i2c-demo-hub-access:showcase-topst - 2i2c-org:hub-access-for-2i2c-staff - ScienceCore-ClimateRisk + kubespawner_override: + image: quay.io/2i2c/sciencecore-climaterisk-image:ea0618a408e2 + mem_guarantee: 7.234G + cpu_guarantee: 0.1 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + - display_name: "NASA TOPS-T ScienceCore" + description: "JupyterHubs for NASA ScienceCore Modules" + allowed_teams: + - 2i2c-org:hub-access-for-2i2c-staff + - ScienceCore:2i2c-showcase profile_options: image: display_name: Image @@ -67,12 +76,33 @@ basehub: kubespawner_override: image: "{value}" choices: - opera: - display_name: Opera App + jupyter-scipy: default: true - slug: opera + display_name: Jupyter SciPy + slug: jupyter-scipy + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-27 + jupyter-datascience: + display_name: Jupyter DataScience + slug: jupyter-datascience + kubespawner_override: + image: jupyter/datascience-notebook:2023-06-27 + rocker-geospatial: + display_name: Rocker Geospatial + slug: rocker-geospatial + kubespawner_override: + image: rocker/binder:4.3 + # Launch into RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + pangeo: + display_name: Pangeo Notebook + slug: pangeo kubespawner_override: - image: quay.io/2i2c/sciencecore-climaterisk-image:ea0618a408e2 + image: pangeo/pangeo-notebook:2023.06.20 + kubespawner_override: mem_guarantee: 7.234G cpu_guarantee: 0.1 From 6d201c7e43b09ed20d7c093b4a3f38d12a226fca Mon Sep 17 00:00:00 2001 From: James Munroe Date: Wed, 29 Nov 2023 17:25:36 -0500 Subject: [PATCH 090/494] use gh climaterisk team --- config/clusters/2i2c-aws-us/showcase.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index cabb6e0534..957262ba15 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -52,7 +52,7 @@ basehub: allowed_teams: - 2i2c-demo-hub-access:showcase-topst - 2i2c-org:hub-access-for-2i2c-staff - - ScienceCore-ClimateRisk + - ScienceCore:climaterisk-team kubespawner_override: image: quay.io/2i2c/sciencecore-climaterisk-image:ea0618a408e2 mem_guarantee: 7.234G From 56efbf6fd83f738399a75505ebe7aaba0066e5a9 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 24 Nov 2023 13:17:28 +0200 Subject: [PATCH 091/494] Have an add a rm command instead of a bulk update one --- deployer/commands/grafana/central_grafana.py | 197 +++++++++++++------ 1 file changed, 133 insertions(+), 64 deletions(-) diff --git a/deployer/commands/grafana/central_grafana.py b/deployer/commands/grafana/central_grafana.py index ad64fe076b..a1a9300c45 100644 --- a/deployer/commands/grafana/central_grafana.py +++ b/deployer/commands/grafana/central_grafana.py @@ -28,12 +28,18 @@ yaml = YAML(typ="safe") -def build_datasource_details(cluster_name): +def central_grafana_datasource_endpoint(central_grafana_cluster_name="2i2c"): + grafana_url = get_grafana_url(central_grafana_cluster_name) + return f"{grafana_url}/api/datasources" + + +def build_datasource_details(cluster_name, datasource_name=None): """ Build the payload needed to create an authenticated datasource in Grafana for `cluster_name`. Args: - cluster_name: name of the cluster + cluster_name: name of the cluster who's prometheus instance will map to this datasource_name + datasource_name: name of the datasource Returns: dict object: req payload to be consumed by Grafana """ @@ -43,8 +49,9 @@ def build_datasource_details(cluster_name): # Get the credentials of this prometheus instance prometheus_creds = get_cluster_prometheus_creds(cluster_name) + datasource_name = cluster_name if not datasource_name else datasource_name datasource_details = { - "name": cluster_name, + "name": datasource_name, "type": "prometheus", "access": "proxy", "url": f"https://{datasource_url}", @@ -56,14 +63,14 @@ def build_datasource_details(cluster_name): return datasource_details -def build_datasource_request_headers(cluster_name): +def build_datasource_request_headers(central_grafana_cluster_name="2i2c"): """ Build the headers needed to send requests to the Grafana datasource endpoint. Returns: dict: "Accept", "Content-Type", "Authorization" headers """ - token = get_grafana_token(cluster_name) + token = get_grafana_token(central_grafana_cluster_name) headers = { "Accept": "application/json", @@ -74,7 +81,7 @@ def build_datasource_request_headers(cluster_name): return headers -def get_clusters_used_as_datasources(cluster_name, datasource_endpoint): +def get_clusters_used_as_datasources(central_grafana_cluster_name="2i2c"): """ Get the list of cluster names that have prometheus instances already defined as datasources of the central Grafana. @@ -82,14 +89,18 @@ def get_clusters_used_as_datasources(cluster_name, datasource_endpoint): Returns: list: the name of the clusters registered as central Grafana datasources """ - headers = build_datasource_request_headers(cluster_name) + datasource_endpoint = central_grafana_datasource_endpoint( + central_grafana_cluster_name + ) + + headers = build_datasource_request_headers() # Get the list of all the currently existing datasources response = requests.get(datasource_endpoint, headers=headers) if not response.ok: print( - f"An error occured when retrieving the datasources from {datasource_endpoint}.\n" + f"An error occurred when retrieving the datasources from {datasource_endpoint}.\n" f"Error was {response.text}." ) response.raise_for_status() @@ -99,68 +110,126 @@ def get_clusters_used_as_datasources(cluster_name, datasource_endpoint): @grafana_app.command() -def update_central_datasources( - central_grafana_cluster=typer.Option( - "2i2c", help="Name of cluster where the central grafana lives" +def get_datasources_removal_candidates(): + """ + Get the datasources names that are registered in central grafana + but are NOT in the list of clusters in the infrastructure repository. + You might consider removing these datasources one by one, as they might link to + decommissioned clusters. + """ + # Get a list of the clusters that already have their prometheus instances used as datasources + datasources = get_clusters_used_as_datasources() + + # Get the list of the names of clusters in the infrastructure repository + cluster_files = get_all_cluster_yaml_files() + cluster_names = [cluster.parents[0].name for cluster in cluster_files] + + rm_candidates = set(datasources).difference(cluster_names) + + if not rm_candidates: + print_colour("Everything is up to date! :)") + return + + print( + "These datasources don't map to an existing cluster. You might consider removing them." ) -): + print_colour(f"{rm_candidates}", "yellow") + + +@grafana_app.command() +def get_datasources_add_candidates(): """ - Update the central grafana with datasources for all clusters prometheus instances + Get the clusters in the infrastructure repository but are NOT + registered in central grafana as datasources. + You might consider adding these datasources, as they might link to + new clusters that haven't been updated. """ - grafana_url = get_grafana_url(central_grafana_cluster) - datasource_endpoint = f"{grafana_url}/api/datasources" # Get a list of the clusters that already have their prometheus instances used as datasources - datasources = get_clusters_used_as_datasources( - central_grafana_cluster, datasource_endpoint - ) + datasources = get_clusters_used_as_datasources() - # Get a list of filepaths to all cluster.yaml files in the repo + # Get the list of the names of clusters in the infrastructure repository cluster_files = get_all_cluster_yaml_files() + cluster_names = [cluster.parents[0].name for cluster in cluster_files] - print("Searching for clusters that aren't Grafana datasources...") - # Count how many clusters we can't add as datasources for logging - exceptions = 0 - for cluster_file in cluster_files: - # Read in the cluster.yaml file - with open(cluster_file) as f: - cluster_config = yaml.load(f) - - # Get the cluster's name - cluster_name = cluster_config.get("name", {}) - if cluster_name and cluster_name not in datasources: - print(f"Found {cluster_name} cluster. Checking if it can be added...") - # Build the datasource details for the instances that aren't configures as datasources - try: - datasource_details = build_datasource_details(cluster_name) - req_body = json.dumps(datasource_details) - - # Tell Grafana to create and register a datasource for this cluster - headers = build_datasource_request_headers(central_grafana_cluster) - response = requests.post( - datasource_endpoint, data=req_body, headers=headers - ) - if not response.ok: - print( - f"An error occured when creating the datasource. \nError was {response.text}." - ) - response.raise_for_status() - print_colour( - f"Successfully created a new datasource for {cluster_name}!" - ) - except Exception as e: - print_colour( - f"An error occured for {cluster_name}.\nError was: {e}.\nSkipping...", - "yellow", - ) - exceptions += 1 - pass - - if exceptions: - print_colour( - f"Failed to add {exceptions} clusters as datasources. See errors above!", - "red", - ) - print_colour( - f"Successfully retrieved {len(datasources)} existing datasources! {datasources}" + add_candidates = set(cluster_names).difference(datasources) + if not add_candidates: + print_colour("Everything is up to date! :)") + return + + print( + "These datasources don't map to an existing cluster. You might consider removing them." ) + print_colour(f"{add_candidates}", "yellow") + + +@grafana_app.command() +def add_cluster_as_datasource( + cluster_name=typer.Argument( + ..., help="Name of cluster to add as a datasource to the central 2i2c grafana." + ), + datasource_name=typer.Option( + "", + help="(Optional) The name of the datasource to add. Defaults to cluster_name.", + ), +): + """ + Add a new cluster to the central 2i2c grafana. + """ + datasource_name = cluster_name if not datasource_name else datasource_name + datasource_endpoint = central_grafana_datasource_endpoint("2i2c") + + # Get a list of the clusters that already have their prometheus instances used as datasources + datasources = get_clusters_used_as_datasources() + if cluster_name and cluster_name not in datasources: + print(f"Checking if {cluster_name} it can be added as datasource...") + datasource_details = build_datasource_details(cluster_name) + req_body = json.dumps(datasource_details) + + # Tell Grafana to create and register a datasource for this cluster + headers = build_datasource_request_headers() + response = requests.post(datasource_endpoint, data=req_body, headers=headers) + if not response.ok: + print_colour(f"{response.reason}.{response.json()['message']}.", "red") + return + + print_colour(f"Successfully created a new datasource for {cluster_name}!") + + +@grafana_app.command() +def rm_entry_from_datasources( + cluster_name=typer.Argument( + ..., + help="The name of cluster who's prometheus instance we're removing from the datasources in the central 2i2c grafana.", + ), + datasource_name=typer.Option( + "", + help="The name of the datasource we're removing. This is usually the same with the name of cluster.", + ), +): + """ + Update the central grafana with datasources for all clusters prometheus instances + """ + datasource_name = cluster_name if not datasource_name else datasource_name + datasource_endpoint = central_grafana_datasource_endpoint("2i2c") + datasource_delete_endpoint = f"{datasource_endpoint}/name/{datasource_name}" + + # Get a list of the clusters that already have their prometheus instances used as datasources + datasources = get_clusters_used_as_datasources() + + if datasource_name in datasources: + print(f"Checking if {datasource_name} it can be deleted from datasources...") + # Build the datasource details for the instances that aren't configures as datasources + datasource_details = build_datasource_details(cluster_name, datasource_name) + req_body = json.dumps(datasource_details) + + # Tell Grafana to create and register a datasource for this cluster + headers = build_datasource_request_headers() + response = requests.delete( + datasource_delete_endpoint, data=req_body, headers=headers + ) + if not response.ok: + print_colour(f"{response.reason}. {response.json()['message']}.", "red") + return + + print_colour(f"Successfully deleted the datasource of {datasource_name}!") From 5b1d03e4edb4c8b23e6316bfd8e0aee402684bda Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 24 Nov 2023 13:23:36 +0200 Subject: [PATCH 092/494] Rm the prometheus ds from the 2i2c central grafana --- config/clusters/2i2c/support.values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/clusters/2i2c/support.values.yaml b/config/clusters/2i2c/support.values.yaml index 10cb266142..01eae923bd 100644 --- a/config/clusters/2i2c/support.values.yaml +++ b/config/clusters/2i2c/support.values.yaml @@ -29,6 +29,14 @@ grafana: allowed_organizations: 2i2c-org feature_toggles: enable: exploreMixedDatasource + # We delete the initial "prometheus" data source from the database to avoid confusion. + # This is because the 2i2c grafana is the central one and we call this datasource "2i2c" + # instead of "prometheus" to be more clear what's about. + # This config-added datasource can only be deleted link this, + # the UI and API are disabled for this operation. + deleteDatasources: + - name: prometheus + orgId: 1 ingress: hosts: - grafana.pilot.2i2c.cloud From b40ce07afec206b1d022408f3211c3708e86a955 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 27 Nov 2023 13:48:09 +0200 Subject: [PATCH 093/494] Fix typos --- config/clusters/2i2c/support.values.yaml | 2 +- deployer/commands/grafana/central_grafana.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/2i2c/support.values.yaml b/config/clusters/2i2c/support.values.yaml index 01eae923bd..7085c82cca 100644 --- a/config/clusters/2i2c/support.values.yaml +++ b/config/clusters/2i2c/support.values.yaml @@ -32,7 +32,7 @@ grafana: # We delete the initial "prometheus" data source from the database to avoid confusion. # This is because the 2i2c grafana is the central one and we call this datasource "2i2c" # instead of "prometheus" to be more clear what's about. - # This config-added datasource can only be deleted link this, + # This config-added datasource can only be deleted like this, # the UI and API are disabled for this operation. deleteDatasources: - name: prometheus diff --git a/deployer/commands/grafana/central_grafana.py b/deployer/commands/grafana/central_grafana.py index a1a9300c45..cc9293bf4f 100644 --- a/deployer/commands/grafana/central_grafana.py +++ b/deployer/commands/grafana/central_grafana.py @@ -182,7 +182,7 @@ def add_cluster_as_datasource( # Get a list of the clusters that already have their prometheus instances used as datasources datasources = get_clusters_used_as_datasources() if cluster_name and cluster_name not in datasources: - print(f"Checking if {cluster_name} it can be added as datasource...") + print(f"Checking if {cluster_name} can be added as datasource...") datasource_details = build_datasource_details(cluster_name) req_body = json.dumps(datasource_details) @@ -218,7 +218,7 @@ def rm_entry_from_datasources( datasources = get_clusters_used_as_datasources() if datasource_name in datasources: - print(f"Checking if {datasource_name} it can be deleted from datasources...") + print(f"Checking if {datasource_name} can be deleted from datasources...") # Build the datasource details for the instances that aren't configures as datasources datasource_details = build_datasource_details(cluster_name, datasource_name) req_body = json.dumps(datasource_details) From 446e5159a8dce13cfa4959e496d0422b15a809fb Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 27 Nov 2023 16:13:50 +0200 Subject: [PATCH 094/494] Delete the prometheus datasouce, then add it back under the 2i2c name --- config/clusters/2i2c/support.values.yaml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/config/clusters/2i2c/support.values.yaml b/config/clusters/2i2c/support.values.yaml index 7085c82cca..56f5d276fb 100644 --- a/config/clusters/2i2c/support.values.yaml +++ b/config/clusters/2i2c/support.values.yaml @@ -34,9 +34,24 @@ grafana: # instead of "prometheus" to be more clear what's about. # This config-added datasource can only be deleted like this, # the UI and API are disabled for this operation. - deleteDatasources: - - name: prometheus - orgId: 1 + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # Add the prometheus server as a datasource in the same namespace as grafana. + # This is called "prometheus" in all other clusters, except of the 2i2c one, + # which is the central Grafana, where all clusters' prometheus instances + # are also linked as datasources. + # Having "2i2c" as the name, instead of the more generic "prometheus" + # will help to more easily know what cluster the datasource is mapping. + - name: 2i2c + orgId: 1 + type: prometheus + # This is the name of the kubernetes service exposed by the prometheus server + url: http://support-prometheus-server + access: proxy + isDefault: true + editable: false ingress: hosts: - grafana.pilot.2i2c.cloud From 4b007821ad4fb984cb1296353c8442ac9fd8db58 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 27 Nov 2023 16:30:45 +0200 Subject: [PATCH 095/494] Create a central-ds grafana sub-command --- deployer/commands/grafana/central_grafana.py | 40 +++++++++++++------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/deployer/commands/grafana/central_grafana.py b/deployer/commands/grafana/central_grafana.py index cc9293bf4f..df58bd015c 100644 --- a/deployer/commands/grafana/central_grafana.py +++ b/deployer/commands/grafana/central_grafana.py @@ -27,6 +27,16 @@ yaml = YAML(typ="safe") +# Creates a new typer application, called "central" +# and nest it as a sub-command under "grafana" + +central_grafana_ds_app = typer.Typer(pretty_exceptions_show_locals=False) +grafana_app.add_typer( + central_grafana_ds_app, + name="central-ds", + help="Sub-command to manage the 2i2c central Grafana's data sources.", +) + def central_grafana_datasource_endpoint(central_grafana_cluster_name="2i2c"): grafana_url = get_grafana_url(central_grafana_cluster_name) @@ -109,12 +119,12 @@ def get_clusters_used_as_datasources(central_grafana_cluster_name="2i2c"): return [datasource["name"] for datasource in datasources] -@grafana_app.command() -def get_datasources_removal_candidates(): +@central_grafana_ds_app.command() +def get_rm_candidates(): """ - Get the datasources names that are registered in central grafana + Get the list of datasources that are registered in central grafana but are NOT in the list of clusters in the infrastructure repository. - You might consider removing these datasources one by one, as they might link to + You might consider removing these datasources, as they might refer to decommissioned clusters. """ # Get a list of the clusters that already have their prometheus instances used as datasources @@ -136,10 +146,10 @@ def get_datasources_removal_candidates(): print_colour(f"{rm_candidates}", "yellow") -@grafana_app.command() -def get_datasources_add_candidates(): +@central_grafana_ds_app.command() +def get_add_candidates(): """ - Get the clusters in the infrastructure repository but are NOT + Get the clusters that are in the infrastructure repository but are NOT registered in central grafana as datasources. You might consider adding these datasources, as they might link to new clusters that haven't been updated. @@ -163,18 +173,18 @@ def get_datasources_add_candidates(): print_colour(f"{add_candidates}", "yellow") -@grafana_app.command() -def add_cluster_as_datasource( +@central_grafana_ds_app.command() +def add( cluster_name=typer.Argument( ..., help="Name of cluster to add as a datasource to the central 2i2c grafana." ), datasource_name=typer.Option( "", - help="(Optional) The name of the datasource to add. Defaults to cluster_name.", + help="(Optional) The name of the datasource. Defaults to `cluster_name`.", ), ): """ - Add a new cluster to the central 2i2c grafana. + Add a new cluster as a datasource to the central Grafana. """ datasource_name = cluster_name if not datasource_name else datasource_name datasource_endpoint = central_grafana_datasource_endpoint("2i2c") @@ -196,8 +206,8 @@ def add_cluster_as_datasource( print_colour(f"Successfully created a new datasource for {cluster_name}!") -@grafana_app.command() -def rm_entry_from_datasources( +@central_grafana_ds_app.command() +def remove( cluster_name=typer.Argument( ..., help="The name of cluster who's prometheus instance we're removing from the datasources in the central 2i2c grafana.", @@ -208,7 +218,9 @@ def rm_entry_from_datasources( ), ): """ - Update the central grafana with datasources for all clusters prometheus instances + Remove a datasource that maps to a cluster, from the central Grafana. + In the unlikely case, the datasource has a different name than the cluster's name, + pass it through the optional `datasource-name` flag. """ datasource_name = cluster_name if not datasource_name else datasource_name datasource_endpoint = central_grafana_datasource_endpoint("2i2c") From 21e480434fc18cd2e54c2ba70ee72edf034b4be3 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 27 Nov 2023 17:16:53 +0200 Subject: [PATCH 096/494] Update deployer readme --- deployer/README.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/deployer/README.md b/deployer/README.md index 49548e0cb2..134de872b6 100644 --- a/deployer/README.md +++ b/deployer/README.md @@ -317,11 +317,20 @@ If such a file doesn't already exist, it will be created by this function. Updates: - the content of `enc-grafana-token.secret.yaml` with the new token if one already existed -#### `grafana update-central-datasources` +#### The `grafana central-ds` sub-command +This is a sub-command meant to help engineers to programmatically manage the datasources registered in the 2i2c central Grafana at https://grafana.pilot.2i2c.cloud. -Ensures that the central grafana at https://grafana.pilot.2i2c.cloud is -configured to use as datasource the authenticated prometheus instances of all -the clusters that we run. +##### `grafana central-ds add` +Adds a new cluster as a datasource to the central Grafana. + +##### `grafana central-ds remove` +Removes a datasource from the central Grafana. In the unlikely case, the datasource has a different name than the cluster's name, pass it through the optional `datasource-name` flag. + +##### `grafana central-ds get-add-candidates` +Gets the clusters that are in the infrastructure repository but are NOT registered in central grafana as datasources. Usually this happens when a new clusters was added, but its prometheus server was not mapped to a datasource of the central 2i2c Grafana. This list can then be used to know which datasources to add. + +##### `grafana central-ds get-rm-candidates` +Gets the list of datasources that are registered in central grafana but are NOT in the list of clusters in the infrastructure repository. Usually this happens when a clusters was decommissioned, but its prometheus server was not removed from the datasources of the central 2i2c Grafana. This list can then be used to know which datasources to remove. ### The `validate` sub-command From 3a8cc7698137f86052f9035cb4430d583ff4bc08 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 27 Nov 2023 17:23:10 +0200 Subject: [PATCH 097/494] Update docs and issue tempalte about how to add/rm cluster and ds --- .github/ISSUE_TEMPLATE/5_decommission-hub.md | 2 ++ .../deploy-support/register-central-grafana.md | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/5_decommission-hub.md b/.github/ISSUE_TEMPLATE/5_decommission-hub.md index 183890f703..c0fb1ae114 100644 --- a/.github/ISSUE_TEMPLATE/5_decommission-hub.md +++ b/.github/ISSUE_TEMPLATE/5_decommission-hub.md @@ -44,6 +44,8 @@ Usually, it is because it was a hub that we created for a workshop/conference an _This phase is only necessary for single hub clusters._ +- [ ] Remove the cluster's datasource from the central Grafana with: + - `deployer grafana central-ds remove CLUSTER_NAME` - [ ] Run `terraform plan -destroy` and `terraform apply` from the [appropriate workspace](https://infrastructure.2i2c.org/en/latest/topic/terraform.html#workspaces), to destroy the cluster - [ ] Delete the terraform workspace: `terraform workspace delete ` - [ ] Remove the associated `config/clusters/` directory and all its contents diff --git a/docs/hub-deployment-guide/deploy-support/register-central-grafana.md b/docs/hub-deployment-guide/deploy-support/register-central-grafana.md index 838472995e..48789cab23 100644 --- a/docs/hub-deployment-guide/deploy-support/register-central-grafana.md +++ b/docs/hub-deployment-guide/deploy-support/register-central-grafana.md @@ -1,6 +1,6 @@ # Register the cluster's Prometheus server with the central Grafana -Once you have [deployed the support chart](deploy-support-chart), you must also register this cluster as a datasource for the [central Grafana dashboard](grafana-dashboards:central). This will allow you to visualize cluster statistics not only from the cluster-specific Grafana deployement but also from the central dashboard, that aggregates data from all the clusters. +Once you have [deployed the support chart](deploy-support-chart), you must also register this cluster as a datasource for the [central Grafana dashboard](grafana-dashboards:central). This will allow you to visualize cluster statistics not only from the cluster-specific Grafana deployment but also from the central dashboard, that aggregates data from all the clusters. ## Create a `support.secret.values.yaml` file @@ -49,4 +49,8 @@ deployer deploy-support $CLUSTER_NAME ## Link the cluster's Prometheus server to the central Grafana -Run `deployer grafana update-central-datasources` to register the new prometheus with the default central grafana. +To register the new prometheus with the default central grafana, run the command below. + +```bash +deployer grafana central-ds add $CLUSTER_NAME +``` From fc66ba9d79d9d484c7063d4cc6547af562ed4cdf Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 27 Nov 2023 17:25:09 +0200 Subject: [PATCH 098/494] Rm comment --- config/clusters/2i2c/support.values.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/config/clusters/2i2c/support.values.yaml b/config/clusters/2i2c/support.values.yaml index 56f5d276fb..c36a9050a9 100644 --- a/config/clusters/2i2c/support.values.yaml +++ b/config/clusters/2i2c/support.values.yaml @@ -29,11 +29,6 @@ grafana: allowed_organizations: 2i2c-org feature_toggles: enable: exploreMixedDatasource - # We delete the initial "prometheus" data source from the database to avoid confusion. - # This is because the 2i2c grafana is the central one and we call this datasource "2i2c" - # instead of "prometheus" to be more clear what's about. - # This config-added datasource can only be deleted like this, - # the UI and API are disabled for this operation. datasources: datasources.yaml: apiVersion: 1 From 4358eeca1c7618ff97529b5b2b3896b0c573215c Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 30 Nov 2023 10:27:21 +0200 Subject: [PATCH 099/494] Don't mark the 2i2c data source as the defaut one --- config/clusters/2i2c/support.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/2i2c/support.values.yaml b/config/clusters/2i2c/support.values.yaml index c36a9050a9..7c2222cc1a 100644 --- a/config/clusters/2i2c/support.values.yaml +++ b/config/clusters/2i2c/support.values.yaml @@ -45,7 +45,7 @@ grafana: # This is the name of the kubernetes service exposed by the prometheus server url: http://support-prometheus-server access: proxy - isDefault: true + isDefault: false editable: false ingress: hosts: From 2c741b70ab693fb2f3f347e9926c86ce43e2bdf8 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 30 Nov 2023 10:38:37 +0200 Subject: [PATCH 100/494] Don't make prometheus either default to avoid creation of placeholder default database --- helm-charts/support/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index 86b82d09ce..c1668eeffb 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -383,7 +383,7 @@ grafana: # This is the name of the kubernetes service exposed by the prometheus server url: http://support-prometheus-server access: proxy - isDefault: true + isDefault: false editable: false # cryptnono kills processes attempting to mine the cryptocurrency Monero in the From d00ed379d105641730c461d8ca1945431bfc1df5 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 30 Nov 2023 13:21:27 +0200 Subject: [PATCH 101/494] Bump qcl homedir capacity --- terraform/gcp/projects/qcl.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/gcp/projects/qcl.tfvars b/terraform/gcp/projects/qcl.tfvars index 369de24c76..771b3f8ce3 100644 --- a/terraform/gcp/projects/qcl.tfvars +++ b/terraform/gcp/projects/qcl.tfvars @@ -15,7 +15,7 @@ core_node_machine_type = "n2-highmem-2" enable_network_policy = true enable_filestore = true -filestore_capacity_gb = 2048 +filestore_capacity_gb = 2560 user_buckets = { "scratch-staging" : { From 1037974c2a46a3fca7bba2365fbfed4d3f5174b4 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 30 Nov 2023 12:17:30 -0800 Subject: [PATCH 102/494] Use GKE's native NVidia driver installer for GPUs - Remove our custom GPU installer daemonset, as GKE now supports automatically doing it (like eksctl does). - Switch from installing 'latest' to using default driver, which is slightly older (version 470 with CUDA 11.4, vs version 530 with CUDA 12). There seems to be a bug with the latest driver causing the GPU to not be usable by non-root users, so let's stick to this until that is resolved. - Apply these changes to LEAP hub already. m2lines is about to be decomissioned, so not necessary. --- config/clusters/leap/support.values.yaml | 5 - config/clusters/m2lines/support.values.yaml | 5 - .../nvidiaDevicePlugin/gke/latest.yaml | 112 ------------------ .../nvidiaDevicePlugin/gke/stable.yaml | 112 ------------------ helm-charts/support/values.schema.yaml | 21 ---- helm-charts/support/values.yaml | 8 +- terraform/gcp/cluster.tf | 4 + 7 files changed, 6 insertions(+), 261 deletions(-) delete mode 100644 helm-charts/support/templates/nvidiaDevicePlugin/gke/latest.yaml delete mode 100644 helm-charts/support/templates/nvidiaDevicePlugin/gke/stable.yaml diff --git a/config/clusters/leap/support.values.yaml b/config/clusters/leap/support.values.yaml index 06420aee63..da5722b3ca 100644 --- a/config/clusters/leap/support.values.yaml +++ b/config/clusters/leap/support.values.yaml @@ -1,8 +1,3 @@ -nvidiaDevicePlugin: - gke: - enabled: true - version: "latest" - prometheusIngressAuthSecret: enabled: true diff --git a/config/clusters/m2lines/support.values.yaml b/config/clusters/m2lines/support.values.yaml index b14e55076a..a2e4fbddb2 100644 --- a/config/clusters/m2lines/support.values.yaml +++ b/config/clusters/m2lines/support.values.yaml @@ -1,8 +1,3 @@ -nvidiaDevicePlugin: - gke: - enabled: true - version: "latest" - grafana: grafana.ini: server: diff --git a/helm-charts/support/templates/nvidiaDevicePlugin/gke/latest.yaml b/helm-charts/support/templates/nvidiaDevicePlugin/gke/latest.yaml deleted file mode 100644 index 6c3d8072f2..0000000000 --- a/helm-charts/support/templates/nvidiaDevicePlugin/gke/latest.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 2022 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The Dockerfile and other source for this daemonset are in -# https://cos.googlesource.com/cos/tools/+/refs/heads/master/src/cmd/cos_gpu_installer/ -# -# This is the same as ../../daemonset.yaml except that it assumes that the -# docker image is present on the node instead of downloading from GCR. This -# allows easier upgrades because GKE can preload the correct image on the -# node and the daemonset can just use that image. -{{- if .Values.nvidiaDevicePlugin.gke.enabled -}} -{{- if eq .Values.nvidiaDevicePlugin.gke.version "latest" }} -# Documented from https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers -# From https://raw.githubusercontent.com/GoogleCloudPlatform/container-engine-accelerators/master/nvidia-driver-installer/cos/daemonset-preloaded-latest.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: nvidia-driver-installer - namespace: kube-system - labels: - k8s-app: nvidia-driver-installer -spec: - selector: - matchLabels: - k8s-app: nvidia-driver-installer - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - name: nvidia-driver-installer - k8s-app: nvidia-driver-installer - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: cloud.google.com/gke-accelerator - operator: Exists - tolerations: - - operator: "Exists" - hostNetwork: true - hostPID: true - volumes: - - name: dev - hostPath: - path: /dev - - name: vulkan-icd-mount - hostPath: - path: /home/kubernetes/bin/nvidia/vulkan/icd.d - - name: nvidia-install-dir-host - hostPath: - path: /home/kubernetes/bin/nvidia - - name: root-mount - hostPath: - path: / - - name: cos-tools - hostPath: - path: /var/lib/cos-tools - initContainers: - - image: "cos-nvidia-installer:fixed" - imagePullPolicy: Never - name: nvidia-driver-installer - resources: - requests: - cpu: "0.15" - securityContext: - privileged: true - env: - - name: NVIDIA_INSTALL_DIR_HOST - value: /home/kubernetes/bin/nvidia - - name: NVIDIA_INSTALL_DIR_CONTAINER - value: /usr/local/nvidia - - name: VULKAN_ICD_DIR_HOST - value: /home/kubernetes/bin/nvidia/vulkan/icd.d - - name: VULKAN_ICD_DIR_CONTAINER - value: /etc/vulkan/icd.d - - name: ROOT_MOUNT_DIR - value: /root - - name: COS_TOOLS_DIR_HOST - value: /var/lib/cos-tools - - name: COS_TOOLS_DIR_CONTAINER - value: /build/cos-tools - volumeMounts: - - name: nvidia-install-dir-host - mountPath: /usr/local/nvidia - - name: vulkan-icd-mount - mountPath: /etc/vulkan/icd.d - - name: dev - mountPath: /dev - - name: root-mount - mountPath: /root - - name: cos-tools - mountPath: /build/cos-tools - command: ['/cos-gpu-installer', 'install', '--version=latest'] - containers: - - image: "gcr.io/google-containers/pause:2.0" - name: pause -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm-charts/support/templates/nvidiaDevicePlugin/gke/stable.yaml b/helm-charts/support/templates/nvidiaDevicePlugin/gke/stable.yaml deleted file mode 100644 index 53dceceb6d..0000000000 --- a/helm-charts/support/templates/nvidiaDevicePlugin/gke/stable.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 2017 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The Dockerfile and other source for this daemonset are in -# https://cos.googlesource.com/cos/tools/+/refs/heads/master/src/cmd/cos_gpu_installer/ -# -# This is the same as ../../daemonset.yaml except that it assumes that the -# docker image is present on the node instead of downloading from GCR. This -# allows easier upgrades because GKE can preload the correct image on the -# node and the daemonset can just use that image. - -{{- if .Values.nvidiaDevicePlugin.gke.enabled -}} -{{- if eq .Values.nvidiaDevicePlugin.gke.version "stable" }} -# Documented from https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers -# From https://raw.githubusercontent.com/GoogleCloudPlatform/container-engine-accelerators/master/nvidia-driver-installer/cos/daemonset-preloaded.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: nvidia-driver-installer - namespace: kube-system - labels: - k8s-app: nvidia-driver-installer -spec: - selector: - matchLabels: - k8s-app: nvidia-driver-installer - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - name: nvidia-driver-installer - k8s-app: nvidia-driver-installer - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: cloud.google.com/gke-accelerator - operator: Exists - tolerations: - - operator: "Exists" - hostNetwork: true - hostPID: true - volumes: - - name: dev - hostPath: - path: /dev - - name: vulkan-icd-mount - hostPath: - path: /home/kubernetes/bin/nvidia/vulkan/icd.d - - name: nvidia-install-dir-host - hostPath: - path: /home/kubernetes/bin/nvidia - - name: root-mount - hostPath: - path: / - - name: cos-tools - hostPath: - path: /var/lib/cos-tools - initContainers: - - image: "cos-nvidia-installer:fixed" - imagePullPolicy: Never - name: nvidia-driver-installer - resources: - requests: - cpu: "0.15" - securityContext: - privileged: true - env: - - name: NVIDIA_INSTALL_DIR_HOST - value: /home/kubernetes/bin/nvidia - - name: NVIDIA_INSTALL_DIR_CONTAINER - value: /usr/local/nvidia - - name: VULKAN_ICD_DIR_HOST - value: /home/kubernetes/bin/nvidia/vulkan/icd.d - - name: VULKAN_ICD_DIR_CONTAINER - value: /etc/vulkan/icd.d - - name: ROOT_MOUNT_DIR - value: /root - - name: COS_TOOLS_DIR_HOST - value: /var/lib/cos-tools - - name: COS_TOOLS_DIR_CONTAINER - value: /build/cos-tools - volumeMounts: - - name: nvidia-install-dir-host - mountPath: /usr/local/nvidia - - name: vulkan-icd-mount - mountPath: /etc/vulkan/icd.d - - name: dev - mountPath: /dev - - name: root-mount - mountPath: /root - - name: cos-tools - mountPath: /build/cos-tools - containers: - - image: "gcr.io/google-containers/pause:2.0" - name: pause -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm-charts/support/values.schema.yaml b/helm-charts/support/values.schema.yaml index d63c7bced4..243acf9ea8 100644 --- a/helm-charts/support/values.schema.yaml +++ b/helm-charts/support/values.schema.yaml @@ -91,7 +91,6 @@ properties: additionalProperties: false required: - azure - - gke properties: azure: type: object @@ -101,26 +100,6 @@ properties: properties: enabled: type: boolean - gke: - type: object - additionalProperties: false - required: - - enabled - - version - properties: - enabled: - type: boolean - version: - type: string - enum: - - stable - - latest - description: | - Install the stable or latest version of nvidia GPU drivers for the node. - - See table in https://cloud.google.com/kubernetes-engine/docs/how-to/gpus#installing_drivers - to determine what versions would be installed. Might need to be matched with appropriate - version of the CUDA libraries used in the images users use. prometheusIngressAuthSecret: type: object diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index 97f6099380..5b361b8a32 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -433,15 +433,11 @@ redirects: rules: [] # Enable a daemonset to install nvidia device plugin to GPU nodes -# AWS does not require this to be set, as eksctl sets this up automatically +# Not necessary on GCP & AWS don't need this, as it is handled automatically by terraform or eksctl +# respectively nvidiaDevicePlugin: - # For Azure-specific image, default to false azure: enabled: false - # For GKE specific image, defaults to false - gke: - enabled: false - version: "stable" # Setup a separate storageClass specifically for prometheus data prometheusStorageClass: diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf index 3b1472c7b6..e30fa73b13 100644 --- a/terraform/gcp/cluster.tf +++ b/terraform/gcp/cluster.tf @@ -296,6 +296,10 @@ resource "google_container_node_pool" "notebook" { content { type = each.value.gpu.type count = each.value.gpu.count + + gpu_driver_installation_config { + gpu_driver_version = "DEFAULT" + } } } From 3581f753dd224e1ada399b5bf114a08555e7a230 Mon Sep 17 00:00:00 2001 From: Brian Freitag Date: Thu, 30 Nov 2023 17:03:06 -0600 Subject: [PATCH 103/494] add permissions for MAAP and PODAAC buckets --- terraform/aws/projects/nasa-veda.tfvars | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index 03f74b6289..5648e5f131 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -55,6 +55,8 @@ hub_cloud_permissions = { "arn:aws:s3:::podaac-ops-cumulus-public/*", "arn:aws:s3:::podaac-ops-cumulus-protected", "arn:aws:s3:::podaac-ops-cumulus-protected/*" + "arn:aws:s3:::maap-ops-workspace + "arn:aws:s3:::nasa-maap-data-store ] }, { @@ -101,7 +103,13 @@ hub_cloud_permissions = { "arn:aws:s3:::nsidc-cumulus-prod-protected", "arn:aws:s3:::nsidc-cumulus-prod-protected/*", "arn:aws:s3:::ornl-cumulus-prod-protected", - "arn:aws:s3:::ornl-cumulus-prod-protected/*" + "arn:aws:s3:::ornl-cumulus-prod-protected/*", + "arn:aws:s3:::podaac-ops-cumulus-public", + "arn:aws:s3:::podaac-ops-cumulus-public/*", + "arn:aws:s3:::podaac-ops-cumulus-protected", + "arn:aws:s3:::podaac-ops-cumulus-protected/*" + "arn:aws:s3:::maap-ops-workspace + "arn:aws:s3:::nasa-maap-data-store ] }, { From 6124e5a5335d660f7f5d5f3189722356622edb21 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 00:09:49 +0000 Subject: [PATCH 104/494] Bump charts ['binderhub'] to versions ['1.0.0-0.dev.git.3350.he7995d6'], respectively --- helm-charts/binderhub/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/binderhub/Chart.yaml b/helm-charts/binderhub/Chart.yaml index 0de47b49dd..20af6a23ce 100644 --- a/helm-charts/binderhub/Chart.yaml +++ b/helm-charts/binderhub/Chart.yaml @@ -5,7 +5,7 @@ name: binderhub version: "0.1.0" dependencies: - name: binderhub - version: "1.0.0-0.dev.git.3182.h5312a70" + version: "1.0.0-0.dev.git.3350.he7995d6" repository: "https://jupyterhub.github.io/helm-chart/" - name: dask-gateway version: "2023.1.0" From 542c1bcdf26a7b3aa48fb3ca329394810b86fa26 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 00:10:08 +0000 Subject: [PATCH 105/494] Bump charts ['prometheus', 'grafana', 'ingress-nginx', 'cluster-autoscaler', 'cryptnono'] to versions ['25.8.0', '7.0.11', '4.8.3', '9.32.1', '0.3.0'], respectively --- helm-charts/support/Chart.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 4d9b651192..93b4ee9478 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -15,13 +15,13 @@ dependencies: - name: prometheus # NOTE: CHECK INSTRUCTIONS UNDER prometheus.server.command IN support/values.yaml # EACH TIME THIS VERSION IS BUMPED! - version: 25.0.0 + version: 25.8.0 repository: https://prometheus-community.github.io/helm-charts # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 6.60.1 + version: 7.0.11 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from @@ -29,19 +29,19 @@ dependencies: # that references this controller. # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx - name: ingress-nginx - version: 4.8.0 + version: 4.8.3 repository: https://kubernetes.github.io/ingress-nginx # cluster-autoscaler for k8s clusters where it doesn't come out of the box (EKS) # https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler - name: cluster-autoscaler - version: 9.29.3 + version: 9.32.1 repository: https://kubernetes.github.io/autoscaler condition: cluster-autoscaler.enabled # cryptnono, counters crypto mining # Source code: https://github.com/yuvipanda/cryptnono/ - name: cryptnono - version: "0.0.1-0.dev.git.27.h01b4f25" + version: "0.3.0" repository: https://yuvipanda.github.io/cryptnono/ condition: cryptnono.enabled From 4077e99057dd7284045dac2520dd5734c4ddec4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 01:27:09 +0000 Subject: [PATCH 106/494] Bump google-github-actions/auth from 1 to 2 Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1 to 2. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/v1...v2) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy-grafana-dashboards.yaml | 2 +- .github/workflows/ensure-uptime-checks.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 3b4bf41510..16c820556f 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -54,7 +54,7 @@ jobs: uses: mdgreenwald/mozilla-sops-action@v1.5.0 - name: Setup sops credentials to decrypt repo secrets - uses: google-github-actions/auth@v1 + uses: google-github-actions/auth@v2 with: credentials_json: "${{ secrets.GCP_KMS_DECRYPTOR_KEY }}" diff --git a/.github/workflows/ensure-uptime-checks.yaml b/.github/workflows/ensure-uptime-checks.yaml index 8c72a83cfc..8c2ad4c224 100644 --- a/.github/workflows/ensure-uptime-checks.yaml +++ b/.github/workflows/ensure-uptime-checks.yaml @@ -42,7 +42,7 @@ jobs: # Authenticate with the correct KMS key that sops will use. - name: Setup sops credentials to decrypt repo secrets - uses: google-github-actions/auth@v1 + uses: google-github-actions/auth@v2 with: credentials_json: "${{ secrets.GCP_KMS_DECRYPTOR_KEY }}" From c2160e34d07288ed7f3b2c8d1c12e37a2853462b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 01:50:54 +0000 Subject: [PATCH 107/494] Bump google-github-actions/auth in /.github/actions/setup-deploy Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1 to 2. - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/v1...v2) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/setup-deploy/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml index 5b461ac572..7da8ff1a96 100644 --- a/.github/actions/setup-deploy/action.yaml +++ b/.github/actions/setup-deploy/action.yaml @@ -129,6 +129,6 @@ runs: shell: bash - name: Setup sops credentials to decrypt repo secrets - uses: google-github-actions/auth@v1 + uses: google-github-actions/auth@v2 with: credentials_json: "${{ inputs.GCP_KMS_DECRYPTOR_KEY }}" From b6b9eaac4bc8eafb720c337efdbb6ad9aba2d68d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 1 Dec 2023 16:11:06 +0000 Subject: [PATCH 108/494] Update name to "NASA Openscapes" --- config/clusters/openscapes/common.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index 7709f3c9dc..a790506909 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -19,7 +19,7 @@ basehub: homepage: templateVars: org: - name: Openscapes + name: NASA Openscapes logo_url: https://www.openscapes.org/img/logo.png url: https://www.openscapes.org/ designed_by: @@ -29,7 +29,7 @@ basehub: name: 2i2c url: https://2i2c.org funded_by: - name: Openscapes + name: NASA Openscapes url: https://www.openscapes.org/ singleuser: serviceAccountName: cloud-user-sa From e358b5eaaf7bb04a5d45d89a89c7c5a05ff1fc70 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 1 Dec 2023 16:11:24 +0000 Subject: [PATCH 109/494] Update logo URL to one that works --- config/clusters/openscapes/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index a790506909..c47f3fd590 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -20,7 +20,7 @@ basehub: templateVars: org: name: NASA Openscapes - logo_url: https://www.openscapes.org/img/logo.png + logo_url: https://nasa-openscapes.github.io/images/nasa-openscapes.png url: https://www.openscapes.org/ designed_by: name: 2i2c From c175b8cef305402cebc8e929334d893b6fd77da1 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 1 Dec 2023 16:12:29 +0000 Subject: [PATCH 110/494] Use the "openscapes" branch of the homepage template repo which will include the Mathworks logo requested in https://2i2c.freshdesk.com/a/tickets/1155 --- config/clusters/openscapes/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index c47f3fd590..af5282b45c 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -17,6 +17,7 @@ basehub: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" homepage: + gitRepoBranch: "openscapes" templateVars: org: name: NASA Openscapes From 0db8f531a775b3cb506ab7ca9bbe674763e4a533 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 1 Dec 2023 16:19:30 +0000 Subject: [PATCH 111/494] Update NASA Openscapes homepage links Extra request in https://2i2c.freshdesk.com/a/tickets/1155 --- config/clusters/openscapes/common.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index af5282b45c..a79e0f4123 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -22,7 +22,7 @@ basehub: org: name: NASA Openscapes logo_url: https://nasa-openscapes.github.io/images/nasa-openscapes.png - url: https://www.openscapes.org/ + url: https://nasa-openscapes.github.io/ designed_by: name: 2i2c url: https://2i2c.org @@ -31,7 +31,7 @@ basehub: url: https://2i2c.org funded_by: name: NASA Openscapes - url: https://www.openscapes.org/ + url: https://nasa-openscapes.github.io/ singleuser: serviceAccountName: cloud-user-sa defaultUrl: /lab From 147c7c7d8a856fa130eef62ea703641194225d3d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 1 Dec 2023 16:35:14 +0000 Subject: [PATCH 112/494] Add an announcement to UToronto's homepage about maintenance Requested in https://2i2c.freshdesk.com/a/tickets/1150 --- config/clusters/utoronto/common.values.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index f564cb0faa..14ff2af310 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -36,6 +36,16 @@ jupyterhub: name: University of Toronto url: https://www.utoronto.ca/ announcements: + - | +
+ ARC will be making changes to our educational JupyterHub on January 9, 2023: R/RStudio will be + moved off jupyter.utoronto.ca. R/RStudio will continue to be available + through r.datatools.utoronto.ca – a separate RStudio hub. To make + access to JupyterHub easier than ever, we will also consolidate the landing pages for our Jupyter Notebook and + RStudio hubs into a single launch page: datatools.utoronto.ca. + + For more information, please read our announcement. +
- |

* NEW * Jupyter Support Website

From 7abeaa55a8dce243fe4bfe64718da3329173dfbc Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 1 Dec 2023 18:46:25 -0800 Subject: [PATCH 113/494] Regenerate utoronto kubernetes cluster credentials Looks like this may have expired. This was regenerated with: - `az login`, and logging into Azure with appropriate credentials - `sops -i -d `, to decrypt the credentials - `export KUBECONFIG=`, to tell `kubectl` to use our checked in credentials. You can test that the credentials no longer work with `kubectl get node` - you should get an error message about authorization - Get a list of running clusters with `az aks list -o table` - Regenerate credentials with `az aks get-credentials --name --resource-group `. For the utoronto cluster, this is `az aks get-credentials --name=hub-cluster --resource-group 2i2c-utoronto-cluster`. You may be asked if you want to overwrite the current credentials - answer 'yes'. - Re-encrypt the file, with `sops -i -e `. - Tada --- .../enc-deployer-credentials.secret.yaml | 57 ++++++++++--------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/config/clusters/utoronto/enc-deployer-credentials.secret.yaml b/config/clusters/utoronto/enc-deployer-credentials.secret.yaml index 99be9cfcfa..96586161a5 100644 --- a/config/clusters/utoronto/enc-deployer-credentials.secret.yaml +++ b/config/clusters/utoronto/enc-deployer-credentials.secret.yaml @@ -1,33 +1,34 @@ -apiVersion: ENC[AES256_GCM,data:z0A=,iv:bir7HBlHQ78oWaZKuKdmfVbS/DZhp3zOGB54LWZhtZw=,tag:M498vv4bRF010E2HaqlpzA==,type:str] +apiVersion: ENC[AES256_GCM,data:JK0=,iv:P28XhSlbf9nASiW8+CbO+Gc9w2SI79yj5rMMS4DT+2M=,tag:wSanibs2HKr/U9uQwZP1cw==,type:str] clusters: - - cluster: - certificate-authority-data: ENC[AES256_GCM,data:1QmLIjre5gjZj28MoTH5Ow72AjJKylfQOrIdWSwCOckV/vDKzNKuzkPVT1Jj3JHQasjLf3P8lN3/+S/YWmIL+oG95LlElaoAsrdRdmjqD0KxiIKE9mIbSK7mnKYTGMRPjOxptAOuWxYesJTnzrVqT3q/PtPk9jkdXrkrZHTGFwC3m3l8NbZpjq6OOq37rjISm77SXXo+SD+JsqgMQU/B2SDNhvni+Xxsf9DdNZ1aeuVGK7QQeD5IblCy2Oisxilpis6gagrLjc0vZcGSW3jbUAqLAMc7JDaawavKkITlYUrNLo0oxh73EraC38NnzwU98AieFud/cHX2YhzCMrTOkS58U3BwlY41lRGbS2i78f+U7Si/EzYazwipYnzpf6hjtyelUjsoKQvKtAFIk/OojaZ2EhUpqjqv/AcIyg7DUd2mAQnygYiza1fn29+9DIFyimNF6SUFKTwqLbbWb+vOyHeezg2DAW5D3F8EnLiRVcnWttYY1BIOG3GPK58dfMWWtcxyr0qCrCjvhfg32jzwHLW5fy24FwY5ikVSXRDkfjwMmkrFDVig5J3+gvpzbB7WdtAqilCM2w98mtowE8lVod8GL0hJc7E5B/Db5UyKZttgV8RHHdlNb0SlIuEVodC9DcwGLhuTBPVtR2+syzXfcYRJJ2uWFXUgCtVaV6Y6WK3Y9IK1xU097LwxGvtSYqm/oVtvadGkY2KjvydqElQoXoVD+VP0p1Xksr6kmL/D2FI7yW6esmwo0efkW/OAuohBBmk1UDJvxWsT0c4+UX8GesZWXrUSYpWSytZ2c6/+UH/HopT8RJkftlPcJNuZ2aJszy60cL+UoWkdHm9CEiMZmFW2x3VfPBoqVl/P+hxsL5PwnNNBcNyA8KUAAIAwxKuycMI9TxNAu77CW3r1/T+IRbo/zTMdgJnOky5Eou7QXK2QH8byHHIkx5IvdlqdhzLsbp6pBjiN/9/pCSR3OVyxqxLyTC2Vy8/GDH/IzIFJAOt88xoTQIwH0qeKx6XsVjLqc8kmMkgAoHyuotWyO8NtQntFKMBNi1m0tBAeCusLogH2NuvtP3VaMyfkSrNR/g5+AkZ+OI8ckDQcUm/7emg/e9mX4qD+jOen8OvtzTMN1KBM+YTLsIuVD6EoU4h2SKywC+5pSYKcEfFfttKXly5C5HfONuZmMXo2PaZ56ECuJ98DYWP9B9YwpgeEfiZfBr3YfMRF+KNBBMjsGlxgzkVBx+g7nBS0zwSZ1Irt6pBIftVHHCiqr4ct/vTfWUAfmYu5eBsDG2kKwtAAHtQcsDPkRjjFjcKhD6ENfGEBaPMZSRCnL3smxIywmVTYXUbsb+4Nwhm2jcDrLpR/ea6dz3hmvmwvPK2NP3vzfnb/SBXVF38icwO1R/G5KXLQNQxnpQzNmO3pnj37UXTKlqmC09QFNProPTvptok4q5rJ9y2Z7U2HzzLa5S/RpHTrPYn40PrJovcwcOrqJuvp8eNZmL7Apce14UbN9oTnH6g1GCgp+UvEiJM7v4blssYKqRff8B70HiWnD3qUwSnKmFuFMOZJ/x20WKEp7MsEQRecJ8UY4Va4MEkfhr06bysK/8bTvPWNdb2+6z1ncfA6cs48rIseIXa9wTrftBbCyOqI44lndelW0BSJ5yVJHArMvAWNip+VWxPZJWmF9ipl0ty/BSp9jwjB9tqGJo8QY5LFgzOIJmYqlvPO9owrfLZ9HzkWJhAEdqmT2z5P+jZu2Tnq/Glv3E4eWXGLGRdCDXIu2Se05BeiwHTSvkgWBSbVgMTzZpcLMVQ0OdqshMIGZ2Wue0LMAyDWcwCOHDDQHgpWBrcO8xvZ74OL5n6s+HAF0WMwRL07dLom5XgIs3NhRI/rmNGs+MyQ0pYNn83NbqjxiDM9eAA22xxOHMefi4af7anEchzSBDaWuoL7XqdPBsX70YGC3qtlaqlCc63Ak+rT/5dmSCFv16VkayAzlA47ODbzNsNGZD4KQfrljJAifyapPUbFwjs7uvkDuKOj9nyGTQSuqwp1JbeeGWTqshRjsucgSYOJLu4SUCzshGYETFTXUrXYwxGMn1PceQT2gbTozr2VUdJRUH5aRFk4UJBXOwEpE7O0h9dUpY7j43nM4FmLAlAKJC6Yns7A8ridng7LU3P1syVriziDewnDgPKf/WH4auha0rpkEQHoWzOXFtFBudzPB7XONjrLXoIu9PVtQvo5G5DOcAToU4BwRjf4YSMkUAY61MV25BT1n9kgjIl4OevuEJpPLLD/7yijkDo7umdVAXrnOSxw9A1XVkYY8XgZpGZA0aBrIRTfVM6/bXHzDonFXc55R7S6SCfWZqz48K4SqWlvL2TyMnyq24KHki42jZi2FmEpMYJGf2hMzwLYSeWB+JcJOcwLMwGnv7YjtOqSj9YFAiEsW1FgQL67IqCdOyU/mg2GjCvt6kjgqEkcZpAu+g1U9ZxqqN3dGPMjVBAQIH2XsMsCW9cEJTqKEaKQBKYcylgcU9KJS8vloOJ1yjRQXuRDkIb4pP52WMg6wtTV4VP27tL26AFpQl0lCTRljPXC4VEPUsSKk3HlW65vJUflpA1qnZJCW7X/OAPdCTt7OV/mTCSXJbSqMdAPjqImlGQLCKZ+CjTHawTF7Y8gSC0Xitbl76266j0lXKx2nw1zvdOWWXMq0VG/18lEX9L1oFFY6q4q4yVGMQ+3pXFVRbhqHa/ZNseHz1eTZp3SJC+GPWtuQ0Op43Q4dBjByW6nj/dSx6+DKxskZSrBV1ITzLEefOXdiguh6ds/o7yeWzTCV65NYAIjr8GiswfUkN6N3dS5Rkih0VT1wPpqeIjc2XlXj4nxjZqAW0X5PJM7DEkp8Ljxeb6kImS8+70dceAMIDRXQtRaSICU0QnA96/foqMChbrigNEo7mMw5F6Los3L3CVGR6dxu1+oDmLTrUZ/yCSqkqtHdluQ2/FrtjmrKCCp0LRG4EHBQlctfmlnszmhTCwW8QYuRgiMGd3EvzNgiqvRI7RL0eu18gso1S8vah0hSJPJjkBTm0SsQquAx+lKTjvvoDtaFsbNyDatv8hAWcAzhE/jsncx0GV9ux9r4DrEQeKHHlDj8lnYVloHBgkO7e5u5nCzSSONSBpzRPk=,iv:ohLdeb1HKePgSG8mHRzwwdLeB175aIr/Igh/uu0jXRQ=,tag:B4IYB4lxpKBUIJVlkho/EQ==,type:str] - server: ENC[AES256_GCM,data:VklY1wL4f2iImoe7k6MZMi/yxZthbM51d9r3FcYWGhva8xcNolYbYFHzseson+SW3QAzWg==,iv:zan/ehLX7TxWhhPHYylTHK3XPmxmA8DqqDAZLH05b4A=,tag:yqrkqwXZS/5kytutySRiKA==,type:str] - name: ENC[AES256_GCM,data:mzEXml9RoA7blBU=,iv:/8TD27+al5TtNH2fJdhv3DwXvgXDUgC+iKscDe1QPCA=,tag:vBQFnipEQaUrMTkU6UD/Gw==,type:str] + - cluster: + certificate-authority-data: ENC[AES256_GCM,data:jbJH5d8DbKvjC3eDMVnjYZP3v5BBo8KE/x9fWDPs8p2Me8LIBCeIuFZzoGuA7U/ISIjKQRGxgbk+L3eugClSD49mnT1b1Dgdb/+V6bh3krahOE3iPTvLKAopOoRq061F+TyGv4La/pV4f6RyeUmKCG6jp6M1sgKtq8yLp1o4AMlp3Jw+TiD9bKbEjfPsrxsTYfDV43NfmJ/PKl+hrpjegfCMZkayb6cldUyWTx6d/bTrWjjTfLSBVgiQm2dRQzhlh/N3ZfvZgqOl9xIkrgClL1J/FnNvBuhrERq0T8LzJRXEwsDOaZ8eT/8hTyfdHVkQPBSTeFAXwDwLSyXa/U/jywXiyP9WJLPhTu7VguxipvC5sUZCqPPf47xFTtewoDvjLA0m2PSjmYg4JeV4YsJLXGHFFZmTq9nblyZOlgnmEy+tYMBlH7Ys8pJ3uU97jbN0RFv76Tt4hdZrsLraMaTtJd/sec4pw1JHK0FUcP8iI/BQN/S74jea6PTlqzM1D9yfPsfeMz+qX074KhWZPTdECjuLZQH4mqIdAukXFQyTeleIjdsJqDGmHGGYmd1e3HlBnVrc8bu2Vbswc/hxhjgyOAD28Q6RewcL/r3shr0wfyHfvFElzIEOJv7Je6YVyN977Qo4PHjbsqos2iJtV27yF5RjLvF48Qbl7VcLDWzf736K6co67T941VhrFgiRJoNl+DwiSwKx01Ii9RNL3LT/0RtljVHKmGapNa4xokxv7TIJ2lmslJqRxd5eJPbTTyYlz/J3+aT05PDjvajFvimhXm8hmf/rVy6UMTyCHssDZprlJiOLDRPZ3A3OwfKf38lxwUvS6IBTBPJZv6Sl9rDsGrTUbanLgCjfQN2zqiXkFcYtptATy8FP7jL3KJIGP0yncw5HZIy7g8Y9YPtwtrE6h4K8pWcjzp30u/GAp8dpfF77yR5gtw026w7+pjjbooEhIN3s5uJyridS+Ev6eiLG3hYAy/VvYLvCrIBJ2C33cYTAerOIquEks/HPvBVxiECgsf75c0eprqh2XHavrB62WH28pwHNtBPt3BehrN6BuFE3V5CtjdBOEmfzRUxKJPoFGXKsd6RnucmosRuyMB3AbG7fG6UKZfjrLlO8QpoQ9/eFeBVhhrGehiIW1Hj5WiyVmFk9DjcooS4KJ8W2/5HWOxsq4dYc+CvPxDRDG4zfg8O03t04v3YymPrDrxipmKZRVvsT9gyQK+B4IsAlJoywBOtkSz013FHjDhDfA1UQpUOTtI0NBU/3rygCrJpdEcAqodXOq1Mp8xmXTr1lk1ogfXHV7NFjvUGiTDf2tnTxj7PGcsfYUV+5H/V3rqQWwZ6FMb4me7Hw67/LX9aUnMLOz5vieYL6bHzx/+frZPm51pE1XB5T5SjL47mdbTyV+QgFbEmdB5xYB9DyxthAiMTRdBopiR7dWGvH4Ms/rHs1kHCj7g2m0Jez/hEewCATo/T1fWQH8RJD+2gtHboVSJpwC/BQfmSADLGyCW7kbaGo4LGcylUR/VsQb29B0ftHvrbgBGjL30sldSuzD3nDKc9i3kWyfct9vE2VkE3D93J8N42BjwUjuZMQXL3cn1PNh+GrD/C4L6dJM5fxPSoUdjW4XbEqZJLgee2KS5sYxVa4R/yCa+E4lKtGwoGwxeiajKgupgIkckSd9ZV71iZrUxWZwbuVBL/fKrlcocIZt+sb+Wr6ukX+/GhAq4NCb+MSRIOytDj7wljj3uUR+PcFyEXMRfStlSNBDixxkxeeBXjLj6mgEz2gzMj4SHT7MWc6Sy/LpbPTTQe1OlwkFYHKGoXaIfX0ke92aHXqskb3e9cJ3VLLETYAEUOKE3bB7aT8aLs8Z9CLRliybucXKhD5SVbRz2HJXdGvOqI2VOoYD11vdpNREaSCq2uG/IZdFelcCF+deZvKfgEONI1PNaCLKlLJuz1XApq8TOSE4/kwXfCp4i4v2rZUeShbG93lCCLMo4n7xoLuGSfn/B7IGBighPktxU4PDedNAPYhrrGRuNyJk9HXZYkgm7aSsqclek0Daky/v87JL4io25gWA0rGyxyQMxITkpnwQqUEDQIBtzsRVBBsb1o2I8j5293En5K5NCjqDznXqiLXqP/t6AlWehrTsvzJYSCYSzm3P9IkLww1sUV2Qs0Giijb3t+GwBvIVpBA4Wzd/IMpwauf+ocTYhDwoSrPr5OlrOYnrCkiwcopYN5y3GezID0o7EE8quxJU43D68MrtVer28jmxytwp/vl6nsXREY0FCST7ZvrxLcJtscAGwZrAh78ooAvv/0R4LHcjy1bnpffNzpZ/binaK/tH83aXgKqPeRuL5OVf7Vwy0votLVI6/X5cRNk1UZdg5WU3ewkeUYQMt4xNOdYeXCaiQI1cCo793gBgSsnuEspjjTjMV2nAMAqvSY+/pdcz9FDtXYIZZMr9SkBv0zbPWueDO7tRLfGvGnwg9/LCY0wm6+SSB8xQGOXwCYHzT7xZHnw7M24fctnWMpkedC6hQz9SYUXpmUFhWLvd023KMm/KXCHVUphOLhGuJtUcMfyVkB1y6m9OFAqqt4ErOjbXOHQ8r/jaNhVZEe1lH16OC6LoYaJZhBphYrlbWUuo96oYXMehRHqbPSgYBLzhb6KJSXW72g8foUYhyGA3tPYBy6EF58Z3MomYBtnGsrSLwlsxykRekv/qOPxJOdzfwb/CPk05Hau2z4t6PE5c74kdF2Wa7pBa0Lo/KwQQqrGSvnS/26xM4/KBioT8PzBGLZqxUGxcKwJ0QZ+XfaymSGup3dv7DhT3rZz1E32feNMVl3m/cVRpc+6RBRJVctFsIVmzTsMIr09uPeJulCpyfPRIAxpDYCL7ZeQt0u2YxtrBqfOWZp87D0KIS/bcdgOOoKDZpiyQQP6B371nsRH3hZJxqbfz/iNVy0WjFGW3xXtIBz8fxuFsbK9KPXxAPEUmpOheUMcSAV3MlyJBuoYW34iDjeLgcnN6AxDQznyvYtNTtb6AxzueLv1KOnNMSb8HfH2i+sAjU5cm1DCruggZkWYLwSbgsjyrs6Puyhv5Fd/WnD0uQ3L0voc5r8YIJzxuo1/xw6qPgoNh6EyVOFiOUp7CGzwNFdAv0mEnTATKCZrUEc=,iv:tOfk8hfzCwEIUHMwhw3f18n4T6hByMb22sXEF2CPv4o=,tag:vfKJqxDGZlI6Cc2pC6YfIw==,type:str] + server: ENC[AES256_GCM,data:Ob+5Zc56FMFAykKbXR+k1WQt6BYn6//QrTgmOTUTcOs25lDXwxSaq0kndzEQ3JBlrFF2dw==,iv:7dvcjF9ngyCT0a5UVJ9DGe51jsdEWMBl7yrof7ejW7c=,tag:irm+01gjUAam0bdJQOnODw==,type:str] + name: ENC[AES256_GCM,data:ztKewGUWW2JbZmg=,iv:sxGMihB52p+IRWFJChdx7R4D25ds4pVtHtYtIxC8O18=,tag:IRn2riHRo2bsFgzhjFaRcQ==,type:str] contexts: - - context: - cluster: ENC[AES256_GCM,data:sStlRFoVsPUrHN0=,iv:RqnXZoucoDVFl2PoVpjsSDsk9yhSJixCb1Lcmvy4upc=,tag:5/12KiMGbh/0BrGhh2T4yw==,type:str] - user: ENC[AES256_GCM,data:wVtA/3vC6TH0crGkhivGyc8RYqZVWop4mc15Nbf/JLzBTAvM+oEW87NhwKK5,iv:LswI4YNw0Be1QucvEBmOqfFIpKGZdQmToPbrjihbAgc=,tag:p0OMN70Uh5PTOGtzDLJ0/A==,type:str] - name: ENC[AES256_GCM,data:mnH1e2WfNl+5KKQ=,iv:MTfrPqyqwFZEgp+IUyqNXLJhpi5WKucLc3sLFB0Q/gE=,tag:hkY968Xl4Q+xiZUpbylzjQ==,type:str] -current-context: ENC[AES256_GCM,data:XfDsI11svcsc2Z4=,iv:dfswe7FmgtJEGL1N3EtHYUAE2jLFytuOjvMInlJG/cw=,tag:VF7zATUGjYUiOeBC+sTM0A==,type:str] -kind: ENC[AES256_GCM,data:Q9MLb3/N,iv:CVrvVwTIyrf2dFtY5jxQWe8bU5FKYVEP6Sc/FAlHQJY=,tag:C3ZHLh5HkZEmjxwHIXQF4A==,type:str] + - context: + cluster: ENC[AES256_GCM,data:mGG0i3VP2UpvA/s=,iv:L518c02A6/PQLvBwBC3ZavBt5Pkf+zKN62BlZU3AsoA=,tag:bTL/Xre8FI7+fLKR8AT/ag==,type:str] + user: ENC[AES256_GCM,data:PzHx6/aXl3C6CxfXapmG2wEn7/yZAi2wvh816p/cd9vj0+oRQz1jyKjVSCqy,iv:WuY3jddGYaC8NzjXt+QR7+mz6BOPp+yhmSPxKjWasQc=,tag:S+ZMtH7yipwM3P+fjkH1cw==,type:str] + name: ENC[AES256_GCM,data:KP5jEl5WYItLewg=,iv:2eEctLnvlsM8f9myXfvq4EkM5gPcu64O5SNw9mFSd+0=,tag:eyngTLBqthKAAtzf164y/g==,type:str] +current-context: ENC[AES256_GCM,data:pbHe97ZaKxwV3TQ=,iv:/zbulwni79pWWKQK1LiU2BYeL1qTovLtUDM47BBXXjs=,tag:ytTqO3zPw87IwOt9uisruw==,type:str] +kind: ENC[AES256_GCM,data:5L6MnJfz,iv:YjxqCVrBeB7zbHdtiEBb1yCLPLc7FI4G7+ogQLYQ5L8=,tag:kebqNSvgGZ0EWvA3VkSPGQ==,type:str] preferences: {} users: - - name: ENC[AES256_GCM,data:GNhg5kd6eV1BqLdfp0zP3qQYHa7bj4LC/wAx3EBSrrEghCcbRPngQY4r3kT8,iv:60ojhQw1Giuc81B1PflCRuOxNIX5RpzJxXWQxBblr5k=,tag:g2hfx99Xb5hL8Nh6nvus/g==,type:str] - user: - client-certificate-data: ENC[AES256_GCM,data:pffBaR84OtG34SFeh1i4zhNApfFTr4oPr95+l4zBPGtyJRojXYWEdbWltIKvXJN8YxztdyHMS9dawZmOm1y/+t7iE/OEpQfJBYUNJ8YFL7gV1Pl1E3pK7i/jS8hO+e09x+bwq9UUTw3ZUzqWEEzCaZt5DlZ9mph6DJAD9gvr6hUoqwU79LGbFbPb/oF0WoGd8Y9QpKC/znj+LV4DpkHJ1rrgv4D3wubKAlmEUcNwkvtVMKZcTUCRmIC3qOOWR5d8a/3K3I68QS67/FONpzp5LCzh37Fs7oBsL09wvAHWQkWCpDR6ix2cbjZTwbK+rL+w/u1SUWCaJTieou5DAwP+dEBjKj4jxy7ze2RsBmQz/22wCYT5WlSB/J2IDdFyyAbMrxyAKizRH+/wfRV1ZDFOejKzovxBEgbvdaD4DqGsqKPWh2wyARC4V0ebEVYN65PCl0fALxX7UzRg8xGJ+kuZHtjaFrWOQvtBeiH41y54HCz29nfqdfDi6Tg5iIzC8cxn+CZgi52tXzzzlxoZt8KtnXejtR221zn5Wd1BaZq8fA2JzLWCkT/YxERRFkJQB7+b8VUv54T0rHjf2MkE786PwQjzNpP8RMjxHD+1AGWNJmnLVZMlnwgCNdNIhR7Ij6UpDqB0r3YfaM9PJhqZEwowweKbxL7+SaeB9AoEZANdURA/Egn7ejmDltzTffMWOe4iFbU/B0L9hBt9J8GOsM6UCx+rJaXG4xj0BHrCSaAwuGs8/hdrINVPdvijUmeHYDWfu14iOownQGOCmOY9hFKac35iGUDFe+4pikPWVgbEHlXpav8PnxdUu/3o1b+4Wtoz7s6BK6igZsGxnfLbafJDyGSSovTinzc4qUXwgrhBqmlrfEP/URwM1+CDLylhkZBeGS/SuJyLuwatgk66Q1nl/jkL8vRsvkvye+Z1bL5vtZLVT7nT8hME3X6z9MoYmSS5TqbiRuf19gYVmSotzYMlIlrxTJq0PKwQIcz7lJWpN23PSR1GL580i0FjehN/fuBDibxHx0MPUIOoyISxxtRomz2cTrU0Ofh34RUl+89/74G1nAEo3DPf28Vhc/+iakAIMnkcS2hO83PE8lkbvMqOeSkR54kJUKbScEWktn2r9Xla90316sFp3Q8nBINjfL7p/w6n0ujlLJDBg/7PlD7XkTH4YI6RX/bDWlXAzHe4a8ZXBeLSBWvz2VZUi/RMG8dgx8GSH6UTiBS3tYVTFCA1lX1tdjYOMzS/nMglEIkf+eP0PxZKFSgJpebMK2aimgp3Yq2IYgiNirtR+777wBfSkbfWgr2ctek3Cld5t684hfxHnP895L5KwsFdLHlxynqgG2x23mXh2XUAmoWIgCvoHXpCkgihrnL8c2lDSsjtiW0SfKO0YL5xXSxyHVWhYF9ZZ7s7zaLpy/cqvuavL42No88REwSXdbYqNFHaR8t+aNRCSxVy79hlHkeZWQ4EL7eUeixb9Jjx4NG9ZaLpKtOQ72VPM/ljkpRiI8Zqmgv2SY0rpaZvJjDHCK4nRLf7+peeS0JuQDbTLf3LUudiscS655QTeNuXR8SDbIp3sGT342Xmj0kLQIeV0sh4twuNT4yY1hJPB7w7OPC75JMDWgm/iYsJhM+Hgy83XnCZqxxdOFwnOecTLCjUpaSl1F3t2TkToScJD+4O7C7tS8gt7/PzL4gnby+bck/3JEv6XHvlfLerZ/Hxa9xPoA8U/XzOGJkMjkKIN4M6PkdfH45aZo1Lld/uD8QLUo5px8z9l7+DlsorP1ZfhVaCVJ7r8svIqs8m9iPp75qJDnsQX4FebEtuPB8Vi0hfVySmn9K/Mh4UqLd7i0YyoaYLapige8FTAPFJ3ozUiby8/FAiMR4MguXH/oCe8qnwVIf3gt4pGmaQjVz1D9MMc6q7gEgv/gowUqUaMZPslguGdRZQ1ms0od3GljBfcozEPmkzHjaAK+u9kag6f/t3Cf6qFaF8ACMMBsDrfNn2F7hdkGb/+Q3PdrMbj3hozqBzhXaD3dT3DShM8q2WrgNmqOrMgj81q0VLvBgG2gpHfNtUtZxfJ0ZIco2SNQvtVUlJksLAZyhQRMRu6cam+LNuY/faKlU7Kztwm5guCdnFBs7d+H8m9NdXG5NZ5HPbDfssyqDF3ATlQwh2nJpHVb1MT5ld32uwDQU+KdrJavd7opx/VGC5wI7Y8shUwKqByvZDvURc+wREbe1aBzxUfI4q2LwYXTp88GC0+jk1xaY8gMbNneT0eVBbtK6tQM1rcjODUrAWYMq+JDn2wZuSpdGfivYNlCfmkxQ0KyefppIWkbZ9iU5WbDJKoD2GhCZzZ1UnzBifnOtoywW88PWQvN+Ynv0GuFyZXxwwRgTBgTgeJWrV8Yd5IHDwuVqoPc4sdObewMasSR2M5ajNWsebLXBu5eIJkAtkCcOHOdtAntvi3PtoVFXwvY+jqO2a34KPb1NaDczTbMGpTfy+kHXaUAiinOgJ8w0SEiXcpym23bWXCSQcLSSQcJ/FDlbLls+mGOdsBm2u5QXaY6p6UOWyHvYoTFhwLnwBEvUmXePK8d5mwHsLvINz3UyhmCHB9rJjrdelMNsNQ6kQAHeWp+mAKLXNAzLxv/HNangbYG98TANZKzrvnk1NkHv33rvfr3fmZRLoA7aDd5jzHUNS5TfgME9b54kXvrcqM00gMiIPdCQ4nBAf5EAmoZRDmy4aT5x+oNTU23AGJb9PFzz0Tw5vbbbwO2TFUUpW/gTj4LsafS5qm5W2iK0O1r5+Ok8/RsfgMohwp7LCJ6CbhjxfKkGeSqJEHRZBfEmlUNP4w5bsGWQSZCWPG8ilHsXWu7CgquspfkZHAq8XadbckSeKv8wLgyvf6H1cxDdHQBQJXY6/FMU255AVI9PrQURzPCBuMPwzreKA+q+dInYA+re74lQHS3T6tboqn2lZosYBDfnLy68n5egdfsvik+lL6ggGYSQm2aqngBkpEj7YfcBk4HUUfmUe3RKw9YT734AOGk4fHNnN3LxgXu3h8Qw0PkYKU/h6Wx+of713X/s9zPnC8jT8Z8L2s9Jnu0Gw4zr+PhaBd83sMzfno6fNK3U7WYZ1rdfbkEf5oWUINbGLUfCgQ6hEez/QXBZZ9f0uWFrME2PbTRlDsF95dWn66paDEl8uXldWeID0sEZhIWEWptjrZXDi80IGB0XziydUHsIYM6iN1g69JImIEjQZ4iSV0X07/R+zFtB+JGZC8wyceJwQGAenSi0HUUumu654cTDmJsGv,iv:ucDZsKgGCiolpZpi8H8qcD18LIh7yhOjzErWC9ewM7g=,tag:DK8TZqa2gx5N0ZzOu5AUIw==,type:str] - client-key-data: ENC[AES256_GCM,data:Lvx2g5QrCn7msTkVhvwiuY4YhBuqI29gZW5nvQRVu87MhPan1nsAXZj8h8Q51Q//d+dggWdCtb0drpbZvQdDnzlvuqvaWVebNn/QR2s5JP4MZ89UUVK9A0BJFEBtud1gIcZBy6sM7xGcOM8SAeUivMnALE8DfuVF6L2aAd2q9+Q9wcbraN+rGV8KfVyTieaPI/YVx3I1lMtX9QPwacl9sCKqFRS3lWlvUY5bsyQ/yuNom3MHEV3xNcTP6c0wE5sg0Y3hZ160GGqhADe6RH3i1kNytF1rtgCoZQyw4A76+J2TlmRdnmWM2cm2urMlsyzYehTIATs8drkVfi4t8ziHuoCVVhHSO+yMBFAbJ1Flc3oadKSwm1aWNWxcGcsZEpCdReP1fvAHtECyX4YV1A4vnLuJhYKzt19dcn+/hbsv/xi87O2NbMjFDEP/w8hxbxsVazxnP/AA9lpCPjWAemjHM0B3tNsHYv4W9+vdmDAV65AxAG3J/mBBRGlj4NwBoXE1b7XAlyDiNy28sfArcIcngMnWBnANxXIQI8nbf69mDb6NqXBP+k7p8DviK4lhZDPlL+OCCa1ljpjamhLwIdds4EVeoH/jzYLAuE1c4Q0TnchWuPujsxD1wsgmL/ygQ13PAaM4c4BflHw+2Cu/VDjLEFu+i3XrfzRk/v8NnzfbTwyQfExfNxafUPT1F4SO3T39Sk56hYyL/nc/Y0RmLnG4wwvQ8gKZHVt9EQrNNMsOfcgL8YxEf2HzkkUTnxs5Vouy6G9lYpUj5rMZOzs3M1tJSuDDCvFb9STWDgoa82Shew2BpGF8yunxVKb63sWeY0HPEODfchKNbqAdiBFvuLUb7pwTmNFKUI32IYt/ae5z3jKPfJypo8cJyhESOGLgKioF4GlTd2plr0VUPA2RA4SXfU/dVTdhcbK68tDDOrSsKZIC0fARVzxTSWXcHFHftgGkvIO1hNujlXZHkY/9DDoyzfl0+9D2SaHsKfTB2S4FRz34ufV1zPRB1NOxdL3kqKmZAuJ+9iHOXtMyPBOVnQQaRxnJOFyq1wmL3OwJdlhtcL5pBXQil72eO4ZzqBgaVr549BDP4KVN1W6Du9Q1aXDiI/aVpLabuPsBhq6+CLorg9+ZPjk2maDQkcAAUxbDAfJLNagetGemrmHcLD3iqxqGP7cFjWaSWxpFDAEvKSyr4bf8/fbis5p3RleNtpqb44KR3jBFN23sOLoV1dx6oixfdGvdwfWh0lHz/QVq+n4toRZdgzsIYe7gUpw24VKZdFk4yLhq9rfPjj6J4zREF1gKvH9WTL9cWPTwWAJ3SGOahNCKn2awyon4VXn+xKHJSnq48aRNO6rkRyIFZs3JDh9ytUHhVfg98a6LxS+Qg+edr+jccxY2gE5LGJra9HBKKVlhGbTgo4K+C88oeIu6nY3AbkjutcUpHsOdPOn/iif1l8esyScBzu0d5nDV8GeWVXbN9g9WTRKsBA2x7+GMzRyWCkVoB6UvXUFK/NBADvkmXeTAIlnddZ/NG+VZGwGvkkrlrhA2mv1XkYorp1RnjubkCT1m7emgZ4xLNeiclarNHzO4Wl1JJopq0BZFBIFeGTgzFh3JnY1uTbNSPfynUAVruEw3AJPeEo74D6dH27tp86tadJmw4fx6OqNq073nfUkoR07Nd4K3BzJmud3sIwnhCGi01PyxZysc2bEgeZUMdgXGPzEvjEDVzlJzLzRSKZQRLg6Y4TlyOEHBfLelKfABPBexaS2T+VVmA17mg4MAzqc/yij0/kba8/8/MpEFwKppcExKCKkOHdS/kY/pdeudEvbDKOW7ar8kvdIA83jOaZHqxKrNh/RU88LkzuzYUq4Tu/N+DFR/VtcOvc/3OjWgxE7lFGKvSgckYR64ud9IsHUoYns1rSduXnI0mIBIglrZghzDp+5OSkUvT6nAQGzupVp1gbAlNm+TlCz/dEDvSuSuzxXFOp3gZqvrWfqScK5iwIoava69P1khkBYQk9IGs652qpeoKl9T0I8U7+A8F/AcJh9uFK2xYVI2MUchkzgh5sco4Vnh8/yT5Xm3vKTok10Te/axZtf5A0IePEel/wWiR2oaHT6BDBjo6dZxXWZc41WNsbJr69wkfv5oVET8dRPd75mIdqFRaInJj6feFtl16UdPCk3SVPBfQA63ziHYEB7RaJsSRuS02FnwkcRaZ8hVlmix6hu/NB+gBxhqpaA1FoaoDedM5CWoUW+dHqRETWhuXQyJwmAlA//c9VnMF7BaxQ0FaHV6KkanRGL0/Oqj+DSXJkaPQYWPovInK8DDikRqbCxBPKS6y0mYidE+mB7Kmk4wMhUhz9JEHbbRny3+3rswisOuyq8+SJRUfSjtwuBpU55syQD7U+qp3ecuIoZw79wWjUjrlbEeNQ2K/pym5JLUuVKr9Z1+Xzm+C/9TSArfhyIArXEjdukVJYDHaquornUrCiWZKx1u5FiBNa+VIKg7tunBxpiAZozLrbnWa56KJraTwpepW5zobdkJN89388xCMEBvRSktX7TWivAra/VbEurO9XW+cEfGYGyuXX0SqNQJ2MKiF4N5G+JJDV7+k2kwjFvCTdxaNJ6zohTFiaHKA/IKpYKp+q+1QaxjuGKvKFoB8bUvUnupMneYywtPbCNjKvJoMY0beyi/ro5H3OUCm2KlBt3PyY75tES0isRFSJ16VhQdmFytcrIK6y9SOLuiyXyj2IJjOueZvqvu5VK3ivL4SztOgcDTeGEO/AEk0vlElOmJFHYdAK7YJpGejXE0ywVxpo6E5pzWFnyhQeO5ck+ehxyF1Gon+CZS3JdScLj5XTDcQ1MsTqM8okRFP7mVP6oO29yrSMBjnQZOo5AWbH6QRxXKaYNFePrHhzdpI1Af+u9F4/PmQPE8JdL8OT6FZcwSV4DiQ/BIG9xRezgGte6ppECSfxA5KIZ3Ok8IgF7OBeJIWvgMFB6d2wcc2V8mxPB1RHN6Qy0IGNRbBtWwgem3GNZxCWg0EG0HOKJi/WNMk8dXnXSrEGHNsdjoESrMYFU2rgw/c+nwqcQJRheMgXWAx0r8M+ND7TgIBDuXoGFXqmgMZjl5a4YZQTn/at0DYZqI7hY/vCkZTIhupXTr9lwJDhz3j6hlBS3h4ESPYWsrVw6cGB2lErMOL68d3+TEMfVy7aUmJ3WARsouiR2kjXEaVlxtmB0MEIhmm3eapJgViHTxhG+Yt/741cjzoyzf8oRbGXBaKTIckzyg7DSol6nQilGGoEV3oKaSVlD7DJZ/q9vH6DOPJRFOnYUCeOOrdVUKCfwVlVbTekl9jZfLYpdUrdq15tlGgXCDc/+N1hz/HhMDnmfXuSPJC/0hxzLILATSy6W0W/cCN6h8shjwHCDwdtlYs67TIHLB+DCC3kWlTpgDdOt9xxr0B5lQ8DUTutJmLqfRXeBxECMQicv1g7QpgBZ8tx/c8SrX8Xu8Pw79P/U5x4N0qmU3GTaqsHNzrk1IP1eYZhr9Ol6lHgQ7r9JkAvKngUsZkCquoj1IqBZ5q9C4bs4kMFUk9Q33j4fB7eOm/fU9ylkoWunhs8jKTOf2v/OVJiVDgPLXuujPEJ/t74fZ9VQ94e9IN8e1Q0MKXsP8cyjD8XfBTxITRrB6tRohWNr/yRtiwjO9JMAjmp1c9SpAf90UPJce+MJIao2FqDjRlYsrx7j5vLU4wsSMNmFhJGq5ZbZvX4VMECUBGZIt654hGmXmv3KpkMmfixi+rvWZWULccKMPDmkR5X3hevwgzShTj13tWHauOoJWKYjiZdtI5323cgzbx/0VTKYUNJ1E6SprXM2mGqaxlPfRiy1Nuom4IJtpWmPAo5UCSbrfdaIKCQP8eL4vDq7+z8MAHQL3V/yVtGiogtMMlCt5SGsX8qMf11RmqiQSryMNoHiy8EOPgU2jMZKu4poloAFTyzWApmpP4Z6aBZlP9C2vSqwMUOuEl0mnoaGXDnZk+UPLduJCnIchcnZ5wD1rttHABv79EYD6OompTu+XrbHk74m63OlEKOGToQlQT9HPVdahcltU7IES4vT9YIl0Hk4EIEg0v6CX7K16USeheZSHClJO0NlLFi+nkxxTNeztI8v5DfPUsA2ko2SmbtfSlS+v7XCsebrblwCVlsE2LgMOsin2vKvr7e3HezFFcpj/wsahaYCQcjMFDybeI+/7/y3A9SDuYs8ManTbO5jySJw/+/InT36gL1uaXEVnm6j0HxhuJ359tFB1ptPk4OyvCNPGeYkYGGxMmLkWUJ3Y/hT+lyG6BF/eT6WU5f9y/eN6llkdDFCi/hyV5A8yDuu05jTWjYVZpmRVVy6vcc9HuaOU0TkMEovR4fG+yKpyBnJVyiJpeM9g0cKd56pGgsUlhMON6Dne+s6PCY5UzEMyjfF/sCjOmyhkDeiUI+TxDMqt4X2NyGK77FMrlRV+461wNV0gLbhOusbCj1KCitsy74E1GJAdLYZbPvpM2aR2RfQZDU9bhERCj6DJyB371BTkh2z3yep8cvB4jFEEyHvvwkP/GnqhHrfJQktKFs4hN9eQEvr3+q5bfbg4EqW1Jy7apakO1KYQRMqOIsHOcpZJErHRysXbaMyHHWo6YJ0HynYhAEAQAv77AMoHtFuANrccZEC7lZMQnJsKFCiO6HdiHwxk5ROl/AH7ZAbyX7yuu97IJRJ75/MG6izbp1V5Qembn4pH2kbCTVi5mBM9Bh2ITKbqxvL9w/D0aeuqJUlWOzbahZWZZyCXxX99h6DQyZYyuA7FL/hBSnG7JLCR55yOrabb+kKlL+g4MIm7HIaws2X4H3N20w5cQV5pAb9SX92tYVlRck6KYjmBmBzutk640Xj+rvEibJzGCpzYJIP43pP65ExnXxQCX9+kTxxvkE5ZNyazDVi9lQcrkweWS7gt6kOhfyYPHVslNdKbMqOLHukav2+ouolgvQ7sskHYJNUbCCuWrwOqOHuXhu8+OPOoJ69u4hWRx2Qi9hFQ2WrFBPSr9P5D0DDqkLtchSk1LvaGY5SBejTi2qpqpQPDbPLUI9kfejZAlIWuIkMEiypsXOKiTxBn5pLXjgQik+7DQAOYFlWyc3Se/zN70ZsFTyKpQDViUvsXdyBNBwp+skMNrSBM+/oMgDShY2wgVulL1kUrR+ovOr0utMYoXlTPAdyLKUSDSbk1MjcjjoJPYj/m7V97DLs1eTS8GvKOS/7+SSKg4RC+TCz2lFFOq3qjualXdTN/8hJxTeGqh+DLcrt8bDFXtyUfl6ZizRc8CxeJ7YrKqm/CMiAmEN0nYhPCxQ9MdCcFDit1MfGtcQVEVZkC9yyeLuzZsendsXznAeCN+HEXRqWaETJnuHmzrkjouESVUtxwuT1J/NbPqkkip4rVC0FkYjgxVsJp3g6P1k/SPTSWq+N4OVA6NvoGhCQS5rQ5u+XlQzw29zaV9dDQlsGkKOX9CL7iAwO/xwyOjmKph0iK4w+OxoSjBB93D7ZlKdjrTOJyoQq0eJB5xXmkPj5hNl76WJ3uq+BwZKJHsTMXBA7H0qwL7zPSksxgGuv+qnUvhE+5qXFNj5v4T4CeynVBW7P6agQlinSzecCb/5K2z6BvmteaEpPk11D4jLNTwi/pK39Gbus7M8z3Z5u+gEe5SIL5KrNQHjx4gpf9VA0mHuScPreYMDLhejU4Wm4sA43JM8KiBJbcX7GCaLBW2tgaNKiWDFuoKuQcckw1E9Us9nmN4yqk+LEiXbAUIT2/4aLrKO2J54gCkDN56ASRMy+2EzqMHA==,iv:zRMBIdIpGeCYP10DAe0U4n0TRlyE4eerOVaZ1f72k2g=,tag:5wLtFw6H8X1aBEnw61gWYw==,type:str] - token: ENC[AES256_GCM,data:JgiJgAeDHfjcOFIyyfFGX15BvAAJh6zVC/+9TgLsLuBhSiaNQOc7P+E3plXfDOz1af0KbbwNOfq3qSxzMIW46k0I6ohpL4SBbWEVv+W/tcXibtTFvJX2ovbSiy83BDfA6/y6JRaF0CwwqrcaE6CerCW5+nCR7wzsTD28lZdhY+w=,iv:2aDnVQU0/sINWT20fSSO74YohGSRZZLSqc+3DRAhZjw=,tag:HfYaupRiuYFZzcPKbrFihg==,type:str] + - name: ENC[AES256_GCM,data:6wj8HKt8RTtUE+XVTU8tj1RBLqt/h7oOpybWCmQXAyTNp1HsJhRpJzIeqr1/,iv:OP4fzsWU+kfx2wlXT1gLg83H6Q7VSYGooaJdO7mhCFQ=,tag:Cp29AfvuEb9ov1exvdH3GQ==,type:str] + user: + client-certificate-data: ENC[AES256_GCM,data:WvmLPKSpGum2vSki2L7if0Jd+v2XzYJJQTxT6YobFNUpcLwpVenAPlWoAI5tJgehJdqcUe9m1+cebrAV5RIL9+j+4U8wYu+IzCuxe3hEXol8cyS6vBv5Rjc3FZJM2peqU5wLsLlcPaNFoqsQwhYumCWejWD8TS8a7+3aKL5S04XFXbf4juwblmFFNb0tMcXR24Npbgcq5Talb1OSGhDeCHucnnRMRPfdQ0E23/NkVbJyzQH2y4xoGvicqSkNaGu1tlNkMFkVyHKSDTENX0fJ5vBthcM/KdZCwHCTVU+9s7KQS/n81LQw0wfqfLH77cnaORRV6qCYIAT3OmOQKRd52BVg5zh/oqWptGUXtCE0iSereHGKok5U1aie+zYDZ9IjQjXCjemnmgGtxLNPVD98C4uGoUu+RQCA1S3egv/S3X9z3Fb7SKV//ezTNrC/U0MpDiqPmbXBHNFSFpfd/kLd7VfyxsAlPyeXuB9CsZFnT/lkjt7XWhicZy5rYHuykcMm6oHxmokNs/qpjbuPwjbh+ZFKDVq8A+6h82pMH42ip7GUlPJ4+RTecCxIphIqVWS+MlCORMwj4JguJ1FAyqved2+50KwIdrvfvL2FisNF+fWZHfvb5d4sLxIBc2t9cZp7sWe4w1NzN52+FKL2AStdchuTX/gph5NDma3+eUr/NIj4SMSQP2t/mKYgE3RMto+TENHzt0FmPvRfiIb8vKGhDTnhaxXE2PkTOt1KdgZJ3WdjFMZfo3ykopl04XAGGDvx0ADqfKCYM9AZL2FXRD/YNWHkVSFEvF4PYEOPfeC9Fv73pt2TBYyId1JXRbPJ8OuWxzYXWZv1aiviLwtZtE4RubxMWk2orRqa+a/LrQg1ljn/PSL+wrwervjhn3Qlex7QkSewFL0rNhkeKH21DLeqsmvF2xFS3rE3ghbpotaIgj03iyjNJZmv5HbNhm7IHPuNKLvIUJIH7C6q1yDuuvGFtntOeUta+ZoUpgjQ+BWdbU2Gs1KTZsOw5RLwypKCv0o+W/zQGiX+SMXag/IJVJ46Z8n3LwGKlWRnWtL1PEmiNq8MSci1UEbW4QEJJ4vDpiQZIPK3HY/lo9mwRaERzLCQ1K16ueITydY49Xdr9VcxPNLomq66gVhI4zuvi+FMd/fN6zAWcxiqRXF3HiWQ0R0NOMvpOypLRji6SPLTW/jClW1NQh+bSFwYmwbnfnVIMhDnNcoT3BlMFnHET0earHIPDR7clsTQohNHiKpWc45ODdHJYzur6+cVAxPG0aM2GWa0n69iecQ8DXcn8xgacXM1f1AE2yHZoixD0o/sqpCIkyshrwWvu76Dxb254exUjsWASC4eOj+GrHNlv/mKoa1eCTy5EPQjwjcQC0zatNuXmVwrJ8woS6QN/W4PrlhB/GAK6erDi9qWtNh8lfcS//Vd4CTQoaeuLErS3s69m2ygjWchgYb1XfoW5v6mHmxR3ISr8peGlHMgu6nN4DKfaVEhp57PzpGMiyM9xWp1GStpCvWP2kKIPcYX5IwON4MiSRXkXkrmKMGVIGDyUMRAJOAvTxq5cliIIwHhzcwawUzYxGP0NGu0jeLF8ajKQmMgkV6YeDsPMlGcebQaUhljhIJUKkjazy/7FlRuJtT96DzQi3FAh5AqEBkGz+g0CMUv5b9g3tYpw7ohdvEHebny93cqL1ktSofLlFr5Dq+eaLjqLpwT5iV47m0sR3GDrvaWkGKj8Y+2G7KDmc08OEhftSGZhrZS3mg5bzZLB9lk8LayRLjKAyPJqFyhRS3EmDIoVLs9IEz4alfV0zEfed3Mn8lJu23Z9A/AkwBr6WIyZLosYkP31tM/VtCSzIK+khDRu/5FAfzjbRjZaj2v616m6HXksdLmu6MCMi44ODeJAG2mYeM+kIQYZ0MbPCv6SUgQV7wDAFxo9BPnbis5YKLsJ0w8BtIU1VshnZkk5icjV3jJemPxWz/rhaERz3drV27bxPBgOkPm5YhbfQWvxyc9KDld8yf8QDdjmde4tEW+yuMn2xDMZMFbzwTnFcljr8fEpn8B0sEiG63cZ6kD7u4U4yJ9Cj6z4dbJ7Ku9Bv2xUSDfzVgTy2rg6Z/x4aIGWKCMyq047nJKAuc0pnBUmCUfZA4S5QmW/oGd7Xpz0E7J8IUBATJYRIOtFEBUEVd1CecyYu4QNwUm290pcocahj2/+O+e3pUvW4ulX/kX5ovOdLBL3vIog8b3Q27Kts0F2lahGph6QwDWx8SrF+VWIvWv/wIGz+xl7JEQVPsLfSrFqgHyd1dykMAReYQ96qnVIGF7Je8vVtMUPcLfNWp+stBOC3Mqy7C+l+rxVplr89cCq5/+5GZwxx15nNdq5uNSA+C70Q3WZjSFZg07L7EPinRaAy0BigdMHbPcqpmjPnVeu/mSPb/SEH8ljb7RjDnMp31NgjVapCVUnigwUK+gC/aCdt06VJ8kaoBgLSuV6PxO26rBxjngl+JPh2FYGLC0O1YL4m6fgoqaZZIRSxcF81czEaltDaifs6quKv0VFTBT3VmS4PM1lpMT4/Wr896bEyZiseEGdaycY1phVBVuJA02RylfBflsWRtPnRy1kgTWfYzdy2pQDLMsPpBsbpoOrkJlBti5LDihXC2oDWUaHiBko4xjgN0+aQsujijZoMw07kRMrhAipxugiwIkE7ZanfWOlwjba9PCt8d7yHc1iXOnJYczMBr1x0h8158pmPjuA2H2CPmoihl8yyJ0hYURFVHNowmnAm9B7kEncabHDFOKNfeCasJ515QXUVR8s/f52BsSFalooOjV8ZGGcobAnEaWCK2KCvdBFhKs6PUHkBefBGtmQ+LNjh5I/HeuSP4i0mTlcCgcWYwBFYx9E/+WZup9mlf1fLl+yTpDpl9cJnPcUZZimrOs7sXADED56Pej1Z2QzfpHnaTfV0xFrU+AB1jAUb89DGV8tOsG2wp93X1vbt5lfVAk6/cFODx8L9t01UVvgupGQCDrwcjlCYS3J8jmYzfnyC5vFDx9qodrS4bmGWSgeJEeHBM3dYeNch0uVHW6ZD56vJZIKk4ifCc0aK4b5lujTo0xjulILD9J6hlXpauPLH4YEWqycI+VAZi5Y0Ak2VW2facEqVStgO7/Zw/hhZZgBtmejr+7UUVmO2+GukYGPP+yrUKkdndDIZVbIZ15xj+vrvzUGRHRdAVHECojDqs9iYeE3qyK5Lb3yM2XPwJMjMwFBxty1r/At++sETZMXuZHj0UAqoTKe6E6760jAGa0,iv:aydxtFaClqW3RIF8JIVrNpi+4NBEDACWZX0gvWsIUms=,tag:9DTAw00HaOl4NmFHnZlcuw==,type:str] + client-key-data: ENC[AES256_GCM,data:WfLlLuVo6zT6jen0xUD+vsMlb1t14K8oe0gqxAKwQk23fod58nJbWW0rkMeRWQRsqGMaiDT+vgA83dEbyEH7TnD32KU+eWBU9bf35Z/tfrHKbHkIoLSGB8fpU1R4EMkZN8KgcRsXj4j3a87e9i2rObZWuEE4khhmVqp1gyScySRyPT1tbVBARhO349JCJG5fiqceigF5O+hwaxLjbJmmY40eAbQqvFUfYDWMCLYiWB7fZsAEbrMs7MYtJDOjhRHexlSHIlMoXWmR7GnaiHZqOeW4NT5gKeHyZ7+qnHyeUUkXr5f1OEH44kdPJk+QxWqcAfT7hSTW4moBBk9GeLpom1SSiTz7/pl6FGZIMFSZZkU9PDiaZGlUrYIDqoCY4UiBZOVAm7yEfXGtdueaFClW8entenVNIHQ6/iOruQ7+6IenMBSUczOJhl0BGkQTEQDYtqS6NiibxQdH9GgWVG+Iv/m9rQaG7RvfwhBRaW+1e02M7Lyn87T7nqBMiPI5jGuPQZpof/F/DXocPlvAiTAFH5PqDi/jnmbaqUZX/vLrmk1QeIVithTWZYEr6OWby7k6wp/YP/tYWa8Ess1vM/x5LpqNfDGzuogrIvweNI3NIi+Z3JRl8w8DaAy3UMflGeqKqHTJVln8s0rlXXoh17sRw7fhg8i+kbMcpZKmRVMsFqNI4ScroY3sJx9yXhWpdDSrbjpZNP7l/01gcXg7bB3rzhhaadnOW2eWtbTBBtoPDP16pf9aF18wqTx6ZbtzE/bnCCYXiZGWzlyd3yAtL4f0IocZoVOIrnYrZ/riB5R7zM4JwvSznvM+0hBp9D8ZuP74pOrfKEisiNeaX0OHyRX7g44stJ7ej2/DziAjbkYb/z00dBEbQ1PpQjjqvBUO0fC9z8PtN9GXJsCodKfzQbV281yKUUMceRPg1Q21Xuz6fm8YDFEDwxb9q5H1SFM55W4X9mJOQNj3hmPOFSfW5wt0+St5ltLPFaIMTQIZdzmYw0IXrNDDp0Ut4hwPfPV0KywaOfW12MzHUBclHuMh/k6DhI0RK6P1XzA4TX13qImWhH889YLUPHN8Kyku/Q7VEuVHAFQ692KMCbQIirVTzPFI8xeR+pSqLIRAzDCvZooWk6fxBLhzu3aNmEOrfh04BF+6AbulKUiAGFSXwQ4Nxd0YJv9czVP+Evv87xKJI1l4AwAAiC+YdPF2hNbNlZ6VVoSLwewXI4i7eWl18TrNSll50aYRLaUfBZ+bpEc18nkwp+jQuNX2h6lCM43KPQbhO9VHMxT34Imva6ptxR0p9DymZrmb7Q5pxoYLxYWTfyAa9yFvdndK0NTW1rOOec8dHpkg7D5ggJEVnvbCUHmarEXyspHA/SPvNU7o9PatzDM9wT90S9MnMX5MMuSkCMhQf4v+HUiicy4BvKv3rJ2Y/5rh7sj+AJGmnotY1KJ7+r98byibD240Z2HIygukGJ4KZGsaTChMr/xK5+w+m6QtRYsDwCw6+6iEh7UwASk2Ak9ppASgv7+YAdrXfCIGDzq7jqqT78iCIMtRX795YBhREON1iOG4i1VnlwAklTjVUyLaxdr4uP0RL9iE/JEhWNoo5rsSC74izCovdHo7k8zwaxxf7U9gH3eoiR8yf0F2uCnT71CrYYFR76i6wzf986EQEZOKIq0hPQ76JgO7cBXAD0izMwjLo8je7g9OrXIftuloa/KdSywOTxVbppBwHy6No77oNnTnTY6Sx2xFh7E5CBFIzQOaJ/1+6wuehvcZAny3e5y82i6yHd9V6YBTC1huMj5EOaT7uOSNJ+DRfXCZU3Q37nWK2qed3btBiKxeE42Y60OEvFqiIVqCw+cM2/HKAnZiy4I/wtJ3Z75dbtWHBQD3wk9tDJb+Lf6Pl2e8cpYgHFptxtcXIE2PRA2Wl6kMffGgM8LbUw4aEVAnGop6Fdf6cZS1XUIt8/s+pmkJNwfHrOvhNpnQhwEpC0ozbsxMfIghWtx90kSl0Rzz74Ctty+Sl3+UKuLbnGxiylpf5GAd45Q9wQZm6MbX52mUBttyRDyMQ5X11HSY8zGEevMdt6ILe5Lrn+WVAjQQrody3T1TXywy8rkUUXVuHCiw9C+NY5E5JTuitkCuxnd9Qce7x9XqXeradTpamQIgp3IVG8SMMSdFBYG68wPWZmL5PG9X8rH+zpGFDWduR50J4bx2l6YzwG5UXWL6XUzSyFZhnaYs/izkWsGuI478K29gxAFMZ/tLuBY1CA265cyogMDbOAIkyWzR5yZSDx6O1Vs2VIbg3zUdbaBUGHP88vlmNo1n1rzPTnPb8GYapjujHyCsJ/fY50DHUJ7yJYrmWucvleitzHZa52J4FGwxkkGP6UqDPqaFVIR6zlXrRO5k/8nh8gSAhV8PXeXyFhcwMZylr97Fh1CkjTSIpxt6JIRUb2Fw9XhOm+Q9gbnXMiMFEEBqUmbmStNwN/jz4rFH2Gu8qaGaSJx1MMz6EQ50rzwAGzF0B/8NvrqgApCFIsC5su+pDTHvpJzSZAUYrhdxqNYBHw9Y4UxZAXfZ38Qx6TbRHtfPDYexBa0gv594vuQN8dqfUkkGf49DunQnwAP/FA6idWyl35N++wERbpTQzmfb7jo/3P0fZK+JkKL0AKFW2Gs2AHP5YBM/527GbdTNWTTyDA7KDZCa/M/POMfGIHvVSZ3ofRkMbuaqmIGBp5hq+RrM3qAwoCk+VNUEqmHKLly8T8eXCeNDZoNt5Y4mVAHSru994+oc48mpzKI9977B5A2tsqKzt5cXGNlsPqsd38LQzjBrUoN67Lo3b32jNL0n3LNs9ZdStC/BGYpH24OusfF43yoWcXyMypDnOJG7qAZVOiPGYIwslzF2BX0an/saslOjGy5n8wSsrIu0mpSqnT8XOYeKGnZCeOSTC+DfbXkv5qiSRdzji4rLMhIEKLHaLW4KpyEMouukt1+Tn4DsNdhSkV10Ra5w833xlDeRxPpa+NUX+D/3bsIoy+kLGVEtJmv/cj6MUsCj+PM49gdugPn4kcGfD9hLR9qjN30W/cEuuZqDBSAPyfJpBw9QdnIwzdTQwa00aJ48V+kstxXuM84hL51soWBFJ0hHLxOEK6MVJQC1c6QViSOl9b4QHWvch2Q9oOSnZ/QVfddYve6zSvJEJ9jSi9HgZQ7tnbPckZqum61A/93//aX3luXtjTnOKE0myk6cVeB/RRLd81V8cjUuwj9O5tuyK7loTFtiKeQ7C43ICqepsOcbLvZk6/0ZxDks6gK91rAONzV0mX0TFGphkxjWKngCZNGMVNVBAE7FwdifdvZQoCJQF0MBXBAaUMkkMzhH8cP3rVMwFVmaiaoikH1XCt78ytUEVTY8QJIOaPejCvq/FKWKacDCmr94p02IDOZfUEZnB044xMPRWlZJcWCKW5BGk8uEB5AYLU2v58+fOQ+A3kW/F+HDIDiP7hnUB5O+4TZ6iGvQ7rGe/XwLDV0FsP63NLMHXwvBVP2xMjUh7M58MjMeqZ3IrT9rEAzt9QzwPAive3z62LaI+PWEAqCedXsGfKtk27ivNNUuB2s2gqsvkEPXhLuNlELPomekE6fjS5bt0JWgu3LH5sI+jLRSARUidZORnBiT98Eo9k8Ih6f/0ZPqKP+ol9Ez11sHSurlpIW+5m4Uy9DlEHlFncaKXv2ij1sKOeiOS9oAHMV5lcIZQFUisqpioMn8NJ5nJ5swfftv/rBDLfn7XYKE3d6JO9c/5+hY6Y2J2WnJZiUiA/8QGNaRSJauTJU8mHjqbC1qhoQP2yiVPEloVTGmCuddWXmROVTVFus4N+3JXzN++GZ0sm4VmpNEj7PVWFUrEqXuNYNnPBiTB8QfVzzqgZ+hZ959xWXXrpegO78sicGKNfmqjZ7jsA0fBptGrT0HyKKYaJ4V1CP/UacGSu9TJOhbnX9g9EnjGEH/mKkhwpFNE+rwcezwk4WsfvJ/7k/bU33bQIez2EOF1lfqh5S1rQHQCaQdHzyXXrjjw0iHvkvN8ue4gPhfXJxYUSdlRLZPlhVkc2McIu6kNo+kQX2cicFqua71eIpzP0tnmHZ5/SdCiwfqs+fIhP/+DP+YQauhRULnHs1MWSSH8eY+bbgFtXt0fwmeXqdW+z6IzHY0qFYp6kB5nuq0/pUAyRpTWNYxtjqqYpedksNirOq7SEarzaOXog2jjnERBxuwalOL+4Dw6H2IJIdE3GhNk7vwtiCajnqb50JdbeVHbLCisJ1hpATj1b6cYUHlO/Qrwv5sdf7k/JwTRyuZcPSekZ1gMWnHklKa/BU8dY6bk3NGJnDutzjHSO94CelwXaAkf53XKYjjZc3S9v43BZ0Ey9Fha2SUyn0EtGVCXMqMrbxi0yv2Y5fhCMhIKd0cykMOU1gsVOnI16dFGn5lB8pr+wDFyEdLPxfe6riB7RGhZhHIbsToekXSKYsPRAcnuvT/VlQ1blnWbiCYwRSfMQdCAQwUHHrVQ1Ta0kARTwcvG3eRqgy9xHYNX8eDw4Xx2VRID1SHEM9GMDssp1XzJOxTUYF881hT+LlP67O9/Zjb4Kp1KoJsL8P6ybbMifGBYZs81il8nHg76YAcFpQjzln+7RP7tmdgJvBe4rCl+ZxM6xRUf+ooI7gBGsfEbl3EdHY5WMtEWUk7mTnZ4eEaulxycjgl5+BavgZGMwLS/Xoq84iutYTiDhzR7vHZ4DjkhEXvKKGzyrvCc0t7jbQvo0JbnLTfmVbPjemVgxGloBzvlye9Bk/AyrwP64YKzdcStCZzEQ/PfhO/ge/oR8cS/U40yxolhKapKRmd0RIXL3qYWsOC9ry0xzFnRBQPORRHFXmniWs5TWdJDer6sEorpyR3fydxD3wVLmjCMGID5Mo5aKliUV3NDBqtZFGzIeDCs/lYEvPi+akbZ9CMpa2nqkIMXBum8wLjO49wh/p1ZGMSP2FqCuz691OzUyrHZBJWTtnpFw/K4rHCuN97DthYXgpDOgVIShhOH2RgMDwja0M7BJ6TDCWiJcOxtDzLJpTzwHmSSZzpNpQI+SeJm7k4VF6dHm0nM5UCnft82ATKAiXdaNy/KqijdJuIl92dtE/2QhHdU3xwZgrdmC8bunh8bGFwI6WPyQbuap170O3u99sbDiBhu22ZHK/SjaBqvyzgyo//VIQRc8J8zBNPFGeYG04/X8H+I85u/aoG+AxGGXeDHQqsoFanz+zdKRTFsoUV5f7WqbUrKrcynWXPa1KKVycVVD6gn20nTqJ90KqjpOaCNinfXkYsA+h4tk5jjwgnxyPcLj9+A9pS5pfMUKJl2fhNbTQhKdfZH+WZC1VKE2miaRgZ5g7SJWi5ZGuZfnM8Q5NEpUPbyuiJ0I/pdc8KcpLxWYpix7o4QNTfiPS3Zt0DFE+NyUG8fbK1FPFXxtusM4Yu0zS5ZBnvQZ4GhHWBR6rKatUrjKnBbUMXwxNto8ZSZ9Vf1zgiZ5Mf0omXLCz5wgh+GEyxF0I3XFcpfHh/XOmJb31WUeQZR/R4dNSk0NprfYDjgHOIg0ZhFp6FomU8N01A9kgvnS8DTY6pgwJeTc720nMFy7IwFep4+TkUtAi26ZOr1UY3G8OSI2xTg5ieG52G8PDsjHcNM3CTV4f30Z8NJYKuqXBqyQflzSUY4POFHVyqH/iasmOWK8cIG/JFWPcciRJoO+1a5hJ1pViFkKWQu21zk8l3JEzZ22slu/Q8GhdCQ9sPsgRM0SIHLgvxhPMa1ubxgCYfNRHA5R7prU1hSzFd9h0JI8Aisqr53Q==,iv:655WYmVhDdR8oQ/M1uBdyeyBbnB4mjTKAVWXQpGV5A4=,tag:3zNEsyagpsyvUEvp1l+O8w==,type:str] + token: ENC[AES256_GCM,data:jLFKAbOuJ06a0CcvicKazTDvlWlZgbq4P+SVmLItPvpsxw94XQ+QDlqs68Or2Iw6K+LRnyAru5qSpkNmGGJ4Tpd+GlKOa2veJZup9p7XEwrk9BVyWs78acVI9rJ1u11BWso2rTl2fCSs6PkF4hNumsTw41YSV8TQnqRaMAxRNhk=,iv:gtbuVKMJ6zfOd94enKLBH3xVnp+rP+5qDGcCQd3PbLU=,tag:cSnFVGwqTK4Fy43v4vsKmQ==,type:str] sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2021-11-30T08:52:12Z" - enc: CiQA4OM7ePVcoCSCJb/pLcOGppXBgJJ5tdblhb2QTVJ7I3sHat8SSQAZvYDZWKCxtNxbQm3yL1Cegkrwy9gtXRyQX4kKqzMMjLri6E9V2umKEdy55gcGAENShvcIN0LQ+w7jiZE5kJZMLUP00ICqFS0= - azure_kv: [] - hc_vault: [] - lastmodified: "2021-11-30T08:52:12Z" - mac: ENC[AES256_GCM,data:Q15dzMYWkqZiHuaqDiChq6gxj89RzLGeSu62qRyubRR12YK/ittC9Y3da/2yr4xhNrcYKF6QErVfNAsrsERPRGfjFotOg3qYjE12rbngjkYoqWLRsJpAG1O83XADo2nA+xou2WnTqucpHDb5CFvtGrodrI9RgF06wa/jOLvSr7M=,iv:Q/VHxjnbaw4ydwSTtPT31UHB4wEjZU9BKoYY4BxnKYc=,tag:y91tKMDZ7eST5pVDmgl1Lw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.6.1 + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-02T02:45:48Z" + enc: CiUA4OM7eCDXUJADoV6utInJWZWPSLXP725EGXMwNNLtq+y2qc4DEkkAjTWv+nxuqCd118tqmh7QAmLNfKugimHHTx3vqP8343EasXxPcd3Z94SY448eLxC1CYIshYeamHBbW56Rlcu/JaKoDMAsjxID + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-02T02:45:48Z" + mac: ENC[AES256_GCM,data:xewR3sD4XkjL7pEi0p/7mchPbB/maOwgLV6ISZW0o5DHZdVUrcZx8Dx7cY0oIax0z3oPSzs/9KDy428+UxieF8cc+UpewgUyUs5TiTGlcfcSz+zrpE69tkc+XUf51pBUrGrocVnn+yG+LeDtVpvNVwRUlkVi/VWcSgTzj+tz6gs=,iv:oklNV9p8+EtEZvTmttQvsrlBsybeSSCB3161tr1p6lw=,tag:svgL8QLjlMKsmSmuRJECiw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From c1c4000a05fde766f04af58224c855cad13b4c46 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 4 Dec 2023 13:07:58 +0000 Subject: [PATCH 114/494] Make title h4 and use paragraphs in announcement --- config/clusters/utoronto/common.values.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index 14ff2af310..1486bcf40c 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -38,13 +38,15 @@ jupyterhub: announcements: - |
- ARC will be making changes to our educational JupyterHub on January 9, 2023: R/RStudio will be - moved off jupyter.utoronto.ca. R/RStudio will continue to be available - through r.datatools.utoronto.ca – a separate RStudio hub. To make - access to JupyterHub easier than ever, we will also consolidate the landing pages for our Jupyter Notebook and - RStudio hubs into a single launch page: datatools.utoronto.ca. +

ARC will be making changes to our educational JupyterHub on January 9, 2023

+ +

R/RStudio will be moved off jupyter.utoronto.ca. R/RStudio will + continue to be available through r.datatools.utoronto.ca – a + separate RStudio hub. To make access to JupyterHub easier than ever, we will also consolidate the landing + pages for our Jupyter Notebook and RStudio hubs into a single launch page: + datatools.utoronto.ca.

- For more information, please read our announcement. +

For more information, please read our announcement.

- |
From 1f78fb107ca22e88470c52f0fe762f6052d3466f Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 18:35:15 +0000 Subject: [PATCH 115/494] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v3.0.3 → v4.0.0-alpha.3](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.3...v4.0.0-alpha.3) - [github.com/psf/black: 23.10.1 → 23.11.0](https://github.com/psf/black/compare/23.10.1...23.11.0) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 755d82d698..1ee14fb699 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: markdown, yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.3 + rev: v4.0.0-alpha.3 hooks: - id: prettier @@ -31,7 +31,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: "23.10.1" + rev: "23.11.0" hooks: - id: black From dfba69a72a80e8c1ac47f49ca75f1ebe570c1024 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 4 Dec 2023 12:10:42 -0800 Subject: [PATCH 116/494] Decomission m2lines - `terraform destroy` already run - Buckets were deleted from the web console - GitHub apps were deleted Fixes https://github.com/2i2c-org/infrastructure/issues/3484 --- .../workflows/deploy-grafana-dashboards.yaml | 1 - .github/workflows/deploy-hubs.yaml | 1 - config/clusters/m2lines/cluster.yaml | 34 ---- config/clusters/m2lines/common.values.yaml | 163 ------------------ .../enc-deployer-credentials.secret.json | 30 ---- .../m2lines/enc-grafana-token.secret.yaml | 15 -- .../m2lines/enc-prod.secret.values.yaml | 21 --- .../m2lines/enc-staging.secret.values.yaml | 21 --- .../m2lines/enc-support.secret.values.yaml | 22 --- config/clusters/m2lines/prod.values.yaml | 20 --- config/clusters/m2lines/staging.values.yaml | 19 -- config/clusters/m2lines/support.values.yaml | 32 ---- .../daemonset_requests.yaml | 6 - terraform/gcp/projects/m2lines.tfvars | 121 ------------- 14 files changed, 506 deletions(-) delete mode 100644 config/clusters/m2lines/cluster.yaml delete mode 100644 config/clusters/m2lines/common.values.yaml delete mode 100644 config/clusters/m2lines/enc-deployer-credentials.secret.json delete mode 100644 config/clusters/m2lines/enc-grafana-token.secret.yaml delete mode 100644 config/clusters/m2lines/enc-prod.secret.values.yaml delete mode 100644 config/clusters/m2lines/enc-staging.secret.values.yaml delete mode 100644 config/clusters/m2lines/enc-support.secret.values.yaml delete mode 100644 config/clusters/m2lines/prod.values.yaml delete mode 100644 config/clusters/m2lines/staging.values.yaml delete mode 100644 config/clusters/m2lines/support.values.yaml delete mode 100644 terraform/gcp/projects/m2lines.tfvars diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 3b4bf41510..001c51d8f8 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -25,7 +25,6 @@ jobs: - cluster_name: jupyter-meets-the-earth - cluster_name: leap - cluster_name: linked-earth - - cluster_name: m2lines - cluster_name: meom-ige - cluster_name: nasa-cryo - cluster_name: nasa-veda diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 85248d5eb9..f3f3df3428 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -189,7 +189,6 @@ jobs: failure_openscapes: "${{ env.failure_openscapes }}" failure_pangeo-hubs: "${{ env.failure_pangeo-hubs }}" failure_utoronto: "${{ env.failure_utoronto }}" - failure_m2lines: "${{ env.failure_m2lines }}" failure_linked-earth: "${{ env.failure_linked-earth }}" failure_awi-ciroh: "${{ env.failure_awi-ciroh }}" failure_callysto: "${{ env.failure_callysto }}" diff --git a/config/clusters/m2lines/cluster.yaml b/config/clusters/m2lines/cluster.yaml deleted file mode 100644 index 16d0adfb94..0000000000 --- a/config/clusters/m2lines/cluster.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: m2lines -provider: gcp # https://console.cloud.google.com/kubernetes/clusters/details/us-central1/m2lines-cluster/details?project=m2lines-hub -gcp: - key: enc-deployer-credentials.secret.json - project: m2lines-hub - cluster: m2lines-cluster - zone: us-central1 - billing: - paid_by_us: true - bigquery: - project: two-eye-two-see - dataset: cloud_costs - billing_id: 0157F7-E3EA8C-25AC3C -support: - helm_chart_values_files: - - support.values.yaml - - enc-support.secret.values.yaml -hubs: - - name: staging - display_name: "M2LInES (staging)" - domain: staging.m2lines.2i2c.cloud - helm_chart: daskhub - helm_chart_values_files: - - common.values.yaml - - staging.values.yaml - - enc-staging.secret.values.yaml - - name: prod - display_name: "M2LInES (prod)" - domain: m2lines.2i2c.cloud - helm_chart: daskhub - helm_chart_values_files: - - common.values.yaml - - prod.values.yaml - - enc-prod.secret.values.yaml diff --git a/config/clusters/m2lines/common.values.yaml b/config/clusters/m2lines/common.values.yaml deleted file mode 100644 index 5aeac97390..0000000000 --- a/config/clusters/m2lines/common.values.yaml +++ /dev/null @@ -1,163 +0,0 @@ -basehub: - nfs: - enabled: true - pv: - mountOptions: - - soft - - noatime - # Google FileStore IP - serverIP: 10.98.223.138 - # Name of Google Filestore share - baseShareName: /homes/ - jupyterhub: - custom: - # Extra mount point for admins to access to all users' home dirs - # Ref https://2i2c.freshdesk.com/a/tickets/767 - singleuserAdmin: - extraVolumeMounts: - - name: home - mountPath: /home/jovyan/allusers - readOnly: true - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: M²LInES - url: https://m2lines.github.io/ - logo_url: https://m2lines.github.io/images/newlogo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: M²LInES - url: https://m2lines.github.io/ - hub: - allowNamedServers: true - config: - JupyterHub: - authenticator_class: github - GitHubOAuthenticator: - allowed_organizations: - - m2lines - scope: - - read:org - Authenticator: - admin_users: - - rabernat - - johannag126 - - jbusecke - singleuser: - extraFiles: - jupyter_server_config.json: - data: - MappingKernelManager: - # Cull idle kernels after 24h (24 * 60 * 60), to see if that - # makes the experience better for research hubs. - # Ref https://2i2c.freshdesk.com/a/tickets/243 - cull_idle_timeout: 86400 - extraEnv: - GH_SCOPED_CREDS_CLIENT_ID: "Iv1.1c4d967ffc205f98" - GH_SCOPED_CREDS_APP_URL: https://github.com/apps/m2lines-pangeo-hub-push-access - # User image repo: https://github.com/pangeo-data/pangeo-docker-images - image: - name: pangeo/pangeo-notebook - tag: "ebeb9dd" - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. They need to be just under total allocatable - # RAM on a node, not total node capacity. Values calculated using - # https://learnk8s.io/kubernetes-instance-calculator - - display_name: "Small" - description: 5GB RAM, 2 CPUs - default: true - kubespawner_override: - mem_limit: 7G - mem_guarantee: 4.5G - node_selector: - node.kubernetes.io/instance-type: n1-standard-2 - profile_options: &profile_options - image: - display_name: Image - choices: - pangeo: - display_name: Base Pangeo Notebook - default: true - slug: "pangeo" - kubespawner_override: - image: "pangeo/pangeo-notebook:ebeb9dd" - tensorflow: - display_name: Pangeo Tensorflow ML Notebook - slug: "tensorflow" - kubespawner_override: - image: "pangeo/ml-notebook:ebeb9dd" - pytorch: - display_name: Pangeo PyTorch ML Notebook - slug: "pytorch" - kubespawner_override: - image: "pangeo/pytorch-notebook:ebeb9dd" - - display_name: Medium - description: 11GB RAM, 4 CPUs - kubespawner_override: - mem_limit: 15G - mem_guarantee: 11G - node_selector: - node.kubernetes.io/instance-type: n1-standard-4 - profile_options: *profile_options - - display_name: Large - description: 24GB RAM, 8 CPUs - kubespawner_override: - mem_limit: 30G - mem_guarantee: 24G - node_selector: - node.kubernetes.io/instance-type: n1-standard-8 - profile_options: *profile_options - - display_name: Huge - description: 52GB RAM, 16 CPUs - kubespawner_override: - mem_limit: 60G - mem_guarantee: 52G - node_selector: - node.kubernetes.io/instance-type: n1-standard-16 - profile_options: *profile_options - - display_name: Large + GPU - slug: gpu - description: 24GB RAM, 8 CPUs - profile_options: - image: - display_name: Image - choices: - tensorflow: - display_name: Pangeo Tensorflow ML Notebook - slug: "tensorflow" - kubespawner_override: - image: "pangeo/ml-notebook:ebeb9dd" - pytorch: - display_name: Pangeo PyTorch ML Notebook - default: true - slug: "pytorch" - kubespawner_override: - image: "pangeo/pytorch-notebook:ebeb9dd" - kubespawner_override: - environment: - NVIDIA_DRIVER_CAPABILITIES: compute,utility - node_selector: - cloud.google.com/gke-nodepool: nb-gpu-t4 - mem_limit: 30G - mem_guarantee: 24G - extra_resource_limits: - nvidia.com/gpu: "1" -dask-gateway: - gateway: - backend: - scheduler: - cores: - request: 0.8 - limit: 1 - memory: - request: 1G - limit: 2G diff --git a/config/clusters/m2lines/enc-deployer-credentials.secret.json b/config/clusters/m2lines/enc-deployer-credentials.secret.json deleted file mode 100644 index f2f84811c7..0000000000 --- a/config/clusters/m2lines/enc-deployer-credentials.secret.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "type": "ENC[AES256_GCM,data:5We+inw6EiSByF0rZe2l,iv:OOP9z15AmOGRxypf8vg09Ex2zQE0Ju/mDmEM3xon8oc=,tag:3OKlhUIGy4/xRdHOuLxudg==,type:str]", - "project_id": "ENC[AES256_GCM,data:yy0nPiEQe0luocs=,iv:oz0Dvsym1XkHEuv2sU9EeJrhHrFw0gOCH4jhWU70GwY=,tag:zbAlTX9ct8c4AQUFwqmp2Q==,type:str]", - "private_key_id": "ENC[AES256_GCM,data:a53wwwi8HV2xkjqsVoTirWD4tz01q+ImkvVD3wnJkpPSs0xyi4qxfw==,iv:NR14HhJEYHytORvuhvl/UrWilDuPZ4cjLIxg9urQBQg=,tag:0SaBqCSlJgw2vy71oYKyTg==,type:str]", - "private_key": "ENC[AES256_GCM,data:YhjFFd1WKchHxbIjllHoqAFq94fFrgPoQe5z5rzpno0xNd04B0dq33ZBypZXXTJbU2wUh2eK1sLCYEyBhWL3tiuDuUnfR2crbfcAtZHeQYjbVoIePsW7sfjEXtuxu059pkbuasL2CxDg7NOvjuj264ZRlcWlYEHL+njTQAqkZZEBr2hpiGx2nKIbh9CLUCW+jyf93evXpFE7yuQj1RjM+PQZVT2GWSvpe3jeXFxdbJ9AOYdDWscptAS9RnWjwPq7VFb5Sg6m4K8zsKszff6qmjdbT/QGI5wl7xt4x9lOpx/FQuC39KsaAst47DUoOcI2bKOkUm782MAb8Ktxcb/wgNK8+fhRePHTjn8oIDseCCmsNEmnu9NH0SkG1kPy50mfIhCZg1HjyP3mNHznBKJhvKdG9uRE17rGNIDrg4SJWl2n7ibh21eZYnBEQ444mpJnxtGhswQcUTPE+4crFXVUQ+BrzTkoPqNjU0g+t6tPiBvwEkoszbK+RyjmzrLCOk+zJSROstYaqO5GqdPN3aL1Ea7ao5TTLoCIt5v4UcKd4zdcAX97E40Pvjq3ebA2mdnqCO+0Rp56dhE9gN/6Yyotn5Kpjb440DO7mJaxz3u40cry+MieUyiZ6FcX9BsQyfcMxwtlTTS0EE4rdyNiWrgjt1lknMJjH5T2yHkRTaVB6aKVDuMeiWlWr559dxAsGCgSDDfAfSevAA0fwympUtInak0fEKKz5ObH6M3pUJqC3CvJKzV6NH6cfFvvst4v69AOFakYJAWB1Y/OEDRqYlX78jt1PHx4ggwr6SGf9m4+bUw1bu+tZhGdAxDIb2fuAkignd2AiKL5VKSgtirnUWn4jllV92Yrax4eW5WWQIpbO2b8tAVCb467Edpv+jjWg88Wj8RoKi+kKZuyvjNcpDjnT0wul/57x1hKCKUswdi0EqlHrGqfFzZwKfLavhv+DAtOCRKeYFsDeiEUMT0pSKp0LEhDdd5F9ntdEu9kBD9P6OG9q5SgXiZYwktFQfJQJxcI8EXDfupn9NudCGwrBC7lbmrbfIF674p7a6gsCHn/8fDSn4GK28k6dnsqRmbomROH279rluliGdKlQCyY0gFNyHRIRqedHH0D1ghfOS/5mt0uYs1bbAlhfUqD9cE/ooHpv7U4sRb/Fp+y3S89POqYdxGtSrkKT0i4yHxx035S395VlcTCppE/wAL67jMSGtfVTWSJ5AYoO5oHx1SIuHEs/gpy10fUF6hiW8Dob5AyjLASBuVdBiZM6U6/pzCnv3JIbrYWj/ljFolZwGZCC+dMg0NEZz+CeDQ9HgSn1GVythIy5O54v6MPh0NF4MCydqlcEOdzHOzeuF9oDyJeYsSEPeAYvY8/WCiWkGuyFELDTDPSLjExnP0G+sHJYtn9UBhnyokaYxfMqdaC1CiXfaXiDZzzuo+LZznTj3yDQp2a3P9bwevYyPtOprncg2nyN9PYXxhkDykA2KM89Y7A+cQ4875jOAwEn3BwH/LIedpuiM3vvXpXl2me0pT7L6VQ2TROJXnfqC/XkEguFNiNhPisBNsta14mXOBt7rwGUyk5BX2D13quegpU5K1IbuLH3v76H9yFD3d31jy5NitdEYQYgWcVlaVk3wQLwYvcfVwjXV8sxwBf7ewBimXSQ53ZRhEngkCybirYtw6mTfvIpDhVZoOTPUkRzmuvJfQq1SjyMo8jTV9Jkl5ylWL9EjmYKFaS2ZvMotTnGDHdBbBf+jFK8FfQI6NrftlX1M9qLdES135f34h4jYbnOvsMSSomic6SJ1TSeTiiNcRfsCK3gc6iC7vKiEnC+geJ3F2oLMgZeAyerQcnPElhPJl1pU13gDMcT5bstYv46SIjziH1t89Nv0E7ziGZskamWXAO8nI+2C1M6qLNMXrxqwTpmDE9bhgGUUlr0KEKfDbJShWInLsTxJH5UCWIoNDEQO9bxWL85IdO1ukARdjd6j2h1IdfmOAadkWDLC1OU89sOY814Fx+v1REF2XX+kl1BMzTzYINIGmR4eLYOWWRfSLZpqRrggKDhS4+pqTKo0W5/VmYZAuDYQu+FqLtHx41ju2uQUxmE1tPa+Ig+nWUa58hvjQwHENdhLih5wKRzD8dK7js/PUHF8vZKFQCuejP2z0pDmWbr2ZGMhZSVJPh2+09UQnhSu4z0sLBNdo7NchY0vv2ZpzRHmR8CGMLzICw3iOUj42WogNemQctcJkRvEhUb19vuFZqEwWIic9HqQDzyjsocDwR6s9hYfD/ALil,iv:2QVpE7Co5ArKEG+678NYeL7FRlcyTEiGam/b8vjbUDk=,tag:jncRJtDXlaLWLUFNETGttg==,type:str]", - "client_email": "ENC[AES256_GCM,data:IUcDKZXYMGRowYvtSoFl9wdGX24CqW/jM/oVrq1sBG/6leKcnt9BKyRzjIb+NtkxNQ==,iv:N6Dl4KNhq9X5pw73qC3UW1apuVxdtaOY2fMLsXRzB/Q=,tag:tb0aSFBz8xxKPSjbZJA3oA==,type:str]", - "client_id": "ENC[AES256_GCM,data:JEZGqog07AH7//T5W7CkhW+mrMY5,iv:OHCNl5yukVlSSFaUo70+V7oxkQSuQ3kubVPrQIQFwDQ=,tag:NY+sKw1Q0S49OdMGZB1bow==,type:str]", - "auth_uri": "ENC[AES256_GCM,data:5uT/STJb+lxYaprXetT0jWvl8rWX2sLugVHnwFbRXRk29i9fy2EpUXs=,iv:NSd8Qh2p5ktpynidvA7ojMJyeA982aTeIWTECLmDsRg=,tag:dMFgkU9R6mwrjLIJCqPCxQ==,type:str]", - "token_uri": "ENC[AES256_GCM,data:iUj/7nsFLBi78w+57Xa1covWhjETJRK2TfnftCzsXjX7Us4=,iv:kErikER0soZAa34c+CUwxtHmid961Xfm84fSMMOQht4=,tag:Y2H0EQ2Y0JPGk4cHz8JBQg==,type:str]", - "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:wMzuVnh0xL/ntPwRZitpoR1QfgkO+veh0LtF8DRLLYA5ZG60ITvJjoFh,iv:FQrw7+3yNAk7aDPgWvh0UN/zML6JM0q8TP1P/HNlRms=,tag:m0WeLS9bCF+fXEWUWLQlLw==,type:str]", - "client_x509_cert_url": "ENC[AES256_GCM,data:JC26Ow+nS/RISj645ZPZoW/ngKAeEOtkfuNYSi8VH8QKy6OztJlxsn3/zvZLHKrhl+550oEMhCG6puoI3xiz4SZKT3yjmJhYQEh1+ugq5b4kwA2A1SV9rYuN2KDHeA4gZJUqqjE=,iv:WPwJQKzFGOhydvaSHm9XPhC8m3irk1F0zL0tojmgv88=,tag:bh9ZH/d3otNG7/2TX+Y1oQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2022-04-26T07:06:02Z", - "enc": "CiQA4OM7eJ7ZQZC6sPtBHtOgNOUidBq8ISVfdMvnCpMVnTftYYcSSQDm5XgWLIx7gMAvpZEYkU+gby54W2ZEl8k9ZFQFxK9u3yvjZZQ/9CUttSRM+ZwP2eNzK0Z9xmcORh3RwrasBnhH9Gx2uyuB5ww=" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-04-26T07:06:02Z", - "mac": "ENC[AES256_GCM,data:5Af0EoLt1W6Hs0UFwGzvv6cUSVxzYWdHwI33oI1WIdN1T8L/aiwIg18p6INPh5AzGj4BKqwDlP4gSaaAbwFaIAqzjyOfpi46ysBlU4NtiD1wdUZqGNIXmKV04gRk89Kfc01U372PoMylwWJsdjnAJhD2cbe+H2kqScReHJMa9B8=,iv:xXKrORbhxnvaKGNIiBOFgp0YquC4YficAu8OOyCg1FA=,tag:RS3cp5fDwye8eF/cbXDVhQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/config/clusters/m2lines/enc-grafana-token.secret.yaml b/config/clusters/m2lines/enc-grafana-token.secret.yaml deleted file mode 100644 index 87da8d8d3d..0000000000 --- a/config/clusters/m2lines/enc-grafana-token.secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -grafana_token: ENC[AES256_GCM,data:B+I4E9LVyDCl/zBARp0/Vqo5XjyOyAUGXNvi30BBukzVYMzIjE1+6zn4o9hKF/9caqzlLZkQDqmEGNI/hnYp/IGIichcc9OjD+ucmOXz3a2QJ9GnNAjFD6hcQzU=,iv:NpkxkeYdJuX4jsSRHb8X15iE76YGGMq3cDSLRbSyZFg=,tag:XnQSeCvOb1riP1LsQ6qzGA==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-02-24T17:56:52Z" - enc: CiQA4OM7eA1jS3a2zwDnUXuczQfvJW5u9Zp3QHRgCZjXk1ha/P4SSQDm5XgWif8sOYLkjo9k+hTKISv4PddEGATlvRChHeNZREfg2nreeDYujK6tOdiXplp8Yzv+uWxnxxUvlYPbhvReCDgmuEKLGI0= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-04-27T03:43:54Z" - mac: ENC[AES256_GCM,data:/WJ6emgXCBFjqJadi7sXgXJGCUgWv3eBEbnzYss9AM3Aws4gnUJ5Se6XobB8ep+Nt6/KCTYnUaSHFX0HGi1J8lyl1WCYsN0OKBQfSPt5ABJ4qI3A6JifOnlf/7EB3Z6TSGCnJ+4s6bupSejRRi54rsOiDnmD8wt99WFMv/IMnYs=,iv:QedXp+0WKPYfSX0MpHL1QLAF5LTtBEorD9efZlcjheY=,tag:8f3iJm6wH/M+pjlTSc5rGQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/config/clusters/m2lines/enc-prod.secret.values.yaml b/config/clusters/m2lines/enc-prod.secret.values.yaml deleted file mode 100644 index 0b7b866fbc..0000000000 --- a/config/clusters/m2lines/enc-prod.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:9Ck6xNrjH6YXQibljjwV+Pl90QA=,iv:mqf/qY0uOJ1A640AIhetv8ztEQLMboD4nUz2ta7xia4=,tag:JgSJwIzbNIPoA93/mCwxdw==,type:str] - client_secret: ENC[AES256_GCM,data:kjzpWRgVsXdt/KemCh4ZCnuo/4k342URs4T6CPoCVNh1pD3siiG69A==,iv:vjq3j9kXKY8WkdQ8flmcM687Qdwln3VioKMphwDAMHw=,tag:PMNXUkgjjBtbroketamPiQ==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-02-24T18:31:21Z" - enc: CiQA4OM7eNU4/NC1GSyOypie5mku2r/szfsjQHdxf5CkEib8PWISSQDm5XgWPd3+MJEgP6vyMdkr+5xZCc0MbF1aoNtwLVU/Z9PKOZsw2UgcoYIAHxpoMCm9aC2mS+qZJyq7N5GnR0xxIc3cGMNybVo= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-04-21T23:43:03Z" - mac: ENC[AES256_GCM,data:o5+2PJDg7QXH0BkoTfA5Wp/DSp9eEqL1od922Eo0zlzU0CEJiixC8Zk7UJa4U3crrJh8PgsuMFcitSgKrLk2neNz0TzT0R5e4Xnh+/KVn4VCf9gfn/nqRKEqou3mRyuECOSad9oeRBv5uLxJb065Vk4lV8VoonhYATCkT3GnpdE=,iv:eb43lzrERBGakB4gJycc+bINdoM/Pw5ndt0MnbyjfHA=,tag:4ovUvHdIlUS/oeATqpkHtQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/config/clusters/m2lines/enc-staging.secret.values.yaml b/config/clusters/m2lines/enc-staging.secret.values.yaml deleted file mode 100644 index 3d5b79b9a5..0000000000 --- a/config/clusters/m2lines/enc-staging.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:Zq5gIGURTn520LKB2or6ms9wEYc=,iv:Mj3a6EeQm0KM0/9/sfIB9LiNf40sIR+kteT37LowVGk=,tag:GSjAGvtj8as6Ho+mlElfZg==,type:str] - client_secret: ENC[AES256_GCM,data:N8ffgXc1JuEnPGdP8tL5iYW2RYclgrLyPmf+ndvm2eNTGK16MUpwKQ==,iv://0l/GqTLZ+wxHyltwb+a66eumTfFveSUJHwSF+g05Y=,tag:n1y/ZHKTrJRRmaD8RW1S8A==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-02-24T18:04:17Z" - enc: CiQA4OM7eP6diuWK5cq1WJfLBHrUaMLetApVQYdQJjlOFUKSsHASSQDm5XgW8L7w2ZN+LPLHBMIcfpO6YIBeajtpkKFnTdpRgbhgR7+fb9p4HHT8z3H1U7nwKuOaQPtsXj2e8ZPjWr/2tqy6ramzlhU= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-04-21T23:29:26Z" - mac: ENC[AES256_GCM,data:IJK1wZfjVSgOrcOYC88vSN1lxc/zgQZwzJc/1p5kQyU8HamzOzX76SCFTgA6dv+uNQWZC6rfekrRHIh9fZGBf5X5+gaFnlQREFj0UDJOLSxUtZQo/a1sJezkzI9nB4gv4WJylGbjKBo7p0QLN67vXeJQwBspFGaP2n3y+BGXlaE=,iv:Jtl42eYBWDmeSLCDMTx3Ml03pLTYnlGGS6wYVXate0A=,tag:7UbZe/23JrqhoiMdBgmizw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/config/clusters/m2lines/enc-support.secret.values.yaml b/config/clusters/m2lines/enc-support.secret.values.yaml deleted file mode 100644 index 9a2e8033b2..0000000000 --- a/config/clusters/m2lines/enc-support.secret.values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -prometheusIngressAuthSecret: - username: ENC[AES256_GCM,data:bisiUHR25ma+Q2MTh8UcjaWDvX/RUVGmAvdfl95ehQ6vmAa0PmMRgZc6pmNwRQSV6+l/D7POI39UaXNCS/mUgg==,iv:See29zO/q0q3xeCij8Gx8Dk1KObVuA2snECw24c8bQc=,tag:osdytedbJLqwYBFwD3GlPg==,type:str] - password: ENC[AES256_GCM,data:CKBA27Rq5acAl+BrMENZvLcrG0BBNC6VQCKMldyenS6tcwX2yM0ZH3mZLspDlWSuNhyh7UxSK/Ks0pds+olWpQ==,iv:/O8DoKRPWktMFKwJ6IxpVhSpnISnJGiguOkr+CmF+OE=,tag:J4fTMgoV7NtTG8/iIUCW9w==,type:str] -grafana: - grafana.ini: - auth.github: - client_id: ENC[AES256_GCM,data:AwOgzy07q0befQjbfzk3HYVHW54=,iv:DUjQ1ceqlSMpIdlDVpmpm3ILfrNszWcaD7dvyqZZNdI=,tag:gwQpWYI8gg4uelWQx0Yb/g==,type:str] - client_secret: ENC[AES256_GCM,data:fCFbmAkCjS59Fr8P8Qx+DxcX5Higkq++GOICB1GyEnV3yMKl9kDjqg==,iv:eJe1meggvTxYSlvoqklEH7+d8Oi+H3qOgdYB0n81rIQ=,tag:nLlxy8pcv9f8e/mKZl1ncg==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-10-28T10:24:36Z" - enc: CiQA4OM7eEkEE5hlcqPybmYOWbqZJAuksYMnSYYHwqmeljiimJcSSQDuy/p85YMbh9sMf/+H0NY9f60vz8QAuT4/mkTan/zsKLTQFTX66vaFwiYPaKpqVowanzx39SLyIhHSfQHnsGpg/bAFRK23+Os= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-10-28T10:24:36Z" - mac: ENC[AES256_GCM,data:G5BitI2XFqq+5FwJr52c8kIVvAPkwoYKCvQ7k6gdallcLNFHPJnN7UYXF+TWZXk1cLVxn7NDK56WhujtIuiz+tXe+XUyu1dLnXnZxtI5Rg5HUMmX7/yCD5smpgfa5UsYrd0fRhnXVaPP0V1m/fRJ4C5iQ62jkKFq16uqf7uqoiE=,iv:TMVE109vKpTi8ncgIo0ojgQszsT5P0JXcw/tB32imtM=,tag:MsO9YA9fz6DXylahqzTlpA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/m2lines/prod.values.yaml b/config/clusters/m2lines/prod.values.yaml deleted file mode 100644 index 4e2fca7bb9..0000000000 --- a/config/clusters/m2lines/prod.values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -basehub: - userServiceAccount: - annotations: - iam.gke.io/gcp-service-account: m2lines-prod@m2lines-hub.iam.gserviceaccount.com - jupyterhub: - ingress: - hosts: [m2lines.2i2c.cloud] - tls: - - hosts: [m2lines.2i2c.cloud] - secretName: https-auto-tls - singleuser: - extraEnv: - SCRATCH_BUCKET: gs://m2lines-scratch/$(JUPYTERHUB_USER) - PANGEO_SCRATCH: gs://m2lines-scratch/$(JUPYTERHUB_USER) - PERSISTENT_BUCKET: gs://m2lines-persistent/$(JUPYTERHUB_USER) - PUBLIC_PERSISTENT_BUCKET: gs://m2lines-public-persistent/$(JUPYTERHUB_USER) - hub: - config: - GitHubOAuthenticator: - oauth_callback_url: https://m2lines.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/m2lines/staging.values.yaml b/config/clusters/m2lines/staging.values.yaml deleted file mode 100644 index 1c435f4711..0000000000 --- a/config/clusters/m2lines/staging.values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -basehub: - userServiceAccount: - annotations: - iam.gke.io/gcp-service-account: m2lines-staging@m2lines-hub.iam.gserviceaccount.com - jupyterhub: - ingress: - hosts: [staging.m2lines.2i2c.cloud] - tls: - - hosts: [staging.m2lines.2i2c.cloud] - secretName: https-auto-tls - singleuser: - extraEnv: - SCRATCH_BUCKET: gs://m2lines-scratch-staging/$(JUPYTERHUB_USER) - PANGEO_SCRATCH: gs://m2lines-scratch-staging/$(JUPYTERHUB_USER) - PERSISTENT_BUCKET: gs://m2lines-persistent-staging/$(JUPYTERHUB_USER) - hub: - config: - GitHubOAuthenticator: - oauth_callback_url: https://staging.m2lines.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/m2lines/support.values.yaml b/config/clusters/m2lines/support.values.yaml deleted file mode 100644 index a2e4fbddb2..0000000000 --- a/config/clusters/m2lines/support.values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -grafana: - grafana.ini: - server: - root_url: https://grafana.m2lines.2i2c.cloud/ - auth.github: - enabled: true - allowed_organizations: 2i2c-org - ingress: - hosts: - - grafana.m2lines.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.m2lines.2i2c.cloud - -prometheusIngressAuthSecret: - enabled: true - -prometheus: - server: - ingress: - enabled: true - hosts: - - prometheus.m2lines.2i2c.cloud - tls: - - secretName: prometheus-tls - hosts: - - prometheus.m2lines.2i2c.cloud - resources: - limits: - cpu: 2 - memory: 12Gi diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml index 62916addd7..3e8e1850cf 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml @@ -74,12 +74,6 @@ gke: cpu_requests: 344m memory_requests: 596Mi k8s_version: v1.27.4-gke.900 - m2lines: - requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: "" - cpu_requests: 344m - memory_requests: 596Mi - k8s_version: v1.27.4-gke.900 meom-ige: requesting_daemon_sets: fluentbit-gke,gke-metadata-server,gke-metrics-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" diff --git a/terraform/gcp/projects/m2lines.tfvars b/terraform/gcp/projects/m2lines.tfvars deleted file mode 100644 index 837160bc0f..0000000000 --- a/terraform/gcp/projects/m2lines.tfvars +++ /dev/null @@ -1,121 +0,0 @@ -prefix = "m2lines" -project_id = "m2lines-hub" - -# GPUs not available in us-central1-b -zone = "us-central1-c" -region = "us-central1" -regional_cluster = true - -k8s_versions = { - min_master_version : "1.27.4-gke.900", - core_nodes_version : "1.27.4-gke.900", - notebook_nodes_version : "1.27.4-gke.900", - dask_nodes_version : "1.27.4-gke.900", -} - -core_node_machine_type = "n2-highmem-4" -enable_network_policy = true - - -# Setup a filestore for in-cluster NFS -enable_filestore = true -filestore_capacity_gb = 2048 - -user_buckets = { - "scratch-staging" : { - "delete_after" : 7 - }, - "scratch" : { - "delete_after" : 7 - }, - # For https://2i2c.freshdesk.com/a/tickets/218 - "persistent" : { - "delete_after" : null, - "extra_admin_members" : ["group:m2lines-persistent-bucket-writers@googlegroups.com"] - }, - "persistent-staging" : { - "delete_after" : null, - "extra_admin_members" : ["group:m2lines-persistent-bucket-writers@googlegroups.com"] - }, - "public-persistent" : { - "delete_after" : null, - "extra_admin_members" : ["group:m2lines-persistent-bucket-writers@googlegroups.com"], - "public_access" : true - }, - -} - -# Setup notebook node pools -notebook_nodes = { - "n2-highmem-4" : { - min : 0, - max : 100, - machine_type : "n2-highmem-4", - }, - "n2-highmem-16" : { - min : 0, - max : 100, - machine_type : "n2-highmem-16", - }, - "n2-highmem-64" : { - min : 0, - max : 100, - machine_type : "n2-highmem-64", - }, - "small" : { - min : 0, - max : 100, - machine_type : "n1-standard-2", - }, - "medium" : { - min : 0, - max : 100, - machine_type : "n1-standard-4", - }, - "large" : { - min : 0, - max : 100, - machine_type : "n1-standard-8", - }, - "huge" : { - min : 0, - max : 100, - machine_type : "n1-standard-16", - }, - "gpu-t4" : { - min : 0, - max : 100, - machine_type : "n1-standard-8", - gpu : { - enabled : true, - type : "nvidia-tesla-t4", - count : 1 - } - } -} - -# Setup a single node pool for dask workers. -# -# A not yet fully established policy is being developed about using a single -# node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. -# -dask_nodes = { - "n2-highmem-16" : { - min : 0, - max : 100, - machine_type : "n2-highmem-16", - } -} - -hub_cloud_permissions = { - "staging" : { - requestor_pays : true, - bucket_admin_access : ["scratch-staging", "persistent-staging"], - hub_namespace : "staging" - }, - "prod" : { - requestor_pays : true, - bucket_admin_access : ["scratch", "persistent", "public-persistent"], - hub_namespace : "prod" - }, -} From 89659a05b3a0841abf2ef067c1175c0b31306540 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 4 Dec 2023 12:14:14 -0800 Subject: [PATCH 117/494] Add deleting cloud bucket data to decomission list --- .github/ISSUE_TEMPLATE/5_decommission-hub.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/5_decommission-hub.md b/.github/ISSUE_TEMPLATE/5_decommission-hub.md index c0fb1ae114..afd0e2f2ac 100644 --- a/.github/ISSUE_TEMPLATE/5_decommission-hub.md +++ b/.github/ISSUE_TEMPLATE/5_decommission-hub.md @@ -32,7 +32,8 @@ Usually, it is because it was a hub that we created for a workshop/conference an (These steps are described in more detail in the docs at https://infrastructure.2i2c.org/en/latest/hub-deployment-guide/hubs/other-hub-ops/delete-hub.html) -- [ ] Manage existing data (migrate data from the hub or delete it) +- [ ] Manage existing home directory data (migrate data from the hub or delete it) +- [ ] Manage existing cloud bucket data (migrate data, or delete it) - [ ] Delete the hub's authentication application on GitHub or CILogon (note CILogon removal requires the hub config in place) - [ ] Remove the appropriate `config/clusters//.values.yaml` files. A complete list of relevant files can be found under the appropriate entry in the associated `cluster.yaml` file. - [ ] Remove the associated hub entry from the `config/clusters//cluster.yaml` file. From a9503c20a79a2b091de37d5ae35f420c8636f8af Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 4 Dec 2023 17:08:50 -0800 Subject: [PATCH 118/494] Bump cryocloud image Ref https://2i2c.freshdesk.com/a/tickets/1162 --- config/clusters/nasa-cryo/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/nasa-cryo/common.values.yaml b/config/clusters/nasa-cryo/common.values.yaml index 5ac592082d..5a653c2b58 100644 --- a/config/clusters/nasa-cryo/common.values.yaml +++ b/config/clusters/nasa-cryo/common.values.yaml @@ -136,7 +136,7 @@ basehub: slug: "python" kubespawner_override: # Image repo: https://github.com/CryoInTheCloud/hub-image - image: "quay.io/cryointhecloud/cryo-hub-image:031697343bfc" + image: "quay.io/cryointhecloud/cryo-hub-image:84a1cbe7cca2" rocker: display_name: R slug: "rocker" From 8f98c0e9353364086358a38eee573a6d1c0a7cc5 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 4 Dec 2023 18:01:36 -0800 Subject: [PATCH 119/494] Decomission jackeddy hub Fixes https://github.com/2i2c-org/infrastructure/issues/3487 --- config/clusters/2i2c/cluster.yaml | 8 -- config/clusters/2i2c/jackeddy.values.yaml | 164 ---------------------- terraform/gcp/projects/pilot-hubs.tfvars | 19 +-- 3 files changed, 1 insertion(+), 190 deletions(-) delete mode 100644 config/clusters/2i2c/jackeddy.values.yaml diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml index c450f972dc..4151b30592 100644 --- a/config/clusters/2i2c/cluster.yaml +++ b/config/clusters/2i2c/cluster.yaml @@ -128,11 +128,3 @@ hubs: - basehub-common.values.yaml - mtu.values.yaml - enc-mtu.secret.values.yaml - - name: jackeddy - display_name: "Jack Eddy Symposium" - domain: jackeddy.2i2c.cloud - helm_chart: daskhub - helm_chart_values_files: - - daskhub-common.values.yaml - - jackeddy.values.yaml - - enc-jackeddy.secret.values.yaml diff --git a/config/clusters/2i2c/jackeddy.values.yaml b/config/clusters/2i2c/jackeddy.values.yaml deleted file mode 100644 index a222dd89f6..0000000000 --- a/config/clusters/2i2c/jackeddy.values.yaml +++ /dev/null @@ -1,164 +0,0 @@ -basehub: - userServiceAccount: - annotations: - iam.gke.io/gcp-service-account: pilot-hubs-jackeddy@two-eye-two-see.iam.gserviceaccount.com - jupyterhub: - ingress: - hosts: - - jackeddy.2i2c.cloud - tls: - - secretName: https-auto-tls - hosts: - - jackeddy.2i2c.cloud - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Jack Eddy Symposium - url: https://cpaess.ucar.edu/meetings/4th-eddy-cross-disciplinary-symposium - logo_url: https://cpaess.ucar.edu/sites/default/files/styles/extra_large/public/2023-08/EddySymposium-900x400.jpg?itok=8qG7Dqi3 - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: "" - url: "" - custom_html: NASA's Living with a Star program and UCAR/CPAESS - singleuser: - # https://infrastructure.2i2c.org/howto/features/dedicated-nodepool/ - nodeSelector: - # Applied to all profile options - 2i2c.org/community: jackeddy - extraTolerations: - - key: "2i2c.org/community" - operator: "Equal" - value: "jackeddy" - effect: "NoSchedule" - defaultUrl: /lab - extraEnv: - # https://infrastructure.2i2c.org/howto/features/buckets/ - SCRATCH_BUCKET: gcs://pilot-hubs-jackeddy-scratch/$(JUPYTERHUB_USER) - PANGEO_SCRATCH: gcs://pilot-hubs-jackeddy-scratch/$(JUPYTERHUB_USER) - # https://infrastructure.2i2c.org/howto/features/github - GH_SCOPED_CREDS_CLIENT_ID: "Iv1.37646d01f3f58a80" - GH_SCOPED_CREDS_APP_URL: https://github.com/apps/jack-eddy-jupyterhub-push-access - profileList: - - display_name: "Image and resource allocation" - description: "Choose the user image and what resources to be allocated for the server" - slug: only-choice - profile_options: - requests: - # Configuration setup based on https://github.com/2i2c-org/infrastructure/issues/2121. - # Allocate resources from a n2-highmem-16 node, instead of a - # n2-highmem-4 node to help reduce startup times. - # Based on past usages of this hub, it is highly possible it will use notable - # amounts of RAM. - # The choice of this node, will avoid putting only two users requesting ~16 GB on - # a ~32 GB node (if we went with a n2-highmem-4) and will instead allow for - # at least eight users to fit per node on a n2-highmem-16 machine. - # ref: https://github.com/2i2c-org/infrastructure/issues/3166#issuecomment-1755630637 - display_name: Resource Allocation - choices: - mem_1_9: - display_name: 1.9 GB RAM, upto 3.75 CPUs - description: Fastest spinup time - kubespawner_override: - mem_guarantee: 1992701952 - mem_limit: 1992701952 - cpu_guarantee: 0.234375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 - default: true - mem_3_7: - display_name: 3.7 GB RAM, upto 3.75 CPUs - kubespawner_override: - mem_guarantee: 3985403904 - mem_limit: 3985403904 - cpu_guarantee: 0.46875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 - mem_7_4: - display_name: 7.4 GB RAM, upto 3.75 CPUs - kubespawner_override: - mem_guarantee: 7970807808 - mem_limit: 7970807808 - cpu_guarantee: 0.9375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 - mem_14_8: - display_name: 14.8 GB RAM, upto 3.75 CPUs - kubespawner_override: - mem_guarantee: 15941615616 - mem_limit: 15941615616 - cpu_guarantee: 1.875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 - mem_29_7: - display_name: 29.7 GB RAM, upto 3.75 CPUs - kubespawner_override: - mem_guarantee: 31883231232 - mem_limit: 31883231232 - cpu_guarantee: 3.75 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 - mem_60_6: - display_name: 60.6 GB RAM, upto 15.72 CPUs - kubespawner_override: - mem_guarantee: 65105797120 - mem_limit: 65105797120 - cpu_guarantee: 7.86 - cpu_limit: 15.72 - node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 - mem_121_3: - display_name: 121.3 GB RAM, upto 15.72 CPUs - kubespawner_override: - mem_guarantee: 130211594240 - mem_limit: 130211594240 - cpu_guarantee: 15.72 - cpu_limit: 15.72 - node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 - image: - display_name: Image - # https://infrastructure.2i2c.org/howto/features/allow-unlisted-profile-choice/ - unlisted_choice: - enabled: True - display_name: "Custom image" - validation_regex: "^.+:.+$" - validation_message: "Must be a publicly available docker image, of form :" - kubespawner_override: - image: "{value}" - choices: - pangeo: - display_name: Base Pangeo Notebook - default: true - slug: "pangeo" - kubespawner_override: - image: "pangeo/pangeo-notebook:2023.10.03" - hub: - allowNamedServers: true - config: - JupyterHub: - authenticator_class: github - GitHubOAuthenticator: - oauth_callback_url: https://jackeddy.2i2c.cloud/hub/oauth_callback - allowed_organizations: - - jack-eddy-symposium - scope: - - read:org - Authenticator: - admin_users: - - dan800 # Dan Marsh - - rmcgranaghan # Ryan McGranaghan diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 458acd3af4..6081b6a570 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -102,24 +102,7 @@ notebook_nodes = { resource_labels : { "community" : "temple" }, - }, - # Nodepool for jackeddy symposium. https://github.com/2i2c-org/infrastructure/issues/3166 - "jackeddy" : { - min : 0, - max : 100, - machine_type : "n2-highmem-16", - labels : { - "2i2c.org/community" : "jackeddy" - }, - taints : [{ - key : "2i2c.org/community", - value : "jackeddy", - effect : "NO_SCHEDULE" - }], - resource_labels : { - "community" : "jackeddy" - }, - }, + } } # Setup a single node pool for dask workers. From 38ececf99f1d70bc8065ee0ef01d02061e84ba30 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 5 Dec 2023 10:27:53 -0800 Subject: [PATCH 120/494] qcl: Disable all culling & set mem_limits The mem_limits are now set to same as mem_guarantee so it's much clearer if the issue happening is related to OOM kills or not. Ref https://github.com/2i2c-org/infrastructure/issues/3495 --- config/clusters/qcl/common.values.yaml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/config/clusters/qcl/common.values.yaml b/config/clusters/qcl/common.values.yaml index 76a1f9f056..9576780aca 100644 --- a/config/clusters/qcl/common.values.yaml +++ b/config/clusters/qcl/common.values.yaml @@ -42,14 +42,17 @@ jupyterhub: admin_users: - gizmo404 - jtkmckenna + cull: + # Disable all culling: https://github.com/2i2c-org/infrastructure/issues/3495 + enabled: false singleuser: extraFiles: jupyter_server_config.json: data: MappingKernelManager: - # Cull idle kernels after 24h (24 * 60 * 60) - # Ref https://2i2c.freshdesk.com/a/tickets/1120 - cull_idle_timeout: 86400 + # Disable all culling: https://github.com/2i2c-org/infrastructure/issues/3495 + cull_idle_timeout: 0 + cull_connected: false profileList: # NOTE: About node sharing # @@ -175,7 +178,7 @@ jupyterhub: mem_guarantee: 27G cpu_guarantee: 3.2 cpu_limit: null - mem_limit: null + mem_limit: 27G - display_name: "n2-highcpu-96: 96 CPU / 96 GB RAM" description: "Start a container on a dedicated node" slug: "n2_highcpu_96" @@ -183,7 +186,7 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: n2-highcpu-96 cpu_limit: null - mem_limit: null + mem_limit: 86G mem_guarantee: 86G cpu_guarantee: 9.6 - display_name: "n2-standard-48: 48 CPU / 192 GB RAM" @@ -195,7 +198,7 @@ jupyterhub: mem_guarantee: 160G cpu_guarantee: 4.8 cpu_limit: null - mem_limit: null + mem_limit: 160G - display_name: "n2-standard-96: 96 CPU / 384 GB RAM" description: "Start a container on a dedicated node" slug: "n2_standard_96" @@ -205,7 +208,7 @@ jupyterhub: mem_guarantee: 320G cpu_guarantee: 9.6 cpu_limit: null - mem_limit: null + mem_limit: 320G # shared-public for collaboration # See https://2i2c.freshdesk.com/a/tickets/814 storage: From 1616ba935777d937f38f5267e4db11f4c605fe8a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 6 Dec 2023 12:03:50 +0000 Subject: [PATCH 121/494] [nasa-esdis] Regenerate hub-continuous-deployer creds --- .../enc-deployer-credentials.secret.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json index 4f6aa1cfe3..e374b9b160 100644 --- a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json @@ -1,25 +1,25 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:OIfYt6u0fS+1jOWGtvYGmCpfQ6E=,iv:7TwYcXCyPQee1jivFrpMu0vEGmIid4KpQjorLFiZFls=,tag:ST7Jsc2IMht0sDaCqIHrjw==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:sejOP1oMhqmLBMxBwXM39uStZ1lhD5xeP3HJeTOan5IINY9euVsMxw==,iv:1bgN0a/nOU3mcbJp7Md7y7GVcGqIx6bgv/GWhvUQ8E0=,tag:nCCNKq05QG3pmLrHmKIqfw==,type:str]", - "UserName": "ENC[AES256_GCM,data:pQlaKgIgS9p+QGYPQWiM0Ru4TsFj+1E=,iv:ed3hBvn3OjrIh+oVUwSkZ98l0zoMA49Mkp+6b+fKNKI=,tag:D/hJ39D1KJapB7OOMWupeQ==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:kZTskz6SEOAG7Gs/XJWgb3/rBP8=,iv:0lt2hvWTvim6BQbOHRK1mEM4hOiWaYn1NMk+D6X50uE=,tag:h4kg7OhCjPSkP944bfwl9g==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:2reeLNQI/3AoYUvLOt2YMS6rfDif6FKkKy/P1jydTYCOp8WxLJQAWw==,iv:yCFDlAlUMhT++132DYsNj33o1GQeQzf//7812PUeGf0=,tag:chPGkunqefsBCJYktR/4fw==,type:str]", + "UserName": "ENC[AES256_GCM,data:UmS7nzeCMNftw5Y3askBVZDCWi3lZug=,iv:JSA+k1aViys9MJiSesJ8Wa1ROjsTp09rTUsuh05D8G0=,tag:Zhc6xFnuH5ZEdyZArr4TAQ==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2023-10-09T15:31:10Z", - "enc": "CiUA4OM7eH4xJQXevXCKXptecUhLJd3hFZgTnrmXafhtsRedVmN2EkkAq2nhVWOF8VhmjbyNdsvgtD/qaSYcI9uosszCwh4AI+yDDqMCvSVfjhyV6oize4db3UxG/oso64R+x54QmghyTo8lBwJw7M5K" + "created_at": "2023-12-06T12:03:15Z", + "enc": "CiUA4OM7eCevOe2lP3dSjxmmQYme4j8Z6Y39WZnXn1nIh7yKmXJzEkkAjTWv+vDmpAkn3AgOohJ2cKWKISg+WL5tnT4LSw4+T1f0ErL8Kj7QeGvz5lycB/yGBN00wU8MgkvsoZkSaELOi+CQe0x4pxGi" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2023-10-09T15:31:11Z", - "mac": "ENC[AES256_GCM,data:Vqza5EGpfrQBGJXYEgdfzA07BiYrpAUPm2bppyYPMZBbMw5d56vBmCd1bdMWp2/nXIkwf/7Z6Er+zm2PG16stDe3U7sTRmozuB7kNa09ZdbgUJPMK6OBRqoBRWtPRvIrYbj8+UfOUA1yH/GYFPl8WdDQhHDNlKrDkNdqm5vZcxI=,iv:eCUFG6QJPL4Lj/5T5xovw8w9nV575vrCHO02sufWgg8=,tag:H+HcDGwdP4tYcQbc7etvnQ==,type:str]", + "lastmodified": "2023-12-06T12:03:15Z", + "mac": "ENC[AES256_GCM,data:r6AHNmXZIdRXHruqOaC26/1TxUunQE/ZutNdflCqpcKOnQhavhkxWMsITseHtr6FTus/i5HGEqK4TRidCUewSLVKsK7EPEV7jhM9kAL5ERBAUsg26dtS53b4GjOp04joFk3M3UXS/kZpIh+BoxJPnkhPW4rQuaiEL0BYKJbc9ns=,iv:Yg37lNJRrY6z+RN+YlPb2uKhhaXnG0nM+2GqISUwbdo=,tag:gUJEcGXmgKRO0GBKf9rIAA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" + "version": "3.8.1" } } \ No newline at end of file From e0bb404397ab9cae9e951af0bacdbe64d1e7ed09 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 6 Dec 2023 12:18:51 +0000 Subject: [PATCH 122/494] Add documentation about regeneration deployer creds for SMCE accounts --- docs/hub-deployment-guide/new-cluster/smce.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/hub-deployment-guide/new-cluster/smce.md b/docs/hub-deployment-guide/new-cluster/smce.md index 5cc1d5c98b..0cc447fba2 100644 --- a/docs/hub-deployment-guide/new-cluster/smce.md +++ b/docs/hub-deployment-guide/new-cluster/smce.md @@ -48,3 +48,19 @@ the `hub-continuous-deployer` user belongs to. It should *not* contain the user Once this exemption has been processed, you can continue as usual with deployment of the hub. +## Preparing for routine regeneration of the `hub-continuous-deployer` access credentials + +The `hub-continuous-deployer` has an access key and secret associated with it, this is how it +authenticates with AWS to perform actions. SMCE accounts have a 60 day password/access key +regeneration policy and so we need to prepare to regularly regenerate this access key. + +We track which clusters have had their `hub-continuous-dpeloyer` access key regenerated +and when in this issue which +also includes the steps for regeneration. Make sure to add the new cluster to this issue. + +```{warning} +We only receive **5 days notice** that a password/access key will expire via email! + +Also it is unclear who receives this email: all engineers or just the engineer who +setup the cluster? +``` From 8d496b315beffcaedd09980ef225ac0cd95f3af8 Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Wed, 6 Dec 2023 16:03:01 +0000 Subject: [PATCH 123/494] fix typo Co-authored-by: Georgiana --- docs/hub-deployment-guide/new-cluster/smce.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub-deployment-guide/new-cluster/smce.md b/docs/hub-deployment-guide/new-cluster/smce.md index 0cc447fba2..59d243b03c 100644 --- a/docs/hub-deployment-guide/new-cluster/smce.md +++ b/docs/hub-deployment-guide/new-cluster/smce.md @@ -54,7 +54,7 @@ The `hub-continuous-deployer` has an access key and secret associated with it, t authenticates with AWS to perform actions. SMCE accounts have a 60 day password/access key regeneration policy and so we need to prepare to regularly regenerate this access key. -We track which clusters have had their `hub-continuous-dpeloyer` access key regenerated +We track which clusters have had their `hub-continuous-deployer` access key regenerated and when in this issue which also includes the steps for regeneration. Make sure to add the new cluster to this issue. From 4fc18a3e02a2ab75466d70a59ece9e008b935fa4 Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Wed, 6 Dec 2023 16:16:26 +0000 Subject: [PATCH 124/494] Add some missing closing quotes and commas --- terraform/aws/projects/nasa-veda.tfvars | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index 5648e5f131..eb79fe13de 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -54,9 +54,9 @@ hub_cloud_permissions = { "arn:aws:s3:::podaac-ops-cumulus-public", "arn:aws:s3:::podaac-ops-cumulus-public/*", "arn:aws:s3:::podaac-ops-cumulus-protected", - "arn:aws:s3:::podaac-ops-cumulus-protected/*" - "arn:aws:s3:::maap-ops-workspace - "arn:aws:s3:::nasa-maap-data-store + "arn:aws:s3:::podaac-ops-cumulus-protected/*", + "arn:aws:s3:::maap-ops-workspace", + "arn:aws:s3:::nasa-maap-data-store" ] }, { @@ -107,9 +107,9 @@ hub_cloud_permissions = { "arn:aws:s3:::podaac-ops-cumulus-public", "arn:aws:s3:::podaac-ops-cumulus-public/*", "arn:aws:s3:::podaac-ops-cumulus-protected", - "arn:aws:s3:::podaac-ops-cumulus-protected/*" - "arn:aws:s3:::maap-ops-workspace - "arn:aws:s3:::nasa-maap-data-store + "arn:aws:s3:::podaac-ops-cumulus-protected/*", + "arn:aws:s3:::maap-ops-workspace", + "arn:aws:s3:::nasa-maap-data-store" ] }, { From 2d499c6a3c39ba7a5b6564edc75a74501298a99f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 6 Dec 2023 16:21:16 +0000 Subject: [PATCH 125/494] [nasa-veda] Regenerate deployer credentials --- .../enc-deployer-credentials.secret.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json index 77e26a11c8..fa273d15fe 100644 --- a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json @@ -1,25 +1,25 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:rIqVNArcN/4vj8eG4/1HJ4xPZjE=,iv:iudNRsrku2pcXmIPEQUzBfYJxvRe7rgamFj6S6M8EfA=,tag:POog+wkldH2pDmi3Ntmkmw==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:psDIfR5S6hHnvixmw5r9EUFq+WEkU2+bryB2h3s1uRLhnV6wCUn0uQ==,iv:Vd1ZiEOfWEcWndpjJDRdvTT9UNV/OiFeE5/fHLv+6CE=,tag:tS1xGtUQZj2buGPZF2l5vg==,type:str]", - "UserName": "ENC[AES256_GCM,data:XgAZKbm5tHpbJBdtc+sR+pqRxwD+M4s=,iv:Cih/A/BloUOICV/ZGI0UvSu7OWCHbiyT6Anr1ByPAso=,tag:xBkwA822p4ljwKc82nda0w==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:snwBYJoxlHiqiy1Z5P+Te305S+o=,iv:mw8v47wbEFYFInVALmqai708PbcGilD9a2EooiqPj6I=,tag:wd9JeH7e6dsArPf2HFckvQ==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:Nm7cPP0TVZbXrB8dI1eBB5DdQndYsVjZwC6nzoMyehFLuH8MxA3A9w==,iv:nYWAH7JH9AGX7F7PRjp2uHvFM3GOHi4gx9Ofzdc8VEE=,tag:VwJK6wOFAZpvuTdf1cZe+g==,type:str]", + "UserName": "ENC[AES256_GCM,data:0wO9NjNEYDI7VEwbaABNuflsbKHRcCI=,iv:UaQaXwPjgsnHObJWunkSrhxCb5jnlho4m1roMJuH/SY=,tag:pRz4GNk89O13KK0iL6J/kg==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2023-11-19T18:59:44Z", - "enc": "CiUA4OM7eKWO7OEo5U2nvjefm0zav25flhEpLHYyaPQVTTmnKuNkEkkAjTWv+uptb2rKL07ZsO4iH9/KRO//1D9YgmC02hnbyrUq+cNM3o5W7Q8VA3b44pnv+glk1D5AaGx/MQ9+xiZMv8RYwt+AyTq8" + "created_at": "2023-12-06T16:20:17Z", + "enc": "CiUA4OM7eGFJsgOtkHhpuwtBk7FVibsSQb/81TJhM3geXJ4yP0BZEkkAjTWv+tD1IGTInNdjJdb3sll1n9vPIEJ+EWnp53nRYe3+WBOV53BPZMOq1usbIBDMVkriNHw8YtIRO2lfNVBFKhKaUd5TCgPH" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2023-11-19T18:59:45Z", - "mac": "ENC[AES256_GCM,data:A6kwseUQtrhc56do4RzL/GuISS9UnWQeH+sAPjJ8hl15mlx8JL5IrEyKSXZNLnj+AaCnzHSEBGO6/NFyobPF7NgeEhjLOvWNs4/pKJ9ED4+UrK7JoShLUOzFEwGZiDH2Cafv4qu1MST8L2/u8JWenkIUXhRRHEklsvR/nhAJkfA=,iv:5bXso/vSfDAcKAo44ckUZf/kD92gloWzbaMP/qY9I4U=,tag:KYFWTI09w2GvTnxBHS930w==,type:str]", + "lastmodified": "2023-12-06T16:20:17Z", + "mac": "ENC[AES256_GCM,data:igdFyuAFjSfqiQVVIhQap23ODCDRe5azpaKKyGL5G1dQ34voJfUhAq0KR2bAlfHBGSAo6l9qI18vcdzSjHmkPsxu1sJWhN3H3l0C6HubIWbplXmlv0t7b8PuBASx0DSy9LxsIVPygXP9/88GyU+nP2ywwdgrVZ8fxxqS1YuYkDc=,iv:KmpCe1L4io1sDEWCCyqGS69bz7cNM2+/8DeJuVYyaeU=,tag:qF+TP2UjKp25GNBw7cQAhQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.7.2" + "version": "3.8.1" } } \ No newline at end of file From 2db9085ec75e2b93703b9b608a76a0b99aa7680a Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 6 Dec 2023 13:30:15 -0800 Subject: [PATCH 126/494] Fix binder-staging so launches succeed Just porting over changes we had in our basehub chart that were missing, to deal with some breaking changes in kubespawner Ref https://github.com/2i2c-org/infrastructure/issues/3508 --- helm-charts/binderhub/values.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/helm-charts/binderhub/values.yaml b/helm-charts/binderhub/values.yaml index 887044dbe4..50d43833a8 100644 --- a/helm-charts/binderhub/values.yaml +++ b/helm-charts/binderhub/values.yaml @@ -99,17 +99,15 @@ binderhub: # # DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE makes the default worker image # match the singleuser image. - DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE: "{JUPYTER_IMAGE_SPEC}" + DASK_GATEWAY__CLUSTER__OPTIONS__IMAGE: "{{JUPYTER_IMAGE_SPEC}}" # DASK_GATEWAY__CLUSTER__OPTIONS__ENVIRONMENT makes some environment # variables be copied over to the worker nodes from the user nodes. - DASK_GATEWAY__CLUSTER__OPTIONS__ENVIRONMENT: - '{"SCRATCH_BUCKET": "$(SCRATCH_BUCKET)", - "PANGEO_SCRATCH": "$(PANGEO_SCRATCH)"}' + DASK_GATEWAY__CLUSTER__OPTIONS__ENVIRONMENT: '{{"SCRATCH_BUCKET": "$(SCRATCH_BUCKET)", "PANGEO_SCRATCH": "$(PANGEO_SCRATCH)"}}' # DASK_DISTRIBUTED__DASHBOARD__LINK makes the suggested link to the # dashboard account for the /user/ prefix in the path. Note # that this still misbehave if you have a named server but now its at # least functional for non-named servers. - DASK_DISTRIBUTED__DASHBOARD__LINK: "/user/{JUPYTERHUB_USER}/proxy/{port}/status" + DASK_DISTRIBUTED__DASHBOARD__LINK: "/user/{{JUPYTERHUB_USER}}/proxy/{{port}}/status" extraFiles: jupyter_notebook_config.json: mountPath: /usr/local/etc/jupyter/jupyter_notebook_config.json From 97c26f74a84c971445e15a69f7530e137e39682f Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 6 Dec 2023 15:58:04 -0800 Subject: [PATCH 127/494] Setup agu-binder for AGU 2023 - Puts it on its own nodepool, with ssd disk for much faster spinup time. - CILogon authentication for now, with just 2i2c accounts allow_listed. We will open this up soon. - Automatically redirects you to login as soon as you hit the URL. This is a bit jarring, so perhaps we shall figure a better landing page there. - A new repo has templates that customize the binderhub template, at https://github.com/2i2c-org/agu-binder-custom-templates. Currently there are no customizations, but this will change. - No resource differences right now, but will probably be given more resources than usual. Ref https://github.com/2i2c-org/infrastructure/issues/3508 --- config/clusters/2i2c/agu-binder.values.yaml | 102 ++++++++++++++++++ config/clusters/2i2c/cluster.yaml | 7 ++ .../2i2c/enc-agu-binder.secret.values.yaml | 24 +++++ helm-charts/binderhub/values.yaml | 2 + terraform/gcp/cluster.tf | 13 +-- terraform/gcp/projects/pilot-hubs.tfvars | 21 +++- terraform/gcp/variables.tf | 10 ++ 7 files changed, 167 insertions(+), 12 deletions(-) create mode 100644 config/clusters/2i2c/agu-binder.values.yaml create mode 100644 config/clusters/2i2c/enc-agu-binder.secret.values.yaml diff --git a/config/clusters/2i2c/agu-binder.values.yaml b/config/clusters/2i2c/agu-binder.values.yaml new file mode 100644 index 0000000000..99fa3a3e5b --- /dev/null +++ b/config/clusters/2i2c/agu-binder.values.yaml @@ -0,0 +1,102 @@ +binderhub: + dind: + # This has to be separate for each binderhub we run on the same cluster + hostSocketDir: /var/run/agu-binder/dind + hostLibDir: /var/lib/agu-binder/dind + ingress: + hosts: + - agu-binder.2i2c.cloud + tls: + - secretName: https-auto-tls + hosts: + - agu-binder.2i2c.cloud + registry: + url: https://us-central1-docker.pkg.dev + config: + DockerRegistry: + token_url: https://us-central1-docker.pkg.dev/v2/token?service= + BinderHub: + # The URL set as jupyterhub.ingress.hosts[0] in this config + auth_enabled: true + hub_url: https://hub.agu-binder.2i2c.cloud + image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/agu-binder-registry/ + template_path: /etc/binderhub/custom/templates + extra_static_path: /etc/binderhub/custom/static + extra_static_url_prefix: /extra_static/ + about_message: | +

agu-binder.2i2c.cloud is operated by the 2i2c team for AGU 2023.

+ initContainers: + - name: git-clone-templates + image: alpine/git + args: + - clone + - --single-branch + - --branch=master + - --depth=1 + - -- + - https://github.com/2i2c-org/agu-binder-custom-templates + - /etc/binderhub/custom + securityContext: + runAsUser: 0 + volumeMounts: + - name: custom-templates + mountPath: /etc/binderhub/custom + extraVolumes: + - name: custom-templates + emptyDir: {} + extraVolumeMounts: + - name: custom-templates + mountPath: /etc/binderhub/custom + + jupyterhub: + ingress: + enabled: true + hosts: + - hub.agu-binder.2i2c.cloud + tls: + - secretName: https-auto-tls-hub-binder + hosts: + - hub.agu-binder.2i2c.cloud + hub: + redirectToServer: false + services: + binder: + oauth_client_id: service-binderhub + oauth_no_confirm: true + oauth_redirect_uri: "https://agu-binder.2i2c.cloud/oauth_callback" + loadRoles: + user: + scopes: + - self + - "access:services" + config: + BinderSpawner: + auth_enabled: true + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: "https://hub.agu-binder.2i2c.cloud/hub/oauth_callback" + allowed_idps: + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" + Authenticator: + admin_users: + - choldgraf@2i2c.org + - colliand@2i2c.org + - damianavila@2i2c.org + - erik@2i2c.org + - georgianaelena@2i2c.org + - jmunroe@2i2c.org + - sgibson@2i2c.org + - yuvipanda@2i2c.org + singleuser: + nodeSelector: + 2i2c.org/community: agu-binder + extraTolerations: + - key: "2i2c.org/community" + operator: "Equal" + value: "agu-binder" + effect: "NoSchedule" + # to make notebook servers aware of hub + cmd: jupyterhub-singleuser diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml index 4151b30592..3565e3864c 100644 --- a/config/clusters/2i2c/cluster.yaml +++ b/config/clusters/2i2c/cluster.yaml @@ -40,6 +40,13 @@ hubs: helm_chart_values_files: - binder-staging.values.yaml - enc-binder-staging.secret.values.yaml + - name: agu-binder + display_name: "2i2c AGU Demo Binder" + domain: agu-binder.2i2c.cloud + helm_chart: binderhub + helm_chart_values_files: + - agu-binder.values.yaml + - enc-agu-binder.secret.values.yaml - name: imagebuilding-demo display_name: "2i2c image building demo" domain: imagebuilding-demo.2i2c.cloud diff --git a/config/clusters/2i2c/enc-agu-binder.secret.values.yaml b/config/clusters/2i2c/enc-agu-binder.secret.values.yaml new file mode 100644 index 0000000000..023edea190 --- /dev/null +++ b/config/clusters/2i2c/enc-agu-binder.secret.values.yaml @@ -0,0 +1,24 @@ +binderhub: + registry: + username: ENC[AES256_GCM,data:J8Do9728Flzx,iv:xc9O7QLsxCj1ihu+Sax2wNEBgT4rxt3gYhVhRkeVcgg=,tag:pG/ISFKpRJWGKFA49Qd11g==,type:str] + password: ENC[AES256_GCM,data:dhu+hO2hOscAza2eorsmyox4wWryu7UP5yj3dSfemnMoM966SekgB8dlvrDh2MIKpYf29IOLlocZET7X9FcI1MWSS3urMIvgmWkqTopvEdLYLAcinZ74Amu3UVfXvKy9GsT6jAK1MqEpCvMIQji4kpTckcIs+V3+tcv1swTqbUd9VVgiXe0XzwspW/P67LPHKHKl04Ib80bHfWguns5gJN6dvpBrRAjwQSi8EuAewOxEdDeEkdLgSJN7nBdhsm25rByTNyzRfNw2PLXH6mEyx9KW3WA1DyNgZ0wyuNfJeCdg2wCYnRVfh6oOs/VN8Hb5MvpoqNpY8BH9GBnIc+ArusUJJqr2bDI8zWob3AhRcO7MGUPhNtpqDgCvv1wVmAZFr505sxHiujQlCwWqstTTeni5ZO4IoheeEr/naS5nq2T6aQ38lY7hJMDBVZj2IsDW5uiHLdMHtDqBWJMCt9RhdI0IuqSJTap2QPabZ2y3eIpZwG1cw7ehwzTfYpLm59j0IPZnVKO5aKH+MTSc7Wv4GGk8B0SSygFdMudCQP8dYQ9MIXa3SF5jIaXgfLWaBL2BxGu71CIt8T4Nmy7kpB3ISzyLAaIXtysinPFnQn1dKWBRA8Mqtx1CMPZySth30l859bxUIj8gB56ZPWdEl9MXB44JmDd0KRUyTbb6k4ERMciv3W3tfFLr/LJdhr+rMvtX8P70h0qdkZd0aoSlayjr84NWw3Wm6AL16fDE96ct6RyjEliYj2pNjdTGCVQETUK+tCPiEYGkMCj9cAUQs3rvgOS17KJXEjKFecLGl2AOqQu/qWDpr4QCCYz/amf2eE3lJyf0hIk9keaDOPkWeAshYO/AlhmTrp+etrZrtb67fK0twINbzhySzBN6V3GXWLD/vpZdhxGgBqu+zzxkKuR+YOXfoSGfsDmqty3I8sQsLwz5tWob5OmrA2DWWER9Ns6CabMhKVdpXHXNkQzKVZI4uUjy2KOBaCGhSF+dbXG7w7OmXwfs9iS5nFXP00jps4swR1S14IjupPvkd8fIlGojxoW121OmKKU7k2mh9ydBbeC2CCb/VAYOuWCXrUW/nKcKBZknLw9PDWKRRHe/VEC/RpLolDIEYM4XEnwjzRsu3lSV2pNrqtKIHOqapneoSiuBP+aDJT3ID9HboArePOfCGrMxcTI3CqBkq/jTByJpjeUoc4bJ05KIWpyJ1TIPH1ZVwkOsbN0QnaaLhgIrxYBTY1K8ShRbbLLyvFAncGRKdNQy4O31q32DQYKefHSnJAQviT4LsLMRpilWiLLUk6g3hClnrVyIavQlUgITapy7Ug6CeF2kvyliRqe93PZHPBMm2FEH3sVUs7VZ8mx6xHSUqWReo8xbwRn6VG8wwf0VGhRMTY+GWi6+g21+qGPEuOuecqJHvHUgkSrV0e30odSVvw8qF7JYZ4HHpJTxwE4y82NT6UoG0Mq+8qd88ITYxvRAH1+nhaIQ6zbFYQjfb6xn2OVpmNKQgjqaIHxoP8ymvS/FM6+DDBDvy/w3gWNILXdNmAYllYdOYQDIV/35Rpzzuy4uykZoFmFbOZoQNYwfVcqi4pQ5w+zmsiP3IPMpi6N5FrVp+N38U2MjBx4VRZyAhuB3MlOVPeqphfMybednkrkiRnZHF8by6bdY9u1rnvz1fKMg2CSKZOq3IiuZ55ngzmXPQqtJZeqb0Z2UU9wukAlpebtiwn4nmdCCCykU6JHjA91h2Axgs1X5ELjFERgNxY5TgpU/BI4cj1fJZ7lHnEFL7OqeN31z2EfXntA1hY7/7ToRIR/dud/B+K5JB3s5TaUYioCez6WzKyoBZ23TALHH0mO+jmYlje2TFFtw4wvHKii5mAGO9xuSS4Rg8AYAxqHDr83zLFhkZUggrRc9Pd6U7AJtXiJzpx93YkoXbu4tV/orpcDV2bSgkyL68hD+N/ozMbLRauZZPKlNRxOx020uugGDoR7RwzwY10elVZqIDMd5OecExsW5/FhdNo1wA6Q1FSCkWJc31mNebRN5gIZr3PCxKSFw+LfosPHdnEW2UVi5SZcaT7Pic8JyzYUV6EKBv7dJNgULglhTgezZG3DWR/RuDwofvAJBys9m3vH+e9irrSJ08jI2+fjfAktEYi7ACE30G7LCbWV7HSi1m1MgBHwk3JjhAtoRl2+BjnAVJjOtdbk/UU0CeeAYMCmSoFkYeVHipEPW9O5m+Nwv3RVMteR610BrSx0QZmVnjfHYYNGnTWUcZ5q8Fm3InD0p+aYmZbp0fw9l9MGDzlmPCwztlIC91oh1JWcZVWXP8tVp9SguWszjKG/zNtnOEJ/llFfQQhY9zgNnxHyLCTZiiD+AV0ZW+bw/oeFEMP+6UOmmzRI9iAc/HMzQEHqS2UBqGmb3gzFebCv8Z4RkfEHyhZSpH6GXzRy+v1cvhcr5zgpBOuMlwloGC8FBbD5PDg2xELj/gYRdEyBaqgTXN0RgIe3a3W2mzd3n8Wb6oQyReFTrqe3LPqUDOR6LRgOlHQTkIKCCHTa+7P9Qyw/h79jC228o76QYk2tbCyNlaGAgqfiuqZnMsJ4xRauxNU/yY2KadYJdqsQAjojTXcIGoUQzv8XYipmUIdnJb9BQ0WmxYTr9WFpFD3+OoYatnHTziAyTL7S9aLBygZjdvteRy3yisFrrBlsBdKhVBDLjiX+9Y1BQ0HcDeaJ6rPKKyrDubivLweVvVLg8skH9BcSUeQfCeO+8Zg7blCywrMvh9Gr4vMl7xBAMp336qKz4NSikcPJDz53PBVbswFH6crYcphoynE5I8BPu2rwZm8AM8qdQdv9A2iXKITxq1PV01iuXPzN7HyGGqIWTtqmbZdxJKhnMOH+Et3C3Ie/WkRkMYaKlvaNelUyzFl84bSUFes+hJb8LhmfcHSjkQjJoE3IphVQMOjO5v0mVT+FPYnppRMFgEv3lvAPCt5dbIJs3Ya6B+ayLGDSL2OPYmq9nRCCi8XSvG47527NOLvggHysV+3jS6y9qIIJ3B29RoZebbujpdNRreaFeuUVyaQuNXuyne/0vgSQWQnnow/zDwoF6nEAUKDQIoeptSlLVaC0Tv1UHdW1WK5M/S27iS66kxh+95OOnqZtqWCdWdYGUO/fLpyIgnrjvxzGFP97U1zaD5hXfGAdx80T7G2ZOidKzt9wQ0R2bzCQ=,iv:rLpuwMEoJryf3Xh+MksFRhr3ekbCXyOm7kTsVFYuhUI=,tag:Qz/6pJh6WOPzbbz6yQ/CjA==,type:str] + jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:IB5AfR1TPYSoAbIPR2Uunb/nlqxZRHyR8NwhHDiJiYTMtKDrmPTB/7aEbvZVxK4DQq+E,iv:oODyyF9jfZwQF/4v1wNNsXFDK9cAWUYlhNw/EESWeDA=,tag:kuh1jICGg6TOPK9wVkYWtw==,type:str] + client_secret: ENC[AES256_GCM,data:grQBxNNENGKMe7Jm/bhrQFKgCmWUsvA16Kg0cDHHF7eVIaaMYNclNIsoZkEcTay/EVZfvjPgstG+t2j85kmAmVSz/PHQRFG5pOB5Lud9GWY28/ANCg4=,iv:duVks5blb7Yu1nvZk0eowndbNXNN87NKQMEEn89rOL0=,tag:5eL3ZWAMaj5535nfrX6MQA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-06T23:25:45Z" + enc: CiUA4OM7eKXCQVwUHjh2yd/0/ogofhfHGPqvEvLmN24jAnxJFywOEkgAjTWv+niyZUOfBHbu09dctaM4bVQNHckAweQtdeuew5OY3Ienk1ivzRb7o37En5OvirSQn/4Xk/GsZ+R+ZzjKFM/2d1aTbKo= + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-06T23:34:23Z" + mac: ENC[AES256_GCM,data:hGrhZGDCvpmACopyQsEBLt6gH/fzYwKIMcEL0DrJW9nBk1n1YBOD4TRRP6vnUwiTLbmGzIRPmjn5JeXmMgmogr/436JHifoexWmBTE+8iXoIRHHfBATjW1L/ivFk740Bp7bI1ZEkLbsKscssUiczM6GI5B7kbtNRf0BVxSHhkDU=,iv:axEVH1i9qb2YzDiuSw0V1+/p0b9W6uLvKF7tm8grZ0U=,tag:6bHKRcsI9bN2AuGeLeZR1g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helm-charts/binderhub/values.yaml b/helm-charts/binderhub/values.yaml index 50d43833a8..13114acfde 100644 --- a/helm-charts/binderhub/values.yaml +++ b/helm-charts/binderhub/values.yaml @@ -174,6 +174,8 @@ binderhub: app.kubernetes.io/component: traefik hub: config: + Authenticator: + auto_login: true JupyterHub: # Allow unauthenticated prometheus requests # Otherwise our prometheus server can't get hub metrics diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf index e30fa73b13..f4238f00bc 100644 --- a/terraform/gcp/cluster.tf +++ b/terraform/gcp/cluster.tf @@ -283,12 +283,7 @@ resource "google_container_node_pool" "notebook" { node_config { - - # Balanced disks are much faster than standard disks, and much cheaper - # than SSD disks. It contributes heavily to how fast new nodes spin up, - # as images being pulled takes up a lot of new node spin up time. - # Faster disks provide faster image pulls! - disk_type = "pd-balanced" + disk_type = each.value.disk_type dynamic "guest_accelerator" { for_each = each.value.gpu.enabled ? [1] : [] @@ -388,11 +383,7 @@ resource "google_container_node_pool" "dask_worker" { preemptible = each.value.preemptible - # Balanced disks are much faster than standard disks, and much cheaper - # than SSD disks. It contributes heavily to how fast new nodes spin up, - # as images being pulled takes up a lot of new node spin up time. - # Faster disks provide faster image pulls! - disk_type = "pd-balanced" + disk_type = each.value.disk_type workload_metadata_config { # Config Connector requires workload identity to be enabled (via GKE_METADATA_SERVER). diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 6081b6a570..37994fa40f 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -102,7 +102,25 @@ notebook_nodes = { resource_labels : { "community" : "temple" }, - } + }, + "agu-binder" : { + min : 0, + max : 100, + machine_type : "n2-highmem-8", + node_version : "1.26.4-gke.1400", + disk_type : "pd-ssd", + labels : { + "2i2c.org/community" : "agu-binder" + }, + taints : [{ + key : "2i2c.org/community", + value : "agu-binder", + effect : "NO_SCHEDULE" + }], + resource_labels : { + "community" : "agu-binder" + }, + }, } # Setup a single node pool for dask workers. @@ -152,4 +170,5 @@ hub_cloud_permissions = { container_repos = [ "pilot-hubs", "binder-staging", + "agu-binder" ] diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 0acd6963f3..8d89320b5b 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -89,6 +89,11 @@ variable "notebook_nodes" { value : string, effect : string })), []) + # Balanced disks are much faster than standard disks, and much cheaper + # than SSD disks. It contributes heavily to how fast new nodes spin up, + # as images being pulled takes up a lot of new node spin up time. + # Faster disks provide faster image pulls! + disk_type : optional(string, "pd-balanced"), gpu : optional( object({ enabled : optional(bool, false), @@ -120,6 +125,11 @@ variable "dask_nodes" { value : string, effect : string })), []) + # Balanced disks are much faster than standard disks, and much cheaper + # than SSD disks. It contributes heavily to how fast new nodes spin up, + # as images being pulled takes up a lot of new node spin up time. + # Faster disks provide faster image pulls! + disk_type : optional(string, "pd-balanced"), gpu : optional( object({ enabled : optional(bool, false), From 0b753f59ecdbc78922f98798e733fec936d5702c Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 7 Dec 2023 12:10:22 +0000 Subject: [PATCH 128/494] Document how to reset each other's passwords in NASA SMCE environments --- docs/howto/regenerate-smce-password.md | 15 +++++++++++++++ docs/hub-deployment-guide/new-cluster/smce.md | 5 +++++ 2 files changed, 20 insertions(+) create mode 100644 docs/howto/regenerate-smce-password.md diff --git a/docs/howto/regenerate-smce-password.md b/docs/howto/regenerate-smce-password.md new file mode 100644 index 0000000000..1d6db9bee5 --- /dev/null +++ b/docs/howto/regenerate-smce-password.md @@ -0,0 +1,15 @@ +(nasa-smce:regenerate-password)= +# Regenerate a password for a user in a NASA SMCE account + +The AWS accounts associated with NASA's [Science Managed Cloud Environment](https://smce.nasa.gov) +have a 60 day password expiry policy. If someone on the team misses this +deadline, we can actually reset passwords for each other! + +1. Someone in the team with access logs into the AWS console of the appropriate project +2. Follow [AWS's user guide on resetting passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html#id_credentials_passwords_admin-change-user_console) + for whoever's 60 day window has elpased +3. In addition, a `AccountDisabled` IAM Group will be automatically added to the + user whenever their credentials expire, and this will show up as a "cannot + change password" error when the user logs in next. So the user should also be + removed from this group. You can do so from under the "Groups" tab in the + AWS console when looking at the details of this user. diff --git a/docs/hub-deployment-guide/new-cluster/smce.md b/docs/hub-deployment-guide/new-cluster/smce.md index 59d243b03c..bd585eff37 100644 --- a/docs/hub-deployment-guide/new-cluster/smce.md +++ b/docs/hub-deployment-guide/new-cluster/smce.md @@ -64,3 +64,8 @@ We only receive **5 days notice** that a password/access key will expire via ema Also it is unclear who receives this email: all engineers or just the engineer who setup the cluster? ``` + +```{note} +See [](nasa-smce:regenerate-password) for how to reset an expired password for +a _user_, e.g., a member of the engineering team. +``` \ No newline at end of file From a3e17471d963812ad1d34d9b532926efb3c5f7d6 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 7 Dec 2023 12:54:44 +0000 Subject: [PATCH 129/494] Add file to toc --- docs/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/index.md b/docs/index.md index ddd12b1bc6..cda1e66eb4 100644 --- a/docs/index.md +++ b/docs/index.md @@ -75,6 +75,7 @@ howto/grafana-github-auth.md howto/update-env.md howto/upgrade-cluster/index.md howto/troubleshoot/index.md +howto/regenerate-smce-passwords.md ``` ## Topic guides From c7d0f124ccd060b8528612b0f20e71b2f2e10619 Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Thu, 7 Dec 2023 13:01:18 +0000 Subject: [PATCH 130/494] Fix typo --- docs/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index cda1e66eb4..2855669b37 100644 --- a/docs/index.md +++ b/docs/index.md @@ -75,7 +75,7 @@ howto/grafana-github-auth.md howto/update-env.md howto/upgrade-cluster/index.md howto/troubleshoot/index.md -howto/regenerate-smce-passwords.md +howto/regenerate-smce-password.md ``` ## Topic guides From 8a98a439025082a1793fb2cf4ffa28173ffdce68 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 7 Dec 2023 15:04:03 +0200 Subject: [PATCH 131/494] Add a short policy about k8s version used in our clusters --- docs/howto/upgrade-cluster/index.md | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/howto/upgrade-cluster/index.md b/docs/howto/upgrade-cluster/index.md index 6c233c12b6..fe7a56180f 100644 --- a/docs/howto/upgrade-cluster/index.md +++ b/docs/howto/upgrade-cluster/index.md @@ -5,14 +5,26 @@ How we upgrade a Kubernetes cluster is specific to the cloud provider. This section covers topics in upgrading an existing Kubernetes cluster. ```{warning} -As of now, we have not yet established practices on when to upgrade our -Kubernetes clusters. Establishing this is tracked in [this GitHub -issue](https://github.com/2i2c-org/infrastructure/issues/412). - As of now, we also only have written documentation for how to upgrade Kubernetes clusters on AWS. ``` +## Upgrade policy + +We aim to ensure we use a k8s version for the control plane and node groups that is at least **five minor versions** behind the latest one available at any given time. + +Ideally, the following rules should also be respected: + +1. Every new cluster we deploy should be using the latest available kubernetes version. +1. All of the clusters deployed in a cloud provider should be using the same version. +1. Check if new upgrades are needed at least every 3 months. + + +```{warning} +As of now, we have not yet established practices on how to ensure these upgrades happen according to the policy above. Establishing this is tracked in [this GitHub +issue](https://github.com/2i2c-org/infrastructure/issues/412). +``` + ```{toctree} :maxdepth: 1 :caption: Upgrading Kubernetes clusters From e31e520e821155332f4a7c7d014ff4cfcfa84308 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 7 Dec 2023 14:00:19 +0000 Subject: [PATCH 132/494] Add screenshots of the grafana invite link generation process --- docs/images/grafana-grant-access_step-3a.jpg | Bin 0 -> 53480 bytes docs/images/grafana-grant-access_step-3b.jpg | Bin 0 -> 59810 bytes docs/images/grafana-grant-access_step-4a.jpg | Bin 0 -> 120623 bytes docs/images/grafana-grant-access_step-4b.jpg | Bin 0 -> 27056 bytes docs/images/grafana-grant-access_step-5.jpg | Bin 0 -> 88515 bytes docs/images/grafana-grant-access_step-6.jpg | Bin 0 -> 35195 bytes docs/images/grafana-grant-access_step-7.jpg | Bin 0 -> 34422 bytes 7 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/images/grafana-grant-access_step-3a.jpg create mode 100644 docs/images/grafana-grant-access_step-3b.jpg create mode 100644 docs/images/grafana-grant-access_step-4a.jpg create mode 100644 docs/images/grafana-grant-access_step-4b.jpg create mode 100644 docs/images/grafana-grant-access_step-5.jpg create mode 100644 docs/images/grafana-grant-access_step-6.jpg create mode 100644 docs/images/grafana-grant-access_step-7.jpg diff --git a/docs/images/grafana-grant-access_step-3a.jpg b/docs/images/grafana-grant-access_step-3a.jpg new file mode 100644 index 0000000000000000000000000000000000000000..657b47944bab54f436576ea09e7e10327ce29ef5 GIT binary patch literal 53480 zcmeFZ2Uru`wlEx;fPhHvgeo9S=}L)+bO8|o0RaW+(glJBqVyg?1qA^C5v2DnkzS?O z(0hjjAp{bVKks{PJLkUtchCPn_j&I3J)c{Lnau3jGi%M-YpuN+VT!N_xU8q8s|6q- z0RY|*{{aX~fFw<@iz5JFU;wxZ005`})(#GNJIf-f1W1=03uxg zKj_y+B-VCx_f#@M#sh{Ca0zm zOUo;(YwH`ETid9^Uq{F26U^z^A8?Tn;r!S3H^}}0E(Ri8q~zpe9~jQFLX`&qnh{qx-i;APz!89D{iC z1>%1?YD(&VyY^2X5ax)4dXInr(2|i5iHVE>00Q8$FtG%HU~(1#@CsJ@>yx*AEaBcA3ONI{d;)rZS1Algm zSd?gX4B+?n&*6YD^jFxo{mERg(_){WAq;~DD7;_lu;_S{f%O)U^@u-~t-!vw*B!jS>j zv3OqV$JN6DHI2uO;~qsp#lb?03GA(tOP^G!mjmYt^ykKlC3164Y-S6FU*x^4oRWY# zfY|i|BrGEepLlviGV}pI%IeSug`4o6ss_E7>_3Z-J9EtP{W=G@QkAMBM3&gBaCHi& z8AP$@iO}xk1=i_9nVCvlR$p}>YmH$K-T;6+UW*&p)(SNRu!de$V-+TJ=|=GAXUwOj z?Zs8i=fN(QHxlbs_f)>o*0Hl3f7AjgwXI82r^~I#V{2LVYpUHE+})g}r*H?+G8vqm ztA*E>z&(a<&vzXU87(2U7)YKirqBPM=9VN$K#tO8|IA+?7BfvPgyFcr67_KBiy>xUwh5 z7MPmoy;tZXoB5IBsj#YrDFdE56*493VbYhRi==L+=IzbOdC|)^Zx{+(VsKR_We0N9XTk3@9%b7S91L{zSDwOaO{0lII-vJ?;@1~O#oelPz6jnpP1_Ig{dG+w<_!7}bGj%UZaxZDTlSDS?Su_n(XtgpXCRU;3PUpr+_n5Yu;99|o$}xn=>H@KGWFs(O7)MS62ZJ46q^r260Y zF!vuXd~|lA4x$0M4ARYMNQSta9XB{WCOxkhPuuU|&N3f}%DAMZEE8Ha+0{^KgAuun zN@&*(;Sps*9uZ*X}sNh78>J-#Bqge``6Co?7m@--PL5n!ccbbgA_OYa0oL zn^NKt?{I}#=haPO&|HXS8H&9Ud~~jF7{mV@FfBZGX=yBRI9V2Glk?Tf``5=u`D+jh zDK=B9EYZ#)rU0)`)~6;froZghuASB%aSS+_D=gKan78tm?bh^s^m@Mt^V+xw=Z?A# zKAp_A_Mx&UqYO0h6;V+?k6c06HbT3v3=*)nvJU>()?w!>g3a0i*aJ8=@1t_Rh@^c-RSXp-k7eTU0XI! z(}(WK5RmPYu;b}?wN-DfmQ(DH7bgHhBEdC5jvOjXOX+HZ`r)vTyk8F=4SLa&tw(1) zET1HUDy_zaZh>f_i=R1pYnK_mLJWtqhvZJjsH$lclGX%LK!*s`Ml=IXhnh0KMJSjp zxvP^q^onsf)mR?YoaW(!Z{#()B7t%>`WbziQ&@5-yuajgBNky6Gzh27_NH;Mt6tp zleX6n=W4Bf`aS(zHk@aVC;go4wN_bc7+$AZQk z{EJ3hht2e^A~3U79VHBbQl`#J+4a^%rw!k&(LvQ7do|3)n$X*ssT9n{w|;N`H4cD; z(f>3pZPHQnx5hI&IYT8lD0?JcCGEZ+s>~*Ff`~30 zmH=4UA^>c|IRT(X0AS9bs0Spmn(ok6)gtI19Iuv%GX)}HZopqeRTq{=0I=L* z|9$^&{Qah%-}C1;|M<;6f6I^G^7FU;@V}YT)|$|2Fr{1#KA=Yx5j<_1Wo6 z09Q(a+b$I2w{ZSo5ce5+(pnWSCjUIr{?IYz+>ro?v?c(?i6*XIN&)~P`VYUwupDR_ z*}v*3z5+vdqCE(J2%iZ#YjHfIvx@e4Ir%S0@`8QpLeEoRQ|v(IS`g7E;j!W7-63{A z$=q22(xS<1W_M9E`_)D9p#wEea75SAPgwiumuh^^m=t1weSB)x(=1W<>2#Hpo#*nP zp?K72k<++5jkU~-XL^8~mv-G!KzEClkrIc>Xc_Zn$<8vcZO?ZpGs-9eqApxjdz)%s z(Xvs+L1^HHgGRWEO%JiJEcQMDF!YuHc<(Mv03_{n;@NSIn2$)0 zLo@-fR8w=N(h%puGrXU1tU)6KF4j@Qq@bETnk34p8_0zmAhEdd}v zlpl0I|9p)-0^nUb@ih{~@CW^J|1gk^B1&;_uzfHzAlVGa_*_>m(2spy|Ir{tt6uqK z;IrgIosakX5cp~Q_8(@#P?l2d7o5iM#b8YKWhJuZubOyC{#J>)?AlKvI=cLU2ngz)pYsF9b| zk{>y=DIz%r<=1%G&ohFrPk~c(n;VgWwH2Z2sO-CihBri(WBmLrlN63?1 z*i!5{nQ`N&l$AxQto)|~Pkyab&CL>@RO?%TZM69WxWY1697SFg3{Z=_x*@*=|3Xm%ZwX-Tj_ZZph_k5!a7u@Sso`+jqxnlnnciTpkWcmnBdW`kCHE~ z-MZb||5@B?yY~m6H%PtobFd(W3GIS0Smt_Z%j9yFyRv;*uqzL7cQ+Xo;UL>6H(Wpe z;}u!$EJ(Uk8mp0y>}oTL1kuaiU^p)1dZIe^WE?@EGohMCxt}6Y@B%3DtHTaIwQy)E zK>+MhyAuF8C893kQ9Dic$i_wbR<}mzWlVv!)uU0rUEMER$&nY7Oj*7p=|Z~oORW7N zy+630ARh)scG*T`&?7t3mKL~is(}PR8APAvrn)lQwVMSMOKH-PW;e`)3dJ_aNha}Q zz(XmBEU^m*0Wj=8mdOTMooyx_H!Yk=Zu*at@pvLPmMB|oX|`UZbmo`(xxci6?J;aA zFtR9=aX+q^=0A<_>iE*~tUwIWALtnar@=92P>!GPFI`MM8U!#{JG%T+haw>9Y^SRKMA_z$8jd_U~aTey|Ax0 zVoCi6X#-`k%!pd?KG6$}0gkxz0&B)cB04gt`1!;N#IkZ4`&=M}_Hg-`{*%q;)u zxmuYy*S9)&*h~PV`~RvATyE|nO7m>!IFW*S2>=4%= zDdkcBT)+J3NS9JN@?UNp%nm&P#Nmr-^wdng?}`53>D z4bbbIa}UGqjUssEk$aIbDjdtj4<5RD33oKk3NgJYQQIMZSk~)PbTfk7zZABdAm67H zXp-T)#y+s6tJ!1y-2Z!~#~E5JHWFhFOux}3t#>~>%}`fatpJNp4FD;MmJT%%08;{| zKF{GCZPMAZE_*<{N+tZT3Ooa4zbJ)sZ*!ty7<(nhMH#A+#7m;vEE6ulO|E;H2B9VfK~5u*p05ai z%$J)Npa(l$j|_+xc2JE5g9sI1eluue&TNAKxKp{_97)$X3yQ*Dx=9qMb&2q~ml^WG zECcxj02{S2bS9~G!G5sGb_K+U`DKouLs@Ukls0{d{CSuYd*YIw^GqkU(@5#(3&&8b z4#WnzpU4_*UsRNgMn!#giv@p85;A^8R*^KtqqyH?_w=E1aXFWrdA{ClQpkoEGYg2w%j)%RbWUI7(3{EkgY}-k;lFg70x4+!$`gB;{$)e~# zt8S-srA|+@af&oX^viD!_U~Mr@}G`@`Mc$h`8=@Psgr)!+Rio%afGQD=P8kk^ldi> z_rH01#6(iBO$O$B`W*r^v9h*)IHwM^7oVA((Rr&O;pEmO^i-xIap)T$bjMb<11B3f zcvw*HD7Yu>M*v8qv`N2RXlU4eIV+nv(NoC@J_9*yH+JkdyLk)@W}Pz`+ejn1mcN&F z97Ik8^Vvlg%-D^Zz6Kxe=a5NIK7IFOvW(Kh=j-=u_(1=tWV-{V;RE-hKv(su$<%XY zwL%lDCrLt1e47SaWI))6%PDB*UUrQ5s~weq75dHvN*w2~+Cr&5I$dkYXzF?Q!=UW7 zNRESwYr#ix*KX3*FyqxA2AJ{{>DU*jNfmQ%Y+avZ?mG+CiNsoD=a)mn3mZ2a1>e2` zVBeyf&NGkcf&+skFj_aH_Lp8WnN>V$th!dh3O3KI%VFf(RU}ED#*LNk4w8XA`6Dd2 zXQ-uJqF)$%-)b(`&&Hz`SP+_N-N!pE^4e0Ig0d^k-Cm>jgx9#I)fdZLMCO-l2h8U=~@*Mgf?{YYG+tU7{XZfb<-(C3o;esvCjMqwYxr^lFK})iz$a8Yg zAuR~!0mIzI5eHSL$A!`p09-|I$sp0g$&myzPR`8#_&(aWE5X+YfX|V5^+*CBe!`ac z$Ux$g#p&pC;6w`ng6t9I3F^wkL3_$q&r91K&yF8V#RzJF8tYD(eaW~p>TfU7Cfe4c zdbo#+%C9~5;;=9@eRoJ)P*9bwhqZ^JaKVasU7VnSBIKx`36ZFzo5TI zClFQK<)1w1!>vD;JpjabEr?2U-4O01%dO4XGWiLRR_+?9_pPH27yd z3wF-smdQwnlPQT$;LxRAAd$moM4jsI-{tRUv;tRsl+$OccTV;`lPBw+oDO9}WB=5kHy%3w&&(S- zqrabeId~=zJ9J2c0N`sQ#;EK_6CqY10{%WCBJb}f-|#;$1iuvG%;qId@ZL5JlfNHj z^B-~0N1WU+;v8Rl@*9!yzY+O&ocuRM{x^xl--!H;$iI|ezlF_zp~U`{+JDIY-%|Ux z`t#4Pzlc%N!I*cTi&PCUiEFZ?mv`xmm6H0a29UU&Mn+Oja`o=kyp39o*mSZJ*a4@5|JRgrDYgwRQ zLiXd`6N;J7X7i1Ha*1M9oEM)z_r0l@Bi0cd{C?2*ezO0?lK$RMS5hBlMnlTaJtEsK z;w?*39Br!{Pi6XLo9tHiPaq?nws%HOdEpEjk1X|ux+%Xthzp(NrT4b=g-D$@;!LtXJRgin^_rBtz`U(+wag~} z7~K5O0jH9)@3t6o6$}gYd4|rc?B5hqOG4<6=-VdG4O;-2)&uXHB3T}pn>N`N*<`BX z1~(O#PC7gR5aUr|_JRsSk<~WW1G$OC(|~JE_!q61#2YI@?yAuRaOPkJjQBD-?70z} zMWk~Zm(^5Rido4*2h$=F-229~Oy<%B5UJdEqX$FP?0!KP4_6GEYu$%t5#2+*@!KU~ z45yQGaB2d;Ba_iN*bs)Y>EH3Ur#b)TSje+YZy|7Mm&Ti8AD|o$RYbA9KJ7HJc6@Z* zV(|T(_~95VXILNU=_Y$Zo6-TPl+8xoI2Y!1=c-;jH!A_f>=13Bs8Vzw3f>ZQt0%wH zkLQBZj9Z~q)?u0|qr+;O6eui-9$EQ#rRAF289lNqUX2@KhnyV&2cx^%IjzTnO~)%= zt(kURA0&Sz!?d|AJ7!L_M0dfb8cuYv+OcYvwT0K-^uOH2sdHwpcR=`IuEDwm4Z4cA>DyfH`6N1J zx#DcAY#HKHV61(ON zYrb)oy%5J4#BA~V#BY53bL0ReMz_Dh5M3yOB{{@ASigcj14pyUSk8{tb=^NoJA}7hV~ZZDh65aVGut+pWo=^Pat^c+@O6 z$$QnYRo><1b&Ltt>nC-j76$I{9jsn7r9FrposnL*lx|f!KHbr|rRug?m-qV6gD-dY z*Hy8;FUfChlFoT16OTTDIzE2YH_0S3>npM;4=y}53wGMoZU=^CkYG+f6OE|0NUV8v z?f8}Zc4NC}eNV4NXko)G>e-u2?a{NB6(-j~FcoDK*HTH{8D;F^OXb&ZnRc}zz%8Aa zFErI-Sf88MC>FMu~XL6@qHi@_qMnfmoB{S2QvWME6lS9*1t`}26T=z;p#Qh7aIp>QUb#!r<_O)M+bf5LMJGs1J$mnvxNMwpFComS$N?t&H zU>(uhGX0wA)~F|5ea>t;Sl0hb3b=gpe!H2iX-BUANuJ_{yGhXAuS8Vo|AIbZL`xB{ z-k+ry9Y5G9hRAA}2!QCE|43|ZtT6xt(c}~PkmxXk;k-eZRL~Ot1ZZQ00N^&lUnzI~ zO!xct->CadHvh(-e@~g;?BX}8{4FN_ZxNBi`22rPy$zWE!&cYPg(D*XZdrB|m;T`> zv|GWG5WT>Xc0+%vz<;R0zqfxL2T)?{{%`F6Pf-k%7|H${`~P#;pZtye|1oX}B?jO9 z_tJh)C{{JNo0soAOGOyE{1e!o%z4+JGj?mx)0;M_*FqqM7|%&Y^0`1~;!wu()(@V93u__;Z`_Wg@zj|sp1TA9FSzgrQ;p!n z^QmffMMY9~HG{YU_&j)@hEZ92Q12H#MpQc#w8U}#*=f?w>`=w{E5h~0Oc>LhuOoL% z5)ApwJx(Df#h=(J?`zaVwwazuE)vTNh!D*H7K`Ux9oii?{WH!wGd+WAd}r=H4SUpC zA>qR?{O%fE7o|Lktqn-ogCbiNiD+VCf6F=l&BZ}bOQwf*U(6BFI{9(!{m!eoYNKweEc~`nu82^VYKDCj#I_#o9@| zu4?7-;I8yCEDS_j4T`==ti4b*y*w&d>msofVtpXlUfwEbuENM`Sl4+0%!14f?k50R z^l=`~4@kgPKUnwsuGHrD{Zr&_5Clwyf|*0pDw&|vevz%4b5(=gh}JKxqC zltNKlWFR+Ek7tf2aa8-kWNs#=*ZnL@Gw1@yK^h^kZbR>i8cg^*KE|)L>$GBb35x$#{e0gPDu% z6K)okeZ1iLhh`Awe)smx$=7~*B6Yon=Q;6bA4-%N+`UO9+Ln$uXcrQg2!YpOuL zyR0@4m&nhr_?}#9FVEw};!0LAo%9l02c2gJTkypZh-AT>Tk1=Srt*Xd4ass3^$+$8 zWK;EI^Rd@dwqwu-Z1|rGJSvpA&9%#!6x+!S5YeZp>q-;rqW4Jk^@ij^gUzhjq)CSF%%NyvQEF95h=*ywh1RPqSn%A;ANcg zA{I`Ju)RO|q_V6rVQJSL;TMf~aFxqhNytamvcSFVgZ~f?nq8}+yHt7^46>|8Zp1vt z#*06woZdiKciN?buCv~mjqjd~D^gXzP_V_RP`*qwIs$K%*N>I%TRl^#@oM_j`@@Nv z`^m?I3tkjY1r=h>_(4wx5jTzw_T-V5iugPIE3yX(fMA+vC<=i*4`@T2gdg8{Zp*k; z`@%5mg3655Chz?7LBZ!f6i*VnyVuhUJT9m*8|#oZNMFS0x6dn0xJW_Yju$!?Sj0Fb`!XhBu~xJ>+SkP_IU-vLCJt&eJf4e5Yxa0S}Vk=ZWq)wyGmWvSOhOLfPCFF{O)nxu*Dftt!CRhusL!>lx{*7AtX9rs9jov$FqRqtrpRGx%=Afpc=&%V8jBc zic=2Q_J=tlz5ir_KHsJ-UzfX&R3$=*+>_fl^F!B_#hEA)!@yG5PA3E2*uW)9_5uK5BD$mykqs77v*CUiD zaJlZU&T1&^C2gX##WjQI1F=`|!!?{x^d~&Yc&Hf(>E4 zitx|#l+2xL{IDMK+<7g2vY_D_?Uw*@$F~L^0=X=;OAB;6ctnCy=EGuGVf^qx9@Led#5J3zvF3f8QJmAcy0=tNjboGG!{KTey{pM4 z;yivJ4f?Fbsk$kAG2;r~W!@X46`w8#lErYkdC59wH+oV*be_%Q=-uSK(r$LS;Q@S6f_h%zVoe$K2MEi2%_zNv_l}q#7`pB)3}U@Tuo_ zHNMQ$OqyeU3I85^ee!?+h!rMg^GBUWd&tXsRxfM^v+1J`DWwZsZs|)n-&mcqssbMg znH^QfM(f-E>cUemEM{VK)l@PW2f5Oq7q&K^VXnYKBI1#??P@pc<8#v5Z+@kb;*THz-+{W3c!uU|iljVy zN{)sc$wM-~*ZHXd&Kn^n0Ys-A!f>O_^1gh}P;pU}_`_^r+)gwoc*z`#cW;SG`0}}w z=s}L;1z;?&%n;6$j%F$6h+;H2q4Jwnv)|9P)lbE_`AWiMxbl3&7kU{3xGX&}$8&mM ztywg9GMIa^dTQurAtvU)`lIZ7HmWPl>;!=S9riQx-IP5Btg_2OmDF0H_HMZ%)G+VwUHpS>;})DTgpWW~-~H{Wv(D-lO(q za$6h6ERHuAIKa1_LGfYZ?^xaqrI;Lcp^Y$?)KqXrvD)JSd6Cbf!trIBda|wT68@WQ zIRiK+zOYL_)^34{pgbTKSOmNx z?-s5JVaE*Om_#(ILzfofRPN+wub)`P^ekZF{F8SC=szpcoldT&>) z6?tZUhn9pdg=&?yr-`XI2`c1PF`*`aQ%7A&JC85LWLk_J;j*y8>sj937fkjurL-MR zUwU`B!rZ`!+x2LtT}iCM7LX015wx8enjyZya7#5IQ`uKHz)@*cHERP{#y^Tm?F0^6O`-1X{${z=7# z@b+4BS&*c}==A{q6Gx%cS}7fIKi=;1Y77k)0=6Qmn(h$l75B?vC*yG*_akh0J=P$- z|Dd%Mo1_rEDkSmvz+A*bolmh3RGYawnT3=8UV+J56xZ36Q*~WMxUyc3FSlH%3uM%J z;FWl{VEPtmj&xsJxb1+mNX7(szxWH-F?>R2H9m%zo>M4(NuBbIHs9m{e2>c~SU9-D z5*F=YYL|8&iH4ONUN1kHu`c7-)agB2T#o9?kktR|0s9DAOv&8A6GQ&$vj_m??K2T{ z$a$U$308W(FAL*#C(;7t871Owey>)SqT%y9cZ>b642{ZV_Y%9}PTi6oJX`oxi(~wC z4sFjokppc6+4A8LK0S(i$}5p?R%2s@fOpDkjZaC8(mRu!rL)covDfiasUmxn1@jn< z2g3=kOJ}UAXT6GudEYgSwYLlTwME0N_2W9#dvPrZ>{LXBB6BfiSN*dquOMcV2>KF55_2w0k2K9FK23PmSUtS0tyNrKs{Q}f6QqIbm*bpr~TQ8j+dFGD0K zu1Q9Yq4-g5di-(qa6`O@!FhCwI9plx>;{9d|0grQ3O6$cYywbqV@)KHylX{gn<|hN}6EAJp9hroHnjl?#@w9A@yfP zaG8%EAC|KV$U$UkMs4$fydXDFB(PFo8mELTiRLXVvb55!)vfTWtQals=6(2n9B40- z-ouzB9PD_NgC=kT$E2)R8M!19eOwhyF}@Imn6S8YiV(Nb4~W;@XUX%SwCkFvQ6ZL& zAU{RI+JT&I8Hy7s4n?uweef^0n0mw8gME`9jwPliexquR0ThHi%>wVYBDhOijWD7M zkxdrMu|{+dZR8o)gXYwX-A_jfhjq^N4P(2A%1V#{%S1fROD6GYBkJEFukizxtchRq zx_}fG!m+9&R+tdPoGHJ5osjkm=EveyU$muUzo&Bn4jlL4OVdDl_@>VU^q>QdF(0+9 zQVhQjoHpqQW*;kgI?kns?4}Fwp-l5uNR1Zg$E@_b@L%%o+<$laba||84Dail9kU{I z?tc!0yUjVZr=Gk9Ic?!?xX~3UFg~O+@Oac~Zdj4*;3@ib7M?`HRoA07enh`#iZ$QP zto&N}+2y8Zr2BDJ5n|Bm(CGP4V6c7x1&RH$4WYNGxW@Ac`05sf7*OMFd#+$TIlO>0 zDLv(e&=UZU`xef*-;Z-9q21pH5$kwg0Wa8`f5u;%!xZqyD7#yAnERV0p9M9h*ve_r zeG)Cf^aRBwdC3^5+g9VLh!ylbr!p7&@dA@~?GBX$-0knjtMvUeJdN!0^x$%thKth% znws|2Q}(~WC7#C~^%>Zr(~$DHyKWNRvvYG->$({&Egl(h`OZC!f5_WTW@}Hh)ETL$ z2Ny1aE_R6*zl$^;yAl=Da|PBDb43kR*iDID|C&~1ZTPwIJuxdYB-1+HA|Bp`8A#?1 zr!Qde>B(SE^e}#y;J^5aD3T{9IZG0e0q8}HTtj+Ne7gZl`fTEBXpSqty6BQs&Aq0V zF?!)TAiv08qqcdO$h(=$^Xe;5cCb*Td@=g{r2-P6Y<(x0RvjJ^zj}^+e|kN!aUVzp z`F^k$Ca>*9X(&X$0HgmXPBY(m^6k{z)ld1!bN%jBiw?RRCbN$x=z?OgfzGHc+bVce zi2#Dlq-L~Kq2$7dyM1(J!tOAuTK!Lm-@_h@D%~Ao4kc015kNV09*{Y+iB_olmP}P` zw(&1Um?oPF4kuFK+>YJw7qwUPiKVT;%sv`}Qy_K(@u1c0REGq#_i+UNexR-j$% zW$p!R^$QRvQYGOvGW4JlDf$$q-{Ymfun)egO^VgOwMvd+cs*_!wzZ7*sv^V%0&C0lEa=EN1K zZO0v}tWF-lS}`Dd&$z*F+Q`Y)48{pAoy*l5I1`4Mz}qX(l%E}+tZD<@PkiHi6J$>* zvG&e4=_8;n^lY2K?4!kU=?Y_8*<8w0jEH&3v!KG}?i^Fi+1-Ax3lEb5uatPXDt;f5 zJ+ap>N9LZi6w_knmCc8CkE~_yHDW!~esWG}vyAje9i%)pVyvI*>Ko)J4Q(P)DTUln z)xzc3DX@4;g`1^8Q@9|!5w2k5!@Ss_jtGeLm%6;!=ZpVcPOtUYKR7?hTY* zNQC;7YeItpy=;`-N8By!&k zyvjT4Pd`SHZQm*#&ZL62$f#)exzi0MG`YFt^;^jxT>L%33NNVFl4uo6_dk#gWmL

$tFT*yx7qA8^R`Vaose1~wP2>`To z5A0ChjgqhjS?Q;a=-K@I15ceC*G6f4y zwXW5_-Cbm8jPDxxzJV?{FFZDy9<>;fOIK{GIUAaAcd82%X>eA73y+h&DzEWP()}51 zjc>C(eBMlqVy`R3r%CN>9$>^KaS3Xa#JWWe2lxcN4`V5n&&-ET6+4<$s?NWvsZE0; zyO^fI$_5i962;O|wC!z9E~HnLKU#Y?6{P3BCEJ4roi`RQa|@chOwrk z1|ejeU--l1e4x&9u8kXR;ZhudCK7w!qo167ScYd>xw)myd??yo4%`>s)1Q;D&h zGK7SMc}?lFbIz z10s!tcG$j#p`f>7IF79u2WB3WjeRDuJka}4sNyk2vCN?32vaGfPa&D*HP<7K>Vgw4 ztF?gWFBiYq%OUyl($~$2q05F>tTz;o58ByUh)Y!q|BUZblNeHwui8BG43#RDQ0R8F zt+bkc7s<%jfs9eJ(^d7g5>{mWYWCfzi+;)pZcKJr zK<2XB-gYVNrHu6BUk04zxI1pAX3y9946207r@$uoi|#G~%T(@7PK)r}bKXGz9zT1C zhf|HlaGVjX-7{{FHvUc>@+G4h{H!fCP8J1POdo9j$tx-{0a0}0&2z}NdQSl8jy{Y? zRe0mnAKB|G7aRu{BbicMqJZ8qyRSO9%lK2VU%QRtU69}?hxy?}vC*_t*IVg>9iFe} znUS{fYNF0BDBBG@W^N%@E9Fwd=f+y+XpP07qI&HT?$=4ku9E~XjRBy~g0JI8fYeZj zg$tVqkq9}gyVlD__cMjqFFo7}%VSK~Q{j6%+;^u*LK<~We<=Ce{s`jI8i!~UAU0pH ze3?88KPsfCu5REEPS#d3HRVonJ97I0M;d^lZgwQigHPJgyxfVc6$r~)h);cqy}k2K z8N@GT3U)Uir;CWoGYh@=!}ghra#a(l8f|*Hr1bnJ@4jD*K32T;{qAr#sdn@Vuj{up z^!vy4SJ_|X6%q*~8pk>02O?=hrRi43ELe<4x$jkrt&pfq+WXwO{_&bxpuoFMhG=%J z$GRl9Mn*x4X$ur`PZNk$*Lj5|Jq2q8bYG_;2ByaYiGe;o0|hU*buQgxuxZ137SUkE zF!k=6cqDE*0PH;eMv}pknM@gLJb~f=@794|lhe7};+Jji2Ylh@ozu zopf=Ar9vaC)1|DeKAMR+>Ff(UPp0Nny03dlp~>F$Q{YFHr|~X&Bb*?UU?GbwV5P`z zV##JRcaqM^h+JVT4TnbXk@fbdoEx9WH{FuEnVRU*jS{#K$OD83T`KK>k#4G8#Mlugzg;XfV4^X%61x+BZ6(IOn;1j z>c-OYqpKf1+&_K1-b`{H9t^_BE|x|^jGmyFjPZR#$Bm-G`k4YRKiODx-*FbKO)%qH z$+&F=fV^VrE_sXIJ55p0as^=HVxSaGMQ!;6EOV&K7-qUH9Fr#-~- z9F$$~Bbgl_1_&Y++Ojpk@nP7o29RgS_=9)|uynQ~4>2$?6t7|0P@9Cl!{P1OCP*$M z=JeFM%UP(<{hTMr2v3xX%gU9@feSz4z4>M8Kl0Z|{p@k7_2yj{d0S5{B2wZu7%UsS zU`y9TzeEgU&}^pAV6D#oas@HJCW)BT8+}irITaV>DE7LX;m*UB`CABgbx8;Q%s0WZ zBM{@ym`amj71yUX_cMJaYL~6T8xox&R~=juSIx!ao34|w@7dPbBJY)+Dk{UVG(=0= z8I$?arL25gS48|k;kQBI@wL^FM~{reS(7Xr?Dlt!h@w*HAz+=KRJEf%@}7!ti4I3BwDgM(IL_tkQ;S=`bp@s z@dBsy#Ovsnp)fT4+vB-CTk+r-5Y@3~!~&OJvFGjx^a-YB-P)#ght}Su#1NYw%kWyj zu-~85n~VS8^{>1(coeTN#%e`Uwkwz+{qfk*H%K?Gr9q70wS_>UIz>(*wHY8Zw1tv9 zco3|O?m16wRsdT(r;kA*T-X>3xQeB1YSbyyM6Op7McZW;JR5SaaNhMrZo7X?nTUDvZ2-q6U|V;QHt7}%+NldV_0|}}hFtfI z;>?VDR?WoHQC%@Dne$^**K10g>m$(n9tZM)!-EWZ$|Gfc%r`7Ojy1vhWve-!t*pTh z9M>R0dU!gXaQDe)U16&JoRHgI^monIfqNF%``e%@g=&{4xmE_b7$fa~q|OmXUdXR& z2oEVz#@A?E{;RTERMltpyS?0S z`>-lLCSH~F`S^M&4ubiKthB}u^99Y3SL$gCB-R}(>Jq)AcCBHFUXfXsay~h^MQHpI zBeP!wbrGw4lA+pzrIE|IvrHn>)jT&H#p%|{A9ql5ObaA_SOvWE$a+^%yE9k2Cx+$4 zL53wiV_skR$UL+b4vUdAyW#$^&Yq`*?($qhdEX~{FCMW%Lovky-i_r_VjWFl?ajg! zckv(1Y_Gq5AKQ4?7cP;ETn&8Nmypf)xrc~r5}N1`ac*JoOy)j zX?=OB`D{ye)o+TgR@A6abYE-%IRq_F`C%=!?MeFcOHlTb`b%3{ONkS6t3XqicM?!3 zLzU@wm%M)l>je+}VNr~RJA*h%qx_=6BR)QcU3mYsb8TdT?OCNPH)ZNw`s+V95T60e z7geV;3%A?s_dyupjWeQx1lo6o4xBZso>#(G*PDpSqOBSHOq=4R(JmLNYbl^55aO}G zcwD;cU0Cu?0zNEN(zH;?1y{tYW~F#6$g81cGh{gZP4vgC}TbB_Frmy8B({uP( zJT{=Z{_sm=|AU$c1?4Mu61{r0`*ZSg@1~+%XtK88WuCZC8xhc*g$D${h}h07(Hcgq zw0Nk7k;S*L0ngN$Ezgshpi9ybAf7592Y4B?g;4#ZxTQMyRsu^qQPG(xBqkIo^}{QV zqvuCYsrh+Buna^I)3ba)yPZjQ4BdO_4l+ocU&H_OcCXM*@nWxw5%9UuO@1#G?M|t& zS{gxoma&Q?0q~@l$mjF~OQ+x%F(=%c?=<+%8KZN4cxfk;d|Tm#cH9x2mGRr&>WXoR zeUY~=?unW*$~DZaO7{!_Lg>;F*i0lEhPjRkUDA5HR2pf+kDnMTZqo1!k^tE?)y#PE z6#qZ%eRouoUDj_<6crIsdR6INKtKcuf^_K}gh-JVBZAUHq9{_N2na}x^iD*2@4ZRy zgd(6wFCmZ+?&Ey#oi#J--tTkPns@GcxEG@3tPWJWi4lY7(YAihe3?eq+vw+nA%Q;yL^MH?pVAst%r1Up`eT@g;Hx z-9#CP;KeB~m`k@MQ6^dq-NJ%7J{8kZ-JawSJwBdz-Am(UWE70i(4IkmHci1OK8MU-HzJ(Tq=m@fy0A|)f z+B3myO`@kB-npMGpm(4oZ{w=VZgSSMR|-8K$UjfFDzfx&-bOrN8F=sI5~1=QieOrF-p?S|vPjaZi-te1<*>6o}JvH9})r0l)aQTHE2 z6rQ!LTC(NfQRK;LGseBwIcRYoC-k1P89Z>2DJCJ*siNm5ajmE z`AK@=0SW$=$3)lMa$DFL99s9Wy0nifY~99ftWW_S2Ia`pQVg*b^6^6eV88}NA~jT2 z6o*WO%YS_ov7$u=kdNZ5%)14INgpp?vx#~&r#ptvT3x=77S@fK@Libm+i!*0>EOV3 zgOeC5Lx<HS$(5t{%L&7iw~Wk9A4nE>JQHWe9BIi0LU5wHo}~pvX@Ai<`bZ2@$ZM z;6iS0k#D2^h<-@f^4m85r`1%OEE!2lD_o^9=JrV=OvWZ|sKV4IAG(5Hu4Wa^(oCuF z>jXbKh-YnUsw-Izep2m>SM=yJ9<&i1pPX*XXdFMIg?%A1siGfx;Z|W4@A@U^QYTM= z+xogHQf+8sS3|SUWFQ0TJ$ZhhZM2gP(Et*-ijP6Tb$0ny_Y1YwAQX;Q&Wls9 z8ja<1ojTZ*W$OIM14^KA1>L-@q`|A9tX#xs7fO%^(%-;-Nu1@IsL&T3#nbXr31keR z_B*dQL@A?HCX0C43mZr;sWmnpgA8h3KNwicsIIOIxAdKvW;A&m-b+J8O>1lQ3`80U zsjhTd^Tcx!Eczb}R>Pj#oeM83jRG=|dO{^FPSc6>K#4!D*s;j{Fx7@XKMJb75?dmC z5rZ>&P!WB%V1{KdLUmE6U4BG6A$a#ucwF&f${ z&Z6hdmmig1$;NfwW=j8KR9g7t%M2w8`E_s*hPm2@u7&bl65rPJ=az!ptoD)EGsYA5 zNevfYeG~D!{CTg(#~iOoobt+SndVxqhg@0{x&49FL++~!eO5|D1ZB#aI8?`W z@^XW&Bt(cM47cnkL`jn=Y+GZkHpAY@@*uv-Uh!7AyYnM1KdC5dy1P#}3Ti3(V2#6{ zgLZ=bL6Z3g_g@in9Irnie1ifx*2PAQFgJ|O#~UHKAg4^*8o}oUZ~YiKBo2%7?wY|$ z4NF_^n>@8kx+Um(L%v(bddE0wLT!`sC23~8tf227^PWqs>ttRZ)Wg)+X*5`Az7LV66E`eQc*uA6@nmDx@M`KqG( z#~@`+cp#q7W4RGSQ7h{KX{{BnA@=qcZ>&)kPaWv?EgoPcFK4dLsd7B&xDghmDHd7J zRg;VTiR;@OT@Vh0^Jl>&M!+R&yOT^=Pf@F75;JBUH@*ZvY@vGc(o>x$-Tt- z3C+kH#K4_fai0vm$(is~_Yn#Y^Ek;^&g;8de%GgJC-ng?&Ci^|{n)ae8_7=gU~iyv zXFMB~`(wjhHrMunk>pj5ybvemrsa1XI!uMZxokI2Ilo8p)iT26MiI0gKb5wC43SQx zz5OVw3&(4b&fs*;z^&I`jK{-2-y;bJN!+^vQ)3H@6$JY*IzvS;wLH$O zE710XpMl0|w@KisIt0OU?p@y*MC(M|>pfcKs(x9vTGX@tgygtMt?jAo^{NjG6V-7W z^O#j-yo^cLJR6BZG6bq5VP;Q|4Mh5It)4yW$XgPZQhpf7d++ik`uy8glu^7B!)ENKJ&Mp@$lT%)YHt$y(P zeA_Br+mY0263x3FTB4TdWl5)TjGI)ZV!F4l43Ljsl<^}5#kBWsvP8M^^X6iAX;4>0 z@V-QUbr90eS48XCQjOTJlI~l`M)2h|fSw=VN7)<+xb@R}PBv-H>A5#Y-dz0J`9RuR ze0o-*z6!L{QRJJ#^_X{unEH)?3HPvKQy(?%*4fwkknaC5&=Kn*S z=?P}@clGqocW@w1~^lFr#c2j z3Im*0quh!lHm<123GmS=@b+Wiv=s*~D@GoYBENM3EaT!G{c71|KXQ+_9ysJzl|mY{KpW}`kc7Xl+vB3i~V_mTvI!~_m~HekG=!`BOTyB z0!dHvx$4c}ZTj+K&`acZa^qquH)CSMFV_!n`y%>)tTLUW*S}mxz-{D20hALtyV`V* z!&X_?h`vC9Rsq1nG+-OM13m&04Yy4Izc2@_NOID}i7Za^;^Z4S*)LA^&J#OwVh~T9 zga33#$?jjCaes0Z{QDur->+V95~%%sss648o&;)tS5kk*b0>k?KSQd&+viE3_ID-q zXFPWjsQojf`n!GpexUZm>i!v4_g_t#_PgtT^4zZ^g?}}|_WvkV!JHp}Ng0PDHMC+!F$j3O!KDerCry}m3Huy;!=Vlw2nR9_B<$dE{(=VqsH{Js2vb2usX&z5oVe(ra z>Y^@ud-L$|$AmN5DhwPK-%AJiKm6(%M&YRY{cta#RPwVmTuf+$fr0F+uN0{b)z=Y> zVeV>89sjo)v>g;%J1T}9Iygd!F3n8CW?D6JlV7M-X<0! zOWI$GMm987^OwJQPf5ote(ZjbZChTK+n`t?1h9@)?!#!~Dq$Fy;Lw3Jk?Jmz=!4wm zKmuWee;E7c2F?+E2#^G9Cj;5_yT~R39Yy8+N&$kyz_4*sT7)L%QzMmjljA6=;1 zt^os6&u;)?L^6NO9ri!WUHd2>xdIH|2~6U-Ufo>&F=z#VH2&qMuIK(0^aUS-{(fb2{(hX=ZUA&p2CS4Guu|Z^tW+;}>8~9VG4qf^YCt4j z$Zx`XkT>A(?#H0$J#aU!?QiAyk9xHVs00*s7zO@|V2e|+Rlo>Z|22Z%QC%};mlt^T zU0`7$D|JAY)z=L`uU3$;Tgd-GttP;mqsTqr&x`878f7c5d4?T)0Ms}A*ZLvzm^A>! z3L~Jk2(OQf=GYE_#b2z^+K~nDmv6KHT|_|$fo#Vh8s&c&2Ct169Rt)F=#&p~)TIf? z1V~KJ{^O_m(W80fAvN;9gkb#!`Bx!i{&zxHv&26_4gqf#B}`n*L^fIe^+!7K^A`B% z0{Fkwps*3Ldk4@0FVqqokkNnp1@sXl=#JDN2fDzAWU7O=LJk3%`>X$7T`C`)2Sfp= z7UiDxo4W6=f2>r@fBTYkxF`3135}>zuWM_uYiR`aOCtN(lT?cM+( z%Rf5(x1_ZrJ|Mc?!B#j)&ZTLh;`D0O^N`6?33dr~G)u>z&G8W6wO<0b#Tej&FiJ-B zgsVz6@PD+@-Qa9F%n3~odI>s=!v!L!;M#5%WcYJ!5}rF;W5!3-qbG`F7NqJI8C*K! zi~MWsvteDZ`L)r)gI-GEuEN^{vo_AOVgT*p6DPZ~Y1HiGk0};P^qfm{Ql^?#po`~> z>bQbfP0Uc?($2dOL2`}#l#&<(RYz5QZRYe=Y5ttp_1Gs|r+6<(-V#meqI%+7)#W-J zDi(*oiuJ%r&9i}4Bx~<%HH4|3ci^lx98mF#qR*`!s4Tp%O$WM~l(tsi*ICCPM4iLgtX5(p^jw5sJu|b2Zj;O`_J@TQy=Eypdz00UG0%KL+{D1MqG7a| zm)p?#9Bwc@b|m>#)OQ|?cekI$zL=Oo8d$c!yksgs#Sp z3!5;SbMjjyNIPt?HH>^URpuz<9C8cFb`mhU@Zfn)0X6e1OX||p`EOU?gIFh=Wg1*z zOK@!?K(BA`h4Fm&+84Pvhpux?3lT5buZW7uF$ce1n)gs(QkM+XjC&s4mugr;RFyt- zmF8K-dCsyvT2Co6*PFn^%)pmOr0Tg(bN^6LE*n@+wD$kQb&ew{<#VWRjKa6-Oz1)BdawhO?(e!3Nx5VP1lTJmQSq+>IZa!;Qxwd`N=%t6$d=Wy3pzIVRE9^ui zh#GqoG$XCswmX!`96 z>AUg6W`{ptSnCDk09x{@sWRw}q&NS8{W=1!193)tg`BVEcAcZaWzVW4mjw%mO{M3o zm6ey4^W}=(2$>n>YY$*A4WC`PzJw%olM`+oT@WT7%euwy)Ts;gTY) z7kI!~w7CA`KiXw^TC*8fr!cliEAN1l|de-;8o`ELQmAR>v~ zWrB8_w$NgdIP%;dpu6W4bx8=h0PuM3vkc(q$%U{Jaj0WZm{A$A=UIpIrsmQ)qZbhm zAt_nw-JeKsakwfXb!H3lkYF}em9s`1%VeYy zBnL(dZB0EPx#ENjpj$F~_GZVgsz z%~xry#LnIw zPF5GKX8|r$eQuca;f(NG3t?%$+*XHsC0$%eKk{XcU`WYYvsE5D*(SlLALV5ni313T zKW1AD!HDRt<=kqGa++tc-Mgi6=g0l%xfHR7Jq!((*gN@B!z$HnLfzJ`p-f}2-ngrC zu{3bK`3_ne{MN%2+R}!?N!teQStjux#~=onj2=+Z#;|9zW6`zT%wdLKVp6a*VN1d~ zjGkNieH6XGr_krc1g1IkYw#7gMy_Id!zYZ1|09lynzD$Ab4D^nGC^XmdWXAM>qo{z zO<1)7z_(!;7@J~3^+rX~RffRs>oSUPqc1@)mt3xh^_k2m2y2WAWSr>w zRZZgK=O4c9$pR?b9n0;Y$POkEU(XhJEM69FI9SWz5xRZX^P$6?YG-Ac!fZER6;+XT zeV6vrpC6GtbrB0@%a^_DaM=TiMV5bsnIy4Du!s&wI92POw+vC;zwU{Ssyzc|*xYZi zcjetPx0)X?m+Chim=M3DYrx5|!}hG<@gpNU`ky_n&JV;W_fX_VNfCM3xq?^vdw-fa zK=Z{*TctQYqsB^zrI@1U?mmbfRQ}qI?8i|A1)LFA=k7eOMX{1gv)3=$Cluq%9I#!- zx%lcejrH)$G1YI|s_6Jy4q^|hz@|{VGuk0W2kP}WCzjj(Ym@Uu>u9%t=rh!=eBWMm zXp^w_m2A8LUzHIoP|pDPKpZ8n+~eJTng?5qm0yCowDnX@fc70{{zSe9Olmg`m%1d!`pvxUIYi zl}TEM;_u@%rzgyOkrzh*TJLxu6-^0(Kl2c9`J9dT@yZc(jMeg;&+Zjo3p?ELt#vF? zf1ND}6yQDvVaHipZXJV07y%A&6a?=g8+(Knwkz6{4M{h%m4=2Wh>{){UA{kg`Bkgv zcw0`G8etbbs73Qb0#gibc*j3|#duWrlytd%0v|*^o$FPvD9Kdk`Fec*z88U)vSA}g z%rR97a?ug`%w~IEyebd0%pmsu#w2lMt#)sGp4B|4#a6p@?$febnsw)VycsMLvvYG! z#{2@klx41}(le)6Nhj2I7w+a-c9<}ps>EzC6Gn~|bLJk$zAmQ}cI&oFuttjqLaYd? zIGR}iSxjD6=Bl2X4VTwFcUhqRp5V7P45x%+A_9`fY<%UhT(x)5!F?{lw&tePB4~`W z=4egixa^Go*Ts(nS|3cU_U%D8TEUBDFTje`+(|2mpT*c0LAyfCCzB zIo}2xI4E5A4#SZVUzX^cW(?xV0i^`-{4?$Jzom?$H>wGMd7o~DT#}KIkxU-{5jiO^ zpjErho1`&d&CYwvn%TL<4LCuJ)?KOl&IH_iVBVpKYUn6?bV`%+Q)mBl##_!;bb`K^ zhkr9{cR4I_<A{=Ol2 z_GttY@vE!^?zt5}YDJ-?CjY=~^j?`lgesLv8VzZ}>|33&QyT6T*N+NhoU%C8+z$Kuh` zQoB-*n1#_0xY6v3OndH4E0_$u*k8Ko|3BM?`gKhP3$EH<{DJAa3t;-PV}|^On=#= zo5^?6S10;sYVGnU7E((0&iW-M(J!-)XJt#Kkaq!}R)<6q%RUh9&S(Ac@$HrpF$Qa1qUz&OqMw?P2V@J14pCe2Oq2ea1?1zkWNbX48JU9!H z&n!t-$n}biaQN~V6Clm^9oe>_Y_MG>| z&_b#1QB3bgEpdMN(k$~af^&i;(ZBO$Lg6x4ZP6ahvPAFy)>u+sV@kU>qJ`?03gI68xE{kW8dAtF>6GjNV72SEbdHW?zrs| zIbCCRm+_XvfN!R%DZhK9EUO&f;vz@D|IGq4mMxxm!|A*FC7R_VN8by2W_qJqt65xd*$S1 zw<2_F>dvC(tt}$6FDY`fiPz1?Vhd6?&9GhraQ;jjVDDNghrA?muLlh*cTO+e#)KEb zF237miq^ipPcy$SOM$b?gKKVXydjX~LmW+ovap-e<{E5KGS5}{b92bvUT-{e?E^b^ zo!Txk0J05*Pyz;&U3jMoO^*`;>?ouWg{3J4_Rtoe0+@jC=*_X)mdP~YY8vVM_zsC$ zu6#6fGJAG**vZncI;W$&BHi0eJquArvYwHwK3`pq4t%*la&Z(~*!LUKq*ROtts9aQ`#+GdNc z0Xe?h7-tcZ_j5*YBtLHtk1TQ6_O!4|q#eV!4HesJMeE;wmWi^4(2S0Ni@6Dr!mj}@ zf&_f1VQu!9zFX$Ys-oIQQ*(3QZ}xCv%A7t+@ZkRWQwa#O;l-yGZ*t>8qF zhJq7eaHfjLhq$X-;3m_U4S^Sv`a^=RBmF+6eR<>s!nW66`j)ge0vFx1DBL=YwHYFa zeEO)k)>>>Xv(NJ}@RM5?X!_NfMK9!oCI7s2P?NT<0Z*@U#`-{lSx9ttiEBpL&}{Pp zR4?uOaJC&otB_jPwB!Do_uUt_@yJ&ga=7=IA+~dH2Tp80l>C8!IQ>PK#7t)o^BLu9 zPtVO>5exq2xzPaj^FlTwnH(*yZZVGjsrGVDQbI%Ba@K9(Abv8e&F~|x--3Lm|{d~Sj@ z^-yvDo{=gyW(jT$F{oQzdbbHC(t;s_M!v@esCeD=_x&_ZmQT8L#aTJ&s-P8pT&?LP5Fg4|}_%(<1DsF-ZiD8)FwR0R5m4v@116iNQ@|By5AXGr>n_ zDXosO{%3ZOON+KXrizpM=jP;&tX4`8|5BemPf8HzS34>G{4XHUp!pj^2K6o2Z)V%3 z`vVYUa9JcPCFm0nPkkv{jC-R@5XAugEB;&;Vg2Va(65 zJBrtAb&^Cof#MBuDK)`OlF{r`>Qv{p%ay21F~%I|FEgWsO>Z0c^q18%S2Tf;!YTK{ zeXSNsUr9FllA0w*z`X<;f`)^S_oF3sra;(KFm2%Y zc{YO^pCVK_-J%VJR$aQ=I8ZLosqAK)qHc!7Tc#K)asIB@@=Q(#HIdTw4Yz@cDLeO5O|^@97`#RrGKcz6ipmfw7|P` zsF#+NRI(<*g^Tkw^ND9M`Gb(`H84pny9rQH^_y2HIx^ky^4*XvP+bhQpRsDOom;EU zdlG5&M^_v61d&+%kv((O63E-ig4k>iuY>OBh?<6J>L)HVv4)DzYEJWVEJU5Hy`Mc_ zSy5)B!Wkj{-m+0dyXoufj`^6t!llo-XTnm~uG3DL#t5X$tYF;ZS}PI%bthxR^xP1S9Bbcct#hEM!3qroW<~`VHFGp+rvy36~x|G z=$ITzixS(t`gQLSr!*6gU1nYfTtPojSIZ1tLiiQNJ3m;V8c}BB(=%&p?qi)&8p+hl zp3k$(U=!QlD}~xdkwxf$7XXp6{RF1Ik5t$UpibA2-!Dd0 zPu5K5fBB+rX6B<|p(mg2Fw)G)wFb?PFhgXHV2WEp(19;7=i!zE*5pp}o_6*!A|tA;xcD&n0dPpfxQh1rt8qNu{5bZDb`E}fwy{}osy(~|2&THGo@;| z8Rt0AEThR%VisPU*|l*`y3UWFF*7Y)6ep!<>KOAS*Y1)Hn(6ym#!sm6URVI;Y_;`f z))4p{dmM+TDP9puvpp7hO+lvPs)2g3*r@+|$c3Tm=Z{rIg%<7G!(s_d@ z%!_=SxgWL8!;EC$4uI_6KnbEoVnw5*I!hvVUePOzz;g@=f$U!M$ON39Q53;3R=5Ei z{8?#7V^;WT8?&Rybg_4R&L^9Q2gaaF8Hpc_cNqCy*e>EC7Ve>13=cJSD+Ti!XM9uz z)1bFAq@9_1>AH-hM=uz&ee?=yO8dWGYtY=y&mZ0!k}%ZnaCUaS(Q;9Q*OMc>-N3+r zv`FL{=&b6eb3FMPP=%3d$?TpK+&itxfjx4cTG#YdVJ8{yp*tI)a(PuzuP=t)BTLS! z{EG?V$?wr?V&(X{T70B#HsDl@*Dz%l_iGt0e&6DL`GR`=dh%m!7ESH&9ZDVJ7a*XZ z@!vFihdY|tXh*jRi9m%&RZ+A$>m8RRuNNagGnURt8#ASZvKOj+Q%kc?z*3$>d0^s1eKflh=f?@Q3PNOMY(Ak#`0JnDeK z$0}w=xQ01|#-&LM$n01c+^upz3#GS*l6y>;u-OZ^rTDgit~|SQA#}ZWL#raXlXzaR z;JQ_Wf++nrB^CvK&^^{SMv@#Ao@<%UEgpNj^7kvs@}wo*e@pGa;dUYGQ?#uN2=pz& zQJ21xKeKKVV0Nw&UK7-k8x|B4sp?DWwNGg)z{-^qpda)3`m;5*hu&%R7=P3hGkRC9 zV}2=Qj*SKv#2w#sD3qMt#xSvA2Ni70b!`yI1wn;%2E|!!tgVVeO;!u6TX9d>?b9A^ zix!-wY}Sjq5bm2be*iIa*bmfy9mD7KAuFF>gUM(}P{?Uj;OSFX-UspSuZ`QvrxIq{ zJ1=~?4fY6)ir1dwh=jU)i0nT@lkT1BcnB-WUrM!p4n4EYAow_rE`(c-M3CtwNh`fe z1#_6`=7tnb{XzPK*bPJPk6$K?_2b^R-<^{2DNUG4QV2C`{u3w>$w67D*)}c&rtz@a616{zg(k^JpM|^ zr~P)%??*In7yuLb2{AHzWuyM>YIMVFw7;FBy+eKnkkyt`Rz@DREnKavoZM`k-`*Vn zL^P2{XJp|GtpGPKK;((C8v3u_L#E%(nSMJZoO~2B8xN>P-wDM2xQ}=eaQ6*BgoXAF z-4G3h9)L=Of<}aL*9`z7|1S)b-_mclA>U9?(aX;^J|BZI3YfbFW8;vKQ&3VdF|)9; zu|F0R5*85^lY1(!ps1v*qWwZgS5M!-(8AKn+Q!z--tDcsho_gfPsqE_u<(e;DDe9a zNy#Z6Kc(j8Gds5mU0dJS+}hsR zg&&`so}FJHE`R>27YYFF_i7>Ef3Mm9r(Q(JdZD7DqoHH|suv2X=dX$rp<~eT-6NLO z!ZdSvK+hk9Me-yur>X;+LEt%z)ZBFphm7&@Dii!y)qbnlpQ~8#f2n5wTCsnt*E~QD zfcjfPLq+xy8XB^v(2)rP6XRFH#KQb7Vf{f_w(@=6lG$``DP+ z|N7mZKDk>&4pfD^IRG9S3UV-^5dowD*ExvjI{-s+&K=-2=u}1TfpJ5(^X0=jf-AE- zK<@L#)O|$}EqM~aKSI{+DZCDHm%j461AHI0nELl6G=&$^Q?<}-4u0UCq03uRyy}&b z{<)&4){J73b0$d)4NaQh!s0|FpVNYTlMi*YBwF%-zefh$egC5tH~oVae;%kGss;7} zc$WACWciku&hPlV=5q1$WS2!(;vZM0!}%iFFH-US0Id^vzuj6Idmd2%!AZ@E;-2(Y z`BL3i1Hg{@E{s*2m1z;|ub{)8M;!}%XbVCQ;Pi@O%2I{(Tt>F-Ezs8K(qxZVp!>$L zPD^23>%;cdq>5Lg;Z!$U4YF^)NGb>R0WKu;#^%TmLQ3tW#4DW%jg0K1$oQ2S_`0YU zUZV3gD%gqD&*HqVA`gn8*=)IbwMXR{cQoI1J~h`68q!-oHcUOgKth!5VIUSeeviS2 z2A@}4C(p4TyFA(q$?1h@~QGcx{H%jKW!Jymwe)Rxka?)OTIykJjKS1SNZPYKF zTqwd*Wn?QN!t#iNCJ=`;_kT9e)ZPISxC`$9PIrKxl%+oZv7Bu?5dL#2-5A4K?#4l# zJ2)r#C8@W#4w2sbI{M7+!tCN*wC^v@_}K_dKGa5!C+DL^v1b20GQr*0A5DZmSb9*- zvi5^kl>{py^aAKw-(v*3WM&{v#f zM29QeyrkA+N!INUGS?P$6M6J1UKehX+T*u#uwN*9El=mIQ?-v*lGWK7vNqlAdk2W3 z;cXaK4^Fk(jFs$7+ko)QF=tw^J`?bE$)w~hiNlsSF_aGU$63Y<03gDlliK!GCh`S4 zWD_@;s-H;u8TtU$`gs)hYkB)Qvn?$o)(-9f_x#WiY^xm9gP*t#>MmcSLHyl|B|KGe z=`r1H1CR6AW2iAa17%0$46Cl$rfQEuJb-u-JVlE63;iT6yJBIK8GfCX&9=cSHR9KS zWSWFoX@LY$e&*AD95CON-D_G{a^9nnLNB$iQ`5SQ`uP@2-S06*CRlz}mW@oUg_dY( z=~>jprv*@4%Z79;Q(8=)k_s6z=N0!moi|jz#|h+EDG?1_J}F_&kNw#x1jRk;!Aet(yVZEaO&?;`KFe;_JIfaJ*mCo^qzSuWLZs5GcQR6GdQE1UE%cU3v*XMpamh(pQr%y0|EzTOeDlb_4 z$hL*4&Vh4NlG^Gpp`b#9E(I+tvg!Q+{UEAzt?Ty^^tC~jA+wm^wRFO!BvL0c?@Vmi z-nqxL6cd6*gWNVXooIpUXl8uCw(mJ<9sz?|%LY!leqfB!OFS?~{S?U3*q)1c?KvzZ zlG9Jt+pcA}CQ6z$Sw@v!i7|mv9OKoevqx81?E-uLT=wXf<$wsAN(=WpXA$~on#w)7v*8cRx&j@C`k_ zE&!zz8_u&vH3ujBLBUD^0Ogy!;p>%@EQvvoG95JR|5$7J3TWPSki4bgEd4?@jz_|A zV)dfxrCW=@(h@HIuD2PzNC1 zqCLfxBCBCTReEZxm<9j_^Ao;Z>LI-LZO10pl z-o}v1kz~ikz0x1{Ry!mnP-mLKCsRRDQ&!5()Z+GgfHVvgdHcxAMhkF-Ny6fG=!92SrWZ7inW;VzgsW-htToH|46j`fsTi=D~%~d z+ukKjGvk%i;VY2lu&xE3s(B@a>G}>6tw~c%?}sV%E%`1_x!oOrri~=m-rLtv-OJ2W zy09&FQ!{5T6i4j!GR(>vC7fMJ6rE6(HYD{1_xr8H?TA=rjq{r1lddZQ)4(=v zrb-K;9ilu}%Q|9g6kP_c5dv9-CivdD>x5uhJf+ zkHVv&xYy6%hdIy}c*%Z7`gwSyb>VdU;sRjfaP#iB<%Q7Y0~F|JRG?jHp7Iz`11{FX zhE&-;yY+7;So^#rG%ks$F#At}4s=Lqq)D3_#fr9TiWV@|tQZ>b2-)2Db)y*bUSZ>X zLqkr7?*~5gi;rN39u#P5wqdd)W{P3g0psrg_nqHfm577h8Iso4bTKN6Q9F(a6r=QV zzSvOi>i}w*vTNy#oIe`%hXEl(u&veG;#H0Nw!x1abeFdrtoOE_yB1dy5i$%s@d!9w z?GL!JlOTmdZi(&y;bK``1P``Dx~U}3k=B{8sWo^~`9!GG?Bkxj8n`ll@X?P(@|u{oryuGj9P_iKZ((P{YBUp(J5Z#tL1 zI8e^E{b{@}jd%UPYIRXVGyZi-5uI`T2(_hVMXDZS`AMKRyMpX7PskmBl3R+*>%BId zYbpKb{?CFId7e*i&0G)Y`^E)6Zg47Nic&Ie2|_<;ja)n$Eb|wc#4mV#;LQ7Rl)AUa zM0l~0)GQb$^WCfIsrszi^PqCubB`<%2_h?~v7$!2rDru({Ko~$4`Alw!2^u*N2Q>5 zcqs4#k`JjfdXjn2i{1eekM_@ zPCqM=#z4X^W#_*&zcvK*k!#-p8bCLAQ5b?^=Hi-ECbVxvb_OH%@EDmk6XO zoTy>0ja2+mw%L6?k%U*M7|QRcK1cb@kosjz{k0kMZsLzt$Ujj2|LJ%5Yy1$PyU9Ol z@jsAB|7`KUs>Of&QH%d`jQ@4MHSI*zO0A^^y6-$TGTZM$4z$@=OZrpPKWrXgxZR7| zkzS>o1Z{n~EN2)C~0_GrOD zY5Z-W&CT1N8r&2eXe{Vp1_@G zpei#0?x|7ThLn1l>NkBCyt1xouX*+U+dA>Pz^)`lLRoY|CE9hp?V$EAb?;?|W~4g!XW3UIGM%LyZ<^!!sS#d+t7s0Kx!yWk~zvwK43Zd)rS2-aYZO z`=jYVtVR4#=$Lg3sZ2|+jKl$p=)~;KrZ_O;gYI&~wRj0a<7F%C@T-%f^Sh1uY zJO#$~pjXi&jaL#@*L9-3E3+b?X&bF`OgOiz!^jvGxC!Fo5Dt%?MmtoC~0{j)Z z>a`1dmd}~LaQ9Tb?jChEBhIm{^b|pv{eYTTWapDsQEShQ%h;EU3p-9e4cE-crYA!I zFF>6RR(Aji$cBmHdj&P`_8EO=>DF`5)Pkq`1x?c(0J|*Z`UIH7bIm;U>w2AagU6O* zH=$uCS3S4&7Oib-)9tH5)yQdTaZCd0bo}jE>l}Tqw*7fmxc9d%qHi1^o~AB$(|B&O^2Sy^kUh%7lhI@d**L8Vb_ zsWO|OJlte(Dg!l)YOqxl>(hKnuWvRF&}uD<9@ zqyFL|i`PVP3^L;Ev^bdA1u%`MIv#XHp&DE&i9=2>W_QaO-mA{2@aV_)B!=(PvmjWv z>6sX4gX0d+ynP1xW5}-< z6kaqGqrSE&zbB4^NNrbdx337JVSsN2ecsEYIo@=}XWE~b=c6|;|M*lnI)+RZTU;F% ztydl8x~D+P_uB;_e%<{tcsjjC!Dn@^&@y-GVy~2f?|~_tPUxKb|QmT8D=3 zb{u7D>pi}%yH)ZSO}xF`O@Ie)4*9auaE&1y@p#v~ux>+0$f-2doL7#-lO}LSVbIKh zqCr$HA6J{u_F6P=r4`u%R`D9a~*@*BZ*PGs#p1rFyAej~VTv*Nr-q(Jm z)aZl?3LM*C8BA`{-^M@eD4&TZm5!vF#LMDMR*mEyOxWJV-{R+E-@7)TJu7R!k4Sk6 zcRsMNE4NLa_Q-YQf6=5mbH8=TPxtT>>q1Z^?bdkQ3o?n6p7t81HM3S_A8&_@pCzhW>Q5GR1m7wFLNkSiLhLq9Z75Q}D@GnWj``}D zbIs6+=vABE&yHz|15;8zxAvCF0B*0(M*W7m(ORjCxWE0GXizy@}7y6ASx*gc;FQJ|O?`RW}Y;+77PDvg5(AUdzdJ9*rl?*Z?X z@%*roq{E1h!k7SHgnqp`7tXXqWEIJjcZ$9>7%UIa<&dCY^odCay6u_tT#5A9k@pZp z?cww`Xzg+*@4mr`dAaC>*0$Io5btbHqFq_$Hhk1>@l~ENZd3{G7<+cCOfYxwOzK5~ z90P_O;N)ffSTahmQ!mOW>B$|Sry^{^j~#A$O@Crqp08G_NADid$;W2aU}v+_Fjap` z*biMsn21rc%&Aw-jb1c$Rj7Jd3f>r}`;ly2k>QpXjH^7&$>nwjR0#t^SzsYU!CfiW8iVCqzW8EEuc5 z!F(FUcVQ6=3MH2y=msmZd@3z)*haR# zf7ajn5A)CC&3b#Dy#((p)^t;H6$`zhuQ)Vnh=(`N&+fK^&LqBbtmm z0Hf`fn6f-7o29J(T$;V`BZptDrbJ!iTCGUO>JqTbFvKx6^GS@U&`}dVF_(Jl8oC-4 zlBw?9LnDZ|fem&p-D`!hbQobqAHe$`7;|c%YjJkH2BWc^X|P$!mRTK1zj6> zuQ-$2nQ&E_@*DGSSo0muZbB|B<2|Tt!Tba2_yXyA9P;8V3*7!3(g&EfcL0jATdsL8 zOIdmYYNKd6-}e$}G<0lfebh=%qGQ9~?TtRX-_Y|Fq>RY%hf8<$aXRr-FgJq7(gz=O zi643~iWu*DZ2^MO@CdPvqu5S(o6d7?iv0*4-2twdgqHC+Q@Uf69lAJWyZDoMws1kb zRS#+2#R==hAUxLs>I(hzLD5t$Bj6A8N{VePN$%?M!`%4Ip zZZSM5`tL{9cCC>w*`BP*73(PzKNXk7d9qsV>K1i56{TEz$dRS!CxtjE^b>;1RNa4NPFzJ)VTNY;Zp!0L0v7v~2cYmohA{d0p$8qh3! zQ^L6gl)|F+u~+=8e0r6v08Y@oOmPMzz7{f4ReN%7G`JV-yVE|_Hs~UB5%&xOERQ$9 zAKgMLgz22Vr>OknObt^rTzAZAv+8Su~p!=BNhnB6ulBNbpR7%6?{Afb`*ZHy4f$whC*0WMF6$kGCb;&sn{_p@OwGIB1 zE?NDF1;VmRIlkkib(3%WoZOo6j}n7HsGY9x^L&V-Bgsbz7y2jV1dXp8daP3&KIJzy zCKe>?av!eO2=Mh=vw)S?-|Mg~>QmGI4Kw|_yAf46Pc&*q67!EI>7C5ywR~7dWyEo! z{>`Z1FrT=UY0kQ7xdUulSMB}#QcxcI@6?)41ZQO;%{XBOZ*v%`^sI!jmBfkc1*T}Lr;|)6&HignGqvA4&4K-QA@-vzFgS{}2vFhy78}Zb=%&N&>lXPT%dpvL z{7EvT!X7Mr%}|w|eo(>0-{-yHFj2?RXe6W5g$He|ajCF*oUuhM6;6gDwb$-;_h%uv zfA-v8+H(b%nDpQ%K<)JV#{mZBdgEWlrXmrCh%rlzKE+IaZ+uHhPFiEl(Fs>{eaPP+(fHkWRA75LXg9s9Wn+3w1lQW8BE%IFN4yG+q0B#L zZ8^G)=qB?ZybBcCtkydB0jJDcqPy0mZ?NNIF~Q^RSBVKqfF+No@m-e99g)am`pCJ0U+!8=|FbM{L%Cjm2q3vl`?|cmjLKxa@6&6BVTU+;>eDjmS>>f zkuyq|j$!Lv)mqbPsB0lCG=7MRBO9(4cE*E=h}VMkmghK~&Msl|T^Knpx{rz*zZu+@ zcRTxtT=4#dV3&;ReOMSbHzk~Er_bopTaYo^h$6EN_CYaL$XOwHv_s}xWWV(A$9|aw zb*67LB{Wj8*i$CkUyTe6{Ga+S8~j99;|aZ5UZ_!b={~R*E-!_$>M^pPS+j&{?J7|+ zOjRGfEz+x?$_AGiD{!%bseG*~fIeR3IT)|FLW8XY$Gt+> z(shlFO}kb_U}su;H&lmU>9%eMZZ}@4R9GGKQ%~xad*Z_y1TX^(@;VW zY&pD*;C48<`LPK{CU&c0iCBqgtBFIeI$E`50CW+%_mHwVeI@iXo*K~(l@6CMTJ6f+ z`592S%4Pp^WB|HBtlL~C%+Ky@ZQxf!c|Xbjvh^K^us+eiRTAW< z;Lo>XFfc5{QViE2(J~FJJb2oL!oG{E5)QZ&i<0$0;IlApC%RDz+ChNj#U zWn_Z^9%bzbu~)5k0D_M%(_Pv<{l=^7=Fr~3k2*&mAPv(OQsi))!k^kKvrf=KqfzRF zmV^ZS7wP;7SW?{&jxMsQ&Wj7}+f4GHCDf9%@0ugTo^=-pEGb{YkpDYZdw9h zVm@kzKv{j>K+MQxy~>!v;Z|X5VjN+ zA`Ln;O-{xS`Me{f=-8X{rXWF-@_0=v_V6AqUSJ-2ViM+#F)pMX<1sb&zzJKtnp| zTv=w-mW0+oIhn*D#I)vK!)n(3mq?DW*hW@l?G=f)Q*3iYz7iC@Zx3U>;exf}gh+TI@XvszLyzTwR0@Eep^`VJ!ttMlCi$ujg7E@KSlw+egn7zR5+wEIP7C> z22gsDzl1@0w_xpE%M>$%{B{+bsrkH2KUx!c6>OiGE1)0FU%!e$J1|l6Udf{JI)ZN2 zta8|?SCrM4c$5Cvt4Ja`wzdRAWwIl3DMkPyeLCm|+DN3Tn&mnP$)SBUSh4lU_h|n% z`3?YUkm7mvCG1krAo>2xVpaL!V9>Ii84^_?Zk9>hBnMXgfQLD#3HOS*Pt~ETGR!WGySu(b>)v%gTk4SV--$1KIhC$k$#k+ z0P}skdv6N*9=-7biX$LM*QFo%nhuOP2X(Y)L7CX#qx$phmqLB1{4=X*8(S2#A>&`s z)^y8?2<8a1+YA%mYh8{Ja^kq+*$7-#Q-l)DcIBNZ@w@7DskQUFvrfqh9QUj zoqMmt<}!^JxhcX8s(j4{6&Z6f!=+ay;vyN7UIYu#5*MPoqM#GX&`!_IZPvl4p?84D z*O2IG1DJD6jk8mmEqH3xlENztTKz=StZGrKkD(B?%?fd|5)1m4DN5zhQnu(7_;QYE zxa?r9_5CHr;!`K%v`q!w?KiTRXpE@JhTD|T$6E5%zj%^=DN_Hr+bri)*en}Nkd!NO0@~z&Gr45dpv|c(_w{w8GCZvC^Cvk ziH;}_$=^pVWg<-rg|!E_rv|On}yRjHk0iLP7k%a zs-*}ggb@yg*p@Xt`0*OEA4GPG+uj)~uF%*rWrjr5-UT~Y#`K!oeq+qxRL$mUaKUkl z6a5C;-Dx$39(Y2i4j>VJ@^75D3q{a!#_hqMZ$|2zpsZ#oP04q(US+2uKB6Cz>3ZesgfDS2#h$VC!dHJ9J67^zHo zf1pAxkgQEEH`UQTcxx}byMhA2v9ezby=#qdBur9;*?J9&zO+v^G#|GpFDt9aX)+J6jA?lt&U?(wku;?=tb= zw;v_sa`FS7S{~SqBdI@oEdBf_onh=UYmBc56f}qedWA)QY)nW*hn)C-Dmw~iN%wZC zYFOKgSLe{gwAU0ZA-+VAnyB4bAhjB+KcN96c0n0+P-QW z7_6m9lldu7sehs$bXY~GeM(f-Ca)%9f;|hVOMunn>^SJKkxovmU!cah^E(i=p9T!P zYdNu|Ca2Q+>O#zKNXOtC+EDB_W>H>Vbu0$z535S&cL0R_GVTsdK*1_OcxpgKsR_g7 zv@cX+Nm$g41eMywLSSb=(S+y%Ytqjv(PnK z$i~`X1PnE3g7oZB`+?eOnaR}19%KovdaCZLl%Rfv2G~>Vr0Howja>3&WkH}sj9%|! z&HV2#&nhB8|0O>?}E(2;R|O!)HnA409Vli>hiEg0%?n{PFSzrQ7}2$cdNERa}& z={{R_%E7YTiNp~zn>i$DgL~+*>FOZHB7I#L3hHHmGjvH&z;?!^YuZ;IhV-AbO>Eud zUAQP_v^{@)2hdBmYQA!VB8k-yxB0R*e*dhMvSp;q+mBtg|EPMCcb@LpGw{-)|G4QY z4K(FBTIYDpg}8B90TF1dWRYyc5LsRCg`SVBe(Z4LGJ-D8J@0kK*`>ip zIIgN{;LOC2FvVi@TxX%Gl<5!94Usae4*4@z?8S+ zPXla6=Rb``Su`R*n0Xb09ENeh>lWW6&sQy9(YPB`7BCqx`2!R zw4nH}QVCFhrwq%4dF>{*4ir=c5 zv0%|7q2dZJ=T5A8J7R&N4ro<)_W@SSO$LY^4kG>9n+K&d_mF54{W&!RBG~f!(GVvi z>F=Q07WjV=CjVb)-~aA={(<__3!z%pg+6R14q&9%Y^5omS=KNU8$~0v5`})jA0lvv zw+A696t!^$g>3F_jpkL)yL#E90B-Hh~YOd*&UQOnB-tFuzZ|7AFxn5nISe{DLqyk2(ec=|H+==&t2z zvb10U3Df6Oc`E%YWaamn3NsJh;Uo4Q7BJf8@3-Z_zNLhKEG(+pm)zmFHGNgi8ND#Uzv&a zu@_N17g}t$qlgG|{5`*?FoNEr(7{zu^v{F3a->I$xy8F6tYcH3@q_`){{#{ibLm9r z1myeHC-^ejDaYdEbJPvV)GetWIbv|tp+!1m+`z#87U;|_`bsg@TBOh5BKA1{Bc07< z#H%;@s03SOXGv3^d|e7n70jFJl2%grW!V^C>!i>ocA&qpx1z=>L2BuNzpXavPrZ#T zVpUrbzI@?VmH=S7I@lP%rX#M!%xP%HE8cdwv`?mvLE&;xJ=Lo^0DTA zKve=*W(EfmM@{`Wz3Ps>n1MDXj)VF4Z6`Pi;Vekj z`wG%w1M1W&Ft*Ebju>`6j~MWd;!C&5<5t*^=3lqOi~5cAzH=?NGD?b2r>2f4w$l@P z>+`|dNVoAxrahhw<+j3VlE^EpzI9DZzW*5ig;)a{kgy(vV7 zSz>O{t_9%n!R6P^Fn+|y+#8S7(IN1Q4+>~vC_>Cpnpyl|BZv3yxtWB*qdVp*AjsfY zlLv5(E=br;*>gn)Ir^@aQT-`-j0hQ6tGtrASUOM}Irc;9Oap=Veg@F^2?-7+HgHIlSMahFt$dAS)0g){ifnb8bTxY|Y+#gb;rTy5HYKrQW7L2@}LGOVTMSF}CKk!g){Nc$=; zqN3okzimQsq{L-JdTl12)pyhSS=?Ug&%w2QAH|-mcg?*GtJlNsD~l#jQC<}1Q-$Ml z1yG~8ned}0QC&C5r;_3w%eZIp5mX1KR4RMg-h3tt&81qhPS5zNxMk26#A9qWJEvV> z7G2VK5`1J;D>nqa^_i?1gyoi%b}Js@T2tmlF{;k7Z6K>r3!`4CgD9ozSy*9cT?G{) zc(h9j7(Uw8=AT$Bt|No-Y35u~YhtDhZeq_w1TAbp&_NCd1Jtt8QIwN%X4+)=cLO3?adKc#OOJSe`McDG$64HgJ8tUC}5bo~{?2+WNNPSAyEZ>?CYA(?rFrvyW#>X!D5GIN70{o+@ zT3llm*rVm3r<=(*b$Y;{8l?oSpL}?9Wih}{#u`nBC&p{7oz>FlW?}>nSs7`8g*>kf zyWQk^0@2hHYDi>@cav}M5hM2CUBJ4Gpk05sPJqOq9SsT`DzKgosd$r*Hq=93q2G8F zN!yb9#s^B{mD^Y_Rye*gR1h^c>?TG!iZocJKIA5S*WYTlMTS(%r0Bt<;@32YyUK(L z+LnH-RU4T(9ZO&{R6gq-Z}~=9(jZ-RSWvi|sapsg#FgaCH{-Dmx9E4FGuvQP zW5ooZy{8@72fT6Fmad(?j%&w3?g;^JKXotg&N|5O_hjjo1gd-M&&%d1K6bI$Fko)X zFb+I3qe8pgE@Z5GO#no+z#O`zvFfPx1x2B4Rg*74M1-`DfXS9}s=SHM^_ zDOZZf_)H^2^y-T($Q5Ahber6rLvviX6x`oaQ9EW;ke0E(d4LI9cQ;jMVfV!-e+ zeg(HO*zG12FUEDtJ?2xtMEZ)&G%3r0k>p}sVHb5829Fzw9uH3F(z7VesKBqsE)XAe zHfA!B8{u<})^LsLGzbmXgr6{|D9Ol|^2s2B(oDB+s%?n!2$tIQDRb-E3j}3}mjl!| z9612UcI$m~>T|)v_bRu9!Wd&09(>K~B2x=hM(3mGW7imKV}qxBJBq$<{!J}0g2yj8{Bv8X#X4?Sak z8k@w>mBWd1Kyg2KZ8{4J7QWw7h8XOa14f_TI4x0}=~`!s=CE_oYCNXIJ(4mTV8tPE zT}VI?T)stmb38jRZ!?fFXylp&kX2+07kGP>CQB$nshQ@aSq|z zYv@#1YEZ<#vnkD*Bl#)WfD-$lnHT$X?f zJ_*_eFzu1pc$7vqqgTrQFl-m1iHPQ!j&#~TIBb=4;cD4#hybg4GIU9}V(2)7+f^u4(da zJ$`)-!<)<@!*|OJbXvq@3x|E!lFHuz0F1Y(!2ReFwE}}hM0@v?39zjll4uV19&HMH z`np#?{G<36Oh|EsIiidvi|0Tbw&Tv#rc|$MjDVz9kC^Q(597xB=?!Pqz5dyqMRA5z z$G|e1TUSfvjmbAJ)tGIj$An>+&oV7eBSEaj`DKMK#BAe^~|%0 zfbTrsZdc-7_fAX}=2}$EHYH{S63(B0!X>+G;KMSN?wL-tImmH$zP?}O7UD{PTxL|wfQpWi(i&+s=N;I#`zdE@S-`dSJlF` zm|f@N!-s1z2p#{9a`ENcUMj(!J<9dqZB7lkg+7M1R7OB%ki{itF5Hx0QkkjpBa)g! z|5p)=aafDXR)mF#j5z2ijWr*~){#{8>SqETjhe|&FA>9%Th<&smb;c{8idI`F}D-5 zuf~zQ4EaM43Rp&J1Fm}RH0_6yBM*JVyuYWL&?{XlBwuwf-x?(AIOdaCG6@GuE}dU= zWK|yp%g3cNOkV4JQJ|=Kb0V@fqPT8=KgH?7&sg? zAan;d@>Fw?UWY74<}>}`*lK(+?TuG|e&+)ekV?Ep%8Qz4-K6X)--zVR7u28VIMHMB z(i56!^>%n5qo`hmP@WJ!mYi#@sPPM#xTk*d{9j5P$Oi35KZf$=TXl4BfgA6&^Y6`E zW5Ac8z^)AZJ> z;^1RanYhycreBcCqRYhEWY{<{&!pvd3A|F;#zqe`%0aNKr5peY>+8PQ?{H^WF%-0> zhJ2(2zmYN{(Ns`Skm0Gs|Av&HiLlYN6r`jg@)K!;nL>;e96m8MdssKdZCbdYH4kOA z*6Y5t-59y2heN{i5Cf3}A6z{OyQQA>;#kqmz4j&{QeulW2V{w zjX7hNy3ZY5juL^W<=(wAkod{|!ry~G848gg zt2gAa1u1d-ikQ%!Y$sIjZ5dOyAj z)G18bYU*&Mk+yY7h=mNbQLgb2_TPl4`%Fh@$-RFxniIf$?JZ4ISAnw!oB<*A0$9wD z)$#2#5+>upUGscTGkT`Kz3AVx5g_1)++!xR2^#H8jEu>#yh-g82eKexy2Xt_&a?|} z7YiwCzPLs2wSLx|{;HQ3JP-YBkX0XDO$nDmj&_Ti_+J|x)qpoV)4dw_9zAVMS=j5M|DnHbY(s9dc;+2|bQx-)G_(1v1V&O0D<#J>q<&$?;R zbpA4{j{IG#oP)Fb+EI9OKwYUpH?epaAHV3sbZoQ4+$YN7t}8SSowwY6MpL)k4wbv9 zABbiR4HU);m+i+&XCrv2e6YD6TAG{Tx`1YKEtZUx#IhqB(Y&6;#zxn z;_*pcB8$}#so_j}?;JrQk&qg0W;@IidRqdEHfo;adc8LJx(@4|Ub53B4==L{e;=Bo z72}yMIx$~5(ZM;ej^&*MM?ixVCc@L=bN(Fw{&TGVQELtNL>*~v2o5Q1mM#boo1GpX zW1FK^M)>k{6)vq^gD4j6QKO&bDqq%2z2wTbU}qm~lz8@y?v+*)7!|p9l<{&8C^mo! z0dDrcDSSseE|}&!b68$6ZV5JufIbgqb`O2jfuh72VB82etH>xS7&<2%wMVqT!F$l~ zsJHDTvvx;0FYR=9NTiI%GP)B7#!I81B2fwY7HGi&SsJfuk&$bXrFK(tQ0bukR@pB* z@X)BUZmzEo-C0Ji4KiA?8KqHLd;nr9%5TV1(gwQRvj~DNHPGY~D{$^Rk`!dTb26s8 zA3LNUx^xhf{A~pQ=y`o@ix|BF;CgL`UjeUJu4qKpkWuRuwU=$4DWgA&>emJ@MnKZ{ zf5Q}=8xj5I@xk@&nC;anmp=karHEy6r5@hk&tM@aR|U|#A6ltfF;^Eb}LZ~nRe zmo1KU%U(M>uOF8>ZZv`pyJNPFHPt+tL7iEVKg;nmR=J#3HQ>xyZ?tcJ&ejIF_eVlj zD|gR!6{N~|hIVp7DvVTkT~F0+6;b4Ud$X?i{oE(v=OAoj1p?p5R}GNq;iUUI@a6q0 z_=D9#Bw)MB0?*aoIX~bx>LHi|8*C&Ud*nhIiAl($c>!qq1c~_EeOo3XhF$}%#Vl5& zBK6C;j+q}24nm=n<}6{U?{wx}?3i}P6(h#vNlz6clo_js<_kPr0hH#--?l~n4}0$c z)zr7`jRp~sA{_xKktQ9K-lHH*1f+wM(2GcwP5=SvO+Y|EI*3S#ln{F8MVb^rI)vU6 zYJh+*=eF;j_nrIRdGCMj{qBE^I|dnH?J=^mvy#2$Tyy@)@t4hlw;X=9N%}V47GcCh z9Nfn&p@shgiVVMEIZ-|#5HBPr>MRbTdCicv^mV##vW%ZvH8|w6HN8nC z_Xvhc{@yz#lo8qYXw9T>Nu@@~!k7lAX@73JZK_1M`PJm-uS#-OvufCJt&5$ii~N%7 zj@&!T?Gq>SuQn5Yz?zAJ@kt|3DmS#Q669}9TklDG?OlU5kQe$RSLcrm`@uD5d$y$* z`dMEYq+azl3y{&OZi39F;hT8~xJ>=Vg~z6}3xNAdKh(FaJGjnR4ksZAdi@EiT4>d zl(lYtdW+MU;@w*!E`XO9ru|X_YYw7qz2AQ~T^t8R-sId9-78tmIJ(?P41V;MIJo|+ zFUQpEA`a5qgTJIjkVxQ=vO6WKj+3P$A91xjvrS1*RJ*PKE!i+t1U&=LSQwsYy_F^J zCvtxvDBaYPed)}Dy{26ong@=s2)o;hrl~}v#SE8Jq7w&@!GeP?xeE{_iEW|(#wo#Z zOa6Uh|G#;g-=FZEtjSfxCC7_C|1k4lCDC2NQ7$A)^o^`2R&Abxm^BVey7!m}*}G)E zzG_F_t32S}k3IXttNb5{5Px~?v#-PLdQ@s{_{nO}QK9LnQw=*OFf+uUwj;jAXtRb) z%PV_XRJW5oHcqpW33usU!t-F6f* zi^H0oQ*Yh)hE+!jaCJ!E%11hTTe@0)Zabsy^MCi`6W;tsRADIxUVp`R?BErwRR{<4 z+t!A#|F9o|g>g<+Z~7*$Fy_BanouS?W0s)Zd@=RQO^9d`$&XAk(^5TKPgdNvaN98 zzp-shF;${5ya0x^k9NF>pd)87dcu*snHCM~rZ3kpRdTfA`+k_>+`6~j5yM@X@>lJn zKT*4g){4Zj(v;(wQSLJURLNN*Z~KMHx-388Sj}}W=uAW2fbh?OgE43g&)bpb`dLvc zL_R$f9PGW!3J>v-0d4|TQ{EDCycIFq=oksR7Qr->{|4A$>}H*7`Q@j+JSUzt;kiDt zSnIp|(qO$6mvpg*id>2e3nJSB+xsBfW0U5npcp&I@UJw-7sq)AtXtd|+yyNuI|T%Z>>S zMEZ%V1#?{pX1FXK&Ky4Ww(-#e;FJcci@ewnWUfN4UNW=sS~?l~u0ouC`w!l)t)}6& z3%w0?9GMq{rx}>$AU^DqRL_1mCRjnp{`1=)wJi4G`rm-Ma)9ntxA{3VyX*qkzE61F z*8dao+&QYkQN7u4I+#Y-=@>2I3OI#fV z*sl(Lcl#?I0NLE*Nmd46xdgf2<6rls$;hl<#`t{F97E~t#<`lJy5?-!T( z8_^f!DWZ>1G6k2NO9X@GAL4N@8y>YN|m7;DvUc6Gx8V>j5^K`NS^Av zJK*J8)5IUoSYC0NM;S)J_BzxM=0zRaj7N>9BGsWy)OU9~NHxIcl7$HSa4J>#s17lMn!Tb^{lO3K zy1Vy-EZVG#eR8N#pxrI>o4so?lt3%Aa3^hYL=1MalSaME>a%-fMjZOYc9xM=)*|d( z-Y+9eLCo1f2#y%%i39QOWDd6SCnIN{p$2aSV4Oc>Wq^gEJ^*mr1O7$tA4W^u?G`F# zftHsdnAy&YT6rpo9EwTNoj2}|f@L!FuEglIr6GBBCQ`vE22y+i+kB;&W$U&7WhC=Q zm9=QA@-V?BXyppmd|&_X&I;FCbxJph&3>K9w~?tc0i-yHV_=q=WW~xK3@Tcv%w`3% zr6!W!(aw%?Ha*(e6$$}YMiv5@0n&&fy6d^$fW4nJAjncKkvx;Pe>q(5H{e_Xx0ph+ z=IO5)QNtliSN9e>uNkT$HOKc1U%M&PYj3M<5Bk?U;_ppXE4xT5DRDRzdF9_SA#UKk zZSE8seV4mXdpx7Kg7yj&J)#xd(ZOb&2sCun?g>pJd zN0N7I0kOKRm#*|>o)WEJbXN| z=hlM03Yi7;S6<{=cLi~;oGW1@#s6fxnmm)C{MATkd@mKa}N!_rBQNpR4>7!UjTSrlePVz_8hus9!^GzRhk zXLk|Pg{Ujho~iVO2dWiZ|Da=Gyvi!ZSQdZZs+fO8=lyCY=`@hnt>)QslWejo`pYf} zWhemzt`_oXDmL4OUUrhEbj5n;-kZ3w>tk1^bEmJ{{uu^uVg`zJeASGH1@D~8m@oJP z@RSJzXbfxpaI#nbCIj}ba$tBScXJO3CUD>F;%|VWSmIv|Mei`Y_-D9xdEY5OH1p8#JKP<)2>$&mU4QTdjQ|i`|@=i*Wvklt%Uwo zT?X&0H!_HAXOT467JA1wwzJfkb0RalyOd6K>_NYv;73$>q|_4}0|5=)V@88|rJv4_ z<@>qXT6z=q8!V(018zuNm;U-zrWE+zpK=A4Z2rf8$69r$eoxx;CA;PX2Cw_GiXRfE? zhvsbzpW7V#q}s`?cQh3e%R-C^Ujat?jK5+bpUCMjc}F>%uVb{PFNL>~WK6`gw8GAH z(`HrY$(x6*3$Zq!+XtQXWbOrv4kqG|k2%eTh3j>8WL21%jvz*lR^yB5ihIl|(A z;hB&{3Xt7z04-J?b@cS&q%{v-=Ge?Pa@&D}FsHZ~uC!Or&0#OLVz^i<)P1F}zP`Q! zwmxmLt4)67?7DUvD3ki4OCcr42(W=K(1z=bw1J3)qM%-k@q|5Go$~y3ad#fzzf&*A z4l+l}TT#?IbW|}(k>b5{ta!igAGr%h!F#1ux)@|Npj(EGa;f3vqrsn_p6S-n~i04Q1k*9u6}khLXVN(+)BSU2oLCw;Ym#LlKAu@T6=;i ze3cYEnN|Cmk>w`}kc28(Ap>oa&|OEhlxs~(T&v$Hx$<2I-n`Ll*m*65)(Wr9wpRQB z4H~kAcHmgn&0mU+kosOE4Wk*7Nf9qfH=y_w81)_&c9i(HOk8KB^13@H3SHi6>aom0 zZ&|1BwHlyT`kF8IF+?g7*`1zy)tL zwOWzGe62v_kihE6J%}F)>-*|@W_sN@i2gbL2sjlk!zO+_yq7R`18+W#6sxqn7-cSu zDv7ek;U7+<_)qxik}5fs6spfF8p3+MTU(fXqHU9nvoLf*j?9oC;c>P7wPq$phr2Em zDzf6=dI>XII;Dj^Dtg+^*CyQV7UKvJ>E8T@C{)UG7v((ti#JXW9AxFv& z!$lxI!n$nUWcQjIQ=M!){Yi~1uBf=H^NR$jRJ7I^-a^2K9`Ye~6*}8bpzw1_oOy>G!zBAQh92BB^T=#=>%28OR|0z49t85_>* zC&fjGB%J}soAEs9Mr=4n&sn` zxqQ-BQtobfg!R%QakV^)c9|y2SmUL~&yuU3wLve>USoS>WS)Yn%AbW6wZ9oH=33NQbQdh{Rt|0k+d(iplgYmwkw_SBE+elj~2yGcUs@hy0f zM?54^P8;p4CjDfXDG}j98?%IR*IUAoApU*`{vVI1e=E@aN5}Avg?4Arz~!?}Amf~G zWbdT#oX|9>x5UE^E+^x&8%C`6LkCjHq|CGFleQM`20H`kFwo)A)_a{?k)l1{v$n+R z3WYB!iPYVKr}GKXZ4Pg;p7;{!t$UurbLOvnKn*n!+%(Pa`cww>$n^0gU>+-venB|7 zOlZY!pScY5JN-O1(~J|Os(VmU-P!)#EV*IBQ(MW4Y58xZt^ep_f0g(CcTamHU>|@*f{w=Q zI`9*`SF3jK;J(Ou2q%NpBi$FF^ZiBXL)rAEoUb+XRmcf>KH#%B$BY3 z5mAFtd6w);TQ?9Ov|qt`vd9N%VD_%uIMxN{AxIEbBeyX={XgZ|=Ex})D;am)T@pIP zkL5VB2rp;#j=7!o7#T^Jg~tRy8t|C0Ndh7o3btORSJDLf0K8p-V0rh*F?@oE_0Cm_ z)0%5PvnT!noI==C|J+))kub@xr_fJY)4k``_FUU1>gb@z-dqxdwa`sp!~UPLe%xrm zqI%bw_txVpu3AC|8i|G-Nk92qPn*#i@X#O<_2qdUok1Qd<`fWs2 zvekrV-GTOCK+vz;JJ)=e-vG1G16iShfv*lPm9j!k9Vyr8bX#rZHJ5QJ#}A3iJjKq* zZ*Tm{VM7iIvPV^^CsS>ltrpU(loR=w&D9n-#Pz!zCYC+1fAJ}`-DAYbuHFrcG`qSJT$6I7yCJASx0)v zyTTZ<)<_q*xM%6Q!do(7sCRMq19OBl^-SY{hTVw4RD8KRfxhIDp^{*V>pExvt8za1 z_5Ra*hW=VB+3swExT9@$D^8NQQ?)!-feA`+S$_JOs7~3TE+b0dieGD_Qm+dK=!jG{| z>mb6ye&jrrEA->SQ@} z#B=@v=x-aL?VE<+W7@wsS{uPo-P3h8M|1&7Oy%{%PX%{)`ZjN@oNq`87T(;q|T-ijn#$xKyXvXs!j0SV0p2#Quxh!SiV#%T1K0M&E}Vu z6ZFPKymJbu8J2SiT3}fZ1S$a7J;R2fMDT9yIc^33| z%u1x#>DQa2u1O)9u+bBNpq(c4H@bLffh>S*NE3lrGh|JX?;2`xKWMa|{H z5aBS;9n+U{y*nvDcN9<=S8?GL)Vb}~G z6A)x+=f9t^0(U4l*F09ZtFTK#wVWuq2`EA)Pw@L8-pNyApQ6{w7JYRU>s#xTx$WoP zcNlpQA6D~G&fQQwFx`l5=0SpPZC4av3bnE{TlC4-p35JKKen+<_2QsxP-D1he}8H& zQ*IDUb4}x`)d{`>@yMZ>JXTkNH;zM2Ym>Jhlx)1 z2dcSzs)*h4q};Pc!(E)J8v|AVZ5UY)yX>`)GZR=%e#|F&_rN)4%w*Y&NNzgFx{s?O zNF8Y(RlmSk{Q3czuIsfqXc=lE17AIdWPwzc2Z{`(ho!7pqeVrgqMEonEB6MdR< z%lr`o)wn`etHYTBF2>(32_^ZMN%C>bXwEWeLO5xk{8sak0Y(m0V#+^L^3KySyRnbI zK#d%Ght}i-s#?&9%81}2KL7TUlkjSCYISrds(l$vlGaR1E2X` zAfy_Cw+vMzWs z#4*)YF-X7Obq!oNVc4M9qxrD7phsed*!3uWgbfgAjNGw?0K|;U zl5-m5;GUy%;`s_|7OrbkW;kw%(}Vn)+u5!hd`4V|ElMP$UXHxoxzdemG|s68Re=P! zt}@uR)iqckGWF_DJ#2#RDy32`xUYkLDY2X_P=Gfi!+P3^t8l%H7*?$F(M zxJMhlvw@~?zH<81h(k}@dXoEKN4K#TdsyY3dx_C$O(#M6MA1t0AN&TmZTBA8hes{3 zkVZ^rBla#_4^`G7I9qZ7liz>}6gUdN+>_ydN3FIXbglUn#s&nfiQRD3X zfM&y+s1XJbP9mOFB5)S*?~-gxw&dCB<)Z59l&~|Kz_A81lhZR)Lv4nrE72=DYGL6X zp$9SC(d_Y;vYqe=vKGFrho)Y=UN#>N%|N|4(feW+7QT1&3ZG08oPGn6kAhUzD`+{! z8KaA`lh}o2q=Ikfj9oYY~cQ%HhO=m&D{cFD?IE;eS!*c zx7H!_cG)=j-HlQ9vYSfzMd z-xb5mpx1< zv$;rfY@%{KqOT6BR)3f5bU%biO6Rf1Vzarb4h>Vti1XJ?V0CZQ$rQS|RiNoxZPTZD zvn`gVP0iD{?UlMT*h*jT&(@P>#}(3JhGV3f!bgfk!7LE5D$Lbq-%iCU7G@OeLmYWO zd&*@7&37wB9<%*6f+uhDs6^_gQXyKCo{N+aMKoDc;m~O;}&3bn>vO>Z`2g;AJx!@V3BGysIXha#4jwbIVhC{-EJqNdNs0GH3C>EPl}@ zqDPQE@5ByBFmIN7Lj)^f8X`~d7PVUpj30O=4#XS!7cMJ`?-nG4C=)=smE8)5R)T+5o`G4Ku~mN=S?GDmhnA?7njl$O8Nx_#gfB<)P`D~-`}kf@hD9f;xNw< zIB-d8;VN(x=&xA*u)BQ|Yi+LS9D>7Flc0rB$4L~Ar9j@q8@N1M^6~Pg2 zMB1-h!ENBh7RmC2ef+PP0BUgPiCF6VX?g%zNzuH9wV%uEa(!J=L7F(u;4Ff0(+O=Z zh!Wu#k}6xn>1LgP56jvwdP}YvrwT#(%ZR&2uUjXo5UnNaS8H2>h|`lR?JH_+@P}Md zgmW+>#`^oXJljkn)z(hE{t*Nbx(Jo z=r1-cwbC}O5#^`LJFQae*G$_v@n#U2U}z4n(M7a4ZKrs{CQqx6Hhs_rUWPma zyz4ZjmntNV0S@!fnwc~CWHfM37sb{29Ib)$^&(0y@_+4N?$TS7#1nhuZZ1#}w6Jg! z&fm&{nuLC#9IbrG_|!GuAfxK!MPS(>RynqfW|#Q7a-bQo{7D*Y^yVve4QG&-jN=2` z4VGSMwjC)0&2j6RYvbTD{aN6UGrO|O0L(BBXkh89u2C~Ge`z)dH@Y~tB0d^YKmCE( z3(l?4Dt2txIyDjab>X)s27xLCCQx?_({u)t;}c%<;gDgYkV$CERDkx_ z*M+_x_p55_&`m62LvZ+d9bt#z=qi!)^3~q}@s}+Vut0Ut%**)s1^@G-{s+MapT#~3 zSOPl@9H4eI`2+(ulMiM4CqB%t@AoM+D`J#nz9;_B`=I|Tq={}U{ndre=wqS~^^kvX z!Sv4~*Yhu-@jqGqN_X#bLsetUZ-7>giOCmwS>3ihrlfD1-?tTcSn|fXi@8g=82CO* z_Lq1yoN{#v%_<_v-$5!QdfgIfwqnDN`YB&Mf;gOkp3-!PDm&dMEt7wnsVow z3FTePG}B}Zn{Ul>lg+~HI|oDFKJDcvG7B#hthW*Yzn}QlTsK8IKhuZOA|XsL`c+sc zbia(0LdA;jFz%>>DVI7n!agmy2Fc2avvr#sZ)_F?W5|WFM@Btzsg9)S9W5UH1|SMK zkQ2Erb`?eN%Y9Co^5I=`W&S}mJ1<iIll9!yUp6)_*N*{AWJ@sfs55(xV~&Lm;oe zRsQ%tdhAbjZ$n@H((-nvN~^#b5ySq;pt#33#?AXfvUI71(@)chr5Vs4LO%es!RnZR zQ+-T4(u_nCeJ6ZBA#EnRT*9p!PEB<4O`aF&O;UV|Lp<5Z_N#)~%KfA^KNfR33yCNq)=MRSWGfE`a=ofHlA+bY^95v)LO>>;r{E=cr++t@|2o zLpX9^jQ>a{kY;<*{N|5iIWi|6XCZq^*t_IzewR2jUt{!h%VFuYtXC0IwB9D9=#lVN z28;+W{Gizht!^kmWiqt(ByW14dRsfr#g>2>PTe!9|3Y|Zn9v$$Sb;+wLVQpo#+Wcv z^3;nlL5SqeX%k7WFp;Gs|DtFLEh~|Q;>xOp;rq_u<X4dzo0Sz=G-LZP3i zaIZUXhP@_1iu3WBxGE*hQzGZ4SXFt8hlJ&hL7eE4m{xqujviVw%zk-CvBc~_wzHEn zXQ^)&zuB~nT_4BW@*81c3NMYw$uVB2-evu>cHX4GNm-Tl+z6bFFGK)}RmZ%Y^4K&7%7cIH z;vJQ|=dE#JC#6-ae5hxWJovRlPGxueFO=wRtxG`g9^=;@467eHy+fXEQr3NmQ9aP` zX@XbinP$33b9J6+vs=&8{3H&B`)~DDBZwdJ$;jM>uG|qh4MKxLg|LdKeMhWFxueeg z>%ob2JEzS>Xc}os@~>gyIy`zWywu1cv9q+&B8&=hu_KonGh%>}MA_k_$kn`D14x6O z`Xuv;eqv7Y%gXQ;UwiGsXd>0y4ikCYfioxjiw4twc?A1!7`4bT$d65Eyn3* zXZC-nrHyCz{cuCGIqXGEupn|qFO#cH#wIR8H}p2n@R1(3#?kqXbhXO-9Bx52jljY5 zW7I;aOkg&9hgm8%bjqyQ!02O~A7@Aq7iMv}`AB1#S*_ykhHEYfn>uNe|6LVQJci58 zI|(8$b0jgNXdsdqdg>DmvrF!h46c51?+Fq6O&7{9LZQMEY3-|4&DAkJ0eD-ud%Ycv zzg+7v>uad{a7GiUCh#EsLC7ak7viN49M+t~X>G%9e1CrRX>lR)+D3x)QwX8xwoec)HjhjU9h0f61EUt9@o<2vnl8@M^t>o{DJ( z+JD`;W^TRYY=yg?nj9Y%qzp%rHN9bbq{-Z%P?FQai<^(u2fnk*-Gfu|6cagprhC*~ z+ME$)EfOmCZTtE=0rWTA{3^*}1lvx68L`edq!Dr7RuIR}*sa~|^|9N@w?9HPW@$v; zDnItNAZLHi_no^S;-DVqbg6pdzdAqo%lrK|%n|;It%lq2;s0j>0RCrf!?`ZuG^hXS z@yFV||K-u*|1CoOH;g9#`;1Rw^D(iw4ozDAZ@}x|<7bA{X7DcXITMWh((*T;K&L)) zS4Hwa{G?!0U-HgivQ`!>5QgbpF#}#x1$Co9<3vgm2g<17y&C zdCw)a)ahQ_OU)!_fxWfP-53&2;eK|HAbr!6wvqA7<6sI183wu>C~#8Y)S3Qp`f1Z@ znnX;nfC^`}rH{=E=`;Y@iMSO`uzp)sWC=ly=|5mc4TUX==ekT8vNF&Og!{vX2XgcJ z<-$E@65FBCnM$pxUSAz_Up|2O(1ynhaj0>mi-cOo^_WWEZNJW~21cA9 zZtqC20MX2a#;@)+$^J4eqg}|KO64!%Z9{2zPA(9m?IWF=K`YLN3KI8}^Zf{?sl2rW zk0a*TxasSSZ%`)ZQTT2P88uCAfaa3Lp~z~v?`FGFC&vyk28d% zZ8J!FqKG?l{r18{Y(BpEjudeb zMr&T)227>IPnhCjs9Y^%(_-L(mVw0!>LuF-hcjl6yE#KW9aiHbUwm()2#osr;Vn1R z_u`MB<#fOnsHg{qN` zxjHWnJz39et@N{5u2c)hTS_rnm=&M4$R?If>03HwfA3G(hm3tF!VT3%O|`q?xKv~5 zCb*(#f2gk?C=su*qh*<;&Pu29dSF1KP$uLeHaY5@_S9eH_}93|8>! znt5Vl6gDeWE>w~A`kQ7rvxhJlxz+9a3An#IcP(s3%~WtMN6171EhlGWEaA7b(|MOX zLmMkp)qRP+p@b((OP4xkz9L$p!>g%Loj>s}9E5=K_qo4x$$>dbskgmJcBr*Z`G+9HA;NBlglbnRZai4J~y!1fL8 zoi3imzx`53#EB!sjnO8`n9)VqO;cE8LfejzQz3yuEw8xYiSG>mS%g59kU#BPiAhw38H5Y zG`jPD;jT{&?b<;eEq`l#N*}EmE|;D4P*>7nBc8+put!q=JSC)wL6*#E=5=mr{=>4gNxr zQzm2Yi^=A?tEBAn3E@VGxEJ!j{h!nPp}8UdLwtN3GP{#Jp|gX9DW%Q)(dd1&Q26@$ z`noI@8-ialujd%(T?WEgRo}cvwg?U^r?-v7i>EuH($V%ragZ;7#W+L?ZI85aup_Fyt>w#Lq8Uo2$S$(}|K(SPJ*fv}T-_MIs z4|OR4(bv@+K`$RFl(-W_-TdyiG&SJio9t}g3q++kY2H$jL)=$#v`skaKjGh}{_aSeVLF4wFTnDTI>NFjhJG0o?C zpRFIVRO--X;mdx1Di&*s!BGXS@1|8YYQp?JzufeXoAgdg8>@A5u6f_vsMSkGeBu-W%a1ruL}LGBog%kyr|(6(f^t80h} z4e}5x{34OPzniR}a&R*wLJiyqfTlMaqD?wyg1fV2dU8o>op6+y9}0@DG;W;r&G^1) zYP10MAr)?-0Rq4$rjTuUj+(1XdCu*`l>r3JJjP@Fxcnj~dsRg0Lt?J|e(r|#&y+zO zzaF)G`7mXPJu6vIU^(VZm$dDEc0j55ul`$~XFLaZ8JwG2%Dt2Qju`adoO|M|=>2BfI9<>m?)7 zUVqqJjOvlM40Bm6sSO{T^IVe2C(H}I48FU$!0FI@GIp@HKO-o-LmD$!D0}1aeU{$L zXqi5(H~U&tzCJ5y&;WZRc@&VMHWAQO)w?!5vnbcdE@Xy2Fj}?pUpFMo>p&al0-J@3 zF^Ma#odZsF>QOKpv%PX&b0X(vJ;!@Jl$qJv`xn;5R+#=^yTvFLj&!7X%?cx?`$zbG zZ4!QT1~Q)JDWZ}8tHN>=e*>3Oh-qZ+NUS*n8W`Kmip-5n5B2$xucpvU)pb9I$G~Vb zO-ZB8dBc%?q1M^RHgSd>nHztc8!cf@g<2?mlfNYoRCf??uH9l8)wE1d7-r{dBB=Xv znGa|iR$FtC^>asWAPGY}5wu&UN$PioTEf=`Ig<`7{3z;!+**JR=HbIKhQ+>FFRpTe zLWw)_*5Vi*uGUc9dIb)M+DAAf#so=>1#!&#s(1Pq4@VYZ z0tND5b>l?=N>UM0B$9EJyLV>__ut{;OL3*vqt|+SbE8-Y#<2P&GfMmt;-_@!57P`= zLRJ;p&pVC-^Zn^0_smm~&Wfjgm=OU)JXQrdhtW0lWi!(mWplh4!8v=F%M(`jgVtD$ zQ(+Ac*_@8FPlVi|i-E{UbO;ENFlrHhEc%-lOda>*a*k}}G#XR5VkU$%8wrO~Snq-E+pQYcv1(XvvITS{t+Z zqJKh+*|%G-a0n8iV4T`xypKVv_!L$V^bXc=KU&NL#92fos_3GRtuCKc{%N7cOUF&7 zIng{m{ zEW2Lfsr&{MvgDy7v6;XS#IB4xZYXwd3koqq@vY#*AmzBaDqPNC}tnb^~FGslsmbN+^3SVC@@DI(U;;QOSf8k znlHXIm}osPw>qMQ`(?>izC|PCC!l5ci*ixmAr<`%G zjU`-3!s77b3?E&JVWv7S{4u>x(YG2!?^t)GZStRFMGW^V3^in`(Q~_v5i(}@e2Q-i zc>&=@LpwDLmo-aJiAc?2`B}TJ#KD1y;j=yh8xWZVrynSic*#jiJCia!+$^?hXs`((Z!RGKo zDr!m-BjaQxHBD{nb4BcLfQX0%DR)1RT5pgZhn4yZmHeNbQT|cSlkl6H{&~P-927Hu zQsedXCx@8~oc(U_73q)L?J*LvR<+jABd-z|d+OPswg2ujG88Bf&x#n<2-2 zXmeblCG$&rBY;@&?Er36*q<^6lRdCh$=>B|#23Pi5+7(in>cC-XYu(~ut|!*jbw4> z(H%ae@muJK&HJCz{IR+D9~8uYvWM0GUIF|gst*5CbN%ZI_Wyl$|JFG855WfhXU6~k z%=q7H{PeeG_wN+Y;&r9D#=$x7$_iONC^?l0e0f{188KbMV57v8vewwMcdTT+X9mY9 z39XLE3g7^v{lUjxd%kDwBhfE$_>)Bj#~P!BXN|VqbK2mUyAN=3+M!J}!;6m$Ke*&2 zDm)n*9VJ)n=Z2QHiePzjUtHxSzJmxbxgnw(hQ4Yf-* z7pqG`VTqW>UKlSkU2V9#b6~j=pP%^A26;Wl7m&BFMU@(yp7Y~9(-7;Gdl%}aSK0Qc z^w3o_R~$t9v!ir=O+cTh<88;pAe4J zLNafZ)kN*EEXbt#tmLCUQb#*AWTuT0_D!TVfNRgW6e5wR9SG7JJNS$a*z)e_IOpgt zdJ$Nl2%8#WkfaJ85IKvKk5^G~!|`5dPc$P7f`;WuQ9%85Tlw$<}C#KV`ssBdw8}YHa}WmQo?{B zi?o4MFHVc^o6-6Am<#+B;M-=AWpYBS%+F&+pU{o2dk>oscB!jW8mqJNOZ4xX`{o1* zVOm_B2P7rCYjj>whC6}1sstA%R~ zznbxG9<1wUiW}#_OFW>-(|%tD0(&16a=`Y9;#I0?8!_=!&YBpSF5?mcJk(bU(OK5>)WV@KF5@mL+B%yL186R zq5_&L>J2r)yWFhluj>{YO#Oy7;!uXo+2kvxQT#z3+Dd`0D3fKOPACJGcS_b|Ma{M< zP(;U)6YKHqutH!Z)R9Kz`(3x;yi_X^(i@L&u~o9K#_;WF;J1TnN_r@LmR%!9Uzszb zZ&EZ*CNK02!p*_p)Zz?dKY~;CtKtLLu@*TbXYsxe$jO6JA90itYg24Dk&5 zuW_zi{R%WJBHjLi6?xYKU~;jiD6SaRpI#LPcamP+D*qITLE!SO+& z#p{KBNE&L#8Ku|{mM-7Rnd_QWyeA22?i14sk{B3vfg^Is#k3;9D7ZZ3z#Fm*XOFtZ zv~1tmoas+rZxGp8v}X%9%~33e04VH}!V^C_Kw+K-5r~_jTMLSf|#b#csQ#v50!l@Gasrk;%Lx- z^9<$Q8DZ&%l_E>P4mt9k9B#B$gsig*azz!E%t^w>9lB-vNCYU59@Ig8b5FE^-sn6g z=2EL8i1z9u#HU=MGm*TzLZwVKh4XWb%=>gv@ZvFRj!v!=kmpd}=(vroIjaM7(^XajZFROh=l@Q}*irMy{M8HL zYDVs9x2@1^mdD#SR`;ylWPeUDxGVc0=2B5>3}j1AwKIy99dkYj2$+o~$gYELJc@7% z_5M6RCVY*q*Rjy&IK63@u9dhRVuj45J4vB?B#s#V$67V*0iynhj`8;nLhjQ1EBgni9%lP^Dr>W zcADGPMfQAn%b-t{i53UX8!|{~D*cxvkuX?W--x8B}uj zXiN+!eF&~H3%2Wbo2qKMt0wVTvG4m6H>o@CotAjdDkM%nVg`!0oQf4Ii3~)IRx*(@ z3?)k1AxDi=8xyU_K*!QEk}P0t4s2!MDp+M45?JimX!bKTMXu3t>^y%tdrUYRuH3TvLn|{t(T!ko!P+Zm{*{ z=9^k#>6<<}zszIGpMAky=en#u+8Rk0f9zWeq;;ZtCH`VwY+HrnMFe%-Z$OrRK`S6B zv~ut3Z2$m3J6ujDACLLD45sugTh{8R0C)O(4VMz+#4^Kre<2+gcvwg*no{vzQ!~b` z0OD9wZ=JC?PSvW$PA+|FT2pir*46!#IifT~s&6rW{7j@9TD0``3GERyOkNzK zjv`C*1e5OEA&A)Ugs0J$s7{}A%1&4{AH7vbR%7S*38a9SV4{%~|5tnG9n@5tsPQ03 zkcYeHYLlYr$4r81oFQp918_1x{4>)@s zkOYRH0DT>)9bAO%*3-Bpw-L{76W8!l%_BMW3G#h`U|#Oy7=pl4B`&xABhku?E=8sw zZY)?em;x4HDC$(T1+C9ysH7GbS?1q*2O`)&5jkCBsICRRncV!+L6s?MaZ!^&pxKU7}%Lfd~vi;QJ7H{ zdBv8~&z3MTV)jTz0;=Tu(ge0apAi)DR^VP|5lYKlUz5Ou=nQRd$wiTChbcraREwtU zPT0A99&4a*RO?3%CXHqwvd?}5#0a@swKs;T?2HecC&WSChFcJ=S>l$v$6kIj{Nk

Y41Y^^7oVYDlLY+`;qJN$sdA z4&s5G_gm0nde7nzz}i4vx!7W7fzJ21r#OaRu&~)yq7a$aC|I=0mn zqpXJ&En8l~@~M7-OMg&LdT0}0!M8ZZHkd+hw@i8+FN7~{{n=K#HyYfBQ%uMT(kHu` z--J#0$+ZRn-TxWiW_9+|}RZef}-AmGiGR?t5 zt_F8*4T;ninfU3~Vv&5#gzO1Ql53gUC>~6d<)r0qrh3-c0T5`iJ+l~5Jkq`=E?Pu60-MO4I zaGnYiY;5;A*ltSjO(sb_cNQtX^6@}<)TXs8VV>Vwp#MdW2dp`upQ)$866)L-64Tp< zT9{G==^buB0XKBgl6ZYGT{{z_e`LfFg{j7Rx(065dT7dPrH>b+04r|lwi_~%H<9%% zrr`ZhKC`b&?8pPj8=_D2n?L0}an|PL=kP#lDAc&5@CZ`94%zlVjU6sbwAvq?Wnstt zidkjr#u@Bxp7cTqJU@NxUopCRvNKp0x-GdzH=mww_d%`9#B3OJAWj;62pUMUGgxGi zHeYBOGy9UMwL{TR4&l6f3=xUyn)wB|;iU;R7QQBsbLYPLONjiD47@;+i&KTieSq)f z$&yBpFs$V)GUbsNnVcFXJ^RCF_D1FBWx!iSvEmwAE-@Xpfcgm~oydM65tJgPz+CZw z$n3t%Ef?yEC42Tb8{dr3Q-E|EY$PhW4kd1;O=GmOs8XgT+DIRE&t9yW=S_BsQN0#w zZjpqDJ<~;9IPeHrMZ0qO1mk+i9?Sq?=;qntX=t3zZ%9$BA)b!rRR!)O7~a^GAxN%e zd5H~QV+$>Ynf99;MM=CF>CMdvR%jLO7ph~3FNY2DE!iZf^S0sQ2xr;YvEbrh2S_6a zFfQfM^;#+|WF+KA@qn8Bqe8aGRyqytOx1J)2Vd*YpFKX~AjI-1kN7oiKewaRdHfI4 z;tKu_Rqo#qIPjNT`aiw?J;aE%sqqRv-rlMuE&st)_=Db!{pv1SRrGi#Cn_%%GP zqRE$1KSXj1*D(N*qacQPXyd{9?}zua(`VjWn}6F{=FXTZ>4f zB|b!A-n_WWG;53k7CBFt<2AfCMiU`3?Bb*~(L**qw17vDziLo6;L!i$|G?t?&GMiM zne2c(V#L<5O$?jW5^2{qPZ4rfyEBWoY!{>pw9JWq$^HTE4pi*DqQg9$ZZ*c3s?K_4 zrKPz(FP>^$U3i5O6^#ER1_t}$yQtpLeLVSC{k!ifQRf_l7aNYcGo5`5bNQ+X8u?7a zt>SWxFkV(})c2ZO@!||o%oQL5W@}Ho9b$7(VJ5#77IKZ_ay@4V<78tM{{h4okP`~>)~d3 zvGO!)h-)kFv(`qWpi*lpD-5r$eYz>b!>Y*z@JI21&ZJSy>qj80O;?ouPhkbYCx-PH8%t4Qw|Ab@c%9s~EH}2=+4tr%;(h__5`nP99`U-ZVyAKm@Uzsd z^!radDS=BGw`kn=dX;2lC9(}VZMMOLm$xxTJp`GS#Ez4DRHpTVyw^D+ECHw!9@~3g z*-=C??CT&;9jr2jPrYH<V1$bEYTFJ zzp9OoCF+>nwSOuj{_dT#IAudC)FVA_czl+(u}>_wQs)Qf|G zp6>-`s+S&UYI3XCB;QZa5Z*J2%k^28l}}B3P6v@hXM|i@uD3J^w(=BdmuL`^@yA_H zxVqkt`z?tt zWpL0c-@XjGTrTv!dH#z-A0`&hLR_iLqL^MC@}TmhX#xKRp;i!gK~+w| z_Lmhxh_F*T!?ffQegDV0?I^fK72Aiw7PuC&Gg+Tl&PZK3;(K*iu|QqRlHy&Q>6j6A z#odhIS$Sz?ls&&o=JMI>Q*sPN8pEP^+Ojp^WK>{%h@T(t0725u;n+@yt%0tS9E{{9 zoS1Vh+%vJSZ)h^m(--!YiB21owbxhBC<&6ByA)&E@Zau^_c1qf7GGLg?iO@qsPkhr z2l@6hcGJ1x4Fg(poqHXN0tLDDaW`hrEvyp8vkMKIJ8g-V?wt?H0DYKPrWYOLRJXK8 zGV>GEW*M6SK`U`oX0AP8Hkh^aoh1ed=|lYeWVbUsG_9j0jRYxgL~ zN;(W=#$5F0(qQU}!>!T1=L@C}CfY|}@^7qUQT2ckE?&LCKm)PDF zF76C`amt)7)au$|NV9obwKy-*kUCkC7Sa3pJun6HnJ=a<13gcgHeS0k&)e39 zXV=!8q&m7`rF}z3RX^}r2w_k#x)?>u8ubDy4_Y6);dCW5Sv##)Eq&c81@!nX!RsPj zeXVIb{pa4iH4qNCUo*xbBDJHP{>$@Le&kx`c1;b(=g;LVE>7xu@{$N65`q(zeMXRDl*%3x{pEd$9E}Eodg6e+e5Lt;dnI^AtaJU^>#nSDF?4X} z#mb9diqqIJ>fw?l!O0~v4kKuo2F=GrfA(&M$mzQs)SoS7h&CSFk`2R=ruCx#cJlPk ze*bS+9QL;cImQ3@K>p=kr{CiP`7LkA|Le9t#02v9D0l!J^M=qMHdw9o7}3$NO&!aVZ*cFPvG7FQhs5S-GnzI7vqIw#biv@SHJQ5Z+ zcK_KK0~3Y*zOlLPhvTg>!|rP$*B93`Z{JNZ3WiY`^2LvfrSU~N&Z#LtU}yv`UChQm z`}9l2H|7f|ziW>aHfujByC8Zd#7jeKZBZ8^<4Q81!m6Uk0Gz0@La}4Pi-Yzc7`jPb zF7!X13oMoVZv3hiENeA-0^ECZKxq)wgCGhTSs^)%Z4)t>tW(gs`my-P$*VSAkV_~g{s0gClBU22aPQp_4>5$>B_ttrC8=> zQ>v2sS&G=G*~>dc;lPIl)Y&c1$o+(4 zITeh8L(;+Jdiq@4H2^tN?Fd{QkGvK7q<4i%o`!74luURR`LX%U%p=J0JR=X#or~U( znHV_Q%EIlY7zP?Q0_ z%Ofb96C1FWNC>CIrj=qdC!n&Y@oYOvP9E=N(}XHq#JN;EXqRm}fOy|M<0v&XO^qDF z;oN9MmuZ`TKE|O}!BK@gvy*+iVsp;dM;&}yC(4^AM2GnrG0)J4?eQu&3EFVYHKbKz z%{9WnKRx0DR(Ek}(bS?vJ++H!nG{UGsc-K`l%S!G+h@S0iHB6+pT>=x_l?Yyeg?CF?FiqHuS57|E zG&QUfr-6#TN;>ep6(4e2MOOo#o8@MOU?*2+5CvQihmfy&k$E0>>CSxyEqbP6amL8( z<@2$qwLF&Xf%srs5_P$fRcO+6=*rY+rfG~7!J+S^*PL3Vq~7Gf%4ENCRozq9WtVx9DJjx zI@ek`l5*Px`lNdYW`Xa)uUY552b_NUMiHWT`~Y$rXCq(|`AHREv{EzMiEVWVmX2@L zCj|o?ZHGDipd4+v9Ec&k$HwDo!T_GeyX5OH(q|ZVb7j%s4yXWS0b-kLXDb#)e+O$)Vh>t6AB zN;#zhGne!QFw+i8e6Ok)sb#XLzRZ~l?^_RNshFe7CuDi`p^?&GOEv-OfDBhed_nGk zxt3usZZ++S7K=c-yu&CW73%Ygq@vuCES%1t+bx$5Fh=h3u!ph-cHNUIxvsR~f8I6n z1bOFb%;aFw@kh8*df7Et7!}`<@DYJq6pSKUD*rj9ST=cX3k@u`&*J9K9C@2ESi`+K z^p9FGo`|A~mifa5^SoADUz=fSysi!4Ispxi%0+ZgS(i6AyvCbYbbr>j56Ml34m(aG zp>Yf6-cbG8u}wt#V@Es(E4R85`3pdO#Scs9ThVHc>K=D8r1zowG`cIVVjCvfHgQjz z{F2UUOt#k}kKl^N=}Ix{35GsagjoyS5LIweNAd;bM?Pc4Bx(S-t~=_c&H%6rWsA7r zHZeE4)SNvy%1>E_!4uDqJW-nqk8j#UA3?QVZ;q{ee$5gz-OyXyp~`AO~M z#5b=9pl_34oQY2li)mt^b12EG%|h0i%3>~1b~x&!6HIm|m;o_mJRv9{Fw1YuPTZVH_vk`-A59#^zz!~tS$#0xGlu|8uvZAY!_S}EUR z-I&S4{kkLREfGQG&Rv;4KgQ$WYjE0(9t4AHJL6u4D_MJ@(0FTO{JlY*wwf1YO!ce4 zqEyDES}8a8@G&?E4m*oLYF`kmUB(Akyn7EYkHzbjjX3@zcX#Nk8>7k6J=1} zxzn&>AWR4t;ASbo3p03jM!8;eHMGp$J|z!wrYlCq-&=A>V0Cz$mO>-X$Y7UZkIx-A zn;_PG>qgVH_Pb3lOc#e;J{5NH*;4mtsNHaH(g2_oRPV~5Ec1gXW>eP<5YjK&1>mCU zBJg6n%@cHoBpQBA3xHb7wqW_>}O1o zv9mQ?Pkar4t;JNn{mgW;pyr=S_4-4MhkuWRh4%$((~Db$AJ7IC zhUrg*RThT$eB@$x@AdC1zIX_?pB5y~<89jz$X835UuLj>8t^?jH0dJ$i3OR8#8>+A zIsufTZn#n1tBTFqT~C&B{A9uBtVWRpqKo1K?B^AhAZ$Yqo77AZh9c&$ec^-Fhm=Q~ z{d5MBH{Lye@bWgH3}{qGouV2-iWTUU&IK}UcOJ3!JFLm_xR>mlGwX84v8eip4L4zj z2A(*P)q-x#eT(+bFSAhegxfe#$32AvZHP;;%Kx{wQaI|(ss&vN47~m&lXBUU#j>`k=iSM;jw_T7;kF=O*@}RGjry z;+A9~rVxF^#r#T!hvevErJH!RVTO*HIR0$iN+KB4s%iCM*QBp`a_-p&uBL_yg~of~ z1@F0rD0E-YET)DnZ4L+ZI{fq$I<|C;y1n zJapFpLEp}9gl*BqOeegr|1nxY($JCveao>X2hm|x9YE}*CgnHo4~}sm$Ef$)sis$F zTc!PYB7QbO%*I!f7@mfe-}sa~ZA2OHvb!MmqXMD_QES+n2XZ`dyp#U1dfu$hy3y2; zGh$1X!OlS+h)+(ei}xp2mf!Y2{Jnf^s>pY4u8Q=IeH3s%?_l;!jO1yC^_Xl{)g}!EMTR-ydqb?>Z$L1ws)+Un3tmDS{`okyKg7)JH#OrwBc*KqK2qvG Qn(_ap5C7J_;9qn91*x&uX8-^I literal 0 HcmV?d00001 diff --git a/docs/images/grafana-grant-access_step-4a.jpg b/docs/images/grafana-grant-access_step-4a.jpg new file mode 100644 index 0000000000000000000000000000000000000000..31e27d3738c07f9cdad4e36635debd51d46bedde GIT binary patch literal 120623 zcmeFa2V7Inw=Wtx2uP7CB`95b?}>nP5$PaJsvy#<7!rCf0s;y`P@44KdzT`;_adMa zNf0qe5?+44|2gOOd(V6K-1q+P^I>3T&(5Ab*=x<3HD#^&&eh`8CV*O7T}vH+hX(+> z#{B`Vwg9PWfi6w}fUYj!9smF!1rXxh1`y$5xFi4&9?QSQ)$#ZM1b=^z4**2F00{pj z%_H3TuYk+#?`QsTCP<9}kl?KGvV7#_&d)1ca(aTEnz7cP)qndgzW7RN(Fk= z4WJ<XZ#sHtmcYH1r98Jn1znLn|2aCCa+?DE{l*Uvv7@MTbVL}XNS zOl(|g+MD!@%(w5dKIRt`78QRgDXp!mZ)j|4ZfWi9>mL{#`aC=`Ju^Euzp%KpytTda zb$4(7+xG+H>CdxY=f6=GfBvEi4?yq_vT&dOpzOb*iv~v*J|Q6iA<18K;o%4TMK}#1 z(H${jT4j9_Td!Mp#Y0KyR8l_F^pJ5%7$E5Fyr*t3a7k`)BmW}pZ_56CgoXV-qU_%Y z`%iSO08|0^e+L45TqzL{;7W=R7l=rR{t6_dB!36ee+f7K4&;9Y%6|)2xJ>YHdEg!< z#{E;0k&yk{y?=M)Y7Hl-9#_i%3IaTwFcHuIzyP%C$2fuN{TqBAL#~hiAReqVT>(-| zt*!t~U<`{{dXvW$;BIBx6~G<#M>^~F>L%aEI5oHdN?@le$^*^ohB(==j#$4tbrhn* zvZ%?}7?XGJlR`?&V*o|1fE$aZ*MK|u#^Ue3f=XJsvMH&ZY?~8=lhR8l33o$=pMvRNN&a> zve}&RNA0k85`?-k>1uZpJS4by=zwy#Y&UXQ(h2|IIp=_Rzgu;Oh_{sz8J^0 zuHnLEH`bqF=dGor1*(^`@noZzUKz`zR?rZ9$j0`F+5C|*p*N|Lz>&ZeAOT1Ox@Tc# ziME=os%TizRLtz0i9NNV%joV8MT}|P_`E_U>#hZ6ozl|o4wl>LN@SM3)&j-hMhcZD|#SD*vg`BSOjh>R1I{l zPkGzs(BhUpWU2&uC*aMBkKi-a*qt}ML}6wW>9J?-gqURLF#-4w6B z=LmT!`*iiwO4?60I-hFL=jpnY) z=(;5(5}7NQY*U|nEM3RDbW)+!owXLjg&!pU`Uc#ZiZJ{n14i5B1SdbVLF5G5_dO}k zn*7P#SQlKg+@lb+Pi*pl#GiO_i{xHNXmXTvS0{KNXI3pXtS6g=QdrND?!oQwl3$`8n+aB=<<^2>yeVoF3*`@8W!R0nYAq zi8(ahc07>YITAYM^!4q=4;_}UDwbq*1C39zoUbXpjr4=vNtR@6sILG{N;WoEfXL9& zK$xkOZJ|X;InCo09bZzrUC3ktxwp3wnEQ3A@+q6gHfA9nB=Q|htEfuOotyc|e3-tl znF4A4_FdIS^O@GW8&?(7=LjR${3cA2yeN=WSWmjP9z&aRB?*Ht%;?y-p7GIwKGkoq+Cba z6k;~r>K;I60`6(T#U0AjNp2RC$jL54ew(5O5N+M-SgsDz@+)qordnX3%T;hWx zM(Nz|Moa4m0e4I6`gl1|!o^6S^&AxV9ZdPduE9z~y(RU4jE2cl;`4OP`oPF*iZ2O# z$CgBf@TWJ?IYQi@Q0n++Xvh3W6f_f`%Fo8EC|n&QRRn`e99JuO#?&wU>_xJ-_=_c9%?j*&CishcNBC*VCB0^LK|mP2%A+LgC*@O4Be zRpy=k^x3Jn6B;`M3plC-RbSoPmm;`5Z&#WQi#&Dh58I- zy(U7^<>vR<#(kQ>v6vg_OeCpf2d-nE3clj0(HQ_f#_|2v2f@|kb*JG!zO%H_G>m9$ zCBewUzAg7xP=XDcXRMZ~lTs^}IMV|-lU4XsH5k=`c+Zc(XQb0t00bQjX#{icy8_%# z6uAQ6Xs z{NJbzS5xT7OaEkCMVmmsg(32fm%$hU@Tu(;ptr`kvhV%!|L|rWWmS{&72u5G3NRdf z1-JoP%fA9lN?ZYWfM@}RIKcIj*BrW*gnv||Ye~44glkE-ZXN#f#`Rh!TXLwU*l|P zS@YloN*m)9T!etdWJ|zXidTTJ0N9i)5{@N=V=YWepi44Ps!mJ>mTnCVu4|b=%L#2a zX1fNiRNiTlo<26GdM9iaaItb|l$RQm$hirR+Q7#OL9CLtceXa7DjQzC(m35~p=9f* z9S(U2^*v!#>wc!52na=wD8iof1-UgQWJRv+Wph5!dnurx_EV2ceNdb>Os3%xR9P1%hZlr|^)`JoRui(Kee(g4Q7=r64v|j_+}`AOX#c z4VAtbD!&h2w?F8?_$^2zR#9xr;){+hlA=zv*wW(dnxm_~@0;q4R&JBT(3kj?8rJGg z3s-<=;6yAlQayX~i+#^>LeOB%9t-Im;}(lhQer(}vnQI#83oKBkJr=|1X-6l#;D{S zU^Ez^XA_+kC}05BY@e4ZTLZmnGZnMs?pl%Je`lAX8Mu_oMf4`TiL=A6m1M9gwhPf6 zw2%O|X@}96KZh?Oo}X$@Kr&`5yO}PIGk;2Jf3AHNlt8V@$8qk37G?k|;S65*s2)Vd z;EE9{d@H_!XXF^&T&XkQMe~$>AfKmg774r?k*}tH>8B6&CNh6_15_Y z{3w&SC2!6IYVyxVD(dez-2IJ*3FJ6{lkmuO38d)&aItLrS8_k4$xjyLgZA4x5fYgAizVe#V6@4b`@Jl# z@oyQJxD{gwJ)uW1z)LI7eNUw<58Y_{pRcxMx~URu$SUs6LOBAhf9lk|YZRJvu5=5} zjr(cQUXw3_C=(SL$LkqNHa(u`y#i3$xL8vlqx()0uK-N#Vmn<_sCd0pK88bcMpKg} zLDJRQ)lN(fD`bB(h5j|apx(BWuBLZvURk5OdwxlK%J;@Pt9CKPQ$d>g$h*lW3PdC~ zIu;QMbN5a_tZ0=55Hl(ZNc+vvD*d4;!zrw+xyg=PeQnT_l=Jm{(2yi&_{Yv-OdgaK z6`(sU35x@Cy~zBSVd>dTmBHWe^u`KeA^MjHLtwlP zqA?*%2V-}--aE&%^>9I4(3xzXz=tBYw?^P(0>umK^FZl9#a9EDPnFI=lywp%o5@Yq zQBeTp146rJBz1RZBHX75g9$E8uoE!y7a+oQncia&y>Kg(qnGW?I;p~1?&E>>jH#D! z7YDoo@3aB$@s(_wU^vWH{YGHOF#Zos=Uw9;H;O6W1`&3qXCz9Ro~lc44|!UwtCUrnp9 z3+to^cm#w5@#Lhhl{+IPpcG|4KI>55q{-Eq^R!lB|6X3(4}b1#UaonY!K!8WPGr+i z74^YwkvJ(z;hDbWwYl`9Ob^MF#g`1X>a}?r*LKII3D-p4vIssB#ScB|Lg?o_MMVv5 zNq5?bvgv4cwx7OzI<#N$K3h{UtgS|SYS*7&m&IdAT9cx;$-l7w9{6+nV7X)boq)NXmv=_vqptRd{PI^n z9PHv$Qq?s^_&me9UYi56yQrZ|sLL(u+E$W&Himt*4&R@g=DoGr@bx&eQ4J1~F#RMd zlB_?x=ece3imJfAGA$6jIa)CzScJjGHkHi6I0?q3?semiS^}p3btbXN@ULH2fMpq* zS?nF?Aea=(5m;%{2%gxOk((M!x}P)Ae9P8b#&r6<*Ni8I-LhMhyN0M%BR z*o69m9f#wu3?SWlOe)N|?b!XK@4S<=!*!HMy?LzhJO0Z!Hq&EDzEHReVV-w4&1-Ri zLA32=6+Iff;Dne+lx)iZ8aCaSaP!W#a1EX}9I2IYGB7%q`XhGUiB3nfX9kHnwiLYmZ=;opB{jrkY7Lyd$ezUro&z8HfKb~9KeZ;6u z{-l&RH^Suo$}SU7lIaPk1AVY($S1gHJY-xdx&oL?2xxQ0bl#*@Hu(gZtwmGCocTJz4mq4_lujCgeraOgHGR94n|hv+GT*Hi_q>W4oq6|F?bu-I4&=2 zv3!?i$eQa3wi(D;|J9OoRC!Lb_9@jg(>_xn|BbqX$eU*r8l*qH^J;$D^ouNw?s)We zaJga?5QXbGMH$Af^{FhM?h2|@Wt~rJ*SOo!2c!?nGAo)+!fQQ_a-m`_K@)LkkHYmt zyt9kU2W^e5ad@B)tdTd;x#2gA5^5tSf-ViWOhf(JsG>ILAi$lj_(mA*-mI@cdT#H= zWBE7B=Aw@(u@1Gv_dEneZ*Z)J{Hn@=ZRSFGkepV5KULgJP~RKb*)sN~$5w~WU%gy@ z_|7igzu#MHl#gV+#86v%r?EH+&4J+U2Zw{}*(0|m7|~Mk1Gj&zz4^_M%iiA7$nN0A zT41TcFTN5TqsmFSiJ3`|o@d9~$#%uKZbLg9ZMUZKZLAM7JqNZfiGFqtD`rxB9H&q8 z+-1FZPII5j)`$Y{41VOb4WmUho!22uO13MWT$*>#JWnCdQQ6ZeiEu4ir_SDWa?4A- zKTfP0Om->fa+?Q^TsRL!wUn4ss{HN_xIH%)L8O|(wZK@bFeuinRl7P^;1kOfP@-?} zB!C9lSa!(;ooW>h!*b6mQbGmo6CPp>dz5;MEwh~qUk;K8Dz;b24N?Z~hoR}WVKGqd zIs`2Ig@wVq2zsOLNq&Ko9*=Z7)`gkcEs?o}v$!Hy3XyhRj9LWAehb3ZZ3pWZHO@=L z2%Vg@6ldr#Hg&wSPr1{uwmYbAA@)MQA>=@uYL20kbV`vNr~CP*jupX#CK*A69ebaI zK0L1J6B zo8@08 z`UA#@orW{t!IX(`Hz7g!H?xZZTh5w&-&V3o?$tE4ORpQQ5bTNtMvw36Fero)3X5I= zJdPPgwJ-%z7G=r}4OR+z9q)bFJ<`9@lC<`c{o=|ph-;Vx(od<;zm0DSa?dX=Y|lKe zv*2D;dF7uaouG5e*H@5uS9U8(&7i8TliH>axzIZexr6L@Gt-&qw)b8Bh`;5?_`Y$H z$);QPjeM|t0xLZQNNquK;>hax6+q+ifho+kC1YhGv`J0m&2GSl9~BAV-*qeV92Z;= z>*F)}sOYU=5SFgFv1Ps<{=r>mYQrP0FhgX2< zx8E$n?OWC%PaSnLwu*Gt1a^TmOfh}*;1z(DmULoK^Ec2wtb_O5 zf-vyewky1~Rq~}$lzl7Cy4Tex)pEKKg%;WtVS4VGkFwW;>$f|K?A~u#4lfhiGFIkr zwdPlx8y%4h12A&39R9KyBGp3^d=$Z zo0k|bMWOP;l)SpRf~TSW`K2La#`O74IJOHlA9IALUjY&oMUcOHz*G%~79A!FgPn}C z`5Rt-g0(h!Za1y~qeiz_^TwIph!YC5yY)QRzPCW|HJKcx(cdXKJD9xXCLgSQRN})b z(96-idgS@3W@b&Z_<cRp0r zfan5)4s|g(6%ABmuJQp9n-s zVy^{;K)2A^uHg75jPW3@=b2fF9mP3}%T+uX-z)m3G~>F(>}#w}?|)D2b}-m|LORll zB0)w?Xa_sND6HZg^u)sI^+av{Y*sq$G%uxCE8FBRtTUrV*7@5}@rdFf6R6P4ZpO>} z8J-TOCbBzjjfb>t7H~mU;tiV5<0MiSzqWa29gxJuJXJ3m114T7SXq=qwfn^Ug~P;t z<2S0WFAmTqhUVXnEn}n&ux%0u}!Bkk*K!P3O*c~O)OZnde z^7!U1V!^rFu=-U}k=I4v>{IM7ij?2oNY1Xr8yciD^>uva>k}E=fGpeo-8aDq9Rrd> z*>L`}m!>fg*{PgI6Gsa)7c5Uxs7@Rb?O^XhF4)SppYR#fItPHY?xNlysLpdx&$ha5 zLi~{w>*UC;h>w?Soz<_~r)*XTjfL)z4rh{; zz-XgO;jV3C0-gFx#na&Y-^#Fg4VDM*uK>aGO&~(_Gn8HxnzIA*9_B3fYzD2^L>c_i z)#TF&cVb_QcZ3FOp=N-;Dc^`{YbUY5mOP)KtODbD56t}4Qs49Rudq)cYOhVJ?N z;D&CTGf&uZceOoh=LOM|;S+!O3i&OSty2(H{a9K=K%8m6weYm# zynS8h*V;z)$8a}7rmXv`bgX|iH#c|a_s)#+6!h3pm;E+0?W!^{?Hb^B0_f`A7V4FL zs!`VGdN;u0FS$~6y?piW69tcM!4g6ED920S0hAD7(jc@qxU7%Zbvn-1I1w!m+RjW`=^$lG8Ak4RY+{6@bKJ!2;J>#vJBzD;Q;FMWs{Y%8qu zj4|{sE82OVfQ9I*WNY`e{0Z0*pjwpJ=8fk;jh3Jm3}@5}WoM=ICmb>CM7GUZv z?$(^dE35VRD}MX0&m6$|ssTMb+-#pY!muxwW)8IR38m2oe>!h_sffU2>>oAK9IXjD zr$P{#63l)VL7NF^KQ&(IlRZYz5GoRB+Wlnz2!`0-a?dP%iRGR2i;u5R89Mq|oJQV( zH2L{NjQs1v_nbBR#UyOt<2%Ugt)^r@SonhVt$ENIV`RC|)4A-UCQ(e5=K5-Nf6bjV zeCa)KPrmC4Tkm%eZsSdo z+40vS`>QrFb0}Z|;Ma2&=bkR$KW8{;=@*{Ki70Gz^H+qdh6PSKEE6TxW44<+gEmGQMdtF<_* zAHO7P;$RJ3gw8*iINCv)D8LiJRP7dl>!Nc7)k!D!TN^V(Y55o!Lp)r~X`zf?wZ z%wo?l*I^UywCczWncst}JD@uU$w<82=sxV7X~!9NciY$^=~G4x4aa10rjcmF8uQu_ zuMpR-+WeOqe(s?@Kav5@yXt;-cP&@-Lb(vh2|uKg3C+!{zPv28Tpl~MSY2JVzJG_G zzE$yky#_xG0Zew;D-%(6o;nR;fKFLUB7M~TV1%eqCFRqy=aDMrxamBksD%x z2I@2*3Ohrl)v`SW%9Zxat%+miLRWaBQ1TEw)~7PMpg!|MFV}+3GY?FTRAIfXokq&I zHi_eX@;cBQ;m-DR99dID6HkybvGq!-JC$WS0t#>mjTWTacrpD%#*SY><`?nd>QAqo zBytK>{Rac9OmPEcZWQnK(4gUV7vQ(nP6fAesDLVX79{?}1x)#(lMO9bovFqsN>F8^z~9{7Y#U3@_UM7`fv5kLC~-g_ zJ)NQZCOu4Nwo20N(S+H|#%OCzuE1L$^NOG#+f6DqA=IVj^@Y;wz~q@XoNqW z6Q&Ef>#1KmaCiN|3lk}|aSdQvi-vslsr35ru_R6O zR0{)$9{WO~jyf*{k8}HgpWjS4SQ*i_Efey~24IP1N7bG#yWku86&*YlkXX?kGb_1K zsk}O7+?W#ebdjlSIkNa@ZIg=fkj897Yp22;dy76xi!Md=xh6L-h_t(B@U+r$6F|ox zb(%=$Lp1TBU1kTTZms}z@HjL{z^mQE*4zrpFBMhk{6Ft%)N!|WM@e;3<^t#=;nj-5ngVuM2*K%+z2mj*+__}^v*N^M^aa}+DwL^Zb53cpWwLZAk2iN-Ge?D>X|EZq5 zT0nzOG2c!x2f-f`Kemx_{HKeM>-gVHx#q(^gyWhI*L=8^fq#(!Fb>B@<1g^PvH#Qd znR{!AZ^KQf72aK4Jr6!!|B(4qa$t;G#SjL)3L@eg#04R;h`$3BsO! z!(nYO;IKBH{e^Uc?U}j)d=t6?q)uD`28@IF$ZLoG^DO_1+)O`)TxW321LJEsKwt9! zr(Le);F<@2wKCUoaLt2jIrvA9>$)!dd+S0S4l?flou0KoJ_3$TVCXu>xksxt_@qyv z^swsWHkUZ(u#d}G#6ooXn*Yap_y4Cy5C3fWK2fSZeieL&;lS0w!d1CeOC#kj!%rUJXn(I= zuY~u%Rc=1|Jccg%*!d1q38FNE+(a#upmbCsHzzAMn`Y}HQ`OT4$`6d+)X@$(AVH5X{E+k&euK701ooRNKkYm!Z@%SbfVyJdKT>|9)_k;Xy1UWDQZpE2EW5-*q>Xb2 z$B(;IwZgpSodP@Y!CVNo3*I@_*S5)n&tDo4?XLQNfXQ@#2y}6;8 z2-jNS$MNOi9yRQP)qGvQi+T49lW#iUir-`Z$@&UlpQG4vw|CpZyUXSBK5jv#fIp;C zA}MGg1Wnb9a&bl4^ko8>>|G#0wo&P#(puS--L5xQc4LW5*|sT0w2x`Rr^`~xEUEZE zcGh63tGb?HRJV=GacbkeO9!p+bBG>st_NXq@*Or)lF^m+LB+a3klR;uj<)uA zH=Vv3$G>}vjBjY1b0;TJ6{h|QFy&^s>kGYw+Y=&e0lN(Q)>sr8kHglM_}9$9+BkIP zYieV1#n_@s(^o>qGe*OxYTgjbvMxcsJR9Cj_pA6^KZTHejgbftVx z{;Vj4zTK4;-z|T5IgcXi4+)km9{01bB-jy){S_d;po$#R+4Xhz*T$dI8Sq(#{Mr?O zjOqh2F-WH8(8Bd3K9{t%BT6CuRWi+YF|0LxN?Y};XB7NH$+8*7pnH;@$9p76_$96+KagYPQt<0F(LaOQ@;lAwD)aCqi?zP89JvO zz)1WK7k^1o3Yy$*Px<2NDIc?wE4$;I1Ui&`eJeyep?Yre^@aHbo|=p6Z4eH4-sGq1 z{IO&0tRQdd^4_}R3YS6ufE5#a1Wg=90>yI4h?YYYUdo!IHPU~%Kuk-Po=><@$mpv* zcdu|4e%koBf~Gf()_wFB?`!#IOmYewn&{S#UG7je9Lkg;^d`zxHOwQ9F#vRDu0ZWl z%c8ipI!<-Ymgd5{nt5;^(kRg&ZUlXSorK*utD=HV{h8>6M?Qh1TCh||&*;=@Wd*pL z2nns`rJ8WT4r(1G0;k!80V-TMLf z_4u3KeKphS*WPuA?YQ%aWFS7;96>%fu?423Z)?n<9Lz3xP-xrHI4(oP^(IA+R$YrP zh{2$Io!4A)rtYt`v?2d&&DB5C`{0%!m`vBVVLXiLrhGr$-ur{y7O-$OJkgOHqoE02 ziox&lg}DG(uK<0V(D60fttD{Lg_B4-vjp<=R#n(A6CB#~c+x*#fJ+nBELu09okHe>Y+pZ}C{m+3ZqwOkT;Gw%5zNsCD3J$?5te)XvrW2apxK3IhBMl6u1 z{SI=Y_o6xck*LDMJjy>N^)XYL7yDncM~vCp=c~p=mSCGHs7s`e9zt#Q)WYSlDo=iy zE`#D+ZPUH-ny=LCT5OyY$}3&|H$`FYXeyk$KKYJE_wlREjb2JyDd5ee@3qdm7RLrU zPu(*#nqX&hwAG1&-(p9SMVv32fp8!~w@gb>2KjRkO1~hK*jVHGVa-A_N&Q{9%|3(e^f?f;~G)Rk=3?Z|gUpz0n!vA+9ms~6Xd zxGiEg)}ZjM!?R^cD}gQJs-w0YH`wNgAUh*cJ+{)-(_#=7;2|{-uOZ3z4rDTX_s+** zn$BHIz8m1%uoswH7E@ps50=X2T87RJixqPRl`^3M|%a?B*Gq?r)xQ=xc@L)&ld zSe(QN?1)f(e}brs*OcBdtc^mbIJkCTZQdt0`OmE-JR?vddWDG|*jOCe0{0Jth!z9o z$+L%lY0NYT+19to9W(sdvtws=NNJy;6K_c<9op?Do?|iE8G&u4Z=6!2(yjoOzBZT} z=bePe3!zKxz=X6^hz~>yd`=sbE^NjVf^kMQA@UdSr=9K|{lv0-BQEx;ppMaYE$)H-T*tBJ2dbk@4tvCF=LqNtD}JqN`riv70+* zZPe)F#@X__v=!~g#0F*s>dIl`AGj!_KZ9&IaVpjmkU)mu8wxfV81j0 zft|Np7=o-Y>1l`5R^}_*@s`T&yCOnAc4A(^=GR2mP>FJiUqf;OxD!U%~L> zfJ;G$%lt7!1Ua;YoR%8$vE^DGhZ7x{_+*gUUYd~yP)+pkF!iQn2qY|w0-N-XIySEW zp#iNpv#d~+cDsnUt zAop-RGRMG9fsH_rLKUG>V#MKAV|{}IjiuE9g+3;yYpRB|vXVr(iSxZF4qvLnVyk!% zwo;`rC#gqfZWgF&CId1F^>cjTW_YyBRk~6!_2lNWm=RGBlJa-i!3LWE7<~(WmX9lu z@qwaG_nccSIHU?EQMObU@*4!fejXU9b$tWf5rIjn8CU{H43h$OOlF8be%2$MY0a~+ zm9!;zR&j4yqoF>5$#~9Dw2#nR9^}t<3ev%+b3*|)LGhQeXiL=39T*T|K6iFZ&?i!| z_WZVVWa(;ARukB*IaRa2va;r$#UQ{rlegc6_R~#YpSc^Dw%vKR$1# zxlN>VfFh>5p4%+`G(_$;^(t|0rAM@~e<sLoh#^=>+*nKG@KOPnpsuPyp=E!`Bf zqXdugE_jb)16*w{{U98johf#WP04+Ohq+)cg-|I(0fpDyNL zZ`Abqj6vf|ywgg8m7J!>v^UaUzo%9v)s{o)oj*j`yA?qfQqbb4*g~^|t|iLyCF>{a z78PI0Q%yp{fR7CLNOWIlW|-GxHSl_}Cubiln%(m?aU)6YLFKdZbw z%*7OdsL-^ijZ5iO2o$ATVE#Se+(fTj+3(ql3?VO~wm0ofZAo`(zQ%Bd3<+{25Cuo< zZ;PP#Sf@uXAEOevyhrJCGh)cLjF$Qr*~5Kq{gV0(?!ni?jcsfQ&k(=k#jXG_;e)ij zwB-9>8t0F3U;pdPrT&}i%H&?ysVHs@_=+BeVQ$=1V+(x2Bm_Gy#>PK)W~$d$;}rdu zJ*o(Pk^irTzvmt(o=5p^jQt`^--Q>OTc+}w6NBxWno0K&61@A?wm9G}imA%_jb)yl z$2pquCewn#A6|HxNV$6BojdFLg17Fr0x3<4A#^yelF?0(OXf2eMlh~@umcBvI9=rj zPl5ufXSQD!g1Dx49hFmSl)Y0&P-mJ`IUNA0hyX4O4ks}z12#-C2|Id$n;4j8Iki$wjSvxAmS* zM&XEu;aU9oB}yN;(tib@;Y6C`6hCLbgYcF194hWB8vM$-in~eNTUp1OOS-=x(!v= zW|4pIvVu*VHErg&+Qo@4KYauaoz=RDB3t$Va=u?(RoX6tBsjOgRJ!d><}TsDe zCEJ!RWe01o^KNA^lTw``m@9VOT9`RGMKZ)QC9U(IJZKNp#&%UQR49CqUATVc=*MyS zbT8l8w_HB-+pno=s}89ePGixji$nJX&hxwFgP>y@wYrV@`QJr?%gw(b4}6w;$aT2a zYd%GEzkVRoT2Ra77%gz)rf0*2(xnAV5|orHY)1TOA+Y+Ms6d>>$wHJx z@|1Xoh5p_mv&LiZo)F2B%BYg`3pOoL#bfaCI^r3lzT1wOW8+kV<<6 z{81ul@aWWgl?IIpoF3hI)(@s$MU@R^J&TcYGdPadQW{9_>E?PJ^HH>Buth;1pvDRy z3Ld^B4BX$Ih-imV^-j=!&%$j9)Jf?(GrmpP={|LxmK4BEV`kn+xayQUPF-m%Jf_Vq;e0)M-sjQeKAsIpd;e$QyT}o4>r)=3V%Q?EAO6QY z*qAs+eNt#*;0l1#Mhs{-WcENNNEq4hb9I7Kw6W1Zt>HZvx_V_$i!@FQzHR?g%!vzb zhl#25U9njX=t+J4;#1{sq{?`Yksfzq@8Hd#4EqKRgMRzzPW>_ynT1xzpAs*{RZ7@TEKcb*8z!Pg%5OAh*@=tDN z@sF2Z`shxJqz?kd=>v$C%k3|c0CujYu&w=Mh#!J?n++aYAL>)|Jj-&VDMJQt^YQ^R zv5srZB0=qaIYI|k@vU^t%b_g~G#$KOUM;;d4Qb!EV{!V1^LeX%MaN8Of_v&(bm|X1 zgX9}H*|M=kfzMMgZ(%MPO*r^N`u5+y3t}W;w2M3!tiCjIKi$Tn!S@O}Z4XF@TW=?9 zNLm*Z=L5MqmQZo__A|O*LR3dXk@(M=WX2Z%x-?FcFo_uC zTr~+?@j16Z{O)n7$L)0qrt;WYd;Yz=xH?0Xcd_b*WXv6Z?lFUpa(xVZBTzdgA~d%A z9zXx9-oJnvNdK8;8~)ke-f8enV?+9C?s$P1*{5Y7Xl*SST6O)#lcxt{? z?(Vdt=!vX0nRaVr0jorI^_^8T*&)gyQQMZF$r|j!o zPa@SF*fLNHw*{a}3(goo6~^#8%hyz5=%r9n8O7s^IvwhyQ#o3)B9o-eAKoi{B;M-G zMhnBfhWq~2z`Cr7|2PAPKWq1_P*BYRF9{FabOdz7jFiY z!N+PT4-{WjpB^<@0SONmMvIiWL_e;Zm8_!bv!|@H7_b+58@9Sy)0{jClWcK_lQ!E~ zF0~BP`$|u5y^MozxnzLOuoGh5SGHS$6OW``?Jn%h%&%PDW8&s>qwIl6Of-ix|1@=% z@s%55z6kHfip(@r#Xo6EuDJW|g-E-GPq`Xh=!0#t%4I(jymzX{vK(T}KQyHFjf{L0 zxJcGE8jFv?o4{pxFiCNkpj7;=t@GJ06X)fkYF)>0$EDp1##{UBI__&t%uExqIKNOw z;PS@SPC{{Q2XZkur<~CCeh}nQ?#B1Pm_GQ(LX+x zE$d{zrE10jk4-Gwcf;$_7vhVN9Z^+~R&-F11$8>GgR&>ocArCo%kFag7#8PZuqJiB#7^kQPU{nxS)R%Jf14Ki^aZ&asRYz9+=VYt_fE5c3a(A%rf@EeserQLW*R7wB+>0IMTY@R@|6WmuNyOo+H1;PZwy6CSaz#A_!HW91STKV zTxvgu*TE7hf9X}{n5xWwOxiH1F+JV2C9|iSY}wSI@$dFXPk;AlTD5BQO#hfY_daxV z9Xb!JP9MiLr{vN*-IqipL@+~dmiG?Ub}9=m+Q{+=U^^W zG)pfTfJ^KwlgnO3PZZpneL#~xEkzX+2T7ZaM+U_Sq;+J5XARR$=0Y%vm~61yL^PHP zWk}TnOY8(T&q-!KNS$BbTVEGgdVfu=@2k1mlRX| z0xK2Bsn%74kb3*3@|~ljhlixMPLYHi1pds_f3bB6C z{tS`1wUNDDvLHIj@Q(70e!)hP|}Onkc%&k-`kJarqoO(}|DCPY#D|kyOte z!M513vzMm-5dJR5Q*_teZOG1Nx0S{nPUd~!4gE*P7A6E|$>+wH2E{vwuC1{y5~#3q z!0qDb^h(-kS6RCj;ImHum&ZRU_Iyoa>e}3iVkwM1ur9z|;Ve-6Z{UV!QBYxs_@swq z7s(?Alz*I3L3!p=P!*;cs}QJj9*)W> zLe2DKWZ|qzxse`4ib3za)Wos`vfst?MY&`;Exo}vV+|itfi|FAE`!iA$Y*_*uxN1o z@2Icy31UO!8-?`&^9x}#5n0>JOo~1U_|~GA*@F1Kz%<{-rCJK1e|~Q#uk>xgdvRTN zE0oT;10toay+shYs^!R*7$KqgLAQ^?UZ}s64!~ygRM;$X8A^}I!b*MzlXc3OqfLI@29QnDjhv4Qr*{~tr5O_pE+STT$TOl!)%&M=o!^97-wAExQ&%?1=A=B zxxI2JI-p+CpnDRg!PYH3Kh?XE!OyLnp_(AK!`!ponTqncv_#7yl8;hKA%wGMYwmi~ z*58A669Pn)-RJRjwThkN6)X!rn0{eF(r}Uh7WN(K($%w{;w+5!aYoSp`SD*^5-Yv` zOE-GM`vV{2_?aXBB@_1jOF4*L_NK=`qQH<~>O?W%JgB0bizI7s2d{gADF10~=~rUs zZZ3RX=rY6}C59M1Z$Z5(Jjn8|U_aAno{~DGu8ZltYZqPMR@Sf{ zDXh!@1hIH%&D`9$-Yd7hcfiA+OJ2NWkpfy;&TN=*Z;-ddjK^N|NEk$ zC?HL`^e#wMdXoqW2uPLQrT1O}gd$R;Hvy%0M4CvK5_(6JPN)e8NKHT?K!|Vu=ggV8 z=e~E}o%h~3@1Aq-Wo9SLY}hQD-S6*PKIQOQVO<6-RYBi|^zqyi87FrCy<{2@x=qBJ z_<7VN&*c=S`;qh*Lk;wE7LN$%+R}MpagNZ4`cTH`A`9OBDxAC(B^rEQh*?1g!Y##z zaNK#<0{YS}ts1R?NwE|3{}5Osiu6o4E6-W0ekDQtqC1+jPkYx z#;w29xwIp>iSFpIoTO5jf{B;7n#QlF;9ZuFCBxyZ3M>O!Eh(Ug1giPHx%;JAN338n zdCM~zHU7jPIERUY9qCx|7ycz{XTN+=_M!mCZ>J~Poo{q!cQfGo@MpOs2tSr|bw;xK zlyb2zX~Z1cY${IQE<4`WhgaafTcdPf^sZKta|(ti6PKc8ru^8=z0>DH>))Jy&QRuz zJ)|E~SbNmzJNl%RVs#!$J| zS87gc<$aXNErAVY%+vGJn^G*F1AUQVgG<8@ezfZR(X*K&0+7TH3H{M9)8+RUl21q2 z+Zc|hwh|d72I>b&%w8mAR3>`1ev$D~UmBC6n%z!^DC{)rR~AXel^g&@3$XYQqQoAq zJu8y$RVhbUZV&&qvuAzjA}3al&o5cL;%zK3d}Kq~j3&kl?2SRglq6UOj5sh&F&`!; zgtx|5DW>~WOk7YJ z;Z?h5+{P4eQ+AnVX{PaAhvxTc1}9k+YaiX6nw=fGKj3FQT)-4lx`)^0>(KyKV(#~i z)3fxkHuKBmy5IadYwv=?Umme|88Ls>9{OedBz&sqvsP+ki!9a{{n15{r}JSKeXdO0 zQQ+N^VaIph5_oeM4Xs68?ORP--(e;OB7j2Yh_TqTqF}wO^1${Xox@zM!NluXVbAaM zibolt8E$cyylWdQ1XEL~Q+$w%{B@-=<6bzT5#z!AA^4VknrA`!>jBQRGKw0b3N6<( zXRT{Mkh(vw71QBYhNYjab8lXg!=osXe3x?G#uU3F7R=G9+Bn?#^5T_2yF30voqe_c zs@AfO3OEU;zp3hx!3g%EvC^pN`0x?L=&O!4P0`P$ns1NS)$dzNX$HMJcCpy*QHAsp z(A;!Go-n!(eJJA^!rfa!=cwN?kdS$#%BqE~sS7oYws0ad_wD@w2g) zQ9fr!C+;t(HT8%Hb*7W}{0ka1f5?Gn`^Gfd>YW~z%dR!7*qe6L@Jat`OY3+*#~iS% z5FeECaB}+i>nm|Mla|=fvx?^&k&EQARvqJr*Lx~nQ(8T4bR~bBu(VA`>A1Z9bykd_ zhum~+ftF;=`z;4MH!m`pr}y3k7`^|dL3v!l2TH;z&L8O*%>AiT-ZEP7+=cag^%J^~ z7L%COBxF%%X>rg+;=nQ}R)4Aa@*5R7N4R;&k5V6(mHz;L$trhQ-r;~F3 zk-Jb$vjsh4=FVm?gfBAqc8@{>Hz(4fNv=X}+0sz|VP>L>M1Ad5MHth(rQ&WyzP$|g zQ~3i&+Dl&E$xJtouhJf^AwbZw`nCPv%{l*jIqCo4{p|lC@%A_P7%x=ZfFe+>>JC(x zrruo}f-WrL^o7UTqjp|We|Wn}*GlLaj*z^>jgJno{G&^+O3d9zchL|Hb^i;Z?7_oI zpk-}azhg?B8$e@gZja`ut%%kIs(e#V`0I6siwI#r&%lLQiwVvJXMbDHw3?EaKRJf;x1ccBdAbraZjXX%V$d- zoIK`yIs03Si&bP!l=S*-19X9)YU+VI)x7eRaTJuG88iJ6qiHqM!%`rvJ}XlB7o@S! zpp@WTVPH|NU+g%lV_=gPf6KJ#S;i0YLg9aC>_$*^5jp0jCN#?)*0DxiBFYMR?Y@im zAAi)b8FXrKbS|P)a6xKOdr>*dy|{pfbp3C+EwS6`4G%F&$hwz(5lsxq zP_fiN#tRqTN;r^)36FfkztzYmeuz^$U$Ui-P&NF5jX z`__hzlI{e%4=ZF4O{Y9()$&ogv-4`kEqOK13UwkaPnaL~JZer54)#S3&Lm@)`7ZX6QNOCVj<|BHaM$vXco;4t=8w2z(zjHY=<I~J~e z$-JwU5Rk-%mpK-+BtC3Tpb$_`s`5iJf@yPz<70-vp_1 z+_@3LJVki;4(KlY)?tLIG@(QHnV{*bdt(rR)3b$RB|GSDXh7Ipqb?D=U%Fdph?z|r$3W^S8mcP*a8D$hGBBCP|Z*nxkYSG znhHtEa|g?9YJz58v5_>n4m~S}k9+XK%$ika>GLDD5;yOKFTD>Bo4DQir84dvZzb)v zgc)DU0Ju?H8Crj0;A*EaxW?o_`KM#TxpC11q$I-u(nj+$?Ij^)j*EglSs*)!f^6kM z1n`g~x3Fs5+r^E1o%5{A)(*5_E>7fNr5F-^v;3Ajjhvv#z{y`-#RZ!^^=4S?NWEl*|R2M)AX_Au{%ntuf~XAuE)g~ z0(8Re3*2I2|3#70^3E+gCT(Lz0_-~>S4=**;#*r|hAk;c(tZK>p*V%NW zx^AY%(@0rG(}B%^VZj-Nr^Q%xv{T~rp!J)GyGH?`y!Ia?f<;-(hd(8d-RGZp)`#+C zwS85njriJ-4xmD(Mq-_J+=96svP{Z22_M>c8>Dnh-)jJ@4`K+=iPwVHb~q}x>88Uo zsU2{$$8f~fMnpm9O+j9F%?gfWFE=hB!uiPd8hJm5yuPWjPq9L{bg*%Vbzgz1Ci>Pp zwCMYW?A4_->fnZ_mSChQ`V*wbI?;?MTjW{Q3rm%l)b!5x3i*dCO+Qyv0Re$;$1eOq zgsD-@qGSg>yo;|;3-OK@as>ll)jZNt%p@JXgR(%Ms`+^Q>w7LXcL%$rm0@U+vJxGS z%3mqy)oJm;JTqB^N_fRUJLT{;8KthzRG8gkSnT3?-*-uNvQ@LyzH0bXki6+=#>jc5 zTLANRi2!5NZO`pi9X`I@=@e@ks0Wgg4U?z*b-sRU#zT^{;IRb85pwjxDC3eJtA>KfGnQ0Oz7ho=0!(9zAS8nfaCNt1Bld-k!y4xVm)kyTFIiF213(X#@ zpoCyG(qb5FrEytoj2wQDLs&gZR_V})o_OSW^>}B zdjF#4?%K>L79Y;lAD`cU5^FRf;c7iZ^)61cv*#eYTXy0qu=;H+E<(cPQ4@NtmK&Z) z?(5ScLGlm!1jeK3zis64_^4Y5L9dw!(=Ff0=#v?W!(A-UtWRA-&j(o!YXc%;f>^a43`~~qzqjqnmX#Rq< z#r5dQ2vhTfaQIMbSbJwnD{AUTD8uQF5Sq)g*PXlTwY?1YG5zlYE4!LsOqH*zEu63B zYg>(5>%KVO*H4LKWF(rqtF)&?=$0Zeexj&EdoJ#WyTcZ{n6U3&- z{KPd90>?Ewt~Zmr>=-9tZqCT=c`P?FP&Y@e{%x!cENI(f3w`s8{RzL1*^&@6+1gb) z7RL}i-9tBX0*xr;OMp7mJ`n*odEU9_q5FsIo}57SrDj%I=bN@W6pAXS-6a@;6PW2V zqtC&uD>r36pkOQ8lQ9K5Pq#f7{8D5QIWGAP+BQ?C1-tQEb7sddQAF?@qjjJ&fupO=4*>e{23l)umon@PPmB&>Opp=dY@_}h$_phapB!t6TI zUkek@Q(IM-i5%&|z-_#%ogX42gf9BDGZK+1&2ceb5u3 zrxDuw^0;;K{z9LK52CU~4SJ`0kj?8c6t#qs=c9o^YnU*qbb8V^kt)tW6F=GNfWdYg7ZeRZon98}uO( zyN=n5(|oQ%fgJ$Igi05GJ4#Jf_L_ST@Z>qFmyB)M+F<>~PI*)oLnrLvRo;AOV(u%E z$=YYkU*d6>Q4dk7M!Qx(L7K@pq5eN2$9~_hGnTfjY4+$F=NtY<(hP9ilA=5ct3PlGOk6tIXDcVMsJmCff#~r{1LLF@TCDenev+|s1{OQi?sK=^=sYlhx;MS z%u8GC>G}sD%FN$%d)3plgPdd~)%jOL*&kuRh@4afC{G0O-Xc@9Zb8Gt6MF_&b$Qd7Q`0cAx<~gs{a&8FBHU(3g)ym=bI3n%O<3m1IC61xG5TykC;kI z#?@a;?J1bqjeoHP{T{qo7 zRj14UeCWgd%+#7gO3$DS{~I0TVD=$q1d*Dm07{!c9E_0=V81@b^;DCzKux!!DFaFWKtS13l*cCJ;pkv#@<6`RLJ7+H zZ2*iNH`Vj_Guq+La5-GF{Ctr?jL}Iq@4lg!lu6{CPloorq%9E3M=b=Z;FqVqx2+}(70XCMaQ8O9uGX#8Zz24p z|3psszcKn!Clj~O$UfhjncyaT_QdqV`%MrLPv-YKTIKb_S-+nJl$HNts_*{zw0tky zZ)1H`YN_sM%f-R(@DqvTpT+*7rH$bpk<$P#)=r3D8Iz#jeG7At9YX>P2K&{+sv~!4p0cOr5{Gjf_wE za=TkBtB=IMgL{7rR-c1|wZaUyDBrRZ!5mXbM=F)PylfBi>LkJ*D|L2w=56o=QYgAO zc>2tz67>QY<>gj6y>`?{KMm{6-lXq=HUYdpguST*>ByRoJNYi75bm{~TUcGcZ_KpN z87x&25s0(DkfyNDR{bNiivCU!=`GWcKHe@G5BXN^MT<{%fGc+ZH~4mbLq< zOfmBjvNkcMdg9iA|GdVvT&g+r3dRpt{93kv6Tya{H-gFTsK6mCi0@mUrjZ+M3M7kb!#)>rU7j6f&hFDcYdS`;I}3~B?=I81mowIFo-%Dd!-^A(Xsd^hTUiTeb;@cuVc$?*zLZG4Ad#@#_PQR2Qg`LH4GczGNeGE%v2i^+#)S z34K>`H*qC0*YSQ@s%P5vGPbIS>mCghbAJyZR;w8mbznu0*3OfvLuk3K7HG&&m51sQ zWjpqAU)Vo1rBGsj@G=X&p|DsBeSm4Jg9^-v@_uOn__#;<5(&8BZD=N!=Spm!K(9E( z(+6a}RY{Vd&NLnf0XCkqRsxJWkxEU>6S}rG))m z#KpiA-#~85q$+24O2+#Es(h}Mp%F&XPR}PiEH>Dtu+X6D^;K8t)8-3l{jM_&Y||Jw zy`$oGhL*Gl;6S#3YC9~IEJxd7zHGY`1{L~SH;pgbtaKIqQM5_KJm;3dDgHSFrv`YD zyM+tQNs1Evidec*_(J&wZl7%k!k;94sJ|=RqCNkO=tZG&LiRCtE5-+Tj$%lWh+rVj z4VbN$9%ITEAKbS~Hz*X-OA#M-+wXQWxXG~|%77Xtn!vi|n6_O>OUv~~Xmg5VCypcO zUh;k0=z^QetSV|?LK0|e<%{-b1CgqQR zU-`$Ig6=I`o1}iGf8yNkN0*%!nokW~uoi7};TBAh<3adI-@#+}A>n-`lAjt|%-Yh( z9?!n7gyw%au?E8Uo8!1@z+Fu!$3qe=i zf9AXLOr-}Tj`vnfZZqmr5EBN`jp;qj&Ze8LpBXuK!n`SVVR*T(v+1Efyle++NqE5O zC^&I<@(T%x?9xi&X5_dxXb1Ngs)K4s@Gm0Au=hzbn5E<(MgyhFAmy6AI5XAv>mUDu z1gh6H>UR{#Ksr;jy4&(GVQy$0q}OYpfL`ni7yA()+U$I#@yqsfceFsE%p;U%2Aj$> zx}x{`(qOlE4B4Ymnh|J3T3Cnf9Q-Pph~q!#;YJ-z!+#%)v^~^n+*+qz=kdx`F}~-( zohBDz>;=$pM+#}tEe&tVP(v3h<{C3SQ-KN}Y)^jy=;MuS4GZebhDnSKOOi;(Ji#^YPpY& zn1{ekC%x@nk}!geRZQF9O#iD^mv@)C$3#5fENU)k=26l6GWQ48UCW#=U3PbLDu$0~ACU5;q> zw057K0RUsCbo-UU<&}hMqTytqPo#w=fT}HYIeau_oS|&_J{k$orlx;@ z93;`?pilmB-RcWAKPrfaosZ1;H#AvM-Z$y04jh!)dG=(r`lqkVfwk<9rKc}ngB>;tsAaa!#Hi8}h3uSH>uXIsUPT!X;~rxkIiN&! zF?K*B_GKXwQeW)cGwUTb26^^lg6DeDH8Mb#`PJn^hI@QlOb^atrc0nYK*V+hH^HKz zq)wqbZn;)fkB8P8vIH)DwM}{W4yzXibD?WO4_nCnK z$P+FfwakN6QBm}6*HfXx|8HhBf_q*u8%@%Ku=sVY-$q4CaEbR`N32Swbl)#xMPVXp z%Alt=28t@(!(d;!R&z%C?%v^nYK&9Q|cDnu$9mF*n{PFDC zY~oO9efoL^u9yqs{>{dST9p1KY@D+^6X9xUd|`BgvU1v;?uRXFBEf??eERdYip)Rk z2f{x6p)3+$L#?2W(np>6%Y8{2W~^h`@xocK58`=IxIz)h$L(R-XVhy_AxG}F;&sYj z`O59qg+7Klpr_BjqD~@{M`ED_+Xp?I79%{%Yj*ZqZ@S;5N~z$G`2-j5serXvdWYrJ z&}wiZZmREoHLQ`GD<^p3)1SbeA3br$CL)Z89?F5RP}s)1qj=5TiBQ%GP#C`qhgMFlyX5MOoFa|%OyOc(kou{K=!;Iy#1X78J;*HK( z4!^H9l;nOKeQ6gf{S-1ho{FMKFB(YVaPAzA8|_#kRrPU|z0f7ayE}{al^%nFKxEnH zT8$fk)C+XJzpTDiV@PUo*9q)if*tcMUQb)CcCsh?6vek6?&gulcFVE$%)th)BLZC3 zkpeOIXq)w{8;jom3l!-;|BUIMlwk~w0`C-OXoFZXv;rC9Rn#TKR>o1<$t>xO#%i}r zO}v$e(v*($zW=js$3L_?{v9?;b|4gQ+q3{ZprR|`n*4u7k(vAc$hkB@6@YaA`+WF+ zeO$8;k>qMfoN?3lX2?Hi;r?xH@gZFqcRxLj)!{)A-ER{79dRy%k>7sGH?$T`xvs&} z`a^GIP20%rHSXe3$?x@$yKdX<8wq>f$9l$Mb+y^))>G17Zmct$X1t3ijJ}--K$t@K zYKxrfHuk#U3N+`L7-0ug)NG%R%U@8pbclQF#Ug3GPM8AT*olF zbIO5}r3s{U0$EU@AO!lzc8NzP{)ADdoZlOUlGX=*bvvPq1qc96{jk_d!A^1s*W7Xl z7|xWLn}_bAZdRv9_YeSzR=jJhdOohP zYCRNN2HSAh33r2v-@NbP$Eu$;=uceJsAm!#UA=XF!+An$a>g^d_k=j2OYrwoMBHH$ zY63Bx72)Fn5bbX_vN0d!MhSAsoRF~$zgLI~YJbes^R5*30n<5z{R>jqDXltmhBc9k zz`BJua(^g}oG3^mDz)C3)x@=Y>X~b4D-X0zJiD{o^%6Nv0pWYrj%G+`K+O7Izxr_h z!)Nhj1IiC;uowe+zGBJkzaS>CGx!#ksqx_k>^!?$%(G?2W0l1GF`MJ|Q~HRvQ97s^ zo2^rMr1g*v6V`m;Tgw*d0GF!yVe2CYVPW0#6oo>aAY0SU%-1QYlu({YNc;%h+ioH0 zGs)VnV%Yg^>6z;=iwjbflt+hBb^a0i#0(f2QMx$mw;nDVzEH@E0lJ&y5ZdVyh))ws zrjx^;Q#Ok8m)9Rxt`mIK)@><%oZjIo?oWDorDwgoDnDQvs1|La(3%?^a^clg2-M*N z!jwO|P9BdqF6AVQ82ILF=GeDtUj5U+9Q~huVE$hQV|G9lX=e`L3R)*#dA_|GP3S*1 zDLb?3ha<{62^cvZB&klyA}lhKM6|^xpKgNLpzJ`$u7DKB+XRWy%#*EsBd+CWweyn9 zR@v|#dGGee)oz2`+Z|pckb_|@w5Aq1%G$!hEyyhYzS>4?(YLhQZ&UJESo0n=Q-DBs zuBx_jumy3i!3Xs*e?b+~R#ECTW#WTf!3gkMFf|UmfzdIx6xkSDtW7{Jmuu49HLb0Q zb8w+N*0oPl_msIe+!A*fhYr75aLY;6ZgE~$Ng++l_%cbAaQx(Bub`b^S9KpFez)f| zPN!7o0=Ok-WgChVw2;$xrH^QW8YF)YpH2^+5K?=|rVx83so(tzsd@q08OR~vh*(kUAgZN&E>*x$@HHHf@E#uUQ-fQ2G!(C7vJKS?kBLw@PsaQoNrWMkQXy>?X> z+x}3YP3r%*{KWs}u^x=q9#Y{s+JZp#86lv@&II$gJ6O>kOv~1aD49}^JP+7quATvB z0#{W%rF8UF=DU7D`NZvlS!>qaKTK{>eP&bBO`cz$m^0~>U4rDDPejE8beq;qI(>gI zdYk+}U%!;J;Xp~G z&dJcJ0XHa!BiIk!TMQf6Hw>F{GJdgVpG;kH^I3jxPNi{SkfZ2!&G{OJbT1?k|Dr<3 z!g4nx(zPuPD~Kq%V-^-Sz+_mMMZ}o$jWAkDzO`4H-7nMpxAD(J21`9ifb{6vrRP!j zIUMJ-r$ebefBsFdaG|@U&F#ddG@;~^Yi?j-m4z$3d(tS-D80F9RU5&bOl#ltXcNz* zpF01YZT)h2d1-$6VR}T>{T@=x^|kdfB%mJ3iYhf}Xfa%)`_}N9x30`z5cJdWT}0@6 zAcR1-DJgD>VXjlgNE!=ZNbx)4R}YhXX?rJQ%7LC$bf9xFcny&sc8IUvBV|bZu;oSz zQ5AJZfU$^b_yjT&k^dKT$&Mxc1TK;}8H!!~%*fKbJa@wh2)c)@F}hv>WO&1#BE$K5 zhwkowz%Xe#GE7;&Hi=WKU(JW`H~iXDewdJCm;uIrm!J2pU@c++*za;oO zkNF0WVEZ2^_^?$W8e((Op-;bdQ3)Bl8xc#An7hfoeXjc3*QAJ-nOpW{hBzR}L*;^F zy(tIUh0NV&=6j95q>c4@2{c0$oT7G%XNon3+dt+U*XH_z+QqSAb=Nxib253ZK)nXv(=^G5W*3rt1XFKR27b176GZ%Q?- zQaPN*m_zWzr(VTv_w9#-NdYHzn4D`t6G&D#_Yx-5TyCl3+CET&jx*u#k&nm*cmi-~ zzx6Iq1Cx*-yTn>FD9U7oeTpuu-V($Zt$S$b;xt(MWwumOBvzlSwa_WaFmlVV3MQ2% zWdF~dz*{?qj}#F_AReJ#LX{Ue*2*v;dgq2dr>m}@+t#0YiT!Xtw9B}9Oi((}lBsN% z8ZA`H8@B5yjaSqe6ibUWqnN$)VxjeZSU?x)<`g^PBKr3Rv9o&Xtah~Oy(EeH;0)st z^z-e;3k4tRILz9J^)jQ=xfQihgQa98I(F)60%0xv6>N$si;idp`cd$EZ*e=Be?h%f zU#${@PA#=tfjJ1$@2d76Al0$OfGO?)xyS3U21_-Es-?kM3!Ml3T%r;BI!|t^^MFXW zV62K@+;{lyu%%vex57jfMtkN3eA&ru^-CdN`-stFLs^3h_eMY z;YoJ!Hk?QJW~d1GW<1!_DD>{FJ|+*B#oA%mk<)KNMwSEYr9-p^(jBS?%bz|xXo*v_ zC=O5#)5vC7{B0a*V#QV{74XQn=TQWO7<^%Vq^t9fre`fyb67z&fK12*QRXg)fv?|G zz`<`qf2$=%65(e9lOPPv`M=r!;4l48Z*~2@63jb4<%is8iMlEo0ciZW>^4i(W2MdS z*w^fzA{wXrHZaeyVjEO{mZbLK*e9lfsk!6|X}#AH+qc1ognzht78?duU~tW?seR&& zp$pyNGS`Y)`h`9NZ_wSr_XMqiX+4-awDrqT7`hTBP*{Ca;av@^vNbU`f|n6*73h#G z*WxuFc4R*Jyj!2h)etNE8mdlvGz4a8E>O>VEji2G$QFS-EWqSy3L{Z?ql|r|g%qyE0~o zxHbu&z6yU2z1Rm+EgyEvdo4cG}6y=e)jhLov&MFG93Hvt~j zI-SZHeIddKBi7Ujp$Zc=!`I`5N`%Hc3qLepTdTZA3C2F0O@8)CR`}(vOXb&f0VxFw z>%@*5NW0>*!ern3bpU%r%H`mt^CDB-+&X((d-H6e@&d~8d6O0sJHmxdSL$(K%HspE z1i^DAZ{4V=5 z@Y`5x`Tg`i{m%c-JBm~oY{bVCuM;otD13yq!_umLs4S8F>p#*9B>3ljW&ixfFj~vV z|9z1E57(q-b?DyP&$`4T8g053e?iq=1DD_5GaBfrnB4k*LJ$3yHULw|{nU?`MAOeG zTsl=dZ0@+EspYM=eIa7d=i@ZH_(M8Cafv0u3C0dQ&Xpf3A#1f&Ox<0X@YP?ZU7w}j z_1PzV;EsP&`IE4VZj)Ju3TvA)60&LVLxJd(NS%*F3G`iugZ-P}$5N?c z4v&*0k72Y>JwV{f>6-rlcGs>Aj7o!o(Y!~SiLSvD6*`>WMIw(_0yFRL>>oMn@MYH8 z|IIeN>F5h z(xHQfD9IqxLxrrl!-Astzc%0@xohL-anz;X#9RDfM3F})YDm>*S|JS3QXvGez8Ob= zB=AyoDA13{HV7X9pFRUS{{>ys65-Na->H(U?2xb*(dt=SVMGz4um7Yj?T&0P{2`U) zK`X{Jz?V$cNVW|UNO)(n-VNSU9ZdWn>%fkZjGVZ^kRd!4O`Rq2x^AoXi-|Q z54p9SfuA{pUO=;FyIzSQ)um%mnhb`p<;aSLPEvpzf*p44grVnefO|AFYArl0Dd+u&794WtN6>zI~_lx#L9Sj1vj4;i+vuxc^{6CWx}MQo(@|nVk(4( zi-3t6uCnuw3~x?AOH8x3g?9BF>iW|Xf5NiQLU*b;@Ne?Eqega*=+39AUMqrd-@%Mn zX4LMcQBE!7rDmagQ{CFW&aRf2Ip=!?feT}hIFAF-8eaY*W!i*4H4S9A-Y=L51B_^> z9g>oK|10#u%nwtFI~;P)35>}a6SI)8p;yKWbudzZcHEB9nG_0l)H8#h7kHH&R+d5&c;HnP`GF!=- z@}2ntpOP}vWk9}KVUp$Hqklnkf3y?@4=QJVx4pABw_1f2J{IFlFd$4>`63_bx_FpZ z@@tVze7?)_lPYiAfSG&FqbTuK7Yc%uWs`*$P8~!a8wk)<$yk-Gjk^|*)In(-$-!?^ zOrDCCUum*Zc=@(f4vF}x$9U$;GddX~MmES5>`=4%TJl4Is+96RZSBd?*=L{fX_!;Q zWXAI!655j`p$yN9qFYuP5+j;mNfMN_lNVp(-lR*C%8$W<1qR=qa)=COEG3vsumwJ3 ztr0~u^aC7?tGK>6O!5|>SnxzBfF%5fWLIjBN!lkhd=6fv^kr3_!tm1+rHQbpkx^RX z*>yHd@Fr!_2DSb)Vy)mL4*H@Q(;Ab!4T=hAL$d8s&Ey_(EG6R8dtGH_c z$jYEDhGqcen(J})tWmn*VcZCwy}8KVe@Ev+d;Ns?7I-uR3(h69Lqc7KMiN1j0rjD#^vTX zn7+AJXkxXrs+LiH*V{m9M)unytAcun8z3IYp5)m@g)|Q{x;oWNUAI)@uB*&#YTYa2 z(WqZHaPM5I?KoHzsNyDN=Y{AD1Qk9+-!DKUE1KA}&sCX2w%fzf1*HRJ`1U|Ng&>}U zADGvhHGs5Jp)d>;Tjg_WekeXwY^9NZLO>|74^#~w;7Fl-kwkOACW3idi4okYkK1J2 z&Nx$@Z}`2F8od0Vsk5C*Ok70K#xTcsOJCsx?rfZ5!| zw4PMcHKi(aJjq9J`{z~2@3NeBlgs0T>qP`C8s@l>z|fWrCyH+Abe6zCuWKe&vJ>EU z!}pxbN96MeU#CQ7_BIp>b%~<}h9d5X{5BVUr2yWX|1fE6tbgQ`zzeGN)oLdY+%8E= z;v8eddk&C5RGXWV*$o!|@Jocz!!;*XDwoNqM0Nu~8K84eQAJpCi8J`ibTalii~{<& z>fo;R>SfxB8@|)&&kSDSj;G^WJ9m7(f+&lTKxP^V*NN$3K=+*WD?Vuc+Px^$LL&4# zv^^q-%nSb;Z^pATK$R?1gG>=@2F;C0&8hs}BCq9*@zYH_4Ep6QY@f3E7F(@(Yap{f z@*i_5$z`lQ=2Z>$!Qv(g*A(OyEId>mlyF`SYr|^`b`r&;2Zl=^(zRjiPPLCM&W^Sv^<|KK8q2$SO_o`5JeOYCjR?VEh8l+X=`#|;Bv#@apKy}->->4t&x0)T^r?8 zarOt7A-U+(lp->yFoM*J5;D>&J|!L3rA44g=I4+^@hR!{&gJKQtRQsU@QV(Jg8Wu$ zA%AI490m>GpmBsvDE}VjHVCuPOw81Bu$7LOF1LJ-ZQ!mC!uxSGZ^a-KtrCV;hanx1 z0ynkA;W$=S+86$iJ8G)$igmoalUGcuR`BLV|19bH%yJ=^+Dc@D+YY8#u^VQcm=XheMRka*e9#7&$tsVG&>H_>zlUSMyi`W*B%(zTL#u6UjEnXUiR&rsTifwQpXf}g z9j`r?6&MY79383Iw*~~Folfupkk7g}y1TMO;p$ta$Aj6!9pA+q>Zi0B<9=N31|l-X zN@xBGAm4|L=v#EZfngJSY#|;xx=`|wYfn#rLd3-C6X3X4jTP<)V&m}cZ+D} z^8NNGeugPBS^7K}Z5`F3<!$n zj1_Q^_%9c#f8_Q5**5}!ZEOcPmlprKc^e6k7X1;%M938u1Cd65Bkrs+a=bJ_p!fd` z`}oEY^Rxyde*WqvofGXf_?TMD6_C{bq9*b_hAShK1eqa|zM6k|dyUN^Qrn4i*jLVa zx$`{orl8Asi?k@(iW=h${VLP}Sq`XfEZ@E|9J;saObbqJ3j9kj@6 zZx2affqmu`*?GgHm%WHBk9tOPGQ0tNN@ZeX>v^l|3dQa(okPt{AQ_H@wZKxKMAe?+ z&bjxioOuG^j`3c#UDZzxd6R12EXR0nG)`mFDdAw;5FWrgGpm3uJ6&r)U1o7y)>z{& zX#62$o%WdjLAR3sHOrKHj}cwzH8?YUdszB#BZfc**}g#pH9((4N`R>$Uj1@aOA;px zrZ;a);|@_;=QSP~BTfE|og=3@9Fq>rI|pgRv@>m!BEd)DX;4BGt`1Ff&Vp&!6eW2A zkNx`fsHeD9k9=l~Ho_*4xQw@8VMaIMwrT8-47aoJZe~QoP{Z2@V#)ZHjX1N(uPSSk zR?n{WWlM7(`VywUNM*M9&FkAC!+pP$T794RhT-OQ&t1$#eCfR&g_IM5wj|#RtIjyJ^8+P?o!OzBw;{ zRXvD@(?Y`NhuCxv|Bi5n=~Mgx3S;LppdGWqcb+mAP_^iQ_TxEm5spk2a>quu6=ZE2 z#uwX@4Kaw>P4*H5$~1^!EYU?sGBYZsIj7&^Evh{Q1P)i zfH{FFu)1i5p#t7;iZ%0PNSO}x`if3~gpX=^>0u7nlXV+=-`a#)Q&OME=Qr#qwNy#3 zRO`DDh?n6%U8fwL<%@ zj&kC=9)&4>_~ddLUsqqZVxQhVx_LoJU0cQZE=`Fr;mXhGrUUE}X00ZtQ24-H7u}`5 z3O9lG1#q>)BOr|g%oHW1#J#7K8U{NVb2JK?TkO%zUU*PLwDlW>$NpXtN6dy_o7%Ec zEO@k4M`Rcw)1%uU(gz&IxpPfgl9MwQ7SCrU1Q~*S0gB0X6U`XUsrttn>Gr4u{_=mB zk`T>qd}&CKnBpGEDP&qGH#t(!vR$}ivMD*dX{Yb^x?A((vB^hPw{K7flrfSoT0u!M z_DUF6!Zd0GKb~1oFX>3-b9<2VkW7u2WVM?-_z9p}+s8^CTAvC;68j&u4BBy4(p1BF z+-~ih?O9JwcH|iRj(>j2G-_fz3<-bZg94w2qFHbcR9etP$!LdLiESrFxAh}s7~x|q z8KdhT4Ba0My;_MFD+H8wmb@eOwi|L4jJHH-AzLryMiTxowlLRq8dh)!h+gQ?3UKY_ z3%o82na@J+CerjxZ{F$|jyk)ks8e{~k;B;*oTso}>;q$)yG*mV;yZuY^|?E5*y>jH zo|!cyQ~k7dTZr~J`Mw%)NDjWoCP8H1a-m!5Vmp!2sCEMv579Dt<|CKX2S)niT<+Mu z`0e^1u{Lf;ZeRjzM5<|H&d9o4BOA@kacS4r54uuW=v$HzNpPS#r3>TH zq+LLcpRx>Zuk^8~EcProxZC?yrB69q;bw~%Pijk>JbYd~`qHFDUQ0E>sejLt^HEZY za^yX4UlLkB!Ia%L*T10CkcEvuGXT?5E2_s1GpCMeLH27$Al-bye3Cf;Hk4Us%Mg<& zQqeicZ;&|6MHST;%zdE@7JQ4jF1!h@w=-J^5T$Zm3^{I;hKn{-xE%Ast9#UB?OO0Z zjva#NM2wZ)uS2)uu=%?K4Hy18H!@RJ>gde=ki}#m&Kx-nFcB&S{5%>e6@fg{b0KkI z*+fwJnrxzE2shbz7Zv#+TZ4ssvt15#uGY>A66v6(j#CaD!NVEGvP){o+#0&(YN35_*9`mTXq5d(I=1#3EBJPMY>Rv<^@GI z%>9kcoB?v~mtPZ}(YV3uTJo!o^q=E750s__MM`g`eWX_?%BK{*DNtnI!|`F#gUc}c z{YJR4+4YNSsQ`$T>C?eaJj%3L_*yIK%<&dKeJMn-61yYpSBw#-$`gPC)xq>OCTHt| zg5$l5^l)H0%`tDh08%%ie_ONPB!jilb(aM;U(kHq;7*GtR{~jix)^2?5o*^fJtaw+-3# z2l0;GrX?xiep`>PRvONcE6jn$lk}fC(-%vi!%A#5k#S!a(_9Pr7F&v_G?5e6BOX>R z3%}}-q-0S695oH^Xu0w6ZawK^ESVGuaT+NgGMm8(KoTx=8{6AjyXGn~)&Z_~f&)~B zf7`>8_#4Sk7#RK3Vzx{E+885mIA3n!@lq#>A$^oM7EzBdvW48K-OPXxWLk4#rniU& zDc{OzRVE|X)V=BsE6;$IhFUD&8GaUFvvWDZB+37=_Ve2vC-*R0Lu}yrm*(hzla&*@ z*B%Sj0{lMI;twqwxkPWpe-ocJvlz4L^IHg)$I7A$a)y!}X0^IuiDq4)os7jXJ2XPO z-pLvdF3b2F*NZ_RcXdj`zwawNLd_zk2d1>2g}Dwd=>*&h2z;$Cnd;JaT`?h07&oDS zwlXZn&9F0c$(O5?nj8r7c6ZtGGa=U>l*iNBfDX%BiL|a8XDfo)x{>5ggIC?d-3@DF zp%MOlKMVCqAAvv*9|B|ffBLz@Y_>#M@fYN78-Z{&4Ry}mxKc#cV~v3kkvj%pep;IU z1wF~=@d7G81--2sLrEBe)lJX24E>tJX=xl4xA?6UYA%#X{+7a@s{M7~#5xdl()~;o z7e(dH+bvnJOzPlgQHoc^>Fs|Yw9o3%m+JfOMXb4{2})OHh>4b6Wgb zZGG0PfLaN`3rm`TtB*`jhor#8yCZU{7TbqH74Pgbfs@Vf$#C9P@>^0A!;~SdN>EiA zi9>9(GtkGSt_(H8wSj#l9kKRj_Xs?v-mQ1$aq1A|(=(P`KLY?c3Ye#WEG}?`XF}yr zl#EyUaY9{@ssxeoTVk38thDyAdnxm)QtEIPTUII(0yft!*nc&ZzY&CCBp@ z`Azgjckuc{=12X}nqMU{WeM@c6y0q?$*zK86vdztXr~0p6Z}-7eK>1=TbirxuuaOo zL5e!bXo@)B6x%Z0o3wkc+Sn8oQEG!;j8M7m?CXAj<=fK#X_{?5}BZd>TgcU}e9MPcSo_C;jifX>KeyvPY5G6`GJu!^nojzug zwRJ9d`G2tY)^SmGUH|AHDD4Q65(5H)bR*%6MTw-+QUcN?NXWn-NT(p6NGRQ*bPZh+ z(nvEPB{4%ez%ZQ4`>FeW-uImIyw7>w-y4TN_~?c!_TKB-Yp=ETcYT*gVm&ZIoyLTpM)t{5u1%5~LHmb5LR*dwrV096@dufWx`{tC=gND0we+Z# zkQIQ2+N8>WlMT&d2T*;aSr~~Ca#*kczosB6_JUYs71ifLe}TN^PktZY@;oJ?%R7D! ze1(^=fLmY+&SUuq$vC>=*9^c4&A;Z*)2qI{ZbR0;A0S z@SK;X7%YK~MzD;|YWgApW1}c$U?XvHjuiX81$ha|Qq_#4vni_?G+>c=RFhy-^j$pM z!GRvbL)|X3Ir&Xl3f|r9+mUt=&u^Dx6$Y@x>vpe~4Ikg6+zAWOm);hrIat%FxLIh+_#KR7$fNBq%sDUG(*}VpsoK`C*v_B6| zf<#V1VpVu8dE}nwED&m!4_yRuCMpc7JM1;Te$l90)EO@l#tDcaI|A_xH;Fx|jIZy@(yFR&m{F zs{>$`^IA_q*V9f$RbgeRuw`dJz*Ydh1UQB*si6nb5rC-y+Fj9jwiO1%R|x(Q@Sg58 zu%?Mq+Qc|yR|=4^7%*FTIR}zA7J(NWJ^-dGAMs;W@e~9D`uLZQOLV~g`tG(zy51Pb z0zMBt-Ztdv^eA2s{3fnh&NMKAp7TQU5_2Art3R02^)aoF0)$GffoCjzn~^Wu*CV>= ziLhSif{5n#ybHtX8MozWbUN99nvuWJGH5OBW&Y0wZT%~?%&)Y6e++jRPIFN}<=DJ^ zvK?QAC{;X2QCL>VtFPdE1?CewPn1kCZxvQnjGgN6^r%lHdti;{N&nAtpk!VX+cz~ zikXPUgRRWhAP!JJ2TP_6A(K-z!IQFO0Jgp=Pd+N^gBLlSwFsSht^Vt zM}N)p%xf2)|Hy0{UVpvnXY~wjUa?U?dn4qP&*EBL$i?bTNeOY!?M+64@i871JL11!GH#J3Wu!<0SYt+SlN&a2zu%Y?1Vh+Q0^3j3spim z_%NS>dTW5|0gcrae>f-)!v-Y-EB)5ouS*Wu0hRq2P}zU$MczrpZ@t+5YcI<85J&Wg z9l$;~q(jPD=NmIQ18|GCPPkMAE(X{Egj}3X&I7%916)A3cMCr$BYg^b=M49ErE3b z<}w~UmuHeXwQXXzBOKt^(x0S(=W5~&VFVYHU>B&VDTo{mqrA&y9ar`G}We~>@kYX6Ms_YV{I3H~+b zX?PVRc1(bVpyB{n82*SuV7FXU{QYB|4Bk4s@oaMb_8FdiIlo(EXRG5(b)2ckGxhkN zpdL?$0lY{4$tNKNTrhUw`A(-o>Lbh5@H`dh-Al$>%X)OEBNyj zihuqaovFdUxm*4%U2Z<|&o}w}`N>bupFQyZ;2i!X29@?FF-TC1^If&q@cNNNeJ+JY zQ-|P>$-@7|L>GTgeDS}uO$^Wh{CCUWDi`nL(;6!tYgMjD*jhNGY6+Yo%)7Bl{LGWq zZLQ~-hJT$mSB+?F*mB$_vDFd{^#BO<%w0-``J?HnfI~)CHGsTQ03(L?n>&NMJa6e2!;g+4aB}!mjL0(KL`YHSO32K7y0;q$KO6F z0=(}uU^<%;4^s{0UnJtLJB6n0T>u>10w=tz;@>roN|J$iDVI8qUT6n=CfYO6{#wLm ztM+Wwo+;!rg?zTxp6#_~X4IJ(^+${O%tAhMe$JeqGr#uCuRRM{{BHS36vV+_ zNjH30mHWXW@};{h0gh**^8*p8?v0@s)IPm2x#HwCUc|^6F?DXT<9fs$?cvOtDbHu3 z^i1$9^VJ~=){A`2;xIDL@HSue;FctbSL0X8cgo4_sw`d(%eHPc-FnLvZpuTH{3I^i z@a2G}iMk!^6Rf?DLm^G)(QwJ^tQdcSjt3>z*jG{a0)_lGikSSiDtV%L-Cl9=v3VLz zdA5HgQ0cGF`iHTP$1Ek{PA?H)fvuz&M+tBAhrETX8q4XsQkpb(qw#f58*h|k0wkXb z>~PT!Xw}2c>SGvoeDyJt$-1<=*?TRO$>9hZ!?Ecd7Y8o@ct7yIf9=GaHmJGpIQE%? z$9G+&CD_7Kxa;Vx#!o2@3yI73lmxVI-4wn?f!*sCN3?ige&P|x9m-$u31ij89CMUi zZnrE46|aybt3fijZJgaiT9CKj&;hlMm*L#XMZUh9e z0^H0tfxyuGu_q?7gNjFkzanl%COAf+UGPQ(7>5nUpF?&Xas2Tef7gSOl+}zAYaqNR zSc0cWJPbZiAjZS*o`MKWmVBrHy5hOcxkG^PsY?=qlZT*FZ~(q3Z5tN=AWzzK`}Z{Q z46Mg`Y;%mGAGq3l3Bw`2zz0?<@!FKz?47sL`17=JYytA>XHLC>G~+ob>i zh;QWu4^U@EEbWLKKqv)p;eo{5UjfETK!8#A5OVL2_X?GiF5JijwC+A0jcxo(w zy1{q-il>Gk{;@fRjYX{B{Q)5Ad^h4P!U6~%x53b~c*ViL8=&UjjUT=(5Ba@#V4s9x zyC?{j450K{{k!o2gZsnq8$Hsa_cMNlk86=wQIloJnP~sCh|WZNwrc+&&3LwI&lK{R zLO$DT&-U6gGwRHYIV};;KWEMlHtfu=4Lh@t&n)EsGZymc*dh49yofyC&_(dxe`9&O4iYy70Nc7;fH}u(e||r#bAHRcFI#CDz3mSyjWm?9i5+ z>IKcNnF~T(feXwJFk-jc46=$p3RH!TZ5RmDyNHLb^zH~HUC|~a2y#zY8LQs*11kB# z0#oInJQyN+54xZpZ-)fyXu(6WOD-H8)rV@n_Q$#zz2#!E+W|=capbXPySIy%*q2<} z7jHZ`>wFJjf^ZIsoq`JYyao3NH-@^8xVwYCw7$c$yyF!G9&zev4@U*KJrm(EKIuMq z+q@q^kA;~x1tO9Om(sv;-WgaG)JaYo<$b1i;;TZ%TLwI|SLQR@(KL$t1xlS5JehWY|W#CE^Wj|~SVRN}?}dgUR45ukRQ?CY;Je=~X4`IxQ3hUVj) zKE6!~QbzLYpyVfwGUF27$V+wxK@EuV8C%_lMt$XG@b2lZ3Fdi6^DwOnzb^p49_Ux4 zhky0YKg!w1wgqPj<58fF-|L6e+Hd)qvfVBbe^F{cGassymL&RujX_`z^- zFxM6nYE=zsb6(x?^LC6wP8+`&ajPR-y27_f$quE!fBnK8Tv)CoN4%)0=zZZc#|FK9 zn4vjuJ`Xq1>r!Dt_V@86G5ZZnn&_=E?+@$fw?b}*v$LK9=x#<{=ND9+M9zv=gPCkE z7}4k!;jUuUeK0CIbrG}j*)}o{R9x~*RQ%Z^s~pHkL7$1t6WFyM#d?A=OVSCuc}hy$ z04Ryc=it!&^XSgN`scZ)AP2PvI-9PSj>Y5L$m)s~DC548KAWLQI?U++@^$OUQNXm2 z*_lDV<#bU^UYlVm$aQ2CHJq9L>f}H9nrBHRBNBzs(ZYvsMmpsA>IM zV$KHLjw7p<0(DAHTLhtPVq$IY!TgU)15CW~*R{Ec(gWGQ@Q@9i`@sCu2NpF)S&j&7 z6boogV(IG}t*?daT5k1-zg&vF$H9{;vP0pLYFqQ-C2CJoUg@{q(P-ZK-}o;Cs9Nyf z3&H-MrdgoX=#5CLV+c0ELFlSs$)!%piPM91G?+2uU{2Sk^3Gpuu%@Cqt*$o~G9!*F}95+TM9tDf=Wg9Bmzw8`ve<;D| zu-cJYU*GRI;+e4Ig-Mlzl4K}!byjj1%KbwsRoYL{Be#G2k_w$_edQu4eQX;={?+{5 zT?(@xn+of7;t1WZ5CS|G)~Z>|4$q7!r&j)e%^v07<_Zz<^bfrp^9tIboGkL7`UcyT zLww^aEMx&3424yU;kZ#YI-PAER6$?2mfj7L$D8V!vNLC#cgR_`jl}jY`kwNE{q92I?oyNf<*-u2_^q@k}XuPNs)IFnyZ%`dF{i6OVvBk zsn3YJSlQm!+B4N^e{*cwPV9tHr?p*Qz@UpRH)WfAdjGW4>4w4O&%Kl2Sg6VSFFReG zU+SBEAVVmzJi z*B#IIJwrGTS?n{L`mXK1-FMU@$-Asjn{#f>lWos>z^q;iMkcM2kn)P8AC26J?UD&D z4Oyv0zN_Y8OBv#}oYOt)g}wQ$*1Jq>&ZJJgU_ao3McIu|y1XRZz}dWU`t*uF}-H~u!4 zIK4oGOcum9x`bBmESL+`v@^brd18a7D<2tJ(3#x)5M}2g`J{3ugKA4?rvu*N`%_nr z6*vuBIxs&46~3gqOxt`QeloZpy96Y)q!a zj5(MGTh_$&hf@@iXx+WQNJj2YZW^Kc8SaFgoTGrUtK@j9-yPbLV4M%~(K!S4%9Z+coC!GOwjE_hoNtcCWVV)O8oZt1PoMF+6MCUx(gLzISi&Cl2`Nn6pG2I z?{7IwDWEc(3ri+}ba_D_fyQ_Yal~$2r~DFmeBTBNsVzfWwKth2NL$sn+a!V;o;l+y3HM}~{$5-rOm$H=CtzDR2?c?B>L zux`7-LS{juZa>RvhBK<(KJHrke(1Pe#}oBTD&CD49c>_cdtBw9C|EZBa z$>$By^4Ok);eOdYs_*hM0oDFZPR$z=%SA;Ktcj>@oFzI(aj*za>IqXHgUcMad~xw& z7V>a$;fU+jv(RS{HLLHvAzQW+2*R}^ay(TQVI6(kN@#qX>%yy%{uzUrQ4Y(b8CJsp zYMvIct5mVlh_}Vc#8cwPKm>ig(8)Vjv}{Lso~PqF(Q~P|g4;}GTwQ^&N-a_*F-}A= zii{F?e)v6f+N(xcPuVtsB_os7v7Ngm1D3lyyMrI6{FH^r>MDnK9e8uTA%$gTT-#w( z^^8RjQk)d_Ni6oEs*5B1i$3`*uk%(^Ar0}$#UJcWjo#tZ}B)=n92PH8(0w&{nA$&8{DQ|f)m9QJjOcdA<8GK zre?(}l^dT_YczFa;_5_QURH%+<{0G#-(%{U@R0W%x~W15t=hx5gBtd+p@pp{)Cz?x zK`0Hn$LBJvxuTq5!mkkR<|RD`=t65v_{+DdDBvIif~U*h{*;4Mp%I_V3StvSB+LMOf+Y8 zy49h=PzrC~=~*!I+qUxUTKJI=y$=598LWDejiW^gaJ1Flj7$qFS9$1>GyCmhv@5?1uRZ#SiqKL$zJZen z;^N;?uXyyFGxGzuzwu5<37%V(t7>Bn-H*ClsZ=cWanDkp1eWr^-SqjaB*r)GSmfIp zD-l{S-rTEb+CX3{FVCdyaSzKo8p^2XFMMVy4)>Y}!l|Vpp*p@y*fR7>Ux_vMOKVrQ z;@uJqdUd{3G6h*hN}1=GT1Li)PSb{oIOHpuV5FKJ;s@PpVQt$%9(23C4s@LwrKy@U zG0IG0e$PZ|R7&k*$O0|9B>LcYtA_BDZ~(Lsc-zH;_GhTvZTF<04>6KURob4@%rPVk z{^A<9rahzx!>YzhS-3;$6?1%hS?RvQr57A{dyd<$RFpQ1l$1Q`_H!mVB$HM>PLP<+ z|ESFNnc8U`&;PZN-M6n%5aUxEX_sXiJK*G$7w*}TnJA*_crV1uUfi+4i$i z&>(h@iXIC@Igzc8NkXp;ZOSKPnZuW%#J%cWEG@+RgOx*tOhg6OX|wXMLif?c8+`yD z4dpl6v7?4P4`J23FSgAKVe868if@7$TRQT7)^u~ej3FF1Zt_wO`|uKBQF5Wb?8EE* z!>St^47f?ZrTv@4-;D<`=BS%FEk5MU9+MXWvyFaKO+Hde)Qw4`8~durI2jg5Vr8|? z;9MWjA?MMawqxB0kh7HeJDreg6qr;<;XHA`Nlqy@{tG4FH=ibbZ10g`8!Q0If^A9C zZhT+V2e)^MES-$y*?p6ybBNM0`esR?>(XJj*mE=oAa3Gr55hJ8ulGoDxn5BlYhJht z45&Ohv`SZU&TPyvX^h;|WRvVsuaqz^z0Hm?gLyM8wJu>_!Jdu~*z^6oM?krQ>_SdJ zX9!#|?~b5^gPPtIx6qKsZDce)AC|5LX`I_)`+V6XMf*r9-`4mBc6`2%z8yv)cmL>V zjydtSib$Tv70B(%fEWb@55n?Ng29*5Wbru{KRC}Zz{R*D8ZRkhq}qJ105BNCc7vNE z&U05=zY8pB)w>XbQrcaw#y{on(T?MEH3COK+4XP&SY7nE-mth4^w^|+@S}?I_Eo_I z3_snb^TeH3b!8ER)vP%;Z||0bzW_(VInXm~*x<$Ex*6ApDFk12oXYQVRhu>^C+IMd z(Fv6oZ?Hky9|1*_4!KT2#7LkX4?b>URLZXOrePZ%hTczWr6gWlf?gh)Yd83uBEo9@ zCPZ)C_*53ruF@sTvV=zDx^zqvuqKi@}$QWAt zRgTIs2M56-p66pDYE&QU)Rs#L)59c*O5;tX54GRXf*5C&xj$lmE)<+NEzred!0k!r zivv*;LOSFa$8(1Fz*EIZ9@TA|d?MlS zSB)H6^vQ1h7hF_}KszSU8n*$4_<&6s>%cu-e(hWQ@bJrVQT1_$gU0~)tNY<+;L{bT z!ber-H3B3_-J)0^lw}I!r4G_bI2{xW3rZj(Wh5i5AE_g9^d{R3Wj*>_MFpKnJJjX0 z5_-Wg1*5*?o@8?PX(e^q+e@Mx<8toBM*5zW`>4g*6uZH~4I@7oL&CL}uM>vht!5}>8o znfW9MWN$Zd(=rF7 z6lobvV~3Zj9)(Nzm~jU^_s(tz!`=tS5p6CDPaxsNN~$?_AX2`#(0aro4E$q`3D1mG zY5Bx|Wc6yFMW)$Gi%bq_9cZKx#i(g6KP^n|*vY`H`r;*GaiGHrofA^8f?jEMk`uMY{)NGh1_-=2UpyW-FRTi(zK)I662W`k`xq= z37A*J38qW^uDy7JL(s)SILC}p#-&Ka*u}MN1m&M-+k^#_zV<#wK#+6)*VgVZR)mI zZ=uLW=21Bn^b>FhR1$qs{1P=Ivm;(DxlS|Sz;}3`>Ea6Uv(k&bJ&zU%LT<`Ou-?R| zH#-p<;7CXLH*|)+8vYRJSflKm^jAbuJlb#)>-G4qU&VLsc0Q77Pr$Vm@mZ}T6Pxzf z0ihp-|5mbMmsq>=)N8?v#EaCFS~Q2~Vh!Pil=5>WA@wdfa8axfdbdqdMj#MhC-KU8 zqT7qgb8~PpawX0-o~!#2Xp6`qd67K}LmXWXeD-7o^4P=Y3r2z_v@=~t7UvfQ96x)- zUWiX*tE9VdJ+8sSfifcQJ5aq3wiF7#4lpZT2FSqJbK&ZMmIz&d95VoV>g)EJWYZeX z21O2wnEO1Ng}H1vN8M;3Yownc} zjzSP(A7OLa8?OZl&aTai$y+*Hhx7RwsSj_=+QWRH@FWR53_xo7setekpX>4*A2 zkzYW^EX$}b4~}yTr@mN12B!3^Y7H9~neHSAbll81KLKwmGpcLW>Z|ZGb#AwtmpNAN zWM#&_UH}KZh|0joqG&g+q#QVGidz@^4pliVUrKF_d8b+r}k z*|E*2Xj&X}xDkR46xdE5D!w;X`zqgHpW_h^`&=?@^SXi(=yFpDPkKrd5UIXpkaTo} zA}Mkdf5Wf&F$^wwLg_?h0ZV6yhWGQ z*pNEQr@X}#OXB+d-d1mDYTct`a7+H6Jc#z`2V`sKMWk zMP6S^68Btm*Ny?LlM?tXos%7L10MOYv9U79(AzuoNtjuvCQJO|7sABEnBU&^5!qPf zuc9Z&6~%}gQ;6z`#_t3KU`Gx9#CUmL$HH_~$x@og`8Ms7t%DuBxr>in6?F`O*W)@< zH^wKbI_ZAURP1e(i9hmU`4RK}csh2l)1fZY z5$Zq9wq)a-YEVu&RGZ2g1wl)_@JDjS-Nw<$57Qa@~Ra7_Lt@Ci6<%q{w&=hQvS zg*xV)iM7PiS*3(#107+>Ju;Tp>irqgW*v6X>3*`&p~gbco0!?psIQUCF9N%*shTd9 zDx}}I3(|9>O5bYckZvw!4dXF2R5@NPO6`$-7dxwFz~xR=HF~=_|IOcm{d7f6PWGIl z6Vob=8(Av%zLP#2q0V&n;Vt7#PF4O3lWhXya%H?#)$8=v7qth&N}+AfczJow*=%vw zzAF~A@XB&c@M8EZ@{>DGbIYMl)P3c~0OLL&tpDi;3XoHvf*eps`RCakniYGga7KObvGgr5{MV8MyIDLF{7H0ck|%mRjLo}G z_<~ZV1`A4YJtDHTvwJ%RC|yXnS*-~1f8?UCV+K{y)%=M}(DaDJ74PGd(4UiUB5V{H zgQCUrs&d>$Q|bp;M&??f?6orGM;UtRqB-x$4dtpWHR?r^&BF%po#>Ji3fLi+5O#bR zFeh3?=ad|+0y#XE3T+V7(O3$-+gP&T4a6sa6&hxwjAO!?ApC)+Jo4-vSB6n_IxD_!!hb6$5mKg0j&999YsLKO1hU*-e(Fc7r* zd&KWXB#!u-2<+B`e%F)V$?_DWiCi}e0#b31Xu=aSfNB_sP5`p>hfn=(P#M3Mfr;|( zz9-1-n+`_2yQ0ir*KV#8Xj3wq4V&^wXb|j|}o^>qt~U zR|UyIjz!j?H!v3yZM=%G>F953)YI*aN*vwMZWa+4=c8;0DXf+binkt$^}uxjs7%WX zaBB(J6L}wFnVpxvUYNeE9B%dAnuW1{o>NdRTO+bY0o4>GbI9VOiIHkaWg0pKS)~Ox zvJIC{+4(B$xHaeST{fjI|Rcz)rWp%yt)=bD@Pv^-?> z4t_`DFbT2*(M}c?UL3U#JCKd0gu_l!aZ;Ij*nsAMPG7;%5A+`4a^6Kn9FFI%TQAE` zHs!X^JuB>eWN$!o3kwZ9ItCzvez?mhp&&ZM6}j^n$e zsoNE39N`XVp}>8Uz$>u!QxF(ypiVs3=PB@MM!a3ZxI0Q$%$I_5}t4IpK;yBk9Wh`)=p8zt+(_oo;^Q zKrz}5S8T*`EFyygI(%t9SD~ZBHU;Uf@7>UQyYR7Jb-)a#>QboT`9`2~rOM7WJoTPWmrEg=0n~5 z*$iR9$+3!|vr>?+;JP->W$GVW+B#h?-_SBA3k$Y3T^Qjeh<|yg#C+>8DC}588Tfu$ zOtmekk2|z2FtqhYzaQroPzcn>dqE5qB}Z9;JybjsW*G?+{>8X!j*^7ECDHk9pRh zywR$aMo%0ZP_bAA=-0teZlfUehAOffYwdT@+^wuEkc<_Yp3vpM!NNju#7@usG37TKke!0-!GVO^fjafhVi*&D`&VGM#kuy>-ko ztPG;bC*xhj-LvPhE~vDS;dMGZebDu^2NhBtto8+$r~;y-oH@ta$jYp z_4Jg8lO445yD7>P2$lVc0*Tl-nNd;NmZngf^u_}WI2=lfMYJcTU4*-$D}}(Txw}*H zg>T;)$+X?iT>C^N#t|d==|1j~7twgDOu2#Em8>NhxouZ7=AEL#ot%W77KV_SxRk;# z{)*=JHA@-)sbn`dU*KHxwf{JN60urY{Opf)J0IR^2cQd#f&WXh=l-h>@FAzeSf&GG zWCcdy{UX@Ew*I3-y-H5Ei-pPgCv~CjV!Zo8{;^>7Yx%yTwKMTiWeeMZS2)r(wuxg~7wFkyFN#J`&n)iim-sLf!AdBfNL%WX@qL~2! zU7QakC>1qEw=G91?D9$+x0u|j=&8j&bwr;e9DueK0{b!i?!;Ul|b8eLjs@IZ3;?9t#MSQ z#7fzlyIyloXzEbvgIW-0z;9z&a^YfV!Ph7gT3gMjA1^AJL#&@j*gOfndzs_GrxRFO!!Wr?D>=qa&akU&Udp@C!*SDvFKe?cbB`Qj7~fzRnd&P1zQ)Vfi?oFWGb% zDe}AsVT9pY8>zpWJ7eo%dB^K#oZOB*QA}NOTsgI~48>Sykett=$px=~mfD$vgxHiJ zMF&|vJG0_b)S6k66^1&;kHfWwp~glc&QgJ z>S5}eNRI(d)1g$JJotg6^F=7zS~pkQs=-#~s;l1@!>~+3sBqr%$5v(N4rH!P z<&dKQ(dF9qnz97al#fxwy&$I-A9Jz89Ww22Y8{J;*F7rZ`VK-JwuG)FT)%b-N{xtU zS2+chE7;bI`W^G3Ab}E2Q2@{zM~aFL&QHo(3AXP~$(v~F`OMk)h!?A4$*2&{?z_uZ zKoN!>pvDo7)l;GS>b(~2_J$-F9b;#|+=~_7RV&oxx6l`kp!bfSm>?6qZ4c%~&qdVh z&#x`jpeswfvg9VHPZFL+T1+K7X}DL4x>Peig0f?DL+kb3sv5aRoh0XU=)bYN!XJ3t zTU;p0*9u@?!3Jo>R!PiCWXZ77h-Iycw*a+LYoAQn z)ya7cNI3HrJWrXE3werDKsOd(2Ihahl+#9^C=_@sOsQ|osI^cNbqmFlHC}rC^9uha z^Cy{7)JJq;;I=O@oCMRKw}?4O%k%6RKNf9OdzS5boR^`)b~)hqz#Y<(H^5Dc`59Di zi5ehQ=Nbrn?%l_$T*`IK-^UOm_^WT&Uwuom3c(qnqUmP@w!@wqHt1M4Q&o)g2_=9v zUWSrflqLh^^j57CPe94hTOTpH2il1(td}2EkGTn0X4~Dp%F#pq?t;`Mkj1;o*jrpA z#1f-$5$r>hdJytFlzZBNR5`Hlr)Zz^VzaL1`ys3Bq2EZBSURU3@`*IHk1lBZuUAk1@%w!)1hE6qiW~`BWGYiruF}2XT!QM@~;`W{I7Z(662%sYV5B<;%V%6~qWXIVLX{n|Dz8*yZ--K2#EiNmF)foxR8 zKPSk4Z{AMFfVfds5@S(z>?}$$Oz&+*hJRsU&Uro7+r<8q@Tpyx{%b!8H)*6M~#WVTaTYwJ6laHQ+)@$Onr<_>2& zb(CV$b~uD2Vb&xhm8oust=379DM)0%e#bP$-;-6TYC(Cz(4F8$yP&RJ$W9pFC$v=S z91~n+oW3=caImE36L7L|`&+$0zA6P||NSqNFZAEKs4MOecjlz309kEg_U6lPg6Nv?pdPZb%#QRUsvYQ3z^ z_nI-4=Z&LP?1Xgnt&9W#hNkYDd`&juV<;dm;7=qz|6d(_+G8_JhW^QWq?Hq;=T%kj z1=i4FWGKI-rKj65mz&*<&8l}-^xoFE-jMEpcJak{JAx5uE%fcUGY$M4Lg9INK_EJC zzaXc|&PRvb`$j4OP1g?SYg@@~`lm}I432in4^`Y{Ayk9LGdcKv2-Cg~{T#h3*iIMIKy#}}PK}&nR##|>UzEYlwZ89c-&*zBOMQoFXWo*#5 z3fu$@BxX_40+UMJ_YRXC59ycfFWP#UnCW3``M&wG;|CCozBFqZcBxQw#cX2Ew6J{b z9Bmu#=1(0(e`TTvGXa~ND=d_*Cg4U|_&sc1Zg&itXof z&dwJpeF*1$oE`-q$Y7qPL0amJ9;!+8fA*}&e))h}tc`XSz-=qrIP`{XQVr{QPw)yk9$o2NOl@bAY zDJ^_dF-oB23j9^y{xmB56(DsR9b-E$r|n_b8k3(olYcxhC`M`E zBkn3%H)=mE&>*EFZ!x5vcAl>;NZ-Ih(Ju71wohiceMs*|5^BmN+DSzdGqhSb`inAF z40Bf=4G!JHslB$|9q|0zf}Wb{JMh9)1{#PnxpzfX&txIs^;^UxwA_AB2G2Ou9Xo1IpQ3m-mAhWg94$n? zU+`4T|7Kpk-}JM@1DyjaLq?QMwK=cgkA{ETJy2GZgiu+4HjFM^zxmQK`6YH9ug%N5 zN;Y?%JrFnqCd>pb>QIzgHLT-kgN$Puc zUewpmb=_HDV)}Hh%2+*z8?Ay@T|`x#xIm6LhkfZ0-32&hAiuH=ud{!DY`hdA=vmit z6zq>vMl3jJFT`%ECHBM@&Gm*<62c2_aR*FawDVp7nER;U56837+d&531V5C=V){lR zuXwq9VsF-Vt#b2~Uk zZ70;9X>BZ7TxX)N?HtTxkYjd@rvHj(1(HrNy|9a8)B1K=(>Ke4&~INoQz+c5_iLlf zS7KwvL@bxs!Y<+Lp&aUql?~Ma#!-jaL^an$i(M|rFpN;9n#}O+EYkj@kJ>15K-xPI zO*d0_3T(ZNn>Ky6^Qt~XjCIAr7Aa4w%v}l*wmk)X2DkMQwi!UHeuxH}&{e@*irf>Y4uiw52V}NQu(sKT==+ddfxi4{m=$xa# zN!H_A(1=jnGyLUY@foO?Rc5>G&fTkd)?-g}gV?UM6K~DG{uyNuW(sG)Ko+DTeQD=f ztx#X&m9_$y>~bM}RcTM9&fA|OTe8&S^XMSq-jixdBlEoq7spDteDD-pQLe!F?60MI zA2N4?qTNR)2gn`yuK3Z$9!}7N;oDc$a=Elc z{CgBQLYF`Z3?^@!L4`Nf@ejTz0pi>RT=%uLf@@8fa0rm9LWSppD~^@Fw@_6vF#Hlc zvQ3_EkP&)cE)Y$_?o^#$!x8wH;$mVa;xl(U7_=IT4LV{{z2EUoWx6}(!O+`F&#e@d zrmVLfUCQ8`rx+iETyUEM>-qM+$ojt3h^JRI*LW?oZ*4BBN*zi~8~&Zi?>UoV&ReBs zaU{uh;{`ZR!-z2?6frsJo@f8{@!B|DY~jVF2qlHF^Zr}L$wAVY>9sF+)cv3oo>Qo& zuk-9!X~JgRhPi_1gOu;9aP)m;o2nu#ptA(Irc$b7AoFPvc!tNTV=`+Mb#>$L_KK?E zS>^9@jFIl5Z^!vNWmpmOCtT`%y4)2>#>&Q#ofR!{jYQOLycB1Nsnh`xAN zjz}UM*aIK;8YfL+HUlscx~$84>b#qWQQJZ#0~U6tPQne6HuM=BLn9Q0jx7jx7L)y+ zNi%j0jLXbMqq7kq^sG|#*!JfRC9N-pf{$t57tJuBxQLuXe@gny)Ki5aLhCi>2N>|9 zzGUM#T5rme`Y+ar5AQ_0tBG7TdH*br^BxD|ir)p#Y?R-wA>~c zII#ordThYdcCk3uvEqaS&!r)5f4&RKjH;z!JQH5`ATirq*v?+%l1yKL)gwpbu`*l? zKc?;0P*xH9+>}hoG{Hvm{%e26MlG<0i*ox-zr&xckWbO=(U+~A?Y_`Py=NIBW%I|o zM|n~C@w#(5(mTr$^Ui+I4fX77PUS??)ky`zwJi>G%Rmc;6tN25rZ^o%i-U=YSU&{# zld!fQt6>vOM(|>GbmQZfISu4un$74o_(?bvDc*LFm(8Wtzf2|wPo=>0*I*J++kP8( zwr(fS+ULD4{Hgajddu*8{B7V_CpShS^JPbA@g&_(AT)C0BgU%z3g?yePP1%9H-9B| zWXfX7pr55fDD(SgV8vg(3&FPj*1H;^-+CuC2s+ja(vAFFF*p+McH;)yJ`w9}!mYH( zMi#6Q$|R)9!&d~G;*x1H!H^NGM)yf{!Y`~z;Y){J%J*Q-)Oxa=Q_$qY4&(C}X!Lvz zdM<<=b1g4jk*jE9o3JpEuktGA`)7V0G9r9&Un->KIf<_?q-213O{Bod-p@2k84 zQ^-VY(`*!qiiR==Dl;!srfC{8q2@^K@WkWAa0!&%LmPy(!XBq+yeXr;zOs%EF961ZBaiv>H3UcR@)144d(lTHh!g05Ny77^ zNOUWzYNNdb-)%tOgbbe*X&4kVPgpjbC_m<_stygxx;Y|iNvA6u)6=CU1%v|EmVg6X z`VB_Q1s2=gW*D`cDgs5qFUUEx>FAJkX~46rEJ&Jk=m~)lnpE@}!EtMm(~Vuu;Z?CU zA$re@hbKvhCqn0p;e6M#ZSf)wGTt-FPZW|>awi)$hR*do>VBnnsg&ypM35|x4oKh= zV)hI_NWc=bPeD(& zUnOm~ZhxzLRE^;dg{wF6H5e}#`qauj72#83f63fZI19K@`5Q(98V8x>9$&4L(O{jp zd5;YNR9Xb|a?mvlYtD1_*~Y#$*)>wQ3ZlJ3h3kd}lN zdopz%wbkywx6xW3+kKqwH8$MpLSvuXRd8HG=Nd0frhUiZ{7Vevo6zETFkBYB+YTYY z3#?uVDw}6&_(`vOknq{4Jv(bcZ^`f@eIJcr&lPEo*323<>ZTmvnCDY!&N1Iw+NFIV za{Pe%WKdS_>{^`h`jz(e2Xy30PeXMk#hlB!2$gx0c`2s|+@BQqU)+*3jgmb8O!K(c z*h7G)CcNb2#>_YvaB26(!9h?uxB-SI;(^=Sg+{8>=mR^$camwv(>mNuLXjpEjTiA> zkxW8(4m%Fzs?q0ls~gjXk7q~?Zr=I+_Q~Y+`}4xm_JpZ?J^xpG?;X`-*X{|UG^JPR zO{(&V0`wtPs}P`@Y$IU)QeyA}H~I1W_j&pkP~xgt6>y8%*PLY|%R}Lb6b> z25oooXXKsCALzGzSyJA3zh9%HOVx8-^1t17%6D0yCK0TSoh!k54`$&I1G%Nn{$?=8 zcf60oQB2Y0cWIeMtc%{{BlW#B)#c6>G1+=`6Hv*3J*}zyC+?!by5);^=m;2ZzCL`c zLGXg$5kd9y%lJ-ytRPZrzyt$M`YEyBA>?e9vFdaz@cDB8)9tvrYa39%9KSVxITVOV zZd9W0HvuCczF|!TYuIURj`p<#q*G*}?j57kb@wlStif|*TV6`9R2wU{8ZOaYtz_% zf3r&G&VbVR*4$tcEp$k^`IXy2=T$7&Y$8~_^$o<^6D9`lo4t7}B9CrmNqqfQbUe4B z@d;Jber_C?w(A)r=_S)Ew{{qY+;nOS-Cvk;ztuW&BQU72nJ$K+)eYJ7mdRs@%D_hI z*sMQ^7~kKj71}6v56P9(eyUcW&q%*GYqp`ceVdUSaSKr{8~ zl@`{nj)-rXuUzeP(Wx~aUO`7P3s-UIfI(PdOf@ny9GD?7t5m866_-hUHax7=r|!86 z9u6n?sp5Vja7V0QjDmI%)ZfZZkTB~2N*Qd0C0$=#__TQHgY8F=A6*+MwrWpVUKA1a z*Y+rCzsslnDc;=?u_K+(Cvr<{xNxeegW!Ck9aMJbLI`Jo9#6n?Kf&pDO#Mi(Kvp4r zK2&6}NvJXNd-5e7vDcoJO+Fn!&Wo!(!2;@o!%Sa%>K5;5H=e)|)WeEOlm#RND4bibD(@b=0R4nWTuN%0BMZR1kGe$`;G;UQ;8*j-nSeFJptj z=rqF_T=fl?tXF9kK-~_XA=2_$6JaMAyjO9xN^osz&ULXND8b97M&Q9;zJd1n1@Spm z<;TaJm>Hm}4hkZD-OorWO z5=}PqrErBqsyjB)LH5{9^u6BBs~9u*_!TGRj&|jN58e=tANfk0s9h8b&$9ekv#1jp z<6=(b@hvWez6P_G*)nP=STRgeZznZ+r3HP05>FAYM1Jt>J8bG^F?vSJ#*+hj^Gegy zlqx+IKj_U$wOS++?@WawAGC#hWch(s>dLei zu7uYMseOKSd+&RP%(_DFc(e`el&TzNQMWVKXd)TzT)u-nVWlD9d`eZ>9!hw%szUSd zdUewGk2-m3vDjja0@8l@86hen;g(j$!;PEUTc)NaKHL#)-(W~b=oo-b{IP6g@Vb+w zeWo!%f1z^XXQ8<}w~msqsg_rdHc`pLPDv{=>|rbe;$MfzA3|!3*v0Pi^p1@`#)vyG zMxGO?nS)nuq&)G0MOwz5fC#Xw=2(AJ8#R-Y26W1PTdGTHls>#pbN!;CFzL|?EpFEJ zlA^EO7sijUkrzVP2y>v)Jqz?~EoY@@FKW*q=JDeAix=h#!J7$T9+q!bhaC7)Y)m8u zICu@Q>&3y3K2OX&oD%iOht)pOVtW59nzkkBFhl1_s;(6KQ}0N|H3s8t+m}rJkQ>e` z%Gjt%Y_oP^fZNYovrketO&lK4nr&Sh%i9c+s@BGiW3u%zgK@z!s4n87gUG?CinRpJ zW5x8@trcV8R^n6>VJfv>HtUQhl?*L!xmbXA?Plwl z{nc1YsBnaFeM1OHcdD}gLqdBz3$CU=J}Hr~Q(gEvfe?!#AGVP}NgmMIe;oSXdwlxO zy&C;(LBH~oY5(ViF}8Y*qq87S>yt%59Gta1L2fH8U_jEr3D*>`L59@LGf7rft}9_C z%{na~Uz}Wp}q)vrwWvv9j>?pEdnii2Vzh zkIDF-HT_vg>95ECyUzHl@&6ine@(pqEz1t*Pj1ma8vy7VARQ<9Z~jF>`JsRP{y)|R zpx;vf1gI_UC<-bt)lOQB({7FBpODjSs%uJq@JTa0_?uTmvJClg$nAcg94agf38D=k z?aL9K!I?W3?q=O>sh=!b*jj!QuejK%VYk(MIQOiH*&Y*S-SpfsW#Uger~f>-(*GO6 z^!Fij@ASVze`b-00ftonCNKD3MobO@v2~0R(N)X|-1bcrDlj@c93(3%;7ipfU{8Bw zHkEtTA+x)gcVMJ=Va0{+qovHtB<|*WJt-42EZ`3O(-$3S9#CP9^2KkP@ zRI5klFZM8b?!4TJA?|?p)e8^XwFt;Rf3z5(tt1>U=88~bbdlNPVs>i`O4rCbN8z_L z;%UM*!yRq&Qa#fKbQF)kde|wXR#dQWnMV2UFQ%GN%GO2UMOBw<#t%I_>)!8Mj^gcN zaS+D$&z0Udn9R6Z)A=QIFzrIak^^9uZE2>14wD`gE}#45-&oPbwN2s>znW9d&I*Es znlK$pSvFDmcRXLD$bPM5K8Q{*f82zcNF=9{$vR153MQXx2yt)VkY`eUn<@mPqn9U^ z+It=dYZrbLWwxbXt#bV-(gPz?Ravt(vIc8^?#ObkL@Z=%uG`OlP1L^5%Dzb&Y^Q4W zHJ8zsvu7C$V+UmDSp`|V)ri~2j1Py&cp;_ZS0@W!S$Wx zHvy2qoi~?b_p=iy8!n4ab?(1Ys!}O2S{xL}mF+J-C+|;(u(^*mAZ+mJzxl?;SJA;i zkvm-S&IW6E=X>mdXs2?En!LN(*!ZKEt1E1L0sXyHM2Re`;t>gOqH3!H=Ci~u`yuaG zr3{v5Lg#V|xw)us3Rq?HAv& zuHIH{>|#%r=k(7j{vrcM*L3U`uW2vIq>#Vp*Yq5hopfKgvhmnZgPTmKIuI*z0Sd@n z2TU>~f>la)vR+~>##CAcK8k2;o#h*Sd{99Ah{t`bkC@-Phfg-!Pdz~HziP7f@89M> z`n$-SEG!%^I*X@v&1I_;sI?}9pTBzPK5g^>h53|HInDe{^HGVytyC+{cFz%=j?iP} zKLJ~2?asLbss?4jWYhTD@KWcvLTCRtXa2N@(D{W7MV)Tz*q+V1v~Ohup1`j8<*#%H z-2U^;Gp-4?=BT(jt(X`2YOiYmm!%hs>KlOBoo{uKPtyGAX~yh6@3dPxwJ*C-)uv@z zxvo+uV9vo7gGx837m}T}T)1)~#`wL9rjrh*jWr2mOzPvJUU3@t%oWgiqe{;>fMmyH z#td(GkoCpK|75I0JFX4JL6rl_)_XZAvxdnREwB4Bxt`ewwZAP)l)jRvM1`8HB3bg? z$`t|rwFiG_)c#xF{;ZD3B?&gi!28Vb%;@0RM=Q?fZivE9c(Yjf*DN;^(jRE?h+CL+ zb5l6-`KxgSvtS(ia<5}Y25h*phE=!-&H3?#nMSP-Fv}Z_S#8JH3Cpo+>Xq46il1CTIFjwf}*BPoIs0u|;d;poJrV#gdD}zw<5vyBu5I z`KVI7P-$=4Mq&@CPZtet`c05wclmUCt{Vs*Il@_wdLS`)-f7uv9Y{rH$eVFy|HjKj zMOvxN7a>wPKNk=I_rTb+3x2HYeYExG=|)Ns>m1i?A0IQr&LiG!2bQZS`2p{StvV=q zzbIGzQU6?CoM}I0U69{eAbwi-&;F zabO&`8>Z(Orgro?}apu3{wnWWnRJ-4?co_lCjWnaBw}1{*)2OC%nJbclgnS zSCu~P{o0iw#>OVXflgwa7`i%9O&FU)30*u;_KzB!M(?D6GCbJzjbsNj?bManGDRQJ zH*@dr;uWzxD3#ley=qF>U^UKF%SD-;Uw*TjRkLd^;zXS(sMFpfkK?7U8!_ZqBK;$R zT~V+YsKj(9SHNoyYRidF?K#)x@yGkBlhmTOh$(`?qr}O=hy8L^O|f*am>i`k-vsj0 zICSGHC|6@$%2f5Iako9kbC7>h!2HTk*R>ifKWpY$i;M2QP5 zil7AP+W+*xMpaTT>{!wQa4_|4(qsm_*=jcRWm3i{gC|Oc)_)U3r&Tq3I|o(B zUK6{2I%}W*ivN^LK(dAHWL%NAN#ta=#>ZJzwK2_q>iig_J}xO&$DSH|D>_N-X5oze z+WUf$LboGl8#K(J+|qagplvuc0>so{tZxN!8=O&B{?L94M%{ zB}0xK0*p5zQ>CIOw8&)QbG)32NG(#~gF1pCuxiOKXu10RRQ6j@Ndh0(KAq8>31;CZbrxHrY~5gy1tzY?FpNHQJlyGrbWC0xX;|KksV&sGb^6R0A3= z0d*N3f%Pel!0N9DUK-h!(*g#qzl2_>fX`W)FZ4 zD1MD+>c@zzdo(J<$OSD%HAnR#ZjX(W`w~Su+nK$#?&E<-6={dp7`9+6x|pCe!E_j{ z?ybu_JVAe{Gb=Q+AUrT#qp_~J&=M=aZ#*8b62 zQZ(Qw_0$z3*vBan=27jdvIlAEDSj}_El}Uo(yMLE7&11nzWYUU@}5jvL3{XJnFa=gde3%sidVx0%;HV( zGP-`vu?I#J%+iScb)hYHxtY^^D@x;=n>i}OXN1_h5#<+1H)HcUOA3v_6evfU9$ z9SUY`H$)}KZ$D_93%;#-L&|yptt(ky*Wt{6ynF`$H92c1hAn{C z9D5C7R>|9g0Ql0l=kpwnR2EP}UWWRtpQq;3l62oYGd~S(4;@L*NWq9*AhF7G!4I8O zbD+6$Z=70G&Ijyq@8WKYCW^jOsEowe|`T2nXCgB@tbPO0sLq%bcl;X>NkNJ zFb{PQg_q%78?+c0zCQ(!>b9Ehk?@uK%v+2NK^LDYUgkZW#k1pt8!#jZs1M2muH|B2 zqm(bLw9*3tQfHI*?N)X=C?0(=?6fZA=%l|8$MFHqf)J|U$6c6&_ft#2wtV1gOBd*l zE05rSdw8;m<79P@JI$t9_q*2K|0X!LIfCt5b^MW6Zk&P+tR7#%Ui>C__M_`u{5-ly z+;r}RB+StujEfi-c%c?hjxy`N?$NOQ&9_NMPQ}@Nl`*oxG_76dnt*&NL~7m0@GTQF zQK(4q1fC8$0&b89Yd2u({s6K<&&35x+0K1~mkv8942Pz)Q1p4UiI(&eM)yKdOeK5txK#!ZlW*{1%;mJYG;* zxvo>3c#H3e;j&3#aJsraIs4TY%I~i_5gsjqDDi!;>p1>=P}1QMR3ISAtVuV!5q-IE zaXXIoM1U^nZYX$gIX1YC-5ouwJUEg*HgB!) z5)O>of)}=ncsNLPT8A+MA|*>%3i~}JPEZo80@`A*ui1NEL)3!C3*G}oWU$ipx zCl#7`ORHLXyc*}r*%h&37xK_?PQq_;5X9X@6AV`@PS2xRH-D$DL33F3s^dlA>ZjgSScnPwps`NxDftq!?$ic7KFAe2u`4-py4TfAspc=U8zk;giL8&6_f5DypZLUGQFEk( zFEQ013|M2i64f}04@i-1mELe0%5MT$ltEg2DF(bo zdV=r#CV1nIlLoed*1g{Znyw68)Lok#tMssa58#wLk#$=?+cJ-pQvj=Vp#V7Yu%I9@ zs|0S1VCvmYGDEq`*F`d4p1&eEw5JsN!jfQJ;Iu?JZ1TpQc4LJRYrfWDe5#1a?2jAK zvFvNrim|P2Y+<6Sa3y3T7Jf>(Db@cqSIP)}JD~c(Wg4J>55RGqAQuE0zX=MPe=>!E zHaWRyVf!zd0p0(GEK@z3Wo9-gC06P}!MUrR>6Myd@DsfUEX8ddiHEo4fi|hDoSBxi z7-ajLAjNJuWX!^IU0i8Qp$`mfaRgAFV3L_mMd)}FqAEu4wRkF}fmWB_hj%RNW`e=> zjKXylA7@SPhP^3)w64b72P9uQI~k}}(P=gS1pC0E0nqw6lZ7Sb{_KYBC>1+EEq$&+ z!e-B@_xCPTt?^UJA0nH|QRB4BO=(EQDm!T{moJljlk5bB*~9Oa!pXH*^IOjntUHU) znW*PgSsvAxqti$TQ9y3r6^OeJiwFBPqW6M_v&XYSl6Q=Flb+RZODRlo(f()&REMVePi?Uf(%WY(>M# zrxo*OmX^Lx7|C=5{NOCY*v@4uH)x`LRP0NdV%&Vp!yL73Bo3lZoyPF^nBb_ERK zgJnoy$aN-V2V9c${hK+aS>_7bVRn8z1zz#lS8E_5m(e&bZ$J#^v>G!QF1{h7^U>+N zG3veX$VmqIg@(@EjRQI%DiQA)-{?E6^As8lCA3Dzs+O_203MG zw<;J1P6{ouJqW$_%PvTsL|btapjsT!Ji+Fk{=gQM?|kK4+Q~|&Q%*L)5Bfg!FxOry zm$i>rVxMU|68Xh~N!lMm6KZ1{y(_VUgXeMI@kHoXB-^H~@%tIi=f`d)4A(p=E84Ur zCq|S>BQsZnrPd_o$4?{MI>XXJkf9GrIYP*}d)N4dp`)U1)f0LBd_fD5X-WPJ);M(F| zNVFMO!;P2jo46!Rp{b z9q{#?e%AOI(_evhYW8eBcxzs9IxZ@Hox*aIzG^8ov`O+)=T!hyJ%`Ee2hoti18@p~ zpLU)3Vm#$P64jbp@&(n4rd4=!8VcW4KBS|&>hWdBfuY5u`#XTJVL?-_4lIL_+x;Nc zd8e0DVPfAhjdkBXwZ3EPUQ6z5HAE(x7b6K6`W^wBK!ZU2AN$1{x8F1S6ORbC{+dWOs1E zTRUEDLXWatODyhV$K8irw)X{#oDfHFP@)AW`UqHPe`Jr|>}9)HyK*5{4lli4w9UKm zuvuxx8nWN^n?NuZQ-J@BE%;4fKx3AUA0kQ$?P_=q`fdTNMmoOAJjD`UspgQs;0E*X z^`8R;=qY3+V5SE`xdtf}*UbE6A&;xSKKS7-8?AWl)Xdg9g-C zQy8_2MaWiKrNwxOo+wqy0^C`8h;QJTYRAV%Z|CXw`0w6WlKC;%zt9fB@Sd)vLkU;S z;V2NL1)OYU#FOsM76KlZ=kIYMe?5zZmu&R-vq&W0jn+2n`|^8maE(=`)HI&b=E)wO zea20&bt<=?>DO}+`?dzrDxFkh0YM!N`J!;``sNqet{NClc$6A-Sd0u@`#h`qlz5y?)4gMHLk6HtR$_l0vKjkuWj&x;_X zXBRXv)^Fauv(R2o{xqGTlE)G~Po)vyxIcyLAVeM=43%I7H99WzUT4cU7cZzLWI_Z4 z)r{FGC-2jye<9?*PC!;!m~|-A19B0wTLY9$+M+udzFXuZ1-X~(##9fL=x%BG`Z*G) z5{%2wQ1F3z;8cp$?_6iq6av6~P!{Y*R3xB}7g!upZaKZt>{`Ofm;-8PS*2IJdY?O- z#p@dPc8ZOG)fDzaUvI2X=|2lf@e07&cSmn0s9GaQ({W-ItInFif%%h2q`7=J$xkCf zJ3$t9$JlT##(?~lS^U82ldjlBljlKLqb-xfooto(VKzGYwAAjc8lkGiciFssP#$Xr zth=x7M4@bsa}5(+$eW?}hmwcKzw8|q$DAhHHBgjfA|g7=OE!7F%P~-$0Q=R zWL|>3*Q)Ybg0r z-s$RtYma7+ms%oEIfiW{@75C8-yquVc+v2935Wp~0{Epz|EWLLT(5w`nJoZ`ZOT0t zD}VoYA*AVVQcn4?nos}rp(K%iBbMYPdnw-RGVZb$dv@DfbM`2`USN^v?Mv;>0LXaB zsodF9>tCUrH?e8mOm#!~tIG()@;;NN#Tfc5Os28Z)T-`KalDk{1T5FLpfWI#@ZiBu z9>4a(M(}O5_3xhzREpEKroDwzydG^$cpNctO0v#k}rq14KZ+mR=^2yVGBA(FWXMXvF|R6zg}>TEBsQk8LfBZ)c5ybS&sKi zGdfv^M9KjezT`zLq|aEV`ZBhMqkxHaN%Z?Onb&Vh;I?Y(ZCl%EIW9OQOmS%8gdm8% zIL>fJZ5qYm%VsXId1H~@C5BZ=Tm9mT68rW z{&?yBt!E$PT*f?K#6tvj8Wxij$~r$)w5U0tZe3x!iAfZT<0Jk6Ck$i`JKodwCm z^Om!Q6 zPv&|p(_ie8>vBi7)wd#pF55k+d&^4SGx;{n){%tWjs7OGJ!m1l*3( zjgx5&9B{XkE@om>v*z5LFuVlDeRYwV&)@Q_=j2HLgL|0bH9QbkxONobyWFZC$fryG zg}3#!U|NP$V62U#rC1{~&$B0`d})>g;D*&fiD*uanRY=S62zcWvctMGVG!ta+EiAQ z=aePICdz}C`kck*}pLOYu<5 z;e}M!Nct0zH3Dn-T7s+E1ZLoB{2ZtOU{E#|%&3|kxL3@Ne6qHv{E!#1pGHc}?(|g6 z+;)S7iLQn`Q^kx+e&X)?)VinM6957iJh(!GPHbBg7>HADxrfV)b%}}4{sgRIyN}tqQzw>;wwh#P)hWvvEI$9zI&$aEWq`G8on0- zo$F<-p1+CFXlam<}ZL_+&0DNijcC@Ef)IROhXLBOPpD8Sd89 zPmoA2VrJ52^+`w$$w?KjWL?+$iFcVKD{740XD_|Hf|aoa>s_x9{j*)b#ljdr+|^zm zbba$em5J@3&?hC$z0XT%M6;NiWWDP8cKr0N-^;wyOx?soNYNvw1=t025^$M)1?fTHm-)?C zL_|K{Y>g#J-i)_#$%v=VKvdAwikk7I<)T&*X6ycm?YAqiX8oN)*+!F%XUNZ;O&N%J z5mgd_c+HV(PKFi??kNm+7x?H7E#X21Ii`)h+j%Zr4DJ49IF%_i2JkKv66xdG)Kyn= zp-R4KrS!J`Y=rq;od+NCef8*6ScCz#XuU%Oxl)YIhZ`Tai&QLEULHg(tU=_F6#U>Z zr>`Rs5H2z#)aL#Bvr7OT%o%|M#X?olpr~LCB#3+$_H44<%tOpK2v*-Cfp}_?a`h-f zApmb~^<3U~+=hhhDMoA1!V%t~h1AF>-o%=jwp(6|P}g^_xDPW&!;}hS#8soQX5_~| zHnv0a6Q7g9N^ypm*;@344%WP67wRARLnX7l=8u=(80UTPb;WBy!0p|Jq9gCtPIq4? zE4Fg|=vsi5HCiyr*PzY`%5U9TRK2j4c0lN{`ty%@Ff#aM1Q_7#U#V+>z+EDq0=@m} z=TSI__23ZFPKYT|}_1uJ@^J|&Tv4?#CTv+P)_(YatZ*?@QO{7}P#ck+B zt16!9O-=aNFOv(^rblX)&l+wbKYF%_Z5FcFwYj9l;;Ql+5-dfemM$_;#nGKYI7+ll z+8V$v!}&(_?Y*3WhZH+yhMUWdi}IN0)*LAp(7`>P4k#LbUf-++oalfKLnm2h_jOVG zg7!Z=K+WtI=I*1d4x3XZHT9Zlha<#T--qQWuK}IFD4p%`UCVfFoE2M+Jc_OiHd`Bg z;4WfP&jasmf)DoJ=NVgHByUPBd@(tx{GM2|lX+j_Mb?^6Xmj!^=9s7=m zu~QbQGE>3u~DNlETAb{v&Md0p^7)@ug?2XsK>P-FLqTYtR6%%o07`H@hN* z*7$YmQSDS$sG#=H_`p1QVBLO*&r!I~tC*vuEN-2PUJEsgSz>)v<9ZZ)p1YXWCr#eM zCoLOGBU~!3(|sjyK&s#Sv7vtrm-#LXXvPEnvhNA`x~RxdU6xqga#s;2@pn&XJa1~s zE2zpoW%eavJu85(@Xz4{s}KRXaQ~AXMCGea-;O0J)5p*|N{7sJ%EKO3A$+S3m?&JZ3NDTtUd&|oY|$HGE|i!W<{p!9!^6wW^?r2~}b`coU~ zpBnckwg6t)nIez7z7c*0XIN{MbZ_@|f?v}r9T2DfXfJ7H*Io-qKO{0%gYw&P&rKrw z_hJeQFB+>?Tf}c2z9b&+>!P>1_2lb~vm=IJK-F=xJhr2&WBR!Q)5(x(6t?i$JZHqW zAhJ>oX4P`iS96p)8ozYGT`vrEZ2|D%H=(~BlK%Sq?*sS&vN``;hQEJwT+7zr-Z`u4 z{3Yz(Xwuvd*}&R!{Oi&QE#a%%*<97%olfk2UQ!z8Cq5<~mj{8r zP5fC&u?Bkyd5#;j>tn$mh2->Ol^!wuS+mw3gLh`r~`dbL8ImScf%>6KozrhsW^i5WW9}@y64(>h!8%gS%vhlgLxYMDk%^RmO zY8Lq&^vG2>H9bJzWgL&hsd2wPpF~)enqsoJ%jpZ<+C?}P-&5Gl$?cxP>a+&fMrnOL z-R&sGnbUpFs{CwdG}U<_85JR{>UY-GvluK1x88E+Y}q$AC2VHgYoukUm%1Iwo@Pj! zNEwvd{TeeHg?Txmhc2qj3W&Ir{ov4?@y;qmus6D9Q zRQOH6Tz%~ulqF!WpHsROEfKZfe_HAwJ7E>*K_nIDf4q@W=$^;z@#@%%fGAnW(~0V8 z?73rKR~@83m&$2sPdE!&(o|xfwQBHTigA&-vF1t}}t!LQ54dLGm1bQ7lP6pvCg9k#az4YB*$G8DqRh^0cU?pyTz!Z>&8 zjXl!x6b+YZ4~1IQC=qOU$@B}}XeP|a?<}mpOomEWFD);&?lg_K;VtxTj}W!++J(Sqpln0>@7o}*A=#hezuHvo^)+}8>Qq>>2ZEW?H;zy{w} z>lFHz!4Kk$-^m_GZL9A%hrAf_y2C)9RE2-!Ie(S?FQ?Jp6IjBY zR;E68$Y~s=45v6_cJFi4~=<0rhg(zfV7j-m_19|Cjc>ZYkdA4gd zbDQg>A~{BqL}I!2{jcb zPQlL|>D50&JXSE+=PETB2gwgfU*NNL)8&@d2BgKzu37%_mgYH zqZ^nz?0Q~ZuC0kaCyYgpnIH4iY`?eTO<7wZo)c4*T6ZVx%iQ71K$sRg21(z&l2Xw8 z&fYdGHoQ-Qh1>CSsk;;Df`v)LjofCwTFX2Q=R*f>7}WY!p*Oak9y>SGMI#E41I4cJ zO*LR`P`i753TQZmi}^;XZn238urP67v1x{2ihC!ZlVX_2N?+>z=Z-h8u!G&sDkw|N zR97XAPVn`ICv&lCOaL^-6Nr}qV8R4ch>T&o!koVut9rPQjV`QFkGD;^{Yx3%l6bh@ zPE=(p%CYz@XHvDbIdo)|axhXh#>gNVdMi|?#CqV4{EcmHBHondbU?3&{xD6^#Nzm9 zVNM;JRJrQnPy*>8dYf|TY%y-@mgcE?r>S6}XeWq<4D z_8-dq2t?IO+XOK-Mm@zE~10wLX%>;QCA6 zDDG{3*m^^%r-I*(?&Q>*E2S;Q84XrA+o*M;78#=o? zm-d(L(dd_%zZ0i(Q~%^>Jx?Wn_?Sza+R71|wEnOZGqwk`n_U(|;76ym4inQ<{$_3d zL=#P4c%<9Y7*l3^T<6aZ-p_sJzV@UTe2?q0E-pjmp9lLcdax5N38IbGV?rFXn z{z=JhOE%IRwJ5MY%fg}SMS{{fb6w9!!%%BtF8ho7MkY#KK3&UE=|kMin&05nWPBtX z&TQudC;X{)R35B-nci+$CXvvtg{*u=38u}CBe%`JUZ`G1JtXUNH{*Uo2|8ITnAM{{tzFJWr8>w?!r!YTu|9^fH|JBd`>&M`~@Pz-_ z!oh!?cK^$1_aAACzZ_hESnxm6fd9;80W4VfY$tm_u{zo>WxetNbDGW^dr?6}*_iec z)SkWSZWdDH#~_Nd5AgU~CB*Tfbi1zXG$Wv82OL#tB6;CGO}ZzV!Qt1}ewggdwwtY) zh2m~8^)CCP1}c%Is_vyvY_e6XIiz;as*moo6uwQ-gw%c9Ot9cU%3dXl+WLWQbJ)Yto~U)$1GjT7C^e50SKUg7G6gKGO(5#;rad#WZZ_~py49DLCsAFEui6qTgDwNd;e}e!(-x^a&le3c zF2cmbslgR1qk?Jm|xM29NuuX8&SPBJhe4Jft8gUdL8|5CN&qkwNchz zFeM;v-WQwo$Dezwt*A#3KLPjz?D{8crCKwQa@J1Q{3&Hn#;eh-Gr_4>SQU{A5JMNu&V1C6&G%Py*v}F4-i8$7V>j4+6g7>^Rk2wYv z_i|hoGIgO|r-bXfB8M&Q3IKd& zy*M;jtMt1XInZLf{haL03NHpdvfU5!O&k{@6B)cN$d1EOVw3xB7$=~;)v-^x_AgP? z?6^AY2xRW@-jhgJ>X_@05Ca=3ew8yLDJ{n;$>BvvLJdrf=C zWUpe;L^WFzM)Id`OUN^=3C`$ZFNPQ4tJG?s0ArgdE%XB{Tfc=^z4b!K2fsUBp&_#i z48jYxwDp`DOBIE<5irSw&^&-9EBy}>Z~qPz`Tt3*{SQ~2|CbQkf33|3f6rp4z-SnN zBgBv33FCU?-OKboSq*zUO-Ql60a8;?^s_>SGP4MBhsC0xWLV2}&JSz4UD4ocjq{F~ z2hYemh#9oUczH$lB#&{UMNiz%;_Z<=X9i<7oS3L}cmf#Wu=f z7cYXnQVsy!{G%#1+FT!T;q-@$Z6&}p}eRDqpS9_Z>Ywtuaap&?o4^t;hb=qG*Kh4S8@ zn%qn!MATOg_PDKSn$NsyE$7(z=I0do183Uz<#qcH>8`Vxaga!SctTyI`t&z}0Avkz z!CVY*xPA&7EbQTRmRmNT_= z-Aq*$lVwi0jCG0uugXc$BcDq_qxQPS>12&S;`U<=#$keP(UMo9aj&1gCbG>nHXg0) zzL4m}v*)f0?l(KGjbHzgy0=0%W8V@a;H&vommgk298Jcm@)|K1K9N4|xr`qM+^3(e zxx1QSAn_H8x~W0D#R$s>yACNf_fyTu$~ithbRh{;5@hZHKH4*8m; z2QTN27yKn^QJ=)e)(1#no@dmS6VB`93D4UE$IFznf?qnu(ZVijX&>@~PZ)rymc^@Zg z-zF^*k3fNF0&K7@P_}80hLOBB)jgdoCSh%U9V6+&uw*YvwHLQLK?~!32(!?is~iF6 z8v!=A#Z?y&OMP{tA@bLrVAF#uj~X8*_icRm%mR7%9hWn1hFu4dXi6T)!i4v-l5+jk=?yyc5)vvsKT2d?jeR9`7RdJD-pXNiE z_O3ch1t8J;@;5=`(d%O5sOH|oHuCzhhIb#m3d0}2;T6_qA&t13YM`!mrsscJ3?s%y z^x-9EL{()RiWX&vrrnTcEo)JauT>4d6yAjT*)pl7Y^pK-y+La5Cg20XsennXfZm#e z{8UVdC{&#e%NmZ7>&8Lp{5YS)kAfKswTsP2^7XcaDf5ytg;L~3?Xek%P`cSj&uz9BPO z-PW3)gr<<`c*H)#l%U$;Y+DP%6&lb*$VX1TQX69WC zXBRRES&D@iwN8mQ?VnT%1Xz`Fr}JMMP9?dsHfgkQ%mVO79MVW;kT~Tjg>)F-`L}-2mD>Ix`9McG4$y4=HP8hY#;wHwHAEZttAzl78pRuENix1wgDZ zf^l+spx#*vjrw6WUN$>V22IH@I+y9+mnSW0CGXMYp literal 0 HcmV?d00001 diff --git a/docs/images/grafana-grant-access_step-4b.jpg b/docs/images/grafana-grant-access_step-4b.jpg new file mode 100644 index 0000000000000000000000000000000000000000..2d725c667b088a01059ca31477ad33f9b58bbcee GIT binary patch literal 27056 zcmeHw2V4|Ows(^RMMSd1Q9+`BBteB4QOP2bku)kIAQF`vMo~cq0R;gC1SN>Xk*t7> zl98MRBn&y~3}KjI(%0U7d-uBg?*9CC-@fA3(zZaa#T^R{_A#5Re7{fCXTr69AaNJ@66$N+ zr$TA(0S*@W>kOR?bO!-?4mt)7I$8q&0pE*>?w9n-ZQu_bJp&`t4rZ2}yI8>s%J%~F zbPNpij0{Xn-yTC30-gsLIhZ&PC}{5BGQPxo(2HB~_M;apqNj>K@R;;q#gs04hwa?O z%eRkT;E=e4q?EL>%28FdW5-XQ(bCq@)zddMGqv&*#`H+_8l`~w2- z+`ShbaX%6n7ymdRG3m+EW%VTJ~4%;sD!4&&bHY$o#Ecbo74T z8qUGUbUaninm#~Pd$23{9&i4k_ndQvUkreUNL3NA>6m7{nD}@YgpJn z)Usb2_Lp{z0;d7`UlId7_>~wKz%RuJCMIU4Z;6?O`Ip4%Kt|P|jR3nD=s;#--~eC%*);RKQI4ie;6v z*+WMw=1$A~)BKl@HI2JAw(Ot8Y6TF4hL|2C=whUs+}RUt3!xTOC$3Y@wcFbv>s}df z88#Z)s~Xz*S&r@0;z z^#|HRNudGPEV@u0-_$u6DsN*dZ3ii$gs$fDY~am4hr;V<>ul z-3PwQQ2c7~*i$zHNV1JdGqB~{x{FL1JduxsDq`0K!%9N2$q?-gu3N?c;2ReGYXVTRq{7TMy%{0(Yn zyXcBSln!%7yv^E#4Gr)iwRLu+s>3mZGE%Wao*pBZv^)cg_|fDsSWQ`|jR-Tycgs3+ z7%lGebpK4YQ29z^ScKu%X~2s@%Y1)(?1zSz&UGn;wtNmUO6|Ncyq`| z!nn_Uz}kwxS;2^-MY>*1JwN8|8Z$=22f7o7MnZ)MNOo=lbhF^=b43RHS0llpIejGBw6WRcWzPh%QMbQBEwOX7n9J5Sl)bc~@ z4HfjS$HcrDVUJp|9<)EJB;VoTd5c20(j*)bsJL;Fou|%nV~&geG>^901Lgh~hi>*& zxwd9v)z9%(h!niCjCwGgX?Wo|Xy#_Um&`x{|45c@dPf8Hhe%Mz5gRIbn-2Cg;2|`g z26(`>1^NU&&n#phwbE&SBx^w4#kwf>`L)E6xqE)H;V&HbCyvkUkP>r05vHNTD8e#1 zW4S~FR&XTaML3rU`%eGXjJ{wCB(GAP&5{}<@G!Q71_a7cOhu*9ab{9CABjhf9232` zu%KU3k{ZS`vp0azvd(J=aQtj^7jKo&W&vXy#L)n?Ex1ow&X8v;zeCAxowEAcYaUZ~ zhG{_j3YApIzQEc9-HAoVZXB!8m>Oj%XO#*VnPwN9rknN(*Wt%JzBBqlg=mSZ$6Mia z>P2Dq)m7$}(*$g*_48BmRcOG=h0MncRO?rxl*t;WF|-qGWWa~ZbrKfEXCRCjWs9kl z+7*wt`Vy-Z|2ioX!7DiD(e2H!TSSxMO0;20#i>T{r+l!q%o-!w5yjET?3wG@9%S66%YNZl*?rRq z@8S0szm4;qI2fzrFm;!eP!nI&Fy&P(E(9`(cgY-WQHv0azdR_RQO1fHwYV)~@ zI5SvjQ90OSKWr%6ShG-~b@;5vF^(qlgm6uhJ(@xs_D(pR$**CdvWxJGIIWj*878tm zEJun9hO>1br@#2D%j+J!DFs>C9fV9I;PuU?2JNt!O=hg-e7y-196Dys#oDT zH*FeFoiCVAg!We8f{2;h=m@oRnW+NC+;dXZK^wD$HRPeI6>CmYG@uDGOlqP5pso;d zN`6(CZQ{B>VO6^147OBWoS!|Db0?|blNvUUdjIS7f=xla0u>g~s){$KgCR~H zlm7TVoY9BzGFk(AG_>hOfY;Qk3-0;6A<;qL zAnM6&BT5YoSa3b-dLupqDaDJR{Sj?+dL{d5?CI&QNb0U-$O37To!zcQfCd;`ecyHZ zFe5ge4peA8kBrg5_hi(3o{;!3_e5{fYomX$?IsOS87_*x7PC^R)G$kUGKIb2mFnxd zJpj#J=vrX-09C_wHNf_a`e)YpMFu%|ACD1{VjhntWP@HIN#>7D<|rB`9EUDFAXYBAeqadZjLJpJ_H^l&&ASqkS+Z|t8`S1H(yk#oy> z|E4^JU*Y5PRE|#%^7m*SL`MYcVe9$pRVeRdx>zN?v=tz#pBR7ZGFDsbu|8w&?^J>-8@q1RG7->MZ7$qdv91yy4Y3$L`R44+3(R^BkTLf=C-mc! z$=QTrtV}b4#Y1<B z2rAT(KARI=FUVhw;aL!V*yROxbsDfY7<9En$csmL(g0D&wr@gL+e(~JpxQnj;%tHQ zNM%I1)JBMRXAtZ1)nVCpb^B&ce<`4wf2F}PV~L0D#MK%%m}yklnXK6~E=q2r2J8aT z+ii8~0uuFXh8=Q;HL}X1HV~PmYf6$CMT=EFbEsD%F2{qf+T;&USA;1H%qD~#jLqLG zvox<(CuicTOZ?Q>`l`{cB!Oq6c~ur`B7fKVOU#I_Q*XHjl$-NLY{key9j|nwBdbYE zD?r^)`{wM-g>gRB_onThChv~rqiQ=~%6(@yl!Eg)5~n3@H_Du2hj*yV488zOg@OR^ z_wQQ@KVk{|VL_oUp+aO`9J~(2r8O11^K*drgF_vqGoxemsZVClYwNsN%6X_+B!HZ4 zntbITX~c>Qdn{JaH=um;l9&1Gfz12$txaBjhVD;E`PhhQ=6j(E{w_XU?5#6nr_1Fx zi2L|g4~b^p{2YC!_&_sQ2vjgk^AyVXHB4o9fzWC+OOSNa&ua_u|-JW-6|| zaozj)oiLV*ER<&i1zdVPjK4-%#ch9-oAxK^YsYWARvgvWG42aC3^RWJK}hJxegr2W z6Jr-DoQM0wJ$pBP!f(g6L0eg^kqvyi5)|lr7oBbna`8D⋙̸A>_dh+Tq=t#lY?~$ zI+I4oD!)&`b~y#TP1$Z=FE{x45@|r1_pNhEorAmYZkpOBX@wfzZl3ZqpN_0E^Gx-1 z8Ac_;v>PWEF6Zipi|;xg^s?wFks0TN*TZey+C72_PpC1-cxlsKaT?!ZNlkvQXhlah z{vvec9{0qj_4hfAaNemw_o*=_%zbO(7JJgFEa?sR_TGjT*z&Vbw1r{J?F<*ct*VzP zm)uQN|5#tC`+mA;r6rn+Je61@SjYZW;+1Xn)&Mw*?9Lu%7 zc*(@VW8;2=N8;%>bnh*V;g%bLQ=QfcZ$d%ao2+5kPWZC<>QhI4_vCXnRHZWw*w{@2S|ez{F6dY$XwfUt0C5Oeh8GF^yz?i8 zesaQ}I?_*0`1j_7MKV8*{XD^M>VyXm;S_@t;<_gybXBNF$Q^06fU7tr9K*8zmQK2{ z)#cY^UdoOU4O;q~7A{N4K`-4R8q8l;Uo&!VAgZ3{RIQg3 zHZT6LRKT$3B6D{U$rkWo4RbdFbR^VF^FSvBO zHJO6Ho=vlPe2H+Bo#@*u)pa;TxXOEq2dmA@H=V!s<@HoHcYFetJN z1bIC1sS96H_B9ETj^X>d`w|igvD>rzuP_vK?_9R$f-mwKC7*A9tz1lS@;5`q5jQq% zU`hm6rMBgZ3O+}C2C{eb5kq5rX52!mb!fnIC+b-k!5F^^q25j>f@mbhs?0LOGX?Gr zdIT2uL5PZ-%Ke)wEo8ar%71gU&S)88dk10$RFv*r?l~#=UvVGLQ%`KGl17dFS*Lx5 zjm6FCY3Gbon79FBtv_Y+-&(QeOTUFEU#h%q?a|_ng3#v)KzX z*Yk2MS#B}UgfV^o^rbyeI%cIoQYcPlM};z+gAiY@D!x^Jy!^`}&-XhLo2Cr>E*|@! zP!gvR%hM5sr#8XOE6XZUhsw#Th40v~B zFAw@?)i>wJcR08QQrAVdR!-a@6}QxTx~>wYbst@hJarJr%R2%H0l)%NsGNTg9z|Hk zjJ@*N7ATgR&l8M3K%azdvKYw?ow&w5$naBFBh72aeHXZ zQpo>O^V647Q@Hq;1BH(r9eG9+lBD4>l>-$BUC(rgXDB?v>bkO{PW5B=(J!+iSE;@R zB|3`ER2cXh(IU2yvB*nhN()OYi&@346B={sWpO=0`RcZ8W&8LlYQC^Ef;y;(0mL+C8yO-9fW#Niw@XZ z;P!W6pC5vG{vE=*_P)~4Ix~nqqFtV9-RI!1ZW#=B**nNBiDY#U@ zv7(8(0Wx9)Zd7w5DLFdvtpKjlxb&nKm4c3IAjKI5w`v9Bo$3PQ91y5WmyT|~$*17a zQ$bdH4t5+lYIXL^WVO_ZkfGvj2DZy*+X4PIk(iIBIhRH>sy%+`@D$|l{)RI)Q0Pg*46VtRxKraRpf4=pOhJEg~kO- z{#p3_XWJhVh&|-+HFX&ppgBQ)oER%whu#nd4H!MwTN%}73u0(M3l>FTMy#1wtH5?8|qW)oGP#)|`AchG>M0mKU54RY_R?p9~e*L`YNxr39}tMSoAd{k}F zQ_s4@DBA9~D-xfcywlxy*h_U_!XDm_Po3ehXW zCr(BCOfklo?AVCuZh5}FL-B>^gmW$$lS~7a96;d-p-#X}jN$!J_2-22CoI7uU_enT zB(7Gvod(R$V<2l#5F8J8r2)Ah&?JT+g+Q_Fi7nm!tvrUFs1VY@ll2^-aD1KlMOI z^wo-8`u_KMn}OkrT$}5iFlpjMgEi0BaG&aTtj44BBhV&E?*f+H1xk0qO<1;v7JY)b za5+@{tEDu+9ldSH6Y4i*#O!#%0&c`}E2mXLh3~80m|834CFv$KI_jZnS;dTnpRbcm454P!0D z_4GTxxcqsxV5@YKC>Cc#X-*y3bDT$1qGNJijk**D_<6WLGV*lnYlw05p-U|#Hx#R{ z+k-y9-8fv<_~J;QzXfi7;CWEW`Dm{EQz@z^s#+}etAjoSE6YTN!r(cZ2Et(r!DSV( z+#;8(Y%x^J%E-|COr^$I3sd_9xFh3iMxZ!VHkL1=8YL90gqx^$Z8;q5k!kBVO(`mlG(h!X7-Zc<()f_8*DI)M{Kzf z(^&ACl3p>yo?*TVsP;z(rB3C2vhZ9Dzo?j}?Z3np!itliaY+6*%jp?U3cS!awMp-w~smsXMn!4{=>94xDE^QL*o~4ZOJos3w=F;@cs=Cchq}Dz^@7PC~!5SB=%+yf* zm@3Jkaa^#fq?nQUtu}H_a?4Y_`SuLQOe))_*6G3k*}ykv-61?iBbYp?<{E3)uR6ll zc%0kf3T)w53yB~P*@$@6uv?af}q z#;|=9$s*Vams6ik?=Ps2bzEQcUiMwn==i)ppzefP;rr-)cghq}#EJxG0U=KIP8uLc zmGNh8g3yHu`^(o?<&11T+cj~{@YLwadh<*fFZAr4;70`>73ZMZ*EfZ37>5qPd4id6 z653ccRM;kLmH(!VP0QD$mGuuZHM!1vuR2e&#dA@{-aDja!lE1l*shhY5iVm_>r}k< z=o|Z5R!8|+=v7;jHlSbmp44&U6f=#b)J*le;3ooQNg~bD6h9L}3W;Nw(A>Bd)nVVc zCdJe_V6vtaioeuye#bQH!v-JqLCc1nMonFxz^G$fG9t@0lr>pRo~6B%V~_01-GO(+ z+}PSkyVh^x;O`;W<{XR@K8I{B5(-MykTgU!B?te2I1Z1e=FgF+WB!?VUBW0vKD>kw zRS)BkhqgUm>TdSpQdj)kRB4-`Kl9D^nsQJKvC)Gx2r-U3PaGBfqjW85?#qODE`+ zc9KAH<_;6tmNd^Bonkc)6(PDUxm1mDyTyqTRGr4DI;YCF74h21{27-~LXQ^LN~&JZ zC_ZEneSu0sxUff7Ab4t}mqZTqio0w?IcL1?vwM^&>%k&cF}Ul!I!g4``@Q?<>3EjV z{IxO!hDJmw8blQ77X)%f$~*SDOn8)&)Nw?p*5ik*q*hU@QO+X}nWKR*$BGKXwUC(x zhZC&bI?WwTieh!tDu~rKy33#HDjc+LG``Z4d?i_L*Ka+F4qKkd2brTDIJ^hf}A`1KO0W9kptTtnMxdEL11{sZcEn0Kd*ddNCc zJLfeEuIay&F+&==BO6jL={lVp-k~FSTgWn*0Gl#;9~+6FSBBk#^OfhL*~bWh#s~F0 zxb8>{lLwHxW0&5X+O7E5(Py{KA)V8<^6%jfsEj?qGDT!ALgiEPfxK3k(IpNs)J!!` zi)7vvv#VN(N6kOSU3qB;Ep1@$E#>ra@DhbTz}|W z1CHa7xuzvswfqAt5E4o=%EEzpd(>>JLQ9E@H;UItS zxO@JqVSC%)Q~gD&cxx;BGmd7hE%j0U2k*y6f6;qn797>ehCN%d(=p)G;Y*)hpXnTE z?cAZKCR}0|;zU2`WW*8KkgdYMMm8G|8!@tKgq=`z3|+wyA~^U>vJDLKS0#?3#;Dc{ zIv~KlFyF@XSDIJI>fea&$NnIf9J~hK#32@yp!H#hi5w~)v0-gQG6S6w+fV<^Py8dk z;QpU-`uF8D)9=l_`0x8Z1LW{^GKgKBlqaVo#==1CiXJqy-nw!kSKr^D zE-F_;G(1Rpov$;-{6oYZ)4iLnR>+0EID76S{_`~tf{W315^ODq29#O0-LxDDb=%O*zEO77cLDqzaf)v%AP?AdtkfHpWc@rVimG zD2yNu^$^TV)O<(8`Z6wwm~Mio*GKff1tsVN1%#Nsdzvu~;E<1mEl7Y+7WlONkfjO` z@`9rI5l=TI$jUhsgLI+>IGqJVn8F`}kk<_m(n6E8f-AKkI8H)5H4L$)i&&%kzwj_) z)m6zxU86m>K24^4z7?8wvTGiGf)Hi*4tKQDuW0E+FsX9AX09qgfFwihsl}whEN$A5%V{vABS|6i-P{0LG0TW4l2sGq>VxCwQeWfMD{N5U(8Bj=O_ zdK5jsc%0Le4 zRqim64eWJrR6qaZZm&&l!t^7>k0p#2aZ(OzAC-fH8;%eq>LyC;Xh0Og8O0mSZ0L3~ zouK1TRUN+V4DIi;7JEoZEfH;CXyvIpadA@Uf%)+uwR^EK%WuKh5!ijm9#|e5&p*j;*PY4w!)Is>(bv&CawsBKAyqi;g z_-C0X}RtR7W&xG!y0bzdr$~~bCy#Cg3-KI`(ATs7;4nAlhe>Z>-%YU5!&Tl_W?g1uwQa_Ska0ZW)80w8 zBBR}WhM&ftm&|IrhNIA-&;=N884VaV#rWn+oYRLPjp;yHA*|6L-^M?wKJY=^m=CLSI~#Xr_B7`i zd(8?h3(19*wy;R2hn_d*Z( z8#M|%m2t{kPIjYwVDRFw{@g4xxyR^ZPR!<35}7;mLsdU~Z_NoDubQ8yQ*LEy-t=G z1&y)_?8_C0;5gl*Mc(GNG2BB#G+>9iR*rurbr&B_)x3A2z0y!*uG#m@c=}`0(e>2%7d8fp#`+3OY(zloa%O&`#e?=iU7uCyV zB_wsZI8xQYeWJqU?O58;ZIa~-dvvf44cHm+p!_Ru3Zewzw&a%_JG@0qGa8u-@bws} zuK3clnyJ>wtiP>C=JH$x}RR^M*78=|MLzrL%${v>XP zw=R8Law$(2D2l`4VE4P4o*htuoFE;zDTyf69Gh`hGQfwuC902&`b|H}P{&ogi^tzW zaO#l&e}1yf9Kz+PGU7-_b%(-AN{f8;-1w#8YW2By4EBU{k}(;I{Sxtle4e1;f>Q)t z5HUd^mb#qwEKX;4+iCF>VC2juOPgn#h?HTq>o?LXEbpsZ(|{74aLcJUn_)t=?O@^j zo8n43UV5$esY8bCzM~Be(J^x;isSS;uJvv`>14p?fSUb&g8W7|IDer}#efDdaSy1l z)a=B@YQ^~32vmsH(#hl(hlu)nx-aAjwuuTNUT&2nV|d-(1A*F z8maBAXsZ@E1GS$ho#zk!vZT=Iom^V^@MwsGk6027z@F80eCKdtWK6oQSGbYh^&U5U zAk!(cKzRlvxd4^Nys8j8e2WTl6gGM@rGq+5@}s~g)euJ#jLbmsBiRqEz0=Z@aP{Q^ z)q&Ez|CM6q@747~BIti=axpXto3!dmI^z#HQ;D6A2zK!iNxzn%cCf0lyw)4l}N}0I?x< zEz|hGqu}xwX1D$xW&RcCeu&!N=Cqbc78N<9c7fZ>C%d<0P9cxo`dRqb(IB^t`nvBd z%R&b7BDb*?!1LW|5d(q0)wx}w-Mw!bYaQ&O4UlhwL&9<+e4PZYEs+626Ci%@U0EhB zquRZ_vy#e%;z4wMrJjlcLs&AuD;4P@<=!tNFvoG0WGaYgNTLZy*mtFwR~ajN{!ObW zq_Erf*PKkgmsYgwS$v_@OORXZivP!Hrjwf}rJ}wMaNK$x;*;VuF&hBC%ayC&KFkqCW~X>nN~nGGh_nDjmkwUzO!#bu7@fnGVewmk9**-EFMR`a8D~l z8Vd101F*$-eeRHl5h(KCJO(T@peur^odO05ThunehsX+~wQWT&BM^Ik0fv~E(STW< z4rR;U2`q{XMo2*+L;(-#F`d7<)p*5`f~aSw9*RXG77j*GnM`Rw0z|n7uAd$;&awZt z!-Fj@gJvqso_)$rT7%EFs_(#MTwUAiO1q*Lx1f_kW}PX>YN%ig`9LSZXs40zlg`xK zPTR`6St~0eXk~{gBiB{b>0RIY&%nnV`R#gBuC+RFNzPY4?7$iX9aw1dTJc~8N-WID z?NnD2e6JIZ9a#qB<4LKn;!X1{JK8FszHZ<(Z=;-Bb!Ls~|9J-x$>IcOq7;TQkyWrF z5tFDW$c`&jVDHmu=Is*mO*+>rc)?us5q-_mcuvuyGv4hn(d&Cp!cUovXgkG|eJQDA zbL=j5*3bS)X1$vSrc$KjCIzmez<$d-9^m6I` zLhfJZmQG-s!&T7yu7ha;*j4mMx!{~*nCwytQp&gOm^mOF=N)7&4A<@75I#4rJ?NHI z`mXe0qdI4FQOr9{$hT?iUMKncE#XseIxu*AJ2XC*kaRAtZo(#VzC%%uSr+hXSu8i!maQ3T=uY=z&8+?xzWoXChC$@n`H0RFd} zD{8~g0CMyo1V2gxv^2cRhl9a@uSZq&)KSDjPF_SqEDChKQ}rKIQqf?jSKlLOVg_<^ zBFvtb;5BU|)QmwyR?T)rTvuTYxKz@=pX13?|GrmuR(G5{d5ioZwypDX$%EIc?jPs3 zZ#;2$ai`vh$6R%v_=L2#ug$P5JVPCc+`b;#is0)4`HTQ|(&10lkVVLdzsCx=s1M~6 z$tfjvGo*q-0bP2kUbf6lU94m^EIdXG+gvZ~J>Os*n(o1^ntXRkL8vM$k&BYr1RP<1 zEJb`f7JeyQ%24%6fWMqno5GVPmyY;^WM%I`_?czkyPfUTiSU@#qG<7@&>A~sZxe43E% z@O*Ln*Z{h0m8|4~7nX%~crXvIe#}^D=V*f8?|aIsDjaZ3T@U9s1&ONRdJ%jax2F(~ zX7_iJFeoLd)F7Nbg5h}=gbZY`y2P>k9v_~Gr%$)FNasOEtTyEdVmT(B24wT9tb35T z4?LmvjVy>gtPr>;Qor&F@ywqc3C1j#;a+BALf{Qm6QgqEeXolmC5B}$llI?!G(Dwe zer2TR1!W<4I(23~nQ#xs*97NLH};x_i7Y`zk{f%qgeswDj*{ZIS?*lfDdeyVz-R}p zpIMR!qQh^kJ_S7z?06>{P^=H99PD*nFM7wcY;~Z(2dS zJlKcbh7Ue?NpR4Kp9xcV%0D{09Cu^hTq$9!8x#WHt>eH{%}N@R!?PI}rWv^AyYO0F zjYO)uM@WCHf2fHn+dxI5S=23ato@g#UdG4;dtu(-ZJKvqIh}t5QWbFIG#qO6B?&a7%>u{bcgyU+mw5SUyqC)px2vqZ%K(b z8>f4obuW9WMa3hOYb_)(U_)5@t6}2OxPjhyr{C@D$|R91=Nuem1t;B26VzrbUEh_# z`cmum9SC1yI8XaCNU@P>m#=A|gfv z!FX#Y7!K^rhbujXOSgh5sCe{|TAAR(IHwO?{9^=(roAj*Ch4uNKKK&8G~CM3#pS0n zqO*UmrU?T*Gx&Na)N<{CWY%beadm%oMPWMa+~GdUWBXzX zRTBiwU~^D0f)jb=sdBO3m8!3|cj_ZSy_*TtyNQSyD>R`B_S?eY_cO1GDye(npyHlH z)dCgwsLbz58SQ)i9V+;)gC;PO_t#2;LHzRMC_Wm%XR|GGC)Ynjg|)+ucg(RgZd^s~ zLFXDz6Mg*R$$cAt6os7U69KqAwM>5wHW=F}QFJ^z+{JBHZ_+nL_mg5t>Rz2wY--gf z(z^CsjXK=%`t9S)_FS{Os}qU(7Q|1aJxJnne=y|kBfv+|xO^WRiXWq~uhl{40H_-f zcR;ABcF+;n5cwD-tu{VYeuy0oF5Z+w1KNzTU!jr_n2Y|^RB!}c+YKYT#}ceWc!eFS$7L_)OJf=yMOZf@s;G5y4k>nXLP|f@onEQtii5_xLM(ILPk!fl-xXpabwo3+z zJa+PD;a^3AZ>uqyKSGq@{|9gZ488yW literal 0 HcmV?d00001 diff --git a/docs/images/grafana-grant-access_step-5.jpg b/docs/images/grafana-grant-access_step-5.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a02a7d4d29277f0df8872841ac69e81ca797f82b GIT binary patch literal 88515 zcmeFYcU)7?w=Nu-ROwZk2nfJqCS8i46lv0X4ZRoX5PAn8 zkRU>U5N^J|bMJZ2=l$os_dWN&a~4eYWbc{1vu4jcv*uZA?iTMh0F;`l8ma&s901@m z_78Bk2}o86aCQIyw6y_z004jpfRFP4K!D9*ivSdGnEySmio*-Q``39~03gyCfd4XC=)d9puRNY9_8LG@Us*!~d(^k}wzqfp zaq@V72M5T!!X7=aUpya*3yA<^lr*&Q|9Ku({*~wcSC(>?HEt;pP>X*ULj2_zr3Aj~ z0#Fg*nG(?B;XDH1QsLlH;oS8B*s;Hh0Ow!wuWHy299%qnf_sES#3ZEH0u7V^TpT<+ zTzotNf`1-^6O6qMz^5Xh<`7l9NAud6@R1j-*vF*rM4U=B-E?|W2rh9O?@(eAdIme|Je5^`p`xm$uA!;_#=y|X*u>P<&fdY%$=Su{y|15tK;Vb4PvH@f zQPDBUDXD4c8DBE9@(T)!eiWCKmetnPH#9aix3u>3_Vo`84h@e?&&Hn+BS zcK7xV4u2!h{+$24xI|rD|DzWU0Po+_!hZgnX8$j}sIYqB;^X7t6aJ$Y4zB+{ic{ee zaERWcR(wrp?M3rQ>?0AaQquRDZemVxJp`SN_Y?^|m&7JF@*mayrP=?UVxj-PH2ZhO z{vW-T0m=Z}e+eEg_ATMzVc!%!RtN|Q{t-eV!hZ?T{}hsc3F$v_|KH^fdlMY&J+PJU zVgK(F6B7UXwg2tR-72=D>fONrWOz8(&V)w=00Pji`7!*}`y{;iA^)BJb8P^;`}N^%Lu)<@+n@-2uN!p-U_|q8BvM@!znrW3B>jl+Y{zMiY3P1f9K4$|=Y98H zXUT07(2+eN5BI!^cpVLlI3t{^6t-?F*DIS*^IH z4ZW6`U>`qwB1#qJeKsw39>#5^Nw&nz#6_)b;TVu}Wq{4nv0yzM_w?B3$X}4pWb&bb z1O4c3rad1s;VucIRkdW+r`%G4#F&GsnP;vT;xr`gvaYxjo5-}sDPS_m$3rroW`&q` zazfS~z*8x^u)mNXPrNl5f#GgLB*wo#eBWU>_K{0$BeeLWRW`XY?x~U9n+pj|>VyLU zZwaGi4E^mV3|GM9W^i8L9f14@#trYlq{F^;#Ocbtefmc5;@y=Zes}7CD*SslQ`b01 zQ90Hurd!32odQks6RnP{jNh=ND9gTeKao?<{Ifg2fwf zyTHI*{A&5pjjJ4q0KR_`s=&(Vdq|C~8Qc3}}n1hs|6Kxr^EgGjvIHQt%}aRx)P zVksK!_Z7T#X`3FBoN)sh0SQmtMS>&KFq64co^v-+mArlI3M6Xys(ay_xRL7LSX#yt{_dQ{Zy7Vbzic*03~7T}+i`(fx(_Ym zfoyjGI|^p-B!;pMnHViu!T-9UW42(1nx9>6%!E6_IgDLQg86y)$Ni_A3H87A8cW>R zxu(p(%!sv)?fZVCy$X!gdHQpb#4n`g8-H79uEF4Qmep7Zzkl(lBSrlr~75%Ugw0g)j9zw~4V;DGR0IfeLkO z!lrfVYZY|@x(lg~Hw*zcmMEb+0JF_}eUwE1w6J87!=8_~RhoRGi? zoN?3wBFqfMx?S2%utmCTcGK+ktwr4A^ekqgE#!8qz|J<8ch|4k_{@}l0YeEQK_wvv zjWaY53Wlo!I4G)_x9@k$FM3gRAtJnB5%)=@xBwzYa*g8GyZ!URD(8 zcb2F=Igy`tT4p-k#n8Pje)2BT_78c?wbr)(aXHd<zB}&Yw?Y$;|8S1_D{#xh@v>D4}5Z}*PTTip)+F^ zrEGJ7_SV0yoJNWx_$}X9-T}JBzz+w1M8BV8a$0y08Nd^|MMOAlPmS$`P^D7+6eD#% zpx8l`Evg&Au;thVH+&{H*y@-z?+#$unt_Q8?Y#g0S)`Q%{n$u34?B1*AXTUo z%w8n=v^@W|4(fW!2$Dtyfp}25@}>r>aj#cgt}~L8$Lh>^Gp)ky4C5hwzfT{}+f3l5 z@%6W?qqz64?*P%j6DP>Tb*I8@-BR{NHgecD-{C2 z+y}XIsFboiDksyw#}9n!5igpglHWozSZYQe3}{9(fx2!m&;3GHgV!-6jvM2A9{4Ez zEyj3#{kl1wxM{wS>1A_e!7lQ}l^441nq(V+iARp4n@YP0yi|QoGPPU4NtsY@-oZ&NCi&!3^b5 z-vKs_K!J$8Dj(srVwc)GfX#0n4x{7C-Pb0=2T3mNq@x{Y=3{x$AW84U2 z`|{OFQBteD;IxYM0(I5)7^M4!0ym_`9GSk}E#>WAgK+!uF%qBo=vSSNBJ1-wrB8l# zE;suZ7E=g^;zYdvsJ2d?iuX<$=uR0$Lmt@;GHv|SkZP~9RfE190`yO`yt;!=L z&E{!;Rn$6(V@C@rsPe5-t;>@K=8SaAEwoo@~UdSa7YYy7_LmUUsY~&>xV? zkJui(1F(Vx(R$PHb4zwq`l(4xLo>r`voX#$COx%;eNHV_m0dJB_hf#%UO4tc&a6Zr zOHZev=P@K`vi$bkC@wGz+?_`XdWKlu_`5!^PJ`bBU9f6y2`c}zd?Cm-p8cJZ!(Oz0 zqBlZUI5C4~8xjj`f({5X2BaUL?kwPYSf@U&%#fKA-FlUSmeD~Cq%!bxrkymA7p90W$jGI^NXRDP%tYx$-d}cmSA1zU#~V2 z#mQK>S5csG29u#;i$F@h+~#5H1EO!45AwB3B$<_R?FQL-#S2T+y95qSyp0zYvsCM_ z&%FNSYbNNU+Kfmm!hH3jo2%%v?(LNqV3XEQAgRU=in+Q2T->1g5qVpVz3b%00StZV zvTNV%e`XfO%w=ZDJXlk4c=`&kTCJCS`5=Ws`7A$%w^B)W?KBeG%HEL0@CwM`vvDxd z!l{2R^h)F@@K|XcdY-!n#drO%{Ne{V64EVk2iR$KUB7s;dIvc44fnbOAYMVPWR6a6 z2%Oii1r}_vzjDS9$kMP6fV0uI;$PseEpC8iBnKhgirA{#RnTL)V#q)D{2u-d8m?-5%klt&iR@E5qrcyJ9Z`FRj=A zD5&gg?i6dT^*$bUb;BoircUW0GLWtU3>j~UmLqA}ozK2;15aOrtF!uYMS@lgUciruTI^ zk#o1>g~;1sx4o9kZQluUCL+$o*|{6xlFaMf8$HagSKvu7Akm_}PFu}u22~BK$cGFH&={6VEwoav7kGgv$ifqD%9eE zh#ufK(KbgD)oiXSyb8rf1$02Uiw|a2AW_B(J89a^qgh=&*g@#66vO)s_rGAGxSRPu zvy7mkos?)Sl!O}~c@$CM7Zh;aW33dg3!vOF#_x5CM`o=yH0bG~>lzR{f?;i#2g*9X zu%Lxffo`&5dUN;OuxHub|8)K;X&zkqw$$YKw$TUH7?&KT+!;9wL}*R^y#r7~R({<9 zzWxOT-8e#q#{>2;ofVMt1d^%S45$kQ%3(=f9Xm?nAw4R00AivV#v8~YD6uB+4sd>| zaEtN3ky&1s54ZyiK%&_ZP2k5zP%3C0v=-7>6k}O~g=puq_7dAzHjfPYOW$1IMF6XehMkJn-P7vpz;hzJC0UMOUf0@HQ#xSYKBq6!XdJUO$@ z6&4=75n!DB`gJ)$YMW(;GWoT0sAF%#Eg6dVTo|@+VLBrKG7?DejpcQd)Zl#hGAklm z?DVtSP0{WrO~OkSyzZ*~tj^)vFW7z$*SdKBtD)-t=;qYcGvJ%Hgli(q>IIFPjINNw zde6JZopnFyi!4I-1vKPA1wKl zxIid=3JTJEC`tY;$JiAcL|OJSx;p(K-fY|hGzU_*S2zko*km@zgfcVvRgvpaS9l%& z>7u%QQLu(9iH@ndFr;t?SB>uc^mzNm83oGZ}lA(=uc~JZXRP3bSNEg}OqVQQ#fs(sk5kF{31jPK8bi`oxqfKM8o1d#ogj zosGur6BfPQCFcLjJbPn#A&#ty#7JPqClQktsc+4l8ud{@28}~%vcV%m=_kzx74D$w zRsVqjC_hF7JZj0HK!r*^ecAG>sv(}k&er~?^To8To7X*^0Ut)lzvGh^ z>asiIwMG6%E|^M>7Fm3PiA~<9Q#Y{3E(H%2&oY&xm%afixRJ#SDm+6qZGEvEfEku= zLW!0mf<_PXZ@9+>J%(A!Ryc&l`s~q-@o!kZE*sQBT`iZkdmwd_QRl&&ycV( zldORgF0*W2PJ8uS4O^>P;_NZfs1!Dnqva#vD0YNCFZYZ?9m;m|Nq&18$zbr$v23e% zf9ZdD{2>>Q8~es$Co%-g0E=K*8FcU#|0I3D;OlIIxvCZUOYx+ZYQQVpkdiV0Nf~Yl z)<032_sB3|>(^dMeoUX*>E*F)$sv#uV*iY@H^aN4t0`9hmoM)^*}ZhV5}#b{`l&n= z9atNrc$?HI7r@Y;f^uK($*PJH1Wh-7NKbR*o@?miu1*-I^upmhdAftv<|;~gMYhZ z`wMviW7FiV-v?!!)SReSI`gb!f-_J{? zN?LCIO0S0bKN~->`p%G(j<>;%;sv5}d@pZ9>rZd#U5lq68{azRBDXpQ`z&b=yj(um z97@X?=6!>$Nv6_=ZUqI#jq@wZX+5FeG)`lh9Id`zyq5=~*%n3%L!$nmpJN6wy?-hM z;o#wmyoT-L-$wqKyUJge4(k&2HGL9!1eAUcuCOCc*GXLO0C-zSXm1{si|J)_1FO)o z{`9oRqltkXO=^9rsPb0zsdR%?8PdnnpK+=thB5T$myL6GfNCB@dUIAf9BM1;JD98E z)d#lNhJPFnzJDVRUb0X?QCQyrh}!3CP$|7^*6Gg__6#Fj4M7<<0vj^%tO@MkEmUQ?$%luV&URz6Y8V;z;ds& z?D#p26=ls~R@hL?m}uKOj%hu>ik~g4gL8WyzO=m_d(FBK29hi;{&Y?{Cu$*}pB=m0 z9Q`zYZ;4So$M(ac-3WuPpVNROQ+oMRYTvSfK0qvxEw!1V7QP)SD4_gljjl0~q)S zK-$fwMNWfdn}@C8z_OkYUW#Pi_D#)Yn%S@<4Y0At4OW=9m0t+x?(ZK~AAPJwm7o9T z4`CPQzDKx)EY@VOM>0G|Vy9O~J+%5%@ANp=KWYEnzG92d8MlPWtc8fQM`Mv*q(H z>e?EgUOi4T;d%T^iuSdN!$a))3h-Yr;oZ&t2cz!4os0ij=i=Odx90yv=i>Z-Xw7H- zn-o2+r!gNoRvgX*#nq>6%;Gh#-%^pewK=^~C-}n2QbST!n9@bKc#g#ncC7nIk^lh> zZ}%^WclWkw3@V9SD$M?7u9J?O*mfvRMj|{5^pT}+xxm+#JfSeeuU5qRGlhIeK&3^; zQCA*$yUO-y+!RV~iz{Q@waGu&q_W6a2vlx2WGNa;&Aww`rM}pmniO+gWq>U1TP5rh z3$X3E1CVT|bQ}6GTRt?A&h)`eu6jh-^N>CL)l{S6Rf0y(>(1}Ce_Ud2T>GHp=el^9 z84PXHl;8_liz>m6Ycty0Suy$~HVH!cd(SuCn=di~3@7{Y63Y>zTZYA(d87f3>OqW- zs&m}wk8iY(>-dI+xD0Wg->>oK4>1DzlaT9d+HQ>SA9*A|$m)$yOPg?--d93-&RaXR zN%M3#HpyFlF-FGMyhM1PWhPwPQL)I%(T%();HC-aDPk?X@xdFjnsUggtBi>_=mmoM1fN5K^>8V@qqWvRQlbT7Vs|m5RO$0pNKT=D<jT_oxF zO?*z?=Ledv4grlgk-uMNVR59t9QL!X3cH)876uZ?sM= z$tFQ0o(UiNMdSW2fa12B%n3bErlhJyL29_r6+?hf8}y(!L^zuk!6#Gvs=qB>QfAoO zH21zsCd7#veS%X9=of~$YSkhM@;-qDokWP>@+!rJG=bd7&MN4y9A9Z88Y zz7i5;N_tUPMlDUp9K||>AD81dRHcI|F9r$D_`339=zjZu_!V;U@dc0>~qkP@FTe-CgPqZM$XR)saNm57+;NU<@E|`Z5l#dH*fXM zNSEAy+ICX7Gd}v6$Q1;(B3F#d`(7nc)d_TEkA|HjffU%xOcy)zemY%TicfOATu_I5 z@jjAXqcgfxE=w8S{~_ZMuJA0SHHak!+S6_JNiNLjELDVjAHTMmyg#*c0FUy+xZJi!%%j_{Mab*L zLx@KmR0}_B2vYkcZTsbyzRcCIrI1M%TDrfa?93pA88DrtQzvJ}7JX@;bxF4ic_M55 zyCZ>SZ=X+|IvcSKnGCKpxre*He=obWCQ<70%*Z-(Xasxx>LHD}$O|0K!0(+&pR9Ju zP7cHuKfHkuN?6`Uk#71`A!qtNfId{5(_}wmoA))0wp)p+-M9lVe9_T0cp(=k;l28> z=1h?85)uODJiG(c`}SY`nwgF78)V9{SM&$8(-fbz*dnzC^R)0mckRGOR74+bZG1{tZmB> zWxh>8dVqAw%3&b2B`6e#z@wJP)(}tyHOK_ai~Yo5gd=&PCGw6bs9dt>?*QUAvKL!3 zkjwUHCUF$Ja6aR?&6K4IW&%io25y~Fxqu%by??gygjW#U_T3-RyaR|TK1%wdN-ynT z5%-*sPhH{r<|NEQm;qJ0(4EVJ7)Ze`2@*=Z8%50o@JDeqyEz;L_8!qDwYdlp@(%%G zWL@YLxbi#45gxrqz({CAMBb+ByYb?WzFyAz*4e{Z1CAtXMa=xU#qL21lE~uimra6O zmf;pGzs^_170vdWvR*`o&(@i)LOBYRl`574Xm~jkXDxF|R6-@#^P%O6yCE;jL+KB$PLGjYQH!?koOw9+_txR>@%eYpw&eTqT;N^E?8xzGgmr_M zn6@-)=-_AcJ(Obs$N(9C)eX_9uVQSU2NWu8nFI57sKWp2ZsdB}K)in)2j63V|>9X(#J5DES@B?03zQT;N zlb=IqEnRa(7mm5+;O(OBb&5Y83FNu8B-z<(SDdxr%Hzw6i|uSsg5wZ_QJs%acK|F^ z|4D5tqgO@{Eex(zO%SxxcMN|lc5Zydom!27D%7(JceS%C`vc?h|O5k`e= zLZheU^2mPs3m2_4z{&}tV@U&ZJ_882`kK37yUXjHyt)M^87r_$#ir+tjdt@X95|CXV7lX=|n4Al}d%tx=<9w(M?m{w6Y$ zvWml7$-jFPE%)yLm)7X$qaM7Vw$G!^RpuRH@fv+?M9R(y5}yIny3oUpKriQnB@Xi& zm5X9uIR4?5yWAmKq1U72wJB3($rY3T(K&=71c9{NkUo76QYnM6AwDm2;XRM3*fz}7 zw?s7fTI9)c0Y|1#KqW}75KWBy0o{5g#i|GEePtHr#>?y&Kus7S^^QGtwCQ1}h>ju? zf%jUs?G_*Z>1p^KfO6yZ`+_OTV>=#CD_mbYsGRti!>My}w^i-zG?1jWK4#?2#}H*) za{l2vfFp!Bz+M7MjW$Nc=l`a+pbcqgC95mC{X@giLh8e%sg!R|C^iG(HmCvU&KO$n7sN&M0&H^^ei zfYxWxq*D1~{l)%)|?4-eAyTAQ3QPnfM_2b+1?$DVscN9}&;Te0fx14SyT8U$*|M}?<{(G!L?=PIDJFiZDO=$Lg zkhw(=tA$!a=q8S8tG{}I|Hh6gV-uP%l$^+2IyiK&N5bfrUmo50Br95fM&1&s_1s*K z)YZN&R(qObMDzEU%_`ZnbQYevcXpQz!&5-Sb#J$Y0P6cTl;Q_&|vWQYbyg0w?1*H|=$(+I~iu{8OG-v`Jxr#S{6IG7DuF`z{YbJ1ZuH z`o!GufT~x_rAK@#L$@%VvhRim$)bxMsz5h+)nS(BOFgrRaZ01jj|qC-YR@= zxmSsI0sI^ZMI=Heb~7*5f~9?0fMW*!x4t23Yx*I+ z&8FiL2Z_RSCchotZYy1|enbX#WWKh{hp>W06F+szCiM0wuut31R>B{(Ks(#Rb5-?B zWj3|rnO>D;0!0b^pL^@ZW2UooK0*pn!dniJ#cDq^w#wYPHQy3 z-oV<>(Gl6ZUe}l8s0=uM)zZ_Skel|z*;7FS3+71fcG4Tp06pJ${KPFLf0t zSp)#hzjUrHuZDHCZk&euVgqn;8E3HOy5^L-Z+5Y=k2klS-cU(GvceMSk2xNPF}GnZ zy%1ycQGUlI)&(4OJ{k34FP60_f(LOLTS)3$-iM40C~i(lRej;OKcR7za}TEUby=~h ztf5?(0Zmms1L8n3pMPgm=^kEyz zPzongxB0dbXOaBX)jkt9_&0To0nzK)vC@{{{U&cWPbulHpT|4$aE+^-8&7IRH{5s&gMKoJg9>uxqI6}mR&W7b43 zIUH=*ux>&t(9h0~HL&)AZUy045aE`qE}gT;@>_EgVkI@d2zA|T<`@2awJ9Mxaa0q0 zrge2xzd-sZ`%)0!0vrS^vrr5YoQw1ChWFwdB<&=6jNuH4rkqRu3JBZ$kywbPLM-$x z3b|Xpp0C=g&n0|v@m_sxSMfQejLauT0ky}S@wY$0Jg%)O2vne(tIajIreJwxQa(xC zoU@_tThw}hf#oWBnJ!Q67x#>9GYSA^bd4NIcCAub1IoC3?L4(siQ;GpitXJO+o5R` z>9Pt-XT)*`Bb8Hz3dH%HJFQ68JZ$7mXfEG8TCs4^G$64j+ugdYKE8nM6*EFwT#AYM zg}uP&*NTwmeLw;bGuAkc?CC{1Y9h7+>iS@XXJ&_nokrQLgoP;fO&P{{t5e z+f7Y=_~{b#`SkgHqpgV8t$>1##wqyPGy*<>`sSLN?STYrQYh!9^>=T7RlA5qCPrW$ zSUSVN;ok+(DZTW0%mP#0WI}MZvwq^U*$_iX<|vs#TJHmT1%v#~O=Jd~&VECfW)&ol zhzx(9ff$GvcfK_I)3^rr2ODgU|u_CkM<<)>Wk>1{+~SkYva`Qentv)vssjCq!PEUnikry*{1kGgvZ zE(J5lXM4Bt<2FSk8zpMA$obb{Mr(VriRBQ*7H&OJg>%U3nq zmQ)h!;Zm|jk@hIxG7A@mIy2F^=|d)by^wIP)aQ&fo(3ihBu`J)3@nY&V5&tF^TzFJ z`|F=!iW(FnBK=l%oPM%@&_~l4YLFYM0;%8c<&^$`J@R`^B#n!-%}8+L#m1jdcTYP= zYwXIOOM|GV`hKJ?AVQU3@tfypEksj7=Obe?6Eos=;J4w6K*xH%87YgCkrGsc$*;?ij@3>S}e7%Q1ys&a{ut4H%1i zbEVzR7e_8ucyrBCHi3Or@E~oJK1HwjgFArYoG=gaQ{DFKx->>*7CVJw(8uR`G}hFj zR)d^3xdxVo0TVvsN$w+B5liPzEf-RMxS&#qYSKgn--rbO`}Ld}O&d#uD>r5^ON;^E zbG2e??X5)2TsZLXS(1hdJ_~?YRf7A=k1q1qzytw_{jz&Ww$59+q%W&j=kg`2`bb0v zv=kmZ`~9j;Xrp2f0Fu)vC*nVZgj?bYbaJC57vv2HR;OL*rKP1V45yCI90IIj-WZOg zkJhCPStr~FO<8)OiI5)=>|Nt(eQ-?vLjUKAp#jL$o|(*U*NKuS=L!i*m(pt~ft1UtlFz%YcsxeQ|^379VL9HK7o>$cY>BdzO{fTLQ9l=Gk z2{PH9uVkNCn%+DbxftwC`fW*A?`PPA7z}evhi4>;oo(Q1utqbbU|=_1f7-1Fe2dbo zU3RJKkGQ3-2eMqVFreu;g+B)}YGDUIXK1vf;x{##xu^C0cbhW!yl)am%lKgmWC3Bl zVAi=R_Xc*-m4I>+C(%MPHOA&>9wxb50eT)e&k@FwiF-O~^A=2v$c28mu-PxLK)|CJ z%^Fu?t{D%Na?^1SZz7^HF25A{lcBDjw09Bx!4#CpoZ77Ei&>yAvxQEf4K~&c}HR#h`AUo+J;>>pU69wu9+OYGTT=T zT_shMXfqD!Q{B!WDHMN5qJf`lGjRpc3TGWe`2IgdLD~ZMco;^B zXI(1zT;xX4yfSXw|sK>MTprt$b7tP}LOTIik+lf=cKNy*JE%MJefB=dm% zekaQjl%`#SJ+fZACR|@|d@SV34-tyvH^`OjS@x9YmtCTF#%9y;jI}>@*2R3^KH8t7 zywdd|Q$AL*$P0LWzyLg7{J2`0M^ed+xIDf@GWWHbER|?Wc6{{RoM$-O9(q%&V3F3|D(!6!dCsDlu)wopZNWonp;}N}-RQvor4Q^N1e#>O&FoMx}^8SN4SC#RW zKPGCK{i=LIvNsitryYrJP^E}sBb0gBa<`8cTfq+(s?7Jds#Hw+?#0j_}~?@4EL5GaCDXOr~00NOXvY zbsf^SGQ`YW?atLK_&*^G$|q?wt7^UWX}Dp5H5_Jgz|*l0oPQh_?ZvkT=b6dzQG z8ofwB&VThNSy?hCauc8ub-NhGe=apBJXI9;guC(ncxboR5{Lse>WnlRY?LKTke4fr zEu_&cTs3|EIzO3rrQV}s-TO<^2eOZ6DWM%Ekq@>?l&MS;?oZG%oIc1h%-~Bcpj~Ls z&)Q4R)j0OCl9490c>lz(zeK0)7Ut=W-1E{)(Ova+KC1x1R!~wg#~99h6(mJJ)xdWu z$qGe-H&y^4E&$FV$u|FqXWDHCkzqqiGUP)GQl^Y;p#ESDT~XDt$eSN?Ao8E}ngZ_@ z{)3-OAp*sUWqBjnDFuBeiBY)*HAvPz>w3AC$M2On3<>;jsYXN$VPFS6zuT3CA{4`g z1uA+I!gRRyXhHIsoYqWzP|3+&d&F+6gy+{W8s0Bt_vVG(5O96|z#dyRyRgtisp9&q zuU7fqi`Q*+T!BXo8a)^~O|3Gf3%dP*JYsAlUi~s^ZQ}VgX-}*D+>W~0m?bYq4mt6g z&%8tUUuO8opI2!hg?k||3IpVu1q>;&S9`NV$FHTnh2f;!!{f;sgU!hbC2Ps6YAc*8 zpO05_hRN60a*nkLTLw*^cejkJnc00OD0a1Vo8MlqW)IyKfdmVRW8K@W+46kJ9DW~$ zT~Rk~A(s4vgFlQ-%+;ggCs~ZhCJJPj?1$J*p-7_*wkjkxG#yccVRkX~y-2GX#7~$Wv!&8t zu@O_9eOF0I&klNOWfX%__}L%mkB?g&JfrI?E^odMxR42PhCen!*PDJgrZR z0^iHnyo`bbVCd%sCCdTJI-Gw%tKZlP#;E!8PR3(UY%#Qdo8MwRopGJmwa}-_E!BoC zqQXCdWP594p_;c@>z7`&``#j{z}u=7SE+F=la*ZV zO=DA2qZrdWckU)Xz3_bRPo=+!^<)&%-d?W=fx|%RzkDa}W5!?uDO>Tr4Yw}*HxAIR zl@>?Cnfu|NaCW#u)JJkyyqECqH7ACf(&o_u9nBp#*CS6V3g+Q|?VHcsxt6{(sXX+l z7bmb{Qe2K7O^{va>)TJ!QxT|EukC^}SMd#LR$o(%3k56fF9PxFv&RX$^H?OFJ?C3> zhP{|i371RN!k0eSVB7Z2bwUBXia@VWz;ZN2?gjsSzo)P}fVwj(#)`>qIag<6Gi<}1 z=q6QaesIt(o%_p9uEw(i{8D@ts-Z^-;Ez5h(C|DGAuzthI{FQ&+{e}NUWS{1l+-Wv z$63yM%-$XMG`@2r7=VujsyJ6CZymZAG}ER5DCZEshK~OU7KA+0~`* zIW{GpyqFk}ynZ6Xo+imX>j-0`N3JIJ>B9DP7S5B$iyy6;!sMRlAr-AKFRHp`eG*ap9kz#mQ?g>DFmd z-?0_&DfUatg-=3#bpgV?z@@}~3}YL#sbda2<>6aWQFofK=KQ09n39VhQugAV2%%tJ ztBTh;Io9#CZPaCl(zOpJ$cREe1zpa2>D(B;_fNab!R;57k6Kpb>(DW8%7x0lo?rlK{KH&_!XkTCUG4ySNZ;Kr^9{^ASiXAAQnbI&n^T+9 zjw~MYYMaAb%)5(X+%zjFHn!9>sMNyQ>{LF^Bylz;<<)d*<UjrYy|j zRRvX|Maz;&qH)9bnd7pbGYx!TpZw4u`4`?Ny8QO7mcT0{i~I3V-btt@ki_K!!DJzp zp#ny3MfPi(nJzS#NG9Gt5SLslD7U~Iuc=TyqP)p${29w;#uJr#R!j$9u;4@N!!?Qm zvb*UKgZ5et=4|h`L^O2AaeBV&nLRKHU>dvCK_;-Ic51kcdG(#L!qM>9oSht zD`~c#p%x<+u|MAPi7P+9?!~?rA32TOmwmcD$UO;ZROAg1)wWp~>F<(t46FAaCg{t? z2?r1Pv)p?}Lt6R#p%l)5k0s07w=3pj3k=@v(=DSKoD2>MJ7>;GT3liR)orT3y?+)) z5YAE!7395Yx$x*>#cqb{HH0!?*(_eO4r$Hwd8=anPVQE{HyidkViaEEc4(v6>=n|K>i2|Uk-m4PQPf{6B3V00%n zY5@8ENSC%Z)@%?~GwAs`DNLO8d(`68KA?8{DIdki-y;Z712n=^rzX%1sjMEXtUD`+ znWUSw&pggdc%b+oDJSeQ!ki@j+s;f}qoU7mig3%iLzF9$MjOc+inznvQ1IG zq;yF?-&w4^=u0RPGpX2A>Y@oX#>v_E%)e{NfJ)vUVB?(wz4i-z;w#tU{?h7%Dw;9v zxu+PF=eO+~{S?F6d%h6D_F!xn&GOd0%&ow%jx2G-pa;QwjbGfn?>*)9-0({NX6Miu zi>x|c04DxzY4<{88_x*Wo4XsfJ`os;Ahwq)eD#`zj!Xll)avMLA#O=ykZm?P$|Ghn zDL~#;>Xh^S;a~hvnNq#!F^Z;!uRz7yuL_i|Yg8SxZVlM&ZLKsO^7Mn={dnanDW5Aj z)mKOA02ZoUjQ9zL%b1sErP=tn!Ni8#Tc8?2Xdf=7*sn-n}ewF;|r_Z@YcY z2e&Lgf#m~w``!FEf%J++D5>`mu0h#absjt2yWf*m^9=&U{KYm$(gw#0inB1YxE$M9 zgSUq`zR!lJQPV6i33T2|j}h$6xvYu`|N9%pOwgQaChj2;=^@Zm`gU6ZRo0;6Pn!1% zvj90WqPPtcgyf{PAnW^}1Q=?j)Owqt3^Sm{++)(n$XPd@OzRltbkdwI&|)kP-{x7b6U>-R;bFO9 z(?X-bxV@KPn{1jbO)b6tBAk;GmM7cMv%j2IUlnDfIgO^c*YYg>H1U0=-tP-nV9SF6 zJU36NY7;Kl2$5xLAHls2yn!UNDyq%#N5IX7M@&&@Pmq1+AFUgG(_w-hQLfKoZHPrr z^-bj`p1thZk}mTX7yV<6`lIeUZh|zaTx?5vGXKEXUy4C(o<0l>qB1ET)jQZ^y4M!S zlO0?T_`@~ewLfi!7e@w@0rSj0cg)6<3Sn3QMqUAn42#%}H}(;o%3L*EIVr=BlT*?+ zJ*�c3*XMA_qRqhXs44Pany?OurcCB%t8+m1E#Z=hFhnJ*i4{Dq?W-VmA!Hy{~-X zikh@_+}``>_Lu)&jBBi;vu(oK?vO^HfsBbYbMw&K&%|AFSxv`jTS2Ex!$Ofk*!_}3 zMZ1GA8z^U;a#351F%hx&rIXQtV7 zEtzg#c6wMp*E92shK27Ti(_j)hHhQCI{)0pOL9+FU&@CdNx8u{a2wx zlC1GB=&8Ckmqaj{tAsDGyp@=AL}^dVA}N2N?IgUZO+wgg1YgD{EtYBJF}11tNB#yu z&}IGXilMe`@agQ@`xJcN!S#89{2@wr{WA3h@){`7;?^>S9F1ShiuvAwk>iia93_op z>&P{mgS;U^!bFs9@TF)e9_R(U>rb5F4#zXdDg;i<*(( zdBk?o?$fXZ6M{$x;+0KXVNmF8R~L@=2YsIp&GYP!7@|7f6t{+t*5NKWX(6;RX1TZQ zu|?%ZW=k1|IWJfDJe)_tF1_G+WOkpyGCA&+J(RyauB53pv*+t;SgNcmaVn#2s#&72 zunOZ1)lEiLd(ydIv+ZBeEIUEhtPiTYqE=*K$WV!YiwThTg@^dZ4&69=eQO5b6_ZU`$zEZVW7|MMAo> zxjsLrMx&eE#q-SuTxQuC4YJ*za(!ZLUb_1nkP-nK&b%`na=6q}+bJjeC23X{HR%x+ zhM6)+mxce7$5T`U0C;YlZP5rfvrDw^Q=zq z!E6^{AD5Oa_RU-7^T0aAiDoC==#R5M@rcQlzs#qfUS$-L8aP$%BMaDQ6HH*f`We`+ zK?;}(IB|?=74Q8qU-N?WA8%{1-|+BXwc3W2Sv@Laa)L{za%M>`u_vXn_kF(@{AD|7 zY;`H#xodMO7f1!9Xdr3NURFbnY|nh5637(XBr_FI{*G@ayj$-yXIs8~(v&9?nPUWA z=4D*rP3LZlP#ICWPztB7b@uhPy`4Maz?yi0pr`i+!8amNPhgj|_lxhFS>fs!*6c9( zutv+whw_5jq@nvinFfFhn>LOgjMFDxVH{YyZEN7TAq)5?&eRpbQ&O{^cw0j!$127) zSt@CE4ooA)8Oc4lYq?s&@jzU$*_n4Nu^$ckJ^He;&mE3v4`k(d6vJ$F3%21E!m5>~ZKh`C6i}WvZrrzS&~y>^erF z($BKbl3Y}f!LRBNg6uIbs_o>w6ny;5u&n2?c8LJNrmrl053yywtEFW`#Xd%1Q zKpLs=+ZJ*ko8=k}+O>^2HZ~l3W!Mr02RTQVMWLHED>SNFe9-Q({=TPX%`nZ~QCiYo ziy=~N^4*#tjVj(l*F6rd;pPXveYDflwWr6E__(W)OC4tvi0F5foC^YF0F@G40s7#Y@6aQ29W zy5pt<-@L)x%7yZtM8(UbKSr+(7Ne3SHqMe|pP!^His(&LH)N7w8n27+WN6=vzGR); z4%ZYsHQInaDhuz~xzYNDKA@2DmxI(Zj1S0>m6t?Y(AT(g>^&;hRcFh7O$_=gzOvY zHBE3xn4})rP-X3YJ66zB0#AtCxfF`6NPYwdoGoN62Fv{uuSTZk>@xkaOSI7giqeRa zia3Ks?vdhbLvIerkLqnEbAzXMDJ`sf-EB}TCVIum6-1NK4+gKjC`6?Fm=Ird++Pb+ zMrxY@#T_s)LOT@71=C{PNv`^q7r;$S(W*d4^r;8WSBZ`wZq+07Ms=X}%4nxr5F_~B zyD6+8f{6!l)`M~oH@GfZH_X;`y4Zb-TK@$|UPbLV0v~FFF)YXOH)iWi;JCKyM_u1` z)tY`4|I}wnb1}ISzjKt(&4BI3oPLI3EymR3EEh`Y=(-9bbCS-BZVd1%HYGM_4zP(U z(R)$ft{c1eq@)F3z3X}`SewSmJ*h0dbNy?b{?xIxmd5p0g+<~NO*YrHNJwvB@$)L{52`cM zN3GM|0gH~iA?^@&{?8?T3>zMM3C~iD8&86aLwm=Z=BC=IZc;Pwv!}NoH~UU%I#?f? z4bg>H=hc-uw0vwa|C&ASv0GK$JPlW-GJNO%x9TSmo@*8UCn{e4L938=H}6Y!_lZC= zO7LOJ)GoZ;8KmxC^%*|bfdyGD$LVLZylpT|-xpQJ_byGmgT270Z%n}leDkd1A+MJQKl)lFC5{rIkl zo6Ag!!*kwA^){}O6DCPlB4kFHw4dzA>rJOwpccv9>?*?&`bs~0AdR>Met$1sRX6v& zo_zV#88NN5R}jxsPKK^BRSzH(fcL-Q0r_3yQVwzU03xMX&1BK;} zesIF9>t)A$Dqumoq*^s1=wNbjH@@r&qT1fldRO4q|#t%+96h*y;gJm z%GH&`(iuYPO&tGO8IA-K(bYN7wCMBAR1<7gs7{+WQJMUS zg_u!e?A^y_$&YSx1m6{#*_Aj|G4+G85D7*gUJnzS36xTQg3K1O+ZynTQ1f)WJDar> zdugommR*~@?P~u(gW)^u6U=oK!-_$zQ?VbePf{g6fg^RXq0q@GHO4;0I+kL<$i+ba zaiV+Z6|^=JjuyRgan<*m#(O?qfrvdl*p%;d8-K4(Jyq9! z$9)$>2)+idq40yCOFzq+!p-T#v@VRCINhLG;zo>rQ*`|F(PlR@&e|`LjdSUm_T%U{ znfU%q4l2V57!kx~G*wo%UeS?(5=5fg!|=zWLb?VB^M{p=FWpvS}>y3QULjnXJC;&vfZ;~fu{HEjI~ zD7-ZHFJ2uoof0#>D^5&Gtevi#yR}rI%A>@ff$E~xYzQ%IEw>42tEPX^hL4(}eljub zwDa~^Rk~L*CA)5@{7}o)%i07f7O5y-00QI?3>1aT(Fb#8i4X*kvCwO!)S%mSig5;$G&38ta ziRdHPOAt{IE7%If>-VtZx#`kU&r8$f-FMy26jmi0Nds5$CHwibuU{kgn%Fosl`?s1~8A@7Gb%P`PVu|cNK~e(<>ZQx@!M!2|$=F$Od%GI!Auy3j;7 zoJ!X~9@wn#{uey(e^(s*FWRTJM!z^&Ms&gOaKe}@L>H+ZKj*^Ihq!^u#HpbpzCvn5 zR=OQ?3(Vvi$QouGu)I(;Vcw9dreJntb%H>dBYGR+L=qHO>yoS*Nflv{zh*V_8cTZi z794;i)SMQD5N)>#6u4FmQO&R!g!)Gc@v;)HEhvg7_TLN(qTa@_pS9y|WAeINOJCN2 z1y{D5zdP~9&=ogNeoM27-w=<>5_jsu?|AYkm6bXFsAh}VdoXphf4|^sYfYqB93k#X zBfMn%+j@g^TC=;g$5^dOfG_MrQVNg4T%Q<;Ol(-Em^Gp~LDp6Rd;Jg&%|GegoNLsw z*`BG7%FuLocs7^ZPZdvQEFUVncKFUt4CPXQn(v)U@8lO*5k+S?Vjvn&XGMlr(YoM? z_7n}JmW&=luf2{)M*LB;{u;0c$}SSfj0CJW@4b1QMgDR>Pp9F1w3PDB;Ko`KZ^Q64 zvqiZJeWl@>VX1qxE4+C=;J}6%Y~ZOx(CD3BkEbZInt(T7OfAf$mNyqVYT0C8Hw#eI zd#KY%i7ojhs9{W3YT|+}PvH2$_fW9-AWny76B`5ZX`xA<+W5Zjl5JO_hPMIR2GC!e{pwU4~0u}r<5H~3*2 zwvzu7kGi<2u|2Olh&sE+Co#rr#^#-;&#ey9kd5HVO^zmn+ye^z05t%h3H{L64Ae(M zlN=7Z>5CRHwk4UtoxU{5eK$^WA}fwAwCBOOuwj6-)c(n81%%%Ps+os=k4bVzRWGl0 zZ_lyL>{XJzPU|90c$X0^>(7nOlkj0Y+*rNaW+(w)o>S^)ri(y46Q_}W6oWE$p*21% z$ceqMW=?p@IXm-IZiZ8KRHATGQtEE83vV9CaJzr6qRjC`uyZ+dPCN8lH5_Tv%C61O zH4-KJZho$@ETft*gN<+N%14fYHA;}s&d&aeye8kCnsDf~m<~gepj1T8)$thP&PrwW zI+I|JGKPwf^$MHvx>_^1Mljw8Df{HbKswZ$9TOm7WXlpF{Uc#$2$4Qhr6*M_JVWX5 zt(k%SscU9zV!z|J{xo(;@ElSl(hyOl;fDd6!*@6Y~I@LDgRB~4?{Fo zcmw)6B68wbCjj}KN2{=^O*^-Z_H9C6bJ$_dW~^0w61A43eqB?<J&|<-v(w zYsF>z_owEA$Le38<{r{<-JcCN#RB^QXyv7gfa)HcNLHv`rKPR0=~PsDs<$%Pk@&@J z4))=-h7OkYC#@)35r;cE0l*G#h-h}Ip^u7^QoLW2+w7CIq zdq;{nudzGseRv`;*!f_hEwV%G%XT7wZQn#i7@)Yi$?5&N;WfQO6;kB}zP(%@Rh*nE`FH>tKJ>Lq$x#;1^NXYZ#viUKxoAMAFRzM6!dN zSFZ7p>#0&v+`KWF(C0j7V4DdI#~NlWAvQIT%i#?ld;mFN_saQMjTvS6F6u+h$FF2V zxH2+vjP51@YKy>Xk2=d~7y=PtFJTs0;v4T;Fd1s23<|6fcMZF3ZKlB4$|1H{bQ~(j zzKz`?se=VR45mo~7^VJYd@Kklfp85AqGO3%;-2uxit~V64U@vx?e!Z|&o$hJe+@Kg)JlVSUh$M3e+cZ?tuihNP zpAWv;-Y}UWkK8EYEOl~c^oZHaQfYlsCza9jP{K91mK*NBvauW*bQjazVM&aAh|E^4 zpL{wYYi71I>`683%Z!;8S*yFBR5Mt#ud;x9l&b874fouE%|7g*hqj&G!9tMVYCV3W zNxMYd{a$y!_mk(M@semP@%5>y@!GT9+~V;SKxkB&cDJeo6SlhClXqJWFw77uP2CyRo-gmQwVn#ROTD~OKvr0?o2Ihi;ekXiA$A5bsL=6)QF>=W~2=GZ z>W}kbSSnqv&(t*AvJB`L#*p;(&d9vCO~SYfFka~GpfQ{nrXIz64^xVe;TM?KAA3?C zJ;!kSji#X~Z$wMNCu6RpkAgQzBh0FW!aiy<2aV@l!}_8Ox>tEWIu&42?#C1D*-lWZ z6)L#4vG7gYHR^w{%=xLZyNPz_?4{0Ao8G{3##B=34R!ag^0r|vBB$yge%Ed1jr>-XHv!2Uy=8nAFCObp@gO6lC z373)(?B7pliRXozKYaLE?8Ae7_`cFLBC6~B-prr?tQ^$d5n==TuQiDx! zgv^vdwsk73$sz1nc>nd+kQqE3H?c$} z`vu^FLB~>D00~$X%bp8>1oO#p57d9+^^7rA4i`53^8N|GzHh#iakjDpq)Q#Xe*!G1 zwY5B~7RxVF%6rs{M^6Aeo0RV5BYYqM_7Q~10{!tT1+PDKrUsVL6|M-_76AamNrs?A zf1MJ4@Y5Wx=AXXfpXMY;&1^78|Md$1%lDUA3D3>)+wXdAmaPB8)iSeNx(o0G*cpIS zZ}pF#cqjV&L2`h8b%LJYOUcfx0N5zk zW6mO;Erv`>Brp79W_=KkViUB6neAu*o?LdNRuO?aX|N*yPhiv8){ zaQdNPdEp4eQARuRuirRh@#l`riuUDf z=*NOrdTz!pi;>Lv)O0|cm#*ySWN_t;V>*pc@<%!b^_`daFN1=o&2K6Gsi6<~&%aml z{x1rb*9EWr#2fekWFqG`aj_-{rzR8&HU=mTKp|Vb)j)`Bw{{y)7m)vldb5f2gQRk& zxmbFY7$^R{y&>n9L=^4u^6V?*@>jU>@lrbSNxt&t1LWC4ErT7U7&T~$ZY{}-c&9o-wpD^NgLxp0q_Q8&ku*Urtnevx*DQcNU(|v>?c$efJ5lSJo zya90odrKw-1W*;-(^4T7IHB8@t)<8;eBUJBN&AA~5nfU7W!_F4Ay#0r-M`F{elvPK zK%3a_If3`vkU=E@}2cY4B2mYblS3QC4{pac!B^oyfX^;iiwKnhoCDW-KXq+ zBbq_`gQ2l;zrRXxLNggNnH%iHk)ETKK z`=YvSNpT(ivE)mhSuKHY9iiOG{oO1L5n;|=4b#e(U`qKT{QM+`W$TX=0y>_9%?*bVS=EeU%ze zrEJU#W+C$?^&1i|ad-1%`{rN^s2?z<42kqn*H1-_-gQ_Y&y&?c0^;F>Ju(RqG|0Q? zLIDF}U5X7j2Yz9qXE@0V5gWMF$Ca!fx~IHKjAaE&euv6oJqM~SUMZoygWs-RNz_na zTvM7%Bn_l_GHG*GUX{D1;!=o=U*}>7AJ2T1gqum!hAulEA6k3{J^cbUhCnJnF%L~* zbka1VlvtAlCKQdrUWZmo9`y=53O;Zp1~Yt^g0e4Q1yOQ^xhzvR4G%IA64yp=1%G|3 zR7!qLpi-OFnvPW;aurL1(vFhjFvE&v(-@irXrgys>Y+MGjC%5IH7j4#q)+-F{pi@L zF?*};!Okd6&1o#H>)Y9{G-=aK9~qH11g1}<*8I@TU91QOJwA^cd((3k-QD?bz4x zS(%8>v-icjB;VEC>`dHU@+mW)$FPOSCvPq}y2>rFn0cW(UW$*X35<2`5rft30(% zyl`~)!|6)PSzcuj`}Uk&@XZ--Ej!!Ml(I#*bCE7d_R#G+uZ3+@9?QPl^1mvi?IvfB zF+~RGW3tPgOhhHDAGD3{Wf{a9H8-U2KD!pUM&#?JF8kcDME#V1Y0+V3+|RSO6_AHv z5+XL=LRXipdJhO4=RQ^Xc1bmpo^*jys{aj`DrqlB0Bf4IuxoFrXTyfkSR7Q5OI?T5 zi6#JKwWmt&u_yY|-=1Sp%z^%NZwedk6QB6*)`%A{&go$$Re&T`?vkLeIlVY#yH>Ez zzz*m4K6&i ze73ne==S9IQ4&=|(-i+3QkU|wn@Jhew{;&FNph$$DU=Sjh8!@h=S=7M-wi*~zBJsB zKr*f--tM8IQTJ~5Q7F;(>humA5ejIEaLp8B*XI{J<@C=Slv^spvQmg*dqQ9Vm5 zg%YTJZnrKr@+-){4te~|xHQ4TmH4JHK^b0LueBQ?>$^_bgxy7dUtiR+Qd>*vTGsY= z!kmvADgo+?G0)dqP9`e_xL6tqvp2*KSJf$+{O4SaiB6nXfk@@szLl)D<=A%?k{!b( zmZ{Z)8qwpWC7Z7j1$_$NO3QOs!i=f+U=8-fK!=(Rk|6XKoXS@ur0R$-Ln4(imJx&{}mMV?KeoL87 zX>&l?S=4K8SN0_JKBjs@luYwdElt$N_-eQ?Ef=BZ^+{QGOJp{rcLWelPe2PECqSIf z5`gW#G_S$m!etagc9we@U`VJe@RTqRMcdDU%)=Z2&0m+FoD$CGF5-qZj^||~i(;6c z_Kf)0eT%hY{=VebzY48Dutc30_L4F@(Be7NXaq z(?m;Uu$V94#&hvZ(I}TpBw~<-YG9aaZavdNG-K^}nNP#`qZAiW|LIiU4ul2N6eQ@t zLJfJ>p0``!PWVM`w(V2bCy`BmHrJD-Y;x@&IiJEj8G_|@ZqyLa$Sw-XhKV_gLg!)B zZnnhiLYxk;2@RTzEr;N=<>sM2aRJXftY=W$DT>ibDvN2)^u3lXgbX&x6I^5{L+( z6bDp&8k<+w6{iAz;>G0MID(OkBD5p($abr}+MEV9Y6HH=4Wq9d8>zk2I)Ia3J=G79 zTpp-NK4OUi8ZcmmT+*J?Mm92N+V_19aiJ?vm|2gDQpR3-gd*=DXY{KRA&>mNsH77f z>3Yj4!roU<@zzL(>RW2Fv)~CRpzBY(97%|H+(xkzO&9?GGo{S6CCEaURn zbZ1WvM7z$3z?X^wX`>r!UQYYUu}3B0Cb)DGZsA>gk)giup23$lwWHg&Ch>Neo;^8u z5+|)K(JO+|>^%{EKKzN|*nq~t%{jk;w@dh2{F8YF4}6xu7^Hmp5-sLCB99zPdmPPulkJ*HRU`UXQYWtA^#$@JDdgbo4Xc2JFgfAg6%eBn^Q|$_8|jME zQ>!gw8+qU-T*pntg{*i6d{j3Eh{MIFLWl`P&a~-}|6=r6)SH}>-SpDMq zdf(9XXF8{*t%>iyTp@w6=qhH*2h4;8NkFZ zc(0b8E`B+!cx@M-I*7f60rDJIYkFbGR}edhU^Sou@JIc!WtOkSP;l10#1oxrk)wY3YbO{!mEew%!@t;ZRW5Vs_V z((6R4d~Rqv?IZ&l`wR*%&c8RGH}nyS-J?6IiQXwgrpJM`S4@w;gRU-R6IW#WG^8mo zdeDT=8mCk8;wMLY;K_QI(iw*w4d?Cgu4D+n;C$Ke^(d4BUBH*(dvPUfq<1(uy`Qpg zR#=B_wA(3QK2#cEjS~fvdjs!aBb z++++Y=(KbLllc~_I#x)Lqj&OkW21MW-9y2fJGI~`zGpL=Q~1R@giIA*QqVD&fa0a* zD69x_X>hd1gD<1SA${nj>P1?eByRS#Z*y!Dbyvvg6d)`IAlhuA^rchp+w)dGElj*k> zt2RA0$b`Zz#3|(T@cXSdsPs0h0s#~S>CKh6TVEm9{FLB}@i_>YjJ3&@ zQJO9v7sKctcZwl$FJW2`Fap162>rY!y5;*7n-sm!hfOk_BI$wis)O@UwpMZvzm)NS zTccg>lUK6=07zo^p?4*Q9RB@H5`uVOQEqyoLX|*rt+3K5DYqPIboY#R5NN_`1;zNU z1}gQ_r)KXoKTmByK45=;Kv$d#a9@d!J#5ycotd7a!dAU>KXvTO(fQ5es7K?Dmgxdx zPL)nUqd)Of4#7D%Fs0HDw0f-T=%Q5L-R^u;e-cU(ta?hb>*QPsxZM7w_aeuD#|><2 z3RrD)6V+=YXvQS03Sx}p#6Dvmqe1T=_U+DSh{VVN_I)x4)+k~3G-zwb42T!3{vqS} zPqS^P|51Q|Qh_E#M*U!w`TM z3BkaA4HFC-LC05s)Y@OsAitL#QSS<)c?SO7_>})d#`1skz3;O1E+5=k1X9bOGn&TX z8Fj?|@eLOsX_AMFG1=Izy8&RsU;NR`kl%^s|5Y)A_BFQVmq+SUly6<8BDaVoSy`%i zBdQVICR3t4_PZ`5_Wc}gH|%Ceh^T=??-k!j$mTwP$>|5`{4@J@t6x>K$1Rfn^pD?4 z7Jq!ZzH#*tw$q{|$^a(oIzg6==@egk3rGPGwLIDF1K0fGyl$gyVt+CviPI1gYs zei@3A+4z5;-ey6j`$gaYPkX=!`3(~C#}PfDu|>ERBS#a@IpWl~5~Jcnwj|B+%Ynt*ba*SPY;L*?Z5NRjg-N(ck_hT_7KL8n{lz;0qw}GJgIUqL3*^IkHj*|x=#OzoO5$TJ9 zxcg_oiQ`Z2TZE&3hz8mP7DNN*T|5`aF*A(zZ4r)R2Z-bIvz9Sbpkq9s5x5gh9$GJ8Bc&nUSsRTPa z-?!$SrQ1k#PjAm#N*5^#lGSYz!|&bGG0w~g#-rm3k*9uJ73e8H0~RV%FY-&#YMbyT zQq1HR%nxuFlYXf;K0y6)oi#RIVc16JKLmyS1Az1Y*Xs#?SN{0z_XC+gR&u46qTsM_ z5S6R~!VF^LFwyNDbU(3U*f+c41nO+R?JQ zMV4E>x}a<-#~<%x=3Ost4v~;Jr$9L$wq(djLuLhWT9&In&O!xXN6YT!pj~~Gb@xv^ zO3@q{bO5F>XwtpFk*0P3g~0mb4feTbg)64Kc^RSsMy2LsqDeM9Z|@4#>&9?1lJ6-X zH}(;*y(;e&)4Ph38qONa56JxkSk(&R_{MYIsR>|i+#}@cAqhzq=LcDXLU7`3)3TS4 z6^IJQCD}3OwXBV~05hY3af;Z2ae3m6x{7v>5$jPNZR)QUJQ#-+%V-!{FZQ7&bZ&v~{-X+NeY;oXNqK^Vyoo_CFyypxR+yq{qngefLU?I-CI4nK zeOzM$cOXP~FqGQ3;Gic-*v022lLDUWh=|6OkBi>KESZq{^xc+XuoDs%*9f_Wd8tie z=4YT*Bq-{DwpTE=a1hW;z4_!?vb=2{ncCitJFW*r0=9+AxH4h+F;&j~@I^U?Cn&O_ zx2DhHCuHnDrBfEZR54I^7irsZ`xLui?Q4!SNBLIZ6kMJ|Z?QY=)iQ(_|pvD zHw~VeAzEu9EDz!V;cB!v(AaBhkp@~hB{r*zlA7iSntHV;&Ws94SVy3o3)`e<90Iy6}}t zXR^WkvO3Md=WdchWxor=UI`L(5dQg1+x;x;Vr4mdi47-Ew2=?}6IJ2Q2fOp}?flj=9`8OXTt;N-6ac4}lN=b37aZyui(%VMpD~(UOr-G|bxCV7DySKW60dK@btE91M zxxBYu>6Oo*6(wfFwgGlL+OD3iY|5g-eM)S7TS~mVcuE(DWTQ)!X$eX{pqgX9vs~+6 zB~`VY5@_5qkw|!yb>JYFRDh>4KQxik~shc!l(Kbr<_dTK=7gm6rr*6>3~r zj%K+AWjgNeSmKxx6>X7u6W{k$?MZ5Ihh3bh^&Q3w3T(C2l+gkmODL9Tu+}Q6dSf2V z*O|GgQ`Xo;M_NjAty<4U-@#Aw0HWMY#(?x+fq@l9-~Jb2V*j80pWt`$(O*`sW|hHV z_sQjK@mB_PH74+qlqdBp+@T?d1bw7WAYI;wnq#1jIiL$cQQP%E4g~E%=wqOlB+dIQ zUw$T6ESCijP<&j*hSLH%&Z@r-%~Gk%V|O5MX_O%r2jn1b!!XgHUq)+h3wOzyao208 zA*1^^#TX##QS{5GS_4=G=TrQ}GUvAVhgEWJi*s9?`-^km`FFd@`9AUwJM6hF&TaA6 zSj)q2zXu+Yyrq_Z5J%BgzP|;IqV1|b@ou5Re&V_2od`KaRnPw#9zGkt z^t>hpO1t1E*a5WqGpK#bV~I)ddbb^DKnhx^dLB;K>l6Ywu zf-Br5B^}4{(WhL7NbL?#m;sueuxBVxsRzo|8sZ|*m&eO)(1yX6Pa{vSUhK`ReIHIz z*gn51*p)-xmF1JVx{Plj_T$BOEU`~gv%0GYuf(fMoWXMtO=#`xQ!+3GpPS++x3Zl5L!@GdKNc-O;2qVhG@L4cH2@jJIUzOEUG&5<$@qrG4UX>(ilta94~*) z1InYCZzj4)4HDG~EV|~UFQC_*f&`JENLgR&0NYEY5mR&aoIcmp*Ht*2^SKFl+%iET zVCZ+WR$o0*3u3oJd|E~L2y%r}j9n`{PhBxK6eDe(^3?hzu7l|@|FQWHp4n6I?CURVH|Vd_P@6)A6s zo)R0*i|v+wiYPDuNx#!4DP4d1gu-)T6gdx<=*_$GHLJhVPtYsJRmoD^nde0DC!RyZ z#dTkGp@lCuuRf2!~bG49%Pcyrn%uG{#zfd9gLTm#6!SH(*LvxI72M$?djD%pbK=F`WDOccNC3@0=6eXv^Qe!e# zvfuV3&6&pOeX+}HxRH~--MD8BiYi|>#Xn%8(lrkLU!cMKx9Uj$O$?@gn-^pH(bd*F ziR1J$_@+pG-MDsXc#I98Bd%N#+q1mEp3n_yq%zqkClS~E`dmEU=5eA`lry%UIse8& zpfb3wa-ef8)s_{I_GT-%42{N2ty&U;?;|(E+ifp>EscKMgd3UKy(%dgThBN61(f{hA3x@>$qS3Ww z1_1V3DIiOIDvAMhTCft6HM+n3us_R)L*Fo3P+?s)lOTi zT3~KJ{i056U+Z>s%@K0g=5exNoDcE!6e)kwtW5 zKF{rsk~){w@2ZPR@tY9rF3&Z02C+}`f%y@4nMV+~iRt00YMMp*hXi*F4Q+MQ4Dmu2 z@pZ0Tj9sxmkt;#|#6ugQB(NMl`_}FV;_oyD>8$bo*VwuJ9DbCg6>?-FZBc|^nY}eQs@RmS^S*I9r{v`am>I&!At#Yn5Q|E8% zOHmxTyx3`DF!!Z{!%Yp3F_@DlMzh~yNu9?`y* zO3XVKisme=PWnJjh=_Dl=gxypg_+mX#r3k?uO^!)f&9ePk17o?Ni|QBe?~FBd z(4jtGW+xcHo76K6*|DJI!qL(8;&3-307;W~6?t{O*dV`2Tt^&s7`*DVnm}djr*hcg zGt(x@dm7^F?zDc-_Y>5D;nQs!mai$n9qyAU>3-V%LA*$jrH^o@{aW!N!r5x=6e_5V zDhBdAA)$QbbVASYK6$a+RX@|NX_l*E`%yojbe43EXv1aeum@fuw^S}l$?2+IOb~4o z@9TQox12Ha0n80FGH!ni2T_~vFyE*}PREhHh$=0qs+gyH-G39({>58){_vu1O2}(Q zF!73O)RH*H-JK6d`8jJ`K>Qd9^tK;rezWG*!94$xf$?b@za}~k(_J>?cCZ6AGraSm zt&^z{mV67+exbqnBM$9r9g8T_VkgY^1L3q-`ax*MWUclu4UAKyjJqkHzKR87KdgkFQZ{ zov4vj$ai?Rt?)GKV>OM@kMehiMt49$j8+C*SXSt7DNR9a43N^Keb8H!T-dsdQ2^@$ zSSrh78bO>u!Y`v3q1UO@(*RJM7)X@@e9wVe2+9lc%g8w7qprE@uM?~OI#kYJJfGz^ zgP+?4<#oPZ&hMk&J{T$5;Cs(v;;lJjkZ>C9%qn^`1WaV}$zK-@kJtev4Ai zAAg$-K)-@A&n@~lttikh5J|ZN4Be?9R`D#~>&)~a(tIPufh<8(NBgW)cC21>@RK-E zem3i+O-Za%3nt|BD)>3_a)>9wuxYY!N9OjNQ&N#x`=K&r;Ko5oG_6}v%KA%I&sc&4 z@L80sOgRRIevX-fo0Ey9>rV4C_f1GxMISC0Yco0;zoVjIwRuhUeVe5&y;Cp}R(CcU zEyoVFo2qOF!Nn$+Wnu)Ij<Rs_A|SA?kPN+2!`k=0+hCn24i>2kVP+HlW7`zocZsMAgLi}t6hwpND!hrKtC zr}|s>z_*Y@A!N1{B1FnilHFuVB??LG5JK8XWd2k#Pa%8}y9^=2E@PRtS;#z-d7k$+ zZrk1;zt#7gdvATuz4x4Z&+qqo{m!}PFV<$S&-$!qt!F*!dEU?avDLSU%dat?kYT4V z5kp_X2b>+o6;jW7&6tRNQ7Ev#C>87!LRZamy*BNwAKy~3)7Ld(ELDiq9xArLLhwA* znX8bqD~(6wb?0%!Iu7`j_fbxPT1g%Zl`;f_+a!F}oI<*N_Pj#3BG*9z#!~+lk6EmI zn1eKSpJH5_swFhNf>{3nq502G3 zyXQ(t<$A84Gc-SQPqZuW=#1pJO|y=@lNr!H$^U}({R!Ilx6H$@@ITZAyafhHvZ_Sp z7S_gt$_CX=O45ZMsoK;?x}LWFA#KIp)SKHUax+7=ztUP>8#^;rfVad1!rY)pRbwqW zx23M-K#i?=nvwieSmylGfESEf(&p@UG~Slnpi2-Do1%^=-!+&TAa4rBeC$!wt`+Ut6M3%o%?*7%O2=XoeT>r1f(RD zIBJ9^f;3#-ZxtlB%OX={Z5k60zGV~`$YlF9f!tv>%(`+R^Ip)d#zyf;-!$9@ zcWojA%qy(XTH-;#jeFp$499bB$(PbzF9~5e)Yg|^=X1%U%HDYT=wS)dS3WIc`5ayP zTq>Wb+3u>NS?V>sioWhAi7dBC!GgiIV*Tp^m!~A-G?te3Vzd+j#5>d3GEVP1Ozql# zIo~~0mGe#f;E&45LjSAdQ?jdUALVFgnXGfYyI3lqrT$=~>EhsUm`6EH*y4g7jq!qE zC(UQaW@p?-X!Kbfl?B=Y^cPDFqy!-%m+#{%+MTP)+M-%w4-FgD3#$%BPkESJt>785 z^Cfrh@|BaZT~)QgSGR3}Gzb7~tD*@d3j(%}upPwUYv|`ze z+(~|hHOMt4kb~IqBYUqoKynQYb2CG&n}C@q6kbUBwIQs%dk4{K1>eX34k!l7g=UbE z_!dn`!0sT9cs|iVCxR@!`r5@qkf*(!47)fSM~e05t=?C6)>**6a`d?>9Q2W)FVrEDF9tnMuTh#MGZ> z9`#FOOpbt|?uI6n@RVmzwbWQBnI1fJ77WB{T9uP5vx8vXjhb--vkGF>PN3sIG}%(U zpcz0BakLA(GA(?_iUVqufwi@Nq<$)i`01YXW#x31xK z5JE^I)2Sr*Ike&mQDXk8ykA2i^A>acnbY2%soJfD+@tT*ASwz4Akmj>nR-cp6S#s(E@;NFXaH=-DF|&X%6pJjo0B zr@E4tc|q8Ll3eJkT?ZM(+VG;myi@c@F6ym!+2c_&c7oMV`+ z)gLZmKpg~p#6LG38+Fv4Iih~)2>DCvai`8(0d2}5lOw=AjiLksx*y;z{iS&)pW{Bm zjUB`u1AqK<3ovKub`Ujfe`xm{Q{|=k*J%Ek=EkFCo736tR=cOfoPm-zK9cV~mpGrR z;}XgkEKfFr9%&~TM}dxH4t<{)_aO>-tsYiS?8RXW^S#Pd^UJdBsn|U zG8Xlq!u-=IZ5C?5!Q^)`wk1Z|o^#)(f$sM7>>OSbK#>^VLqtG?^-FWh_i}qmm*_n; zwnT)XU-QY1fMGyGa1l-b8wsp#3p7xzX%s~ejwGW<5=e^wRw{WQ0cy2FQ+QCT;7EeG zrWdaQEey`cXR%g02%erY*(Qw}57Ho-}=gV>fpb$S9F{>}qQ;beg?p}N1X z!d^C@q-XsOB4!z!n0S;8hP)q3q3b}AnvlOXof&@VX_OW4fC3J#9YmiFoJ1I=GR=UF z(x80tGjO zt|NUwP7zuiR7(VG1z{}fh05UY?8lQ%KvUqDqsX-M$H88yI|v%N7Wkz4AKE71c>bv~ z(k0X^cul}MuyGUmd7k~CtS{5l-QZBHhyWA|Kq$Y;?GIuku>8_fCFoEa+G5#3qMfq(qtM?KG=pF4!v zSjgZ-ze3bVFVc&M-Hum)?|`E(cE`n{Jwu>A-~t$KIhpPb|@^r`;gkTfn)Na zBXlCz$`Y2JhJF20F7`6<*h}W`aej{)YbUG_u)CM~fAgH*;BI6d;*`o!p-{4KFSH`> zF}*EHxlF`Ww=mk?#s;q=7bWAas^0ac_}v}g@#o|AIaM(c5zdIKH-13hjVtHgHFuYR z!rU|Ky8vW-80iNlOd3x8U8VlpKH=Xa6)z|{NFO!pF$Xwo(^RZ^6 z7xDc1N0LW6^IlJM560amnU7CXq97iq*JK)OZ`@&=F$tuVh+=Ee8(d$2R5QM2YzXpz zC9c8_msaf{G}WgJHz`3x)HoJ?4NMB$gOv;a@P@^|l~4I$SSZCC!K(2L@GxraZuae> zUs`b>ed#EGO1bq^W4&*4`M`qCT4ORVmzEwbIQCXQeK9!>9iEMN6s(+gjaKACU-Mqa zsrYAv+meMO%*d>}$9OQZQYZKD92bqHWBI+pAf6)@UxgpnW*P|d)VS6Y&=va_#=46~ zWjNrBBoLv`(PRU=r+}>aiO4B8MM58zR zJm0g2C-$`1kdvwb(JabRd-r^_3Lg;}_i96~sgU|tliY%g^Yb^8 zJk-s{B_umxF>B;rx%4MQLgAgV?r^=h#rGRWf~p&CG!7K)Ir;fu3j?=+WaCkJQ+m$D zqUEZyd|D))(cu8rJA(=-nKqC6uF}5VR;mqt^7ic>2E0( z1fO?+Mu&TNPXFM%+lCh1Ct0<7Y~m-r*4|2HE`B4iSi85tp+AXB?4DexuXuK0UBZD< z0y0=0w|kB+sQ>IjcX6N7mOr0BI8EQZD@xmJcOtb|bLAr=__Ns@5`&Vej9%k!%8pvj@#_o#k+e6hSieFfe*eB8BF<4$d^S*!%mJ$#EQiFa42@gkYWM4b;DBkmIUB0jbgXh zM?q~V)Y@zJYaSqepsY;-LQVlt7RdqSSBd}FIg9^66aTmAHiO>b-QOviB++r?%l3$4 za4fz*_VPW9^41GEhPSH`%+PGUyMsv$fvXlv@N(B_%RimGvamD(x0FoKuSok{{idxN zyrBUNehBQmzmD%q=pU$5VhAcbG3UpuBpPAZ=PM)?y`L`V**dd!__G~E#{~(Nz9RxQq|G5WcKz7Lfj0Tcuh02zSd*Tn%=>3k&ULTVb&nAi zoIka99X$WkNe4@BbSU82yYqApA7G2o=bX_-Brl@yEr`M0h=kdP_r)Ydnte7h6jpeU z_RTx_>BDOZKIekCUz{3oh8C*Ejl`u&R0$2sH|-9rR?9B6JJOFgl&tizG=1@eK7T!- z$SL_IlA%2>)CY^q%x4P3`k`3gx2-Xq8q!=I>om;S6`$f>{_duNBG*9OHS0PH)1+{c z*jvM@F>QbRE=Ts#ha<&4?PE8M%LmSsi|~6)86G&Nv@a&xYeT2?37*9nG9rovm}_8f zcG<1*IWL*>tQx!s{OnMsc_C~rp=(w9Ipra!Vw7E1(=iur<23&v&tXpSTI)F<1RCbWRoS zpg#VtntFvcogs;3%%J+1n~|?m{D`e>%6W;U$2kX`lhL|%V;JbojWR}Oo#;y5^g;mx8{B=v`l&{Jf^!&sE)jB%a{uVRepAj1+kG<;uPsVQ*nmxNjYIhQu)DPq{%T)+4DW+WJ<(M}4eH+NBk_t3O3)@*baah_CQ^ zc7m;n-Y%0i=UTa|({tN#mSCsbxR+%oNP=g%7Y_G}S9biqrw7(?&Hd|Y2o zqC8-QrSH}3ZS9w3V#ChS*R5O4ym^ebOoC}qm#dRd_N@4eVk5W_kokF2+k>B=}$$Ck3Ow6@*hkNH$JTR z)I7@aK1Nf79HFlFXwHSJ1{v7jQ*-itP5La^GtMrF3dC*B_rCM<%1X9juRb=4Bd*E~ciug}%@co;kXv%AFV}N?yfU(>D+x+}+5Oz0(XAI}hTU+{pqTcp| zF9VnB66-N=;fQZzq5tm19@)a?5BwJD%u4IHS7n^wgwrPYQhoDUs7FJ}ib#N5-u(h` zxjNpwCYC?;aUVJkBd&cW8Cz5saHPSnmnCNZ>Dk-rqemaO*NC?SCR*#=|m%Sim5frbJ>c_-A#oT2(GiCCqPTb7!lN#kOhgAcG_w>@RU3|CIRl&W$ zTUPM>5=vm*gSHx(i}jXoVeWk&XX=q9HP$Xg_rfYt(>;frj$ z2YEdZ&;8tdLKK53V>pvL^^J>{rSeqm;vhq+iZ!9XrwYyJ33&G_=R5OAj=^pQMQ#GT zl97Y^iiN+%ed?55xo3IzDJKm__LNu((f9c}G6+paVaRkoGSxjC270(+7yT_{ z4{hSJ{rudg^lL93ov~#ZT`Y(uVn=K!LU|AK$tcOb_DGXEzU$-u zj{MNwzHULY?wn(bsExNd-O5bkSrWC4#szt{gEBWh`n~fLmSBBajNjk*<)YmaF>edz z$B-4z6Jz8kx_X~g_3a0@gLrN0lnZjjsl>wIcr&x}<#owgQ|bs+#~VhC+20yt7POSnJq;O zTn49p6a3kHyMum-n*6;U<3d-z0U$1a2e^FbK32(pYa19y(vr$#W23ROG=GNR57$N* z%o|jfqN`E4xGIddCmq2fcyh2Nc(HWp6BWyTIal@mrNS^-#3I*?Z#5pT14y|W7YVGy z;o3!k?CWQveXDE@gu+kQUG_t)qwYJ`GkoyDy;G6#96+-w%M!)Vgq9asPh6e^A70Ef z3t#HDKH_q$Tr==QbAb9A{-b+$w<@il>Buu1;605VXen>AhUMEp>9O=U?E`&&4+USyWmPI!u(wQj+$+U@`0iK)F`}_G5c6aKR<6z07Y-ZDZub}vPV9zbJ77$%K-7k z4u_X?C2tPU&_Br!JzxxXA#*IhWZ5`v%#NX%2d_F2`;(F{*wRc*$;k-AE6w`n7=`NJ zJVEFaHiDDkE>!Mr?~$`iH}gLdwY}g*p2GOAdT!!F{U^ouw!54xAMi?iCBi*zySII4 z^|kB5$*wXQiVcV_obK*qoeNzpeDjp^x`xEbyolA7g*p(pDI|u%CHdM^1$lY5jODZz z8!B|dhv?eZhWBT^?9q23e&B{%IKtF~!w+%mh%M7HTu=xrZ{{s2gc;|7HwYyF zY8Ctl9KE|^fQ2iNE4Oj@1$6Q6wvA5QrhAP;H{Kk{G+V?~0|f~3uXIlx6TD%{^zFlv zE>n6^{i(SMnp3p$zT5P-?vs5YhzbHubg}hWPpaPlD*Py^=*laCNs`}LZCfD=eW@0YL~m3#ElLN z73c^ec|wW6T9sTQ2irf9o1(UwPu<*_5E!e*Tp(;Q>#9I zCmuM}f@9ItCxzfT@V=;F0yxYj9<+n1jwyIJSgw`77Fd0UN-x4?z>(G3x!_C?HYaq?B_6+YG{KCO=XP)WGx}s6-|ARlY?4I_KX=t zQeMBtSD~n)SY~$+O$cupm)U0e4(={`6MFM_Bx)j;)CgB@qR5;soSyzbC3q6#1OtXf6EXyzjk%Y zo5+P1k5GFv{#@?k?W^+)bWh}7U#HK=7#Nr`DE%BY8s?N9+4w5yqtrEqe7*mocCo}a z#b_sDJ!i?vrHFkw5~ua-XUh56)<1Oq&ca6bsY&io^@$UV97&5J4{vnxI|_DIKMnSJ zC(&@8j-OTi!ajunM6RQYi-%aen{xC4n&9>?PUVYHB3(9rrW4A=n_{;lV^gVtJt(rC zwJtn}TG3mBwz;xEDXtGoiBunGBHISLAp>r#vwA67+rWcdZvY&o3npM`wr3Pk4xm>Y zqp2=bmfmPe9QX_k-I!w812z6$(YG%nFPpFOMh$-h)r!lm4!C=bgzu!+tVh5}#F+AoAzYgtC76yAHJep*+gGkOD4gJF%yY%TFeT;3V ztl&!|ZSp1yRTRmNg}%11!>7S?UIBZ3qebK|JXZh3QuzPt|NR0dRO*$M^Uzk$>&WLT z_!L!>(hJ|XoSjoJUb(UdHQkO{zykMED{zO1Oza?dC)3_D+@MB`V#&Z5oOpvBSKrX~ zfo9Ht>3s|ZKkmH#ufP72&jvVTKIw&o+7S(OBeXl=zC*3j=R?0bf5cnoPfOYN&(t(Y5Y62`oF(eLQ$B>MH z?ACV4HTOUu@=Y~tqpj>qYi?hlI(^mw-RzQ$dC};uP3~4nOl2{*t?x6=Vi{OjDC7(o zVaXVo{nFAuRBt@f(yaaKqDAGn1OMpxVM;^<#dcgV1jOtV20gqUQHS1wH=syPB(>6?~fp|USuoPw#0i^WD`TxTNRBMc4$SkQq zUO>V+pS|E`)4)ZYJB|ERuz&kPOo9)qGeNB$C<-IPf3XO=G9)p~);*7g<4veHHWmg1b{MDnmAMC<^Kbj+_hgVKk1LGJX-vHK0 zX>R?$+bI8_uBJ<0)0HC69VF2u`QebP*ApaDjXA4yX*F#PW1@so_OS#CL3;V3$ zSI_{lXOf5qr5D^hoA7IV?I;4U>wX|7O7WJ%zvycfyaGd!wx8~p)j!DLjR1CSlm_sgU4t9t)u>X?7iB&39NQi zBXCs)=tQ8iSgWMKxJqRx(LVruTz`E|l3-y$42VBV3~zxql4K$I@K{mz%|a7+N(`w~ z)w312#x|&N(2Qa-Gy*2z2ZH4f??&Wag~)8+3RjQcx&>7qZ$!;tz-)>FJE{fLmjI<3 z{*wv(PhRgA(Nw{Qd<;Rr$rZgN^8>*tql3;v{lzT)LELJ}!|+Qz{0auvM-rJ&w2=9L zbzKi_odjhaepI3G{)-9xgsT z`uq%QW3fF$O&NW&4pLU$d8W^C!4>1927RjaX~}DvrJeEF5e2>zq8vKt zB5W84-u_M#B^XF39>e%~9w23-4m#VLMqxx3-@h2uQk6TvDHWWT!4jkQobK-P&U?so zXtYEbSPvJ5fGy+!Y@C{&$~=R5D|e<>)7;(x-#)g*Yu#R&?Q@m$IC7(AtJY9`j>Nmf zTDq9jGZnLGKvDD!fo6=_q2({&O@U?hpL7P425a<7Xl5_U9sdnj1!E%iVpRIZrO+*; zBUI(=JPmu7iox5!%@vpg^HtTM){f1hHh~pPF?N?!MG_gE)!}DJn~jtzaAY5VTJMwr z^DOLddbZBbk4F9L!T;z}Z3_>=%Hox%{nmRY1X5xj(=3KfF~eqMT#4SJir_$NW%k^H zeuJvj$F#{z(Syhp1?7u48x!#!M;5mE1B{sbGcnTH{QKV4OCEecQ_iEjzw#5nwVzM9 z%rTPQp&y{H`5?Rx$)%h8;cD~4#kt|%bW}Ot(fq@E?>Z>9xPAc!`08brZ8r1{LW392 zm9gOq?hO&TUU0Pm@LBD~RVzEe`@#8*j-K$$A7vrR4zJGwGek$#bHh`K!vHw$(F?;Y zwePY?88xo$B!`Lw&cLQF83J?Gik!Fk_r2m8t$87R{d=Ef6^AQJ${>2v zzW3HZqrJmPzi}TCtFZ3`PQCMH+HZL>ih6w4m-ibpAz5b&V~y*L$M||h3SXr!7pUF{ zb-%giYhnR_d-|mm<`xHPl{(AwFzY|gD)E-SNB1J^_#KTtI@8CGC9>0#=ZZuZVjt#P z*{2THz&S&6M|^I!Y=)Jak^-c5dvNBycXp^&8Z7M^3Qidst}sim=!_~@x$;VEGx?q_ zt6KrR2PbiQ1oBbgq$rTCjvw2*0Z*;g6$#t8zI=*dzsQ_8)NuDBT`-SRPH2}UL2_n8wqwBbMi{2X#8N3fBAUKnx4=;7H*rE!Jb2}p{sd0W|wboO65aI zFE1VE<;qwqiWq#P9p>({A^Uix3|_HoYRY`EBzdcu=~^7E8pni1ml5}O&Kw#$X@*!G zBQ6l0rH_inWSdw=zq0PRmsL7Zup(Mg?Z|lOdXVSKPKW!hT?Ns*3&DGV8H6 z^(>ELM5EE@$^kqpiMMpk8?o`V%S2`Zqx2usiPd2(-y8XAp3kc)j?%3e+ zE!_Yz`-V3)!Cjp|TO)g4vFCv8!IQVoKPpPre{3{>iAhF_IdB<|H;VD)hIEa)s=uV% z7-Mo-S`*;A-uX5kEX!l@nYqb#tfudGy&%p9@LKmhZ)sD%wvXePc(&I~0yZG;%qe*R zj9RDMwpOMK`{3TtK8hW{)dOXhq#|US>@lA zp3o;OM-!)NJLie)$um4Q+Wlmpkx{zMqR{9!5$}}XvUwp#`qvx6LhbW{f<2ToQckc? zhm2gk<#{P<7rLkgVnR@&s_sp4h&Ziaz+jv5u`vw0T>5C~;T?qDeT21Ya9*J(O^cMU ze)-6Hw%2HP*l5PGU(peNBApE@$bOU^u+cJS(sWHTvXxNdd{eNni_@^Yx$D?7<7Xpj zxZ*M%xCOnZOd9S0r6KIznb>x#uyo}0$uluHZY#Vi-Iti7G+1tIe&FhnCZex6N5q>5 z0-Sz7iZ^~R=z*c#bhuDm`ktEes7S?w`MZKSbaZLQcM!Mm%X_JD)GTP?87Yps2<{_V zS@Xnj)OsKw!0W^J_rMw~{`jE|V15=2;pvFB@MROh9RzN8+k<^WW*;!7RpX%^95pAM zR0YBte~x|rqie~(XZ#F5>JR*#8rH*M`-ErPb$6Z|B7o^yjLs@+jbPZ{2Hq?T+DG`L z<{xu$>@?k{vbx|t2k%2ZdoWPD3c~Z-4kC~KeTx0|2~yGxLQmi^sixjm$0N}VY+k{c zcjSt-A`QaN_;)L3-<+_j0QbIrR27=320~A!nwz9o6Gs&Y88^U#Ey8T3g7FB2}SBgU&`%tS3h~tDz$>E z&nxp=+9G?52*~eU<}us161(gUS!Fm^Z9F1o`)^-xuB#9fBkm5fwa;*NyWYBNs(8Wn zeyk3U_Tj;cpR}c1v|`vA!d@|wyf!?ji4>U;{C;Qbs8y{UFLZ!}tZC1m92*$L9WKL2 z@jQ1C9xQH9`_8YVB>ArSd@lfaX>I7YmhsKOyGddrMuCfHLw6PYn8u+fTk!!Nh3qD& z4;7CCI4*I-PkiB)OBK9c=Gze)T8jiMkW`;CUgwC4!~Mr>;E~ynLwC;Q<|jXvpUBZX z@cHNzQe5U6k5fe08w2)jb=y^UJ8GB;7v(l_Uskfo(UKl~jz!7dPrIL3^AFH_QlP6?O_Ox}ipdnjJ(xPFgHLH0Q~{6Iu4mrbC!v+)%JO zLqbf}SZIg}dpGcvF7I(?%**REK)1@*=S#-L2>abCIicw}qBdrJ)ZO^V#Y;&()6ZW| z#paXuPWOR@vRsGb^lT`q^MaWv9C;tx);wg?ysp1)e3%>ePO3w7@|686?#dRC=Oy(5 z_22i1mMm|8@X;d0fUrG+2{`tk=bG=Ww&nFb3mtrR?Q{E1=o}cKdATp|E=}F#)O5H5 znJZHZ?YplOy2v#uV6s{(h%7kRq7vpeUUsfevh?9yyCAid5JYfHNx@c}%GGT{xNT?; zX*-#;zo&wHcEbYh5KKXmd*!E@n)`^jd+x``8$NrAzib;4=iL}=^e#!~&E zi5X?!$S`(fp(+j<3}bVvySs<;phW?Dx4qv7YLszO(zH@xnLYHcyegPa>`^wDLM|*5 zk(WrC#0XGPhoVm3)f}IEwnLjUT=@I(gzo!XW?zZ#sx%lILrxBRtrb>b`f;PvUS(nw zG%-6hbzZlZL}{eP@Ut4_wYh|zWXaq8MbAWpr?+L882eaLa+9tF+~zItp+m>0sp}{~ zcS%w)eaO3%IbONKg4QZqex2KwL^Mn|X{YWorx9~=l}=bW*@p^|j>=G^hkL8)hWCi> zva>4BcFa0-$qidCy3{4i)2Oi&Eqm_?yEvJ|vJgyctb`C0D1($ydoVV5G6nWmh&y2Y zsYWW%TI|L3TUX^I*dJVBWWHu!r+XZ4fe-G+(v%&o8Cx`CiYq<1)G)2xxwyzC5IC~!iA$ox;`BH9tE=}sU42J+raF;G_dxr$rdB@Wld~x zbsQxykLP-Vc^=iDbAGh+_P!${w>6n*4sN*lzhjrHQ670~E;(gaK8x0)sJFx76ot=( zp64))b5gnBZbF&21-n8#?)&TFlE=%%P5bCl8{F@G4arsZ?!(G&O>bXwcOmf+r_X;R zhJ+>A#-gg-p5zrgeU)U$@5Nm4lM2n}!|pMC_8y*G5_TE`;hGn&6s1;*DG_~>s8(uc z=UT?z;XN6|B{pfaWufQeQS#!jUIblw?rEq{JtD`<~#G4?*XMDs|NXETx?qeA1Z7FsiFDKDV3)VH>%+i}W8 zYVwJbY{ZJcPLjUycYaQh-69s>N>j*t$=Iv}rY_Gz^ZjM`B)AnmMY0-`p|kDIRi#G1 zA5IHz>kam2b3P;^_YScA`2a@TQpu?^EM0JSdH4kl*@ZrI%+X&aS!oSmxPSZy>v z5NLg^o%a2j=80r09^F&&z*Hd=LZ-Og_30#B1+?GstlRC*w_$d9S+3j`?O6g}%@nlc zMo-V^SV-*d5@*Cok&L#_J7288B481UOm`+`*pT=pqTWh0h?R-ky;o26h-Glt#iQjK zy);3t`XzJQA=3kb4Ac~5^cbd3tQyZpF;AV1tqUk&$;^KbGHgFcq|{XQR|quM(CBN_ zta?o@e)rCo|TtB&nd3eKw5seYgZ-`; zh(K2qI1NBBE9cr5!a>`!nkDDc=Vl?!h8nhyx1!vvHLOlDUbOS}p}TZ1#5GK%eXePZ z32Wzm8q<%~B=L=q+=a@RNax@7Rq?ORDGh!-IcKkw;Xia#DCY3VeJw{e56BAdmZw!3 z&J*-bRNuboPDjj6D8RXmF{O2{EPZ2 zfwg3nz>L{$!CjwS*7+0zhMjs8Ce*D9JaXvRj?+^zgC3nYmnv$D{)p6aKLPUAgD3#q z`pFSm(~m?44*?rG%|edsJ$#P1`?Zu^*4T^h z!y?b6qE8(9a_hxZAH0z1VxlxYa#ers%%bkf25W`1v}okTM-|3_%p+lMkhhzYBW^!6 zvjCBdPpkm=(=D@IiMIruqql@qj_e@Zw84#d-j#AMlxntvD3RR2Y=9d`IPDl_GY`O_ zqziEs%D2G>(Z2ZkO?dbcHLwcWVzWZ81Dw%=51z-{R5`c%NHhP(IiYEO)HeD%tzwSr zyPY}9ir6pi{cf{)eRgJCBIiv*Rj1I@vro@e?Woww@{#!@)cWkvq^|_rk5H=aZ6~Cp ztauh)xDx++>{s*tin8SIq3PFAf%Gx{s+c3#x8DV#T)#_Azl|01hL+!d;38X0#R!Eg zD){iIGl*Ap9v^A{cD3n-o)!b+VaD zZ2cRa{m)!Vi}pu_gTHh6V0tz8hrVwbW9(G^0AEd16lze@3Y$q<$9=|IVf*Gaircb0 zg((^Zyag#AB)<3c4eldU&^quHAtMKSm}z%?NVZSF?r{zjt|Y6p6i?k*2CCsv-7NaE z5~dfZ#4IS6xPd;562@pt-tP;w`<#`Ye4Axq@XP`h*xMFf3!eujTx=)JJ02>G6L9{J zHA`Pr)$-`}Fw%K1@T)O1F>Dn-ASlj;_uTN0vsPB3@k?DZ=GRbnR{T;FtZqxaOD8DsBwmI zB;*a%p| zk%vjY}Yc&y_8GZ)?o?FQ+1EGs&6&Ij>q%Bz5gVS4qljc31PUA$JA7qW}*RHCn z+QhTKNR#(TZfQwI!@~m#Gsi|AiiDhIXcP%&PM5g+A)Yuh?i4GOWeC zubXePpf)y-8D-e7@^f=@r)2LST7WV~;8z~rRt5>Ez^l&$0UWQh{X82Sc4d7ISMHD_^DK(@WoAf?n|_L zl3K+_uJhNpW%x@kSromVoP4~vE+$XUp)2&apa|Wec`oWGIv2{vQC=b0p;CZFnRP7n zJfRMMf`&M^6}N#&P)|ct-0p|qXrrEygkw;>R@LzOHZb%PJ!?ks6u(>?c^wdE>!G;s z13I4t%9Fq4!T-$v^8;A?pXm5ABZbw=-mcgRJj?x9yq}z3?7kz%6yUn+MLt~L?6-7< zYb1|~kMQ%eHrNtTg5o{SQu|!xCgu00m)#uJmfk?!BD~1r45(?#kmpizGH{ynJk#CxF1Oo&VukNTNVG)LKyZ-3va%sZHLWviT>x$A-*8 z(hfq|oe@N0!4&`?KmYi_zYP*#p!`&Cz+UMd)4!uMsDaz!VA~*fLBp;P0MGr}1mz(6 zqp3``9$!)adbdAG@n3TL>uWMd_CL35*NBO5!?}rzBiB#^AWBeMvb~W>N+OT}SaB$0 zbWp6C*C{1!F1#<9_15>g$2*8Gp98Ec*-qMB|C9h~#7d5>mPu#SxT{BK?ej{%s`DXk z%9ww)csA$qv106v*Mvb8fv>9?JvA2|W+_Bs^>{LD2kUQ9u)ruLm%vZ{5`2cUA{Z=e z6CLUj?i9)RW}D_k(3zlFa?XRB+JU^!(y000Y(~C0+&Q=_y0A_!_|#^Erl*)CgLI9# zgqxJ;>1)P`anSQ|4ue^i7kE?2QzgY%Kb1o+124K`FF!cv!Mu7@N+s;*CN8`TMUpHZ zLXdnFeU)j`6_U&a^0ZG`>zms>`8GOoLWm|HO@G~ZK>Ki+_F*DYxY>cnBE~{pS5u)s zaIyn<$=X|zR6-R;9t=p9XL_paWwVn!Ep6u>xq~>fB`5}>D1%s`f7XH#Kff3B3oiaI zh55grojppd6KR*yIr{W5r=FUo*jt37{8HIIYOLo8=Ye|#x9N%;GsdZsH&Nz6w5{II z&_|WDV3UVdZ$?hcc@7|N%Z(4|YAuz4oPRt`ELk!s=e_&os*?VyO}Y zs|C?yqphbZDn#adN_$l|zEL`Jb;v>xy9= zv1ldT6=w2o+J3xXONqxQg>&>-P)1|@<2nE+j>12=jk;1#;cxz=A0=BGrDBo-$u#}C5L;tjtW1MnBH#sxrA$qt{-+t>Uiq-wXsv>=s-0R*i zYpYYb8tc`UJ?0lfdEHeBsH#SmMI^7SLeb4j2Lew{S=;wC`a6jD_Hp!74zocIYcYz~ zNCrt(AA+^@xdmfF`u2NNJSC^N3kaSe(gs@8hqc|bM&(6el_J{bxBXGV3laq1-H*nm znm%mb#x@M$#nn?uaq2w@0wiq$W>h}VW`p-yTuN5ra>Nb1g^PKez9JX%Wvjl|ZU%nt zs?-7%0q1*-rXzl$L_PB4rB4wUv&^%Wj#9w!V!9W*yqD5Kj1DcaCmz_|zF14{>dp`{ zYpau7d~q0>esi=y4xkRxvM)*C&IgbeqRSf`Z89+&W+{FdUB)Zq(~95VJE={UWzsiO zuZ}uHEW8}sedtNfB^>3qjb%S4hjN#Yae4PZJ z8TcKRGPfZdT{BqRGSPnCct2BR*K6yFCjnZ^OO&D1i7g+iz&brgVkH0MU@>5glo0`o z*;Red{{hbq&EH4iyp7tpPmL2L5&+6!xi)GcmhMbhmCcA(+LbRfq15AQ^VALQnf)$+ zqAO#=`3osE9p_KE%3d|9#q(%TFQ4)HDzjBu5OO^PHHeNAg^aW8>@w}%<>dGa6&9)n zh$mh5=M}2_kXDYMdB%V+SS<`v0X`n9qxWLKg~5I8O;0bn0bfGK=io~T@W5!aFWT6? zDfbjS>&^yQZ$g8{T>WdqTYU_|a`_I|y%zety9%|BSPR!}XR2PLFWJ0ttTYoNm;ET6 zH_B4w+5W50MK$XR?f27TA^WtV)Aw;Mz&zB1vXjmqldKas%L2qEuDT~SoGp9%oqLmI z^ZW)bk#cOC(K&nh-jFPDUsS9w9mw(@Yz)27GLeY2FY&M)Uxipn7^$L~aiQ25tX$d5 zAk5G)`GzyWe1XtwC`Zn3DBChb?(U9?OtK*__Ro?nUl0Pk&2 zzuFZ(ujsfbslI$=lp;*18wFs0R+*Pim;~g@2d33oZG8lTPcB8`56TZ3G(rdPwxQl8 zG$(qkqs6MpnJ!4n4xZZ_ru|w8<|fW(lxrD2fI5Y2I|!T5KrEZ`z$uKcuUz^GmAaH% zwT0BYXr5K0kUhEqP_dRTMRF`bB<+)P@+c!lDQl1{=7KsFv7|g*t%CfTPQC4=8@|oa zp0jQ{XyV}>+5!0^^N^J--j!Mq>)fn;`VnZ%$TTpn(u0R%F$hFV)y|`7-PNf1Wrv-y zO&ExAK((~9X#hd&h)z2PdMpGv8dyMy5)6^(#1p)lBqVA;eb&LoilVa|ISU% zPkN5nsuiDM5|=C~l$C^ww^U5^jsBF{kK$@JqJB?_SKHR<#!YrP7B>c8*l;K^3QWIk zeFwyMm$Z1Zf&g5rVz2$nn?jkGEwDUwfU#tLmawvN6x_1bXOermcIdg(?){dJ(Xo&(xH$CjY7BL@!-EIx5N zflEh^`z4(fzCvinA5wpKi*TCyj)3=(L+zeX@Z=>-elVQfko6n&N1gcQnk!pxsT{5; zPr?Ky990)iTq(&hsL=#$htvHYP&M2zOH}cP3r7om+nYW}RU!FI$JWrzJ=%n9Ty|p? z&YD*(=Iv}$k#w+~Kz#6PEoRnB3d#0w%MnnxYl5v>fFvo$;q}C{qSLzFIx2m1Po;#c zz6N1HrZ0CSIC!FPyt1H>y-8S0*tlN)tJP!8GooRy9=p=-Dn+XiT6~pHbA^pAN;GPP za`#zb1d7IIdDF50saBoUmniwiybyTctMx)N=Mb8xFqjm ze$)o+yqGnjyV3-(dzVZyzf~g`9$$5_4}93@P?{InXO=NI*ni7N%gsa1shg1QVi8%X z7NC?1=u-rfdus3;csq!WbhjzRUAYh(99Z2uxPE_G>$XDR6T&N;Wu+HR>X{C$mH|83 zQ^J_1#5z;U{sG?;Csuf>LFVd5T!Y3!%aF4hN?pcpg09JO0+Xdlx!2^8u}VJD zY-Ix1J)V6ZOlKXs&<{P=%8Z3qG&ikA?x>FKcX(sM`QdQ~WTqs8HCVNCVZPP1o5KtX zIFb($5B&{J*#F9n_>cVg?+7Yz#rrt@KiaM9$d}l?%BsYtH9F2uFQO&(5JlJLkILRY z|K{Ms7|R*|H=ouJVWEWi(P@7bF;e0{Wf_m}w*>Pd!#EYaJfYx~hN{GD&*WE0BG1wJ zSSC+yXNOUg_gzArZ_;-)k>a99bcHvFp>9+d-oh z+*CB&UxXKFX?H(6q7<_vJkR~ITad+o(z0bRN0w2rb!I6q6Cl}-#sU5cv*E9~`8<}V zPFy`&yJhiUU-QIc*Zl|tg27yslOi8bqhH+}CCnyvw7y`Vt6=j1oL@CM+nUNNXO_gB zAyT0Ee8#R!np;fnT4Y(> z-AwNx#`tLP%C=l;lx{lr>Gi07+tjChj!VvWG!v@C8mB|kuQsVCLne*IGp?aOAV&k` zsQtViT<3(Vi`HB&Vr+#D7A&2jQpSaa)-QeUu*OUo#>IVY;Z@gxhq0(7lX)z;8`~u$r4Zg4a5z5AI#rKUCHh>sv4 zyvV)Hz<6N-JK~&A3Y1RLX-~hQR~8IwY&{GhN5DKd_&tge23QK$pep$tL?^hRhNGxu zMffpZkf%WlO#mBy;v3Zc1_yh>2Y{}eERvkl{`qljAbYcC2XO-lgM_dRGV13qR#B}R zz`?dWDzl5l4D8kw-@Di_DF8M6Y5e{HbILf&%#~9wM#+Ry09?hP~AqMw_NcX$8EV)qv=_EGcKq^^_>aH z%BZ+CU!cq*X~E1_qWoDy)u~e!LZMk^J!4-secqr#YC6+nMmjRwG|Ma`v*fL_vdq_l zQbTex1qC?>r=rqR65BG)J}I)Afw9|=H70ZsLvL(Ej z_4y-9xBD4cJ&!&Di3$R^hJY)yXrw-yXKpxd~4=6RiiDt7cu(t-j+#tte zy4?(`hke$kKZhvRDju#Erav_<%n3j^d%UBm^r#hMFf2HrKFvJ+?ri%v%Tztd)2fDA z&4YY%1!evB@duhDMkUNrZ_sk_+6{_jm>A4OUn}@NdOv#}W@C~e?}a9cA>vKIC~X1Y z8QPR+3@lN4=H!cMCe^2Cf}bJO3Xngd13QR-q@Vxa(7X9yz!H9xH3!6KQeiD%CvpNJ z@q_3!4iJ8G0@-D0xlC`4aSr~{aVY7M6n^F?&}@r9ayph=r*2CEv+w1FM)(DGOL~~1 z2gss-dSv1^=|_167c*z}rKk#ga|rYkv5TvGedyC0R?Rudgyer@Q|o^^c7`7~jDJ6k zR5nP*fa-2h1FIWHJsMSdxukHUkP>m04<5p=y}!LK0XL39TkNKPqEq!m#zA;}z^Q~+ z0H>Z?YQkST``p=yfL7Ns7wlv_`6{Q2oojS0cI#+t3l)fKR!(m+pJH8uTsaNQm7e+^ zbTQN_AXR%nX8>z}Kq(>g-10Mt=-AfLfBgENutzZ-(3 zb2O|v0~n>&pqT=k5>Ax}%G!bBtp|M8W@qAf<40|q|1-szSbhK#{$CTlhugN8J2xS< zx>V~95f$>ZC5dEqN<`uQ<*aYv{zjYL`&Ys;|DX1*Gpxy^U8{hh3W$o-D1wOeA}GZG ziZqd>1dx&_NDTp32}J@yRC+wZ!*J?F>!cix$~W}bQGp8L7)%UQ0XvUj7Pt#D)J;Ep`A*Touy03T8cQr2MD zAP<(wwU%>n&_In?<#a>Mq{cMHf|4O;YIYkJ8bxXYAxQUP@_motO8k5!Ll_!5nV##G z$MfZQyQTQ5ILj3Hja)zB$L@J9EQirIp;mI=a|=PC8TM&6?iYbQ4o^W&n9ga{Kgv%5 zJr%F1-gm$Z-yd2Cicj%?i#)kfTg6DN$x?t!PlOM4Yi*8iFES$v>|hxkBey%UNCVI!DJQBraol!QfUOiNTHc_Dmi?3!8g!1gmZ4>t?#YmIS1juxKj&hkN3Zk zKRP!_dIVIoF=H^i2<<>*nafq>xjH#FtV56JS&KZH2WJXm8S@CvhXMm(w_Y^1MJnR9 z>Z!|ZO|`F~6ANU^l4*bUCOs!1XpGrZ31^b{`cU#07e>K&mXYkzcoYD-(MUwkr>upf zn1gv^78pn9k;&TUTX_N7ep!=stDDj=Rpo?dN|%cVRDEU#h85x4Bo8c+EgG8J4nM|{ zqFBdGLM9~a#8HlMtBW%G?0}<=k zD|P7<|5GtRUKoM$JS^3tTf;-W`z9l+0?|7gCnTem^628(x zYhER%Q~k9*Zz$jzpx?Z)*KsBeULcy0Ag|i-nuAm7sp%yJUK24os$G-|P>akLlL4-Y zZp--}$6?JM7@kq>lqzNp6h9!=?dFmjumdjmsJdpIsLxea|7cc9W!9pVSJG7Xldd#J z&#ZzBO}L3ijMMuBP!qZg$Oxp&Bc=HQ`Q0qGH)>!`VSyq_*v~S`r>Y*uWrhuZJ9*9N zP#r_G$I6_o!tRrnWu243NzTlPQ> zUF2oy)USDdTg=vNO~&V=gzU~FOcF)rUfl?e_2x`_us(ZU7Hli&nd4}$HmYFcm<0?f z7hP&U_BCgG8i_}2T#!qnDC}6&$*X!5ijze9^lBS7+IghK4ix>hMK$tV z;*&`q!b(0y1wjcbcexxg$#ewjOuqBv8UWHSl` zlkUdr9_v znkW*&oj9-qdzafnU^2D&f4eS=yxXRnr$&FEt@IVa(E znU_#N-)_)ieb#1FK7Ibn7srAyocp?^(!-kO>V7XT+4Qi}rKIKWTTPA^cae2N53?$_ zf`Nmk+_W7cj-kCkKp0DatlF?6mh=h@q^;>s0q~rRXJ?qeT;M%>CS9lU;JawRjbUg? zqi|CkLP@1X1HKI0-vxgn5@@gy!U}<%bk4nO5x%bKJHwa(1lPr@olh76XcOo&cv=0^ z3}FF{G6a^$bVY_0GjB8QR)dpP##vQ| zBxUxe3zBJHFV@wpSyC~}h?{hdYq9OpheuoVDq(%fN+>49yEX4O2Q2fC zzk9l)jK++8&l)dp5xb|Huiq`w&(+e6S$as6onlC6ggcf4!lH%U5Z=gfYz-NQPtvz4 zop$-MZ9EuQFIFs39Az$q;;!#FpgDij;l%PZVp(n&;sd3BO{T6UKtxyNq;L z(Miey9!k+>+OAJF`_;KZM6Vsh#i|?_RK|k48auayuZHU zzrabF0*kkBQHGAO$!!PU*M&RLYQ}=%RPjY;d8b;l$@vb3SH#?q>Dr)DIt;b*6PpM* z)*?p-(&P^Ip>eRui2iwHkLZuw8UCwsudlAEp#s%JRNj}+cuS3A`W4d@>lMLrXoIzi zvD6*{Z|J2SU6)RImTV3b$1cPi;xP{>5|pfNoO6?ScHGmT9q+zdg%&IR442I4gn@={ zRHrOiR||dc#dfI6b#;$&CdkcAeY(M)vFbco(tEy5j}^{z#9L851X*3WM$*c)j4x`^ z0sCEw;OkNIu!`2!5Yp&fSn7_<35}(^NX9W|T$u}po_v&{n_!b^i@L#3ZHZ9Y`M5ml z^$(dd(a=zv0k2}d7mtY$Vf~1;R4TZGatj^)Tss{F)?6-=T{Bzfu3y!2Py4_%rD4W# zx`ohH|I{^QsitNACbY zsjDUnwbsx{mI|b-b|D-JJ3h)zc|ASSPt!^Z(}+K1)H;jRKVUa++rrVfvVjp;oT*lg zYPsY+y97Sw=bTxev0K^EVP9aM5Sokj9jt1Zu3dP0_mD|BDsFSBQJ(EQiN5ERy!vpZ+sWmFX;W%f)vB5Tx{JgGYFY{ zmx76l&UtlwD982VdMj=k$u=cpq#{+(`t#uFZnzqN)pFcQi}|T)wvv0OchoT$^kB`& zF*ayUk(l{B*SE>Sk9cRqanXbSN=RJA%8~S1qKkjg*L3#Njm@sWgo|7xg6Aq1T9=4| z0Fvz{ED_lC-GZR?VzbJz)Es)b)q}JAiWx)IUE3ku*8AIcPJAik!;NV(3+7im6MC1w z<@cTA_Ld(M-a57EGdQr2gnENdd0FZz_rSi`GRGkq?q3H#O0J&~_(9Pz1C+#8V2VI@v-B0$$kwB*8R11z^#IC~5k?v?2~W4q8IH@17kzXmjB$QB zQh;U0G{CcXUo*w%2)m~D9xm9>fM1e_az(DGjFu-Jd7F|RecbH6MOw7^3AB`nC;Y)} zl-jSI3WKoX(&stzN#xdX?6045B5@-_ian*J)WW8|vHU#rhBnI*Sv0{+w69&89+~k~ zgH4&1>BmrWPw=aYl002z~8g`BKE zr4BIMpYGZi@t;juDL-R2)&a3M$nCe7DImX(fusZRu;tWygG&}bL=3+MTtt8>7PYYi zJPy;>T7n^Cc8~jY``q8t9s>W&?wL8p7GtT`(z^@0B5o}5RQ8sb_&ZEeDbI!Zs#Wyk zaFg~HgmAGTvG(5U6az&D?;5Ptn;M7qu0-gF`}d;)5#h+7o0`V$v$7^7T}O* znf$l;kWxckf|GdbVTi9{U_3++rGO#`T+H@;@kN{M`o5z3wSKCMYzUu(Qd&)Ra@9fV zmEf8OTbm}5%PJ8zJGL_{5xQf-NH2lAuJ(1IlNS@-9J25^UNn0&j2@-nj zo6X@zw_pipU78z#H1hdDZ=mcNmdYlWvJ?Hjm41f3@5f2P^B+jQtYHGjnCzsJYF{-UvBI2vTmelE5Nh!dh%5_=S)fvZE_41 z@@05K?&$gqORHqpvT(})c(OYKY)}Aregy#1@`N3ea0vY{V3`+pANQ`Y4+2>?$mWTj&O_ukTp64o}$gY7+<2@q}8 zh=m&}7~1CV`+SPo;&yD@5UT*#AV)A=mVluk4=@UOU_F5T|5yKm34GD8a;DqN`cTw| zPq|Z3kp+fB3qQ<#+<(n|_MgMG3rvO-h_WGpdE(60Kd`3H*Iuv4B%0 z#DcC+RdY;7yJKEfw)b16VspC2{=Pw9Oa~l527J#1yB{c4 zqyp!{!?ppyWO++%hGivsN#|ubm}$98*fX2X03>3%0L+vpB74uidi^GWnWGZ*u?Vp3 zR^0>b0clDd;Hkv)#|B?>+)HTxp;ho&_5@%74V3->OEbRcv%nWc5c}|s>YlGOtrJ5B z3?Ki{$;4m&34J&)^FyTjjLMIwb1JS+*&oP>B;0VP)vKqQNpal;?tq(=L^NZ>aTy-|3H49_z&V20(JlZ literal 0 HcmV?d00001 diff --git a/docs/images/grafana-grant-access_step-6.jpg b/docs/images/grafana-grant-access_step-6.jpg new file mode 100644 index 0000000000000000000000000000000000000000..1ca65c6e72eb24192654105975fd517b5f6b9c08 GIT binary patch literal 35195 zcmeFa2V4}(wl3ZXhy+2DAaPJY5CkMk98n1aB9a6}8AK5f0Z9TfFe(Cqzz_rkBuEg6 zBRMmYqmr}ajD#8D025y83IFZB;p}tYyZ_&P=k3;>=`~$l-L-nvs#RZoRgj0slfW@; z4VVT%K>+|^;6H#o1w^QO*ggONU0px~0DvO^6$K|i4IY6>096XEzaMK*2m_Qqe?J5O z0k#0uU(;Lzzkh6CZa=U2%Qt0&KR^Tiava<}k`MhYHI+>=<=>7e_Q7+2n&D*_4E#2{ z=WJ!=;9}$GN?rvnTnE1$LE$l+SJX8$wP4zYM#eWxOmE)0ci-xPwT?7HZCPKE&W5r$IPsP!lL4m(z5c3y84F3rskH`ww~U;{(-@v z;gPB7nc2Ddg~g?1+{WhC_RcPTZ~sTRC;-a86bt62$!|+Ru{xv4Xw$ zFO}@?1^fTXH40n?4*lFH4}ouqk`jDVRNzKUL;Yi;IYRSuJM!0!?&n7TV>|lyjSOZ& z0pH(Hl$M6}@8|yT0eK8GR88^-z(7d>8WSZm00jtkDM6y27U+aip8dK1s)KWO z6B{%=$khchaQW8k_nbk@EK?d880{qa7q|9W<)X-4e`@bPw3>gcz3xA?_rIaNo_~4m zq0>~Ue7@G4#@8Y$5*A`Vcv#X(s^H*>&KdJTL(KjTjV&Sx8$O0});GuL&(?PGyfwO> z!HeF|c`|XOScNYd^-Z5<>w zCSS&7qEeuK9o{gT6U7MuyC8gz;xntz1W{W~;hbsk9 zLUSjf(X5*U=0?*{zB;}0i5xv?a}V90euZ`n>LNxqd)9}izw)L=THf^yaWhCUCq{?I z+}~eX+CLp6j4oC+5>5#M{+T@=jckFy$Utcl@u*#7UZFV|2vdzD1CG#r&OssF=n^Qo z_g~o_M9jQA*D^u}2IS*x6Yhmx=qs$uugm(_Dv$_pN5a#Qg%c}Lhr@RqISEFkuyz08 zM_caoniR{tv#y>h{BtJwf^QNnxB$+%DtX`i0o7X=f6?j4l^BQB#hO`Cq`!v=Pokv{ z+Bfv|bR^!giVUb%9&`#56ERjg>s(xp9EdAHIucCpbnGo%cpCA`92GK;A?6&-W1ml< z29Z29@*Xae5-(S`piH%oM&=qZQE5xz!lw2q@He_5;&OFw>ps>#;nJjted-vR#8o8m zf^_oW(UkahcK`ie8Ny`SOiskTD1YS_%@{fbWgiKAWJBC~aPjv}7LT~qbvMyHhRCbn z+cxH5Ww8(mWdW#tSnCz!?55c)3p>cbSgoPYoUE5lt2?|?WpvlLrt|yoj%^I~2KAhR ze05OV?uT7-$3l|nN~w>Vn>XAT$C&GmwktJ&Ka}4n8e~8It}1k_GnofC`6Jr0EL=>% zd_3FhcR|FpKcZW(Kqm#7w4iY9nv1*Rjk+M=Y=M8qW`Csp19sc@uWGjw*k->fwHXzM z(fXQ`1u@tA#N!`5Zcu1`V)>YrJzM%1FdMf@VnOiWP>rj02lDk{o=?IGh=teRGTT4O zIB3SdLsh)qgxrmQ!fQ?-xUk5&qwHX+PkW_>S;SKPx0FuK^`OUMupsuC(^TG1YC~MX znNZXljq^rjS;qD7@Gr=BdpZ!Jv$xD?v6~!;UraJR?hb4$6H+Gzt>(9sJ12!!I+GE? zFT{{{Hj3da6)sM}_10z1(Nq2|!)bhy+(2@ex6%wvV<#hm2m7w(^gw5VoA_eU0hNVd zWmz+w;;Q;&<)j~P+B0`me#8~*L>(ER8}le_*z|mYJ(_=|OzPX$&ny0dP|s1wMGDJ{ zRH%l|z=`7o7|yyehF26P@K)^Ys@So}qv>S|rjgKi`5TWS7oilBiO0WO*p-WRO!!j4 z?6WxVQm zT%LWkd8R!})SNtx!zDKzP-Pt4q?{l49 zhwbi>`w4yrj3_do1|`HGaj7ecP$Cr>*tkOmn(}S(>feq0$7hp|qCYK?fvpo{pw*oW zaH`g)g16Bl1A-F-JGLO;&r5$Q@lQ4VX%fGySAUwspC<9&XA(|5w)g4mSAar~gkYc*_Mf@-?A{8$k6*Y2*u{JIpzl?LH8 zI|ttBN8+}T249Wd+!Y=h8&*dL%8`Mn59nFzg!>nQF*2D^W#!kT3JL~b1ThKO2PVI1 z!qC|@bUv*kNez%fkC=u*>7{XQOCFjC%Zlo2mV?NmB&5@(*I!h)snL)1d?WE-O*yX!Dl^j2$xP-%kcu6j>^j~+^3HSk^Ya8IO0bICwvLq&?T1}8 z28Udc`?O?Wwvr5lK<;*vfkh!Q5V1~@eXahKhNJj5Icxqlsb%*?F8FVf%lyXf2E z{$IcF#5V!Sj#fvBgp*AW+uOKKnsDDnHFXw1|1UemytD;>RT%DEmtByOVy5UK?b{me9?$0q( zmI#9`W!ZB+R;k}!$9JP*R!SzS-#~Pyo-jROJ;;Q&PiWPgE_ysHD34he#5X|?T=w|) zDQmeSHqi09_G_A(F{DxaJN5=ge-b-BV`^$DiA`M~`n3~l&q;WDxWKDK<4;cII{Z!v zIZnPWWDt-^y(1o!S2>}+TiM=Hqc7@M_h$K1Vf@E8e{iGoBIoe<^u!s1@onL>lP_Nd!jpe_~{9TD)AaN?CgQE4*E(v*ZaMd zRYv25nXnb-aIZDT$=cqj4^DG75j#tgE&c@szMD)Mg8*mC}!x~EtW!N+#Mi*n^ zpYks_j;zldc)Zv_z9bzjCj)_2@8aF!Kcd*Bn~*cZTHm>^LOqEKCl@jDbpUW)SpWI5 zSKKW!aLGf@?-K$VT`yjn%a*(SrlNHZQ+x9fYWgexG{X&-&_pGcZ7=cgJIA*O=G9;q z2c53Wml7ll{1^8_O}`j!#TPHq#eF>@h@LFk-A<6ZHAEi#moejv)5>}I4e4Vo#>N~V z)MWb+X>9Ua z%z@~c_r4E%v^U7WiGJdj(QaxMeK@E01x|t-9>?CGgbKV>Q;OrdTHY(+xbUDf=x&8z z32H9zR5&d3%9YROUcML>im=-~Q?AEpTSMP3L;o5MQO{^k4Ua_@1)ZbwlG{6Sq`vUb zkrlhGB!;qiW$CwVRi8-xM%v;dx}pBQtJUHbrVV4&- zyj9tq)Va;NCEqMTkD%{bA3?qx7f}rMzpC>=1m?nUF)`oVf?t@lB#s;B0e z_@UpV|Hr-YE&|vUf2r93-CQCA;rwJ^`s459>@SOXV+`f`OAzcUd;rNCx*>oh82=)8 zRx z_({x=V`QK+gLDOaxS-TuMYMcM2xSy+IOs}IuaFD9WZ*Oy@HOiHPBw|})_C5A()wL# z{+-gLUYyfRL)P(6L-w}FKns{L&gfUscz#Pi**UcbI>n4*BJ3k)!CdiKze<}=g}W5~ zRMP)DO3F%K57-V-J>lg3$Uw5+SCnFV+m)Sl{%JdrV}Y z0IW$&`(B`pBZ*O*6o#Z@=o84!B$7H<%U-AcB4s17uaLbHB(OTK{HQXQNr@mv2Ub}t zjb}!nEZQ)!362Mc-vb@S;_u|;3BqZ})-DLvlYs*f=oDC$GcbezGBB*4%nF^N!^so& zz<(0oE!{*Wf+ zDQ)}CnaJCIoD?AVUB^1@xCcV4E%~7Daz*|ky0z6#8^RD5R!PxcQtu!D7SV+t~ zN%nyonwwg<=gvg6L{mG~der z>v;t<^8?Sw8pW!N+3_U7f<68WIF(2E)0_85BaL9qF~t1p1?N7Zle=)&GJbKvzdGc+ zTR~6%P*rz;d)S%vTFA>s=Y%unaNK6f>v6&l@VJ??KRBD+q}Srw?k_qjT1vAleLELm z(O2hVHOi+;j<^Q!z+{)6kO3MWf!lSF&8ZhmD4s=l@IQhWds0%aT$KIdamturoy`BN zZ6y6I-xgm-)c$3729}1(VzbRS+j2o5rAJ%tjzn&+s^P26{XN7Ko#eIU{fR9byby_{ zw4rmK5;@xs`gfkxUqy8FM|2lvn(6+;=1#^0gmiHay*LO9ID*>Z0+nWZ=l7v9+0c7A#{zNMT?Apd+^$2Gj1CzE6 zgCkqnjwB_`Uq!f=z9vC!C7$HdcQ6C`d7AyzP?8q0lhFABIi-UD2gZ}-NxEi8+z9kn z@n9qf`WxLs2Oqg_Xs#jW5#SISo!PWCkpi>vaFh&$_L@yLHxwB(Yh0jIzC9YbN9%02 z9`qkR?w+@sor{%=Si-C>12!MV?^GQ1X7UBoB@w!9rr_mFoWxB!fTKkDX}m`u;ftp? z68d0B(6{+Uosb)?w)}eA2xig;<%?cjyi|B&9!6ZAQfDzqboFD=zsUB>c%j?CFVwT8 zf`MjoH$n3UQ?KKn9fJQO=|u~$j{B=7q*{0A7txTs_FByMV)y|yXiqX9N)Lsw=xhCQ z+hycD$VDkble+WTK}!mALld1qlTc%A0u3;d3^>7wsdu8|K_mGN-=6^i%Cn!uyVY5q z38&O#<>Q&BUZaLxuH)y#KySG7CAY1SC#&dEr)^Ep;JhJ6SVErJspbna9PRp!7OKW6 zCCVxpnmKm+4&l;8P7~&8kG^6&Z`@?1<(T2)6&)u7w(GvC+<3v6JJR(&997j-CDlDW zd*gelo>U<+-C+z)O>)zcebx#K-5)D&GsT0-2>UlQN8Hn$Al%cx@^Na=SjXD+mjwu+ z9+DtJeXv;ftSo(OE^65Ley~x$H;m=`}C>`i-OzD+{tTAEuZN?kB!Fd)Pib!j2I7` zEBFHbN;^V3<8fGwI^JYjMOw34JTEV$y4PSsqe9qJt4Hglc!OFg-T5Oz<5hC;H@d)n zbsB{_yeG9cz5m?wfM5g{OGjeTRliJk2>L)zvBgx?IGQZ2?AVC5pMePBH1SP`e&gVZ?<#RW^JQi8(}jjceGa zlcyybXsf(`4yb3CwU=Emid#Db&}iTK+hF`Y`&3f>IzuaVrV-An?DlB)sZT6qXlv9s zYHAamWW&(mXZEl#1*tU7j@d0*1fyJ-!GEn-PZ3YY16Z)iCYww4cK4aoz zcV@8;X<*HoyL+!r80~;x!cJVl>(9J~GcESshTm$vcl5h={+n{^h%2IRqoFa(p}xx7 zxsD-8j0E}jw&t9m>wK0R&BTb0{$kb=q49QPjG93|;WhUsq2PB?&BZ1%RJ1S>n!FUnUFf}gRDC1Q9Ajgc#7#I34$;5{5aBSHO(>QFRB$qSPaJL zibM-gUoh3Wux8hso;a13yll?s{5UAWwgg?Uvg&%k)7!qBA#Mg!KPwk!d&UF2y?JdN z*jWE)umQvgTn0(|K_MA%!0hX?dfGpYX-e8V8`nv!AOlM>#&g94+eXNS0vKrwwt~N0 zCDxw>olz?3BuNXjd@SnX5BvWEl%$^j`(3T*);%3E@W%5yWP3kp-=h@$^(m2;7+s|^ zi3)_!xUCPjH}2w=c1sJc?t6x1#iqtT%DVgQqGxgfgWm#_wFZAJxvw{_wc-Q_Er! z#Hapg^Gjt%>uC%RKJu#KVLvzCWYx|p*oBh2rvs~IO{apRxLU0DoGCcIDeLWo;r%9| z!H}ZEanPbf2)*r+ZOXTYB{Lm|C6!Ss9TuqAV;vXyc-rD)_<{#TgT+p*c=zKVCiv%A z%kNsX&U4ulsR`B zbx7(~3;*DU1G^(ez!J08?UULJjdL*eJ5~3*JoTE;!4M_{&%sT+UK6L6=94(q)M2|_ zxvK(ud2AkZ=dbbV+>dmzi0r-~`aEsWV#UMJ^~K+eM-m=K?Ay+seo4qiF>>Wcc-f#v~+$*Q#%#pWmoBV zK8q=eO+D7-=rrwenwMG(A{{)^bZFexEGS@LJIP=Jh0I>e2}Trz>=4pUiQGmm52) z;_ii>*fGXNg+^i_hIrJZ1k(~p6t@!Naw%+Fk^l0XR?sI}?rG&Khz*L%XC~7>v7p$9 z;JCtUF^G~3Rojw*bavS;pRX9&ZKe|lxunLV!#;d>7Hd?4ykkbpuAR!K<<2>#$Jxx^ zl1uLxGJHpVPBKipJ<^Sn-2jS$o|wW}*L%t!gE2?ZRq`|Vg{Jtd+IzD%rJ9z_9`&@& z7f7++2<9+Ux-IvZeKL;djW5me@U2TKlq-Kv>gLP~&-F;sKdzoG7-kf4lNQzTxaPK6 zTB)-9@3!a-9P1GKA-E?)J>T{3^n$_`#TH3f9!=-6ovDWVm#{37z88l6bPJ+cEEvko^Ojj*@~Z@#|ka zw4*OE(gHIXtdGAtrDoz!VGGUiXT7oz*YHUyHGvr;wi{}*p6xO@J&L@Dloppy)avIt zIslIEjik;R+Fmz2K@aC{+Knuk(23Lku-KLC8jWjyt5KK6^StYf8hyl2Tb`;>zZ=o( zw(!V!y8FkIo1ez6ZL)UWcDxrn*gsJS4Yq%P1!Hy}7S*hM#*AFa@*Y_#%XEj}yByAR zg!=YN+2K_V95g^#(b%&cB*Q}=Wqj(#FO!|YNXFEnZb!>EX6EV-aa;X}uVhDgDhglSz(qXMaxODSK) zXN7qJ>$1FY}SWFAPQr zpY%&2^NsRU4a1~qnpjMT*;V49l%nQ~7hgynkw)uZ#qO>YPczZt=X=dTJRw7KD&+Kz zQvDOF)3E6v-EN_1BVglLR{fL1GezZ}r4Vp35cvsPO7vNT@2l9jmn6IHA5DKxEGT|^ zRr2k?SgfJN2yH(TcU16*_GMCcxy zOI5Z84084np}#U2*}7nd++Id*1<~!v4U%+TLU&}*r05{~;?l?E%OjZDF-EWriH)54 z^3L8iMOS28>WXLR#7f<~R$o#D{T%y2GD>@eV0NH&(?hdSK9K^ny_Z|D%KYiKRTG@- z&OxinOij}o&yO3ts4ZF3{HEXlJ0$U{M!p#Dd0@iC@=#>eib}5g&XFdw*2FFiQ^o^& znr82^be#Lj)V*m8%ecp;8tw@S^0L@2R+e_{L(*>acWI6@w8e-IbgD#Jj7!&tzT}*SPu$Xc&W$?u;`&Q_ zAlk&$dW06>eo)>yVpt1v$8lX5tUAltX*UyZXL~N#gI26{nC%!NaNomBr9INbM*-}F zAIIyF0dp`CP2oe|BPJD#Q8vRFW$aKV+L9jP?U7=iJ&y>Oc^-dzb3@g%3)&vKvux|I z!j%Ze?RtgOnaCzBcoL3Y31QXQeK-c6_ zabbj6h~n4op6SyqY@SCRP;eZ1%wjQL1MjQScbS0)SvQ(^`7YmTFcise4doYkmD)lE z5}o|?S42mU553Yp;m2&f`OcN>JURY}M@#bwpBGM3F67lJ#tt5MYpw?EgzXl~35|8L zwsqbty6R9LcoSRTIKnOr4Y<&$JZQ@lP^E{JuC0(uz;@QwH>e8qy=PY}$rP)+7A{Hu z_W31L5%!G;L?fK0>gxW3%zHG$#UaACi!tjZzF`^~?vzC(l&O?utfI#K!BaJo z9+r9>1W4pGGEi9>#FWuNTV5aE*Qf`ynYE;QOfym_1nP-6k6ud_EXnS%O99APHTcVVwbZ06q7%$7I$Kr zdTgyc^Xs!kQOPoYoyWDl3g>dl{?5z|tX$*_)AJgssP#3^{;i$2 zYAlA6NB#M$IZ_oM)eyz07+^B*ecz@;NTPf%!pbonmV>{6Jc{obl3LEWdmwY7$@$ox z<3W!Hwa!LzRC_S<=C*g|fsXk%HEey|J`D;ja{xkMjZYpVtYA6pwL9pU^R=@{i_FEw z2{3&>w7;mr+8J+O95Z9Ufhe8{_B<%$5`L^r?O>|0q3pskML2Rj9DaV-ZltedfR`s? z=U#g4Q*r*H@hhjTMd(+#**-U2)8c40gzMom;~S9$CjQ%81`)8SYQ2^!V7B4;2S1A4 z)27!{IBQ_NWqo2Gc##N#_=}g`m0s-3gg!#O_b#hX{}hg9#oa^v@Gf?s zgzXUW`D~&T5;xie3As+p2Sbz0VdT(p5IWNQW_-{Mc}WKDE1ALia+_bvB4zb!ZqP-n zG5NL{L}&YwhPJbiCm@EiKSG3`Qzw4c@iQ@;Lhii=10C@NaDXZAR{YS9zBY~Fq~jh> z6_gCzHIpE6N9{x5?|4CcEPV7w9M1ZeI6QTmNHaNj5Y11}*?`K=pk{iukZ<+XSr5)) zr{M1=iqM3(g*xc|b`NrE7@jD*&vT#+R_;6mKj=>G2$2EZC@euA>~3ByB-MZ&1ug3? zE6Cbg3>Hm1%iE9ZoVNBOG2pFhRryf$Y@E%n@^Z$HO0Hc$_vBOBW1023$g=#vi(J=e z>nXyH%Y$W`3r>XCtKeX4M(?x|hi{84U%%9_CaIt`Kk`%}=5*b6)U>5t8}bnu;ALVZm?4>NwpP^F4Scr< zN@J0ivefZExu_<3g2^amU#gzHxuj^-xKr(9%TN+S%YUokOleuz+rA5TeUDL|^EgwbwDSsV=wW!{ zE%5D+in$G_(v%TXpjHwzc#~Sis9?@SUw8UDnx6dBFfoJa!=ZX-@87q+c_lDvPHX8M z>bU7u7Od%Q^Sh9-9Ch_G>sD-Y)fIR6yNt85wr!@8s+QE#=Oc)WdONr9_deJn8H?ee zCL~@*Ry)g^Dcv$@S9~np^du=?uxZ5e)zF5@oJ)>S_sa9THw{I_Jt&-94}~6W4nTG% z>Pj1jP@Kr6^K|xwNVP-Z&RQQ!+4%Ee$@GUKXic4&jfI zqSZ3c>sUJP7Im1b?NQ$2Mz5nvQ-e(y+NE2VS0p)td6IfhPV$$k3j6M`qVnZ&gyaIB zy;c`{_$$hj^;SvRIfcrG4gJBQXVLd3iWc;HBZohZi>X$qI6804QNK*dRBL0DNc>h+ zdT{&8a#fAyTuo-i?Zy3s@yMrg-)`!O6{YrQy-j86Fs7@_G}rmKEPu@>1{o?CpbXs7zGe-V?C;=R{5>g+Mn9Ws?rvz(CO^yWOs@ zMh2{rR|k-*gJb}ff)+#1Tmy0E@UIf28n6l0wqE1VI|zYbn>RrApvlXpKl&EbA-|BU z+~R(jbMmM-ADjjFe-}#Z5Uy-!J3ul#Jj}_@IQg;ma6F~^93I3Lx# zUQ!zUb!6ElIf?iP#xDZV9(Aw00s3G+0v8TcUlinh^f4P`C)=@&pU&%HjLhJqXh2eG)WCiVKf=KaS&K_Ry zN4ti|!#`mLSD-~(i$a)E^6bHS-8VUnn@#SaP3cA=pYEL#(Sx3*uZ@)UWgFkLD+;0bE2 zFKhWWr}5-0T~>C)kW%Y!^eNgan@4oZ!e3s!%+fky>dybcc4yH2 zh9UiHg|rvOi#SOQ$Sc17r@|B)FoC?Dw#Kp6a~;kw6_`+FX0D^-IjhYa>*(>T%r!#7 zLn<0ZzQ!MusRi=SH4ALO)?wg#S%EP6oNb;Y1B`f7ZN=Iizc2fn9-(rX_ z){r~5<}#~)0OJ?kRR3)wyI1>f+Tt#sqsVegXak0S)8_(7MM85AL@D6~NsNDkDSv#k z%CNJub(oKs1jcGd1RF)EsPX5oiEy5kNerf@dU50ef0+8MN=!{3&wWgJ++6r2(W|Sc zjCp`_*Jz53QUX}LLVvJI&%XMBSK@_c^ayXhSd+$(TX7;ABij|belzkRGPDbMB~#1Qy>z~@ZfCBZada$bE(_j@m3oVy--=|Wu;Gl zB}<^mH2QmQunE^sK0y%B*R{=`YIn;g??lJJ(LQ-4>5y@qfaaN?1Luhu$9m8Au={=E zhb?GBb!^+uZV58SKrg8yAnM-k47d+a{@|&X`VXJj!{oD8AE3BoTR!di24~B~t&#z1 z>2*i^9Vi2c5`eWeq7+Jai29veLz_~QLE>k00eP#LM6l(X?c^uIK9d3Enr)Ki_yo4X zhXb6YZ4J)Sc0l6$A-|ImCqO>UNtdL(ZN0S^ka7cAzDBb*w~O9T-2wSCz1U8YFLX~7 z%)II2@8s;sIIyGes{S2F70*JtV)o9H0fWcTPKjz{_--jdJjoxq1>U*UEQutm`Kt)0 z>eeJ^a4(R&4G+MUxHVuu@;S-V`#S+ujhS*KfJII2Bx!@Z4;em7=F#5d5cv9|KsH&SJX-n) zr3dA7!srgkw^?uFHXHhVwnihj9ai=$WKy-?*R)Ou-2VZM{Z_O8SbP6EQ?UN`ZSA+3`*Hk_wfCPd?}qM255K;Q z{{dhQ%bVkiXF4gDRL_=m7b`V~jSY`>x(Mj(xS9^Y!goGOgekhM=^F8OtjM6+Zi#Ns zOf_K+cu0K}AbLzcjdz0h7FSl@oG&OZd@ycGOLonM)%%BUS}!lpO1FEjQRhS;U89AYtDqDV8KvJymO(-l5GOpcA2%i*rRxi=(aiS5Ek6yj}QNC`8 z#H%(L@^DX3(W*bBxHz)vRWQODWjtUKeW`FlL-UKt^(fXDZG zIG04t;l-Win*%*lF?!7Q0jtrg%w?h1?^~&#VT!G_Wc3w?u|8PexsBhuoBn-dj12g$ zt>!38vur*zIicgo?bK`!i5JzlrN8j`icBVm)Ao z9Z9!ZrE-twOMw|a{Xyv&93jxTmBr#3`U!K|oAx(t)(qM#dmyu*X5%J)u&5J#TB!3oCLI1FbyAJw}YRDUw&O3*2$exjk!*Yueo4*ORjqQs9~La zNi;8qyRL!lh%mvIQy}M3(epIj2vM3~sW6W-)x8IXAfLnkG^rg7Wz1-H+;>93Nie#I z@3+?vkoyx7jw1*#=6JuLguqNUw_bX^OjG~Hq1DE_Sk_W14oZK~rsT47_IO46#U0X$ zdP(ihB+Hh8IlXuJC)rPNt!pWIi)!l%eeB+W)=9iX7NS0P(tS@VvaZ+FF~UvTRCo`a z5Nlu;0|Jpg`I;=(sUq+0b(D{Cd^?{pzX2VJ)bAyoLcs9V2N&@uJ=k`t~#DJ zVD8Y*2{y3VWO;tiQZM=%D=Zi3o5V}v@%akptpPqK(FHZUv?AB{HNYj;BF@cr$Qx}P_U9c)E4AW-S zq(r>xx%W(dlED%TGwJmXC=mQOFN6(tA_!fqGjz1^Yi!D^xo9QN^rO!ij@q5b78bNT zxKe4z7g;9CM2$B-&|a)4U3CRVKUIaliTkCGU3NcW1Y7IrVSZ>)^6H${hUDivD<3JG zzxdHmm=73uUs~vc7NVZJLXY_j!%q_KX4UgFcKR19g`SgNSC+DGaG#v;r-%Dv_M6ywq7I$KO#cI%E4J@p&Ais9)t60D^jrN==n0y2|ttQq)|F=0Wfk*r8?z zy3vJ|wg>(m$M$R%bI`muuH|A%u&CFVyQtw%vm{Or`Wt-+m+7?UO^IiiWV$`ui*lTa zaU%mjeSkBk)uqpeXfJp5yeVJPUz}i`D~=@5DPX6>+G6>!2j?bvulOI;f2JC6*Kn&5 zF?R6Crwg2e#D}k(#`rzGR(d93%1g(_bvM7{ioOfa+&kxM*3Rh@$an1_wU;QKzsui% z`oVd{+?Ymsui+PPH@005ZmvrRRmEMnA1jt($B~;mtu>_?9xW@`bi|;6q15FzWcBil zBLhJlzdnuTz$x~v+3Lknmd;gGT(I~zh$;6Cx_A^M=WY->hpr*{x2PYAlC3uzeZ%gJZ-K%aYay@2U z?Sh1ws|KwuF@i(Nku21qKDX~)q{DDSLXsFTQ!h;>J9jz>H=wqg&_b|CyU5}%0|+u8 zxkvxOZ9ij4R{wr$Hnh`YEG6_ul7Ss71f5P0<%&bCGPABTMw=*VU7c z+pAx4Noi69p0qg9hPR$Uogh3W2B->Q8rla29E#NY491tO;0n=A1N4i^O@PDwcsxqL zf;SeOP$Pq|!P`zx44;^421iwxzC#}3i@%iyx;d){*Zi7`59h99FM`0>ZdS` zs6)08X4h)LQ~nLhjNyvShu*x>E*KrtO%uY1& zNyPt*IKSn>42sGVuFtR1u{vS^m!c=r`oy$@}=OAw++~Kr(OcFcy^L523-5+wiv7WO`bu5ASXK!z--uqedjpn zlyDbjks5@=9mzn$AiX-peRudj$c2SEd<EXa7o$<}pW{PRKnjYfDwGQK}OobGiv zaYVO5c@ILo;htqu|)>5v@GCi{OOWwRkWTe2iSQyW@}x zuJd6wv5yCh;gU>xz8J@rzPj3}A9SPt@w<)fE&C?)N3{@__BJut{RA31d3z>fX?sw^lN$Dzv6_wr8s{7d6iFRz}EvAAlqUG|#C9P3IF zHWRuGM#vFlfLMaU8zpVCg0%rj8Z}S60vmuYmkLJ*e1o%FaPu{jQ@S{MVCoE1F{|?FFA6yU2&KJR+NPvvA|x z4YoYaBJ9wsvad%QGb(I{Gv;Hj!MFWWGX=?j=|jctlYfJW{xOULF7jMZP}PUF-&$3q zb;w&w*W!CYC8cw&;Mm7kLEyTP$3P`rqke?XuHzNPs^$v?5bmar+3W{v=M4;o%NRUz zin8F!N^H2#xy!_kV8-o!o(LszV`VCWk1ZE2E7}jd&N0iwzlvTIVCOXp_762unz4A? zcJW-A^wWUGb-#&Yq|-hFa!A@L&zY0kArE%A?A!)IUYIqqKpxm7zqUIe@~r&svw9cq z$kx2h2dndU?@hIdZk>h<$tm$T=rMR;rcnW|JPvEqrd#&n_90$KAZq%BA#J&a9`wPS z(Wchd-pxa)^Ag7p^f>F6J~E~VR-96!?Z;)#gpil=fwA`EqI)-l^98EALysrKOOfI$BPl;wP?|#fo|( zj2^&@tWU!0)v*x&?QA`EyjT68IXCuOQ_mNR7aWL7cY{uc9BzG+?_6fUc9oqQT+)XN zaf}#)P{X-g#NYo; z=wh>eaDgt_8Kw*<_6m>d(RftA8DTRgw^U$TN76RZ`fv0YT1K$Z7Uvz>Q!71xo9(L> zkFHA;5u6^tiampxR1w`d+1Fv4^RVVnMW49!)U?j9AXnPOZ$(KDZS(jcb)Q0q(4SS{ z+I=!Sw{|c0Pukh7Do&f}e1xy7D>E8gxv-X##@XY#_vo;jqs|okMC}wFVWt|65;YXy13U;-$o=og#0I$ zPpF?hPEoJ1ti|se-f7S;^k4`Q*=I6g4k5l=FNOnnz3C^#Gpk(n<6MJ9jeW&jM1AV2 zTaF2H-igOLr2=Q)wp?rtQM)9iBP?Hx!V3)sxvpyW8W-a_10LX!PL^)8h`Y+|j@DEP z7b_z>-0q2E?^(TR`pjMN?yz~=oo9sIyo!a-s&a)`?~DfeYDN;|DEymBZb{b8nwVfL zEj62gTx67mLaoSW=Ny_|C=c}hQOzm&XDg($c%8-yN0hRlla!ix>W5@C`j$rK8khsW z$LkQkhFHc+Q46x~XSgI@%VF{*UKFqDG$q+#Z=|E!@7hk)T5-Z0x?za6bq}bQ2(8#y zwA`MF2Wk3QIcJ3hLSG#u=%s@i-t{?xMKy#tP9F{ghn|jl1ZephWBO!`*}9j$JPE6= zE|a>NtsLQ*BXvuV`bg`!*2dqloI?Lk>97` z#3Mb?b>T_sEJnwEOP~Codi(^=1OinKpU6PT#QxduOAq%lz*j&B8G!77;gPzEx7Zyc z)e{F9iy&?)P{U8cw1YD(dgw%ZeOM5}IEf~`6FO5&w0ie=KSUdj*RyVc@D@ANdi3pG zB~zIWE|CmMia-kr**4S>k7PW!3{H6Z9dM!m5xoK(9yj#PSXC<7^D&pMl+Ep5@!2D0 zzTDZYJ5cYWN*DAty0a=YmpW+A=p3{)0itGf$~subhHj6`jfF$4nbmLD3)SyIN2p6j zZz`mN6t5c!bs;%dOQcIEgDwfJN}MbYGs-G*;q#WXgISpTmE>H zIWU8K$R>?2Ats8?Db2_62(+G>drQn3+IX4>gNE36l#&dL-;;q#Fzo%1fe!Z(^690S zh6btfctnzzJ3;IVfAM&?GOE;*4A>u>%ZDY9uK3(o7lpXt-faeRDPmUDh?xi4LnILQ z#D;jn?=ds2AWPRK=0=K32?*l5dkX)ny(y7SMM=tH@`@r` z0TGcXNVEv3NI(<_5($F15HXcSEvPB7#Ign1HxmRD1tB63gs=uAf<%HsNJ#SWF1&H7 z?@b?_@x7T&$A9>k$<24~oSb{_S$^mII-z@$A+0GxyFj}W_ftR1?*;hm8WCL?zJAK=`MFO~VUQZi9 z1u3$irUC|W^srdNL#iXwEfl91wg@{o*Rv_TymQMPy#r(L`Gi$V^*y!aS&{*!H51gg zVtL)+005=J)E0lmKFB%kqj_-M&emtWp80E6t2mw@-mbp12<4wU2f6BrTe5o34S{9o zN-=7r*S8w0!X>_W=xh+2GuV1H{X_@r=78Sllgw1e@4SASL2X6s4Yro&NHN~AYm7`` z^uH zyzX|AjGLK@NlS!=^sq6#L%BnaHR#(xL28jI^y6z^455sI;_|(Ywj+7z4VkgIW&kO= z&+Kbc?X39*$Ae5>vyu+G(1`S9kKb-ZXx@llKz9{ASLf79~B2A_Jx?Fj zwLl5oe9hv~6|{VxN6cJT+>R6+`N(hUeB1Wpo>XWV5J)|iZ_W+6MUPsa_3wj}iiGX9 zXX(L@nfEIR=wRBB=y9Dw1lmMlj>6gUoZ`ME4TFFcOFg38rB@GWDgPCtJ_v2+FU2g!R%E%Pq-77v}NMvN`=9P6S zpaL7~RhDM>_OC@*tO@U}(6xKnV(CP1XzBLbZX?QKl~G0Ja$0_M9K|IXW7JO-AF$lS z!@ZQI*Y=RhkJGREGC;L(_;HeHxW;Yml2MOpwe_Z^W_?a^+GoOEXHj>nlDbFTMd2U` zo+PCA@~aTTh+($)A6cplF0+j(?r!LKk+05)ns#U+q5Blwbe&<)Yj`968;wLrsbtgv7o+xwllTLl z;MrJuCLl!|Jq26O6}wEq+@o8eE1V2IUUdfaA0i@*;)f^Xks^@18Yc$e1?0jLQf!>a z{*^rOsgFdeg$~Y$mSf!P7tV~25cvp;rpNb_D-AR2GRWTYJaW4!=Yj9$;V$dp8ZKsL zIrR@4vfj-bq;j?QFexHGd15|sz$33j_@w0e!U;F;5LKf!r`}Swg#pPGMPz$5V|x-H zEMMZ=u)^&88!w<1 z5j$UAb{h4wg}qYOIN}y~b?-aY>eWOt1%ndeBT1X4UMr~o;LFvGD0l5YlC;}dW|FUc9|ez)WSDCxLN9@BQc z4ldf&ooI;JGfgg3+UWwB6|u%gH$&%-*&McHgKVhchoIG8`DwEGB50n7#*w+c^2Ot0 z1*9h76bzUd3#8y`zk7#yJv$wtBySo6Hb)G8Auua|MUghR5*~@|1&;Xn8#dq%T7c)W zj#H#2!zRoo(e0|bcZDSGg!?iE_ZnXUM+kxKQ)LIb=ONh>g?vaRXFQn(wc3q~`9d0x zbvaa(nBc2Uv{qIMK;OUfSi|>MsYM&Jv1qFqTE8t$f63Kd%E%20QLij0vfZWtwW^fU zLICFr)G8VgAPlExNhi!wQnLd$zw-K1Jy>Zy9+@VT(`blBYT#|6%X^w+`e*}^!ez}74^zE7P< zZ!^&|Ihv0-CI)(<4dQpxWy+0Ku0DbIZ?XLZ5J4=&PHq5w-8RU6oPrscf(TShvH?)8 zan@LWl>Zbg({QEL=E*9D7VZ8IRbaC>&~E*2!Ou^xJUf6U{w38mB4_aVdIC4D(4yHh zTX!e#=-nuf4`$+@eQHj^WfxC(Pf8=ENm<_n_)5O+0$Jl~*5tx$$Ey3~38Gutd#Vqb z)vV}2hTHcb(_1W!Q+roLoYcpTBwM?vt%+Rhu>0eN#2<<{{%X%TZ6qwH1}&|Exa8M# zMrua?S>&GL7lw+4NY~(>Q9a9(6u$jIwCb8$8bkd!{;tjSEmqy|t80z1sc0NbEe1q_KP(Rs_o zo)a?+Qg8B!&#D%LS{EF*#fMn?WJucLKJq9sEW$oGg}6_6cw6^>LXDYL=YjyVydigg zljNR(!l@{G{Bvh#q)}a*6L$K4hk>VWCcieqsjp85U`W=l$@Q_VV~hQB^d0uf+P0H_ zut;3Tc)kABA=i&z;80spV($3<$hdsI*36gU&-oW*8Fub_yn24tLtKsdMi2z>`#w8p z=4HXt6H~r3W{a%@x+MTx_v9Fe&^Lm!z^)9m-NZ^%vEqdO-)Gw}WRjN&jy5`Q_GmQO z1)9tjA&h&&djB3oikm=?KHL8H_ePryzrpryXeIOc;7*_eZ^J^SYdj*80lyR!$MU>m zKU(JQvOm3u_09SXdC;QUK~O09ohEs78@bXk8`KxDp&j?&QQ_5DsqNu#gu*dT^x7{5W5P|9PsXMCNE-jf<&Sm!-S=gGDfV&gBb__#YQX%$~&l z`}2tZv2L99t$dUReh`0x4xDBUns&TVHP;6sj8t0 z5D@{ubMOx!%mMK#KK2g)KwBFS0s!DNKuW|4kby_wEr22s+aJfOL;?WG@4piRK$ty1 z`fvB>fcqZ{NbUD${<0^D4+Y4z|+&;a)aR_-=7 z&K`Cyj|iK9%q?*50-m^XNs3(pWUgyylm18#Tz)_1`~C3j5J&VF0{B3>`h?=;2IhJo zp$VWnO)NsHNkYU85YrKn&=C>Z00{VAWJJF&zdr_Uh=@r@$xe}MmaoaVV+*376su)`~9=^jLJ<~$QK z3oGA6egQ$DD^gdbWn{12xT&J5rmmrBV0haIcE{Mn%G&0Et)0Dt$0JWKZy(>s!OucM z!@?sX;}c#aCMCaom6Da6llwL=zo76#c|~PabxmzuOKV$uM`u@e&)31BZ^I*_W8-u4 z3yVw3E8kbwP`i8k2k1l0(eaOb5dkEB$riZ%OV0jXzUaVw5tEXVkdpt%7ZI`dkBrli zl3lobie6cd{Jz^cZi%O-8Lr2@DQl+Sk<{N|v~(XhbDsCg93SdO)_%{~KbEnee=28x zWbAMGngDJ9#J?{j#9%3rkbosc3NB>iWIq=2)8xM|r~hp^^ZP>iW1;?IA%H}PKpNn~ zr@((|3UZ1+uKmLYgeg!^RS4q%6$ue2OeAyw6u>%WMGC)PIU|tu|u48zzhE??#Y|v^fM|q8}ex**$1ej39jZ#kK!MTK+!Q27YnvpWxcpUtIeqxHkBU zYySk-hOi+gUI+r9)Q^1$-^tz_hvG<}yY~q|OPO6sYufmKcrlZ@wAzjU>{Ahd?l1yy zMsX^e0DO@o02d)x;q#HeuP1+T=$9n?r6T>3gkO^IOA`Jk_73TDbMX)Sd>USUzLXke z73(XXmhNyyAd@)qFDoVMA@=Eh#)&W3bq?2FTbJ5CB3Xr^_Xxn7V)sX5j#h+kzeY9x z#HeQY7uWs?u8m+rcjbi%fbtCXMG}Ii1-Z`w4(>D@pJdhl_AZtHbnTSl$l<&CCh~|g zpul<)06xAF;z;7IZS3EE$o}K5S%FNEUr+s&Xa9F`BVS5X>Y)+E>}zMI62l7peBpZg zW>QY&Q#Fsbx1fu+zaTfkHca))#b`}|thfs*47Z5>Z6!D553A@EeZMyTVSF;t$j*p7 z`N7ua~a1p1Yj{OW5G-u%QFtef_E)!6M%NTUr+wx&@V~&Rabs$6AVmSQ*H?AQRw@H zJw)`yDX~x1Q9r9HpR{L9}zg28dFJ zA+O&ikk`}n%;72?l&i@@u&XE8VfJAuVCjkK(Di9R4j0^rLau*z$ z@7~8(ENAQ;?jVjJq6DB-iU16C5`cIpt`UKGfINN)-l9eTsz-)ifX(XJ!B7J59ZZ!! z;|Cb_KRe0Q;uER&`UY)ERWhe~fsE30wNpsY z$?f+;YyG||(t9va#nsUIP9Q51C@Y0`K{UW}%D_=OCX|$$6M*N6382_Ok6B0fwUer# zpq5ANhi?O4|gqt z6&z}R0_E-@a^D0dYNi_lUwqI&0IDpGMTL{zHi0ju#Gq$!3;)fWb>}ct{(hD*#zVVu zkSkd=R)eQ9!V(6*rdJ#EG>Hq)Sc$Z^cU3gcYJ7%!xzBN~4bJdpu=0d5Ky`3KTHlvR z?_F8atxKBkx#H4gN`+B0F$yCHDKm2Aa^D;$qqXVb;cwP`>;o0&;PsklabDI{v zm);psJcYfpvy2c!zVmTkW@A3vEfR^+9LQu5S!F9P%wLMQ1uV|O((GAP3rZa>*|Un~ zjEq!^Rta$3;Eh${ol}zm=yjEd_@Ao0WEp}LU=n7N+jS}I5%1QgIctM@F4t*f+m(?xm5B-C&j6flIs%U$!88+UMEA9 zr@3~NS8o>pV9^nc``o~TlC+tD|74cy7I>BbBqL932|zi_UWtrBPl=3iGow5`D#s^k z!R6V$lh;suG@d4TU@R1!qZ^NrJ(Hz+N%BgPDM&HxiojO80FiA_bj ziB9E)B=?DlE~GiB8p;wY$=>fO<{|wy!GY*C5#EA~N6pT(e&T7K=ERKbykYIXj$(*Y z;R~l;%D&sSrzUiYx4lI|9`0#M1*1{Q)|f-Pr2cbrCBtXa@NNLsZKKCe2y(xd(1!qmm)J)+^f#BkKO z@IZs#PQpC2mHer{_nW)+T8}hag*HIo<%PFL+1ug5%JEaUjx%W+r>H0 zCM+nTn&-keq$FEIe}$e_LL%@sm0kq9E#o}Ays;%|-0o0h{jw#+!QHcHtSwK* z64L7H6Jt5GTn~}D#7N^E;FyV$-Z(*}Hsc{K3_ggK>ZBA)0bl+;_m|HJ07C&=d53~l z;lf8X;prB6=g6@g0ubgo!?=b%rVV{3CZ(XdTGi_0#1gOC)Gb5uB$K{vCzD>CL~4UI zd7~Azpix^^`Ee&?G(gqjA_;rd9{;PLCb>>wUSnXPPl#fn_>AZVd9a=td1QldDTd#o zeg_#TGTv%fCQyBTt7nNS{DZhaU!FkIj;_hE99n7z876Orinccw92Avuu||{u_<$AESr{J zM>H8tS7b!3A>cDhq&*0IfQ(J)$WYA7!zdnYZcZ&&b_l#mxhgbmB3INSahi;TWHdz< za#N0zL*+4faN~J@B^0_kU=Df4ZqVEz#X)XrTvE+Ngj<@f@!<7BGwg!;8m->lLOYX& zlzEK3DBrbgvnV=y#567knY?6mGJ(JQ_-i>`f=YnRPE<4GtRkJi+rX862A|W8b(Npe z4zC{HtUlkN%NquZ+h)L2Z?mqDz2!Hf>UTe7OhC_ zUWv34v!r*DGxd>|p4R(X>vAfvp8zm7a(!R0*hvl*E4{M9tLDBelP^$lokNMWNZi1p&AA+&M{fX;u4}5v{PWkjKTGI{b>p6|mvS-zaGho!( zrcV#^fr1wGXd*`V)-#*T+UwDV@gxP`zpKmG@af20tQ}WkfPME&N96gR!69-`TH`Hv z0Zh1MsNhnJjorNlm|YM%@tcR=77f1HB&5xr$v%XPu@Z;6b|17(^LEw8y=-tG7+L=4MP;V=@z)hE5P(v)8Qf{uIkPIThra*; zo8^(1ZTvIgh_~q9hp9stHoTe(Eddxc0wD%9zCgst3i(syq8G?2TnO0ny2HNX;K~>& z{8BgppvNLUVHPm^A0f*OdMbfE{xW(h0sSXRKEf@mkd4(HWE<<%7%QuSwX5Tf=4KNU zIR=v~k5D|X%#>_J2*70#UHK8j%N2$lpEN~QH>Yn2k-Hxn^Sqcyg!T)+=}boA>qaq_ zk!S?Q77=stP-k$kr5d4FOfotC%U$si!m+SyG2w%M&!#OLE)37kOzSWKpw1pJ@!cri@XTMT7SHb$ zp$gB>CoOdDJ_miNG?~2}FgK3rM9Y73Ql#_ozO|Dc<>#^RDlhoNd|;dFa{D#*`HG7Q6Te9SOnJgU0xVg`0b>_<7cn9DIZPVRtCx;b>S2&4=$+sN=;w}XJPH7 zVRbI(&Zq`yPaDhAwC*vCeR^B7z6g>oo^BbovV=~PW7gUv`b4|A!rPH)RZ;QU$HG(T z)|V>t$c-*J3wztz?8zrZ3X}|jq9;Hyn-K%uHIT|U@gx9W?TUIGhZ?VdIO}i2@XZkd zppjK7TDqVk0FD_yi{l%034o^U7K`pl3}mNsS6PJt_U!QwER8J253h8riv!1n-yQG1 z_DuPcBH>|W8DZdGWh~2h01lrJYzS6Npnjf}U3lT>Y+{POl42%ZMt{AMKI0`whZC97YE}=VU>Z8ad0$>tM=qP z8!Qj0j1r4&mr_j2psxHHzB6PLGD#+Ja8TJ6rDD*C*j(T#= zUCl8U(>ZI~q%E!g5#ycTKcB%c-Q+Z%a{Hpdi`m^d9_8~(R6V&<;Urw{iUAmvc}UnW zr&vwud{vs1g7mFW_3^oHi;ljFvU{3udWofpuP2iReWWoTRtkWDkXuG)Kh51W&PzK? z(N2L}_Q`tciv1q$BgBRY@%qHeKsQ$LZZOXhWpLGd=mQ1vjp_0dM*(sMsH?%K^R$w!=2w#JOBkZgE<8pv2pzc~Kmp1q+`v4^0MVhwgt&?=ZeIk*G#CETchp(ZK!5 z8&w+NEnQ~&Mo~;&@i=B=Hm~iae@%ACh`O{csoNDRFLQxI>)MlUc_lQzGeh8`@7|9C zLM!hF6q!(8@0nf}6m!yIIM?!yva?p5$9>VZGQih62j830SWO=LsQlCifr^Badw+EepfYU$Pj^tDf@K%dhcwbQ&+cB2QW^Neqx-Yt6bMh-Y$>&L1 zaxS0Bo7HE*na7h&d9a%khoixf#)FctHOSNO-Wgmu0T?T)_+7zB3&$lP7m*lAJklD3 zRp>{?XV?Ns{Mk@p?VGmk=2tNVZ@)9a9(9iW5{*^U4nz=Vr!k0qtC#drz?=@EAcW%k})}Z)f><#b83`mQdA~}ZO%LP5h9FL z=aow^N!Nwimx4rB8*h*@^M%WLS>8#(s;c=+S;s_PJKNLas?2d(A-wb}^^JMk4b;hR zKDsxdEC;5D)0k>iwTP8UqdUu_)JyEGS5yU0)6k*2ViNUXd|T%}Ze97@iB7B>Ja8HN zFy(JG@5I!Werac^y&-PqPVd=xH<9^M6RcI+DNF_eB=*)bPoIWiEitd>XF`!5I$Ozi zY}W0o$E%XFCp5g74TO|Z9@h(iGI*%j+vQb6%ckLHr5WTgo%deKgoi=?~i!u^e)0 z?3Xvc(Q5g=W`@_1ZC**OtB+Q%^NQ^DcP52&3#Rpq^T_)%bZdC2nv=l19CHy3UvBXf zP*Q5EA3bOyfhP+_zh@Ed?&eJ$4~vw7KCvjv3y~5BKA5aE@}-Y{@~30HnS_^hwoV|^ zEPv;An&CaK0LKvP4xAKgv_lhja?z)BF6m97uQ}gPX->*;@5WyB%V=~CM9S(?DP1+y zENV+~91Fqp?}T+&oPy4&_x6b!tsX}fRd2Pv;uhx4X*B$jBt$8mWYv!fc>xh&LLPO+h0Q{-=whg-b!Ed#T4-;*aj@zJFv-xuqS5RBDP9Ti>E8$j z;X2a=2rk%y0H|*j4K_0R8{^^|Pn$SQGwdXXJ1;Xu^4ERa+7!F!SfIM7&iJNE-{?X- z)a$HEPdWYQQ8n5PQ#uPF^1p;hp4&d}ka2%VUfJ@?>K9zPZ^Pl$5xRv(dUgDt*CdwI zWLMJ^ZE|N^6_99ClnMa|A^_Ig;flgv(YWg0h7N?IEZ10!Jj=>=M+;^{9@5j^y}do! zKTiMechxJ zAqCy2m;1;&af3fjp<~q_li@td6BpK#v-m`2T~l)ST1dYe?)jq=S|WcrOdjg`^pv=# zHnrI1EIme9%`2A2FzJ&^fdez={f$xOx;y<*mC4`sx6e}MCQ)Q7 zz1N_w{~WJG2kUK)ve(;9v{au8lF=PYUa;FCkMh^ec3@T54wo07r@cClmJ{}>iyz|_ zPYtHMK@roHc9!N#-s^hPRobBAw!0kQ98QdA6Spwkr z)(Dp+Z*I8go5X|AvvH_SR!Cm&x2bM}bu;Sf zrgq&4FQ>Z`rDzFL2-A~WFQn-qywp>q8BSA|IHN4M1BW4J{V$-z=c}>2jTA`y*Fku> zlM{CPq8-$aCBc336;GgqY=`iAZ^i^u(+7VF-|TM?{P`<&^sAddM%|Mr{!co|WP zfBR&My@cZYn1`P<83}vmN%`{1Cz!=>%t4O3M6>(7s(PR3a2hr%_gZ$=qh7QHsxt)7 zfxSN{Z?M2Nvw;(vp5B$^-_1>R)S~33ex6<1dsfC=Zg}|>%DXj?8CNLQC^o?&MNN6) zajOOv!NME=^?)y|&+s{qHE(@T)nEsW5W~LqA?53ljsV@esO?QXNGp_ntvWf74bHGy zRgl;1IzKJ2MRmD*>8)20qZbhC-pS#(iHydxp*EKba_#T{29fQrIIv%@ZloaRZra!P zEQFsla7pjB{v~2pcUqTlxLpRl|M^i?@@e zFY5C}NDHfbJM*aybmsfywS$W9{!KpnT%YQBv3kGR83tqHD8ErI>ad%Z6E`Xw2D%E{ z`)oA3LtBHNkiD&h5sz%9r(7)F$!KA1$Cu`;n~M&L-+$jwKlnEKsO*!A@Ne^19zL_T zR0X0hSe}yb*fi%#UszZP!pezn9HO|zDYf33h6Zr6$iH%DB-OinI<^1Vjk07m5Sn%W z(dQ!&f#Miig{r4>@SqfS36<;($4}0V-l3+m;lv%y4b{&t^Y-+!#y63+tSHX-5df;& zC|&KZo~xdMcn*ha0W~MLLtj%ojUe|HMcc>Qs($X~IqJ!H>H0>;u{)$+2v;l?c=c-0 z+$MD4Vn$9*($&4rytNd~OR+fJ#N}kKhe<}aydEO#-LHq-x3~Zsv#5l3x={G*M71_j z?=V!u#-U+)uMXJS-S{SpS-I(!pI#mt>u`;O?A;Jvm%z0oP>gBVRWPeNen8CDtwsm9ipJYfu>bydE-?XOxXzpBRqd9 zUAuiGG-a4tC04qm?JA5k|Fg7Cnat`g`$%iX8L5xrtrq7R_~$vCUCQl`A5`A=_Pp8w z7h`^)<~9EG)%(me0bcZ}lDv+W3jLV`z}ezRY!Ad3ggTED{3ti;!H&aQ_^z1Au-lTP zy9chinrHCLVu0}S%y@a{G(9E(^}yns4>(sjQPXx(943M$h(H>mug-n2j=}Vs)s$v8 z$|12rh%x@A8H(k;Yb7=JYwD}rl5eU?S97I5>GTk>-;#_?gdOH|1iB2UFn(750Z@0W zLU-vaH@E{CS|iCacs~#+ zBTr2Lc&ft)z=p65sH%uZs;wW>HkTfXs9};916?{How=ae>=LLiK^x4qAa5Y;Esmu6 zpTQ5-LC=}h4@h~(4P*=fU~C{+pnZa*X<(Y0GT40lIm9LJ;u|Nl@4~JLCFG)Vqx!J) z1V4o5>f>11(%5-d+s> zc?IJ!t4m^UPSqG7X68JtR$Kp!Rz}U1v4$@DtXHU{bz-Z3CP|R;l0Up;&Eg!~QVtxW zHtP8njZLd?)s7dMtCvpq$({iw@4GX{=B1$e$BX7mpEUA*pC+o@G0($gi$yv5a_r*L zedLo9MTx0CvETn-39qlA@)&yHhO%e^C*yf@w&*Tk9^z4Cgc-Z;DQwqxQS3{R@A=2pQY5sh;bS&MD z>QMN$=jpEt28Q=~RBF$Crtxh{jz4u{m4$J|;)7bp428c`a+^5|Cc+nOMs5@;7yfE4 zX<4c+`p7x`?&YqT#+XnIX51H!c3<7i3#hC8^VRKUH`=b<{G=G?#9+kg_~D98@f>N= zc=H|d#6?$T(3?<+`y)H@LWi2X@uO8_;Xr}VfR}%9x7eM$$~k`inS-UatlN^y%esZC1Mn5s?k84uBJxo!SJ$|e?q;-6J(Lq27Nw3J4T zf13&0!YT;F@m5DPCv4yy+IgMdPhL31qA5`qDjJ{trc^@qwu6kwRUW#~7cVZKbH5wY z8&~Vt>sYh7G_>y1<56mqc&)(0AW}D_XKl(aJ@G^gV_cy-wqS_z4n3fTs-Ym^{I5@y z6$rg7))!Q%6Q*|yx$v6AnuXn&)Xh9@r>@oFOK5qHKMeCK6VreF+h$Hgab8VKj@pa4 z5syo_-j2R^VO;+8UePNH&?iV1EJYRuW`^NMxkzGe+>VD;4{>W)bbARu*E8(O?~4+7 zSX9f~eb3v*j~RxRz!TDC$+?uh;4OvvZ{aaeJOm&bzgv|8fD@L`hhUb&A z!y3`)ax9t+7pIK#$XPYLW7Deg#}}8zii-R{N1sxB=DN?Pqo+w%-Y{N1j9OTDm z3%hDEO8EM(0)ByTGVmX*Ug;og{f9Qu++%K2e?}+ic5Ro&b!?L@na8NdbX`A2{So{K zLjXD9I=L}5r7N?)(x}~O995S%HVSs1_;0ks9|G= z<1Zrq

;~n@#S7GGb{)N<1xS+o?Cxv*J4Q@7%RkyLMCKI*YHyIS(>trAhbVuZ`il z6S~*GgluKcLPAWK!Yb=WryzQ<>Z4^IHLuRInR-7ze-ti3m98BKYTH|GWD|h?PP_~O zz-mKwo`ap+9*O|OLJ7b*qe2bg3zHk3I6oLlr#fI>A#kZwibK=8w)XW7W%q?{nOlr% z_X>&gn*e~!+DIJBdku=k!WY14L>tIz3L5YL3c-LJM@bQ1&3|X{C!S~jslZ4aBEbRS zp9&57rviKOzn_3Yc{7|D>pd$@yR7~twNv%95s-6O zE0mRm1-;KO%6V)4sc05mN0}PCx)zz?EuiUCk#6{$v3r+1$#o+BoRHI?_jO)`pB#uV7&KCl*K2qMYy$_;)e_ zkl;Sd$8cBd6Y`H+?f&+BnLyT@m(vlR5j4hP!fW@cWz1O|6TufJDD1CYO@SJ-)WARJ5B!lPXf)HZG4VI@e|kMJrUx^BC12tDN0N75 z=(*Nk#r{M;`;S!HvZ8)vDK+UIE~Q}op`@dGL8s4;kB@1#)5lMEv&U;J#yg5d!YD&P zqnDt6^Kbd#=R#AZdv-Os{=v73#Jbuug@Yp7=W*FU;w@D-JrK9?vHc-MviumBsEXXv zp`U-z!xe+(%b<`fX3X8KWVlO{cVgNK{ap&Xp)H6_7tr5)+WR#OsUpEpoT*iT^;%tF^-3aKz^db*sG@kTAx=o zfHOs~Dx@V~1%4s~TAz!N8~pU5YCqF)AJTKZmhtBoh5kfII4LXYSDt^B^Z&=PeY5W1 znNj(~DyzeoR1b5`^S-ZT(FY`6m(ve=2UNIzSWSrDnZ9d3Qgs}X{V;vpFy$hCy`%XB zo)q>qi2zijt)CGc3Hz#{#5OHg&YG~s(6&hH)X{i9>*Gdh#GZVvhRuO5L-l|HvhCH% z!iRTa68+~WC!9>MDT*Kv5c&c%tMvdYDe^=Gvhy|LKn%WkNC50glfIXF;JGd6;a_y| z8nk#N5GMKduoNEA_>l@2OQ3hEQs&@odmOgP7nG&Ff{{H^b5-z{xGG7uG(8lP+czDz0zbmkS(yk z7Q@Y-*y7k`vbh~mS^v>nZ(?Pt5qRQ>(RUuGPVwKhp?z3M~9SdKNlzsB+jeZn5CUMMq1ulJwdd`Ys*do!LJ3a2xV!oBgtiZOT*sgkeWW}c+w z%=#F1qPmBF3}46wC)Wd@No#rr283VFls+Iw=$W_TvO#!O0g4&`C-rvI@P1wFBX|gB z-+%I;!b?sC6+c>Z%nEiNgvQk{dOy+dyCnZO5)Ij8>pxlr@m&On2KKeh?@^bK0(2poC@)K- zl~t}RcT0$J?7g0bT&Gsk*TTOa^0eFgfhPS}|9;ezp?~38b4{EA^#2PS!H>hgSC#bC z%>3!JGPH?t#D})|ac7$@(`w+EFaBi#MLHKE-ddJr0_FA3DaONdV~J$gi5=rghx(tO z8|g8R11ar~T|yuAezfR(?oeG_H#KSQgsV4gF*X|OzZ_Kj{^=8#ymh?SGv|)D`D5=5 zmn=-s@nI{T5tEy_c8q&rAh-HOtu}G)0<#?N=dL$hMowX*`-tHR? ze)L7OZ{k^GEz5Y9WUP`b5Er};Yv;wtqFQH%OG|t_%o;};w05?2Lsf@eL`|l*=BL%} zJ)cZqcf54LlH5h@o=WXyT$=}jD59n-+kQjUaNmUdSp{;u6df|e zyYnsE$4Y&O>BLkY;jY1}r^>Arif{;#(3K35I8C(_>lU<;(IUBcEWCe11EYJw=WpB-ZQ+CL86xX{>C`r(6O-d*jj@coqs2FMfy9 z=frm$Hg8fFPPHm_y<0wo;!k|qQkShn`|0VE06X+U5r18kz#zK}5K?)t9W$;|{>Gnf zsL~I@Xy;WdRr8JQ&?Kk`;IkIeP3pUTURN|*EH_(TaJRSgSs=v-)aIq4n2(O^VB0mZ zEK#W?`xNya-*k(fmn~`9q-m}U?`7B3cqk$KMxhD07VCAzNfEi%oy9#V!;77=NCo5V zUvdkGT#xBf>gIYpGL$mYLQCcYMc@63=kp0=%bwppH(h8S{7IPIX!F87lMAiFrY)b@ zN^C3~P~ySJU6?!_0kGms0M*29`b*^+A<JyU3>hE%=N+3 z50}pIs2e9vNvqN<(Tg}69*fI#^;75DJ)TZ*vG*)oJv4H)=v*GxaHDKXrkmwJNdg?M zO-t^V)QSV5=3U5qv~J+i8W}JnZA{m`ZH6p=WL@(T4&Z%GDeaeBb3SQnok9PDT8Pa= zysvzM`N)aE8srptGXVff-n?BGRTv4&Riw2`QK*VoG)`oyO-*>;Ml-;Fq4vAh;@3H= z-L1%z1T~Dxj_{mXYX%KwaAC3TZ9yTXkeSzT|he+4KX8am}7 z(gMFA$^4~uj{931X{KUyq0JasH*8|e^30Q0FKF0_jTwfZC%|Ab3IU=PSFoT`H?FP~ zKLP)qSDIT?7}f%RgkuK5#N;;k$Ps+CPFdygcC$DOhNqcR7I6y`Ggt3&4&#NMHlm8R7p)EC1Y{!J9apq* zQic|NIkmENB<+NrSjKOa+-5L)bv*6e@lqs%{`&*H7u*Xznj;3uCT^8872^XAyU2P! zxj-L1^IBASN8o7`GM0Bpksaea(SqkFua0c#7(U&iA@6#=y}d(%YIo}>R-@^bakz+o zY=K-+hDP$dgXN_!r6#F)g1nPvrEL3Nb#?0x{0C7ac-3{#y3C3IWX0EvZ!~hjyQbiv zqd9zEAI5gq0P_lO!b==d|9l+SGyUO2*4eOYw;Ebq1lCMU7!WW?@rC<{}iaq zbNEl;lUF|scY<-t{&mN#f4>JlzTr6kiK&SI?DRGAqZsBVbSefb4b$Bz?j+6eJd?BH zcX&m_|Nc{;3v38ai_5(-CER>XI>_I9mV>Fo)yMZily(hL&L&iF#*hCKd*&|CMVWZ} zvwHV9^@Z%b5%_~`T1-MaYv`M7f72b_h(e1`QWd&|T(3jgLgJ_#>sOARH1VgbmozYD z27ZQ6Dqh5xw&5=gR9etslD>Ad%xDbSNZf7d>YI40N;D{Vl>od_8kgaH&)8v#AIzZI z$csGG#qiJNixp4Vgx*?zxp<@Yj^!wO5Yd|OvIWFv#0V3$zya$RpN$dswD0@M%N70w zV5C##-Mo1#n>UR{LrS~-AuD@Gz{rUJrnlK-JE+04mMM1}LUPbCb-V^Qpfyv%; zx-KkJWl=fYjINiqmu-mTG-RY8O^9#;K#ql+XggLlo>LiUU@0EE8uM05xMy}!Sjh;M zf@JMs{kw?97N*@!svH1pLw!T`8`|+gWEP6|Gydq7K9JAbEQ#INrQVy)rZ4)!& zYz^4qahcVpAyv|_;;iEj4P&?Q9DWg*p= zZ{*pVc72+e3SL33lA9JrSaMA3j@9fIXt7DbcNlUYYBf)FYJH>n!A&iJg;&?P1tmE$ z#BRtu%~-idLn9EKIHFWre&T?6+oH>1H$zzg@O+gg&uzA1(3H_wj=g%1#+Q<~rLm70 z)(;_vFP8Z5;5!sRYc9?C641gBojV`nr-u?N<4QU)tV`KlYHE`Byfi`bzI)b--ALg^ z;#A9V#=B0uJ~0vvhK89Sv5@r#V`3yMB;z}v^q>`M(HbTtGVhjHz}!w}XKT|;RYt`9 zI@c;rZWL!()?{$J^xbLbbGJdL-JPL?0pp@fT-nN(Miw7P3l#9@G!bUbtsUO75@~O9 z*AjpJ4jy5maZyI$Dt~35_kdQ07FqwtKrwiC0#*z(>@3Ci2AElN(h@m<{`*K8Lu?} zzARMP?}hY_v4M`e#+Zzq)E0AIT>3!(&nDU{ZVVHwQy+T?HN~q}K(S1GmPhzG&6n>z zJ-V7ly6A>)fn0aKPqXiYwLw|!)49GGe}3bgYd=f}_GPx3Wlm(vFtIhf73mba-xJZN z?fwdmzTQ^+uWjU$cJGy7(z5Rzu;|kWmGP#faA*~gwG^#o>;gm3O$0ug(eme$gi*Cu zpvmx)A1ypbaw`EiVtWVOtj0$^J~nBz$AFy#k7pRJ3iKn>wa|jyrhSHAJ-!UugNTE* zvvijL3_e1bVfbeINquHIFN4!+x&{rWIXKOjsTMrI!;LFeWBy5rQ}N#O!QT2MW`3f` zqDyB2KR~K1{@P{w`1AZ*mpKaBO9!f-z{U=3H|zK6`=|Ccr?%@q;g-Pe5GLfHvw?Gw zn{7Dn7U8)ksOhFx!Q&_7zOH|@9Gz;SJ$?1i$s2BlnV3bA`an7*>}P2FwH)UWwB{2k za4Sz2u6T8xv?|f9%TM^DT>382oJqQEY3R$yaGTG@YE=R&^_wCqgRr3|A45Vy<&tyB zFf8C9A|>!oy`))k8|@KW=?|Axe5B@rVw9n-%bTPjVxsG$e$#VZRXH`G?VXpX( znJf^Q37}}zwz9YvDEn1$2Su)?lS1t_QRy86Sg_oB? zS2FPO&<@1LdjHW1=pjXmD&@>78YkL-j*VpO^%DS2$buT$a|H`(gge79BM3dUivRdQ zgdI7Ey4ae-`=MALcnsukG|UxLIKR-|$AA8TC&4jbkHZT6BlU*IkqVidt+>}9vILqO zq2};c;C~SDIbiTpQV2V_wuc8VFSKIqekOui6F@%!v86xWaNs8@QVT!h*2!S>zM$t_;M`nT45Q2q@uFmT?qU|**NTCv zsnM1rt-__Arq1>IC)|-Bw1ae63`_(~Aq_xHJQ7<>045P11i??wTyEmfD2)}!o;V^o zHbjG(_}yv(;0^{cnwpsLNk3lx))tqfLY2q$Ld76>(wY^t(|PZ_wF1IDDY_DUj>}T| z`bDzZxgXpU60~~tf2unF6}V>v>j4VO7|!nZt;0vg5o?bmuvpRXANFM6wp8W3(w#ru z!eC5f1@xD5Uy^KXU5QEd(Z4Fi?|xW7LAg)r|o7wrg6-?=)KAE_M#g`J4*_ zyO7qF8_TuG{i2LZSp9)UYAiJ-Am68MqU9R@1h<|`9&eSK7Vk)W5VzUxDSs*^fA$T7 zX(VJzieg)guc1zE`SrLl+tXx^c-Kp^{FMO;C#KjtAY2fPqG*uL)kfajsn>91F?f-_ zpLSQPlT?sciU2%{YlZcA;ymVWcGzc(Zv|GP#ou-H2A(f@>YkmPmsW#?CK2UIToutWOCY?1zD zb@q(ug8DujSxFaZ*~2yKB+^3lWx-I)U`!|JjlmOClYi*UGO~Qnoux4*2OxUd#88R% zwe^j@j5)69(vOk4Iv)Kf+CTXKsZxe3O1x(i+&tLwIU987yHXwKa(vPfDNri1Pu%E@ zdm9KkS+^8o+}y-oU;X4^GG+A^aQ)r~^^+k0B?9iWhdm_2jiKJ^aXE28+{Ar-t^kLI z!jsZAmvOfFY;bNB=UZf=ZmK%yVU;Vs^OA@E(dfae-J=e#O@l+n1Kra#k|%Jvs8Y5s z+4j2Sc(C$K^uxE_2Kvpz7(gW1M#AuQkzs??ly`Es)AGPvrd28L0slwP*6r{O_VIt@ zrt@F@{m!4hE;eHPr?8Z7drcu==$?PUPqZbS=C4babG$Qc|JGA|Ax2BCo}KJAd%P|{ zqwR=sX*Jo7I!JY)^>OGiyK$@DsZ9BFw_;8@abc|S%MiV8F4#J>Nqj8%I_5T&IX8+a zvCt=XMA1uH*`~%lX*SlhTvJtj?t1hVhEonjD>@e~t$1P2DE{zXdg&)LBK7FvzGCMy z8DWl$k)^C!d+|sYo5gyhcw^U|?${t&FRFEUq|@Tu=CIRmPD#BQ&rih;9T@X-u~sfrvj%!=`t?ME64b3ba)5QV=U`c9$7?9RrRk2LgpsVYd^d58^go8#t#7# z+ZeGFGKOa%WG`oFG!%f+mw|kN!^ks%kcz7F(%SQ8Ci10Yk2+ux>|RN;_*LK85V58M zlez9)_Rg!N2M_C_3w67l*3ep?Dq`RDOE=pLeQdl|_{@JAALWHj${XB=bwSG!n-_|} z2zla{V%!(Z90z-1A9Zf2Foow!t zCQF}#PQ?nmD8GD6WV$jbjp#;gi*#Q91`~_2h`3nnbXfKJw-3>K@lR> zBK&b!JCt)RT@pDNH>I&O*3=2Ltw4lZ?RS}*vNMVJjiiqp!a~zHI61ln=N=&a#2;tl z_f}UK^ST@JcEvf}Xw+uK=4>+vuLxjr`hL>X_~v zH|IJg&F7{tOP*L|#N26hflc{4a}fEu_%rN1dmIPK4NYh$k)jR@^!kA^#cO?l=DH+X zkMgF*2wgIdfTzO!0&Oc`y`Y0R0RX|d&>8CA#?3Q8XS0+=UyHIkGM8^IR2;Hr-P^hC zU87*=Sqe_`q9Bz_ZKaXsUawp(?`#EMgl(LcpySQ=yQ{m~@QR)BR=C=21;-WAm|OQ% zg^wY@iijB+{%{bYaGeLgb5;--M*x}-ZJ6wifbZ6>U^L%Fa=-5; z^AFevbmGR3XV4RvGBn4vkvXxbtNcU6<_;TSFRG0CE~RnP0a;RV&w}^x-~^%6xDR#n}W}SpJ(qY%aiGSreh$}8&hILy+Q)_ z_hR+X&EI~GNlA>U3+Fs%`7|jl?iCWo*ZtRy=PHEi5<_8bqPH6yh5p4sl zUlaXrzPQimHSs~K{^58iXYu2>Y*jJ+$GnLXf$B^5g8T{=Dl21_Q)~@mWroV@%bITM z#cRj|vQo#QJ4|Tk9en@%cGUAzE=i_NRJ-J^Bi5b@*f*Vr{f4D}7`78BjOiRN-P$4E zymbD7Zu-&4q1Qy1;KRJF*!KR{|(nI5Qlx-ACpsD{= zGlxo;%hSh|$gGorgZ}oJ39UB##l3yqkO7U%)#4XUnzv})NbL9Bv$;n;vhFJK4B)H~_7pU>e-lk{$xneQfJa_h0l zHxVl$hv9qd|IZ$6-+uf`QLWg?D&6VNezgK?JhzHOq{~r22Rl*=6FwkvNNm2){OGE3 zNyT8Xr%DfS5>n^PaRvrUm3dA39rm%*9p8MvcK*@%Vvj0xe@wdXaxyaI9q&b%MZn1j zg>v~v+D*%!S*-5Fmo3`mPLxQB~LWK9p~tCu`NVwKRR%AxQK?Ly5-+e~}AM%;sKBZ77?z+IfJJZhp-gwphdSvAnd-+HAg^X=p zeM$N|SN^Gg{YSffv-A~L0mp-q=DLdhTKV$2yxZ7QO^trln=3mum-ya-*v-82xZIe8aeggvGh?CjR`I{Dv+jQn+k2<#-^4?8 z@?mFyBW)Sag1%XVuAY4HWPRCR`#oRY7BfG{e{=F-eyiZ&by@%7Hb1J}X`Z)#=T?=X zZKn=5-#Fp+`F4hCHuq!mx1|sEx3|@DAF_+@tZ|s>7BT-X+tuUp`=-|Y)_g5fX(Mo^ zZJ*AMlfOeN-al%ezvzYQAIpcwPf1tE|J8cRFaJ_lkMEMzu^Dj%M}J*EeWI(G%P?Mc zLWOhR*^l+NW3off0grE(p7~;Wrs*Q@pNXl@ciGLi_^8i0?cx4SKf-3Uh~LhxH<<^V zx2THxnRD*;@%e%_nIEkqtnT-2wbWl4R5Qcw>DFEIAGRreTJY7ra^p0W&oOC+uA+b0 zn-5+%6xb)v&C22KGHFv>r+oLL!qAPPsqup9nzpyg^Fb#kx;rII^^S5(3Ka{rRe>lIbZ{iBoT@IJxa=UTd(V_7KH*Ti2>_r^1Tz2t literal 0 HcmV?d00001 From de9eeca3728ea844e6219dab6aac95eb647fa381 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 7 Dec 2023 14:00:46 +0000 Subject: [PATCH 133/494] Add screenshots to the grafana-account process --- docs/sre-guide/support/grafana-account.md | 52 ++++++++++++++++++----- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/docs/sre-guide/support/grafana-account.md b/docs/sre-guide/support/grafana-account.md index c7b07a7bf3..ef2d64f3bd 100644 --- a/docs/sre-guide/support/grafana-account.md +++ b/docs/sre-guide/support/grafana-account.md @@ -1,4 +1,5 @@ -# Give Grafana access to community representative +(grafana-access:invite-link)= +# Give Grafana access to a community representative ```{note} This is only available when the community's hub is running on a **dedicated cluster**, as @@ -16,29 +17,60 @@ However, for now, we can **invite** individual users to a grafana via the Grafan 2. Login as an admin user. The username is `admin`, and the password can be found in the file `helm-charts/support/enc-support.secret.values.yaml`. As it is an encrypted file, you need to run `sops helm-charts/support/enc-support.secret.values.yaml` to be able to see the password. - + Alternatively, this secret is also available in the [shared BitWarden vault](https://vault.bitwarden.com/#/vault?organizationId=11313781-4b83-41a3-9d35-afe200c8e9f1). + ```{warning} This password is **shared** across all our Grafanas! So treat it with care, and do not share it with others ``` -3. Hover over the gear icon in the bottom of the left sidebar, select 'Users'. +3. Expand the ["hamburger" menu](https://en.wikipedia.org/wiki/Hamburger_button) on the + left-hand-side, then expand the "Administration" sub-menu (denoted by a gear icon), + and then select "Users". + + ```{figure} ../../images/grafana-grant-access_step-3a.jpg + Location of the "hamburger" menu on the Grafana dashbaord + ``` + + ```{figure} ../../images/grafana-grant-access_step-3b.jpg + Expand the "Administration" sub-menu, and then select "Users" + ``` -4. Click the blue 'Invite' button on the main area. +4. Select "Organization users", and then select the blue "Invite" button on the right-hand-side. + + ```{figure} ../../images/grafana-grant-access_step-4a.jpg + Select the "Organization users" tab + ``` + + ```{figure} ../../images/grafana-grant-access_step-4b.jpg + Select the blue "Invite" button on the right-hand-side + ``` 5. Enter the email address of the community representative we want to create an account for. Leave the name blank (they can fill it in later if they wish). Give them an **Admin** role (so they can invite others if needed). Deselect 'Send invite email' as that does not actually work for us anyway (we do not have outgoing - email configured). Click **Submit** + email configured). Click **Submit**. + + ```{figure} ../../images/grafana-grant-access_step-5.jpg + Input the email address of the community representative. Give them the "Admin" role. + Toggle off the "Send invite email" option. + ``` + +6. You will be brought back to the Users page. Select the "Organization users" tab again, and now to the left + of the 'Invite' button, you'll see a button named 'Pending Invites'. Click that. + + ```{figure} ../../images/grafana-grant-access_step-6.jpg + Select the 'Pending Invites' option from the 'Organization users' tab + ``` -6. You will be brought back to the Users page. To the left of the 'Invite' button, you'll see a button named - 'Pending Invites'. Click that. - 7. Find the invite for the user you just added, and click the 'Copy Invite' button for that user. This will copy an **Invite link** for that user, that can be sent back to the community representative! They should be able to click the link, and create an account in the Grafana to have access to all the dashboards. - + + ```{figure} ../../images/grafana-grant-access_step-7.jpg + Select the "Copy invite" button next to the user you just created + ``` + ```{warning} Anyone posessing this invite link can access the grafana, so make sure to not leak it! ``` - From ddabdba3af4f6dde6247519cf6e645fb0b4c9e13 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 7 Dec 2023 14:10:05 +0000 Subject: [PATCH 134/494] Link to the process of generating grafana accounts from the hub deployment guide --- .../deploy-support/setup-grafana-dashboards.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/hub-deployment-guide/deploy-support/setup-grafana-dashboards.md b/docs/hub-deployment-guide/deploy-support/setup-grafana-dashboards.md index 8a70c6cfcb..dad2e1860b 100644 --- a/docs/hub-deployment-guide/deploy-support/setup-grafana-dashboards.md +++ b/docs/hub-deployment-guide/deploy-support/setup-grafana-dashboards.md @@ -72,3 +72,8 @@ The workflow only runs when manually triggered. Any re-triggering of the workflow after the initial deployment will overwrite any dashboard created from the Grafana UI and not stored in the [`jupyterhub/grafana-dashboards`](https://github.com/jupyterhub/grafana-dashboards) repository. ``` + +## Granting grafana access to the community representative + +Once you have setup the grafana instance, you may wish to [](grafana-access:invite-link) +**only if the cluster is _dedicated_ to one community**. From 43d6617999ac5fdde136065f6563fb7f198abbb4 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 7 Dec 2023 14:41:12 +0000 Subject: [PATCH 135/494] Add a note to grafana github auth that the default method of granting access outside 2i2c is to use invite links --- docs/howto/grafana-github-auth.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/howto/grafana-github-auth.md b/docs/howto/grafana-github-auth.md index a02c953cc9..32bcf50199 100644 --- a/docs/howto/grafana-github-auth.md +++ b/docs/howto/grafana-github-auth.md @@ -3,6 +3,12 @@ We can enable GitHub authentication against a Grafana instance in order to allow access to the dashboards for hub administrators as well as 2i2c engineers. +```{note} +We only offer this method of authentication to communities if they want to give +`Viewer` access to a whole GitHub organisation. The default method to provide +access to a community representative is to [generate an invite link](grafana-access:invite-link). +``` + To enable logging into Grafana using GitHub, follow these steps: 1. Create a GitHub OAuth application following [Grafana's documentation](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/github/#configure-github-oauth-application). From 8694e21f787e1eb957e97f05ad7174ab54bc79ab Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 7 Dec 2023 14:42:09 +0000 Subject: [PATCH 136/494] Clarify the grafana dashboards topic about what methods of authentication can be used --- docs/topic/monitoring-alerting/grafana.md | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/docs/topic/monitoring-alerting/grafana.md b/docs/topic/monitoring-alerting/grafana.md index e03538cef7..2ffb218c05 100644 --- a/docs/topic/monitoring-alerting/grafana.md +++ b/docs/topic/monitoring-alerting/grafana.md @@ -3,27 +3,36 @@ Each 2i2c Hub is set up with [a Prometheus server](https://prometheus.io/) to generate metrics and information about activity on the hub, and each cluster of hubs has a [Grafana deployment](https://grafana.com/) to ingest and visualize this data. -This section provides information for both engineers and non-engineers about where to find each of 2i2c Grafana deployments, how to get access and what to expect. +This section provides information for 2i2c staff about where to find each of 2i2c Grafana deployments, how to get access, and what to expect. + +```{note} +For granting access to persons external to 2i2c, e.g. community representatives, +see [](grafana-access:invite-link) +``` (grafana-dashboards:access-grafana)= -## Logging in +## Logging into _any_ 2i2c-managed Grafana instance Each cluster's Grafana deployment can be accessed at `grafana..2i2c.cloud`. -For example, the Grafana for the community hubs running on our GCP project is accessible at `grafana.pilot.2i2c.cloud`. Checkout the list of all 2i2c running clusters and their Grafana [here](https://infrastructure.2i2c.org/en/latest/reference/hubs.html). +For example, the Grafana for the community hubs running on our GCP project is accessible at `grafana.pilot.2i2c.cloud`. +Checkout the list of all 2i2c running clusters and their Grafana [here](https://infrastructure.2i2c.org/en/latest/reference/hubs.html). To access the Grafana dashboards you have two options: -- Get `Viewer` access into the Grafana. +- Authenticate with GitHub to get `Viewer` access into the Grafana, _if enabled_. This is the recommended way of accessing grafana if modifying/creating dashboards is not needed. To get access, ask a 2i2c engineer to enable **GitHub authentication** following [](grafana-dashboards:github-auth) for that particular Grafana (if it's not already) and allow you access. -- Use a **username** and **password** to get `Admin` access into the Grafana. +- Use the **`admin` username and password** to get `Admin` access into the Grafana. - These credentials can be accessed using `sops` (see [the team compass documentation](tc:secrets:sops) for how to set up `sops` on your machine). See [](setup-grafana:log-in) for how to find the credentials information. + These credentials can be accessed using `sops` (see [the team compass documentation](tc:secrets:sops) for how to set up `sops` on your machine). + See [](setup-grafana:log-in) for how to find the credentials information. + Alternatively, the password is also stored in the [shared BitWarden account](https://vault.bitwarden.com/#/vault?organizationId=11313781-4b83-41a3-9d35-afe200c8e9f1). + `Admin` access grants you permissions to create and edit dashboards. (grafana-dashboards:central)= -## The Central Grafana +## The 2i2c Central Grafana The Grafana deployment in the `2i2c` cluster is *"the 2i2c central Grafana"* because it ingests data from all of the 2i2c clusters. This is useful because it can be used to access information about all the clusters that 2i2c manages from one central place. From 00f800ce0494ee17114a389f28c08b8e612b6cdd Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 17:34:44 +0000 Subject: [PATCH 137/494] Bump charts ['binderhub'] to versions ['1.0.0-0.dev.git.3351.hbaf39b3'], respectively --- helm-charts/binderhub/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/binderhub/Chart.yaml b/helm-charts/binderhub/Chart.yaml index 20af6a23ce..49db09aa2f 100644 --- a/helm-charts/binderhub/Chart.yaml +++ b/helm-charts/binderhub/Chart.yaml @@ -5,7 +5,7 @@ name: binderhub version: "0.1.0" dependencies: - name: binderhub - version: "1.0.0-0.dev.git.3350.he7995d6" + version: "1.0.0-0.dev.git.3351.hbaf39b3" repository: "https://jupyterhub.github.io/helm-chart/" - name: dask-gateway version: "2023.1.0" From 8c295dba09955ab8140114bc0cdac2f9b101cd78 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 17:35:02 +0000 Subject: [PATCH 138/494] Bump charts ['prometheus', 'ingress-nginx', 'cluster-autoscaler', 'cryptnono'] to versions ['25.8.1', '4.8.4', '9.34.0', '0.3.1-0.dev.git.90.h35abda8'], respectively --- helm-charts/support/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 93b4ee9478..1e2112cfb1 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -15,7 +15,7 @@ dependencies: - name: prometheus # NOTE: CHECK INSTRUCTIONS UNDER prometheus.server.command IN support/values.yaml # EACH TIME THIS VERSION IS BUMPED! - version: 25.8.0 + version: 25.8.1 repository: https://prometheus-community.github.io/helm-charts # Grafana for dashboarding of metrics. @@ -29,19 +29,19 @@ dependencies: # that references this controller. # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx - name: ingress-nginx - version: 4.8.3 + version: 4.8.4 repository: https://kubernetes.github.io/ingress-nginx # cluster-autoscaler for k8s clusters where it doesn't come out of the box (EKS) # https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler - name: cluster-autoscaler - version: 9.32.1 + version: 9.34.0 repository: https://kubernetes.github.io/autoscaler condition: cluster-autoscaler.enabled # cryptnono, counters crypto mining # Source code: https://github.com/yuvipanda/cryptnono/ - name: cryptnono - version: "0.3.0" + version: "0.3.1-0.dev.git.90.h35abda8" repository: https://yuvipanda.github.io/cryptnono/ condition: cryptnono.enabled From 5d4f2d3698c789f19136e458a58a2f495436746a Mon Sep 17 00:00:00 2001 From: Brian Freitag Date: Thu, 7 Dec 2023 15:01:16 -0600 Subject: [PATCH 139/494] add object permissions for MAAP buckets --- terraform/aws/projects/nasa-veda.tfvars | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index eb79fe13de..9e4081c3b7 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -56,7 +56,9 @@ hub_cloud_permissions = { "arn:aws:s3:::podaac-ops-cumulus-protected", "arn:aws:s3:::podaac-ops-cumulus-protected/*", "arn:aws:s3:::maap-ops-workspace", - "arn:aws:s3:::nasa-maap-data-store" + "arn:aws:s3:::maap-ops-workspace/*", + "arn:aws:s3:::nasa-maap-data-store", + "arn:aws:s3:::nasa-maap-data-store/*", ] }, { @@ -109,7 +111,9 @@ hub_cloud_permissions = { "arn:aws:s3:::podaac-ops-cumulus-protected", "arn:aws:s3:::podaac-ops-cumulus-protected/*", "arn:aws:s3:::maap-ops-workspace", - "arn:aws:s3:::nasa-maap-data-store" + "arn:aws:s3:::maap-ops-workspace/*", + "arn:aws:s3:::nasa-maap-data-store", + "arn:aws:s3:::nasa-maap-data-store/*", ] }, { From 632dae38829b32949265e00fe54116b2007bcb71 Mon Sep 17 00:00:00 2001 From: Brian Freitag Date: Thu, 7 Dec 2023 17:24:17 -0600 Subject: [PATCH 140/494] allow access for MAAP biomass team --- config/clusters/nasa-veda/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index 2a3baee1bd..e9c399bd96 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -44,6 +44,7 @@ basehub: - veda-analytics-access:all-users - veda-analytics-access:collaborator-access - CYGNSS-VEDA:cygnss-iwg + - veda-analytics-access:maap-biomass-team scope: - read:org Authenticator: From 363069feb6e906eaa93916cc3e808a1fd591e6bd Mon Sep 17 00:00:00 2001 From: sean-morris Date: Thu, 7 Dec 2023 16:36:50 -0800 Subject: [PATCH 141/494] [cloudbank] Updated User Image Tag This is the image that uses the downgraded version, 1.22.0, of numpy. --- config/clusters/cloudbank/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/cloudbank/common.values.yaml b/config/clusters/cloudbank/common.values.yaml index dc416f3600..ecd9719832 100644 --- a/config/clusters/cloudbank/common.values.yaml +++ b/config/clusters/cloudbank/common.values.yaml @@ -17,4 +17,4 @@ jupyterhub: limit: 4 image: name: quay.io/2i2c/cloudbank-data8-image - tag: 6286b77ae45c + tag: d2746e55a4ee From 2da08155f8a1c2aa595783263c9f2361b505f5ca Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 7 Dec 2023 20:06:32 -0800 Subject: [PATCH 142/494] nasa-veda: Fix trailing slash in json Follow-up to https://github.com/2i2c-org/infrastructure/pull/3517, which had syntatically invalid JSON --- terraform/aws/projects/nasa-veda.tfvars | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index 9e4081c3b7..a06e4796ae 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -58,7 +58,7 @@ hub_cloud_permissions = { "arn:aws:s3:::maap-ops-workspace", "arn:aws:s3:::maap-ops-workspace/*", "arn:aws:s3:::nasa-maap-data-store", - "arn:aws:s3:::nasa-maap-data-store/*", + "arn:aws:s3:::nasa-maap-data-store/*" ] }, { @@ -113,7 +113,7 @@ hub_cloud_permissions = { "arn:aws:s3:::maap-ops-workspace", "arn:aws:s3:::maap-ops-workspace/*", "arn:aws:s3:::nasa-maap-data-store", - "arn:aws:s3:::nasa-maap-data-store/*", + "arn:aws:s3:::nasa-maap-data-store/*" ] }, { From f012b8d28e666506bac1f9d48f1c065194e34607 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 8 Dec 2023 11:29:38 +0000 Subject: [PATCH 143/494] Further clarification of the purpose of GitHub auth on grafana --- docs/howto/grafana-github-auth.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/howto/grafana-github-auth.md b/docs/howto/grafana-github-auth.md index 32bcf50199..ef72336e2a 100644 --- a/docs/howto/grafana-github-auth.md +++ b/docs/howto/grafana-github-auth.md @@ -1,15 +1,20 @@ (grafana-dashboards:github-auth)= -# Enable GitHub authentication for Grafana +# Enable GitHub Organisation authentication for Grafana -We can enable GitHub authentication against a Grafana instance in order to allow access to the dashboards for hub administrators as well as 2i2c engineers. +We can enable GitHub Organisation authentication against a Grafana instance in +order to allow access to the dashboards for the whole 2i2c GitHub organisation, +or a community's GitHub organisation. ```{note} -We only offer this method of authentication to communities if they want to give -`Viewer` access to a whole GitHub organisation. The default method to provide -access to a community representative is to [generate an invite link](grafana-access:invite-link). +This is the default authentication method for 2i2c staff wanting to visualise the +dashboards on [](grafana-dashboards:central). However, we can also offer this +method of authentication to communities on their cluster-specific Grafana instance +_only_ if they want to give `Viewer` access to a _whole_ GitHub organisation and +they are on a _dedicated_ cluster. Otherwise, the default method to provide access +to a community representative is to [generate an invite link](grafana-access:invite-link). ``` -To enable logging into Grafana using GitHub, follow these steps: +To enable logging into Grafana using GitHub Organisations, follow these steps: 1. Create a GitHub OAuth application following [Grafana's documentation](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/github/#configure-github-oauth-application). - Create [a new app](https://github.com/organizations/2i2c-org/settings/applications/new) inside the `2i2c-org`. From 121f7aa4766bb53d0ab11fb5be7859a7bebcb47b Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 8 Dec 2023 11:34:40 +0000 Subject: [PATCH 144/494] Split the two auth methods into individual sections --- docs/topic/monitoring-alerting/grafana.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/docs/topic/monitoring-alerting/grafana.md b/docs/topic/monitoring-alerting/grafana.md index 2ffb218c05..777d232579 100644 --- a/docs/topic/monitoring-alerting/grafana.md +++ b/docs/topic/monitoring-alerting/grafana.md @@ -17,19 +17,21 @@ Each cluster's Grafana deployment can be accessed at `grafana..2i2 For example, the Grafana for the community hubs running on our GCP project is accessible at `grafana.pilot.2i2c.cloud`. Checkout the list of all 2i2c running clusters and their Grafana [here](https://infrastructure.2i2c.org/en/latest/reference/hubs.html). -To access the Grafana dashboards you have two options: +To access the Grafana dashboards you have two options, detailed in the next sections. -- Authenticate with GitHub to get `Viewer` access into the Grafana, _if enabled_. +### Get `Viewer` access by authenticating with GitHub - This is the recommended way of accessing grafana if modifying/creating dashboards is not needed. - To get access, ask a 2i2c engineer to enable **GitHub authentication** following [](grafana-dashboards:github-auth) for that particular Grafana (if it's not already) and allow you access. +Authenticate with GitHub to get `Viewer` access into the Grafana, _if enabled_. +If enabled, this is the recommended way of accessing Grafana if modifying/creating dashboards is not needed. +To get access, ask a 2i2c engineer to enable **GitHub authentication** following [](grafana-dashboards:github-auth) for that particular Grafana (if it's not already) and allow you access. -- Use the **`admin` username and password** to get `Admin` access into the Grafana. +### Get `Admin` access using the `admin` username and password - These credentials can be accessed using `sops` (see [the team compass documentation](tc:secrets:sops) for how to set up `sops` on your machine). - See [](setup-grafana:log-in) for how to find the credentials information. - Alternatively, the password is also stored in the [shared BitWarden account](https://vault.bitwarden.com/#/vault?organizationId=11313781-4b83-41a3-9d35-afe200c8e9f1). - `Admin` access grants you permissions to create and edit dashboards. +Use the **`admin` username and password** to get `Admin` access into the Grafana. +These credentials can be accessed using `sops` (see [the team compass documentation](tc:secrets:sops) for how to set up `sops` on your machine). +See [](setup-grafana:log-in) for how to find the credentials information. +Alternatively, the password is also stored in the [shared BitWarden account](https://vault.bitwarden.com/#/vault?organizationId=11313781-4b83-41a3-9d35-afe200c8e9f1). +`Admin` access grants you permissions to create and edit dashboards. (grafana-dashboards:central)= ## The 2i2c Central Grafana From ee753e67d5e2b5154603963b54231c37fdcdbce5 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 8 Dec 2023 11:44:13 +0000 Subject: [PATCH 145/494] Fix broken link --- docs/topic/monitoring-alerting/grafana.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/topic/monitoring-alerting/grafana.md b/docs/topic/monitoring-alerting/grafana.md index 777d232579..c5453db6b3 100644 --- a/docs/topic/monitoring-alerting/grafana.md +++ b/docs/topic/monitoring-alerting/grafana.md @@ -28,7 +28,7 @@ To get access, ask a 2i2c engineer to enable **GitHub authentication** following ### Get `Admin` access using the `admin` username and password Use the **`admin` username and password** to get `Admin` access into the Grafana. -These credentials can be accessed using `sops` (see [the team compass documentation](tc:secrets:sops) for how to set up `sops` on your machine). +These credentials can be accessed using `sops` (see [the team compass documentation](https://compass.2i2c.org/engineering/secrets/#sops-overview) for how to set up `sops` on your machine). See [](setup-grafana:log-in) for how to find the credentials information. Alternatively, the password is also stored in the [shared BitWarden account](https://vault.bitwarden.com/#/vault?organizationId=11313781-4b83-41a3-9d35-afe200c8e9f1). `Admin` access grants you permissions to create and edit dashboards. From 29278f6d8b414e791bfd97704c00cc28ab9e3bb5 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 8 Dec 2023 15:50:44 -0800 Subject: [PATCH 146/494] Bump cryocloud image tag Ref https://2i2c.freshdesk.com/a/tickets/1177 --- config/clusters/nasa-cryo/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/nasa-cryo/common.values.yaml b/config/clusters/nasa-cryo/common.values.yaml index 5a653c2b58..f5b6c40eb0 100644 --- a/config/clusters/nasa-cryo/common.values.yaml +++ b/config/clusters/nasa-cryo/common.values.yaml @@ -136,7 +136,7 @@ basehub: slug: "python" kubespawner_override: # Image repo: https://github.com/CryoInTheCloud/hub-image - image: "quay.io/cryointhecloud/cryo-hub-image:84a1cbe7cca2" + image: "quay.io/cryointhecloud/cryo-hub-image:bc688cb8686a" rocker: display_name: R slug: "rocker" From 91bb1217cbe8fe1647d65fb0f34f7eaffd1ef6f5 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Sun, 10 Dec 2023 10:29:14 -0300 Subject: [PATCH 147/494] Add earthscope cluster --- .../earthscope/enc-support.secret.values.yaml | 17 +++ .../clusters/earthscope/support.values.yaml | 28 ++++ eksctl/earthscope.jsonnet | 140 ++++++++++++++++++ eksctl/ssh-keys/earthscope.key.pub | 1 + eksctl/ssh-keys/secret/earthscope.key | 21 +++ terraform/aws/projects/earthscope.tfvars | 28 ++++ 6 files changed, 235 insertions(+) create mode 100644 config/clusters/earthscope/enc-support.secret.values.yaml create mode 100644 config/clusters/earthscope/support.values.yaml create mode 100644 eksctl/earthscope.jsonnet create mode 100644 eksctl/ssh-keys/earthscope.key.pub create mode 100644 eksctl/ssh-keys/secret/earthscope.key create mode 100644 terraform/aws/projects/earthscope.tfvars diff --git a/config/clusters/earthscope/enc-support.secret.values.yaml b/config/clusters/earthscope/enc-support.secret.values.yaml new file mode 100644 index 0000000000..5326c1c7e6 --- /dev/null +++ b/config/clusters/earthscope/enc-support.secret.values.yaml @@ -0,0 +1,17 @@ +prometheusIngressAuthSecret: + username: ENC[AES256_GCM,data:IyOeJ2ltWgjhRzUrspPpfSpvkgFfAGwrmW2tlBxwoWYWK97hqSn6TAs5M+lT/kp7AICAMflPj1k3IazNiSdvXw==,iv:2vLBAANHd3T+gyYoBVs69ryC4cRQvnc7WufaF3ZliDs=,tag:+Tbpy2ezJTV4xuhA6WXWXg==,type:str] + password: ENC[AES256_GCM,data:+LSkp7SQSr6vW4b9rGPgj3I495DquL7uXGo6zbZhfqqqgCTsKgVKNpPFt5Y05TqbOw0fl5qnB6jezNzR05+SBQ==,iv:mtrFlfCbvb4CNjlopzSKL2Q9pLnNjXZw5kB238RFfXQ=,tag:fXhkUIVZ02P0fr1jyx08fg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-10T12:56:11Z" + enc: CiUA4OM7eKM2uAp93NZo20W2g59kkkg+f9lIdX3X3C5yMr18KqNWEkkAjTWv+u4Qk+RFc9++zwDFIdNUIJglHKdQjyrPgmKu7Y2GjH8cCYQZnmRy5hABlKEuILmRwdNPqjdfiqRsCwGUbPBZhpIbwUjO + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-10T12:56:13Z" + mac: ENC[AES256_GCM,data:c4cVSM6GfV9ysrVxx8SYtLHuub9qJc4i8S4XsRrbkJONZgledsuFm65Qe7/yfpypNQd1cJMgHK2kSjEbVfBgO+FMUPHc3dPgG0UjyzkFjTgmzQpDlcyZ0sPrSkCm2RAVLBB0y3qGA8/4jq4gRp+hVgNlhW5q8QKNDYMmR8IK+MU=,iv:+tqnpit70z5KQwFjYU8EdunSFBWx41seakSDDTLtpaI=,tag:HXboDkt6hPrzsX2xY4roiw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/earthscope/support.values.yaml b/config/clusters/earthscope/support.values.yaml new file mode 100644 index 0000000000..a1060d493e --- /dev/null +++ b/config/clusters/earthscope/support.values.yaml @@ -0,0 +1,28 @@ +prometheusIngressAuthSecret: + enabled: true + +prometheus: + server: + ingress: + enabled: true + hosts: + - prometheus.earthscope.2i2c.cloud + tls: + - secretName: prometheus-tls + hosts: + - prometheus.earthscope.2i2c.cloud + +grafana: + grafana.ini: + server: + root_url: https://grafana.earthscope.2i2c.cloud/ + auth.github: + enabled: true + allowed_organizations: 2i2c-org + ingress: + hosts: + - grafana.earthscope.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.earthscope.2i2c.cloud diff --git a/eksctl/earthscope.jsonnet b/eksctl/earthscope.jsonnet new file mode 100644 index 0000000000..90926c0cef --- /dev/null +++ b/eksctl/earthscope.jsonnet @@ -0,0 +1,140 @@ +/* + This file is a jsonnet template of a eksctl's cluster configuration file, + that is used with the eksctl CLI to both update and initialize an AWS EKS + based cluster. + + This file has in turn been generated from eksctl/template.jsonnet which is + relevant to compare with for changes over time. + + To use jsonnet to generate an eksctl configuration file from this, do: + + jsonnet earthscope.jsonnet > earthscope.eksctl.yaml + + References: + - https://eksctl.io/usage/schema/ +*/ +local ng = import "./libsonnet/nodegroup.jsonnet"; + +// place all cluster nodes here +local clusterRegion = "us-east-2"; +local masterAzs = ["us-east-2a", "us-east-2b", "us-east-2c"]; +local nodeAz = "us-east-2a"; + +// Node definitions for notebook nodes. Config here is merged +// with our notebook node definition. +// A `node.kubernetes.io/instance-type label is added, so pods +// can request a particular kind of node with a nodeSelector +local notebookNodes = [ + { instanceType: "r5.xlarge" }, + { instanceType: "r5.4xlarge" }, + { instanceType: "r5.16xlarge" }, +]; +local daskNodes = [ + // Node definitions for dask worker nodes. Config here is merged + // with our dask worker node definition, which uses spot instances. + // A `node.kubernetes.io/instance-type label is set to the name of the + // *first* item in instanceDistribution.instanceTypes, to match + // what we do with notebook nodes. Pods can request a particular + // kind of node with a nodeSelector + // + // A not yet fully established policy is being developed about using a single + // node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. + // + { instancesDistribution+: { instanceTypes: ["r5.4xlarge"] }}, +]; + + +{ + apiVersion: 'eksctl.io/v1alpha5', + kind: 'ClusterConfig', + metadata+: { + name: "earthscope", + region: clusterRegion, + version: "1.27", + }, + availabilityZones: masterAzs, + iam: { + withOIDC: true, + }, + // If you add an addon to this config, run the create addon command. + // + // eksctl create addon --config-file=earthscope.eksctl.yaml + // + addons: [ + { + // aws-ebs-csi-driver ensures that our PVCs are bound to PVs that + // couple to AWS EBS based storage, without it expect to see pods + // mounting a PVC failing to schedule and PVC resources that are + // unbound. + // + // Related docs: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html + // + name: 'aws-ebs-csi-driver', + version: "latest", + wellKnownPolicies: { + ebsCSIController: true, + }, + }, + ], + nodeGroups: [ + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, + availabilityZones: [nodeAz], + ssh: { + publicKeyPath: 'ssh-keys/earthscope.key.pub' + }, + instanceType: "r5.xlarge", + minSize: 1, + maxSize: 6, + labels+: { + "hub.jupyter.org/node-purpose": "core", + "k8s.dask.org/node-purpose": "core" + }, + }, + ] + [ + ng + { + namePrefix: 'nb', + availabilityZones: [nodeAz], + minSize: 0, + maxSize: 500, + instanceType: n.instanceType, + ssh: { + publicKeyPath: 'ssh-keys/earthscope.key.pub' + }, + labels+: { + "hub.jupyter.org/node-purpose": "user", + "k8s.dask.org/node-purpose": "scheduler" + }, + taints+: { + "hub.jupyter.org_dedicated": "user:NoSchedule", + "hub.jupyter.org/dedicated": "user:NoSchedule" + }, + } + n for n in notebookNodes + ] + ( if daskNodes != null then + [ + ng + { + namePrefix: 'dask', + availabilityZones: [nodeAz], + minSize: 0, + maxSize: 500, + ssh: { + publicKeyPath: 'ssh-keys/earthscope.key.pub' + }, + labels+: { + "k8s.dask.org/node-purpose": "worker" + }, + taints+: { + "k8s.dask.org_dedicated" : "worker:NoSchedule", + "k8s.dask.org/dedicated" : "worker:NoSchedule" + }, + instancesDistribution+: { + onDemandBaseCapacity: 0, + onDemandPercentageAboveBaseCapacity: 0, + spotAllocationStrategy: "capacity-optimized", + }, + } + n for n in daskNodes + ] else [] + ) +} \ No newline at end of file diff --git a/eksctl/ssh-keys/earthscope.key.pub b/eksctl/ssh-keys/earthscope.key.pub new file mode 100644 index 0000000000..a8f5253c5b --- /dev/null +++ b/eksctl/ssh-keys/earthscope.key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChGAZs8MNn5tVcfwFl6xsSBJYDE/Vm+RvxuehIlDzj3S9BRZvSp2beHMLgPZ0tJmooxlmAz0vbOrCjCzGcUiegyKT5elecQZPY8bewsLCG5YaZ+YYDPIEEftVHHH9UGYeLA59+WocviRJkbiODGxQuY6As9z1cCtNzCV47HiHOGPIz4fePvPxH0USwQmZncUasp9QGOwKkoT6iExfZzT7o94H7xYe5i29pe4x4NMPdgw6xPYbl9XSAidG9LkV0PHb+vv4sVeBkp50lIeRKmg4hZ6wqEsrG2+y8DMU9YPq0OJLck3lzxl0j0qDQanSzkbV02aHqw/nUmg8vqDazcUXFP8Q8s9SHLfgb6u2kchNGHaX3o3MSsU95/X3xgwPD4ZtdcUvM9GgJD0n5m3SznmxFeBv69fhXGBqwIILem8FjTbAkDa27dnvJJ1jUnYIOsYdPuA+nmcS/Om6UKEB0ChG7obU0/QN0lWjZciR77dVggOgP56A5XbwmaeDELt3KStk= starlord@genos diff --git a/eksctl/ssh-keys/secret/earthscope.key b/eksctl/ssh-keys/secret/earthscope.key new file mode 100644 index 0000000000..196adaaf2a --- /dev/null +++ b/eksctl/ssh-keys/secret/earthscope.key @@ -0,0 +1,21 @@ +{ + "data": "ENC[AES256_GCM,data:gceWUhWoo1TdUSxNgTMpasRydoUKvWqoauIR6sQxCIkdzEjTV6/8VpZPxxiESNXwYWN9VwNujEBM7ZS3iCSjOtVEvUud61u6B1DHQ5mi14gwcWiZfiiACaKsxfQ2u9UDYEPuiQmczzK3JuzakWndR7f5Mx85ylipMy3gTkc9GkvBHnbiQt03B+7Dqjiz8Cz+OtCYlteRo8UjXrEAB3TB+sNBXANOLoXjaDwS6hC/sBgorm3WvPyNdBqmSKswCb5R4AkdR+kzdWYV+vfjLSbYZGKDmTxrEHGP494fO0YG3XmConI+X1rwasHZ+V0FZfdIVpUp85cIC2JhM0OyaDpkvRynXO8MJggzZdbvj/BEPnTA+TINE/oNph73qOelpmVlfDUVGD973WYyJLz7oKbZTxsiCEVh80q14OemUxMsx7CPwdXRxN43A5afQ+Xd+exHuE6xEHYVrW2xa2dsqqdr7ztysvuWPYuNufJC+P5tCjhgzzZG/HNJm3bay0Mbvq6+ytKdZ2Qn7VYwXm9iHlYaGj1L3MV4n1gLpg+Gd1oH0hSmywtp4nI8yCLUOUIXXDYKo6U74PA7rdBgQD248zdP4WbZNfLlSrsdwtPZnB/mlo5pzx9qDsFbPjmuQyrv978w+lK09biR9tqck9AU031jZPmz7Xw+srJKONL/4hdxAdnIWYVl05ocPMl1330/Bg3QXEQTwpx7fuH2bVY7Hm6xxveM1r6GuA/ycMgX/b4xGuhtTXZnt/5CrVWeHsF2KDTL4O+cnlYC4J4ERFvx4I8qGEScZliYrXKzC07yBE2X2jXXB5Sawlz8bn0PF2KgHy0ySp3cMOfCgmbiEL89sliuSmqeMdrn3xkYl7MrmNYYLpS9OJu+ZkMiUN+f/0ojr9PqylHHhMrO9jwK2FqOuUzRRgezi6WDcWQHAjhH0FUZgowLDD6hprolIhNgYWIN3OnxYvVW85adawxigv6QbJY3FSJQXZfsE3qtxDw5/R4298NGSmn9PBhbQwVp86lNoKf1OE+Md33bDJJ1bsKMBLdSC9FBeJcMrntfa5msO4LcaORuGFPZ9iNZnUS8tc8fZVY4UT/PADjxPExEAndQIrPQwiOcs8YF9IaUa8zRTaOmmGfwLalWHcOLFloKGbEUo4YEr6nMu6A5zEmSHq3JqO4G93NMZn+qeQhJWjgkc8KU8k3jkH+D/mt5Ie+V2gVfFbCRpuiaVnqWrTLh15/y5McyxxiYP0Q1kJBJMEIDKWOsFZZb+b7XALLjAIY8o+5v/f9G2HeYavb+4gWqBVUvNKTYl0FguqhBxSvMBvC5zZF6rkeqLBstepeg1is8gqJV3A/cdCLcqHKynLDWCt5L88UI2OpPLH80jdcA5VkyCCXxl5UxWWfcM/X+jPdU+I/sfiyla7Azrk3J4a+84YjRw2to7jhHnZdZGW7YPqdKZOu8hzqq2mHfR0j0fD03U7TNO4Q6WfIcTRX5dKvwhupuPTFkcfREi6bKZSDyixyyQgRu1X372Cut+WfUcKJg40W39R4N6qeRcHBTNh9CrCokptBP9StvMtyt/FVJEkBTJZzbHEa/HBcjXFRGjXC1vSwWvRN8rePJOhsHo3aDZbSDTXIXUWHcU+0TCE+/b/+TQMUZ+VTIAM9gBR1JakXWVFWxm9d17Zr7M6Fk3UoRZ/3IpDFCBky+q0I05+4H2Zix6OPk8nSDF6WjkmW623UhsdHYC5KJQasylXRINbLYh/YfWqUYOMQw/WHxnZimgeJzY6Qw7DoxCWkuGdFTmRgyHRTK578bQnTqewZ8G6EB/nxJYTDNfptXAPmN/8A+Iw4Ha2Wejd3+VKniGVEgVrecvYTtqKQjWiraf515Tva0/mVfg1Orjz/8uRXAFqFX44b9eooQB1xEpEjhZrd9j2fjVpe3wfa0C/LQvhEAFB7V/sG3DemGY7GBsMmk2sWBsEO/O2j1Rs63oae4rWOg46jyQJ9hiS4D206KXcZbBBY6+qcpGtyVn9139n7qG4IXdCH+q5XEJ5mx07qPac8AC9V4OaeG+KGi/WqVTFOqU/BuiP3Aws2vW+a84ic9A4tSLA5v6c8uHr/SwxwQrjWLVF3Ktl2GFGi+nL6PnarJN80Efmrw4clY4NmyI7hzt9MBGJfrErHK5vatHfApMGb9tSnsOSXN7v4W71gKU/S4euYkEZGmuWYe/j0nTb1VMJZzg8LM2F+qWUxn4ph71UCiuFtmA3S22EvKuPghG8ALa6109kidj0RluKPxghnDrkFPGZE70YRrVqVqvjelBWEt0jIWy066ga7KdfhxnVtJ8BJ5Zzb3U8VPb7muKcAKlRAx/LX+yZYAmn/k9xLi5NOQ2CG56hWnMOAYpJ+FFtdF8485VIY7xzTf2pXxegvTM4iIUwSI8ITK8MnnefN2o6k9/npSz2HSKg6UaMt6Ua2TkmbtUkuL4q2JQmhM+2TVfSMds4wH7WTdSMKgCWiz+sIgI4BMbf2fnjPeUusobTIRuvKHkd4Yy3VDct/ihT1bYMz67l+MNPGv71V4PcqzmM/OyaRSSqxMEdkYo26C8E2eaQWV+Q2/fUje1BtYBoarJddzb5eRyGh3EXyZxomGa9dqPiuGL6KJez3L1GSn12I+TUmCEUF3hecc5YVYwVXVG/WciWeERH01cbMaZHcrkYEzETVweaKhjY6Gu/Vf8oU36505E48fO7+z087d2l6p+bvRTvlfj9PbuKEJ536uDjC9CMNKUIP4T3sUEZkxRTLk/eNuuOegTYCS110pXGqISREfAsya8lCjnCFttTR7kjx+rSnWRpi7uoYaAvzM/RAt/2lKYUpnXVe7gEktfkT2pI7aDkprX5U8T/cL6EzcpQFQYbpDf5YVHie0kRV/TVlyqaRSmElNw1LxzFF1EK75gbmIwZaTVy1EVNBWZMc8j3Gxp8vTayXOc6+95yhzWD+20Gv4IMt9mpsKxx93xbGpk6FnPlSWZa9VVW/XED/Neu4ipncyCLRSJEdrnGFOuyOHa+MTPSxGSSN3fTbWnlSHVFyn2w+WUhek2pnh4zkoXxn6LqOMWU8biNnTusoGXuihbox/3CUuUh58uMya5b3ljqt4iSjALqGkO/9k5pADNIM9+18A64ddyRqcLEyz6O+foHh62M9KWuVcrTAo2gxVWFTx8V4UiMu1j6u28O3MK1RPGO/6ji9W433XI6FGtBBMz35SGm4GOgnN8Cq3rFpNEuVyNY7QuftMUnCnXN5D9HSiTx4mAqQqpoZWn8kEOqqWCdMHe3mLUG+mazZHEQ9NybKG7ew7WcZPy4EwmrVKoUpIYJ7Y+an8ixkFgWaNXhWHE8R8hnLbO6RTiwSgj3ysh5j2qT2tr91TUIPsz7jBd0rPUY5uJyt6Z1Keuf8gHKqKTM/BUJbQZefsXxXwbcsfXbT9CUMY6gNaUHX5ENeTUapQtyZvFY1IqnFxrCtPTbRkNx+EBA==,iv:DuDPWeW38lHht+scY99sRCJ2qrJaYxOSmFPseuKtwXc=,tag:prH5Z4kNf+1daY5X12Ea/w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2023-12-10T12:56:10Z", + "enc": "CiUA4OM7eI6hovem8F7/tJN3UDN94q8DTbmkxSwi1Qox3BMYpEBbEkkAjTWv+nupMoEKc6FE/9OPFjUyKXoJkBs7hmlFZ0KtBjJCmK3i/6coxoac5vApqqV2lTMIAclIqrrnNVKz7WzGhT3hyIHfKQjw" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2023-12-10T12:56:11Z", + "mac": "ENC[AES256_GCM,data:iJ49V58dnR15SGZL0kpcPln2SaVq0JFDrdDRsfjuII7BurCfvK1ZFgufLH3ZLDCS0X99XnYok7uSHrwwh7NEeNU0AUYdJfZ2tntO5rFjS1TjpoKvh0+hQy8l91rCrl4oJGisFKHejXDGDod4/D+NtKkne0im2WkafFPy9adaQ20=,iv:GgjXbURrSp+9HrEtpJrtIKYPp2Extc9A7HnW/dPppSc=,tag:oLDkZ7pgf/tJXxT/hGQunA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/terraform/aws/projects/earthscope.tfvars b/terraform/aws/projects/earthscope.tfvars new file mode 100644 index 0000000000..57aeb6fbf9 --- /dev/null +++ b/terraform/aws/projects/earthscope.tfvars @@ -0,0 +1,28 @@ +region = "us-east-2" + +cluster_name = "earthscope" + +cluster_nodes_location = "us-east-2a" + +user_buckets = { + "scratch-staging" : { + "delete_after" : 7 + }, + "scratch" : { + "delete_after" : 7 + }, +} + + +hub_cloud_permissions = { + "staging" : { + requestor_pays : true, + bucket_admin_access : ["scratch-staging"], + extra_iam_policy : "" + }, + "prod" : { + requestor_pays : true, + bucket_admin_access : ["scratch"], + extra_iam_policy : "" + }, +} \ No newline at end of file From 626a72ec38891b16a38e7dcd200b79277361c05f Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Mon, 11 Dec 2023 00:13:43 -0800 Subject: [PATCH 148/494] Support ORCID & GitHub auth for AGU Binder Ref https://github.com/2i2c-org/infrastructure/issues/3508 Also led to https://github.com/jupyterhub/oauthenticator/issues/712 being filed upstream --- config/clusters/2i2c/agu-binder.values.yaml | 28 ++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/config/clusters/2i2c/agu-binder.values.yaml b/config/clusters/2i2c/agu-binder.values.yaml index 99fa3a3e5b..d2b9e9a143 100644 --- a/config/clusters/2i2c/agu-binder.values.yaml +++ b/config/clusters/2i2c/agu-binder.values.yaml @@ -47,7 +47,6 @@ binderhub: extraVolumeMounts: - name: custom-templates mountPath: /etc/binderhub/custom - jupyterhub: ingress: enabled: true @@ -69,6 +68,25 @@ binderhub: scopes: - self - "access:services" + extraConfig: + 01-orcid: | + def setup_orcid_username(authenticator, handler, authentication): + """ + Fish ORCID username from inside cilogon_user when used with ORCID + + There is no clear way to get just the ORCID id from CILogon, so we + have to do this. https://github.com/jupyterhub/oauthenticator/issues/712 + is the upstream report, we can get rid of this once that gets fixed. + """ + idp = authentication['auth_state']['cilogon_user']['idp'] + if idp == 'http://orcid.org/oauth/authorize': + # Only modify usernames if orcid is used + # oidc is of the form https://orcid.org/ + authentication['name'] = authentication['auth_state']['cilogon_user']['oidc'].split('/')[-1] + return authentication + + c.Authenticator.post_auth_hook = setup_orcid_username + config: BinderSpawner: auth_enabled: true @@ -80,6 +98,14 @@ binderhub: http://google.com/accounts/o8/id: username_derivation: username_claim: "email" + http://orcid.org/oauth/authorize: + username_derivation: + username_claim: "given_name" + allow_all: true + http://github.com/login/oauth/authorize: + username_derivation: + username_claim: "preferred_username" + allow_all: true Authenticator: admin_users: - choldgraf@2i2c.org From 0b7341e6d80f0e53fc5c9277313b386cae7b10e5 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 11 Dec 2023 15:50:12 +0000 Subject: [PATCH 149/494] Add hub for Tufts University --- config/clusters/2i2c/cluster.yaml | 8 ++++ .../2i2c/enc-tufts.secret.values.yaml | 20 ++++++++ config/clusters/2i2c/tufts.values.yaml | 48 +++++++++++++++++++ 3 files changed, 76 insertions(+) create mode 100644 config/clusters/2i2c/enc-tufts.secret.values.yaml create mode 100644 config/clusters/2i2c/tufts.values.yaml diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml index 3565e3864c..9ba7478c07 100644 --- a/config/clusters/2i2c/cluster.yaml +++ b/config/clusters/2i2c/cluster.yaml @@ -135,3 +135,11 @@ hubs: - basehub-common.values.yaml - mtu.values.yaml - enc-mtu.secret.values.yaml + - name: tufts + display_name: "Tufts University" + domain: tufts.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - basehub-common.values.yaml + - tufts.values.yaml + - enc-tufts.secret.values.yaml diff --git a/config/clusters/2i2c/enc-tufts.secret.values.yaml b/config/clusters/2i2c/enc-tufts.secret.values.yaml new file mode 100644 index 0000000000..24598fd6e4 --- /dev/null +++ b/config/clusters/2i2c/enc-tufts.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:VjKMcUOhCk0aWLztj4HjMkjP/Q3x6daj01aZx17RTeeDwHe9auQOvFz7fdZAqMHCW+nG,iv:acWGQg+QnvxlewUzthdy0sEQWc0V+FKSlktaUGVV3yk=,tag:5Sbx/ngZ+VZWt7T6LwUeMg==,type:str] + client_secret: ENC[AES256_GCM,data:kjqALzq/6zKUZmYi+/wAzTZbCJpUxAU2eUQgyla33GArYk/i8uXXYM07a4WvWX7YVFHLVFWam8rIMz0uvD9PdRHM/2LYBet9qEO8MU+h7ELoNP4nHAw=,iv:dW9nBYQBspGpY9Q16hH7imkaSCDxh6Xj/F02oVvnLy0=,tag:1P6kSRSHfhLon2jAvKZ9+g==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-11T15:36:52Z" + enc: CiUA4OM7eEwyaCdfvyqhUi3s8gfpndMgyP40m/x7UETe/IUUCiULEkkAjTWv+sLh62rCeq3fYDXmsV4cAE4yWHfXchFrExtsbOEyEwOIczwkzJXvNR/PrYlfhPb+tNIY/pyLmBiBKysAuNU0zWYJUE6k + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-11T15:36:52Z" + mac: ENC[AES256_GCM,data:xn1ommOn/63KdtM1P60CLwRxaa2SmhYchkbtZxKC3u+UqNwxAwxF9yXUYcM0q1rO96Je0HkdeD+1BascOBLCw1DxTyhY6DyGMqw9Gkh0+YTy5LcijAbnYiAHg1/C5ChVYJVGVoFQhuoPoFs3hZX0nR7MxigcmKofv+PJ97wFo8s=,iv:IH6omjLRNoFcTxs7TXNJa/dDhIiGOmRq+xxhp8rRfuk=,tag:z6O3KwX7kTRCMApkZ9CCew==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/2i2c/tufts.values.yaml b/config/clusters/2i2c/tufts.values.yaml new file mode 100644 index 0000000000..755ae192a1 --- /dev/null +++ b/config/clusters/2i2c/tufts.values.yaml @@ -0,0 +1,48 @@ +jupyterhub: + ingress: + hosts: [tufts.2i2c.cloud] + tls: + - hosts: [tufts.2i2c.cloud] + secretName: https-auto-tls + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Tufts University + logo_url: https://brand.tufts.edu/sites/g/files/lrezom786/files/styles/large/public/2022-09/tufts-ext.jpg + url: https://www.tufts.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: Tufts University + url: https://www.tufts.edu/ + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: "https://tufts.2i2c.cloud/hub/oauth_callback" + allowed_idps: + https://shib-idp.tufts.edu/idp/shibboleth: + default: true + username_derivation: + username_claim: "email" + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" + Authenticator: + admin_users: + - Will.Humphries@tufts.edu + - Peter.Nadel@tufts.edu + - Kyle.Monahan@tufts.edu + singleuser: + image: + name: quay.io/2i2c/cloudbank-data8-image + tag: "d2746e55a4ee" From 1956670baa5d22195bdd2d1d4330494258f644be Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 11 Dec 2023 16:14:00 +0000 Subject: [PATCH 150/494] Ignore some files during live build to avoid infinite loop rebuilding --- noxfile.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/noxfile.py b/noxfile.py index d8c5d41a0c..be7336dbd8 100644 --- a/noxfile.py +++ b/noxfile.py @@ -25,14 +25,20 @@ def docs(session): session.posargs.pop(session.posargs.index("live")) # Add folders to ignore - AUTOBUILD_IGNORE = [ + AUTOBUILD_IGNORE_DIRS = [ "_build", "tmp", ] + # Add files to ignore + AUTOBUILD_IGNORE_FILES = [ + "_static/*.json", + ] cmd = ["sphinx-autobuild"] - for folder in AUTOBUILD_IGNORE: + for folder in AUTOBUILD_IGNORE_DIRS: cmd.extend(["--ignore", f"*/{folder}/*"]) + for file in AUTOBUILD_IGNORE_FILES: + cmd.extend(["--ignore", f"*/{file}"]) # Find an open port to serve on cmd.extend(["--port", "0"]) From b452c2a01044b53573b0cdf72dff5d2c2edb49c6 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 12 Dec 2023 11:40:48 +0000 Subject: [PATCH 151/494] Regenerate nasa-ghg deployer access key ref: https://github.com/2i2c-org/infrastructure/issues/2434 --- .../enc-deployer-credentials.secret.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json index cffca45806..af204d7b0f 100644 --- a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json @@ -1,25 +1,25 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:qMunDZWHlI0up+d8T3QL8tGyrlU=,iv:RmbwXuuYz7GDEUeaWS5kB9jprQjkxRoKlkgFolNzrt0=,tag:POHzqzr3C4ynvA1aeU2N9Q==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:XGrQIdXfwDZ1bHGC9cGwyc9zE6hZFjJmFpGk5PfCDFSF9q43MrRsZg==,iv:n8qCgLDnpshgY+3xE2zYakJ2618tQ4+tpU4J6htSon0=,tag:Hv2JGZH8Qz4xiD177984fA==,type:str]", - "UserName": "ENC[AES256_GCM,data:A+1ZcIrJFGFVA7+VbVvfiwvBzwkFgVI=,iv:joLvfo4bZJ7K3D5bchRnMFe42GEGQRg6Qzl5SpaqJm4=,tag:rcRKICnKUuw+zWLM+KQ/Hg==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:/SnNrz1NZH14iUvTbwLgPTgPQXM=,iv:PY9j0aRcy92oHYxk5MTc/w0QqbLJnaKfjbk3f3QeHjw=,tag:94iPN87QPhhy+seo45ei4Q==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:7Ve2qkiVgs2oTRZ4DmicdAYcTtkv1wasASlCLgTqQYTRrmrnRsM3IA==,iv:ZAGR/Oz8oKNczgnt6JNw9FtrN4EyiNazZQBva4fQ9zQ=,tag:6NeNP7Yoq5fqAbCWGVpK9Q==,type:str]", + "UserName": "ENC[AES256_GCM,data:Z90ncTWifCB0NjDp28vWKoWNTwaOT2g=,iv:TEG1Z1Asy1ejwKWX2ylqf0CoCYn9sMoy0D+ULnBiYfo=,tag:SZWVgDCM1jJozZsUClNBYQ==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2023-11-19T18:59:51Z", - "enc": "CiUA4OM7eDGvjTNhZ63YMiU2KGZGeyGmQU8lonyhY95PlmVDvXdSEkkAjTWv+mHfwcNgPyz2iNvtJwt6lCVZKKLoYtdZqY3W6MiJrRXo4QjUg+t6tZ+y8GgbarwZTmzGu5uVtEWUtGIda3Zt85POOFQS" + "created_at": "2023-12-12T11:39:58Z", + "enc": "CiUA4OM7ePvn5wSbGI+YBkf8tpE5da9gpXo7uUg76CB/PH9qw4XgEkkAjTWv+kuW9BPeM6kaAzOlTvAtq6ln/ozWmCZ8oBCvSzC3GzzyNrBPiYtL0RdglmxCVeuVuJbmYQ5f24/vlyKJ7z521fXw1lY6" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2023-11-19T18:59:51Z", - "mac": "ENC[AES256_GCM,data:ssY1powc8j6WidDT6WlzyQRboKGjqtpkLIm3mAzcqOqXFT2QwpbYHCc/LQZ/recD4Q9by7ehR7iBv9OVJE/Kv9xNozT6MTuhPE+vxTglhU4kHxm3uXRF6eq58PilC7AQv3iOxanWMxh/fXzAmF2QlWZH1bwjFoB+MYek8xQu/XU=,iv:tBGQ5lJlmpRtoY4FNQZFG0x4le1dHbqatVbtROwfWNY=,tag:Af1H3bFrirGtzlGCvlNclA==,type:str]", + "lastmodified": "2023-12-12T11:39:58Z", + "mac": "ENC[AES256_GCM,data:FlX4TV328tvYkRDq0IN4lsspRtk6dtmyTDBjHiWReNS/JmPhtpreAcbkTrMgbj9aSPlJ44hEiPJcTPvbnEBqfouYkgWThWHI4uGwjLMj/EW82HhTDmSR5QNqaHXDyVKjwYfLBuHpGVcqh5dglMoWcAa6lcbcyln+DHr3a3Fa0m0=,iv:tc/d5UgJcdN12+Pvip9BEnwuM1ENqHp3gM2+poPOv2Y=,tag:PFokY3k7piFPYObrPzOuiQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.7.2" + "version": "3.8.1" } } \ No newline at end of file From 50d3b4a7380df0df1523ef53fce8edc75f0ab98b Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 13 Dec 2023 11:53:32 +0200 Subject: [PATCH 152/494] Bump qcl homedir cap again --- terraform/gcp/projects/qcl.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/gcp/projects/qcl.tfvars b/terraform/gcp/projects/qcl.tfvars index 771b3f8ce3..1433331606 100644 --- a/terraform/gcp/projects/qcl.tfvars +++ b/terraform/gcp/projects/qcl.tfvars @@ -15,7 +15,7 @@ core_node_machine_type = "n2-highmem-2" enable_network_policy = true enable_filestore = true -filestore_capacity_gb = 2560 +filestore_capacity_gb = 3072 user_buckets = { "scratch-staging" : { From 4898f98c683594969b3e8f184c070fa694b5b0ce Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Wed, 13 Dec 2023 12:08:58 +0000 Subject: [PATCH 153/494] Revert prettier bump --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1ee14fb699..6ce976d767 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: markdown, yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v4.0.0-alpha.3 + rev: v3.0.3 hooks: - id: prettier From 18965af0381a96708011ac0dfcd2a8396d562fb9 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 31 Mar 2023 16:43:39 +0530 Subject: [PATCH 154/494] Add documentation on preparing for exams Based on our experience with https://github.com/2i2c-org/infrastructure/issues/1905. Trying to set this up for https://github.com/2i2c-org/infrastructure/issues/2316 --- docs/howto/exam.md | 38 ++++++++++++++++++++++++++++++++++++++ docs/index.md | 1 + 2 files changed, 39 insertions(+) create mode 100644 docs/howto/exam.md diff --git a/docs/howto/exam.md b/docs/howto/exam.md new file mode 100644 index 0000000000..32ccef9b7f --- /dev/null +++ b/docs/howto/exam.md @@ -0,0 +1,38 @@ +# Set up a hub for an exam + +We provide support for using a JupyterHub in a *controlled* physical +space for exams. This is an extra paid feature where we charge hourly +for responsiveness. + +This page documents what we do to prep, based on our prior experiences. + +1. Make sure the exact dates and times of the exam are checked well in + advance, and we have enough engineering coverage during this time period. + Engineers should also *test* their access to the infrastructure and the + hub beforehand, to make sure they can fix issues if needed. + +2. For the duration of the exam, all user pods must have a + [guaranteed quality of service class](https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/). + In practice, this means we have memory & cpu requests set to be the same + as guarantees. This is to ensure equity - no user should get more or less + resources than any other. It also improves reliability. + + This usually increases cost too, so should be done no more than 12h before + the start of the exam. It should be reverted back soon after the exam + is done. + +3. The instructor running the exam should test out their exam on the hub, + ane make sure that it will complete within the amount of resources assigned + to it. They should also make sure that the environment (packages, python + versions, etc) are set up appropriately. From the time they test this until + the exam is over, new environment changes are put on hold. + +4. We should pre-warm the cluster the hub is on before the start of the exam, + to make sure that all users can start a notebook without having to wait. This + is also for equity reasons, to make sure we don't disadvantage one user from + another. + +5. Issues during the exam are communicated via freshdesk, and what we are paid + for is to make sure we respond immediately - there is no guarantee of fixes, + although we try very hard to make sure the infrastructure is stable during this + period. diff --git a/docs/index.md b/docs/index.md index 2855669b37..5ed3dcadce 100644 --- a/docs/index.md +++ b/docs/index.md @@ -70,6 +70,7 @@ deployed occasionally as a specific addition. howto/features/index.md howto/bill.md howto/custom-jupyterhub-image.md +howto/exam.md howto/manage-domains/index.md howto/grafana-github-auth.md howto/update-env.md From df278825df0435a6356574918d65568a7a1535d7 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Fri, 31 Mar 2023 17:18:39 +0530 Subject: [PATCH 155/494] Fix typo Co-authored-by: Georgiana --- docs/howto/exam.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/exam.md b/docs/howto/exam.md index 32ccef9b7f..e886154a83 100644 --- a/docs/howto/exam.md +++ b/docs/howto/exam.md @@ -22,7 +22,7 @@ This page documents what we do to prep, based on our prior experiences. is done. 3. The instructor running the exam should test out their exam on the hub, - ane make sure that it will complete within the amount of resources assigned + and make sure that it will complete within the amount of resources assigned to it. They should also make sure that the environment (packages, python versions, etc) are set up appropriately. From the time they test this until the exam is over, new environment changes are put on hold. From 836848ed252bc09516b2574fbc2412f3ae805169 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 13 Dec 2023 14:24:08 +0200 Subject: [PATCH 156/494] Split the first step and add simple access checklist --- docs/howto/exam.md | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/howto/exam.md b/docs/howto/exam.md index e886154a83..46ba4fa7c1 100644 --- a/docs/howto/exam.md +++ b/docs/howto/exam.md @@ -6,12 +6,24 @@ for responsiveness. This page documents what we do to prep, based on our prior experiences. -1. Make sure the exact dates and times of the exam are checked well in - advance, and we have enough engineering coverage during this time period. - Engineers should also *test* their access to the infrastructure and the +1. **Exact dates and times are known and at least two engineers available** + + Make sure the exact dates and times of the exam are checked well in + advance, and we have at least two engineers available during this time period. + +2. **Check engineer access** + + Engineers should *test* their access to the infrastructure and the hub beforehand, to make sure they can fix issues if needed. -2. For the duration of the exam, all user pods must have a + Simple checklist: + - 🔲 Can access and login to the hub admin page + - 🔲 Can access and login to the cluster grafana + - 🔲 Can access and login to the cloud console + - 🔲 Test access to Logs Explorer for container logs if on GCP + - 🔲 Test that running `deployer use-cluster-credentials $CLUSTER` and then `kubectl get pods -A` work + +3. For the duration of the exam, all user pods must have a [guaranteed quality of service class](https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/). In practice, this means we have memory & cpu requests set to be the same as guarantees. This is to ensure equity - no user should get more or less From f0a7b91028f5d0306a8c6aeb78bae1387e4379d7 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 13 Dec 2023 14:29:32 +0200 Subject: [PATCH 157/494] Clarify guaranteed quality of service when profile lists are used --- docs/howto/exam.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/howto/exam.md b/docs/howto/exam.md index 46ba4fa7c1..0970184fc9 100644 --- a/docs/howto/exam.md +++ b/docs/howto/exam.md @@ -23,16 +23,28 @@ This page documents what we do to prep, based on our prior experiences. - 🔲 Test access to Logs Explorer for container logs if on GCP - 🔲 Test that running `deployer use-cluster-credentials $CLUSTER` and then `kubectl get pods -A` work -3. For the duration of the exam, all user pods must have a +3. **Ensure user pods have a guaranteed quality of service class** + + For the duration of the exam, all user pods must have a [guaranteed quality of service class](https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/). + In practice, this means we have memory & cpu requests set to be the same as guarantees. This is to ensure equity - no user should get more or less resources than any other. It also improves reliability. - This usually increases cost too, so should be done no more than 12h before + This usually increases cost too, so should be done **no more than 12h before** the start of the exam. It should be reverted back soon after the exam is done. + If the hub has a profile list enabled, based on the instance types setup for + the hub, you can find the new allocation options by running: + + ```{bash} + deployer generate resource-allocation choices + ``` + + Running this command will output options where memory requests equal limits. + 3. The instructor running the exam should test out their exam on the hub, and make sure that it will complete within the amount of resources assigned to it. They should also make sure that the environment (packages, python From aec962822ddea7efa5668ce154915d13b6332bc7 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 13 Dec 2023 14:52:56 +0200 Subject: [PATCH 158/494] Add responsabilities for instructor testing before exam --- docs/howto/exam.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/howto/exam.md b/docs/howto/exam.md index 0970184fc9..c661c9c750 100644 --- a/docs/howto/exam.md +++ b/docs/howto/exam.md @@ -45,18 +45,29 @@ This page documents what we do to prep, based on our prior experiences. Running this command will output options where memory requests equal limits. -3. The instructor running the exam should test out their exam on the hub, +4. **Ensure instructor tests the hub before the exam** + + The instructor running the exam should test out their exam on the hub, and make sure that it will complete within the amount of resources assigned to it. They should also make sure that the environment (packages, python versions, etc) are set up appropriately. From the time they test this until the exam is over, new environment changes are put on hold. -4. We should pre-warm the cluster the hub is on before the start of the exam, + Responsibilities: + - the **community and partnerships** team makes sure that the community's + **expectations** around exams are correctly set + - the **engineer(s)** leading the exam, should make sure **they are respected** + +5. **Pre-warm the cluster** + + We should pre-warm the cluster the hub is on before the start of the exam, to make sure that all users can start a notebook without having to wait. This is also for equity reasons, to make sure we don't disadvantage one user from another. -5. Issues during the exam are communicated via freshdesk, and what we are paid +6. **Follow freshdesk for any questions/issues** + + Issues during the exam are communicated via freshdesk, and what we are paid for is to make sure we respond immediately - there is no guarantee of fixes, although we try very hard to make sure the infrastructure is stable during this period. From 607ff368c53dfdaab53d1da97c3187f87bff3040 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 13 Dec 2023 15:37:49 +0200 Subject: [PATCH 159/494] Reword to make more sense --- docs/howto/exam.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/howto/exam.md b/docs/howto/exam.md index c661c9c750..7443971a39 100644 --- a/docs/howto/exam.md +++ b/docs/howto/exam.md @@ -17,9 +17,9 @@ This page documents what we do to prep, based on our prior experiences. hub beforehand, to make sure they can fix issues if needed. Simple checklist: - - 🔲 Can access and login to the hub admin page - - 🔲 Can access and login to the cluster grafana - - 🔲 Can access and login to the cloud console + - 🔲 Access and login to the hub admin page + - 🔲 Access and login to the cluster grafana + - 🔲 Access and login to the cloud console - 🔲 Test access to Logs Explorer for container logs if on GCP - 🔲 Test that running `deployer use-cluster-credentials $CLUSTER` and then `kubectl get pods -A` work From 324634180df25d96b2b63a65cf57ddec5beaec78 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 13 Dec 2023 10:48:52 -0800 Subject: [PATCH 160/494] utoronto: Enable automatic login on utoronto hubs They have a separate home page, so the hub home page itself should never be actually displayed to them. Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/common.values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index 1486bcf40c..38df207a50 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -91,6 +91,12 @@ jupyterhub: concurrent_spawn_limit: 100 # We wanna keep logs long term, primarily for analytics extra_log_file: /srv/jupyterhub/jupyterhub.log + Authenticator: + # If users come directly to jupyter.utoronto.ca or any of the other hub landing pages, + # we don't actually want to show them the landing page - just auth them if needed and + # send them over to wherever they need to go. This is because there is an *external* home + # page that is sending people to appropriate locations with /hub/user-redirect. + auto_login: true CILogonOAuthenticator: allowed_idps: https://idpz.utorauth.utoronto.ca/shibboleth: From d637124316f7a4ee45dfeecd0e21919cbbddd7b0 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 8 Dec 2023 18:57:06 +0200 Subject: [PATCH 161/494] Start an event preparation guide --- docs/howto/event-prep.md | 57 +++++++++++++++++++ docs/howto/features/dedicated-nodepool.md | 1 + .../cloud-accounts/new-aws-account.md | 1 + .../cloud-accounts/new-gcp-project.md | 1 + docs/index.md | 1 + docs/topic/infrastructure/cluster-design.md | 1 + docs/topic/resource-allocation.md | 1 + 7 files changed, 63 insertions(+) create mode 100644 docs/howto/event-prep.md diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md new file mode 100644 index 0000000000..f03fcd7bcc --- /dev/null +++ b/docs/howto/event-prep.md @@ -0,0 +1,57 @@ +# Decide if the infrastructure needs preparation before an Event + +A hub's specific setup is usually optimized based on the day to day usage expectations. But because events provide a different pattern of usage, the infrastructure might need to be adjusted in order to accommodate the spikes in activity. + +The communities we serve have the responsibility to notify us about an event they have planned on a 2i2c hub [at least three weeks before](https://docs.2i2c.org/community/events/#notify-the-2i2c-team-about-the-event) the event will start. This should allow us enough time to plan and prepare the infrastructure for the event properly if needed. + +The events might vary in type, so the following list is not complete and does not cover all of them (yet). + +Most common event types are: + +1. Exams +2. Workshops + +## Event checklist + +Below are listed the main aspects to consider adjusting to prepare a hub for an event: + +### 1. Quotas + +We must ensure that the quotas from the cloud provider are high-enough to handle expected usage. It might be that the number of users attending the event is very big, or their expected resource usage is big, or both. Either way, we need to check the the existing quotas will accommodate the new numbers. + +- [AWS quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) has information about how to check the quotas in an AWS project +- [GCP quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) has information about how to check the quotas in a GCP quotas + +### 2. Dedicated nodepool - shared clusters + +If the hub that's having an event is running on a shared cluster, then we might want to consider putting it on a dedicated nodepool as that will help with cost isolation, scaling up/down effectively, not impacting other hub's users performance. + +Follow the guide at [](features:shared-cluster:dedicated-nodepool) in order to setup a dedicated nodepool before an event. + +### 3. Pre-warming + +There are two mechanisms that we can use to pre-warm a hub before an event: using node sharing via profile lists and by setting a minimum node count. + +```{note} +You can read more about what to consider when setting resource allocation options in profile lists in [](topic:resource-allocation). +``` + +Specifically for events, the node sharing benefits via profile lists vs. setting a minimum node count are: + +- it shouldn't require modifying terraform/eks code in order to change the underlying cluster architecture thanks to our [](topic:cluster-design:instance-type) that should cover most usage needs +- we can setup the infrastructure a few days before the event by opening a PR, and then just merge it as close to the event as possible. Deploying an infrastructure change for an event a few days before isn't as costly as starting "x" nodes before, which required an engineer to be available to make terraform changes as close to the event as possible due to costs +- the instructors are empowered to "pre-warm" the hub by starting notebook servers on nodes they wish to have ready. + +```{warning} +However, for some communities that don't already use profile lists, setting up one just before an event might be confusing, we might want to consider setting up a minimum node count in this case. +``` + +#### 3.1. Using node sharing + +```{important} +Currently, this is the recommended way to prepare a hub before an event if the hub uses profile lists already. +``` + +#### 3.2. By setting a minimum node count for the autoscaler on a specific node pool + + diff --git a/docs/howto/features/dedicated-nodepool.md b/docs/howto/features/dedicated-nodepool.md index 79bc5b82b2..e41bd41f40 100644 --- a/docs/howto/features/dedicated-nodepool.md +++ b/docs/howto/features/dedicated-nodepool.md @@ -1,3 +1,4 @@ +(features:shared-cluster:dedicated-nodepool)= # Setup a dedicated nodepool for a hub on a shared cluster Some hubs on shared clusters require dedicated nodepools, for a few reasons: diff --git a/docs/hub-deployment-guide/cloud-accounts/new-aws-account.md b/docs/hub-deployment-guide/cloud-accounts/new-aws-account.md index 16d21355e0..7e0000c3c2 100644 --- a/docs/hub-deployment-guide/cloud-accounts/new-aws-account.md +++ b/docs/hub-deployment-guide/cloud-accounts/new-aws-account.md @@ -43,6 +43,7 @@ More information on these terms can be found in [](cloud-access:aws). You have successfully created a new AWS account and connected it to our AWS Organization's Management Account! Now, [setup a new cluster](new-cluster:aws) inside it via Terraform. +(hub-deployment-guide:cloud-accounts:aws-quotas)= ## Checking quotas and requesting increases Cloud providers like AWS require their users to request a _Service Quota diff --git a/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md b/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md index 5353636ddb..1efccf79dd 100644 --- a/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md +++ b/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md @@ -23,6 +23,7 @@ ``` 7. [Setup a new cluster](new-cluster:new-cluster) inside it via Terraform +(hub-deployment-guide:cloud-accounts:gcp-quotas)= ## Checking quotas and requesting increases Finally, we should check what quotas are enforced on the project and increase them as necessary. diff --git a/docs/index.md b/docs/index.md index 5ed3dcadce..1f48f031b6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -71,6 +71,7 @@ howto/features/index.md howto/bill.md howto/custom-jupyterhub-image.md howto/exam.md +howto/event-prep.md howto/manage-domains/index.md howto/grafana-github-auth.md howto/update-env.md diff --git a/docs/topic/infrastructure/cluster-design.md b/docs/topic/infrastructure/cluster-design.md index cae71f8c06..39f77ccc72 100644 --- a/docs/topic/infrastructure/cluster-design.md +++ b/docs/topic/infrastructure/cluster-design.md @@ -77,6 +77,7 @@ On GKE clusters with network policy enforcement, we look to edit the `calico-typha-horizontal-autoscaler` ConfigMap in `kube-system` to avoid scaling up to two replicas unless there are very many nodes in the k8s cluster. +(topic:cluster-design:instance-type)= ### Our instance type choice #### For nodes where core services will be scheduled on diff --git a/docs/topic/resource-allocation.md b/docs/topic/resource-allocation.md index 479faeaa51..3f6a94dc36 100644 --- a/docs/topic/resource-allocation.md +++ b/docs/topic/resource-allocation.md @@ -1,3 +1,4 @@ +(topic:resource-allocation)= # Resource Allocation on Profile Lists This document lays out general guidelines on how to think about what goes into From 4e9a0128f919031257c162eb65bc6b101b236963 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 11 Dec 2023 17:13:33 +0200 Subject: [PATCH 162/494] Add a checklsit for pre-warming --- docs/howto/event-prep.md | 80 +++++++++++++++++++++++++++++----------- 1 file changed, 59 insertions(+), 21 deletions(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index f03fcd7bcc..7aa9ffd708 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -1,46 +1,58 @@ # Decide if the infrastructure needs preparation before an Event -A hub's specific setup is usually optimized based on the day to day usage expectations. But because events provide a different pattern of usage, the infrastructure might need to be adjusted in order to accommodate the spikes in activity. +A hub's specific setup is usually optimized based on the day to day usage expectations. But because events usually imply a different usage pattern, the infrastructure might need to be adjusted in order to accommodate the spikes in activity. The communities we serve have the responsibility to notify us about an event they have planned on a 2i2c hub [at least three weeks before](https://docs.2i2c.org/community/events/#notify-the-2i2c-team-about-the-event) the event will start. This should allow us enough time to plan and prepare the infrastructure for the event properly if needed. -The events might vary in type, so the following list is not complete and does not cover all of them (yet). - -Most common event types are: - -1. Exams -2. Workshops +The events might vary in type, so the following list is not complete and does not cover all of them (yet) Most common event types are exams, workshops etc. ## Event checklist -Below are listed the main aspects to consider adjusting to prepare a hub for an event: +Below are listed the main aspects to consider adjusting on a hub to prepare it for an event: -### 1. Quotas +### 1. Check the quotas We must ensure that the quotas from the cloud provider are high-enough to handle expected usage. It might be that the number of users attending the event is very big, or their expected resource usage is big, or both. Either way, we need to check the the existing quotas will accommodate the new numbers. -- [AWS quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) has information about how to check the quotas in an AWS project -- [GCP quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) has information about how to check the quotas in a GCP quotas +```{tip} +- follow the [AWS quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in an AWS project +- follow [GCP quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in a GCP project +``` -### 2. Dedicated nodepool - shared clusters +### 2. Consider dedicated nodepools on shared clusters If the hub that's having an event is running on a shared cluster, then we might want to consider putting it on a dedicated nodepool as that will help with cost isolation, scaling up/down effectively, not impacting other hub's users performance. +```{tip} Follow the guide at [](features:shared-cluster:dedicated-nodepool) in order to setup a dedicated nodepool before an event. +``` -### 3. Pre-warming +### 3. Pre-warm the hub to reduce wait times -There are two mechanisms that we can use to pre-warm a hub before an event: using node sharing via profile lists and by setting a minimum node count. +There are two mechanisms that we can use to pre-warm a hub before an event: + - making sure some **nodes are ready** when users arrive + + This can be done using node sharing via profile lists or by setting a minimum node count. + ```{note} + You can read more about what to consider when setting resource allocation options in profile lists in [](topic:resource-allocation). + ``` + + - the user **image is not huge**, otherwise pre-pulling it must be considered -```{note} -You can read more about what to consider when setting resource allocation options in profile lists in [](topic:resource-allocation). -``` Specifically for events, the node sharing benefits via profile lists vs. setting a minimum node count are: -- it shouldn't require modifying terraform/eks code in order to change the underlying cluster architecture thanks to our [](topic:cluster-design:instance-type) that should cover most usage needs -- we can setup the infrastructure a few days before the event by opening a PR, and then just merge it as close to the event as possible. Deploying an infrastructure change for an event a few days before isn't as costly as starting "x" nodes before, which required an engineer to be available to make terraform changes as close to the event as possible due to costs -- the instructors are empowered to "pre-warm" the hub by starting notebook servers on nodes they wish to have ready. + - **no `terraform/eks` infrastructure changes** + + they shouldn't require modifying terraform/eks code in order to change the underlying cluster architecture thanks to [](topic:cluster-design:instance-type) that should cover most usage needs + + - **more cost flexibility** + + we can setup the infrastructure a few days before the event by opening a PR, and then just merge it as close to the event as possible. Deploying an infrastructure change for an event a few days before isn't as costly as starting "x" nodes before, which required an engineer to be available to make terraform changes as close to the event as possible due to costs + + - **less engineering intervention needed** + + the instructors are empowered to "pre-warm" the hub by starting notebook servers on nodes they wish to have ready. ```{warning} However, for some communities that don't already use profile lists, setting up one just before an event might be confusing, we might want to consider setting up a minimum node count in this case. @@ -49,9 +61,35 @@ However, for some communities that don't already use profile lists, setting up o #### 3.1. Using node sharing ```{important} -Currently, this is the recommended way to prepare a hub before an event if the hub uses profile lists already. +Currently, this is the recommended way to prepare a hub before an event if the hub uses profile lists. ``` +Assuming this hub already has a profile list, before an event, you should check the following: + +1. **Information is avalailable** + + Make sure the information in the event GitHub issue was filled in, especially the number of expected users before an event and their expected resource needs (if that can be known by the community beforehand). + +2. **Given the current setup, calculate** + + - how many users will fit on a node? + - how many nodes will be necessary during the event? + +3. **Check some rules** + + With the numbers you got, check the following general rules are respected: + + - **Startup time** + - have at least `3-4 people on a node` but [no more than ~100]( https://kubernetes.io/docs/setup/best-practices/cluster-large/#:~:text=No%20more%20than%20110%20pods,more%20than%20300%2C000%20total%20containers) as few users per node cause longer startup times + - `no more than 30% of the users waiting for a node` to come up + - For events, we wish to enforce memory constraints that can easily be observed and understood. We might want to consider having an oversubscription factor of 1. + With this setup, when the limit is reached, the process inside container will be killed and typically in this situation, the kernel dies. + + +3. **Tilt the balance towards reducing server startup time** + +https://infrastructure.2i2c.org/topic/resource-allocation/#factors-to-balance + #### 3.2. By setting a minimum node count for the autoscaler on a specific node pool From 1fb316fc80159506bfb50ed316c50bd83e36082b Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 12 Dec 2023 16:53:32 +0200 Subject: [PATCH 163/494] Add more details about oversubsctiption --- docs/howto/event-prep.md | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index 7aa9ffd708..56529b51e5 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -4,7 +4,7 @@ A hub's specific setup is usually optimized based on the day to day usage expect The communities we serve have the responsibility to notify us about an event they have planned on a 2i2c hub [at least three weeks before](https://docs.2i2c.org/community/events/#notify-the-2i2c-team-about-the-event) the event will start. This should allow us enough time to plan and prepare the infrastructure for the event properly if needed. -The events might vary in type, so the following list is not complete and does not cover all of them (yet) Most common event types are exams, workshops etc. +The events might vary in type, so the following list is not complete and does not cover all of them (yet). Most common event types are exams, workshops etc. ## Event checklist @@ -66,25 +66,44 @@ Currently, this is the recommended way to prepare a hub before an event if the h Assuming this hub already has a profile list, before an event, you should check the following: -1. **Information is avalailable** +1. **Information is available** Make sure the information in the event GitHub issue was filled in, especially the number of expected users before an event and their expected resource needs (if that can be known by the community beforehand). 2. **Given the current setup, calculate** - - how many users will fit on a node? - - how many nodes will be necessary during the event? + - x = how many users will fit on a node? 3. **Check some rules** - With the numbers you got, check the following general rules are respected: + Check that `x` respects the following general rules: - - **Startup time** - - have at least `3-4 people on a node` but [no more than ~100]( https://kubernetes.io/docs/setup/best-practices/cluster-large/#:~:text=No%20more%20than%20110%20pods,more%20than%20300%2C000%20total%20containers) as few users per node cause longer startup times - - `no more than 30% of the users waiting for a node` to come up - - For events, we wish to enforce memory constraints that can easily be observed and understood. We might want to consider having an oversubscription factor of 1. - With this setup, when the limit is reached, the process inside container will be killed and typically in this situation, the kernel dies. + - **Minimize startup time** + - have at least `3-4 people on a node` as few users per node cause longer startup times + - `no more than 30% of the users waiting for a node` to come up, but [no more than ~100]( https://kubernetes.io/docs/setup/best-practices/cluster-large/#:~:text=No%20more%20than%20110%20pods,more%20than%20300%2C000%20total%20containers) + + ```{admonition} Action to take + :class: tip + + If `x` doesn't respect the rules above, you should adjust the instance type. + ``` + + - **Don't oversubscribe resources** + + The oversubscription factor is how much larger a limit is than the actual request (aka, the minimum guaranteed amount of a resource that is reserved for a container). When this factor is greater, then a more efficient node packing can be achieved because usually most users don't use resources up to their limit, and more users can fit on a node. + + However, a bigger oversubscription factor also means that the users that use more resources than they are guaranteed can get their kernels killed or CPU throttled at some other times, based on what other users are doing. This inconsistent behavior is confusing to end users and the hub, so we should try and avoid this during events. + + ````{admonition} Action to take + :class: tip + + If the hub is setup so that the oversubscription factor of memory is greater than 1, you should consider changing it. For this you can use the deployer script by passing it the instance type where the pods will be scheduled on, in this example is `n2-highmem-4` and pick the choice(s) that will be used during the event based on expected usage. + + ```bash + deployer generate resource-allocation choices n2-highmem-4 + ``` + ```` 3. **Tilt the balance towards reducing server startup time** From e5309131a28a2d4e22fb8f7521ad8317ca424794 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 12 Dec 2023 18:35:54 +0200 Subject: [PATCH 164/494] Restructure the content a bit morE --- docs/conf.py | 1 + docs/howto/event-prep.md | 106 +++++++++++++++++++++++---------------- 2 files changed, 63 insertions(+), 44 deletions(-) diff --git a/docs/conf.py b/docs/conf.py index 9f93872895..c6fb4840e6 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -17,6 +17,7 @@ "sphinx_design", "sphinxcontrib.mermaid", "sphinxcontrib.jquery", + "sphinx_togglebutton", ] intersphinx_mapping = { diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index 56529b51e5..0f2f826334 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -2,7 +2,9 @@ A hub's specific setup is usually optimized based on the day to day usage expectations. But because events usually imply a different usage pattern, the infrastructure might need to be adjusted in order to accommodate the spikes in activity. +```{important} The communities we serve have the responsibility to notify us about an event they have planned on a 2i2c hub [at least three weeks before](https://docs.2i2c.org/community/events/#notify-the-2i2c-team-about-the-event) the event will start. This should allow us enough time to plan and prepare the infrastructure for the event properly if needed. +``` The events might vary in type, so the following list is not complete and does not cover all of them (yet). Most common event types are exams, workshops etc. @@ -10,11 +12,12 @@ The events might vary in type, so the following list is not complete and does no Below are listed the main aspects to consider adjusting on a hub to prepare it for an event: -### 1. Check the quotas +### 1. Quotas We must ensure that the quotas from the cloud provider are high-enough to handle expected usage. It might be that the number of users attending the event is very big, or their expected resource usage is big, or both. Either way, we need to check the the existing quotas will accommodate the new numbers. -```{tip} +```{admonition} Action to take +:class: tip - follow the [AWS quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in an AWS project - follow [GCP quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in a GCP project ``` @@ -23,92 +26,107 @@ We must ensure that the quotas from the cloud provider are high-enough to handle If the hub that's having an event is running on a shared cluster, then we might want to consider putting it on a dedicated nodepool as that will help with cost isolation, scaling up/down effectively, not impacting other hub's users performance. -```{tip} +```{admonition} Action to take +:class: tip Follow the guide at [](features:shared-cluster:dedicated-nodepool) in order to setup a dedicated nodepool before an event. ``` ### 3. Pre-warm the hub to reduce wait times There are two mechanisms that we can use to pre-warm a hub before an event: - - making sure some **nodes are ready** when users arrive + +- making sure some **nodes are ready** when users arrive This can be done using node sharing via profile lists or by setting a minimum node count. + ```{note} You can read more about what to consider when setting resource allocation options in profile lists in [](topic:resource-allocation). ``` - - the user **image is not huge**, otherwise pre-pulling it must be considered - + ```{admonition} Expand this to find out the benefits of node sharing via profile lists + :class: dropdown + Specifically for events, the node sharing benefits via profile lists vs. setting a minimum node count are: -Specifically for events, the node sharing benefits via profile lists vs. setting a minimum node count are: + - **no `terraform/eks` infrastructure changes** - - **no `terraform/eks` infrastructure changes** + they shouldn't require modifying terraform/eks code in order to change the underlying cluster architecture thanks to [](topic:cluster-design:instance-type) that should cover most usage needs - they shouldn't require modifying terraform/eks code in order to change the underlying cluster architecture thanks to [](topic:cluster-design:instance-type) that should cover most usage needs + - **more cost flexibility** - - **more cost flexibility** + we can setup the infrastructure a few days before the event by opening a PR, and then just merge it as close to the event as possible. Deploying an infrastructure change for an event a few days before isn't as costly as starting "x" nodes before, which required an engineer to be available to make terraform changes as close to the event as possible due to costs - we can setup the infrastructure a few days before the event by opening a PR, and then just merge it as close to the event as possible. Deploying an infrastructure change for an event a few days before isn't as costly as starting "x" nodes before, which required an engineer to be available to make terraform changes as close to the event as possible due to costs + - **less engineering intervention needed** - - **less engineering intervention needed** + the instructors are empowered to "pre-warm" the hub by starting notebook servers on nodes they wish to have ready. + ``` - the instructors are empowered to "pre-warm" the hub by starting notebook servers on nodes they wish to have ready. +- the user **image is not huge**, otherwise pre-pulling it must be considered -```{warning} -However, for some communities that don't already use profile lists, setting up one just before an event might be confusing, we might want to consider setting up a minimum node count in this case. -``` -#### 3.1. Using node sharing +#### 3.1. Node sharing via profile lists ```{important} -Currently, this is the recommended way to prepare a hub before an event if the hub uses profile lists. +Currently, this is the recommended way to handle an event on a hub. However, for some communities that don't already use profile lists, setting up one just before an event might be confusing, we might want to consider setting up a minimum node count in this case. ``` +During events, we want to tilt the balance towards reducing server startup time. The docs at [](topic:resource-allocation) have more information about all the factors that should be considered during resource allocation. + Assuming this hub already has a profile list, before an event, you should check the following: 1. **Information is available** Make sure the information in the event GitHub issue was filled in, especially the number of expected users before an event and their expected resource needs (if that can be known by the community beforehand). -2. **Given the current setup, calculate** +2. **Given the current setup, calculate how many users will fit on a node?** - - x = how many users will fit on a node? + Check that the current number of users/node respects the following general event wishlist. -3. **Check some rules** +3. **Minimize startup time** - Check that `x` respects the following general rules: + - have at least `3-4 people on a node` as few users per node cause longer startup times, but [no more than ~100]( https://kubernetes.io/docs/setup/best-practices/cluster-large/#:~:text=No%20more%20than%20110%20pods,more%20than%20300%2C000%20total%20containers) + - don't have more than 30% of the users waiting for a node to come up - - **Minimize startup time** + ```{admonition} Action to take + :class: tip - - have at least `3-4 people on a node` as few users per node cause longer startup times - - `no more than 30% of the users waiting for a node` to come up, but [no more than ~100]( https://kubernetes.io/docs/setup/best-practices/cluster-large/#:~:text=No%20more%20than%20110%20pods,more%20than%20300%2C000%20total%20containers) - - ```{admonition} Action to take - :class: tip - - If `x` doesn't respect the rules above, you should adjust the instance type. - ``` + If the current number of users per node doesn't respect the rules above, you should adjust the instance type so that it does. + ``` - - **Don't oversubscribe resources** +4. **Don't oversubscribe resources** + The oversubscription factor is how much larger a limit is than the actual request (aka, the minimum guaranteed amount of a resource that is reserved for a container). When this factor is greater, then a more efficient node packing can be achieved because usually most users don't use resources up to their limit, and more users can fit on a node. - The oversubscription factor is how much larger a limit is than the actual request (aka, the minimum guaranteed amount of a resource that is reserved for a container). When this factor is greater, then a more efficient node packing can be achieved because usually most users don't use resources up to their limit, and more users can fit on a node. + However, a bigger oversubscription factor also means that the users that use more resources than they are guaranteed can get their kernels killed or CPU throttled at some other times, based on what other users are doing. This inconsistent behavior is confusing to end users and the hub, so we should try and avoid this during events. - However, a bigger oversubscription factor also means that the users that use more resources than they are guaranteed can get their kernels killed or CPU throttled at some other times, based on what other users are doing. This inconsistent behavior is confusing to end users and the hub, so we should try and avoid this during events. + ````{admonition} Action to take + :class: tip - ````{admonition} Action to take - :class: tip + For an event, you should consider an oversubscription factor of 1. For this you can use the deployer script by passing it the instance type where the pods will be scheduled on (in this example is `n2-highmem-4`), then from its output, pick the choice(s) that will be used during the event based on expected usage. - If the hub is setup so that the oversubscription factor of memory is greater than 1, you should consider changing it. For this you can use the deployer script by passing it the instance type where the pods will be scheduled on, in this example is `n2-highmem-4` and pick the choice(s) that will be used during the event based on expected usage. + ```bash + deployer generate resource-allocation choices n2-highmem-4 + ``` + ```` - ```bash - deployer generate resource-allocation choices n2-highmem-4 - ``` - ```` +````{warning} +Note that if you are changing the instance type, you should also consider re-writing the allocation options, especially if you are going with a smaller machine than the original one. -3. **Tilt the balance towards reducing server startup time** +```bash +deployer generate resource-allocation choices n2-highmem-4 +``` +```` -https://infrastructure.2i2c.org/topic/resource-allocation/#factors-to-balance +#### 3.2. Setting a minimum node count on a specific node pool + TODO -#### 3.2. By setting a minimum node count for the autoscaler on a specific node pool +#### 3.3. Pre-pulling the image + TODO. Relevant discussions: + - https://github.com/2i2c-org/infrastructure/issues/2541 + - https://github.com/2i2c-org/infrastructure/pull/3313 + - https://github.com/2i2c-org/infrastructure/pull/3341 +```{important} +To get a deeper understanding of the resource allocation topic, you can read up these issues: +- https://github.com/2i2c-org/infrastructure/issues/2121 +- +``` \ No newline at end of file From 6cdbf9ad2c6dd162ec0be85e39a12f110b6dc491 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 12 Dec 2023 18:46:15 +0200 Subject: [PATCH 165/494] Move warning higher --- docs/howto/event-prep.md | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index 0f2f826334..16d436c789 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -86,11 +86,16 @@ Assuming this hub already has a profile list, before an event, you should check - have at least `3-4 people on a node` as few users per node cause longer startup times, but [no more than ~100]( https://kubernetes.io/docs/setup/best-practices/cluster-large/#:~:text=No%20more%20than%20110%20pods,more%20than%20300%2C000%20total%20containers) - don't have more than 30% of the users waiting for a node to come up - ```{admonition} Action to take + ````{admonition} Action to take :class: tip If the current number of users per node doesn't respect the rules above, you should adjust the instance type so that it does. + Note that if you are changing the instance type, you should also consider re-writing the allocation options, especially if you are going with a smaller machine than the original one. + + ```bash + deployer generate resource-allocation choices ``` + ```` 4. **Don't oversubscribe resources** The oversubscription factor is how much larger a limit is than the actual request (aka, the minimum guaranteed amount of a resource that is reserved for a container). When this factor is greater, then a more efficient node packing can be achieved because usually most users don't use resources up to their limit, and more users can fit on a node. @@ -107,26 +112,22 @@ Assuming this hub already has a profile list, before an event, you should check ``` ```` -````{warning} -Note that if you are changing the instance type, you should also consider re-writing the allocation options, especially if you are going with a smaller machine than the original one. - -```bash -deployer generate resource-allocation choices n2-highmem-4 -``` -```` #### 3.2. Setting a minimum node count on a specific node pool - TODO +TODO #### 3.3. Pre-pulling the image - TODO. Relevant discussions: - - https://github.com/2i2c-org/infrastructure/issues/2541 - - https://github.com/2i2c-org/infrastructure/pull/3313 - - https://github.com/2i2c-org/infrastructure/pull/3341 +TODO. Relevant discussions: +- https://github.com/2i2c-org/infrastructure/issues/2541 +- https://github.com/2i2c-org/infrastructure/pull/3313 +- https://github.com/2i2c-org/infrastructure/pull/3341 ```{important} -To get a deeper understanding of the resource allocation topic, you can read up these issues: +To get a deeper understanding of the resource allocation topic, you can read up these issues and documentation pieces: - https://github.com/2i2c-org/infrastructure/issues/2121 -- +- https://github.com/2i2c-org/infrastructure/pull/3030 +- https://github.com/2i2c-org/infrastructure/issues/3132 +- https://github.com/2i2c-org/infrastructure/issues/3293 +- https://infrastructure.2i2c.org/topic/resource-allocation/#factors-to-balance ``` \ No newline at end of file From cdc6d04058d8dfc051fed8fed4bcb8aeb33501f4 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Wed, 13 Dec 2023 15:41:11 +0200 Subject: [PATCH 166/494] Fix missing word Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/event-prep.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index 16d436c789..ebc6f0e991 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -19,7 +19,7 @@ We must ensure that the quotas from the cloud provider are high-enough to handle ```{admonition} Action to take :class: tip - follow the [AWS quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in an AWS project -- follow [GCP quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in a GCP project +- follow the [GCP quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in a GCP project ``` ### 2. Consider dedicated nodepools on shared clusters From 7a3aa93ce7d2a59f47a970e08b2f0fdfa0eb88d2 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Wed, 13 Dec 2023 15:41:28 +0200 Subject: [PATCH 167/494] Reword for clarity Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/event-prep.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index ebc6f0e991..95594b2b47 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -24,7 +24,7 @@ We must ensure that the quotas from the cloud provider are high-enough to handle ### 2. Consider dedicated nodepools on shared clusters -If the hub that's having an event is running on a shared cluster, then we might want to consider putting it on a dedicated nodepool as that will help with cost isolation, scaling up/down effectively, not impacting other hub's users performance. +If the hub that's having an event is running on a shared cluster, then we might want to consider putting it on a dedicated nodepool as that will help with cost isolation, scaling up/down effectively, and avoid impacting other hub's users performance. ```{admonition} Action to take :class: tip From c8c426a4cadaa870d0e8f640ba84eb7a4164f31b Mon Sep 17 00:00:00 2001 From: Georgiana Date: Wed, 13 Dec 2023 16:01:47 +0200 Subject: [PATCH 168/494] Turn todo into a warning Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/event-prep.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index 95594b2b47..2ade863933 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -114,7 +114,9 @@ Assuming this hub already has a profile list, before an event, you should check #### 3.2. Setting a minimum node count on a specific node pool -TODO +```{warning} +This section is a Work in Progress! +``` #### 3.3. Pre-pulling the image TODO. Relevant discussions: From 4e292cc53edcd68029977722b37db8d6f1d797a4 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 13 Dec 2023 16:04:55 +0200 Subject: [PATCH 169/494] Turn todo into a wip warning --- docs/howto/event-prep.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index 2ade863933..69bd15ef67 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -119,12 +119,16 @@ This section is a Work in Progress! ``` #### 3.3. Pre-pulling the image -TODO. Relevant discussions: + +```{warning} +This section is a Work in Progress! +``` + +Relevant discussions: - https://github.com/2i2c-org/infrastructure/issues/2541 - https://github.com/2i2c-org/infrastructure/pull/3313 - https://github.com/2i2c-org/infrastructure/pull/3341 - ```{important} To get a deeper understanding of the resource allocation topic, you can read up these issues and documentation pieces: - https://github.com/2i2c-org/infrastructure/issues/2121 From 6f94462d731ac00e315271d47fa6c1d6789b2eff Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 14 Dec 2023 15:34:59 +0200 Subject: [PATCH 170/494] Add resource allocation script example --- docs/howto/event-prep.md | 79 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 74 insertions(+), 5 deletions(-) diff --git a/docs/howto/event-prep.md b/docs/howto/event-prep.md index 69bd15ef67..dd40bedce6 100644 --- a/docs/howto/event-prep.md +++ b/docs/howto/event-prep.md @@ -84,6 +84,7 @@ Assuming this hub already has a profile list, before an event, you should check 3. **Minimize startup time** - have at least `3-4 people on a node` as few users per node cause longer startup times, but [no more than ~100]( https://kubernetes.io/docs/setup/best-practices/cluster-large/#:~:text=No%20more%20than%20110%20pods,more%20than%20300%2C000%20total%20containers) + - don't have more than 30% of the users waiting for a node to come up ````{admonition} Action to take @@ -92,26 +93,94 @@ Assuming this hub already has a profile list, before an event, you should check If the current number of users per node doesn't respect the rules above, you should adjust the instance type so that it does. Note that if you are changing the instance type, you should also consider re-writing the allocation options, especially if you are going with a smaller machine than the original one. - ```bash + ```{code-block} deployer generate resource-allocation choices ``` ```` 4. **Don't oversubscribe resources** + The oversubscription factor is how much larger a limit is than the actual request (aka, the minimum guaranteed amount of a resource that is reserved for a container). When this factor is greater, then a more efficient node packing can be achieved because usually most users don't use resources up to their limit, and more users can fit on a node. However, a bigger oversubscription factor also means that the users that use more resources than they are guaranteed can get their kernels killed or CPU throttled at some other times, based on what other users are doing. This inconsistent behavior is confusing to end users and the hub, so we should try and avoid this during events. - ````{admonition} Action to take + `````{admonition} Action to take :class: tip - For an event, you should consider an oversubscription factor of 1. For this you can use the deployer script by passing it the instance type where the pods will be scheduled on (in this example is `n2-highmem-4`), then from its output, pick the choice(s) that will be used during the event based on expected usage. + For an event, you should consider an oversubscription factor of 1. + + - if the instance type remains unchanged, then just adjust the limit to match the memory guarantee if not already the case + + - if the instance type also changes, then you can use the `deployer generate resource-allocation` command, passing it the new instance type and optionally the number of choices. + + You can then use its output to: + - either replace all allocation options with the ones for the new node type + - or pick the choice(s) that will be used during the event based on expected usage and just don't show the others - ```bash - deployer generate resource-allocation choices n2-highmem-4 + ````{admonition} Example + For example, if the community expects to only use ~3GB of memory during an event, and no other users are expected to use the hub for the duration of the event, then you can choose to only make available that one option. + + Assuming they had 4 options on a `n2-highmem-2` machine and we wish to move them on a `n2-highmem-4` for the event, we could run: + + ```{code-block} + deployer generate resource-allocation choices n2-highmem-4 --num-allocations 4 + ``` + + which will output: + + ```{code-block} + # pick this option to present the single ~3GB memory option for the event + mem_3_4: + display_name: 3.4 GB RAM, upto 3.485 CPUs + kubespawner_override: + mem_guarantee: 3662286336 + mem_limit: 3662286336 + cpu_guarantee: 0.435625 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + default: true + mem_6_8: + display_name: 6.8 GB RAM, upto 3.485 CPUs + kubespawner_override: + mem_guarantee: 7324572672 + mem_limit: 7324572672 + cpu_guarantee: 0.87125 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + (...2 more options) + ``` + And we would have this in the profileList configuration: + ```{code-block} + profileList: + - display_name: Workshop + description: Workshop environment + default: true + kubespawner_override: + image: python:6ee57a9 + profile_options: + requests: + display_name: Resource Allocation + choices: + mem_3_4: + display_name: 3.4 GB RAM, upto 3.485 CPUs + kubespawner_override: + mem_guarantee: 3662286336 + mem_limit: 3662286336 + cpu_guarantee: 0.435625 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 ``` ```` + ````{warning} + The `deployer generate resource-allocation`: + - cam only generate options where guarantees (requests) equal limits! + - supports the instance types located in `node-capacity-info.json` file + ```` + ````` #### 3.2. Setting a minimum node count on a specific node pool ```{warning} From 090336b9dacbdffd67dbf4a4f78e8147a9df8285 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 14 Dec 2023 17:09:57 +0200 Subject: [PATCH 171/494] Put exams and event prep into the same dir --- docs/howto/{ => prepare-for-events}/event-prep.md | 0 docs/howto/{ => prepare-for-events}/exam.md | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename docs/howto/{ => prepare-for-events}/event-prep.md (100%) rename docs/howto/{ => prepare-for-events}/exam.md (100%) diff --git a/docs/howto/event-prep.md b/docs/howto/prepare-for-events/event-prep.md similarity index 100% rename from docs/howto/event-prep.md rename to docs/howto/prepare-for-events/event-prep.md diff --git a/docs/howto/exam.md b/docs/howto/prepare-for-events/exam.md similarity index 100% rename from docs/howto/exam.md rename to docs/howto/prepare-for-events/exam.md From ec631715913e986443356820d14ec973bd2d9b3a Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Wed, 13 Dec 2023 13:05:55 -0300 Subject: [PATCH 172/494] Add support chart to earthscope cluster --- .github/workflows/deploy-hubs.yaml | 1 + config/clusters/earthscope/cluster.yaml | 12 +++++++++ config/clusters/earthscope/common.values.yaml | 12 +++++++++ .../enc-deployer-credentials.secret.json | 25 +++++++++++++++++++ .../earthscope/enc-grafana-token.secret.yaml | 15 +++++++++++ .../clusters/earthscope/support.values.yaml | 6 +++++ eksctl/earthscope.jsonnet | 2 +- 7 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 config/clusters/earthscope/cluster.yaml create mode 100644 config/clusters/earthscope/common.values.yaml create mode 100644 config/clusters/earthscope/enc-deployer-credentials.secret.json create mode 100644 config/clusters/earthscope/enc-grafana-token.secret.yaml diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index f91acf5e3e..f417ef0c71 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -206,6 +206,7 @@ jobs: failure_catalystproject-africa: "${{ env.failure_catalystproject-africa }}" failure_hhmi: "${{ env.failure_hhmi }}" failure_nasa-esdis: "${{ env.failure_nasa-esdis }}" + failure_earthscope: "${{ env.failure_earthscope }}" # Only run this job on pushes to the default branch and when the job output is not # an empty list diff --git a/config/clusters/earthscope/cluster.yaml b/config/clusters/earthscope/cluster.yaml new file mode 100644 index 0000000000..6c87d543ed --- /dev/null +++ b/config/clusters/earthscope/cluster.yaml @@ -0,0 +1,12 @@ +name: earthscope +provider: aws +aws: + key: enc-deployer-credentials.secret.json + clusterType: eks + clusterName: earthscope + region: us-east-2 +support: + helm_chart_values_files: + - support.values.yaml + - enc-support.secret.values.yaml +hubs: [] diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml new file mode 100644 index 0000000000..09fddb90ea --- /dev/null +++ b/config/clusters/earthscope/common.values.yaml @@ -0,0 +1,12 @@ +nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-08e7747330d833d82.efs.us-east-2.amazonaws.com + baseShareName: / diff --git a/config/clusters/earthscope/enc-deployer-credentials.secret.json b/config/clusters/earthscope/enc-deployer-credentials.secret.json new file mode 100644 index 0000000000..97a86ef90e --- /dev/null +++ b/config/clusters/earthscope/enc-deployer-credentials.secret.json @@ -0,0 +1,25 @@ +{ + "AccessKey": { + "AccessKeyId": "ENC[AES256_GCM,data:3/SbbOw+wTiuR/pAQX7YlzqZ+A0=,iv:xLjEyZGkbaQ3eVcsfsoFInazu52pT++HtqmbMYFO830=,tag:h8u13XufpQEQzuntIERpfQ==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:PAVaW/JJ93Lp3Fx+SzN7ZWZ311NuXjK4E7Fc9kRPxXDmQ/oVScCNYQ==,iv:8BEyHh9q+quWTQGpFYcTaXQcu1G9dSH6xhxLded9ht8=,tag:ut13RYce6EJ8QzBXw5oz1w==,type:str]", + "UserName": "ENC[AES256_GCM,data:K5C/1DqLJQrmifgZdWirxa3ws5vmV4M=,iv:raMPP4vlfmLsiLkgeyzBmZjffNLnVKFrS2A9S5DfNLM=,tag:wCMDinJkFGAnvIIIvliF0w==,type:str]" + }, + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2023-12-12T16:24:08Z", + "enc": "CiUA4OM7eOXl1aeA440/OPv/B9ma2zG5unKWGkDFcWuyjc5s3zg6EkkAjTWv+nwxhn+vpS6YKnVaaH/RXfstRskGPc3dp2i0uPgew3epepkKiLgOgC83b49xR6hlUIWYaShh0sj756PXEXi9O4HFGAtx" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2023-12-12T16:24:12Z", + "mac": "ENC[AES256_GCM,data:6wtwcF2rP6HQzbhaPv3hjpMD9nQbgOeFcuUkFa8pUk1xJy64ISB5VBLop3PgMMXO5kODMsPSC+z3Jmlo8BGtWLb73IvEPQvDUWDxDD9cpN4GRY5et2SD7S9xj7sG1pAoW89xPojsaRBJjGxsNvNMZfE91wSgZMw5hP06SLczbTs=,iv:lxMzrM4Q703SrMfb7DgJxN+tqSU6X+qhBPlURibAOJg=,tag:WnpMif7eXtfO++fy4q3xyQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/config/clusters/earthscope/enc-grafana-token.secret.yaml b/config/clusters/earthscope/enc-grafana-token.secret.yaml new file mode 100644 index 0000000000..4b5bb816c8 --- /dev/null +++ b/config/clusters/earthscope/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:BMfj2nbCJsDHhMx2o2yEoTturNCXOc+jBwKa9Qc/ExO33kAimGZ+e4K43XFoCg==,iv:mhLg7G468X5xcBfqZrO3L5O5VR2sQ8kX87pPg6JU6UI=,tag:Ih/2tuZrBStr42ytEG6kXw==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-14T14:57:49Z" + enc: CiUA4OM7eBNA5OdxpRPD7yDKzvTB3I+oOlGepXn6Kc6VVzU6kcvJEkkAjTWv+oydSi4AiBKtVMhOCs/7vIG7DGwzvOy+kmFq5jJt1FJrhJ4FA2L9x0XygvC+xFI0P7RKQjWEaolkkmJy7chYLVZ1OE42 + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-14T14:57:50Z" + mac: ENC[AES256_GCM,data:Tmm/phrp21xChffGJl9Y5bONlhrC8cHEb8it/iQXv1BwN03vOT1vbeVmGCOm5QN9sEeISsMlKOO7F90xrndF1DX2B7S8i82DYlKoAN14KPj5pLZycu1aEWVYKjNXE2kq0g6P9CFm4YTE0np+wfFrXbjnGN3klqeh/XhmANmVbAI=,iv:JB2FZHMHIssG7PLzFz0Hdde7bMD/jTtGanJab7i7CsU=,tag:4l3bmrsw+QykwoB38ECMAQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/earthscope/support.values.yaml b/config/clusters/earthscope/support.values.yaml index a1060d493e..97b0aae8fa 100644 --- a/config/clusters/earthscope/support.values.yaml +++ b/config/clusters/earthscope/support.values.yaml @@ -26,3 +26,9 @@ grafana: - secretName: grafana-tls hosts: - grafana.earthscope.2i2c.cloud + +cluster-autoscaler: + enabled: true + autoDiscovery: + clusterName: earthscope + awsRegion: us-east-2 diff --git a/eksctl/earthscope.jsonnet b/eksctl/earthscope.jsonnet index 90926c0cef..07b42121fa 100644 --- a/eksctl/earthscope.jsonnet +++ b/eksctl/earthscope.jsonnet @@ -50,7 +50,7 @@ local daskNodes = [ metadata+: { name: "earthscope", region: clusterRegion, - version: "1.27", + version: "1.28", }, availabilityZones: masterAzs, iam: { From ac9e3760fc1f72fe8c7ddeef98eb22e375927234 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 14 Dec 2023 17:40:35 +0200 Subject: [PATCH 173/494] Crete a separate section for events --- docs/howto/prepare-for-events/event-prep.md | 24 ++++++--------------- docs/howto/prepare-for-events/index.md | 15 +++++++++++++ docs/index.md | 3 +-- 3 files changed, 23 insertions(+), 19 deletions(-) create mode 100644 docs/howto/prepare-for-events/index.md diff --git a/docs/howto/prepare-for-events/event-prep.md b/docs/howto/prepare-for-events/event-prep.md index dd40bedce6..4cdb4e98e2 100644 --- a/docs/howto/prepare-for-events/event-prep.md +++ b/docs/howto/prepare-for-events/event-prep.md @@ -1,18 +1,8 @@ -# Decide if the infrastructure needs preparation before an Event - -A hub's specific setup is usually optimized based on the day to day usage expectations. But because events usually imply a different usage pattern, the infrastructure might need to be adjusted in order to accommodate the spikes in activity. - -```{important} -The communities we serve have the responsibility to notify us about an event they have planned on a 2i2c hub [at least three weeks before](https://docs.2i2c.org/community/events/#notify-the-2i2c-team-about-the-event) the event will start. This should allow us enough time to plan and prepare the infrastructure for the event properly if needed. -``` - -The events might vary in type, so the following list is not complete and does not cover all of them (yet). Most common event types are exams, workshops etc. - -## Event checklist +# Event infrastructure preparation checklist Below are listed the main aspects to consider adjusting on a hub to prepare it for an event: -### 1. Quotas +## 1. Quotas We must ensure that the quotas from the cloud provider are high-enough to handle expected usage. It might be that the number of users attending the event is very big, or their expected resource usage is big, or both. Either way, we need to check the the existing quotas will accommodate the new numbers. @@ -22,7 +12,7 @@ We must ensure that the quotas from the cloud provider are high-enough to handle - follow the [GCP quota guide](hub-deployment-guide:cloud-accounts:aws-quotas) for information about how to check the quotas in a GCP project ``` -### 2. Consider dedicated nodepools on shared clusters +## 2. Consider dedicated nodepools on shared clusters If the hub that's having an event is running on a shared cluster, then we might want to consider putting it on a dedicated nodepool as that will help with cost isolation, scaling up/down effectively, and avoid impacting other hub's users performance. @@ -31,7 +21,7 @@ If the hub that's having an event is running on a shared cluster, then we might Follow the guide at [](features:shared-cluster:dedicated-nodepool) in order to setup a dedicated nodepool before an event. ``` -### 3. Pre-warm the hub to reduce wait times +## 3. Pre-warm the hub to reduce wait times There are two mechanisms that we can use to pre-warm a hub before an event: @@ -63,7 +53,7 @@ There are two mechanisms that we can use to pre-warm a hub before an event: - the user **image is not huge**, otherwise pre-pulling it must be considered -#### 3.1. Node sharing via profile lists +### 3.1. Node sharing via profile lists ```{important} Currently, this is the recommended way to handle an event on a hub. However, for some communities that don't already use profile lists, setting up one just before an event might be confusing, we might want to consider setting up a minimum node count in this case. @@ -182,12 +172,12 @@ Assuming this hub already has a profile list, before an event, you should check ```` ````` -#### 3.2. Setting a minimum node count on a specific node pool +### 3.2. Setting a minimum node count on a specific node pool ```{warning} This section is a Work in Progress! ``` -#### 3.3. Pre-pulling the image +### 3.3. Pre-pulling the image ```{warning} This section is a Work in Progress! diff --git a/docs/howto/prepare-for-events/index.md b/docs/howto/prepare-for-events/index.md new file mode 100644 index 0000000000..78e243250c --- /dev/null +++ b/docs/howto/prepare-for-events/index.md @@ -0,0 +1,15 @@ +# Manage events on 2i2c hubs + +A hub's specific setup is usually optimized based on the day to day usage expectations. But because events usually imply a different usage pattern, the infrastructure might need to be adjusted in order to accommodate the spikes in activity. + +```{important} +The communities we serve have the responsibility to notify us about an event they have planned on a 2i2c hub [at least three weeks before](https://docs.2i2c.org/community/events/#notify-the-2i2c-team-about-the-event) the event will start. This should allow us enough time to plan and prepare the infrastructure for the event properly if needed. +``` + +The events might vary in type, so the following list is not complete and does not cover all of them (yet). Most common event types are exams, workshops etc. + +```{toctree} +:maxdepth: 2 +event-prep.md +exam.md +``` diff --git a/docs/index.md b/docs/index.md index 1f48f031b6..c946599a54 100644 --- a/docs/index.md +++ b/docs/index.md @@ -70,8 +70,7 @@ deployed occasionally as a specific addition. howto/features/index.md howto/bill.md howto/custom-jupyterhub-image.md -howto/exam.md -howto/event-prep.md +howto/prepare-for-events/index.md howto/manage-domains/index.md howto/grafana-github-auth.md howto/update-env.md From be1d57ce26804edebaf5c3606d417ff0e638267c Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Thu, 14 Dec 2023 13:24:08 -0300 Subject: [PATCH 174/494] Add staging and prod hubs to earthscope cluster --- config/clusters/earthscope/cluster.yaml | 18 ++- config/clusters/earthscope/common.values.yaml | 127 ++++++++++++++++-- .../earthscope/enc-prod.secret.values.yaml | 21 +++ .../earthscope/enc-staging.secret.values.yaml | 21 +++ config/clusters/earthscope/prod.values.yaml | 16 +++ .../clusters/earthscope/staging.values.yaml | 16 +++ 6 files changed, 206 insertions(+), 13 deletions(-) create mode 100644 config/clusters/earthscope/enc-prod.secret.values.yaml create mode 100644 config/clusters/earthscope/enc-staging.secret.values.yaml create mode 100644 config/clusters/earthscope/prod.values.yaml create mode 100644 config/clusters/earthscope/staging.values.yaml diff --git a/config/clusters/earthscope/cluster.yaml b/config/clusters/earthscope/cluster.yaml index 6c87d543ed..0ba2dc1848 100644 --- a/config/clusters/earthscope/cluster.yaml +++ b/config/clusters/earthscope/cluster.yaml @@ -9,4 +9,20 @@ support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml -hubs: [] +hubs: + - name: staging + display_name: "EarthScope (staging)" + domain: staging.earthscope.2i2c.cloud + helm_chart: daskhub + helm_chart_values_files: + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml + - name: prod + display_name: "EarthScope (prod)" + domain: earthscope.2i2c.cloud + helm_chart: daskhub + helm_chart_values_files: + - common.values.yaml + - prod.values.yaml + - enc-prod.secret.values.yaml diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index 09fddb90ea..f1a527c3ab 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -1,12 +1,115 @@ -nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-08e7747330d833d82.efs.us-east-2.amazonaws.com - baseShareName: / +basehub: + nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-08e7747330d833d82.efs.us-east-2.amazonaws.com + baseShareName: / + jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + url: https://www.earthscope.org/ + logo_url: https://drive.google.com/uc?export=view&id=1UUStqv7PBcxiIkzECUFKIdQKKIU8mXeb + designed_by: + name: "2i2c" + url: https://2i2c.org + operated_by: + name: "2i2c" + url: https://2i2c.org + funded_by: + name: "EarthScope Consortium" + url: https://www.earthscope.org/ + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + allowed_idps: + http://github.com/login/oauth/authorize: + default: true + username_derivation: + username_claim: "preferred_username" + http://google.com/accounts/o8/id: + username_derivation: + username_claim: email + Authenticator: + admin_users: + - timdittmann + - chad-earthscope + singleuser: + profileList: + - display_name: "Shared Small: 1-4 CPU, 8-32 GB" + description: "A shared machine, the recommended option until you experience a limitation." + profile_options: &profile_options + image: + display_name: Image + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: + jupyter-scipy: + display_name: Jupyter + slug: jupyter-scipy + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-27 + rocker-geospatial: + display_name: RStudio + slug: rocker-geospatial + kubespawner_override: + image: rocker/binder:4.3 + # Launch into RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + kubespawner_override: + mem_guarantee: 7.234G + cpu_guarantee: 0.1 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + + - display_name: "Small: 4 CPU, 32 GB" + description: "A dedicated machine for you." + profile_options: *profile_options + kubespawner_override: + mem_guarantee: 28.937G + cpu_guarantee: 0.4 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + + - display_name: "Medium: 16 CPU, 128 GB" + description: "A dedicated machine for you." + profile_options: *profile_options + kubespawner_override: + mem_guarantee: 120.513G + cpu_guarantee: 1.6 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + + - display_name: "Large: 64 CPU, 512 GB" + description: "A dedicated machine for you" + profile_options: *profile_options + kubespawner_override: + mem_guarantee: 489.13G + cpu_guarantee: 6.4 + mem_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.16xlarge diff --git a/config/clusters/earthscope/enc-prod.secret.values.yaml b/config/clusters/earthscope/enc-prod.secret.values.yaml new file mode 100644 index 0000000000..323551895b --- /dev/null +++ b/config/clusters/earthscope/enc-prod.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:1C0ercYZjjc63vTPPcVa7B0Y1bnuawg854Yf3Kl4UnJ0gYuqem+zuv1lQfOzU8zKXy5L,iv:2IZjb7WzomJg8I9uDDXINjULJPXUBfJCldMOxH+B8tA=,tag:Dv1xaVkDCpI7/GLuGv6GzA==,type:str] + client_secret: ENC[AES256_GCM,data:2mGbTTnKcVZp57ZX2Tj2o+j2y0NfABPtTiV6sw3oWlR/t7w4fiFkSK9cyArnJwQfRjWc6M6NNB50A3zWZrKaoPLRj8Afiq8pFTjtRZnZGe5g4h2mXYg=,iv:xmJEHc2V0aG1KEh2eAPj80tZoNzFnBz42QdCSmzO2mc=,tag:+48SuYVdlJCizaYVMn9hrA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-14T18:24:33Z" + enc: CiUA4OM7eKr6IJS10QOinx3kZfdMUdO4HmyV6U+JIe+s7IqTAm1DEkkAjTWv+ifsDVRYeh6Gdg0+tLE53DfZfJP0xHGuo6yxdoREE2FGKpodr42/SaaTUt2k5zKlg6k9tOe4FgmRGCT5JjIltibg5hwU + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-14T18:24:34Z" + mac: ENC[AES256_GCM,data:0Kde6XE/A7k9CwhxQFsa3I61ohr9WN7AO2haWkFETpDG+jXtU5MYkrScbwnlayLa0vM6vk2OfUxR6LrB9jPcxTx8+n2Pqx6kPTzgr8a8ORhG4xc6Lqj0a1KyDMdnGi5beqoXSxolPyd1mnSTAFAVIGwle37Gg0fIr0VFii9lsfQ=,iv:gPVYPvyTEriA9sxbmtMRo611b5dB5idYa0J+DtEYcaY=,tag:RNOItHNKtUGZ/UgfT1Ea2Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/earthscope/enc-staging.secret.values.yaml b/config/clusters/earthscope/enc-staging.secret.values.yaml new file mode 100644 index 0000000000..bab6d99775 --- /dev/null +++ b/config/clusters/earthscope/enc-staging.secret.values.yaml @@ -0,0 +1,21 @@ +basehub: + jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:Lv/25K0A8CZs6dK20mujkn536hpreimP/MUqGOJ4cpXLTFnJNRmGkN7mYPC2klalEKcn,iv:nj4b7Y75A9wgg+w2XBas17Cs8Az3AzDkeO9u1ZwI1Jo=,tag:gCMMoa3iQWVRQvTQkCIkAg==,type:str] + client_secret: ENC[AES256_GCM,data:EAD3iQGXs7soD4VxRXol2YuuJBmOpDBbX5Cg+VyTk7xA7Jn715vZMNBeOKtal1a6kzyds3tuw+h+DWsF3Dod2MxHS7H4FARHLopP9xuAvS6Tw3mZZ28=,iv:F8CqwLYz7WR5qge0Yj91aU/w5pj6fiEaBvndVe4zvG4=,tag:60BekNlkRhf2a3Nkvo1kWg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-14T18:42:48Z" + enc: CiUA4OM7eGqP+F9UNcdWkWcEANT1YIeSiFyzogRgfD+PMhJISk+lEkkAjTWv+sk2C+z/gAjXwaTvoJEJKeuCyiegMLu8QTkJ1KCtcQEU52qv/gm6HvBAlQAnTUKxpQFejxzGOp/8+FNCZiAuaT2hHq1D + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-14T18:42:52Z" + mac: ENC[AES256_GCM,data:DWO/hv47PbcFx8NATfOJrLUMkOV3dTUzr53nUtpDge+NseEOSoMKeEWz1L7jWYhM+Iga05csm78BT9c3gI921dKlOXRJ6fn1e5guxqKPOAuZugbWUeEqGa8Z26sAwuSRXIZyWiWDJZJThsNk4+s0s7vZmXcrGHGjWA3eCEvTwxE=,iv:9QDeyrmE0euFgqcvZMCuubNA44YB8x2Sa1CqEGJjKjM=,tag:qj5ZnX1TS2Lt4QbXuJFB0Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/earthscope/prod.values.yaml b/config/clusters/earthscope/prod.values.yaml new file mode 100644 index 0000000000..a850dd41e8 --- /dev/null +++ b/config/clusters/earthscope/prod.values.yaml @@ -0,0 +1,16 @@ +basehub: + jupyterhub: + ingress: + hosts: [earthscope.2i2c.cloud] + tls: + - hosts: [earthscope.2i2c.cloud] + secretName: https-auto-tls + custom: + homepage: + templateVars: + org: + name: "EarthScope" + hub: + config: + CILogonOAuthenticator: + oauth_callback_url: https://earthscope.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/earthscope/staging.values.yaml b/config/clusters/earthscope/staging.values.yaml new file mode 100644 index 0000000000..bb621d8433 --- /dev/null +++ b/config/clusters/earthscope/staging.values.yaml @@ -0,0 +1,16 @@ +basehub: + jupyterhub: + ingress: + hosts: [staging.earthscope.2i2c.cloud] + tls: + - hosts: [staging.earthscope.2i2c.cloud] + secretName: https-auto-tls + custom: + homepage: + templateVars: + org: + name: "EarthScope staging" + hub: + config: + CILogonOAuthenticator: + oauth_callback_url: https://staging.earthscope.2i2c.cloud/hub/oauth_callback From c82007ad027422819cd92d3673a1d16cc482c197 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 25 Aug 2023 12:34:21 -0700 Subject: [PATCH 175/494] Move nasa-veda hub URL We keep redirects in place from the old URL, in case there are external links already present. The OAuth callback URL needs to be changed at https://github.com/organizations/2i2c-org/settings/applications/2096065 just before merging. Ref https://github.com/2i2c-org/infrastructure/issues/3029 --- config/clusters/nasa-veda/cluster.yaml | 2 +- config/clusters/nasa-veda/prod.values.yaml | 6 +++--- config/clusters/nasa-veda/support.values.yaml | 7 +++++++ 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/config/clusters/nasa-veda/cluster.yaml b/config/clusters/nasa-veda/cluster.yaml index edb566599b..f980a41262 100644 --- a/config/clusters/nasa-veda/cluster.yaml +++ b/config/clusters/nasa-veda/cluster.yaml @@ -24,7 +24,7 @@ hubs: - enc-staging.secret.values.yaml - name: prod display_name: "NASA VEDA (prod)" - domain: nasa-veda.2i2c.cloud + domain: veda.2i2c.cloud helm_chart: daskhub helm_chart_values_files: # The order in which you list files here is the order the will be passed diff --git a/config/clusters/nasa-veda/prod.values.yaml b/config/clusters/nasa-veda/prod.values.yaml index 92b18b57c4..854559cc0f 100644 --- a/config/clusters/nasa-veda/prod.values.yaml +++ b/config/clusters/nasa-veda/prod.values.yaml @@ -4,11 +4,11 @@ basehub: eks.amazonaws.com/role-arn: arn:aws:iam::444055461661:role/nasa-veda-prod jupyterhub: ingress: - hosts: [nasa-veda.2i2c.cloud] + hosts: [veda.2i2c.cloud] tls: - - hosts: [nasa-veda.2i2c.cloud] + - hosts: [veda.2i2c.cloud] secretName: https-auto-tls hub: config: GitHubOAuthenticator: - oauth_callback_url: https://nasa-veda.2i2c.cloud/hub/oauth_callback + oauth_callback_url: https://veda.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/nasa-veda/support.values.yaml b/config/clusters/nasa-veda/support.values.yaml index e51536e776..7913edc5e5 100644 --- a/config/clusters/nasa-veda/support.values.yaml +++ b/config/clusters/nasa-veda/support.values.yaml @@ -22,6 +22,13 @@ grafana: hosts: - grafana.nasa-veda.2i2c.cloud +redirects: + rules: + # nasa-veda.2i2c.cloud was the old URL + # Moved due to https://github.com/2i2c-org/infrastructure/issues/3029 + - from: nasa-veda.2i2c.cloud + to: veda.2i2c.cloud + prometheus: server: ingress: From 84219a68f89fb4202dea0a2f752ce1435a010c02 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 25 Aug 2023 12:48:00 -0700 Subject: [PATCH 176/494] Add redirect for nasa veda staging hub too --- config/clusters/nasa-veda/support.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/nasa-veda/support.values.yaml b/config/clusters/nasa-veda/support.values.yaml index 7913edc5e5..f14e50b867 100644 --- a/config/clusters/nasa-veda/support.values.yaml +++ b/config/clusters/nasa-veda/support.values.yaml @@ -28,6 +28,8 @@ redirects: # Moved due to https://github.com/2i2c-org/infrastructure/issues/3029 - from: nasa-veda.2i2c.cloud to: veda.2i2c.cloud + - from: staging.nasa-veda.2i2c.cloud + to: staging.veda.2i2c.cloud prometheus: server: From ec58d63b83bd234a7f64f05777b8be67daccc5d4 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 30 Nov 2023 12:39:09 -0800 Subject: [PATCH 177/494] Change VEDA URL again --- config/clusters/nasa-veda/staging.values.yaml | 6 +++--- config/clusters/nasa-veda/support.values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/clusters/nasa-veda/staging.values.yaml b/config/clusters/nasa-veda/staging.values.yaml index bf4b55dfee..222af0e64c 100644 --- a/config/clusters/nasa-veda/staging.values.yaml +++ b/config/clusters/nasa-veda/staging.values.yaml @@ -4,11 +4,11 @@ basehub: eks.amazonaws.com/role-arn: arn:aws:iam::444055461661:role/nasa-veda-staging jupyterhub: ingress: - hosts: [staging.veda.2i2c.cloud] + hosts: [staging.hub.openveda.cloud] tls: - - hosts: [staging.veda.2i2c.cloud] + - hosts: [staging.hub.openveda.cloud] secretName: https-auto-tls hub: config: GitHubOAuthenticator: - oauth_callback_url: https://staging.veda.2i2c.cloud/hub/oauth_callback + oauth_callback_url: https://staging.hub.openveda.cloud/hub/oauth_callback diff --git a/config/clusters/nasa-veda/support.values.yaml b/config/clusters/nasa-veda/support.values.yaml index f14e50b867..f7110b837b 100644 --- a/config/clusters/nasa-veda/support.values.yaml +++ b/config/clusters/nasa-veda/support.values.yaml @@ -27,9 +27,9 @@ redirects: # nasa-veda.2i2c.cloud was the old URL # Moved due to https://github.com/2i2c-org/infrastructure/issues/3029 - from: nasa-veda.2i2c.cloud - to: veda.2i2c.cloud + to: hub.openveda.cloud - from: staging.nasa-veda.2i2c.cloud - to: staging.veda.2i2c.cloud + to: staging.hub.openveda.cloud prometheus: server: From f080f151a3a646525f7f1422ca5ca5c39a2fe583 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 30 Nov 2023 12:55:25 -0800 Subject: [PATCH 178/494] Update veda URL --- config/clusters/nasa-veda/prod.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/nasa-veda/prod.values.yaml b/config/clusters/nasa-veda/prod.values.yaml index 854559cc0f..930e615799 100644 --- a/config/clusters/nasa-veda/prod.values.yaml +++ b/config/clusters/nasa-veda/prod.values.yaml @@ -4,11 +4,11 @@ basehub: eks.amazonaws.com/role-arn: arn:aws:iam::444055461661:role/nasa-veda-prod jupyterhub: ingress: - hosts: [veda.2i2c.cloud] + hosts: [hub.openveda.cloud] tls: - hosts: [veda.2i2c.cloud] secretName: https-auto-tls hub: config: GitHubOAuthenticator: - oauth_callback_url: https://veda.2i2c.cloud/hub/oauth_callback + oauth_callback_url: https://hub.openveda.cloud/hub/oauth_callback From c53a5566e24466957361b6d1ecb3762ec47daab7 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 15 Dec 2023 18:30:23 -0800 Subject: [PATCH 179/494] Rename a couple of missed domains Also remove repetitive comments --- config/clusters/nasa-veda/cluster.yaml | 8 +------- config/clusters/nasa-veda/prod.values.yaml | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/config/clusters/nasa-veda/cluster.yaml b/config/clusters/nasa-veda/cluster.yaml index f980a41262..1f8f862aba 100644 --- a/config/clusters/nasa-veda/cluster.yaml +++ b/config/clusters/nasa-veda/cluster.yaml @@ -16,20 +16,14 @@ hubs: domain: staging.veda.2i2c.cloud helm_chart: daskhub helm_chart_values_files: - # The order in which you list files here is the order the will be passed - # to the helm upgrade command in, and that has meaning. Please check - # that you intend for these files to be applied in this order. - common.values.yaml - staging.values.yaml - enc-staging.secret.values.yaml - name: prod display_name: "NASA VEDA (prod)" - domain: veda.2i2c.cloud + domain: hub.openveda.cloud helm_chart: daskhub helm_chart_values_files: - # The order in which you list files here is the order the will be passed - # to the helm upgrade command in, and that has meaning. Please check - # that you intend for these files to be applied in this order. - common.values.yaml - prod.values.yaml - enc-prod.secret.values.yaml diff --git a/config/clusters/nasa-veda/prod.values.yaml b/config/clusters/nasa-veda/prod.values.yaml index 930e615799..618e9967fb 100644 --- a/config/clusters/nasa-veda/prod.values.yaml +++ b/config/clusters/nasa-veda/prod.values.yaml @@ -6,7 +6,7 @@ basehub: ingress: hosts: [hub.openveda.cloud] tls: - - hosts: [veda.2i2c.cloud] + - hosts: [hub.openveda.cloud] secretName: https-auto-tls hub: config: From 2756d222b3ec2f367510a8db4f50ba1fb849e00e Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 15 Dec 2023 18:54:51 -0800 Subject: [PATCH 180/494] cloudbank: Explicitly specify what nodepools users should go to Otherwise, they still end up on the old 'user' nodepool, and it can not be decomissioned. With this, they will end up on the equivalent 'new' nodepool, and then I can get rid of the old one. I have also had to adjust the CPU limit, as at some point I suppose we switched from 8 CPU nodes to 4 but did not adjust this. --- config/clusters/cloudbank/common.values.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/config/clusters/cloudbank/common.values.yaml b/config/clusters/cloudbank/common.values.yaml index ecd9719832..6c7e7e8248 100644 --- a/config/clusters/cloudbank/common.values.yaml +++ b/config/clusters/cloudbank/common.values.yaml @@ -9,12 +9,15 @@ nfs: jupyterhub: singleuser: cpu: - # Each node has about 8 CPUs total, and if we limit users to no more than - # 4, no single user can take down a full node by themselves. We have to + # Each node has about 4 CPUs total, and if we limit users to no more than + # 2, no single user can take down a full node by themselves. We have to # set the guarantee to *something*, otherwise it is set to be equal # to the limit! We don't explicitly set a guarantee, because there is # a guarantee of 0.05 set in basehub/values.yaml - limit: 4 + limit: 2 image: name: quay.io/2i2c/cloudbank-data8-image tag: d2746e55a4ee + nodeSelector: + # Put everything on the most appropriate nodepool for these users + cloud.google.com/gke-nodepool: nb-n2-highmem-4 From c5a37c6c521fe3b3c82e9a216d476a9324622a71 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 15 Dec 2023 18:57:25 -0800 Subject: [PATCH 181/494] Remove extra 'redirects' stanza --- config/clusters/nasa-veda/support.values.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/config/clusters/nasa-veda/support.values.yaml b/config/clusters/nasa-veda/support.values.yaml index f7110b837b..8d8320bbf2 100644 --- a/config/clusters/nasa-veda/support.values.yaml +++ b/config/clusters/nasa-veda/support.values.yaml @@ -41,11 +41,3 @@ prometheus: - secretName: prometheus-tls hosts: - prometheus.nasa-veda.2i2c.cloud - -redirects: - rules: - # nasa-veda was previously used in the domain name, but domains including - # nasa that doesn't end in .gov can get blocked so the name was reduced to - # just veda, see https://github.com/2i2c-org/infrastructure/issues/3029 - - from: staging.nasa-veda.2i2c.cloud - to: staging.veda.2i2c.cloud From 67871f25ac706f195cc4b5886bfccd67d1706aed Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 15 Dec 2023 19:12:53 -0800 Subject: [PATCH 182/494] nasa-veda: Fix missed URL rename Follow-up to https://github.com/2i2c-org/infrastructure/pull/3037 --- config/clusters/nasa-veda/cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/nasa-veda/cluster.yaml b/config/clusters/nasa-veda/cluster.yaml index 1f8f862aba..d503bfba65 100644 --- a/config/clusters/nasa-veda/cluster.yaml +++ b/config/clusters/nasa-veda/cluster.yaml @@ -13,7 +13,7 @@ support: hubs: - name: staging display_name: "NASA VEDA (staging)" - domain: staging.veda.2i2c.cloud + domain: staging.hub.openveda.cloud helm_chart: daskhub helm_chart_values_files: - common.values.yaml From af1008f95986580e8671bc0dbce359c3b2fe688e Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 15 Dec 2023 19:24:43 -0800 Subject: [PATCH 183/494] 2i2c: Cleanup some unused nodepools Ref https://github.com/2i2c-org/infrastructure/issues/3405 --- terraform/gcp/projects/pilot-hubs.tfvars | 25 ------------------------ 1 file changed, 25 deletions(-) diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 37994fa40f..7e8fa08fe4 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -19,13 +19,6 @@ enable_filestore = true filestore_capacity_gb = 5120 notebook_nodes = { - # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4-b - "n2-highmem-4" : { - min : 0, - max : 100, - machine_type : "n2-highmem-4", - temp_opt_out_node_purpose_label : true, - }, "n2-highmem-4-b" : { min : 0, max : 100, @@ -41,24 +34,6 @@ notebook_nodes = { max : 100, machine_type : "n2-highmem-64", }, - # Nodepool for neurohackademy. Tracking issue: https://github.com/2i2c-org/infrastructure/issues/2681 - "neurohackademy" : { - # We expect around 120 users - min : 0, - max : 100, - machine_type : "n2-highmem-16", - labels : { - "2i2c.org/community" : "neurohackademy" - }, - taints : [{ - key : "2i2c.org/community", - value : "neurohackademy", - effect : "NO_SCHEDULE" - }], - resource_labels : { - "community" : "neurohackademy" - }, - }, # Nodepool for temple university. https://github.com/2i2c-org/infrastructure/issues/3158 # FIXME: Delete this node pool when its empty, its replaced by temple-b "temple" : { From b460ce3c11f6e3196a27b997520293fd0a935841 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 15 Dec 2023 19:26:52 -0800 Subject: [PATCH 184/494] leap: Remove unused nodepool --- terraform/gcp/projects/leap.tfvars | 8 -------- 1 file changed, 8 deletions(-) diff --git a/terraform/gcp/projects/leap.tfvars b/terraform/gcp/projects/leap.tfvars index a4cb7c439d..f2862cdb2e 100644 --- a/terraform/gcp/projects/leap.tfvars +++ b/terraform/gcp/projects/leap.tfvars @@ -80,14 +80,6 @@ notebook_nodes = { max : 100, machine_type : "n2-highmem-4", }, - # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-16 - "medium" : { - min : 0, - max : 100, - machine_type : "n2-highmem-16", - node_version : "1.25.6-gke.1000", - temp_opt_out_node_purpose_label : true - }, "n2-highmem-16" : { # A minimum of one is configured for LEAP to ensure quick startups at all # time. Cost is not a greater concern than optimizing startup times. From f3c540239d8c07b7c6cf74ab593760ecdd4fbf2f Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 15 Dec 2023 19:27:54 -0800 Subject: [PATCH 185/494] terraform: Remove temp_opt_out_node_purpose_label_core_nodes variable No longer used anywhere --- terraform/gcp/cluster.tf | 2 +- terraform/gcp/variables.tf | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf index f4238f00bc..6e5d95d984 100644 --- a/terraform/gcp/cluster.tf +++ b/terraform/gcp/cluster.tf @@ -218,7 +218,7 @@ resource "google_container_node_pool" "core" { # Faster disks provide faster image pulls! disk_type = "pd-balanced" - resource_labels = var.temp_opt_out_node_purpose_label_core_nodes ? {} : { + resource_labels = { "node-purpose" : "core" } diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 8d89320b5b..6aaee0cb5c 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -240,13 +240,6 @@ variable "core_node_max_count" { EOT } -# FIXME: Remove temp_opt_out_node_purpose_label_core_nodes when its no longer referenced. -# See https://github.com/2i2c-org/infrastructure/issues/3405. -variable "temp_opt_out_node_purpose_label_core_nodes" { - type = bool - default = false -} - variable "enable_network_policy" { type = bool default = false From 1a926cab0bb967ffee5bf7fc1bc9685efe97d383 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sat, 16 Dec 2023 14:33:23 -0800 Subject: [PATCH 186/494] Remove unused temple nodepool --- terraform/gcp/projects/pilot-hubs.tfvars | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 7e8fa08fe4..0ec2091301 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -35,29 +35,6 @@ notebook_nodes = { machine_type : "n2-highmem-64", }, # Nodepool for temple university. https://github.com/2i2c-org/infrastructure/issues/3158 - # FIXME: Delete this node pool when its empty, its replaced by temple-b - "temple" : { - # Expecting upto ~120 users at a time - min : 0, - max : 100, - # Everyone gets a 256M guarantee, and n2-highmem-8 has about 60GB of RAM. - # This fits upto 100 users on the node, as memory guarantee isn't the constraint. - # This works ok. - machine_type : "n2-highmem-8", - node_version : "1.26.4-gke.1400", - temp_opt_out_node_purpose_label : true, - labels : { - "2i2c.org/community" : "temple" - }, - taints : [{ - key : "2i2c.org/community", - value : "temple", - effect : "NO_SCHEDULE" - }], - resource_labels : { - "community" : "temple" - }, - }, "temple-b" : { # Expecting upto ~120 users at a time min : 0, From 0b83bcfd36c4ea58833c0b2e801eb9412daf6e4a Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 17 Dec 2023 11:19:24 -0800 Subject: [PATCH 187/494] Remove unused nodepool in cloudbank --- terraform/gcp/projects/cloudbank.tfvars | 8 -------- 1 file changed, 8 deletions(-) diff --git a/terraform/gcp/projects/cloudbank.tfvars b/terraform/gcp/projects/cloudbank.tfvars index 36fa4075d4..dd7cea9448 100644 --- a/terraform/gcp/projects/cloudbank.tfvars +++ b/terraform/gcp/projects/cloudbank.tfvars @@ -23,14 +23,6 @@ enable_filestore = true filestore_capacity_gb = 1024 notebook_nodes = { - # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4 - "user" : { - min : 0, - max : 100, - machine_type : "n1-highmem-4", - node_version : "1.26.4-gke.1400", - temp_opt_out_node_purpose_label = true, - }, "n2-highmem-4" : { min : 0, max : 100, From 78e2826a3f61e19ae1c8cd51a06b2a0a927dfeed Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 17 Dec 2023 11:20:26 -0800 Subject: [PATCH 188/494] Remove unused temp terraform variables --- terraform/gcp/cluster.tf | 4 ++-- terraform/gcp/variables.tf | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf index 6e5d95d984..5d14d383da 100644 --- a/terraform/gcp/cluster.tf +++ b/terraform/gcp/cluster.tf @@ -339,7 +339,7 @@ resource "google_container_node_pool" "notebook" { "https://www.googleapis.com/auth/cloud-platform" ] - resource_labels = each.value.temp_opt_out_node_purpose_label ? each.value.resource_labels : merge({ + resource_labels = merge({ "node-purpose" : "notebook" }, each.value.resource_labels) @@ -417,7 +417,7 @@ resource "google_container_node_pool" "dask_worker" { "https://www.googleapis.com/auth/cloud-platform" ] - resource_labels = each.value.temp_opt_out_node_purpose_label ? each.value.resource_labels : merge({ + resource_labels = merge({ "node-purpose" : "dask-worker" }, each.value.resource_labels) diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 6aaee0cb5c..6f461edbdd 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -102,9 +102,6 @@ variable "notebook_nodes" { }), {} ), - # FIXME: Remove temp_opt_out_node_purpose_label when its no longer referenced. - # See https://github.com/2i2c-org/infrastructure/issues/3405. - temp_opt_out_node_purpose_label : optional(bool, false), resource_labels : optional(map(string), {}), zones : optional(list(string), []), node_version : optional(string, ""), @@ -138,9 +135,6 @@ variable "dask_nodes" { }), {} ), - # FIXME: Remove temp_opt_out_node_purpose_label when its no longer referenced. - # See https://github.com/2i2c-org/infrastructure/issues/3405. - temp_opt_out_node_purpose_label : optional(bool, false), resource_labels : optional(map(string), {}), zones : optional(list(string), []) node_version : optional(string, ""), From f63e94ad3f2e523a9bc40147c3625a3cd5c669f5 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 17 Dec 2023 11:24:39 -0800 Subject: [PATCH 189/494] Switch cloudbank core node machine type --- terraform/gcp/projects/cloudbank.tfvars | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/terraform/gcp/projects/cloudbank.tfvars b/terraform/gcp/projects/cloudbank.tfvars index dd7cea9448..e052659ade 100644 --- a/terraform/gcp/projects/cloudbank.tfvars +++ b/terraform/gcp/projects/cloudbank.tfvars @@ -12,11 +12,7 @@ k8s_versions = { dask_nodes_version : "1.27.5-gke.200", } -# FIXME: n2-highmem-2 is a better fit for cloudbank as they are currently -# limited by the number of pods per node and don't use dask-gateway -# that otherwise can make prothemeus server need more memory than a -# n2-highmem-2 node can provide. -core_node_machine_type = "n2-highmem-4" +core_node_machine_type = "n2-highmem-2" enable_network_policy = true enable_filestore = true From 2dda0ec31ec2e4b5294f41aa3a2faeed80528ffd Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 18 Dec 2023 19:07:29 -0800 Subject: [PATCH 190/494] Don't give temple its own nodepool They never have had more than 20 users on at the same time in a while, and the huge dedicated node is costing them a lot more than needed. --- config/clusters/2i2c/temple.values.yaml | 7 ------- terraform/gcp/projects/pilot-hubs.tfvars | 21 --------------------- 2 files changed, 28 deletions(-) diff --git a/config/clusters/2i2c/temple.values.yaml b/config/clusters/2i2c/temple.values.yaml index b62d10f4bd..94248c7fa5 100644 --- a/config/clusters/2i2c/temple.values.yaml +++ b/config/clusters/2i2c/temple.values.yaml @@ -26,13 +26,6 @@ jupyterhub: name: Temple University url: https://www.temple.edu/ singleuser: - nodeSelector: - 2i2c.org/community: temple - extraTolerations: - - key: "2i2c.org/community" - operator: "Equal" - value: "temple" - effect: "NoSchedule" memory: # Memory defaults are 256MB to 1G in basehub. These are bumped based on a # request to bump these (https://2i2c.freshdesk.com/a/tickets/1003) at diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 0ec2091301..7b88aca98b 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -34,27 +34,6 @@ notebook_nodes = { max : 100, machine_type : "n2-highmem-64", }, - # Nodepool for temple university. https://github.com/2i2c-org/infrastructure/issues/3158 - "temple-b" : { - # Expecting upto ~120 users at a time - min : 0, - max : 100, - # Everyone gets a 256M guarantee, and n2-highmem-8 has about 60GB of RAM. - # This fits upto 100 users on the node, as memory guarantee isn't the constraint. - # This works ok. - machine_type : "n2-highmem-8", - labels : { - "2i2c.org/community" : "temple" - }, - taints : [{ - key : "2i2c.org/community", - value : "temple", - effect : "NO_SCHEDULE" - }], - resource_labels : { - "community" : "temple" - }, - }, "agu-binder" : { min : 0, max : 100, From cee5d69944a776c5a7dbbb9b37da43d89571b128 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 18 Dec 2023 19:20:55 -0800 Subject: [PATCH 191/494] Decom neurohackademy Fixes https://github.com/2i2c-org/infrastructure/issues/3400 --- config/clusters/2i2c/cluster.yaml | 11 -- .../clusters/2i2c/neurohackademy.values.yaml | 120 ------------------ 2 files changed, 131 deletions(-) delete mode 100644 config/clusters/2i2c/neurohackademy.values.yaml diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml index 9ba7478c07..195a51d027 100644 --- a/config/clusters/2i2c/cluster.yaml +++ b/config/clusters/2i2c/cluster.yaml @@ -116,17 +116,6 @@ hubs: - basehub-common.values.yaml - climatematch.values.yaml - enc-climatematch.secret.values.yaml - - name: neurohackademy - display_name: "Neurohackademy" - domain: neurohackademy.2i2c.cloud - helm_chart: basehub - helm_chart_values_files: - # The order in which you list files here is the order the will be passed - # to the helm upgrade command in, and that has meaning. Please check - # that you intend for these files to be applied in this order. - - basehub-common.values.yaml - - enc-neurohackademy.secret.values.yaml - - neurohackademy.values.yaml - name: mtu display_name: "Michigan Technological University" domain: mtu.2i2c.cloud diff --git a/config/clusters/2i2c/neurohackademy.values.yaml b/config/clusters/2i2c/neurohackademy.values.yaml deleted file mode 100644 index 4db1082b4f..0000000000 --- a/config/clusters/2i2c/neurohackademy.values.yaml +++ /dev/null @@ -1,120 +0,0 @@ -jupyterhub: - ingress: - hosts: - - neurohackademy.2i2c.cloud - tls: - - secretName: https-auto-tls - hosts: - - neurohackademy.2i2c.cloud - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: NeuroHackademy - url: https://neurohackademy.org/ - logo_url: https://user-images.githubusercontent.com/118582/178122521-aa5b83e7-f898-415a-89ff-dc288f599b4f.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: The National Institutes of Health grant 2R25MH112480-06 - url: https://reporter.nih.gov/search/ydTvTwXxk0yd6eGdRznbLQ/project-details/10409452 - singleuser: - extraFiles: - gitconfig: - mountPath: /srv/conda/envs/notebook/etc/gitconfig - stringData: | - [credential "https://github.com"] - helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 356717 - useHttpPath = true - # User image: https://quay.io/repository/arokem/nh2023?tab=tags - image: - name: quay.io/arokem/nh2023 - tag: "894883dfb3bd" - nodeSelector: - 2i2c.org/community: neurohackademy - extraTolerations: - - key: "2i2c.org/community" - operator: "Equal" - value: "neurohackademy" - effect: "NoSchedule" - cpu: - guarantee: 0.5 - # We're on n2-highmem-16 machines - limit: 14 - memory: - guarantee: 4G - limit: 16G - hub: - config: - JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - oauth_callback_url: https://neurohackademy.2i2c.cloud/hub/oauth_callback - allowed_idps: - http://github.com/login/oauth/authorize: - default: true - username_derivation: - username_claim: "preferred_username" - OAuthenticator: - # WARNING: Don't use allow_existing_users with config to allow an - # externally managed group of users, such as - # GitHubOAuthenticator.allowed_organizations, as it breaks a - # common expectations for an admin user. - # - # The broken expectation is that removing a user from the - # externally managed group implies that the user won't have - # access any more. In practice the user will still have - # access if it had logged in once before, as it then exists - # in JupyterHub's database of users. - # - allow_existing_users: True - Authenticator: - # WARNING: Removing a user from admin_users or allowed_users doesn't - # revoke admin status or access. - # - # OAuthenticator.allow_existing_users allows any user in the - # JupyterHub database of users able to login. This includes - # any previously logged in user or user previously listed in - # allowed_users or admin_users, as such users are added to - # JupyterHub's database on startup. - # - # To revoke admin status or access for a user when - # allow_existing_users is enabled, first remove the user from - # admin_users or allowed_users, then deploy the change, and - # finally revoke the admin status or delete the user via the - # /hub/admin panel. - # - admin_users: - - arokem - extraFiles: - configurator-schema-default: - data: - properties: - Spawner.default_url: - type: string - title: Default User Interface - enum: - - "/tree" - - "/lab" - - "/git-pull?repo=https%3A%2F%2Fgithub.com%2FNeuroHackademy-2023%2Fcurriculum&urlpath=lab&branch=main" - default: "/git-pull?repo=https%3A%2F%2Fgithub.com%2FNeuroHackademy-2023%2Fcurriculum&urlpath=lab&branch=main" - enumMetadata: - interfaces: - - value: "/tree" - title: Classic Notebook - description: - The original single-document interface for creating - Jupyter Notebooks. - - value: "/lab" - title: JupyterLab - description: A Powerful next generation notebook interface - - value: "/git-pull?repo=https%3A%2F%2Fgithub.com%2FNeuroHackademy-2023%2Fcurriculum&urlpath=lab&branch=main" - title: Pull curriculum repo and redirect to /lab - description: Use ngbitpuller to pull https://github.com/NeuroHackademy-2023/curriculum and redirect to /lab afterwards From 2cf24bdef214083d0b6af0e1417c35f043965885 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 18 Dec 2023 19:30:58 -0800 Subject: [PATCH 192/494] Decom agu-binder AGU is over. I think the primary learning is that we can have this up and not attract cryptominers immediately :) Ref https://github.com/2i2c-org/infrastructure/issues/3508 --- config/clusters/2i2c/agu-binder.values.yaml | 128 ------------------ config/clusters/2i2c/cluster.yaml | 7 - .../2i2c/enc-agu-binder.secret.values.yaml | 24 ---- .../enc-neurohackademy.secret.values.yaml | 25 ---- terraform/gcp/projects/pilot-hubs.tfvars | 20 +-- 5 files changed, 1 insertion(+), 203 deletions(-) delete mode 100644 config/clusters/2i2c/agu-binder.values.yaml delete mode 100644 config/clusters/2i2c/enc-agu-binder.secret.values.yaml delete mode 100644 config/clusters/2i2c/enc-neurohackademy.secret.values.yaml diff --git a/config/clusters/2i2c/agu-binder.values.yaml b/config/clusters/2i2c/agu-binder.values.yaml deleted file mode 100644 index d2b9e9a143..0000000000 --- a/config/clusters/2i2c/agu-binder.values.yaml +++ /dev/null @@ -1,128 +0,0 @@ -binderhub: - dind: - # This has to be separate for each binderhub we run on the same cluster - hostSocketDir: /var/run/agu-binder/dind - hostLibDir: /var/lib/agu-binder/dind - ingress: - hosts: - - agu-binder.2i2c.cloud - tls: - - secretName: https-auto-tls - hosts: - - agu-binder.2i2c.cloud - registry: - url: https://us-central1-docker.pkg.dev - config: - DockerRegistry: - token_url: https://us-central1-docker.pkg.dev/v2/token?service= - BinderHub: - # The URL set as jupyterhub.ingress.hosts[0] in this config - auth_enabled: true - hub_url: https://hub.agu-binder.2i2c.cloud - image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/agu-binder-registry/ - template_path: /etc/binderhub/custom/templates - extra_static_path: /etc/binderhub/custom/static - extra_static_url_prefix: /extra_static/ - about_message: | -

agu-binder.2i2c.cloud is operated by the 2i2c team for AGU 2023.

- initContainers: - - name: git-clone-templates - image: alpine/git - args: - - clone - - --single-branch - - --branch=master - - --depth=1 - - -- - - https://github.com/2i2c-org/agu-binder-custom-templates - - /etc/binderhub/custom - securityContext: - runAsUser: 0 - volumeMounts: - - name: custom-templates - mountPath: /etc/binderhub/custom - extraVolumes: - - name: custom-templates - emptyDir: {} - extraVolumeMounts: - - name: custom-templates - mountPath: /etc/binderhub/custom - jupyterhub: - ingress: - enabled: true - hosts: - - hub.agu-binder.2i2c.cloud - tls: - - secretName: https-auto-tls-hub-binder - hosts: - - hub.agu-binder.2i2c.cloud - hub: - redirectToServer: false - services: - binder: - oauth_client_id: service-binderhub - oauth_no_confirm: true - oauth_redirect_uri: "https://agu-binder.2i2c.cloud/oauth_callback" - loadRoles: - user: - scopes: - - self - - "access:services" - extraConfig: - 01-orcid: | - def setup_orcid_username(authenticator, handler, authentication): - """ - Fish ORCID username from inside cilogon_user when used with ORCID - - There is no clear way to get just the ORCID id from CILogon, so we - have to do this. https://github.com/jupyterhub/oauthenticator/issues/712 - is the upstream report, we can get rid of this once that gets fixed. - """ - idp = authentication['auth_state']['cilogon_user']['idp'] - if idp == 'http://orcid.org/oauth/authorize': - # Only modify usernames if orcid is used - # oidc is of the form https://orcid.org/ - authentication['name'] = authentication['auth_state']['cilogon_user']['oidc'].split('/')[-1] - return authentication - - c.Authenticator.post_auth_hook = setup_orcid_username - - config: - BinderSpawner: - auth_enabled: true - JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - oauth_callback_url: "https://hub.agu-binder.2i2c.cloud/hub/oauth_callback" - allowed_idps: - http://google.com/accounts/o8/id: - username_derivation: - username_claim: "email" - http://orcid.org/oauth/authorize: - username_derivation: - username_claim: "given_name" - allow_all: true - http://github.com/login/oauth/authorize: - username_derivation: - username_claim: "preferred_username" - allow_all: true - Authenticator: - admin_users: - - choldgraf@2i2c.org - - colliand@2i2c.org - - damianavila@2i2c.org - - erik@2i2c.org - - georgianaelena@2i2c.org - - jmunroe@2i2c.org - - sgibson@2i2c.org - - yuvipanda@2i2c.org - singleuser: - nodeSelector: - 2i2c.org/community: agu-binder - extraTolerations: - - key: "2i2c.org/community" - operator: "Equal" - value: "agu-binder" - effect: "NoSchedule" - # to make notebook servers aware of hub - cmd: jupyterhub-singleuser diff --git a/config/clusters/2i2c/cluster.yaml b/config/clusters/2i2c/cluster.yaml index 9ba7478c07..28ff83d847 100644 --- a/config/clusters/2i2c/cluster.yaml +++ b/config/clusters/2i2c/cluster.yaml @@ -40,13 +40,6 @@ hubs: helm_chart_values_files: - binder-staging.values.yaml - enc-binder-staging.secret.values.yaml - - name: agu-binder - display_name: "2i2c AGU Demo Binder" - domain: agu-binder.2i2c.cloud - helm_chart: binderhub - helm_chart_values_files: - - agu-binder.values.yaml - - enc-agu-binder.secret.values.yaml - name: imagebuilding-demo display_name: "2i2c image building demo" domain: imagebuilding-demo.2i2c.cloud diff --git a/config/clusters/2i2c/enc-agu-binder.secret.values.yaml b/config/clusters/2i2c/enc-agu-binder.secret.values.yaml deleted file mode 100644 index 023edea190..0000000000 --- a/config/clusters/2i2c/enc-agu-binder.secret.values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -binderhub: - registry: - username: ENC[AES256_GCM,data:J8Do9728Flzx,iv:xc9O7QLsxCj1ihu+Sax2wNEBgT4rxt3gYhVhRkeVcgg=,tag:pG/ISFKpRJWGKFA49Qd11g==,type:str] - password: ENC[AES256_GCM,data:dhu+hO2hOscAza2eorsmyox4wWryu7UP5yj3dSfemnMoM966SekgB8dlvrDh2MIKpYf29IOLlocZET7X9FcI1MWSS3urMIvgmWkqTopvEdLYLAcinZ74Amu3UVfXvKy9GsT6jAK1MqEpCvMIQji4kpTckcIs+V3+tcv1swTqbUd9VVgiXe0XzwspW/P67LPHKHKl04Ib80bHfWguns5gJN6dvpBrRAjwQSi8EuAewOxEdDeEkdLgSJN7nBdhsm25rByTNyzRfNw2PLXH6mEyx9KW3WA1DyNgZ0wyuNfJeCdg2wCYnRVfh6oOs/VN8Hb5MvpoqNpY8BH9GBnIc+ArusUJJqr2bDI8zWob3AhRcO7MGUPhNtpqDgCvv1wVmAZFr505sxHiujQlCwWqstTTeni5ZO4IoheeEr/naS5nq2T6aQ38lY7hJMDBVZj2IsDW5uiHLdMHtDqBWJMCt9RhdI0IuqSJTap2QPabZ2y3eIpZwG1cw7ehwzTfYpLm59j0IPZnVKO5aKH+MTSc7Wv4GGk8B0SSygFdMudCQP8dYQ9MIXa3SF5jIaXgfLWaBL2BxGu71CIt8T4Nmy7kpB3ISzyLAaIXtysinPFnQn1dKWBRA8Mqtx1CMPZySth30l859bxUIj8gB56ZPWdEl9MXB44JmDd0KRUyTbb6k4ERMciv3W3tfFLr/LJdhr+rMvtX8P70h0qdkZd0aoSlayjr84NWw3Wm6AL16fDE96ct6RyjEliYj2pNjdTGCVQETUK+tCPiEYGkMCj9cAUQs3rvgOS17KJXEjKFecLGl2AOqQu/qWDpr4QCCYz/amf2eE3lJyf0hIk9keaDOPkWeAshYO/AlhmTrp+etrZrtb67fK0twINbzhySzBN6V3GXWLD/vpZdhxGgBqu+zzxkKuR+YOXfoSGfsDmqty3I8sQsLwz5tWob5OmrA2DWWER9Ns6CabMhKVdpXHXNkQzKVZI4uUjy2KOBaCGhSF+dbXG7w7OmXwfs9iS5nFXP00jps4swR1S14IjupPvkd8fIlGojxoW121OmKKU7k2mh9ydBbeC2CCb/VAYOuWCXrUW/nKcKBZknLw9PDWKRRHe/VEC/RpLolDIEYM4XEnwjzRsu3lSV2pNrqtKIHOqapneoSiuBP+aDJT3ID9HboArePOfCGrMxcTI3CqBkq/jTByJpjeUoc4bJ05KIWpyJ1TIPH1ZVwkOsbN0QnaaLhgIrxYBTY1K8ShRbbLLyvFAncGRKdNQy4O31q32DQYKefHSnJAQviT4LsLMRpilWiLLUk6g3hClnrVyIavQlUgITapy7Ug6CeF2kvyliRqe93PZHPBMm2FEH3sVUs7VZ8mx6xHSUqWReo8xbwRn6VG8wwf0VGhRMTY+GWi6+g21+qGPEuOuecqJHvHUgkSrV0e30odSVvw8qF7JYZ4HHpJTxwE4y82NT6UoG0Mq+8qd88ITYxvRAH1+nhaIQ6zbFYQjfb6xn2OVpmNKQgjqaIHxoP8ymvS/FM6+DDBDvy/w3gWNILXdNmAYllYdOYQDIV/35Rpzzuy4uykZoFmFbOZoQNYwfVcqi4pQ5w+zmsiP3IPMpi6N5FrVp+N38U2MjBx4VRZyAhuB3MlOVPeqphfMybednkrkiRnZHF8by6bdY9u1rnvz1fKMg2CSKZOq3IiuZ55ngzmXPQqtJZeqb0Z2UU9wukAlpebtiwn4nmdCCCykU6JHjA91h2Axgs1X5ELjFERgNxY5TgpU/BI4cj1fJZ7lHnEFL7OqeN31z2EfXntA1hY7/7ToRIR/dud/B+K5JB3s5TaUYioCez6WzKyoBZ23TALHH0mO+jmYlje2TFFtw4wvHKii5mAGO9xuSS4Rg8AYAxqHDr83zLFhkZUggrRc9Pd6U7AJtXiJzpx93YkoXbu4tV/orpcDV2bSgkyL68hD+N/ozMbLRauZZPKlNRxOx020uugGDoR7RwzwY10elVZqIDMd5OecExsW5/FhdNo1wA6Q1FSCkWJc31mNebRN5gIZr3PCxKSFw+LfosPHdnEW2UVi5SZcaT7Pic8JyzYUV6EKBv7dJNgULglhTgezZG3DWR/RuDwofvAJBys9m3vH+e9irrSJ08jI2+fjfAktEYi7ACE30G7LCbWV7HSi1m1MgBHwk3JjhAtoRl2+BjnAVJjOtdbk/UU0CeeAYMCmSoFkYeVHipEPW9O5m+Nwv3RVMteR610BrSx0QZmVnjfHYYNGnTWUcZ5q8Fm3InD0p+aYmZbp0fw9l9MGDzlmPCwztlIC91oh1JWcZVWXP8tVp9SguWszjKG/zNtnOEJ/llFfQQhY9zgNnxHyLCTZiiD+AV0ZW+bw/oeFEMP+6UOmmzRI9iAc/HMzQEHqS2UBqGmb3gzFebCv8Z4RkfEHyhZSpH6GXzRy+v1cvhcr5zgpBOuMlwloGC8FBbD5PDg2xELj/gYRdEyBaqgTXN0RgIe3a3W2mzd3n8Wb6oQyReFTrqe3LPqUDOR6LRgOlHQTkIKCCHTa+7P9Qyw/h79jC228o76QYk2tbCyNlaGAgqfiuqZnMsJ4xRauxNU/yY2KadYJdqsQAjojTXcIGoUQzv8XYipmUIdnJb9BQ0WmxYTr9WFpFD3+OoYatnHTziAyTL7S9aLBygZjdvteRy3yisFrrBlsBdKhVBDLjiX+9Y1BQ0HcDeaJ6rPKKyrDubivLweVvVLg8skH9BcSUeQfCeO+8Zg7blCywrMvh9Gr4vMl7xBAMp336qKz4NSikcPJDz53PBVbswFH6crYcphoynE5I8BPu2rwZm8AM8qdQdv9A2iXKITxq1PV01iuXPzN7HyGGqIWTtqmbZdxJKhnMOH+Et3C3Ie/WkRkMYaKlvaNelUyzFl84bSUFes+hJb8LhmfcHSjkQjJoE3IphVQMOjO5v0mVT+FPYnppRMFgEv3lvAPCt5dbIJs3Ya6B+ayLGDSL2OPYmq9nRCCi8XSvG47527NOLvggHysV+3jS6y9qIIJ3B29RoZebbujpdNRreaFeuUVyaQuNXuyne/0vgSQWQnnow/zDwoF6nEAUKDQIoeptSlLVaC0Tv1UHdW1WK5M/S27iS66kxh+95OOnqZtqWCdWdYGUO/fLpyIgnrjvxzGFP97U1zaD5hXfGAdx80T7G2ZOidKzt9wQ0R2bzCQ=,iv:rLpuwMEoJryf3Xh+MksFRhr3ekbCXyOm7kTsVFYuhUI=,tag:Qz/6pJh6WOPzbbz6yQ/CjA==,type:str] - jupyterhub: - hub: - config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:IB5AfR1TPYSoAbIPR2Uunb/nlqxZRHyR8NwhHDiJiYTMtKDrmPTB/7aEbvZVxK4DQq+E,iv:oODyyF9jfZwQF/4v1wNNsXFDK9cAWUYlhNw/EESWeDA=,tag:kuh1jICGg6TOPK9wVkYWtw==,type:str] - client_secret: ENC[AES256_GCM,data:grQBxNNENGKMe7Jm/bhrQFKgCmWUsvA16Kg0cDHHF7eVIaaMYNclNIsoZkEcTay/EVZfvjPgstG+t2j85kmAmVSz/PHQRFG5pOB5Lud9GWY28/ANCg4=,iv:duVks5blb7Yu1nvZk0eowndbNXNN87NKQMEEn89rOL0=,tag:5eL3ZWAMaj5535nfrX6MQA==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-12-06T23:25:45Z" - enc: CiUA4OM7eKXCQVwUHjh2yd/0/ogofhfHGPqvEvLmN24jAnxJFywOEkgAjTWv+niyZUOfBHbu09dctaM4bVQNHckAweQtdeuew5OY3Ienk1ivzRb7o37En5OvirSQn/4Xk/GsZ+R+ZzjKFM/2d1aTbKo= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-12-06T23:34:23Z" - mac: ENC[AES256_GCM,data:hGrhZGDCvpmACopyQsEBLt6gH/fzYwKIMcEL0DrJW9nBk1n1YBOD4TRRP6vnUwiTLbmGzIRPmjn5JeXmMgmogr/436JHifoexWmBTE+8iXoIRHHfBATjW1L/ivFk740Bp7bI1ZEkLbsKscssUiczM6GI5B7kbtNRf0BVxSHhkDU=,iv:axEVH1i9qb2YzDiuSw0V1+/p0b9W6uLvKF7tm8grZ0U=,tag:6bHKRcsI9bN2AuGeLeZR1g==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/2i2c/enc-neurohackademy.secret.values.yaml b/config/clusters/2i2c/enc-neurohackademy.secret.values.yaml deleted file mode 100644 index d423533381..0000000000 --- a/config/clusters/2i2c/enc-neurohackademy.secret.values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -jupyterhub: - hub: - config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:/V5zuwdVRd5ylEW1eB/kxskMkShJHCx7AefXpropYmD4fi8wvLux+VO+kpP6WnsQw+w5,iv:5j08+QLAFMf4Vt8r3i9lgGrX0syPv2Wr8yRbaEaakAM=,tag:1RH78JX6PkORH/aY8xu2/A==,type:str] - client_secret: ENC[AES256_GCM,data:QhunpQzs0wdrzHRAV66sF/yj+uvLBsNgS+xrZ+t31tXthqJyl/NK3w20h9xbMTVWZjwHpEJPDRvdXD52nHi/beNlEGSKVno3pLYgBmg0+mGlhQoVmlY=,iv:2xrJb182QTRSCldR9KxSvZADgfWA79WvdMDmKw75GsU=,tag:S7wKAdcLTqPmtIiTH+xY/g==,type:str] - singleuser: - extraFiles: - github-app-private-key.pem: - mountPath: ENC[AES256_GCM,data:Ov0lkLLSgJtZvjA2lnMrWmYbNemh13Pu0qSdkQOnahNkV0zsSvc=,iv:hvSLVxXAxXB44qP3kh6dX8hyUnlO5iDvjv5OOyay1u0=,tag:/QBW7Yq+jeSvqOAX4+OuPQ==,type:str] - stringData: ENC[AES256_GCM,data:c5/5NDR+I5tuIq69NSXQqJ0OyIA4sNM+ystkIQDYjwKUcqQ95GyVRryALpLkmR+WXRFDDzBQEEtFsIw2GtcbOd6+gdKIamMpdulqFonc3Ii9Wm86hqRUfDv4iNgZqnvWLBQ4VfOHLoIYF3eQ9AYmr3Ie25iCdNM9E3Iz8lrs8Uo+VSogcyheHtohsg8kdcaAs2u1crbLQqdtpeHZqvYgwxpI7L/E/pp1tEGPWq/H0I3X/gB4oBOSwYzWHvWFxn2Pd+lokklbZyCHsxxLiiieNhe4dsXaQh28sdwLD+dcVG/RCjLqf2n79c738rtmsbJRlySMxgcQut/RWy0REPDYo7QYHrjkxaiyMsVzw/araNsp5M2KddVdWIPz3jlLGh/3/WtxXW8zauYz7/0FAsGGYsyEjnJJyObdncd0MIFuKRt+hCwJP75+A3cghutw96jfRhIe5S8x+pZc5I48VKrRb0IpwKu3TN9pHCBWOoP9a5zj3uCKwYjJ8j1NjS0t9iqQ8J4CGmXkN/pyFxmuaJPiXYiMJwbuMu8aQ1xLIr+yUs/wmAvALhRuhb4eVVFND2PxVHDIyxzRhCsc2M6RwHYqny5YsqPaGzI4rBRhTYxp35OQRNXFonlU7ZJwiDH/NN1ogdPluTaiTnXmQV24xpOG6yN51D1A8S0TZxYc0+GxWM++39kQOYoC+VTBEZ5DQ9LtGMP0TinD6gdvAzun1Il7ZJEFFN+KzA7dalH2idfAdiYPlEwYaTaUpI0xqqO4sEKO0AVRqmdfrOMj+ItvK88LJRftryEnNzTmjFd8fVJztTGuuZeh4sO3scbgkJwVNNw4nu61qiY3OWFjoFy78PankpmhPz0sd8Jv00K9+L2WcrhL97b7Lrt4rW+Zdecc3nshzlnw2SrNRxMCrxRqqu61uEtB2KrsgkdOF/oLAa2jNlRvIFwxuZD3BItHzh683Orjfs07zVI5aHJ9Wgc5uBwMhzsQik8oGiYq8IHd1tBG2epWY3yhavyY6mzpUpCYPQyyqkW+w8cT0Wida1lCuuz0XBXX2zHdDP9YSCMXr5BMwB/fXQkhrhPqPgmpaU3IW5kXi3mYAHXZj99BnU6r7zd9X/crWaWh30SGGxaOOcfOBdNUQmdR2kZWgocrry5/CQS0Sqe3t3QZz0kf/vLFbKY4Fg76OOk0ngpXKDEo0bd17yoLu3/a3fSysRUXL+nb3FPC2Dd5DVqRd4+NulyiuClxei3x9pJPxaJu99HgGvpb0vrOSz1u0TyCmWLPRAP7T3gNAuQIbqnLr27ZlqoBv9ieIkpBXXLwdSD4SU34trT5PywxkRY9tpH0OCGUi4RsqPKWI7+Ky4AmlnjPwrgd2pcLah6XCZEiOjltlMXEQMooISV3ppBl36RDNh93jBTHLuZO9rqx1Nj4KwIQIPXkpLepxn+WbY0VVSra5EvcGvJArPVAGXTPd0J+ZRoKoRj7KU/Bmm6+aq1KrF42G+jxqDnUw+HTSxbbVDZol9kzcl14X7RbTvZTi1WWFcf1dKILeG/9erqBXGKzoYWR24fgAfvj+S1d0QO14VEoR00zhccYcxETdIoEB4rSmZsvwWFZsX5IhpqlBBZz5BqKbpFudIF4BXczm+POz0pbx08AqJozVYkXReFbZomOIbHR7kuUH2MZPUKOVpaBm19I3tLqu4aILkUwGRkmIBbzHoVxl7yTPHI2XuSqfCx8ES3lVqmE/9xBulUsm7ND9rC0PIRpB04cyIxiFaLQTpftAEV6TmXwWOQ08V05qZ7fxMheiUX4litsjOTuC2YeKGuzyfDU5lDkY4dCO+dyTMRRRQ4mIXtAYH+Jh9XZb1Px0mVsINxmAuocXEm1bk136kf/msH+EUi0AP00OZ/vE0C51YRinPnxtuJyorfQMYs+l8P7vVu+pd9pEkOjgk+YeO5Eq5wtGS2qZEJb7hn3wbTJi0f3VxpycNa/stEPwNBvEEwp0z/MeLnzREd+E9+StBNHT2rn/P7MyVb2rYetjOpx/Gw/sBhIO3ikav36MisTUgPtyCHZLubaz9yTvxgs0StvsR1c4oHm7WqKuWVL+EY39RJg3f4DadtjpEZA+eiLHhoNAJHEhH9+Tb8gDb5QL3kZ3sWG9Jq7/YuIDuUQBPpEg1MlvtzrAdlN/kZ+y8+55jJnnjz/AGdunBKxd1oOWt3ST8HsY3QplRF96B1l50V9aNRdku480ychV0XlUuUINqxcIQ==,iv:sc4DVogQTcMdwXZZIZZMsBB9uvAWhd+Q+DvwzIk6p4M=,tag:lkCRCcsYHO7yln81w43EJA==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-07-21T17:00:19Z" - enc: CiUA4OM7ePhQoduO2OVXLQZHWj5P2rxIIdvc+PDheYWgpiNqKbGXEkkAyiwFHHdw83axVZbD2yP0xoQX9PhnIJx0n9uyp6gmGLvBv1v6SMaXe9h/W998wg7WdAL60ht+x0+zJBMRHhbW/6ZrOan29G6D - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-21T17:00:19Z" - mac: ENC[AES256_GCM,data:BPdzh5EbcRD+yObsVXm0JwPqgJrEEIY3ZJCLy0KBGtY2WRMNdX9d6+vQ3YIlXDgBBMHi9x9eSMsH0cof0nsoOwrEnjV1jK/4I8eHQqIu+2aV3y8VrXTP0A2vZylN6bZKbfmjl7IzrtyikED4DXnakVKf2hR42XowPd+cnb56zBA=,iv:bqFW+rPT1ZxJ/x4wEfbte4nKp7yiRWSI6CXuiHkGYug=,tag:tJWPIeWVbN0SCpjwAPaNIA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 0ec2091301..6565c11ea6 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -54,25 +54,7 @@ notebook_nodes = { resource_labels : { "community" : "temple" }, - }, - "agu-binder" : { - min : 0, - max : 100, - machine_type : "n2-highmem-8", - node_version : "1.26.4-gke.1400", - disk_type : "pd-ssd", - labels : { - "2i2c.org/community" : "agu-binder" - }, - taints : [{ - key : "2i2c.org/community", - value : "agu-binder", - effect : "NO_SCHEDULE" - }], - resource_labels : { - "community" : "agu-binder" - }, - }, + } } # Setup a single node pool for dask workers. From 0e54e8af13bba928a60176ff11b8a0cd95cfa7bd Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 19 Dec 2023 11:32:43 -0800 Subject: [PATCH 193/494] Provide resource allocation options for HHMI I also had to update node-capacities, as otherwise the largest option doesn't actually spawn a node. Ref https://2i2c.freshdesk.com/a/tickets/1196 --- config/clusters/hhmi/common.values.yaml | 49 ++++++++++++++++--- .../node-capacity-info.json | 12 ++--- 2 files changed, 47 insertions(+), 14 deletions(-) diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index 9010da5f21..65a4f37fb3 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -88,6 +88,46 @@ basehub: description: "Spyglass-NWB container for the Loren Frank Lab" slug: lorenfrank profile_options: + requests: &profile_option_requests + display_name: Resource Allocation + choices: + mem_3_4: + display_name: 3.4 GB RAM, upto 3.477 CPUs + kubespawner_override: + mem_guarantee: 3644869120 + mem_limit: 3644869120 + cpu_guarantee: 0.434625 + cpu_limit: 3.477 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + default: true + mem_6_8: + display_name: 6.8 GB RAM, upto 3.477 CPUs + kubespawner_override: + mem_guarantee: 7289738240 + mem_limit: 7289738240 + cpu_guarantee: 0.86925 + cpu_limit: 3.477 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + mem_13_6: + display_name: 13.6 GB RAM, upto 3.477 CPUs + kubespawner_override: + mem_guarantee: 14579476480 + mem_limit: 14579476480 + cpu_guarantee: 1.7385 + cpu_limit: 3.477 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + mem_27_2: + display_name: 27.2 GB RAM, upto 3.477 CPUs + kubespawner_override: + mem_guarantee: 29158952960 + mem_limit: 29158952960 + cpu_guarantee: 3.477 + cpu_limit: 3.477 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 image: display_name: Image unlisted_choice: @@ -107,6 +147,7 @@ basehub: description: "Start a container with a community maintained image" slug: community profile_options: + requests: *profile_option_requests image: display_name: Image choices: @@ -140,14 +181,6 @@ basehub: default_url: /desktop # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 image: "quay.io/jupyter-remote-desktop-proxy/qgis:2023-09-27" - nodeSelector: - node.kubernetes.io/instance-type: n2-highmem-16 - cpu: - guarantee: 0.5 - limit: 14 - memory: - guarantee: 4G - limit: 16G hub: allowNamedServers: true config: diff --git a/deployer/commands/generate/resource_allocation/node-capacity-info.json b/deployer/commands/generate/resource_allocation/node-capacity-info.json index 758a7d8d48..2566393828 100644 --- a/deployer/commands/generate/resource_allocation/node-capacity-info.json +++ b/deployer/commands/generate/resource_allocation/node-capacity-info.json @@ -30,19 +30,19 @@ "n2-highmem-4": { "capacity": { "cpu": 4.0, - "memory": 33672949760 + "memory": 33669926912 }, "allocatable": { "cpu": 3.92, - "memory": 29786927104 + "memory": 29783904256 }, "measured_overhead": { - "cpu": 0.435, - "memory": 488636416 + "cpu": 0.443, + "memory": 624951296 }, "available": { - "cpu": 3.485, - "memory": 29298290688 + "cpu": 3.477, + "memory": 29158952960 } }, "r5.4xlarge": { From 2e7e670e5b3bd1aa9bc1fffd6bb81ff6760b75fe Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Wed, 20 Dec 2023 11:07:11 -0600 Subject: [PATCH 194/494] Update org url for GHG --- config/clusters/nasa-ghg/common.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index 83580a08cf..7aefe23c1a 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -24,7 +24,7 @@ basehub: org: name: "U.S. Greenhouse Gas Center" logo_url: https://raw.githubusercontent.com/US-GHG-Center/ghgc-docs/b818ba6fdd3c43ede04b110975bf39d248c40df6/Logo/ghg-logo.svg - url: https://ghg.center + url: https://earth.gov/ghgcenter designed_by: name: "2i2c" url: https://2i2c.org @@ -33,7 +33,7 @@ basehub: url: https://2i2c.org funded_by: name: "U.S. Greenhouse Gas Center" - url: https://ghg.center + url: https://earth.gov/ghgcenter hub: allowNamedServers: true config: From 8c32468412679332f6fb587b37cbdb6986b23635 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 21 Dec 2023 11:25:59 -0800 Subject: [PATCH 195/494] Decomission carbonplan hub Fixes https://github.com/2i2c-org/infrastructure/issues/3483 --- .../workflows/deploy-grafana-dashboards.yaml | 1 - .github/workflows/deploy-hubs.yaml | 1 - config/clusters/carbonplan/cluster.yaml | 35 --- config/clusters/carbonplan/common.values.yaml | 255 ------------------ .../enc-deployer-credentials.secret.json | 25 -- .../carbonplan/enc-grafana-token.secret.yaml | 15 -- .../carbonplan/enc-prod.secret.values.yaml | 21 -- .../carbonplan/enc-staging.secret.values.yaml | 21 -- .../carbonplan/enc-support.secret.values.yaml | 22 -- config/clusters/carbonplan/prod.values.yaml | 11 - .../clusters/carbonplan/staging.values.yaml | 11 - .../clusters/carbonplan/support.values.yaml | 39 --- .../daemonset_requests.yaml | 6 - docs/howto/upgrade-cluster/aws.md | 2 +- docs/sre-guide/node-scale-up/aws.md | 4 +- docs/topic/infrastructure/config.md | 1 - eksctl/carbonplan.jsonnet | 165 ------------ eksctl/ssh-keys/carbonplan.key.pub | 1 - eksctl/ssh-keys/secret/carbonplan.key | 21 -- terraform/aws/projects/carbonplan.tfvars | 5 - 20 files changed, 2 insertions(+), 660 deletions(-) delete mode 100644 config/clusters/carbonplan/cluster.yaml delete mode 100644 config/clusters/carbonplan/common.values.yaml delete mode 100644 config/clusters/carbonplan/enc-deployer-credentials.secret.json delete mode 100644 config/clusters/carbonplan/enc-grafana-token.secret.yaml delete mode 100644 config/clusters/carbonplan/enc-prod.secret.values.yaml delete mode 100644 config/clusters/carbonplan/enc-staging.secret.values.yaml delete mode 100644 config/clusters/carbonplan/enc-support.secret.values.yaml delete mode 100644 config/clusters/carbonplan/prod.values.yaml delete mode 100644 config/clusters/carbonplan/staging.values.yaml delete mode 100644 config/clusters/carbonplan/support.values.yaml delete mode 100644 eksctl/carbonplan.jsonnet delete mode 100644 eksctl/ssh-keys/carbonplan.key.pub delete mode 100644 eksctl/ssh-keys/secret/carbonplan.key delete mode 100644 terraform/aws/projects/carbonplan.tfvars diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index a64a38e63f..58728a372c 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -16,7 +16,6 @@ jobs: - cluster_name: 2i2c-uk - cluster_name: awi-ciroh - cluster_name: callysto - - cluster_name: carbonplan - cluster_name: catalystproject-africa - cluster_name: catalystproject-latam - cluster_name: cloudbank diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index f91acf5e3e..7290b609d1 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -182,7 +182,6 @@ jobs: outputs: failure_2i2c: "${{ env.failure_2i2c }}" failure_2i2c-uk: "${{ env.failure_2i2c-uk }}" - failure_carbonplan: "${{ env.failure_carbonplan }}" failure_cloudbank: "${{ env.failure_cloudbank }}" failure_leap: "${{ env.failure_leap }}" failure_meom-ige: "${{ env.failure_meom-ige }}" diff --git a/config/clusters/carbonplan/cluster.yaml b/config/clusters/carbonplan/cluster.yaml deleted file mode 100644 index cdfd40b9a1..0000000000 --- a/config/clusters/carbonplan/cluster.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: carbonplan -provider: aws # https://631969445205.signin.aws.amazon.com/console -account: "631969445205" -aws: - key: enc-deployer-credentials.secret.json - clusterType: eks - clusterName: carbonplanhub - region: us-west-2 -support: - helm_chart_values_files: - - support.values.yaml - - enc-support.secret.values.yaml -hubs: - - name: staging - display_name: "Carbon Plan (AWS, staging)" - domain: staging.carbonplan.2i2c.cloud - helm_chart: daskhub - helm_chart_values_files: - # The order in which you list files here is the order the will be passed - # to the helm upgrade command in, and that has meaning. Please check - # that you intend for these files to be applied in this order. - - common.values.yaml - - staging.values.yaml - - enc-staging.secret.values.yaml - - name: prod - display_name: "Carbon Plan (AWS, prod)" - domain: carbonplan.2i2c.cloud - helm_chart: daskhub - helm_chart_values_files: - # The order in which you list files here is the order the will be passed - # to the helm upgrade command in, and that has meaning. Please check - # that you intend for these files to be applied in this order. - - common.values.yaml - - prod.values.yaml - - enc-prod.secret.values.yaml diff --git a/config/clusters/carbonplan/common.values.yaml b/config/clusters/carbonplan/common.values.yaml deleted file mode 100644 index f2aaaecd4f..0000000000 --- a/config/clusters/carbonplan/common.values.yaml +++ /dev/null @@ -1,255 +0,0 @@ -basehub: - nfs: - pv: - # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html - mountOptions: - - rsize=1048576 - - wsize=1048576 - - timeo=600 - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - retrans=2 - - noresvport - serverIP: fs-8a4e4f8d.efs.us-west-2.amazonaws.com - baseShareName: / - jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - homepage: - templateVars: - org: - name: Carbon Plan - logo_url: https://pbs.twimg.com/profile_images/1262387945971101697/5q_X3Ruk_400x400.jpg - url: https://carbonplan.org - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: Carbon Plan - url: https://carbonplan.org - singleuser: - serviceAccountName: cloud-user-sa - image: - name: carbonplan/trace-python-notebook - profileList: - # The mem-guarantees are here so k8s doesn't schedule other pods - # on these nodes. - - display_name: "Small: r5.large" - description: "~2 CPU, ~15G RAM" - slug: "small" - default: true - profile_options: &profile_options - image: - display_name: Image - choices: - benchmark-maps: - display_name: Benchmark Maps - slug: "carbonplan" - kubespawner_override: - # Source: https://github.com/carbonplan/benchmark-maps - image: quay.io/carbonplan/benchmark-maps:latest - carbonplan-notebook: - display_name: Carbonplan Notebook - default: true - slug: "carbonplan" - kubespawner_override: - # Source: https://github.com/carbonplan/envs - image: quay.io/carbonplan/carbonplan-notebook:latest - forest-offset-fires: - display_name: Forest Offset Fires - slug: forest-offset-fires - kubespawner_override: - image: quay.io/carbonplan/forest-offsets-fires:latest - tensorflow: - display_name: Pangeo Tensorflow ML Notebook - slug: "tensorflow" - kubespawner_override: - image: "pangeo/ml-notebook:2023.10.24" - base-notebook: - display_name: Pangeo Base Notebook - slug: "base-notebook" - kubespawner_override: - image: "pangeo/base-notebook:2023.10.24" - pangeo-notebook: - display_name: Pangeo Notebook - slug: "pangeo-notebook" - kubespawner_override: - image: "pangeo/pangeo-notebook:2023.10.24" - kubespawner_override: - # Expllicitly unset mem_limit, so it overrides the default memory limit we set in - # basehub/values.yaml - mem_limit: null - mem_guarantee: 12G - node_selector: - node.kubernetes.io/instance-type: r5.large - - display_name: "Medium: r5.xlarge" - description: "~4 CPU, ~30G RAM" - profile_options: *profile_options - kubespawner_override: - mem_limit: null - mem_guarantee: 29G - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - - display_name: "Large: r5.2xlarge" - description: "~8 CPU, ~60G RAM" - profile_options: *profile_options - kubespawner_override: - mem_limit: null - mem_guarantee: 60G - node_selector: - node.kubernetes.io/instance-type: r5.2xlarge - - display_name: "Huge: r5.8xlarge" - description: "~32 CPU, ~256G RAM" - profile_options: *profile_options - kubespawner_override: - mem_limit: null - mem_guarantee: 240G - node_selector: - node.kubernetes.io/instance-type: r5.8xlarge - - display_name: "Very Huge: x1.16xlarge" - description: "~64 CPU, ~976G RAM" - profile_options: *profile_options - kubespawner_override: - mem_limit: null - mem_guarantee: 940G - node_selector: - node.kubernetes.io/instance-type: x1.16xlarge - - display_name: "Very Very Huge: x1.32xlarge" - description: "~128 CPU, ~1952G RAM" - profile_options: *profile_options - kubespawner_override: - mem_limit: null - mem_guarantee: 1900G - node_selector: - node.kubernetes.io/instance-type: x1.32xlarge - - display_name: "GPU" - description: | - ~4CPUs, Nvidia T4 GPU, 14G of RAM. - profile_options: - image: - display_name: Image - choices: - tensorflow: - display_name: Pangeo Tensorflow ML Notebook - slug: "tensorflow" - kubespawner_override: - image: "pangeo/ml-notebook:2023.02.27" - pytorch: - display_name: Pangeo PyTorch ML Notebook - default: true - slug: "pytorch" - kubespawner_override: - image: "pangeo/pytorch-notebook:2023.02.27" - benchmark-maps: - display_name: Benchmark Maps - slug: "carbonplan" - kubespawner_override: - # Source: https://github.com/carbonplan/benchmark-maps - image: quay.io/carbonplan/benchmark-maps:latest - kubespawner_override: - environment: - NVIDIA_DRIVER_CAPABILITIES: compute,utility - mem_limit: null - extra_resource_limits: - nvidia.com/gpu: "1" - mem_guarantee: 14G - node_selector: - node.kubernetes.io/instance-type: g4dn.xlarge - scheduling: - userScheduler: - enabled: true - proxy: - chp: - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 1 - memory: 512Mi - hub: - resources: - requests: - cpu: 100m - memory: 512Mi - limits: - cpu: 1 - memory: 1Gi - allowNamedServers: true - config: - JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - allowed_idps: - http://github.com/login/oauth/authorize: - default: true - username_derivation: - username_claim: "preferred_username" - OAuthenticator: - # WARNING: Don't use allow_existing_users with config to allow an - # externally managed group of users, such as - # GitHubOAuthenticator.allowed_organizations, as it breaks a - # common expectations for an admin user. - # - # The broken expectation is that removing a user from the - # externally managed group implies that the user won't have - # access any more. In practice the user will still have - # access if it had logged in once before, as it then exists - # in JupyterHub's database of users. - # - allow_existing_users: True - Authenticator: - # WARNING: Removing a user from admin_users or allowed_users doesn't - # revoke admin status or access. - # - # OAuthenticator.allow_existing_users allows any user in the - # JupyterHub database of users able to login. This includes - # any previously logged in user or user previously listed in - # allowed_users or admin_users, as such users are added to - # JupyterHub's database on startup. - # - # To revoke admin status or access for a user when - # allow_existing_users is enabled, first remove the user from - # admin_users or allowed_users, then deploy the change, and - # finally revoke the admin status or delete the user via the - # /hub/admin panel. - # - admin_users: - - maxrjones - -dask-gateway: - traefik: - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - controller: - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi - gateway: - backend: - scheduler: - extraPodConfig: - serviceAccountName: cloud-user-sa - worker: - extraPodConfig: - serviceAccountName: cloud-user-sa - resources: - requests: - cpu: 0.5 - memory: 512Mi - limits: - cpu: 2 - memory: 4Gi diff --git a/config/clusters/carbonplan/enc-deployer-credentials.secret.json b/config/clusters/carbonplan/enc-deployer-credentials.secret.json deleted file mode 100644 index 47a5fbbb3d..0000000000 --- a/config/clusters/carbonplan/enc-deployer-credentials.secret.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:al0s8YCkle85pguzIGCzFFOiS28=,iv:/KifdsAttkhV0GYNsYsNNMlCaJTNyqoNpVuZ4DDrTsE=,tag:WRBj1WZmrrm10vCMv6+Z0Q==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:sdJC4HrDKoPwFwycESdoLl/IYNdY1hX+cp6QPDJheAxMM70OrmW7EQ==,iv:D8ihv0tO91q/2FS9I8Ruy9xG/J+1FkHypCDQNmqTosQ=,tag:NISFPYlrBs9HMjWCzXm5aw==,type:str]", - "UserName": "ENC[AES256_GCM,data:0FObrzV9PIGBED65pw61//FuOjJicck=,iv:UXMhO5XGVXcJGZTQMtLNOJdG7WZh+EbS2VNcWoef6A4=,tag:Qoq4z5eSHBZAEHek+pHT3Q==,type:str]" - }, - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2021-12-15T13:46:57Z", - "enc": "CiQA4OM7eFuB8u3cx5iw89KqzlzdyNXWBhwxBi4h43agspUXpgcSSQAZvYDZ/ltRKEi0dhuvDnmvvT2B5axUG1JQa6icIFO+XvApmbii2psG3cmyTEsZ2bJj7aP37qQHSSZedD8tOsSSGbFWJEnFXzE=" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2021-12-15T13:46:58Z", - "mac": "ENC[AES256_GCM,data:HAmrHlFs7ptLEQQYpWNp+Dynw7SEXa3fMu8dBQqzm2/N7cgMPfH6P8ATsJ48FpVZ+mgkpxh/ynsmT7n+XTozTgliV4+GqvQ6dVNGx9V7B2ojqefJeQfQixRN3aLcVWQzkCx0stxBUTtj31JHxIrqyZCsvMmsB2Nh5FkHMiOSHbI=,iv:surqqycx42e/zv3ykYPzJ0XyO83/1jBY5nAGOTWvglk=,tag:K+CAfTxTHq4qcKlBDHqZVA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/config/clusters/carbonplan/enc-grafana-token.secret.yaml b/config/clusters/carbonplan/enc-grafana-token.secret.yaml deleted file mode 100644 index a43e1fc78f..0000000000 --- a/config/clusters/carbonplan/enc-grafana-token.secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -grafana_token: ENC[AES256_GCM,data:b7qXzq1dhyQ6soQ0Mgc6GmPDpLjUeW7wjCQySGP+fxGCErIaJv3VWTtJ9AwluA==,iv:hHtoYhwmnYkdimGWrnCQM3VfGzgNCO+JJQmVtJdw6Hs=,tag:gtYdCERBitJz5jdFMGP25A==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-11-24T12:31:50Z" - enc: CiUA4OM7eCdk7ahwDlGRyIKHJWbWPKNfssNPw82HPUP/Zr2iiRdXEkkA+0T9hcB/6aZgFMu10Bfk6yuSlIICorOqk579MEn/hCYJ75v+IM+/OiLWHinzkNfANXo8rfN4Euu+Y9XSBQKyoBzdbnAJpw1r - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-11-24T12:31:50Z" - mac: ENC[AES256_GCM,data:SFFmU454wN4+utIT7gBfcGBs6Z2n9Nqr4VWZp5lUglWtKZpU+Iy1D/pUkZKNtkEKNMIEh5aPOukzJU/mB+Nfw9C6drwfRInxE5mrJ8IUbOzbtymYFyXguDvCDNuaqq1Hc3loRvcsEgiHEvzTwVEAB+QzvWcGg4zhbnjmIGt7wIw=,iv:bVurJbaQGdmBTnWxbCoziIHOkQVqDzxiIIA+f7ocF5c=,tag:qOa1ss5ArSGQkQwLTFe8+A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/carbonplan/enc-prod.secret.values.yaml b/config/clusters/carbonplan/enc-prod.secret.values.yaml deleted file mode 100644 index 52111e99f1..0000000000 --- a/config/clusters/carbonplan/enc-prod.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:/4HJhFT25M7ndaNmZxsLS0yiUk9NcK3nf/ssu955tl0Zv5P3byfvv6O8yZZFiiGC2iDs,iv:6SOLvSpzaVtWnLnevTFqxAvbGo72ltdSf2w0fjXWYfs=,tag:vuCGGSxb7cvycCds2cbPOQ==,type:str] - client_secret: ENC[AES256_GCM,data:vWWpb9s3IlfFc4knSxKZf3mKv6e+7T7UBV5Hvfgv8l0wRAi5K4gNdvqii36KnXKZGbWnpiteyJLM5YQG0/jb4+IVTNwP9Z7xPgLnYFIYfdN5X8korW8=,iv:fG0I2Ml/t4SXeWTFIBCK3Qr/KNmD1oyw1H/OJ/Yr0h4=,tag:PolCnlCTjbWUSCLHWM9XrQ==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-03-10T14:14:44Z" - enc: CiUA4OM7eD4iOZT4U7dV7NF3Qz+HFISftGGIJZe/pjwxdAVjKwB9EkkALQgViLUlYBZm/1bByIkZRr8hJuququgDwHgT2RdjuY+rZ8bp0sUMiMhKZZsSksndfUdvLxTNqaNoytb0mG8aX6dIC2OkIvLY - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-03-10T14:14:44Z" - mac: ENC[AES256_GCM,data:NgmHdg0us7qAkwUDvHuVguESVDEbypia8EurIjnYwJQl+LNeB94Mh9e5bozKm8Q0kNG+BehfVdHAMD7zp4EHQNK5pLern+cMSqFbYQHo5mmtEfSLwGuS6UT9fBqyz6u8QBOeT9DXmLzSpkM4jBVd2usGocJfCWB+XbVifufIB6s=,iv:/84ExBaYTMC+MQgjjTjROCJ4d7o2Tr1Il7aERq57Sbg=,tag:istl5p8nT/78L0zle5FA8Q==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/carbonplan/enc-staging.secret.values.yaml b/config/clusters/carbonplan/enc-staging.secret.values.yaml deleted file mode 100644 index 7295a07941..0000000000 --- a/config/clusters/carbonplan/enc-staging.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:RhYGqIFvGPOq4aHJSRz2pGDH8YLOQzg+NFuObc9eazFGpM+C9SRI4TEZWfks/39PD88=,iv:VVd35loojo3vQIF/92EHonFae+x85xNYKjUucsbckkI=,tag:Tqag3Y0n0z7nGXwMmVYEFQ==,type:str] - client_secret: ENC[AES256_GCM,data:l+y8jLy9EoR1uzlWJJqgYh7GAtfHnn4NqdsyK9X2a/MrSNa86hZwMgt9XvK/JZDF/dzDgSsaJENjxmes4zX4iJKIC8yt/Qe0fEQf1zwfDQyXorWeNGA=,iv:irTeXTMsp6kfdPa1tuTQiSDUfWidhwHc8JoualdMux4=,tag:/WH5e9tZef4/CrPkJgpm5Q==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-03-10T14:04:09Z" - enc: CiUA4OM7eHEt0MqxHR+EYGCDUMJKPZgV74ZOx02eHJVOjAISjn7oEkkALQgViEwwaN2limZaQCEwfo6f7apJ/qpQCxMuoaGdyDzsFT7VSDW9jAMUdLbDOQ21FQox5SHqk50U20POOLbh/2jV+or22NKK - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-03-10T14:04:10Z" - mac: ENC[AES256_GCM,data:qsusV0yGD696dwiquL2KbkvzI+y7X4w6hHUVw/Wt16r3AcsUfoF8Yup95CP0k1hy+bUgs1yBZDTlv37M8PoATyMxPz5i8FDN9c+6an+DMro6jSAW9YuyQWbjIHvk2dfnlwTwVno9HgkMY0fsfezcTSEgyQEHGTnOXMHBMcVpVTY=,iv:7l30DOvO3zSym2VbwBAljVtqFX9ClJikV2N9vbmk6IY=,tag:+ON9dRxz9Sf9KENkV7DLbQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/carbonplan/enc-support.secret.values.yaml b/config/clusters/carbonplan/enc-support.secret.values.yaml deleted file mode 100644 index aabff54ea6..0000000000 --- a/config/clusters/carbonplan/enc-support.secret.values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -prometheusIngressAuthSecret: - username: ENC[AES256_GCM,data:TSCjdYydQsYNp5otbeAzcDi/H1TdjbilhNfzd31FJ+mGIl+LE6DwHN+04NTcEqIKGprWWSqesPCKWcsGw++jQA==,iv:mlN6ku7DKTckZeOU3PXCuAPGbrhNF06N5M04NIBmOEo=,tag:0Ze7D7IoK/F3V5FjcbLUDA==,type:str] - password: ENC[AES256_GCM,data:yXZqIHPziZLUN2WG/yWotx72kbESAAx5zwNIgPzlDFmqegP62hUIWY8uwFSjpVl8PIQ4MSLgorrbm6Pq7eHu3w==,iv:w9MghOkbt5RoTXlh9jyemGalyB0COWpP/lzdgWm3ehI=,tag:k5f1Nq4yZzS8bTN2Lcl6Iw==,type:str] -grafana: - grafana.ini: - auth.github: - client_id: ENC[AES256_GCM,data:nxrFL8XmiKnYa5YPrinCNW6rOqw=,iv:c/W9a0TM29vLD3DxdsNaxW7u84/umHNhqdHkhvXfBUI=,tag:YzErxTXHMCxoxHyN8MgxwA==,type:str] - client_secret: ENC[AES256_GCM,data:Ycqb/J+LpIqulB5+Ez3M1L82o6pokuXUS1dnmVI2/sYFAianMza3YQ==,iv:0RRD0G3t+gjFY+y3k8CrcaSKSHcxyYxoT24TOVGNIUQ=,tag:aF6yp5U6bCZv5WbDxUkaJA==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-03-14T20:52:44Z" - enc: CiQA4OM7ePN/ZgJmtIYEoB1ZHMhPemM2vyl27kulBJz9wBmVjOESSQDm5XgWzNXvG+C9q/QRT2lYsd1gv25NK/2pYVT19BRvjNY7m7UhSnzJX26qwxjmFqrnKelSkZYnGOI4V838yyUoyNohhvtuouc= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-02-08T14:00:59Z" - mac: ENC[AES256_GCM,data:bXDsN9d54w4IgLpMbhYgqR7JN8ApuQJs8lAC1XgAf4UtH6OSZlBAgE29oVj90tZ5ttPwKgMBHByMCp1i3wEVgaRf0yPV778j9abUR02tY3vfgT+KGESOMsIIMiMldQIj9ut0/jY6dziboe8T1bn4BoFBAtuP2IvDpwTVdA/Snn0=,iv:HUOjJEXKE4bPGyVMvxAL/6zhWTF7MdsCfk8AQzpa3vE=,tag:mTszwRrT8JI/uXFc28FsGg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/config/clusters/carbonplan/prod.values.yaml b/config/clusters/carbonplan/prod.values.yaml deleted file mode 100644 index a8f4b3e428..0000000000 --- a/config/clusters/carbonplan/prod.values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -basehub: - jupyterhub: - ingress: - hosts: [carbonplan.2i2c.cloud] - tls: - - hosts: [carbonplan.2i2c.cloud] - secretName: https-auto-tls - hub: - config: - CILogonOAuthenticator: - oauth_callback_url: "https://carbonplan.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/carbonplan/staging.values.yaml b/config/clusters/carbonplan/staging.values.yaml deleted file mode 100644 index 64c03a33c2..0000000000 --- a/config/clusters/carbonplan/staging.values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -basehub: - jupyterhub: - ingress: - hosts: [staging.carbonplan.2i2c.cloud] - tls: - - hosts: [staging.carbonplan.2i2c.cloud] - secretName: https-auto-tls - hub: - config: - CILogonOAuthenticator: - oauth_callback_url: "https://staging.carbonplan.2i2c.cloud/hub/oauth_callback" diff --git a/config/clusters/carbonplan/support.values.yaml b/config/clusters/carbonplan/support.values.yaml deleted file mode 100644 index 6a60e6eeec..0000000000 --- a/config/clusters/carbonplan/support.values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -prometheusIngressAuthSecret: - enabled: true - -prometheus: - server: - ingress: - enabled: true - hosts: - - prometheus.carbonplan.2i2c.cloud - tls: - - secretName: prometheus-tls - hosts: - - prometheus.carbonplan.2i2c.cloud - resources: - requests: - memory: 8Gi - limits: - memory: 8Gi - -cluster-autoscaler: - enabled: true - autoDiscovery: - clusterName: carbonplanhub - awsRegion: us-west-2 - -grafana: - grafana.ini: - server: - root_url: https://grafana.carbonplan.2i2c.cloud/ - auth.github: - enabled: true - allowed_organizations: 2i2c-org - ingress: - hosts: - - grafana.carbonplan.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.carbonplan.2i2c.cloud diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml index 3e8e1850cf..ef9e94e15f 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml @@ -99,12 +99,6 @@ eks: cpu_requests: 170m memory_requests: 250Mi k8s_version: v1.25.12-eks-2d98532 - carbonplan: - requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: "" - cpu_requests: 170m - memory_requests: 250Mi - k8s_version: v1.24.16-eks-2d98532 catalystproject-africa: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" diff --git a/docs/howto/upgrade-cluster/aws.md b/docs/howto/upgrade-cluster/aws.md index 05e0fa23c7..11251368cc 100644 --- a/docs/howto/upgrade-cluster/aws.md +++ b/docs/howto/upgrade-cluster/aws.md @@ -136,7 +136,7 @@ where the version must be updated. ```yaml { - name: "carbonplanhub", + name: "openscapeshub", region: clusterRegion, version: '1.27' } diff --git a/docs/sre-guide/node-scale-up/aws.md b/docs/sre-guide/node-scale-up/aws.md index c0ec4c80a0..25089129f9 100644 --- a/docs/sre-guide/node-scale-up/aws.md +++ b/docs/sre-guide/node-scale-up/aws.md @@ -13,11 +13,9 @@ server startup faster. To scale all nodepools, locate the `minSize` property of the `nb` node group and change the value to what you want. An example can be found here: - + 2. **Scale a specific nodepool.** If you only wish to scale a specific nodepool, you can add the `minSize` property to the local `notebookNodes` variable next to the `instanceType` that you wish to scale. - An example can be found here: - ```{warning} It is currently unclear if *lowering* the `minSize` property just allows diff --git a/docs/topic/infrastructure/config.md b/docs/topic/infrastructure/config.md index 459e0d45e4..87a563c4ac 100644 --- a/docs/topic/infrastructure/config.md +++ b/docs/topic/infrastructure/config.md @@ -69,7 +69,6 @@ A hub's helm chart values file can be encrypted as well, following the naming co Where we run dedicated clusters that only host a `staging` and `prod` hub, we aggregate all helm chart values shared by each hub into a `common.values.yaml` file, and then describe the helm chart values specific to either `staging` or `prod` with a `staging.values.yaml` or `prod.values.yaml` file respectively. See the [Pangeo config](https://github.com/2i2c-org/infrastructure/blob/HEAD/config/clusters/pangeo-hubs/cluster.yaml) for an example. -This may lead to cases where two hubs on the same cluster use the same config for the `staging` and `prod` hubs, see the [Carbon Plan config](https://github.com/2i2c-org/infrastructure/blob/HEAD/config/clusters/carbonplan/cluster.yaml) as an example. ### Conventions for our configuration structure diff --git a/eksctl/carbonplan.jsonnet b/eksctl/carbonplan.jsonnet deleted file mode 100644 index 7064246d0b..0000000000 --- a/eksctl/carbonplan.jsonnet +++ /dev/null @@ -1,165 +0,0 @@ -/* - This file is a jsonnet template of a eksctl's cluster configuration file, - that is used with the eksctl CLI to both update and initialize an AWS EKS - based cluster. - - This file has in turn been generated from eksctl/template.jsonnet which is - relevant to compare with for changes over time. - - To use jsonnet to generate an eksctl configuration file from this, do: - - jsonnet carbonplan.jsonnet > carbonplan.eksctl.yaml - - References: - - https://eksctl.io/usage/schema/ -*/ -local ng = import "./libsonnet/nodegroup.jsonnet"; - -// place all cluster nodes here -local clusterRegion = "us-west-2"; -local masterAzs = ["us-west-2a", "us-west-2b", "us-west-2c"]; -local nodeAz = "us-west-2a"; - -// List of namespaces where we have hubs deployed -// Each will get a ServiceAccount that will get credentials to talk -// to AWS services, via https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html -local namespaces = ['staging', 'prod']; - -// Node definitions for notebook nodes. Config here is merged -// with our notebook node definition. -// A `node.kubernetes.io/instance-type label is added, so pods -// can request a particular kind of node with a nodeSelector -local notebookNodes = [ - { instanceType: "r5.large" }, - { instanceType: "r5.xlarge" }, - { instanceType: "r5.2xlarge" }, - { instanceType: "r5.8xlarge" }, - { instanceType: "x1.16xlarge" }, - { instanceType: "x1.32xlarge" }, - { - instanceType: "g4dn.xlarge", minSize: 0, - tags+: { - "k8s.io/cluster-autoscaler/node-template/resources/nvidia.com/gpu": "1" - }, - }, -]; - -local daskNodes = [ - // Node definitions for dask worker nodes. Config here is merged - // with our dask worker node definition, which uses spot instances. - // A `node.kubernetes.io/instance-type label is set to the name of the - // *first* item in instanceDistribution.instanceTypes, to match - // what we do with notebook nodes. Pods can request a particular - // kind of node with a nodeSelector - // - // A not yet fully established policy is being developed about using a single - // node pool, see https://github.com/2i2c-org/infrastructure/issues/2687. - // - { instancesDistribution+: { instanceTypes: ["r5.4xlarge"] }}, -]; - -{ - apiVersion: 'eksctl.io/v1alpha5', - kind: 'ClusterConfig', - metadata+: { - name: "carbonplanhub", - region: clusterRegion, - version: '1.27' - }, - availabilityZones: masterAzs, - iam: { - withOIDC: true, - - serviceAccounts: [{ - metadata: { - name: "cloud-user-sa", - namespace: namespace - }, - attachPolicyARNs:[ - "arn:aws:iam::aws:policy/AmazonS3FullAccess" - ], - } for namespace in namespaces], - }, - // If you add an addon to this config, run the create addon command. - // - // eksctl create addon --config-file=carbonplan.eksctl.yaml - // - addons: [ - { - // aws-ebs-csi-driver ensures that our PVCs are bound to PVs that - // couple to AWS EBS based storage, without it expect to see pods - // mounting a PVC failing to schedule and PVC resources that are - // unbound. - // - // Related docs: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html - // - name: 'aws-ebs-csi-driver', - version: "latest", - wellKnownPolicies: { - ebsCSIController: true, - }, - }, - ], - nodeGroups: [ - ng + { - namePrefix: 'core', - nameSuffix: 'a', - nameIncludeInstanceType: false, - availabilityZones: [nodeAz], - ssh: { - publicKeyPath: 'ssh-keys/carbonplan.key.pub' - }, - instanceType: "m5.xlarge", - minSize: 1, - maxSize: 6, - labels+: { - "hub.jupyter.org/node-purpose": "core", - "k8s.dask.org/node-purpose": "core" - }, - }, - ] + [ - ng + { - namePrefix: "nb", - availabilityZones: [nodeAz], - minSize: 0, - maxSize: 500, - instanceType: n.instanceType, - ssh: { - publicKeyPath: 'ssh-keys/carbonplan.key.pub' - }, - labels+: { - "hub.jupyter.org/node-purpose": "user", - "k8s.dask.org/node-purpose": "scheduler" - }, - taints+: { - "hub.jupyter.org_dedicated": "user:NoSchedule", - "hub.jupyter.org/dedicated": "user:NoSchedule" - }, - - } + n for n in notebookNodes - ] + [ - ng + { - namePrefix: "dask", - availabilityZones: [nodeAz], - minSize: 0, - maxSize: 500, - ssh: { - publicKeyPath: 'ssh-keys/carbonplan.key.pub' - }, - labels+: { - "k8s.dask.org/node-purpose": "worker" - }, - taints+: { - "k8s.dask.org_dedicated" : "worker:NoSchedule", - "k8s.dask.org/dedicated" : "worker:NoSchedule" - }, - instancesDistribution+: { - onDemandBaseCapacity: 0, - onDemandPercentageAboveBaseCapacity: 0, - spotAllocationStrategy: "capacity-optimized", - }, - } + n for n in daskNodes - ] - - -} diff --git a/eksctl/ssh-keys/carbonplan.key.pub b/eksctl/ssh-keys/carbonplan.key.pub deleted file mode 100644 index c4812018f2..0000000000 --- a/eksctl/ssh-keys/carbonplan.key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaDc3nWE5ndKpmeIg1vbYnCmG4UZ/ZYMKXAdKaVy/p0EHec99o2WqqoqIjgJzeZBGSC/v57igWWbxjlvtnAMbd1M7JXvz1RTjzsw2ankBCq96UOklQoOR341ekxt/Zomp8TC+J7neXYHdSzQ280HNHQpX0MhwxsHLTs49kYOmauiW4uiXuTgRL5nvCeHzeIXFvhLuC9QmeQpaFoPgJrHS5AGER5C7fcRdybyMVfm/EDvc27c9S6NYZ98fcjyR9fmIeOB+krNWlB3UIQG1IwxR1Yhy9f/c8R2RCg63aWFMgGbF70MHGi9m3ntFkq9HMPoEHzLDB20vd/9Om+vIqq9nykBYiS1tjzGKv/jbvr7d6c81POv6UgMaVcDZYnAx/AHv4zzS0KDtnNLd/OAk2r1Ov9v104J7U17WjNBJjNMxtMe8skj/JqXPJJ/6FDI3/7S+zKX1tszMqi+XD/jUAisiZh/VvarJGzkyI09JyC6M6w507/HBjzuMePFtroeCf270= yuvipanda@do-the-work.local diff --git a/eksctl/ssh-keys/secret/carbonplan.key b/eksctl/ssh-keys/secret/carbonplan.key deleted file mode 100644 index b28bb3855c..0000000000 --- a/eksctl/ssh-keys/secret/carbonplan.key +++ /dev/null @@ -1,21 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:BZazQGKXm86j1Pb/RRhmGdJGSoUUed7GY6Fo6xrZEh73qyNS13IJop9eGmeMI7UsuOCwPungwW++pJX7MDQ5wa4ol9E4m/+1FoO56paLwGnCexsx0no9s+3y9UZVN4TCXkd3ISaq92FdUc2FKuLkUiKMOC78uYtaSDyIOWOpba0MxbLdScITbSBGwmP+nEoWt52wGokqrPMGKre9WMpRaUycPSB+rL0A13rnH/nwYdQhRHEWmCIulPAMNe5aeYUQ/NMPJaoxGhL7A7TmeFcX7nWedymRn/WGTS3AIo8iPXQkBe7lurPQrS1pzP5lG6IX6pNJ3STbHYRkWl+xTaoBjH29r5+VPuHsBfMr1jwW8j3dCqOB/oODbz0cSW7qlb0sLNgJ+JuCyCBFJNzie6pBHORLjhhv1ifhMCuLXs0Fk5TJVnh7ODwWaRUuD1DgGz2XnOOiWOW1hIb2hqt0dojEbgSC2iPuUi1bCu5UnNZ8XgD27A5xKwRasYtCJuRJjJ+WGiQnzSNSTW4A/qJ6tPk8oVLgxYvGlmgot6KtCSIOsc9EbrYIrBKXZIl34B/X954F/1HkIi1qTtho3c6QSyvXB1pmjEBg7Trl5gbqGQ3aFLqKu4Li1Uv3wo5P1yKubfwI7gz7OMwRKl+x0VGQcL+isYugcwu//ABPYWgiyXx/UEW7rMxsWQS9OHXBCig97g+4+JZH+VeJimov6qOmCTGzpJh7ubkbYhw/OnvNZC5jRX75372RsYp00iMb9kH/txEQit+d/2T+9Sck4nVE+iOyQuyeHzAo2uNG5MQQM3V3WbppZ7ITRzIv6Zve26+HtdZj+ukle+NpmFPnwe1kAt5q+d769wI0q0G/lU0S3HFSGMEIBTm9cDBDg9lxRHEGLylAgvfpBYwJGRW3mF0BmgmxAUygA9w6YzFuEWd4S/jj4aWqkDEXK0VpdosaamxmfVVIU7crq/gI9i1bjW/GdEGjruh5eqiQCscXPfOziV6bD9sliXAETE4ViMW2sLNK/0jdq0n2GAT0rtGnL86OJ7unaTAMnpjQT9JpriYByAEqzwyYwBmIzexCfvIiX+Q3XWCPpXFoArOmpfM8bNfui8j3BGTy96hk4Bn54s2r+JdK0TLxPaKBlG9YHyhhbW5speZjqhhqQk1trTJKTnQrTDWb2zeT8U2KFP71ErU3IPxgK1oy2unBealNPV9ozAXzW6xliCd0ZBoJCrROrWNxeI9Wtpta0ZgyRLHjs7vZduzNdEDsQ3+O+XNhIHJd1Yb4RwoKaA4aedk82Yy3smxCYvxcwMMTx4b27L/xcAWBxMzzLE/rUeJ+YIn8IllaEWHv7ud5DjBjvv2MIL8GWDOykH982HtSYuvs6NnZ0K5kc+As0AUAuFoAGwsW/PSxCXRNHlFTOXnQ//zLKYL+s6X5pGCbKWjRGXoo/jd+mhJyy2/UKPbAc2q+aGEAliZjvWH9BWX8WSEKCa1Far3kZMOB01WLu5oDXSCbuqCoV882u7mhcvoAsxccm7MXuQUBlohP6DLamW4Le6wzy2zXGo9QnfcNsHhminp0gJW1WknCUR4BoZnRo0CzVDdOXbVazYQGTI0x2FzQWDievape27ccbOeLMI4PjMf2m/LlLLgCAXp3Emrzf1DfhUc/s0I8XAM3HmuUWeFGyZkjJlXomGowtbyCKoAxqiy7VRMDkHYo87s48uvruJIJQdKwpv8WPJmd0xprCE6eAK+LkqkoTTfOBPpOoUwEkUC8DgQH7g2JJv6aryFcxM7vw4m7hniRM0v2yXhSPCpQ0ThQ2oY8SHc0R3afyfOd5958PpRZl4wixOIp2p9TVR8HhQ3KpNbIAY+t2ft3EMpDHFI0SBWw+Ns2dgxJEo3/xGYUndb/88CR9WRITO+xLsBkYOmsXZihXe2XG4RDQ5iYCcVVfrqz6yMy9rWqEaSwEgiZq/9Y/b7dvCs9soLl0PMfkDlm7thiTGh1Bq+7LwJRvaufJTO2LyJqHxiITppazzm12FW0x7DACcBbyQRNhpbIwUUOdoVgjRiknGHmP/J8KrxEq9WuDQLdMt9quXCli5aTtYNkY+Ja1mxLe/WjLIorCyYfzravveDZbcP4TVJkjrLIWrcIz88JEf1HWRU1erhMHnAQ63aRgRzk6Ztle6f9TF4XfnM14GnmhBeWV55HQLsFcpq34OR5AsH4+fbAHv6Vc6vbDlTBZkU0g3IJTq/YYnOqDBLOjy0ifxI1/TEkAXtcKevhCsOqZVfCKO+pUkmnGg++5VI4dsS+h2/7KHpj0SFYmbdggDnTiRlVAU4/mbpLcSTX6+KYBlfAydawDBita6fzFKX+dHeMOBdRgCrEXfsf5xgRk2u5B0JppdbrJXCJ7J+b+TM4y8P7Mr6USKxFH3tGEWEETbA1/hz0QcUf+Gvk+lNB/RN9FGmPNt59GvSTGWALeUKLCclbzmmu0UnOeW5BZteFIaRpJ6Mya9ATvbjKyX8J3hb20Db00MTKLc7EoD8iQ9qQO6kDbhHDzpHFDfs/ytSN47G637xrIOFO064uB2N3Y5mGFp5NjETgrjemGjRqrzBGwIzsxciGgLjSlG2FWTXBLP8rh/ROXKGhDvJ/qkTIwX55RAzg2e/UpK8isaPJwQTa0B2ef8obMiwib5jnH0y0p3iVCv7mEMKTQF1vI5hV8wi+l8FhjDN8IcLQFFxOxXK0rQuK8EsEzk57UGW2s8mKwmUClpq6rxOQ+VokDzDm2MeDuD9ZA+u7rv7d+QJu59NGvfDHOx21HSZS4r8UsEO45LBy27saQgFY1b100Q8j4G641xAip1uTY98hi2fIyQi79p1NZ6hVB/ia65xb728uOzI2VvBjiOphbGTawVQBSqDtpbOjc4Fo8Xrw2xlqaQPsRDnn6baMWCXfFt4+lgMI8D75lQtQ/stV7ZRZOM+qUI7Qf/k5gjIKT0LcjGGFLRRrbg4GiTbnGR8H10PiYTFyTAfYhaQFN9VKfVY50ulCJlI2QC8uJy5o40R3Ye6jJFYu7mjOWNJF7eY51FkexiTmvVt9SerR4UqqcM7qE++IpI+xu2qCmY8TA08SiZ0qfKBT/VrcBlRC3gYQvaEVSX+GZlKUfzXn++pY/SeSReOpf2TRy01/vZwlOe+9yDBX8GSw7KKxCW5qGFUSWUSBM8D1mjsTM74kWw7LAlLJnpIRXxns7GmwRiGyhSo5R8gyZg0tiNDuegazCW0JOLUJRX4bL4HDOdTCMvjK1dPe0oCqG0AG25v9TWWfp1Vnm5EDcdUVFQAyIu+w5wy68NPt5RIsKQPGK2gcP46btKR/janEwmPvh+Bzwm/onPOLFAMhqiPU0kD7tvOW7tpZgo1kbaZzz3n6X5mPevhffHIj9QMor66Kb0x24+6h9KdwHDvJ9aAsS9VO8qnUVJWuPoA2eHWS+4rxaHFSCVDlOGLqmdhzd4nt5btHB/DcBzOJssQJHqVV+jyHa6TGouONaDVPTFSFfq6D,iv:6L89V9Nycfneb4bU0nCvA0i+qxy9JMqwRIr/H5T3PQ4=,tag:yCmxcl0ZwMLQ0zU0CmZ6FA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2021-07-27T12:23:33Z", - "enc": "CiQA4OM7eICUZva/D+yx43fQXwFmI54mOdn4+aT3TdnTqIWaI9USSQB6TpsYaJh4GNAW1aI3J+N9fokpWYybO8SUIQRebDpmNUpeMh+xqQG2lRnpjnGt/2D2JGnMzUn076Nd/0CIUSlVoq5/W57jsk8=" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2021-07-27T12:23:34Z", - "mac": "ENC[AES256_GCM,data:8KbxNB7+PYDE79iHXrw7aLvt3DE07MMRhAqhrbdNeKAVE+iMpQyxk4twjG/hEJSYXq3Q17VjIJNqDtFF4EE+/cveOH4A9yNtXlne0mEacFuRD2Av4GHUt7i1EjFNyXiPhirUovu1RiG9pcIKu5zkOhMOMk2lYv6l4i2GVmxDjLQ=,iv:WMM/f3kGv6gdoxwiPMPs2/8VHYDfkmZSp8hgZ+hnOzo=,tag:KfQa2YWEzDRJPHc9oqXyIA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/terraform/aws/projects/carbonplan.tfvars b/terraform/aws/projects/carbonplan.tfvars deleted file mode 100644 index 92a788373e..0000000000 --- a/terraform/aws/projects/carbonplan.tfvars +++ /dev/null @@ -1,5 +0,0 @@ -region = "us-west-2" - -cluster_name = "carbonplanhub" - -cluster_nodes_location = "us-west-2a" \ No newline at end of file From 7b4d3a390974eb0163fceb74fbd0695b65876e15 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 21 Dec 2023 15:27:49 -0800 Subject: [PATCH 196/494] utoronto: Setup new image on the staging hub for utoronto Brings in https://github.com/2i2c-org/utoronto-image/pull/54 Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/default-staging.values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/clusters/utoronto/default-staging.values.yaml b/config/clusters/utoronto/default-staging.values.yaml index 4f4d03f523..632a1ac651 100644 --- a/config/clusters/utoronto/default-staging.values.yaml +++ b/config/clusters/utoronto/default-staging.values.yaml @@ -7,6 +7,9 @@ jupyterhub: custom: homepage: gitRepoBranch: "utoronto-staging" + singleuser: + image: + tag: "178819e05792" hub: config: CILogonOAuthenticator: From cd1eec4d79785e8207bac3f96df934cc0e3f94e3 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 21 Dec 2023 21:58:00 -0800 Subject: [PATCH 197/494] Bump utoronto staging hub again Brings in https://github.com/2i2c-org/utoronto-image/pull/55 and https://github.com/2i2c-org/utoronto-image/pull/57 Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/default-staging.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/utoronto/default-staging.values.yaml b/config/clusters/utoronto/default-staging.values.yaml index 632a1ac651..f64a6a5a57 100644 --- a/config/clusters/utoronto/default-staging.values.yaml +++ b/config/clusters/utoronto/default-staging.values.yaml @@ -9,7 +9,7 @@ jupyterhub: gitRepoBranch: "utoronto-staging" singleuser: image: - tag: "178819e05792" + tag: "6d72913197bf" hub: config: CILogonOAuthenticator: From d1877fd16ed040d81fc6686f2b47d50de4e11ebd Mon Sep 17 00:00:00 2001 From: sean-morris Date: Fri, 22 Dec 2023 12:05:17 -0800 Subject: [PATCH 198/494] [cloudbank] Sierra College Add --- config/clusters/cloudbank/cluster.yaml | 8 ++++ .../cloudbank/enc-sierra.secret.values.yaml | 20 +++++++++ config/clusters/cloudbank/sierra.values.yaml | 41 +++++++++++++++++++ 3 files changed, 69 insertions(+) create mode 100644 config/clusters/cloudbank/enc-sierra.secret.values.yaml create mode 100644 config/clusters/cloudbank/sierra.values.yaml diff --git a/config/clusters/cloudbank/cluster.yaml b/config/clusters/cloudbank/cluster.yaml index ce54894940..27fef824cb 100644 --- a/config/clusters/cloudbank/cluster.yaml +++ b/config/clusters/cloudbank/cluster.yaml @@ -252,6 +252,14 @@ hubs: - common.values.yaml - sjsu.values.yaml - enc-sjsu.secret.values.yaml + - name: sierra + display_name: "Sierra College" + domain: sierra.cloudbank.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - sierra.values.yaml + - enc-sierra.secret.values.yaml - name: tuskegee display_name: "Tuskegee University" domain: tuskegee.cloudbank.2i2c.cloud diff --git a/config/clusters/cloudbank/enc-sierra.secret.values.yaml b/config/clusters/cloudbank/enc-sierra.secret.values.yaml new file mode 100644 index 0000000000..b8a3004085 --- /dev/null +++ b/config/clusters/cloudbank/enc-sierra.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:YJCpPGFieYPsaFBl4YjCkjwUGHAmxrCA7ibmFX53R/r1kN+yfRPv+hJ4c9vsmM/doyEl,iv:QVlOXcJwj3Wdb3svXwUc9UeTlut8f1hvjECqf4499KI=,tag:VhnrApHE3AshNkKLnLIqWw==,type:str] + client_secret: ENC[AES256_GCM,data:gdSWRLa/StuMCMSBwGF79IAQhrnirGThyOFxh6wy+kAt27fzs+cKld5ZMpL0H1mf8hlmuoDT2Au0IATRh9uUZkqutcR2/+CspGgVD14CBvGg4iQrHJ0=,iv:twKvcD4r2o2zbyWoByVO1baXwFeQnngqTh+K/AwOQWQ=,tag:h1AccpEwqJyDdPBUnLJn3g==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-22T20:04:42Z" + enc: CiUA4OM7ePnDI0A5NbFxRRjxik9gy9ISl82CWHIrs52fCTx5vatMEkkAjTWv+vnQhmSUx63lKMTiV1XZiVWJnRd/4fxUOoQPw7MlDFjeKWmWDlOKrVxSPWNKQuWgzkheEwug0B8mPMlQRP/s4Zchm6hi + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-22T20:04:43Z" + mac: ENC[AES256_GCM,data:V+wofuiVTTJmZI6eEaJdAqbPW3yxnhQW3Cs16Phco/CgKOLLGgchAhNG6b5Gn+fUCnm8q1MxYVikc36zVFXGyXITgVekqCFzYOI+eoO32fuJgcNMwGdmdNFRV9LPok4e4OGHlLyVEJWZNVtynH9vifm4sEP0w8frnoqy8/VEwMQ=,iv:yK58WzF4ECKCbqafx9Tdax15hlCrNvQ8MsYCu1MXaw0=,tag:chtw7Fl1M+P60okt1eWVrg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/config/clusters/cloudbank/sierra.values.yaml b/config/clusters/cloudbank/sierra.values.yaml new file mode 100644 index 0000000000..a080426986 --- /dev/null +++ b/config/clusters/cloudbank/sierra.values.yaml @@ -0,0 +1,41 @@ +jupyterhub: + ingress: + hosts: [sierra.cloudbank.2i2c.cloud] + tls: + - hosts: [sierra.cloudbank.2i2c.cloud] + secretName: https-auto-tls + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "google" + homepage: + templateVars: + org: + name: Sierra College + logo_url: https://www.sierracollege.edu/wp-content/uploads/2022/03/sierra-logo-main-1.png + url: https://www.sierracollege.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: https://sierra.cloudbank.2i2c.cloud/hub/oauth_callback + allowed_idps: + http://google.com/accounts/o8/id: + username_derivation: + username_claim: "email" + Authenticator: + admin_users: + - profninh@gmail.com + - ericvd@berkeley.edu + - k_usovich@berkeley.edu + - sean.smorris@berkeley.edu From ff62b0905f07ce3571de88bfa401b09d95b6f112 Mon Sep 17 00:00:00 2001 From: sean-morris Date: Fri, 22 Dec 2023 12:05:17 -0800 Subject: [PATCH 199/494] [cloudbank] Sierra College Add --- .../clusters/cloudbank/enc-sierra.secret.values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/clusters/cloudbank/enc-sierra.secret.values.yaml b/config/clusters/cloudbank/enc-sierra.secret.values.yaml index b8a3004085..de2d4b64f5 100644 --- a/config/clusters/cloudbank/enc-sierra.secret.values.yaml +++ b/config/clusters/cloudbank/enc-sierra.secret.values.yaml @@ -2,19 +2,19 @@ jupyterhub: hub: config: CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:YJCpPGFieYPsaFBl4YjCkjwUGHAmxrCA7ibmFX53R/r1kN+yfRPv+hJ4c9vsmM/doyEl,iv:QVlOXcJwj3Wdb3svXwUc9UeTlut8f1hvjECqf4499KI=,tag:VhnrApHE3AshNkKLnLIqWw==,type:str] - client_secret: ENC[AES256_GCM,data:gdSWRLa/StuMCMSBwGF79IAQhrnirGThyOFxh6wy+kAt27fzs+cKld5ZMpL0H1mf8hlmuoDT2Au0IATRh9uUZkqutcR2/+CspGgVD14CBvGg4iQrHJ0=,iv:twKvcD4r2o2zbyWoByVO1baXwFeQnngqTh+K/AwOQWQ=,tag:h1AccpEwqJyDdPBUnLJn3g==,type:str] + client_id: ENC[AES256_GCM,data:dHWG82zStFTnGZ4uOfbaJn3asSA+NRZan3xq2jVDsWhZ8k9nCo2+yP1hLbb9ti90XVa+,iv:7mV5dGwZJ5v3ss37R7k9rLyUEkN2gyofPANKJR6JWBk=,tag:zklHAsa99+YEziJCoZknig==,type:str] + client_secret: ENC[AES256_GCM,data:eWX6yAJVa38C4Xn3Yug3If1souFZu/45gMMmMog6OuwWk2SO3CH2I19TT95z0j+WodxMqs6fsFCkHyb36M0pOXUv3VluG4HXEvGR+EMalUotXntqHNM=,iv:UhC42iAakPMAgxRY/q71Y17fhzQ/vcYhNzAkTIzjrJU=,tag:CPPcMsNzaooDiAbbvxrB3g==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-12-22T20:04:42Z" - enc: CiUA4OM7ePnDI0A5NbFxRRjxik9gy9ISl82CWHIrs52fCTx5vatMEkkAjTWv+vnQhmSUx63lKMTiV1XZiVWJnRd/4fxUOoQPw7MlDFjeKWmWDlOKrVxSPWNKQuWgzkheEwug0B8mPMlQRP/s4Zchm6hi + created_at: "2023-12-22T20:45:30Z" + enc: CiUA4OM7eNNNjrMpC5Hrqfk2yXbHf9IEXJmM9MhL0xXAKLZRL7tDEkkAjTWv+nmfKRPkxA5KdiTEWEJx0o9aAKEh6k2lkI7Ym+kupaTeSwQmtadCyBAm0zhp9/Bq+DTzrAhFYbuwXCd0lWwWj7+Ln2Sn azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-12-22T20:04:43Z" - mac: ENC[AES256_GCM,data:V+wofuiVTTJmZI6eEaJdAqbPW3yxnhQW3Cs16Phco/CgKOLLGgchAhNG6b5Gn+fUCnm8q1MxYVikc36zVFXGyXITgVekqCFzYOI+eoO32fuJgcNMwGdmdNFRV9LPok4e4OGHlLyVEJWZNVtynH9vifm4sEP0w8frnoqy8/VEwMQ=,iv:yK58WzF4ECKCbqafx9Tdax15hlCrNvQ8MsYCu1MXaw0=,tag:chtw7Fl1M+P60okt1eWVrg==,type:str] + lastmodified: "2023-12-22T20:45:31Z" + mac: ENC[AES256_GCM,data:Q4G7F+1ElsQBsEWAlJo4PbYExLkYiJ59T0B1lt5H1neA3HFvpYWCEPMgM13i3zOYzdLwb7+5F0GUcBURpMj1N7G1Whf/J9Jj4QOpHhcAR2rGGuNna1kfj0VBQ/+SbQXC4/ccOCgcyK+NQ9oH7/CHWjAZRvHVOoXRN7fPNHT1XDE=,iv:qFRe9SfzlhfmJidjJPB3opg+ZGA7xhz3peKl4iz6x8U=,tag:7NQIm91KsqtSfGf0Mm/wXA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1 From dada11fb8147fa824ee6ee7beaaa9d7349a2d422 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 27 Dec 2023 15:04:34 -0800 Subject: [PATCH 200/494] Bump utoronto staging image again Brings in https://github.com/2i2c-org/utoronto-image/pull/58, so we no longer have to use the older notebook server. Fixes https://github.com/2i2c-org/infrastructure/issues/2380 Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/default-common.values.yaml | 5 ----- config/clusters/utoronto/default-prod.values.yaml | 8 ++++++++ config/clusters/utoronto/default-staging.values.yaml | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/config/clusters/utoronto/default-common.values.yaml b/config/clusters/utoronto/default-common.values.yaml index 77e3ad7d5f..d6824dcc8e 100644 --- a/config/clusters/utoronto/default-common.values.yaml +++ b/config/clusters/utoronto/default-common.values.yaml @@ -1,10 +1,5 @@ jupyterhub: singleuser: - extraEnv: - # Required to get jupyter-contrib-nbextensions to work - # See https://github.com/2i2c-org/infrastructure/issues/2380 - # Upstream issue at https://github.com/Jupyter-contrib/jupyter_nbextensions_configurator/issues/153 - JUPYTERHUB_SINGLEUSER_APP: "notebook.notebookapp.NotebookApp" image: name: quay.io/2i2c/utoronto-image tag: "736072886c54" diff --git a/config/clusters/utoronto/default-prod.values.yaml b/config/clusters/utoronto/default-prod.values.yaml index 279893d2a3..3410ca3531 100644 --- a/config/clusters/utoronto/default-prod.values.yaml +++ b/config/clusters/utoronto/default-prod.values.yaml @@ -1,4 +1,12 @@ jupyterhub: + singleuser: + extraEnv: + # Required to get jupyter-contrib-nbextensions to work, until + # https://github.com/2i2c-org/utoronto-image/pull/58 can land. An image + # including that is already in the staging hub, but not in the prod + # hub. This config can be removed when we promote that image to + # production. + JUPYTERHUB_SINGLEUSER_APP: "notebook.notebookapp.NotebookApp" ingress: hosts: [jupyter.utoronto.ca] tls: diff --git a/config/clusters/utoronto/default-staging.values.yaml b/config/clusters/utoronto/default-staging.values.yaml index f64a6a5a57..9c6466b20a 100644 --- a/config/clusters/utoronto/default-staging.values.yaml +++ b/config/clusters/utoronto/default-staging.values.yaml @@ -9,7 +9,7 @@ jupyterhub: gitRepoBranch: "utoronto-staging" singleuser: image: - tag: "6d72913197bf" + tag: "14320bae73a0" hub: config: CILogonOAuthenticator: From 41ea644cead23987f2f7b1388dec921175b2a433 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 27 Dec 2023 15:42:42 -0800 Subject: [PATCH 201/494] utoronto: Bump storage size I just checked, and we were *almost full* --- terraform/azure/projects/utoronto.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index bc5c0323ec..2e360a0dcd 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -5,7 +5,7 @@ resourcegroup_name = "2i2c-utoronto-cluster" kubernetes_version = "1.26.3" -storage_size = 6144 +storage_size = 8192 ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQJ4h39UYNi1wybxAH+jCFkNK2aqRcuhDkQSMx0Hak5xkbt3KnT3cOwAgUP1Vt/SjhltSTuxpOHxiAKCRnjwRk60SxKhUNzPHih2nkfYTmBBjmLfdepDPSke/E0VWvTDIEXz/L8vW8aI0QGPXnXyqzEDO9+U1buheBlxB0diFAD3vEp2SqBOw+z7UgrGxXPdP+2b3AV+X6sOtd6uSzpV8Qvdh+QAkd4r7h9JrkFvkrUzNFAGMjlTb0Lz7qAlo4ynjEwzVN2I1i7cVDKgsGz9ZG/8yZfXXx+INr9jYtYogNZ63ajKR/dfjNPovydhuz5zQvQyxpokJNsTqt1CiWEUNj georgiana@georgiana" From 8f5bb88a468b4c9c1efde7fedf30105cd1336298 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 29 Dec 2023 12:58:32 -0800 Subject: [PATCH 202/494] utoronto: Bump image for R staging hub Brings in https://github.com/2i2c-org/utoronto-r-image/pull/13, https://github.com/2i2c-org/utoronto-r-image/pull/14 and https://github.com/2i2c-org/utoronto-r-image/pull/15. Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/r-staging.values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/clusters/utoronto/r-staging.values.yaml b/config/clusters/utoronto/r-staging.values.yaml index 97c3b40832..91f97f277b 100644 --- a/config/clusters/utoronto/r-staging.values.yaml +++ b/config/clusters/utoronto/r-staging.values.yaml @@ -4,6 +4,9 @@ jupyterhub: tls: - hosts: [r-staging.datatools.utoronto.ca] secretName: https-auto-tls + singleuser: + image: + tag: "36c17e91963a" hub: db: pvc: From f25ce0a5abfe78ae258fce0d440f3c4f1ce6a916 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 00:10:02 +0000 Subject: [PATCH 203/494] Bump charts ['binderhub'] to versions ['1.0.0-0.dev.git.3361.h6ba80cf'], respectively --- helm-charts/binderhub/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/binderhub/Chart.yaml b/helm-charts/binderhub/Chart.yaml index 49db09aa2f..d479e13496 100644 --- a/helm-charts/binderhub/Chart.yaml +++ b/helm-charts/binderhub/Chart.yaml @@ -5,7 +5,7 @@ name: binderhub version: "0.1.0" dependencies: - name: binderhub - version: "1.0.0-0.dev.git.3351.hbaf39b3" + version: "1.0.0-0.dev.git.3361.h6ba80cf" repository: "https://jupyterhub.github.io/helm-chart/" - name: dask-gateway version: "2023.1.0" From a10ef238b83810475758f89b1b53453ddc6ea414 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 00:10:09 +0000 Subject: [PATCH 204/494] Bump charts ['prometheus', 'grafana', 'ingress-nginx', 'cluster-autoscaler', 'cryptnono'] to versions ['25.8.2', '7.0.19', '4.9.0', '9.34.1', '0.3.1-0.dev.git.107.heb504bc'], respectively --- helm-charts/support/Chart.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 1e2112cfb1..53747ba508 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -15,13 +15,13 @@ dependencies: - name: prometheus # NOTE: CHECK INSTRUCTIONS UNDER prometheus.server.command IN support/values.yaml # EACH TIME THIS VERSION IS BUMPED! - version: 25.8.1 + version: 25.8.2 repository: https://prometheus-community.github.io/helm-charts # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 7.0.11 + version: 7.0.19 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from @@ -29,19 +29,19 @@ dependencies: # that references this controller. # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx - name: ingress-nginx - version: 4.8.4 + version: 4.9.0 repository: https://kubernetes.github.io/ingress-nginx # cluster-autoscaler for k8s clusters where it doesn't come out of the box (EKS) # https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler - name: cluster-autoscaler - version: 9.34.0 + version: 9.34.1 repository: https://kubernetes.github.io/autoscaler condition: cluster-autoscaler.enabled # cryptnono, counters crypto mining # Source code: https://github.com/yuvipanda/cryptnono/ - name: cryptnono - version: "0.3.1-0.dev.git.90.h35abda8" + version: "0.3.1-0.dev.git.107.heb504bc" repository: https://yuvipanda.github.io/cryptnono/ condition: cryptnono.enabled From 6c456dcfab0bcdb4363c42d28ed7cdbf516153dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 01:39:12 +0000 Subject: [PATCH 205/494] Bump actions/setup-python from 4 to 5 in /.github/actions/setup-deploy Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/setup-deploy/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml index 7da8ff1a96..2b1c6c2fe9 100644 --- a/.github/actions/setup-deploy/action.yaml +++ b/.github/actions/setup-deploy/action.yaml @@ -46,7 +46,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.9" From d8815a1ee00c38411adbb1dc233d2fe24fe3deaf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 01:40:45 +0000 Subject: [PATCH 206/494] Bump chuhlomin/render-template from 1.8 to 1.9 Bumps [chuhlomin/render-template](https://github.com/chuhlomin/render-template) from 1.8 to 1.9. - [Release notes](https://github.com/chuhlomin/render-template/releases) - [Commits](https://github.com/chuhlomin/render-template/compare/v1.8...v1.9) --- updated-dependencies: - dependency-name: chuhlomin/render-template dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/comment-pending-deployment-info.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/comment-pending-deployment-info.yaml b/.github/workflows/comment-pending-deployment-info.yaml index 83911e29f6..f28c4bf490 100644 --- a/.github/workflows/comment-pending-deployment-info.yaml +++ b/.github/workflows/comment-pending-deployment-info.yaml @@ -47,7 +47,7 @@ jobs: print(f"community_rep={community_rep}", file=f) - name: Render comment template using information from the `find-missing-info` step before id: template - uses: chuhlomin/render-template@v1.8 + uses: chuhlomin/render-template@v1.9 with: template: .github/comment-templates/comment-pending-deployment-info.md vars: | From 91bba3f2a6f06f52f3d0613dd1859bacb748fb6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 01:40:49 +0000 Subject: [PATCH 207/494] Bump actions/setup-python from 4 to 5 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy-grafana-dashboards.yaml | 2 +- .github/workflows/deploy-hubs.yaml | 2 +- .github/workflows/test-deployer-code.yaml | 2 +- .github/workflows/validate-clusters.yaml | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 58728a372c..208772c51d 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -40,7 +40,7 @@ jobs: - name: Checkout repo uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.9" diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 7290b609d1..ffeea0f5db 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -73,7 +73,7 @@ jobs: uses: actions/checkout@v4 - name: Install Python 3.9 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.9" diff --git a/.github/workflows/test-deployer-code.yaml b/.github/workflows/test-deployer-code.yaml index e2582e8596..96ab2aaae7 100644 --- a/.github/workflows/test-deployer-code.yaml +++ b/.github/workflows/test-deployer-code.yaml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.9" - name: Install dependencies diff --git a/.github/workflows/validate-clusters.yaml b/.github/workflows/validate-clusters.yaml index 8700e95953..909e019e0e 100644 --- a/.github/workflows/validate-clusters.yaml +++ b/.github/workflows/validate-clusters.yaml @@ -77,7 +77,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.10" @@ -202,7 +202,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.10" From 14dacf024b1bbc589a4921f5127a04a14eb629a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 01:40:53 +0000 Subject: [PATCH 208/494] Bump actions/upload-artifact from 3.1.0 to 4.0.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 4.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...v4.0.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy-hubs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 7290b609d1..7d3e94b228 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -136,7 +136,7 @@ jobs: github.event_name == 'pull_request' && (env.support-and-staging-matrix-jobs != '[]' || env.prod-hub-matrix-jobs != '[]') - uses: actions/upload-artifact@v3.1.0 + uses: actions/upload-artifact@v4.0.0 with: name: pr path: | From 9f2212f9f97df733beada9323ca949ed2b639a98 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 18:31:09 +0000 Subject: [PATCH 209/494] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v3.0.3 → v4.0.0-alpha.8](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.3...v4.0.0-alpha.8) - [github.com/pycqa/isort: 5.12.0 → 5.13.2](https://github.com/pycqa/isort/compare/5.12.0...5.13.2) - [github.com/psf/black: 23.11.0 → 23.12.1](https://github.com/psf/black/compare/23.11.0...23.12.1) --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6ce976d767..262f5bbb51 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: markdown, yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.3 + rev: v4.0.0-alpha.8 hooks: - id: prettier @@ -25,13 +25,13 @@ repos: # Autoformat: Python code - repo: https://github.com/pycqa/isort - rev: "5.12.0" + rev: "5.13.2" hooks: - id: isort # Autoformat: Python code - repo: https://github.com/psf/black - rev: "23.11.0" + rev: "23.12.1" hooks: - id: black From a021228be36bbb4ece446ec641d7f3575e49f21d Mon Sep 17 00:00:00 2001 From: Angus Hollands Date: Tue, 2 Jan 2024 11:31:52 +0000 Subject: [PATCH 210/494] maint: group dependabot updates --- .github/dependabot.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index ae0c68b5ed..dbbd15fda9 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -31,6 +31,12 @@ updates: schedule: # Check for updates once a week. By default, this check happens on a Monday. interval: "monthly" + groups: + # Group all GHA updates together (to avoid desync in related actions e.g. upload-artifact, download-artifact) + # ref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups + actions: + patterns: + - "*" ignore: # Ignore patch upgrades to further reduce noise - update-types: ["version-update:semver-patch"] From b1dd869e4c6d8ac07ef86e50d7f0687065ced887 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 2 Jan 2024 11:28:38 -0800 Subject: [PATCH 211/494] Correct where the HHMI cloud costs go Follow-up to https://github.com/2i2c-org/infrastructure/pull/3429. As part of that, I had redirected where the HHMI (and all other projects') cloud costs go, and this updates the cluster.yaml to point to the correct place. --- config/clusters/hhmi/cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/hhmi/cluster.yaml b/config/clusters/hhmi/cluster.yaml index 7b67a6835d..dacadffa58 100644 --- a/config/clusters/hhmi/cluster.yaml +++ b/config/clusters/hhmi/cluster.yaml @@ -8,7 +8,7 @@ gcp: billing: paid_by_us: true bigquery: - project: hhmi + project: two-eye-two-see dataset: cloud_costs billing_id: 0157F7-E3EA8C-25AC3C support: From ab0f0095510174845f10f4e9b788232c10dedeec Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 2 Jan 2024 11:32:09 -0800 Subject: [PATCH 212/494] Stringify project id Sometimes it's actually an integer, and our rich text output does not like that and throws an error --- deployer/commands/generate/billing/outputers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployer/commands/generate/billing/outputers.py b/deployer/commands/generate/billing/outputers.py index f3fb6d6ca2..4158ec099c 100644 --- a/deployer/commands/generate/billing/outputers.py +++ b/deployer/commands/generate/billing/outputers.py @@ -83,7 +83,7 @@ def output_cost_table(output, google_sheet_url, rows): print(r) table.add_row( index.strftime("%Y-%m"), - r["project"], + str(r["project"]), str(round(float(r["total_with_credits"]), 2)), ) last_period = index From e9da67bf00b2c7609b0355bf928957cc2bed3d22 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 2 Jan 2024 14:47:48 -0800 Subject: [PATCH 213/494] Allow specifying an archival policy for buckets Only enables this for openscapes, which is using it as described in https://github.com/2i2c-org/infrastructure/issues/3562. --- docs/howto/features/buckets.md | 9 +++++++++ terraform/aws/buckets.tf | 12 ++++++++++++ terraform/aws/projects/openscapes.tfvars | 3 +++ terraform/aws/variables.tf | 17 +++++++++++++---- 4 files changed, 37 insertions(+), 4 deletions(-) diff --git a/docs/howto/features/buckets.md b/docs/howto/features/buckets.md index a94f36e147..c7150fb67d 100644 --- a/docs/howto/features/buckets.md +++ b/docs/howto/features/buckets.md @@ -15,6 +15,9 @@ on why users want this! }, "bucket2": { "delete_after": null + }, + "bucket3": { + "archival_storageclass_after": 3 } } ``` @@ -28,6 +31,12 @@ on why users want this! very helpful for 'scratch' buckets that are temporary. Set to `null` to prevent this cleaning up process from happening, e.g., if users want a persistent bucket. + `archival_storageclass_after` (available only for AWS currently) transitions objects + created in this bucket to a cheaper, slower archival class after the number of days + specified in this variable. This is helpful for archiving user home directories or similar + use cases, where data needs to be kept for a long time but rarely accessed. This should + not be used for frequently accessed or publicly accessible data. + 2. Enable access to these buckets from the hub or make them publicly accessible from outside by [editing `hub_cloud_permissions`](howto:features:cloud-access:access-perms) in the same `.tfvars` file. Follow all the steps listed there - this diff --git a/terraform/aws/buckets.tf b/terraform/aws/buckets.tf index 195a5083e1..b1f77afb24 100644 --- a/terraform/aws/buckets.tf +++ b/terraform/aws/buckets.tf @@ -16,6 +16,18 @@ resource "aws_s3_bucket_lifecycle_configuration" "user_bucket_expiry" { days = each.value.delete_after } } + + rule { + id = "archival-storageclass" + status = each.value.delete_after != null ? "Enabled" : "Disabled" + + transition { + # Transition this to much cheaper object storage after a few days + days = each.value.archival_storageclass_after + # Glacier Instant is fast enough while also being pretty cheap + storage_class = "GLACIER_IR" + } + } } locals { diff --git a/terraform/aws/projects/openscapes.tfvars b/terraform/aws/projects/openscapes.tfvars index 27c2207d82..80a1e287b2 100644 --- a/terraform/aws/projects/openscapes.tfvars +++ b/terraform/aws/projects/openscapes.tfvars @@ -11,6 +11,9 @@ user_buckets = { "scratch" : { "delete_after" : 7 }, + "prod-homedirs-archive" : { + "archival_storageclass_after" : 3 + } } diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index 7e2f27bd10..281374d1b5 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -20,7 +20,12 @@ variable "cluster_nodes_location" { } variable "user_buckets" { - type = map(object({ delete_after : number })) + type = map( + object({ + delete_after : optional(number, null), + archival_storageclass_after : optional(number, null) + }) + ) default = {} description = <<-EOT S3 Buckets to be created. @@ -28,9 +33,13 @@ variable "user_buckets" { The key for each entry will be prefixed with {var.prefix}- to form the name of the bucket. - The value is a map, with 'delete_after' the only accepted key in that - map - it lists the number of days after which any content in the - bucket will be deleted. Set to null to not delete data. + The value is a map, with the following accepted keys: + + 1. `delete_after` - number of days after *creation* an object in this + bucket will be automatically deleted. Set to null to not delete data. + 2. `archival_storageclass_after` - number of days after *creation* an + object in this bucket will be automatically transitioned to a cheaper, + slower storageclass for cost savings. Set to null to not transition. EOT } From 742663b1b240114ac77055618c734c50cf63f9b0 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 3 Jan 2024 11:47:11 -0800 Subject: [PATCH 214/494] Bump utoronto r image on staging Brings in https://github.com/2i2c-org/utoronto-r-image/pull/16 Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/r-staging.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/utoronto/r-staging.values.yaml b/config/clusters/utoronto/r-staging.values.yaml index 91f97f277b..4f75493ada 100644 --- a/config/clusters/utoronto/r-staging.values.yaml +++ b/config/clusters/utoronto/r-staging.values.yaml @@ -6,7 +6,7 @@ jupyterhub: secretName: https-auto-tls singleuser: image: - tag: "36c17e91963a" + tag: "b0f448387134" hub: db: pvc: From 0763ee8ab97cac2172f2d2e3da401cd631bd3890 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 3 Jan 2024 15:23:42 -0800 Subject: [PATCH 215/494] Use generated resource allocation options for veda hub While starting to work on https://github.com/2i2c-org/infrastructure/issues/3565, I realized that VEDA was still using the older style 'node share' rather than the generated 'resource allocation' options. I've swapped over the options to now be based on images for users to choose and resource allocation options generated by our resource allocation script. This matches openscapes, and there has generally been pretty big positive feedback on this mode. I've kept the initial cloning to only happen on the pangeo image as it currently exists, without making any changes. That should be cleaned up as part of https://github.com/2i2c-org/infrastructure/issues/3565 --- config/clusters/nasa-veda/common.values.yaml | 355 +++++++----------- .../instance_capacities.yaml | 4 +- 2 files changed, 141 insertions(+), 218 deletions(-) diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index e9c399bd96..e306d9d756 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -59,31 +59,146 @@ basehub: - wildintellect singleuser: defaultUrl: /lab - image: - name: public.ecr.aws/nasa-veda/nasa-veda-singleuser - # Based off pangeo/pangeo-notebook:2023.07.05 which uses JupyterLab <4, so jupyterlab-git and dask-dashboard work - # If updating this tag, also update it in the `profile_options.image.options.pangeo.kubespawner_override.image`below - tag: "5068290376e8c3151d97a36ae6485bb7ff79650b94aecc93ffb2ea1b42d76460" profileList: - # NOTE: About node sharing - # - # CPU/Memory requests/limits are actively considered still. This - # profile list is setup to involve node sharing as considered in - # https://github.com/2i2c-org/infrastructure/issues/2121. - # - # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB - # overhead for misc system pods, and transitioning from GB in - # description to GiB in mem_guarantee. - # - CPU requests are lower than the description, with a factor of - # 10%. - # - - display_name: "Small: up to 4 CPU / 32 GB RAM" - description: &profile_list_description "Start a container with at least a chosen share of capacity on a node of this type" - slug: small + - display_name: "Modified Pangeo Notebook" + slug: modified-pangeo + description: Pangeo based notebook with a Python environment default: true + kubespawner_override: + image: public.ecr.aws/nasa-veda/nasa-veda-singleuser:5068290376e8c3151d97a36ae6485bb7ff79650b94aecc93ffb2ea1b42d76460 + init_containers: + # Need to explicitly fix ownership here, as otherwise these directories will be owned + # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid + - name: volume-mount-ownership-fix + image: busybox:1.36.1 + command: + - sh + - -c + - id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + # mounted without readonly attribute here, + # so we can chown it appropriately + - name: home + mountPath: /home/jovyan/shared + subPath: _shared + # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods + # image source: https://github.com/NASA-IMPACT/veda-jh-environments/tree/main/docker-images/base/nasa-veda-singleuser-init + - name: nasa-veda-singleuser-init + image: public.ecr.aws/nasa-veda/nasa-veda-singleuser-init:38e8998f9be64b0a59ac6c4d6d152d3403121dfc4be6d49bdf52ddc92827af8a + command: + - "python3" + - "/opt/k8s-init-container-nb-docs.py" + - "/home/jovyan" + volumeMounts: + - name: home + mountPath: /home/jovyan + subPath: "{username}" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + profile_options: &profile_options + resource_allocation: + display_name: Resource Allocation + choices: + mem_1_9: + display_name: 1.9 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 1992701952 + mem_limit: 1992701952 + cpu_guarantee: 0.234375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_3_7: + display_name: 3.7 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 3985403904 + mem_limit: 3985403904 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_7_4: + display_name: 7.4 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 7970807808 + mem_limit: 7970807808 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 15941615616 + mem_limit: 15941615616 + cpu_guarantee: 1.875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.75 CPUs + kubespawner_override: + mem_guarantee: 31883231232 + mem_limit: 31883231232 + cpu_guarantee: 3.75 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_60_6: + display_name: 60.6 GB RAM, upto 15.72 CPUs + kubespawner_override: + mem_guarantee: 65105797120 + mem_limit: 65105797120 + cpu_guarantee: 7.86 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + mem_121_3: + display_name: 121.3 GB RAM, upto 15.72 CPUs + kubespawner_override: + mem_guarantee: 130211594240 + mem_limit: 130211594240 + cpu_guarantee: 15.72 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: "Rocker Geospatial with RStudio" + slug: rocker + description: R environment with many geospatial libraries pre-installed + kubespawner_override: + image: rocker/binder:4.3 + # Launch RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + profile_options: *profile_options + - display_name: "QGIS on Linux Desktop" + slug: qgis + description: Linux desktop in the browser, with qgis installed + kubespawner_override: + # Explicitly unset this - we set this to 'jupyterhub-singleuser' + # in basehub/values.yaml. We instead want to leave this unset, + # so the default command for the docker image is used instead. + # This is required for .desktop files to show up correctly. + cmd: null + # Launch people directly into the Linux desktop when they start + default_url: /desktop + # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 + image: "quay.io/jupyter-remote-desktop-proxy/qgis:2023-09-27" + profile_options: *profile_options + - display_name: "Bring your own image" + description: Specify your own docker image (must have python and jupyterhub installed in it) + slug: custom profile_options: - image: &image_options + image: display_name: Image unlisted_choice: enabled: True @@ -92,200 +207,8 @@ basehub: validation_message: "Must be a publicly available docker image, of form :" kubespawner_override: image: "{value}" - choices: - pangeo: - display_name: Modified Pangeo Notebook - default: true - slug: pangeo - kubespawner_override: - image: public.ecr.aws/nasa-veda/nasa-veda-singleuser:5068290376e8c3151d97a36ae6485bb7ff79650b94aecc93ffb2ea1b42d76460 - init_containers: - # Need to explicitly fix ownership here, as otherwise these directories will be owned - # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid - - name: volume-mount-ownership-fix - image: busybox:1.36.1 - command: - - sh - - -c - - id && chown 1000:1000 /home/jovyan /home/jovyan/shared && ls -lhd /home/jovyan - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - # mounted without readonly attribute here, - # so we can chown it appropriately - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods - # image source: https://github.com/NASA-IMPACT/veda-jh-environments/tree/main/docker-images/base/nasa-veda-singleuser-init - - name: nasa-veda-singleuser-init - image: public.ecr.aws/nasa-veda/nasa-veda-singleuser-init:38e8998f9be64b0a59ac6c4d6d152d3403121dfc4be6d49bdf52ddc92827af8a - command: - - "python3" - - "/opt/k8s-init-container-nb-docs.py" - - "/home/jovyan" - volumeMounts: - - name: home - mountPath: /home/jovyan - subPath: "{username}" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - qgis: - display_name: QGIS on Linux Desktop - slug: qgis - kubespawner_override: - # Explicitly unset this - we set this to 'jupyterhub-singleuser' - # in basehub/values.yaml. We instead want to leave this unset, - # so the default command for the docker image is used instead. - # This is required for .desktop files to show up correctly. - cmd: null - # Launch people directly into the Linux desktop when they start - default_url: /desktop - # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 - image: "quay.io/jupyter-remote-desktop-proxy/qgis:2023-09-27" - rocker: - display_name: Rocker Geospatial with RStudio - slug: rocker - kubespawner_override: - image: rocker/binder:4.3 - # Launch RStudio after the user logs in - default_url: /rstudio - # Ensures container working dir is homedir - # https://github.com/2i2c-org/infrastructure/issues/2559 - working_dir: /home/rstudio - init_containers: - # Need to explicitly fix ownership here, as otherwise these directories will be owned - # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid - - name: volume-mount-ownership-fix - image: busybox:1.36.1 - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/rstudio && ls -lhd /home/rstudio ", - ] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /home/rstudio - subPath: "{username}" - # this container uses nbgitpuller to mount https://github.com/NASA-IMPACT/veda-docs/ for user pods - # image source: https://github.com/NASA-IMPACT/veda-jh-environments/tree/main/docker-images/base/nasa-veda-singleuser-init - - name: nasa-veda-singleuser-init - image: public.ecr.aws/nasa-veda/nasa-veda-singleuser-init:38e8998f9be64b0a59ac6c4d6d152d3403121dfc4be6d49bdf52ddc92827af8a - command: - - "python3" - - "/opt/k8s-init-container-nb-docs.py" - - "/home/rstudio" - volumeMounts: - - name: home - mountPath: /home/rstudio - subPath: "{username}" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_1: - default: true - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.904G - cpu_guarantee: 0.013 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.809G - cpu_guarantee: 0.025 - mem_4: - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.617G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.234G - cpu_guarantee: 0.1 - mem_16: - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 14.469G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 28.937G - cpu_guarantee: 0.4 - kubespawner_override: - cpu_limit: null - mem_limit: null - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - - display_name: "Medium: up to 16 CPU / 128 GB RAM" - description: *profile_list_description - slug: medium - profile_options: - image: *image_options - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_1: - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.942G - cpu_guarantee: 0.013 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.883G - cpu_guarantee: 0.025 - mem_4: - default: true - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.766G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.532G - cpu_guarantee: 0.1 - mem_16: - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 15.064G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 30.128G - cpu_guarantee: 0.4 - mem_64: - display_name: ~64 GB, ~8.0 CPU - kubespawner_override: - mem_guarantee: 60.257G - cpu_guarantee: 0.8 - mem_128: - display_name: ~128 GB, ~16.0 CPU - kubespawner_override: - mem_guarantee: 120.513G - cpu_guarantee: 1.6 - kubespawner_override: - cpu_limit: null - mem_limit: null - node_selector: - node.kubernetes.io/instance-type: r5.4xlarge + choices: {} + scheduling: userScheduler: enabled: true diff --git a/deployer/commands/generate/resource_allocation/instance_capacities.yaml b/deployer/commands/generate/resource_allocation/instance_capacities.yaml index ebe5eef58e..5aaed80017 100644 --- a/deployer/commands/generate/resource_allocation/instance_capacities.yaml +++ b/deployer/commands/generate/resource_allocation/instance_capacities.yaml @@ -131,9 +131,9 @@ r5.4xlarge: cpu_capacity_high: 16.0 cpu_allocatable_low: 15.89 cpu_allocatable_high: 15.89 - mem_capacity_low: 124.364Gi + mem_capacity_low: 124.353Gi mem_capacity_high: 124.364Gi - mem_allocatable_low: 121.504Gi + mem_allocatable_low: 121.492Gi mem_allocatable_high: 121.504Gi m5.large: cpu_capacity_low: 2.0 From 0c64bb131de263a3df7f592513bf256f11300757 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 3 Jan 2024 15:39:45 -0800 Subject: [PATCH 216/494] Fix missing resource allocation choice for custom image --- config/clusters/nasa-veda/common.values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index e306d9d756..dda3098ed8 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -102,7 +102,7 @@ basehub: runAsUser: 1000 runAsGroup: 1000 profile_options: &profile_options - resource_allocation: + resource_allocation: &profile_options_resource_allocation display_name: Resource Allocation choices: mem_1_9: @@ -208,6 +208,7 @@ basehub: kubespawner_override: image: "{value}" choices: {} + resource_allocation: *profile_options_resource_allocation scheduling: userScheduler: From c822e4d6ca6294b72419c01ec7bde95edeadb867 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 3 Jan 2024 15:56:39 -0800 Subject: [PATCH 217/494] Update capacities & regenerate veda choices --- config/clusters/nasa-veda/common.values.yaml | 43 ++++++++++--------- .../node-capacity-info.json | 18 ++++---- 2 files changed, 31 insertions(+), 30 deletions(-) diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index dda3098ed8..7d30d6fb3d 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -108,8 +108,8 @@ basehub: mem_1_9: display_name: 1.9 GB RAM, upto 3.75 CPUs kubespawner_override: - mem_guarantee: 1992701952 - mem_limit: 1992701952 + mem_guarantee: 1991341312 + mem_limit: 1991341312 cpu_guarantee: 0.234375 cpu_limit: 3.75 node_selector: @@ -118,8 +118,8 @@ basehub: mem_3_7: display_name: 3.7 GB RAM, upto 3.75 CPUs kubespawner_override: - mem_guarantee: 3985403904 - mem_limit: 3985403904 + mem_guarantee: 3982682624 + mem_limit: 3982682624 cpu_guarantee: 0.46875 cpu_limit: 3.75 node_selector: @@ -127,8 +127,8 @@ basehub: mem_7_4: display_name: 7.4 GB RAM, upto 3.75 CPUs kubespawner_override: - mem_guarantee: 7970807808 - mem_limit: 7970807808 + mem_guarantee: 7965365248 + mem_limit: 7965365248 cpu_guarantee: 0.9375 cpu_limit: 3.75 node_selector: @@ -136,8 +136,8 @@ basehub: mem_14_8: display_name: 14.8 GB RAM, upto 3.75 CPUs kubespawner_override: - mem_guarantee: 15941615616 - mem_limit: 15941615616 + mem_guarantee: 15930730496 + mem_limit: 15930730496 cpu_guarantee: 1.875 cpu_limit: 3.75 node_selector: @@ -145,28 +145,29 @@ basehub: mem_29_7: display_name: 29.7 GB RAM, upto 3.75 CPUs kubespawner_override: - mem_guarantee: 31883231232 - mem_limit: 31883231232 + mem_guarantee: 31861460992 + mem_limit: 31861460992 cpu_guarantee: 3.75 cpu_limit: 3.75 node_selector: node.kubernetes.io/instance-type: r5.xlarge - mem_60_6: - display_name: 60.6 GB RAM, upto 15.72 CPUs + + mem_60_7: + display_name: 60.7 GB RAM, upto 15.725 CPUs kubespawner_override: - mem_guarantee: 65105797120 - mem_limit: 65105797120 - cpu_guarantee: 7.86 - cpu_limit: 15.72 + mem_guarantee: 65147242496 + mem_limit: 65147242496 + cpu_guarantee: 7.8625 + cpu_limit: 15.725 node_selector: node.kubernetes.io/instance-type: r5.4xlarge mem_121_3: - display_name: 121.3 GB RAM, upto 15.72 CPUs + display_name: 121.3 GB RAM, upto 15.725 CPUs kubespawner_override: - mem_guarantee: 130211594240 - mem_limit: 130211594240 - cpu_guarantee: 15.72 - cpu_limit: 15.72 + mem_guarantee: 130294484992 + mem_limit: 130294484992 + cpu_guarantee: 15.725 + cpu_limit: 15.725 node_selector: node.kubernetes.io/instance-type: r5.4xlarge - display_name: "Rocker Geospatial with RStudio" diff --git a/deployer/commands/generate/resource_allocation/node-capacity-info.json b/deployer/commands/generate/resource_allocation/node-capacity-info.json index 2566393828..ff153a2f17 100644 --- a/deployer/commands/generate/resource_allocation/node-capacity-info.json +++ b/deployer/commands/generate/resource_allocation/node-capacity-info.json @@ -2,11 +2,11 @@ "r5.xlarge": { "capacity": { "cpu": 4.0, - "memory": 33186611200 + "memory": 33164840960 }, "allocatable": { "cpu": 3.92, - "memory": 32145375232 + "memory": 32123604992 }, "measured_overhead": { "cpu": 0.17, @@ -14,7 +14,7 @@ }, "available": { "cpu": 3.75, - "memory": 31883231232 + "memory": 31861460992 } }, "r5.16xlarge": { @@ -48,19 +48,19 @@ "r5.4xlarge": { "capacity": { "cpu": 16.0, - "memory": 133545017344 + "memory": 133523050496 }, "allocatable": { "cpu": 15.89, - "memory": 130473738240 + "memory": 130451771392 }, "measured_overhead": { - "cpu": 0.17, - "memory": 262144000 + "cpu": 0.165, + "memory": 157286400 }, "available": { - "cpu": 15.72, - "memory": 130211594240 + "cpu": 15.725, + "memory": 130294484992 } }, "n2-highmem-32": { From eeb28dd6f08918c93292421d4cfac739668b13c2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 4 Jan 2024 01:43:13 +0100 Subject: [PATCH 218/494] ci: pin actions/upload-artifact to major version only --- .github/workflows/deploy-hubs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 7d3e94b228..d8517f0804 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -136,7 +136,7 @@ jobs: github.event_name == 'pull_request' && (env.support-and-staging-matrix-jobs != '[]' || env.prod-hub-matrix-jobs != '[]') - uses: actions/upload-artifact@v4.0.0 + uses: actions/upload-artifact@v4 with: name: pr path: | From 22b50d8d8508e855873bc82269310b55e22121c8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 4 Jan 2024 02:49:54 +0100 Subject: [PATCH 219/494] Default to k8s 1.28 in new clusters --- eksctl/nasa-esdis.jsonnet | 3 ++- eksctl/nasa-ghg.jsonnet | 2 +- eksctl/template.jsonnet | 4 ++-- terraform/gcp/variables.tf | 4 +--- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/eksctl/nasa-esdis.jsonnet b/eksctl/nasa-esdis.jsonnet index b642ffd3aa..6cd6d43118 100644 --- a/eksctl/nasa-esdis.jsonnet +++ b/eksctl/nasa-esdis.jsonnet @@ -37,7 +37,8 @@ local daskNodes = []; kind: 'ClusterConfig', metadata+: { name: "nasa-esdis", - region: clusterRegion, version: '1.27' + region: clusterRegion, + version: '1.27', }, availabilityZones: masterAzs, iam: { diff --git a/eksctl/nasa-ghg.jsonnet b/eksctl/nasa-ghg.jsonnet index 63983a7570..00562b5928 100644 --- a/eksctl/nasa-ghg.jsonnet +++ b/eksctl/nasa-ghg.jsonnet @@ -50,7 +50,7 @@ local daskNodes = [ metadata+: { name: "nasa-ghg-hub", region: clusterRegion, - version: '1.27' + version: '1.27', }, availabilityZones: masterAzs, iam: { diff --git a/eksctl/template.jsonnet b/eksctl/template.jsonnet index 6a4502c29c..3b681e9d7c 100644 --- a/eksctl/template.jsonnet +++ b/eksctl/template.jsonnet @@ -67,9 +67,9 @@ local daskNodes = []; region: clusterRegion, {# version should be the latest support version by the eksctl CLI, see - https://eksctl.io/introduction/ for a list of supported versions. + https://eksctl.io/getting-started/ for a list of supported versions. -#} - version: "1.27", + version: "1.28", }, availabilityZones: masterAzs, iam: { diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 6f461edbdd..9a9e5f2faf 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -47,10 +47,8 @@ variable "k8s_version_prefixes" { # channel, so we may want to remove or add minor versions here over time. # default = [ - "1.24.", - "1.25.", - "1.26.", "1.27.", + "1.28.", "1.", ] description = <<-EOT From b674563dc2764d02ab19ec2da9596ef9480fa600 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 3 Jan 2024 17:51:21 -0800 Subject: [PATCH 220/494] Bring in newer cryptnono version I've been upgrading cryptnono quite a bit over the last few months, bringing in new detectors that have been quite effective on mybinder.org. We automatically bump cryptnono on our clusters (https://github.com/2i2c-org/infrastructure/pull/3482), but recent progress have included some breaking changes to the helm chart config. This PR just brings in the new config changes, but does not change behavior in any real way. No new detectors are enabled. I've re-measured resource usage for the individual daemonset container (rather than the initContainer) as that can now be set separately. This probably requires us to redo some of the resource allocation generated profiles, which I'll do once this is merged. However, it is an overall reduction in daemonset requests, so deploying this shouldn't result in any profile being undeployable. Merging this should allow https://github.com/2i2c-org/infrastructure/pull/3482 to move forward as well. --- helm-charts/support/Chart.yaml | 2 +- helm-charts/support/values.yaml | 53 +++++++++++++++++++++------------ 2 files changed, 35 insertions(+), 20 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 4d9b651192..47e40ba73d 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -42,6 +42,6 @@ dependencies: # cryptnono, counters crypto mining # Source code: https://github.com/yuvipanda/cryptnono/ - name: cryptnono - version: "0.0.1-0.dev.git.27.h01b4f25" + version: "0.3.1-0.dev.git.107.heb504bc" repository: https://yuvipanda.github.io/cryptnono/ condition: cryptnono.enabled diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index 5c236c636e..f463dbb6c8 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -396,30 +396,45 @@ cryptnono: # resources for cryptnono was set after inspecting cpu and memory use via # prometheus and grafana. # - # cryptnono has an init container (kubectl-trace-init) and another container - # (trace). The init container has been found using up to 1.6Gi and up to about - # 600m for 4 minutes. The main container has been found using up to 150Mi but - # typically below 100Mi, and miniscule amounts of CPU (0-3m). + # cryptnono has an init container (fetch-kernel-headers) and one container per + # detector. We currently only use one detector (monero). + # + # In the past, the init container init container has been found using up to 1.6Gi and up to about + # 600m for 4 minutes. However, recent changes seem to have made this much faster, + # and there's no record of the initcontainer because our prometheus scrape interval + # is 1minute, and the init container seems to complete by then. We retain the older + # measured metrics until we can make new measurements. # # Since cryptnono is a non-critical service, we are at the moment allowing it # to be evicted during node memory pressure by providing a low memory request # compared to the limit. We are also not requesting significant amounts of CPU # so that it doesn't compete well with others initially. - # - # Note that as of now 2023-03-31 (8367fa5 in yuvipanda/cryptnono), the - # resources configuration configure both containers. - # - # PromQL queries for CPU and memory use: - # - CPU: sum(rate(container_cpu_usage_seconds_total{container="kube-trace-init", namespace="support"}[5m])) by (pod) - # - Memory: sum(container_memory_usage_bytes{container="kube-trace-init", namespace="support"}) by (pod) - # - resources: - limits: - cpu: 800m - memory: 2Gi - requests: - cpu: 5m - memory: 100Mi + fetchKernelHeaders: + resources: + limits: + cpu: 800m + memory: 2Gi + requests: + cpu: 5m + memory: 100Mi + + detectors: + # Disable the execwhacker detector for now, as it matures by being deployed on mybinder.org + execwhacker: + enabled: false + monero: + enabled: true + resources: + # Measured with the following prometheus queries: + # Memory: sum(container_memory_usage_bytes{container="monero", namespace="support"}) by (instance) + # CPU: sum(rate(container_cpu_usage_seconds_total{container="trace", namespace="support"}[5m])) by (instance) + # Seems to hover mostly around the 60Mi mark for memory, and generally less than 0.0002 in CPU + limits: + memory: 128Mi + cpu: 0.005 + requests: + memory: 64Mi + cpu: 0.0001 # Configuration of templates provided directly by this chart # ------------------------------------------------------------------------------- From e5373d7204efa6aab26bbb327f44f56c9b71a27a Mon Sep 17 00:00:00 2001 From: sean-morris Date: Wed, 3 Jan 2024 17:34:59 -0800 Subject: [PATCH 221/494] [cloudbank] Added Admins to CSULB --- config/clusters/cloudbank/csulb.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/cloudbank/csulb.values.yaml b/config/clusters/cloudbank/csulb.values.yaml index 27c86f1c8b..1882fb1851 100644 --- a/config/clusters/cloudbank/csulb.values.yaml +++ b/config/clusters/cloudbank/csulb.values.yaml @@ -51,6 +51,8 @@ jupyterhub: - ericvd@berkeley.edu - sean.smorris@berkeley.edu - shabnam.sodagari@csulb.edu + - Kagba.Suaray@csulb.edu + - Tianni.Zhou@csulb.edu cull: # Cull after 30min of inactivity every: 300 From f448d8f996d3ae14994d327bf02e10b19ba95af1 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 4 Jan 2024 10:15:09 +0200 Subject: [PATCH 222/494] Rename for consistency --- .github/ISSUE_TEMPLATE/{01_new-issue.yml => 1_new-issue.yml} | 0 .../{5_decommission-hub.md => 3_decommission-hub.md} | 0 .github/ISSUE_TEMPLATE/{6_event-hub.yml => 4_event-hub.yml} | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename .github/ISSUE_TEMPLATE/{01_new-issue.yml => 1_new-issue.yml} (100%) rename .github/ISSUE_TEMPLATE/{5_decommission-hub.md => 3_decommission-hub.md} (100%) rename .github/ISSUE_TEMPLATE/{6_event-hub.yml => 4_event-hub.yml} (100%) diff --git a/.github/ISSUE_TEMPLATE/01_new-issue.yml b/.github/ISSUE_TEMPLATE/1_new-issue.yml similarity index 100% rename from .github/ISSUE_TEMPLATE/01_new-issue.yml rename to .github/ISSUE_TEMPLATE/1_new-issue.yml diff --git a/.github/ISSUE_TEMPLATE/5_decommission-hub.md b/.github/ISSUE_TEMPLATE/3_decommission-hub.md similarity index 100% rename from .github/ISSUE_TEMPLATE/5_decommission-hub.md rename to .github/ISSUE_TEMPLATE/3_decommission-hub.md diff --git a/.github/ISSUE_TEMPLATE/6_event-hub.yml b/.github/ISSUE_TEMPLATE/4_event-hub.yml similarity index 100% rename from .github/ISSUE_TEMPLATE/6_event-hub.yml rename to .github/ISSUE_TEMPLATE/4_event-hub.yml From 2b67baea4afaa75fe59cdd961a855c384b16924e Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 4 Jan 2024 11:11:14 +0200 Subject: [PATCH 223/494] Add a freshdesk tracker issue template --- .github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml diff --git a/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml b/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml new file mode 100644 index 0000000000..5935ee4bb6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml @@ -0,0 +1,63 @@ +name: "🎫 Freshdesk ticket tracker" +description: Track work on GitHub requested via a Freshdesk ticket +title: "[Support] {{ Ticket name }}" +labels: ["support"] +body: + - type: markdown + attributes: + value: | + This template is designed to help the support triagers provide information about a Freshdesk ticket that could not be solved in the first 30min support window. + + This information will then be used to plan, prioritize and assign capacity in order to resolve this ticket. + + # Ticket Information + + - type: input + id: ticket_id + attributes: + label: The Freshdesk ticket link + description: | + Copy-paste the Freshdesk link here + validations: + required: true + + - type: dropdown + id: ticket_type + attributes: + label: Ticket request type + description: | + The general topic of request in the Freshdesk ticket. Note that the Event type has its own issue template! Select "Other" if none of the first options qualify. + options: + - Feature Request + - Something is not working + - Technical questions + - Other + validations: + required: true + + - type: textarea + id: description + attributes: + label: Short ticket description + description: | + Short description of what the ticket is about and what kind of work needs to be done to fix it. + validations: + required: true + + - type: markdown + attributes: + value: | + # Initial 30m Investigation Context + + Use the following section to provide the results of the initial 30min investigation. + + If no initial investigation was performed because it was clear that the the ticket cannot be resolved by the support triager in the first 30min window, then leave the next section blank. + + - type: textarea + id: results + attributes: + label: (Optional) Investigation results + description: | + Paste any useful information that was discovered during the initial ticket triaging. + validations: + required: false From 56bd02443b211e4e17611d3b2622632103fd3fef Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 4 Jan 2024 11:23:56 +0200 Subject: [PATCH 224/494] Add link towards the initial investigation guide --- .github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml b/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml index 5935ee4bb6..87d39c7e8c 100644 --- a/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml +++ b/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml @@ -6,7 +6,7 @@ body: - type: markdown attributes: value: | - This template is designed to help the support triagers provide information about a Freshdesk ticket that could not be solved in the first 30min support window. + This template is designed to help the support triagers provide information about a Freshdesk ticket that could not be solved in [the first 30min support window](https://compass.2i2c.org/projects/managed-hubs/timeboxed-initial-ticket-evaluation/#support-timeboxed-evaluation). This information will then be used to plan, prioritize and assign capacity in order to resolve this ticket. From 7869e8e3491c811048c47746d384913a815c1d01 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 4 Jan 2024 11:30:05 +0200 Subject: [PATCH 225/494] Add a ticket impact --- .github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml b/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml index 87d39c7e8c..7690a6f079 100644 --- a/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml +++ b/.github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml @@ -35,6 +35,22 @@ body: validations: required: true + - type: dropdown + id: ticket_impact + attributes: + label: Ticket impact + description: | + The impact the support triager believes the ticket has. Choose the most appropriate one from the drowpdown below. This information will be used to prioritize the ticket. + + Checkout the [non-incident support process](https://compass.2i2c.org/projects/managed-hubs/support/#non-incident-response-process) for more information about choosing the impact level. + options: + - 🟩 Low + - 🟨 Medium + - 🟧 High + - 🟥 Critical + validations: + required: true + - type: textarea id: description attributes: From 5595b13ce0a4e6aa592a01b8d274a3d208ffe8d9 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 4 Jan 2024 07:22:04 -0800 Subject: [PATCH 226/494] Use milliCPU as units for clarity --- helm-charts/support/values.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index f463dbb6c8..39996dc6ad 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -428,13 +428,14 @@ cryptnono: # Measured with the following prometheus queries: # Memory: sum(container_memory_usage_bytes{container="monero", namespace="support"}) by (instance) # CPU: sum(rate(container_cpu_usage_seconds_total{container="trace", namespace="support"}[5m])) by (instance) - # Seems to hover mostly around the 60Mi mark for memory, and generally less than 0.0002 in CPU + # Seems to hover mostly around the 60Mi mark for memory, and generally less than 0.0002 in CPU. But + # 1m (or 0.001) is the lowest that can be specified in kubernetes, so we use that. limits: memory: 128Mi - cpu: 0.005 + cpu: 5m requests: memory: 64Mi - cpu: 0.0001 + cpu: 1m # Configuration of templates provided directly by this chart # ------------------------------------------------------------------------------- From b83358e06568baede547fbf52543414e9e593501 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 4 Jan 2024 10:46:50 -0800 Subject: [PATCH 227/494] Include initContainers when calculating pod overhead https://github.com/2i2c-org/infrastructure/pull/3569 changed the cryptnono daemonset to have different resource requests for the init containers as well as the container. While working on https://github.com/2i2c-org/infrastructure/pull/3566, I noticed this was generating wrong choices - the overhead was calculated wrong (too small). We were intentionally ignoring init containers while calculating overhead, and turns out the scheduler and the autoscaler both do take it into consideration. The effective resource request for a pod is the higher of the resource requests for the containers *or* the init containers - this ensures that a pod with higher requests for init containers than containers (like our cryptnono pod!) will actually run. This is documented at https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#resource-sharing-within-containers, and implemented in Kubernetes itself at https://github.com/kubernetes/kubernetes/blob/9bd0ef5f173de3cc2d1d629a4aee499d53690aee/pkg/api/v1/resource/helpers.go#L50 (this is the library code that the cluster autoscaler uses). This PR updates the two places we currently have that calculate effective resource requests (I assume eventually these will be merged into one - I haven't kept up with the team's work last quarter here). I've updated the node-capacity-info.json file, which is what seems to be used by the generator script right now. --- .../resource_allocation/daemonset_requests.py | 45 +++++++++++++++---- .../daemonset_requests.yaml | 2 +- .../node-capacity-info.json | 8 ++-- .../resource_allocation/update_nodeinfo.py | 40 +++++++++++++---- 4 files changed, 72 insertions(+), 23 deletions(-) diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.py b/deployer/commands/generate/resource_allocation/daemonset_requests.py index e47ac51ed6..f6611f38b9 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.py +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.py @@ -64,23 +64,50 @@ def get_daemon_sets_requests(): info = [] for ds in daemon_sets: name = ds["metadata"]["name"] - req_mem = req_cpu = lim_mem = lim_cpu = 0 + # From https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#resource-sharing-within-containers + # > - The highest of any particular resource request or limit defined on + # > all init containers is the effective init request/limit. If any + # > resource has no resource limit specified this is considered as the + # > highest limit. + # > - The Pod's effective request/limit for a resource is the higher of: + # > - the sum of all app containers request/limit for a resource + # > - the effective init request/limit for a resource + # + # So we have to calculate the requests of the init containers and containers separately, + # and take the max as the effective request / limit + + container_req_mem = ( + container_req_cpu + ) = container_lim_mem = container_lim_cpu = 0 + init_container_req_mem = ( + init_container_req_cpu + ) = init_container_lim_mem = init_container_lim_cpu = 0 + for c in ds["spec"]["template"]["spec"]["containers"]: resources = c.get("resources", {}) requests = resources.get("requests", {}) limits = resources.get("limits", {}) - req_mem += parse_quantity(requests.get("memory", 0)) - lim_mem += parse_quantity(limits.get("memory", 0)) - req_cpu += parse_quantity(requests.get("cpu", 0)) - lim_cpu += parse_quantity(limits.get("cpu", 0)) + container_req_mem += parse_quantity(requests.get("memory", 0)) + container_lim_mem += parse_quantity(limits.get("memory", 0)) + container_req_cpu += parse_quantity(requests.get("cpu", 0)) + container_lim_cpu += parse_quantity(limits.get("cpu", 0)) + + for c in ds["spec"]["template"]["spec"].get("initContainers", []): + resources = c.get("resources", {}) + requests = resources.get("requests", {}) + limits = resources.get("limits", {}) + init_container_req_mem += parse_quantity(requests.get("memory", 0)) + init_container_lim_mem += parse_quantity(limits.get("memory", 0)) + init_container_req_cpu += parse_quantity(requests.get("cpu", 0)) + init_container_lim_cpu += parse_quantity(limits.get("cpu", 0)) info.append( { "name": name, - "cpu_request": float(req_cpu), - "cpu_limit": float(lim_cpu), - "memory_request": int(req_mem), - "memory_limit": int(lim_mem), + "cpu_request": float(max(container_req_cpu, init_container_req_cpu)), + "cpu_limit": float(max(container_lim_cpu, init_container_lim_cpu)), + "memory_request": int(max(container_req_mem, init_container_req_mem)), + "memory_limit": int(max(container_lim_mem, init_container_lim_mem)), } ) diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml index ef9e94e15f..7af1b13692 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml @@ -134,7 +134,7 @@ eks: other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.25.12-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 openscapes: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" diff --git a/deployer/commands/generate/resource_allocation/node-capacity-info.json b/deployer/commands/generate/resource_allocation/node-capacity-info.json index ff153a2f17..6cedc667e2 100644 --- a/deployer/commands/generate/resource_allocation/node-capacity-info.json +++ b/deployer/commands/generate/resource_allocation/node-capacity-info.json @@ -55,12 +55,12 @@ "memory": 130451771392 }, "measured_overhead": { - "cpu": 0.165, - "memory": 157286400 + "cpu": 0.17, + "memory": 262144000 }, "available": { - "cpu": 15.725, - "memory": 130294484992 + "cpu": 15.72, + "memory": 130189627392 } }, "n2-highmem-32": { diff --git a/deployer/commands/generate/resource_allocation/update_nodeinfo.py b/deployer/commands/generate/resource_allocation/update_nodeinfo.py index 0b9c57e6e4..17ed22c122 100644 --- a/deployer/commands/generate/resource_allocation/update_nodeinfo.py +++ b/deployer/commands/generate/resource_allocation/update_nodeinfo.py @@ -106,20 +106,42 @@ def get_node_capacity_info(instance_type: str): mem_available = mem_allocatable for p in pods: - mem_request = 0 - cpu_request = 0 - # Iterate through all the containers in the pod, and count the memory & cpu requests - # they make. We don't count initContainers' requests as they don't overlap with the - # container requests at any point. + # From https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#resource-sharing-within-containers + # > - The highest of any particular resource request or limit defined on + # > all init containers is the effective init request/limit. If any + # > resource has no resource limit specified this is considered as the + # > highest limit. + # > - The Pod's effective request/limit for a resource is the higher of: + # > - the sum of all app containers request/limit for a resource + # > - the effective init request/limit for a resource + # + # So we have to calculate the requests of the init containers and containers separately, + # and take the max as the effective request / limit + container_cpu_request = container_mem_request = 0 + init_container_cpu_request = init_container_mem_request = 0 + for c in p["spec"]["containers"]: - mem_request += parse_quantity( + container_mem_request += parse_quantity( + c.get("resources", {}).get("requests", {}).get("memory", "0") + ) + container_cpu_request += parse_quantity( + c.get("resources", {}).get("requests", {}).get("cpu", "0") + ) + + for c in p["spec"].get("initContainers", []): + init_container_mem_request += parse_quantity( c.get("resources", {}).get("requests", {}).get("memory", "0") ) - cpu_request += parse_quantity( + init_container_cpu_request += parse_quantity( c.get("resources", {}).get("requests", {}).get("cpu", "0") ) - cpu_available -= cpu_request - mem_available -= mem_request + + print( + p["metadata"]["name"], + max(init_container_mem_request, container_mem_request), + ) + cpu_available -= max(container_cpu_request, init_container_cpu_request) + mem_available -= max(container_mem_request, init_container_mem_request) return { # CPU units are in fractions, while memory units are bytes From 580b02265198bd10d3dd4804bc71fcb7b922a01a Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 4 Jan 2024 11:10:42 -0800 Subject: [PATCH 228/494] Adjust memory requests so largest instances spawn on r5.4xlarge Brings in the new memory / cpu limits set up for https://github.com/2i2c-org/infrastructure/pull/3572 - without that, the largest set up size doesn't actually spawn on r5.4xlarge due to insufficient memory. --- config/clusters/nasa-esdis/common.values.yaml | 12 ++++----- config/clusters/nasa-veda/common.values.yaml | 25 +++++++++---------- config/clusters/openscapes/prod.values.yaml | 12 ++++----- .../clusters/openscapes/staging.values.yaml | 12 ++++----- 4 files changed, 30 insertions(+), 31 deletions(-) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index e2fd102445..168170c753 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -103,17 +103,17 @@ jupyterhub: mem_60_6: display_name: 60.6 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 65105797120 - mem_limit: 65105797120 + mem_guarantee: 65094813696 + mem_limit: 65094813696 cpu_guarantee: 7.86 cpu_limit: 15.72 node_selector: node.kubernetes.io/instance-type: r5.4xlarge - mem_121_3: - display_name: 121.3 GB RAM, upto 15.72 CPUs + mem_121_2: + display_name: 121.2 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 130211594240 - mem_limit: 130211594240 + mem_guarantee: 130189627392 + mem_limit: 130189627392 cpu_guarantee: 15.72 cpu_limit: 15.72 node_selector: diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index 7d30d6fb3d..23c311da36 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -151,23 +151,22 @@ basehub: cpu_limit: 3.75 node_selector: node.kubernetes.io/instance-type: r5.xlarge - - mem_60_7: - display_name: 60.7 GB RAM, upto 15.725 CPUs + mem_60_6: + display_name: 60.6 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 65147242496 - mem_limit: 65147242496 - cpu_guarantee: 7.8625 - cpu_limit: 15.725 + mem_guarantee: 65094813696 + mem_limit: 65094813696 + cpu_guarantee: 7.86 + cpu_limit: 15.72 node_selector: node.kubernetes.io/instance-type: r5.4xlarge - mem_121_3: - display_name: 121.3 GB RAM, upto 15.725 CPUs + mem_121_2: + display_name: 121.2 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 130294484992 - mem_limit: 130294484992 - cpu_guarantee: 15.725 - cpu_limit: 15.725 + mem_guarantee: 130189627392 + mem_limit: 130189627392 + cpu_guarantee: 15.72 + cpu_limit: 15.72 node_selector: node.kubernetes.io/instance-type: r5.4xlarge - display_name: "Rocker Geospatial with RStudio" diff --git a/config/clusters/openscapes/prod.values.yaml b/config/clusters/openscapes/prod.values.yaml index 5e77d5edcc..8b67662b21 100644 --- a/config/clusters/openscapes/prod.values.yaml +++ b/config/clusters/openscapes/prod.values.yaml @@ -70,17 +70,17 @@ basehub: mem_60_6: display_name: 60.6 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 65105797120 - mem_limit: 65105797120 + mem_guarantee: 65094813696 + mem_limit: 65094813696 cpu_guarantee: 7.86 cpu_limit: 15.72 node_selector: node.kubernetes.io/instance-type: r5.4xlarge - mem_121_3: - display_name: 121.3 GB RAM, upto 15.72 CPUs + mem_121_2: + display_name: 121.2 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 130211594240 - mem_limit: 130211594240 + mem_guarantee: 130189627392 + mem_limit: 130189627392 cpu_guarantee: 15.72 cpu_limit: 15.72 node_selector: diff --git a/config/clusters/openscapes/staging.values.yaml b/config/clusters/openscapes/staging.values.yaml index 52c24d64f5..9a75e2a263 100644 --- a/config/clusters/openscapes/staging.values.yaml +++ b/config/clusters/openscapes/staging.values.yaml @@ -83,17 +83,17 @@ basehub: mem_60_6: display_name: 60.6 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 65105797120 - mem_limit: 65105797120 + mem_guarantee: 65094813696 + mem_limit: 65094813696 cpu_guarantee: 7.86 cpu_limit: 15.72 node_selector: node.kubernetes.io/instance-type: r5.4xlarge - mem_121_3: - display_name: 121.3 GB RAM, upto 15.72 CPUs + mem_121_2: + display_name: 121.2 GB RAM, upto 15.72 CPUs kubespawner_override: - mem_guarantee: 130211594240 - mem_limit: 130211594240 + mem_guarantee: 130189627392 + mem_limit: 130189627392 cpu_guarantee: 15.72 cpu_limit: 15.72 node_selector: From 867877746a883e1bc9dd90eed3dd08d3d6dee833 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 4 Jan 2024 14:01:42 -0800 Subject: [PATCH 229/494] Use qgis image from new location https://github.com/2i2c-org/nasa-qgis-image is the new home of this image, as the PR linked to has been closed. --- config/clusters/nasa-ghg/common.values.yaml | 4 ++-- config/clusters/nasa-veda/common.values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index 7aefe23c1a..2ef7e48bf0 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -101,8 +101,8 @@ basehub: cmd: null # Launch people directly into the Linux desktop when they start default_url: /desktop - # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 - image: "quay.io/jupyter-remote-desktop-proxy/qgis:2023-09-27" + # Built from https://github.com/2i2c-org/nasa-qgis-image + image: "quay.io/2i2c/nasa-qgis-image:78d96c092f8e" requests: # NOTE: Node share choices are in active development, see comment # next to profileList: above. diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index 7d30d6fb3d..bd21c97593 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -192,8 +192,8 @@ basehub: cmd: null # Launch people directly into the Linux desktop when they start default_url: /desktop - # Built from https://github.com/jupyterhub/jupyter-remote-desktop-proxy/pull/51 - image: "quay.io/jupyter-remote-desktop-proxy/qgis:2023-09-27" + # Built from https://github.com/2i2c-org/nasa-qgis-image + image: "quay.io/2i2c/nasa-qgis-image:78d96c092f8e" profile_options: *profile_options - display_name: "Bring your own image" description: Specify your own docker image (must have python and jupyterhub installed in it) From e295b8f81f3fafb3b8e317a115d66477deadd125 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 00:31:36 +0100 Subject: [PATCH 230/494] Re-generate daemonset requests for our clusters --- .../daemonset_requests.yaml | 60 ++++++++++--------- 1 file changed, 33 insertions(+), 27 deletions(-) diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml index 7af1b13692..c41fca02e2 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.yaml +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.yaml @@ -22,7 +22,7 @@ gke: 2i2c: requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: "" + other_daemon_sets: binder-staging-dind,binder-staging-image-cleaner,imagebuilding-demo-binderhub-service-docker-api cpu_requests: 344m memory_requests: 596Mi k8s_version: v1.27.4-gke.900 @@ -31,7 +31,7 @@ gke: other_daemon_sets: "" cpu_requests: 344m memory_requests: 596Mi - k8s_version: v1.27.4-gke.900 + k8s_version: v1.27.7-gke.1056000 awi-ciroh: requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" @@ -43,25 +43,25 @@ gke: other_daemon_sets: "" cpu_requests: 344m memory_requests: 596Mi - k8s_version: v1.27.4-gke.900 + k8s_version: v1.27.7-gke.1056000 catalystproject-latam: requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 338m memory_requests: 496Mi - k8s_version: v1.27.3-gke.100 + k8s_version: v1.27.7-gke.1056000 cloudbank: - requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,pdcsi-node,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: continuous-image-puller,continuous-image-puller,continuous-image-puller,netd - cpu_requests: 342m - memory_requests: 566Mi - k8s_version: v1.26.5-gke.2100 + requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter + other_daemon_sets: "" + cpu_requests: 344m + memory_requests: 596Mi + k8s_version: v1.27.5-gke.200 hhmi: requesting_daemon_sets: fluentbit-gke,gke-metadata-server,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 228m memory_requests: 480Mi - k8s_version: v1.27.3-gke.100 + k8s_version: v1.27.7-gke.1056000 leap: requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" @@ -81,54 +81,60 @@ gke: memory_requests: 580Mi k8s_version: v1.27.4-gke.900 pangeo-hubs: - requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,pdcsi-node,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: netd - cpu_requests: 342m - memory_requests: 566Mi - k8s_version: v1.26.5-gke.2100 + requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,gke-metrics-agent,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter + other_daemon_sets: "" + cpu_requests: 344m + memory_requests: 596Mi + k8s_version: v1.27.5-gke.200 qcl: requesting_daemon_sets: calico-node,fluentbit-gke,gke-metadata-server,ip-masq-agent,netd,pdcsi-node,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 338m memory_requests: 496Mi - k8s_version: v1.27.4-gke.900 + k8s_version: v1.27.7-gke.1056000 eks: 2i2c-aws-us: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.25.12-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 catalystproject-africa: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.27.4-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 gridsst: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.25.12-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 jupyter-meets-the-earth: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.25.12-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 nasa-cryo: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.25.12-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 + nasa-esdis: + requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter + other_daemon_sets: "" + cpu_requests: 170m + memory_requests: 250Mi + k8s_version: v1.27.8-eks-8cb36c9 nasa-ghg: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.27.4-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 nasa-veda: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" @@ -140,29 +146,29 @@ eks: other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.24.16-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 smithsonian: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.25.12-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 ubc-eoas: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.24.17-eks-f8587cb + k8s_version: v1.27.8-eks-8cb36c9 victor: requesting_daemon_sets: aws-node,ebs-csi-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter other_daemon_sets: "" cpu_requests: 170m memory_requests: 250Mi - k8s_version: v1.25.12-eks-2d98532 + k8s_version: v1.27.8-eks-8cb36c9 aks: utoronto: requesting_daemon_sets: cloud-node-manager,csi-azuredisk-node,csi-azurefile-node,kube-proxy,support-cryptnono,support-prometheus-node-exporter - other_daemon_sets: calico-node,continuous-image-puller,continuous-image-puller,continuous-image-puller,continuous-image-puller + other_daemon_sets: calico-node cpu_requests: 226m memory_requests: 300Mi k8s_version: v1.26.3 From b8fc96e18b2c193f21fb2f0fa7bb81a658ab45df Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 00:35:05 +0100 Subject: [PATCH 231/494] Re-generate deployer's credentials for nasa-esdis/veda/ghg --- .../enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-ghg/enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-veda/enc-deployer-credentials.secret.json | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json index e374b9b160..ed06b36be2 100644 --- a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:kZTskz6SEOAG7Gs/XJWgb3/rBP8=,iv:0lt2hvWTvim6BQbOHRK1mEM4hOiWaYn1NMk+D6X50uE=,tag:h4kg7OhCjPSkP944bfwl9g==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:2reeLNQI/3AoYUvLOt2YMS6rfDif6FKkKy/P1jydTYCOp8WxLJQAWw==,iv:yCFDlAlUMhT++132DYsNj33o1GQeQzf//7812PUeGf0=,tag:chPGkunqefsBCJYktR/4fw==,type:str]", - "UserName": "ENC[AES256_GCM,data:UmS7nzeCMNftw5Y3askBVZDCWi3lZug=,iv:JSA+k1aViys9MJiSesJ8Wa1ROjsTp09rTUsuh05D8G0=,tag:Zhc6xFnuH5ZEdyZArr4TAQ==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:oPKOsurPOC6y9M/1fC+zXWRPlLc=,iv:x/4c7QaVebYIgv1dRz+TrKi26SHx+4Du+6nveh1YCn4=,tag:f98HqtXCHLjwzMqakwJZew==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:2wgKlpvDw58nG8I8De1OGuY/iMRBI0YBuOT4PyrS+ftK1z3XaOHE2g==,iv:OjcEoj5TOw0CfgpP0JB3MIUsPX7BuD41UHeKN5X6mWU=,tag:qIPK9FshxAmxQR0eu43obA==,type:str]", + "UserName": "ENC[AES256_GCM,data:V3gK4fwvdg6S0Gqm+OMYYQ+CHPaHwx8=,iv:KgqXw4up32lco9+4FJug/59ZxPtp37OSsWeKKuFtM1E=,tag:Dl8I+Q9wZ3iG6vLqtBOuLA==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2023-12-06T12:03:15Z", - "enc": "CiUA4OM7eCevOe2lP3dSjxmmQYme4j8Z6Y39WZnXn1nIh7yKmXJzEkkAjTWv+vDmpAkn3AgOohJ2cKWKISg+WL5tnT4LSw4+T1f0ErL8Kj7QeGvz5lycB/yGBN00wU8MgkvsoZkSaELOi+CQe0x4pxGi" + "created_at": "2024-01-04T23:28:35Z", + "enc": "CiUA4OM7eEbZmWcl3SiVG55lrCeNODpLG1k9+umcz3UTw5P2figfEkkAjTWv+piz7M8eFX8o1DVN9zQSgsExgMSC3Ht8Gfy+HQFZMzxSn996JakPNi8m94+LtpZS4cjbqi2jRIEnCMCFhZWNzDRbazvI" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2023-12-06T12:03:15Z", - "mac": "ENC[AES256_GCM,data:r6AHNmXZIdRXHruqOaC26/1TxUunQE/ZutNdflCqpcKOnQhavhkxWMsITseHtr6FTus/i5HGEqK4TRidCUewSLVKsK7EPEV7jhM9kAL5ERBAUsg26dtS53b4GjOp04joFk3M3UXS/kZpIh+BoxJPnkhPW4rQuaiEL0BYKJbc9ns=,iv:Yg37lNJRrY6z+RN+YlPb2uKhhaXnG0nM+2GqISUwbdo=,tag:gUJEcGXmgKRO0GBKf9rIAA==,type:str]", + "lastmodified": "2024-01-04T23:28:36Z", + "mac": "ENC[AES256_GCM,data:39hU3JfFxp0+s0adR2OPJv+QXVW81kYXXQ4BzUYAA7cCmRA4o9jQWE+9qAPBVmpWU0zi5WeSAsAJtRV28apcQGcNd4hqtB405dxxsX3cTIlviiAgPggsiS8ZEte5KutCa5BmKkXdMzMxZkMLgbj61K7YlCat82yi3dosHL1rSGA=,iv:jrx0m5+BJab3AeSay9mdZRSwlluDeMiZiVSM60HEUbM=,tag:nK4SFQWnGj+xtB1Jt1YXTw==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json index af204d7b0f..055b33fb46 100644 --- a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:/SnNrz1NZH14iUvTbwLgPTgPQXM=,iv:PY9j0aRcy92oHYxk5MTc/w0QqbLJnaKfjbk3f3QeHjw=,tag:94iPN87QPhhy+seo45ei4Q==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:7Ve2qkiVgs2oTRZ4DmicdAYcTtkv1wasASlCLgTqQYTRrmrnRsM3IA==,iv:ZAGR/Oz8oKNczgnt6JNw9FtrN4EyiNazZQBva4fQ9zQ=,tag:6NeNP7Yoq5fqAbCWGVpK9Q==,type:str]", - "UserName": "ENC[AES256_GCM,data:Z90ncTWifCB0NjDp28vWKoWNTwaOT2g=,iv:TEG1Z1Asy1ejwKWX2ylqf0CoCYn9sMoy0D+ULnBiYfo=,tag:SZWVgDCM1jJozZsUClNBYQ==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:vXMsN91BXqgdF7KXxqX86p61aDo=,iv:P+RyTSlHiqSB9wu0lWJztJkuHwcPsmGQXNEzHM65XR4=,tag:Q/4fuVHgLFxXRNQ0LxCcvg==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:px56aI9GMUgkvcbYj001XHhxfMo1nWaWxiBuuIT1x1+N70fE8YFaIw==,iv:xmhfzt1JqlEHESWZnirojcVBvsJTk9hqF7Om3YKUHOs=,tag:y3PN+YRl50FDieRIl9QRyA==,type:str]", + "UserName": "ENC[AES256_GCM,data:pQeaY7atRNpI/i8ah9AKprHp194sbuA=,iv:74ae090GbgcxudUi/cDeV46CJX9v5qNBKK3+zk0HCu0=,tag:dT7+f0JuJC1NfaizUFbB9w==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2023-12-12T11:39:58Z", - "enc": "CiUA4OM7ePvn5wSbGI+YBkf8tpE5da9gpXo7uUg76CB/PH9qw4XgEkkAjTWv+kuW9BPeM6kaAzOlTvAtq6ln/ozWmCZ8oBCvSzC3GzzyNrBPiYtL0RdglmxCVeuVuJbmYQ5f24/vlyKJ7z521fXw1lY6" + "created_at": "2024-01-04T23:10:31Z", + "enc": "CiUA4OM7eKIg03EAlCM64KT1ZKrqMBL0QvL7zgFEAVQiIWcgjSWeEkkAjTWv+pfKWeZpLUe4MO5M3t7qdwzWD9mP7QpARXmCvwULPVP79EKzCHaErQHIa0Sq8g3ZvZHn2IpaSEGqvSg08rnL2UvPXWn2" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2023-12-12T11:39:58Z", - "mac": "ENC[AES256_GCM,data:FlX4TV328tvYkRDq0IN4lsspRtk6dtmyTDBjHiWReNS/JmPhtpreAcbkTrMgbj9aSPlJ44hEiPJcTPvbnEBqfouYkgWThWHI4uGwjLMj/EW82HhTDmSR5QNqaHXDyVKjwYfLBuHpGVcqh5dglMoWcAa6lcbcyln+DHr3a3Fa0m0=,iv:tc/d5UgJcdN12+Pvip9BEnwuM1ENqHp3gM2+poPOv2Y=,tag:PFokY3k7piFPYObrPzOuiQ==,type:str]", + "lastmodified": "2024-01-04T23:10:31Z", + "mac": "ENC[AES256_GCM,data:ThsEIM/YzZyCVCUsnSqoR3gMC+WDt6PyFHY4bSdI5zwD7gbW3V//GK/xUz0XcYsTmKqgL3b99mv3yK1EOyDlYj0LZoLOLZg8nh7Cc9JaiFA4fuvDu/b5r2hA1zYLERxJnJftlqG5sA4nDzv1wnNWf/LL0jzxApvlHty7g1Oa5BU=,iv:sp6AifQVyXgrHTVrIPEGzekhvyfA5syIA2YthhMuJsQ=,tag:k7L2uvgirZkoV5tG1aKLkA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json index fa273d15fe..94c8435b3b 100644 --- a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:snwBYJoxlHiqiy1Z5P+Te305S+o=,iv:mw8v47wbEFYFInVALmqai708PbcGilD9a2EooiqPj6I=,tag:wd9JeH7e6dsArPf2HFckvQ==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:Nm7cPP0TVZbXrB8dI1eBB5DdQndYsVjZwC6nzoMyehFLuH8MxA3A9w==,iv:nYWAH7JH9AGX7F7PRjp2uHvFM3GOHi4gx9Ofzdc8VEE=,tag:VwJK6wOFAZpvuTdf1cZe+g==,type:str]", - "UserName": "ENC[AES256_GCM,data:0wO9NjNEYDI7VEwbaABNuflsbKHRcCI=,iv:UaQaXwPjgsnHObJWunkSrhxCb5jnlho4m1roMJuH/SY=,tag:pRz4GNk89O13KK0iL6J/kg==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:3raNFoP4EOz5brXR10QdppGdRoQ=,iv:CHhvKsS+eZwCA+ryRkiHKGuyzH5YI1fCsChalBdm/3M=,tag:j92XTrA1OxZBQGZIj4eQSg==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:uJfSLuUpvtxEPQLV7AUY5+g948dr0kyMGcfSIqRDaCI1bGKOZjjx6g==,iv:lnlnK8ZcvAswaiE5U4qPE6LCTIubgPfWEoq9zIvvaRQ=,tag:0IwOhy99k21ifv0jzMwhMQ==,type:str]", + "UserName": "ENC[AES256_GCM,data:uCxkY2QPKebMKHAnGRi0/LZg8vePcMI=,iv:+E1dTSDk93Gtsd9pPVoyFULI641SBkjFOaXeG5Z1J+o=,tag:gpNsfqEsqqGKLY1ytqMihw==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2023-12-06T16:20:17Z", - "enc": "CiUA4OM7eGFJsgOtkHhpuwtBk7FVibsSQb/81TJhM3geXJ4yP0BZEkkAjTWv+tD1IGTInNdjJdb3sll1n9vPIEJ+EWnp53nRYe3+WBOV53BPZMOq1usbIBDMVkriNHw8YtIRO2lfNVBFKhKaUd5TCgPH" + "created_at": "2024-01-04T23:06:56Z", + "enc": "CiUA4OM7eM8HZ6FS+hnOqcl86XpGiYj9GeOW3aeoFnMpu6VkVoDsEkkAjTWv+iU0Yu+kXQ8FodYPhsM8asnqX1CjZ5pqIQCU0fY1qKxZ/SQNwL4rPb44VIWeYtnne3M6pZJOwtDQvtElowmuOkjEfrsz" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2023-12-06T16:20:17Z", - "mac": "ENC[AES256_GCM,data:igdFyuAFjSfqiQVVIhQap23ODCDRe5azpaKKyGL5G1dQ34voJfUhAq0KR2bAlfHBGSAo6l9qI18vcdzSjHmkPsxu1sJWhN3H3l0C6HubIWbplXmlv0t7b8PuBASx0DSy9LxsIVPygXP9/88GyU+nP2ywwdgrVZ8fxxqS1YuYkDc=,iv:KmpCe1L4io1sDEWCCyqGS69bz7cNM2+/8DeJuVYyaeU=,tag:qF+TP2UjKp25GNBw7cQAhQ==,type:str]", + "lastmodified": "2024-01-04T23:06:57Z", + "mac": "ENC[AES256_GCM,data:yU4oEi/fef0HKtezbjkjcNmKM/1LNUhdUPQMOHixsstaGoETva6BHYh+5YtHAdepDPfEd76y9vC4OeIZ2Aenilq6Qe3B2ar+lIGy0CA/Ph1KjS1+Q9/5v0vc9hlReNtpjoqz3xtx320sP0NwlIlKXNwg52xQQzQrvGOvFjzhLoA=,iv:GBR/zD7oynCaDSvF+Ec937VHKgNCcNIuuTO7EtKcfRg=,tag:EdbJ9VOE8/0TCA35SsMyKQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" From 5534caa143b78bcbc29d0a8ec24e34d37ab33077 Mon Sep 17 00:00:00 2001 From: sean-morris Date: Thu, 4 Jan 2024 16:35:24 -0800 Subject: [PATCH 232/494] [cloudbank] More Admin Users: CSU LB --- config/clusters/cloudbank/csulb.values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/clusters/cloudbank/csulb.values.yaml b/config/clusters/cloudbank/csulb.values.yaml index 1882fb1851..d2867f1ca8 100644 --- a/config/clusters/cloudbank/csulb.values.yaml +++ b/config/clusters/cloudbank/csulb.values.yaml @@ -53,6 +53,10 @@ jupyterhub: - shabnam.sodagari@csulb.edu - Kagba.Suaray@csulb.edu - Tianni.Zhou@csulb.edu + - Antonio.Martinez@csulb.edu + - Babette.Benken@csulb.edu + - Florence.Newberger@csulb.edu + - Seungjoon.Lee@csulb.edu cull: # Cull after 30min of inactivity every: 300 From 353d37dfd3253a1093a3af31b00cd74aea3f1332 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 02:49:00 +0100 Subject: [PATCH 233/494] Refine and detail k8s cluster upgrade policy --- docs/howto/upgrade-cluster/index.md | 33 +++++++++++++++++------------ 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/docs/howto/upgrade-cluster/index.md b/docs/howto/upgrade-cluster/index.md index fe7a56180f..9d12a501c7 100644 --- a/docs/howto/upgrade-cluster/index.md +++ b/docs/howto/upgrade-cluster/index.md @@ -11,19 +11,26 @@ clusters on AWS. ## Upgrade policy -We aim to ensure we use a k8s version for the control plane and node groups that is at least **five minor versions** behind the latest one available at any given time. - -Ideally, the following rules should also be respected: - -1. Every new cluster we deploy should be using the latest available kubernetes version. -1. All of the clusters deployed in a cloud provider should be using the same version. -1. Check if new upgrades are needed at least every 3 months. - - -```{warning} -As of now, we have not yet established practices on how to ensure these upgrades happen according to the policy above. Establishing this is tracked in [this GitHub -issue](https://github.com/2i2c-org/infrastructure/issues/412). -``` +1. To keep our k8s cluster's control plane and node pools upgraded to the latest + _three_ and _four_ [official minor k8s versions] respectively at all times. +2. To await a level of maturity for minor k8s versions before we adopt them. + + | Kubernetes distribution | Our maturity criteria | + | - | - | + | GKE | Part of [GKE's regular release channel] | + | EKS | [Supported by `eksctl`] and is GKE mature | + | AKS | Listed as [generally available on AKS] | +3. To upgrade k8s cluster's control plane and node pools at least _twice_ and + _once_ per year respectively. +4. To not disrupt user nodes with running users, by instead rolling out new user + node pools if needed and cleaning up the old at a later time. +5. To check if actions needs to be scheduled related to this in the beginning of + every quarter. + +[official minor k8s versions]: https://kubernetes.io/releases/ +[gke's regular release channel]: https://cloud.google.com/kubernetes-engine/docs/release-notes-regular +[supported by `eksctl`]: https://eksctl.io/getting-started/#basic-cluster-creation +[generally available on aks]: https://learn.microsoft.com/en-gb/azure/aks/supported-kubernetes-versions?tabs=azure-cli#aks-kubernetes-release-calendar ```{toctree} :maxdepth: 1 From 0f1373d0e3cf518fcc268111609b747befdae58f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 10:39:04 +0100 Subject: [PATCH 234/494] List updating credentials as fine to self-merge --- .pre-commit-config.yaml | 2 +- docs/contributing/code-review.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 262f5bbb51..99a5dafb94 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: markdown, yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v4.0.0-alpha.8 + rev: v3.1.0 hooks: - id: prettier diff --git a/docs/contributing/code-review.md b/docs/contributing/code-review.md index 8cc259e061..f72ebb6a35 100644 --- a/docs/contributing/code-review.md +++ b/docs/contributing/code-review.md @@ -49,11 +49,12 @@ any approval. 1. Updating admin users for a hub 2. Changing basic hub configuration such as the URL of its landing page image -3. Updating the user image of a hub. +3. Updating the user image of a hub 4. Updating the max number of nodes for nodepools in a cluster 5. Resizing home directory storage upwards when it is about to fill up 6. Emergency (eg exam, outage) related resource bumps 7. *Cleanly* reverting a change that failed CI +8. Updating soon to be expired credentials ## Self-merging as a community partner From 572f4352bec8d8969481c474134d9bfff4ae3714 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 16:36:18 +0100 Subject: [PATCH 235/494] docs: fix notes about AKS machine types to use --- docs/topic/infrastructure/cluster-design.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/topic/infrastructure/cluster-design.md b/docs/topic/infrastructure/cluster-design.md index 39f77ccc72..089cc63c5f 100644 --- a/docs/topic/infrastructure/cluster-design.md +++ b/docs/topic/infrastructure/cluster-design.md @@ -122,9 +122,9 @@ The three machine types based on the cloud provider are the following: - r5.4xlarge - r5.16xlarge - [AKS](https://learn.microsoft.com/en-us/azure/virtual-machines/eav4-easv4-series) - - Standard_E4a_v4 - - Standard_E16_v4 - - Standard_E64_v4 + - Standard_E4s_v5 + - Standard_E16s_v5 + - Standard_E64s_v5 ## Network Policy From 8563929fb45c6b5ad694898a294ffff39303b4f9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 16:37:25 +0100 Subject: [PATCH 236/494] Add docstring to terraform/azure/proxycommand.py --- terraform/azure/proxycommand.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/terraform/azure/proxycommand.py b/terraform/azure/proxycommand.py index 4d2b11ca37..a4cea7175b 100755 --- a/terraform/azure/proxycommand.py +++ b/terraform/azure/proxycommand.py @@ -1,4 +1,11 @@ #!/usr/bin/env python3 +""" +This script can be used to migrate Azure Files storage from one cluster to +another. + +Learn more at https://infrastructure.2i2c.org/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters/#azure-files. +""" + import subprocess import sys import time From 0ee4273ad9d63f4de4add595740fd20de2a6810c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 16:38:02 +0100 Subject: [PATCH 237/494] terraform, utoronto: reorganize for readability and add fixme notes --- terraform/azure/projects/utoronto.tfvars | 25 +++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index 2e360a0dcd..cd60187005 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -1,23 +1,26 @@ -tenant_id = "78aac226-2f03-4b4d-9037-b46d56c55210" -subscription_id = "ead3521a-d994-4a44-a68d-b16e35642d5b" -resourcegroup_name = "2i2c-utoronto-cluster" - - -kubernetes_version = "1.26.3" +tenant_id = "78aac226-2f03-4b4d-9037-b46d56c55210" +subscription_id = "ead3521a-d994-4a44-a68d-b16e35642d5b" +resourcegroup_name = "2i2c-utoronto-cluster" +global_container_registry_name = "2i2cutorontohubregistry" +global_storage_account_name = "2i2cutorontohubstorage" +location = "canadacentral" storage_size = 8192 +ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQJ4h39UYNi1wybxAH+jCFkNK2aqRcuhDkQSMx0Hak5xkbt3KnT3cOwAgUP1Vt/SjhltSTuxpOHxiAKCRnjwRk60SxKhUNzPHih2nkfYTmBBjmLfdepDPSke/E0VWvTDIEXz/L8vW8aI0QGPXnXyqzEDO9+U1buheBlxB0diFAD3vEp2SqBOw+z7UgrGxXPdP+2b3AV+X6sOtd6uSzpV8Qvdh+QAkd4r7h9JrkFvkrUzNFAGMjlTb0Lz7qAlo4ynjEwzVN2I1i7cVDKgsGz9ZG/8yZfXXx+INr9jYtYogNZ63ajKR/dfjNPovydhuz5zQvQyxpokJNsTqt1CiWEUNj georgiana@georgiana" -ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQJ4h39UYNi1wybxAH+jCFkNK2aqRcuhDkQSMx0Hak5xkbt3KnT3cOwAgUP1Vt/SjhltSTuxpOHxiAKCRnjwRk60SxKhUNzPHih2nkfYTmBBjmLfdepDPSke/E0VWvTDIEXz/L8vW8aI0QGPXnXyqzEDO9+U1buheBlxB0diFAD3vEp2SqBOw+z7UgrGxXPdP+2b3AV+X6sOtd6uSzpV8Qvdh+QAkd4r7h9JrkFvkrUzNFAGMjlTb0Lz7qAlo4ynjEwzVN2I1i7cVDKgsGz9ZG/8yZfXXx+INr9jYtYogNZ63ajKR/dfjNPovydhuz5zQvQyxpokJNsTqt1CiWEUNj georgiana@georgiana" - -global_container_registry_name = "2i2cutorontohubregistry" -global_storage_account_name = "2i2cutorontohubstorage" +# FIXME: upgrade to 1.27.7, and then 1.28.3, based on the latest versions +# available via: az aks get-versions --location westus2 -o table +# +kubernetes_version = "1.26.3" -location = "canadacentral" +# FIXME: upgrade core_node_vm_size to Standard_E4s_v5 core_node_vm_size = "Standard_E4s_v3" + notebook_nodes = { "default" : { min : 1, max : 100, + # FIXME: upgrade user nodes vm_size to Standard_E8s_v5 vm_size : "Standard_E8s_v3", } } From f008c7c8cb876426f5374c418303a4b50a529f8f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 17:52:18 +0100 Subject: [PATCH 238/494] terraform, utoronto: align files with current state --- terraform/azure/projects/utoronto.tfvars | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index cd60187005..dacffb9cd6 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -18,8 +18,8 @@ core_node_vm_size = "Standard_E4s_v3" notebook_nodes = { "default" : { - min : 1, - max : 100, + min : 0, + max : 86, # FIXME: upgrade user nodes vm_size to Standard_E8s_v5 vm_size : "Standard_E8s_v3", } From dc54258bbe78264a2db3752dd49bdc37e8f473b6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 17:53:40 +0100 Subject: [PATCH 239/494] terraform, azure: complete earlier cleanup by hardcoding NFS over SMB --- terraform/azure/storage.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf index cd2d0eedaf..335fca2ae0 100644 --- a/terraform/azure/storage.tf +++ b/terraform/azure/storage.tf @@ -23,7 +23,7 @@ resource "azurerm_storage_share" "homes" { name = "homes" storage_account_name = azurerm_storage_account.homes.name quota = var.storage_size - enabled_protocol = var.storage_protocol + enabled_protocol = "NFS" lifecycle { # Additional safeguard against deleting the share # as this causes irreversible data loss! From 593ed03d8c75ec93a8101025a0e97f4e397d5681 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 17:55:43 +0100 Subject: [PATCH 240/494] terraform, azure: stop declaring core node pool node count --- terraform/azure/main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf index 8ada0eb218..d21147e71f 100644 --- a/terraform/azure/main.tf +++ b/terraform/azure/main.tf @@ -92,9 +92,8 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { # Core node-pool default_node_pool { - name = "core" - node_count = 1 # Unfortunately, changing anything about VM type / size recreates *whole cluster + name = "core" vm_size = var.core_node_vm_size os_disk_size_gb = 40 enable_auto_scaling = true From ce6084a8f45e4b20a2dc0f753c75abd204a123d7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 17:56:35 +0100 Subject: [PATCH 241/494] terraform, azure: fix capitalization --- terraform/azure/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf index d21147e71f..b002bd005f 100644 --- a/terraform/azure/main.tf +++ b/terraform/azure/main.tf @@ -196,7 +196,7 @@ resource "azurerm_container_registry" "container_registry" { name = var.global_container_registry_name resource_group_name = azurerm_resource_group.jupyterhub.name location = azurerm_resource_group.jupyterhub.location - sku = "premium" + sku = "Premium" admin_enabled = true } From 2898b4396a4ce08ed78323a7e8a32e5a941b7560 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 18:32:29 +0100 Subject: [PATCH 242/494] terraform, azure: bump lower bound on some providers --- terraform/azure/main.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf index b002bd005f..ce605763ac 100644 --- a/terraform/azure/main.tf +++ b/terraform/azure/main.tf @@ -8,6 +8,9 @@ terraform { # FIXME: v3 has been released and we are still at v2, see release notes: # https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.0.0 # + # We may need to remove old state and then then import it according to + # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/3.0-upgrade-guide#migrating-to-new--renamed-resources. + # source = "hashicorp/azurerm" version = "~> 2.99" } @@ -15,13 +18,13 @@ terraform { azuread = { # ref: https://registry.terraform.io/providers/hashicorp/azuread/latest source = "hashicorp/azuread" - version = "~> 2.35" + version = "~> 2.47" } kubernetes = { # ref: https://registry.terraform.io/providers/hashicorp/kubernetes/latest source = "hashicorp/kubernetes" - version = "~> 2.18" + version = "~> 2.25" } } From a6436985a7720f82e671f90ad98d6693ad3e7a63 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 18:32:52 +0100 Subject: [PATCH 243/494] terraform, azure: cleanup unused azure-file k8s namespace --- terraform/azure/storage.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf index 335fca2ae0..7f6b43cedb 100644 --- a/terraform/azure/storage.tf +++ b/terraform/azure/storage.tf @@ -34,9 +34,3 @@ resource "azurerm_storage_share" "homes" { output "azure_fileshare_url" { value = azurerm_storage_share.homes.url } - -resource "kubernetes_namespace" "homes" { - metadata { - name = "azure-file" - } -} From c8bb78dbf29fea7d017d86119d45000a38d42c31 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 19:14:06 +0100 Subject: [PATCH 244/494] terraform, utoronto: add comment about min-max nodes --- terraform/azure/projects/utoronto.tfvars | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index dacffb9cd6..eaf3d01c87 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -18,6 +18,8 @@ core_node_vm_size = "Standard_E4s_v3" notebook_nodes = { "default" : { + # NOTE: min-max below was set to 0-86 retroactively to align with + # observed state without understanding on why 0-86 was picked. min : 0, max : 86, # FIXME: upgrade user nodes vm_size to Standard_E8s_v5 From d9edf6b4472bd4549c2deed328ef346eb7289bb9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 5 Jan 2024 19:16:34 +0100 Subject: [PATCH 245/494] terraform, azure: add note on handling a 403 when using terraform --- terraform/azure/storage.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/azure/storage.tf b/terraform/azure/storage.tf index 7f6b43cedb..2fc97b7ea9 100644 --- a/terraform/azure/storage.tf +++ b/terraform/azure/storage.tf @@ -12,6 +12,12 @@ resource "azurerm_storage_account" "homes" { network_rules { # Allow NFS access only from our nodes, deny access from all other networks + # + # Use of terraform plan or apply can run into issues due to this, but they + # can be handled by temporarily adding your public IP to a firewall + # exception like described in + # https://github.com/2i2c-org/infrastructure/issues/890#issuecomment-1879072422. + # default_action = "Deny" virtual_network_subnet_ids = [ azurerm_subnet.node_subnet.id From 0197528720ddc617699b48ac8b79b1c3ed62a17c Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 5 Jan 2024 14:27:03 -0800 Subject: [PATCH 246/494] Add new environment to UBC profile list Fixes https://2i2c.freshdesk.com/a/tickets/1219 --- config/clusters/ubc-eoas/common.values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/clusters/ubc-eoas/common.values.yaml b/config/clusters/ubc-eoas/common.values.yaml index 35509ee124..a510052347 100644 --- a/config/clusters/ubc-eoas/common.values.yaml +++ b/config/clusters/ubc-eoas/common.values.yaml @@ -91,6 +91,12 @@ jupyterhub: # Using 'latest' for now so updates do not require 2i2c # involvement. image: quay.io/henrykmodzelewski/2i2c-eosc350:latest + - display_name: EOSC454 + description: "For class EOSC454, provides upto 1 CPU and ~4G RAM" + kubespawner_override: + # Using 'latest' for now so updates do not require 2i2c + # involvement. + image: quay.io/henrykmodzelewski/2i2c-eosc454:latest scheduling: userScheduler: enabled: true From 20b189e6798b3f0f6667156a7daff0f15184b1dd Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 5 Jan 2024 14:50:10 -0800 Subject: [PATCH 247/494] openscapes: Make shared foldread readwrite only for admins Based on https://2i2c.freshdesk.com/a/tickets/1121 --- config/clusters/openscapes/common.values.yaml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index a79e0f4123..745f6c87dd 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -35,21 +35,6 @@ basehub: singleuser: serviceAccountName: cloud-user-sa defaultUrl: /lab - storage: - extraVolumeMounts: - # Copy paste from basehub/values.yaml because we want - # `shared` to be readwrite for *everyone* - - name: home - mountPath: /home/jovyan/shared - subPath: _shared - readOnly: false - - name: home - mountPath: /home/rstudio/shared - subPath: _shared - readOnly: false - - name: home - mountPath: /home/rstudio - subPath: "{username}" scheduling: userScheduler: enabled: true From 23bd011337cc6432178eac1b06ae289ab497f139 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 5 Jan 2024 17:03:05 -0800 Subject: [PATCH 248/494] Promote UToronto staging images to prod Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/default-common.values.yaml | 2 +- config/clusters/utoronto/default-staging.values.yaml | 3 --- config/clusters/utoronto/r-common.values.yaml | 2 +- config/clusters/utoronto/r-staging.values.yaml | 3 --- 4 files changed, 2 insertions(+), 8 deletions(-) diff --git a/config/clusters/utoronto/default-common.values.yaml b/config/clusters/utoronto/default-common.values.yaml index d6824dcc8e..9d8866521e 100644 --- a/config/clusters/utoronto/default-common.values.yaml +++ b/config/clusters/utoronto/default-common.values.yaml @@ -2,7 +2,7 @@ jupyterhub: singleuser: image: name: quay.io/2i2c/utoronto-image - tag: "736072886c54" + tag: "14320bae73a0" hub: config: Authenticator: diff --git a/config/clusters/utoronto/default-staging.values.yaml b/config/clusters/utoronto/default-staging.values.yaml index 9c6466b20a..4f4d03f523 100644 --- a/config/clusters/utoronto/default-staging.values.yaml +++ b/config/clusters/utoronto/default-staging.values.yaml @@ -7,9 +7,6 @@ jupyterhub: custom: homepage: gitRepoBranch: "utoronto-staging" - singleuser: - image: - tag: "14320bae73a0" hub: config: CILogonOAuthenticator: diff --git a/config/clusters/utoronto/r-common.values.yaml b/config/clusters/utoronto/r-common.values.yaml index c6520d21d7..74de7001a8 100644 --- a/config/clusters/utoronto/r-common.values.yaml +++ b/config/clusters/utoronto/r-common.values.yaml @@ -14,4 +14,4 @@ jupyterhub: defaultUrl: /rstudio image: name: quay.io/2i2c/utoronto-r-image - tag: "60ec7c973a69" + tag: "b0f448387134" diff --git a/config/clusters/utoronto/r-staging.values.yaml b/config/clusters/utoronto/r-staging.values.yaml index 4f75493ada..97c3b40832 100644 --- a/config/clusters/utoronto/r-staging.values.yaml +++ b/config/clusters/utoronto/r-staging.values.yaml @@ -4,9 +4,6 @@ jupyterhub: tls: - hosts: [r-staging.datatools.utoronto.ca] secretName: https-auto-tls - singleuser: - image: - tag: "b0f448387134" hub: db: pvc: From 9eb4d85d97469e4186f541110ee56bd3ff75209a Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 5 Jan 2024 17:13:37 -0800 Subject: [PATCH 249/494] Redirect all UToronto home pages to unified homepage UToronto will have a new URL (to be determined...) that they will manage, and will act as the 'unified' home page. In https://2i2c.freshdesk.com/a/tickets/952 they have asked us to redirect anyone landing just on the home page of the hubs to this new URL. I've setup the [utoronto branch](https://github.com/2i2c-org/default-hub-homepage/tree/utoronto) of the home pages repo to redirect to the new URL. This just deploys that change. The new URL hasn't been provided to us yet, so the utoronto branch in the default-hub-homepage repo will need to be updated once that URL is present. Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/common.values.yaml | 25 +++---------------- .../utoronto/default-staging.values.yaml | 6 ----- 2 files changed, 4 insertions(+), 27 deletions(-) diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index 1486bcf40c..95f7ecb0a5 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -20,8 +20,11 @@ jupyterhub: enabled: true custom: homepage: + # Everyone hitting the home page directly is redirected to + # https://datatools.utoronto.ca as the unified home page. The various parameters + # here under templateVars are no-op - UToronto manages the unified homepage themselves. + gitRepoBranch: "utoronto" templateVars: - interface_selector: true org: name: University of Toronto logo_url: https://raw.githubusercontent.com/2i2c-org/default-hub-homepage/utoronto-prod/extra-assets/images/home-hero.png @@ -35,26 +38,6 @@ jupyterhub: funded_by: name: University of Toronto url: https://www.utoronto.ca/ - announcements: - - | -

-

ARC will be making changes to our educational JupyterHub on January 9, 2023

- -

R/RStudio will be moved off jupyter.utoronto.ca. R/RStudio will - continue to be available through r.datatools.utoronto.ca – a - separate RStudio hub. To make access to JupyterHub easier than ever, we will also consolidate the landing - pages for our Jupyter Notebook and RStudio hubs into a single launch page: - datatools.utoronto.ca.

- -

For more information, please read our announcement.

-
- - | -
-

* NEW * Jupyter Support Website

- - We have started a JupyterHub support website with documentation and tip sheets, and we will be adding more on an - ongoing basis. To reach the support site, please visit: https://act.utoronto.ca/jupyterhub-support/. -
singleuser: cpu: # Each node has about 8 CPUs total, and if we limit users to no more than diff --git a/config/clusters/utoronto/default-staging.values.yaml b/config/clusters/utoronto/default-staging.values.yaml index 9c6466b20a..cd2eb0f0a0 100644 --- a/config/clusters/utoronto/default-staging.values.yaml +++ b/config/clusters/utoronto/default-staging.values.yaml @@ -4,12 +4,6 @@ jupyterhub: tls: - hosts: [staging.utoronto.2i2c.cloud] secretName: https-auto-tls - custom: - homepage: - gitRepoBranch: "utoronto-staging" - singleuser: - image: - tag: "14320bae73a0" hub: config: CILogonOAuthenticator: From e119014f6951e8b78213d1b2dae0fa56485f0884 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 5 Jan 2024 18:38:15 -0800 Subject: [PATCH 250/494] Round CPU display numbers in resource allocation list Brings it down to one digit after decimal, rather than 2. Ref https://github.com/2i2c-org/infrastructure/issues/3584 --- config/clusters/nasa-esdis/common.values.yaml | 14 +++++++------- config/clusters/nasa-veda/common.values.yaml | 14 +++++++------- config/clusters/openscapes/prod.values.yaml | 14 +++++++------- config/clusters/openscapes/staging.values.yaml | 14 +++++++------- .../resource_allocation/generate_choices.py | 10 ++++++++-- 5 files changed, 36 insertions(+), 30 deletions(-) diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index 168170c753..5c813840fc 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -55,7 +55,7 @@ jupyterhub: display_name: Resource Allocation choices: mem_1_9: - display_name: 1.9 GB RAM, upto 3.75 CPUs + display_name: 1.9 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 1992701952 mem_limit: 1992701952 @@ -65,7 +65,7 @@ jupyterhub: node.kubernetes.io/instance-type: r5.xlarge default: true mem_3_7: - display_name: 3.7 GB RAM, upto 3.75 CPUs + display_name: 3.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 3985403904 mem_limit: 3985403904 @@ -74,7 +74,7 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_7_4: - display_name: 7.4 GB RAM, upto 3.75 CPUs + display_name: 7.4 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 7970807808 mem_limit: 7970807808 @@ -83,7 +83,7 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_14_8: - display_name: 14.8 GB RAM, upto 3.75 CPUs + display_name: 14.8 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 15941615616 mem_limit: 15941615616 @@ -92,7 +92,7 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_29_7: - display_name: 29.7 GB RAM, upto 3.75 CPUs + display_name: 29.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 31883231232 mem_limit: 31883231232 @@ -101,7 +101,7 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_60_6: - display_name: 60.6 GB RAM, upto 15.72 CPUs + display_name: 60.6 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 65094813696 mem_limit: 65094813696 @@ -110,7 +110,7 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.4xlarge mem_121_2: - display_name: 121.2 GB RAM, upto 15.72 CPUs + display_name: 121.2 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 130189627392 mem_limit: 130189627392 diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index cf4f243b4f..3e9d7e7ae6 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -106,7 +106,7 @@ basehub: display_name: Resource Allocation choices: mem_1_9: - display_name: 1.9 GB RAM, upto 3.75 CPUs + display_name: 1.9 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 1991341312 mem_limit: 1991341312 @@ -116,7 +116,7 @@ basehub: node.kubernetes.io/instance-type: r5.xlarge default: true mem_3_7: - display_name: 3.7 GB RAM, upto 3.75 CPUs + display_name: 3.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 3982682624 mem_limit: 3982682624 @@ -125,7 +125,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_7_4: - display_name: 7.4 GB RAM, upto 3.75 CPUs + display_name: 7.4 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 7965365248 mem_limit: 7965365248 @@ -134,7 +134,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_14_8: - display_name: 14.8 GB RAM, upto 3.75 CPUs + display_name: 14.8 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 15930730496 mem_limit: 15930730496 @@ -143,7 +143,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_29_7: - display_name: 29.7 GB RAM, upto 3.75 CPUs + display_name: 29.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 31861460992 mem_limit: 31861460992 @@ -152,7 +152,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_60_6: - display_name: 60.6 GB RAM, upto 15.72 CPUs + display_name: 60.6 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 65094813696 mem_limit: 65094813696 @@ -161,7 +161,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.4xlarge mem_121_2: - display_name: 121.2 GB RAM, upto 15.72 CPUs + display_name: 121.2 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 130189627392 mem_limit: 130189627392 diff --git a/config/clusters/openscapes/prod.values.yaml b/config/clusters/openscapes/prod.values.yaml index 8b67662b21..c3fc16cd34 100644 --- a/config/clusters/openscapes/prod.values.yaml +++ b/config/clusters/openscapes/prod.values.yaml @@ -22,7 +22,7 @@ basehub: display_name: Resource Allocation choices: mem_1_9: - display_name: 1.9 GB RAM, upto 3.75 CPUs + display_name: 1.9 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 1992701952 mem_limit: 1992701952 @@ -32,7 +32,7 @@ basehub: node.kubernetes.io/instance-type: r5.xlarge default: true mem_3_7: - display_name: 3.7 GB RAM, upto 3.75 CPUs + display_name: 3.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 3985403904 mem_limit: 3985403904 @@ -41,7 +41,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_7_4: - display_name: 7.4 GB RAM, upto 3.75 CPUs + display_name: 7.4 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 7970807808 mem_limit: 7970807808 @@ -50,7 +50,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_14_8: - display_name: 14.8 GB RAM, upto 3.75 CPUs + display_name: 14.8 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 15941615616 mem_limit: 15941615616 @@ -59,7 +59,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_29_7: - display_name: 29.7 GB RAM, upto 3.75 CPUs + display_name: 29.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 31883231232 mem_limit: 31883231232 @@ -68,7 +68,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_60_6: - display_name: 60.6 GB RAM, upto 15.72 CPUs + display_name: 60.6 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 65094813696 mem_limit: 65094813696 @@ -77,7 +77,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.4xlarge mem_121_2: - display_name: 121.2 GB RAM, upto 15.72 CPUs + display_name: 121.2 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 130189627392 mem_limit: 130189627392 diff --git a/config/clusters/openscapes/staging.values.yaml b/config/clusters/openscapes/staging.values.yaml index 9a75e2a263..464e79bf4e 100644 --- a/config/clusters/openscapes/staging.values.yaml +++ b/config/clusters/openscapes/staging.values.yaml @@ -35,7 +35,7 @@ basehub: display_name: Resource Allocation choices: mem_1_9: - display_name: 1.9 GB RAM, upto 3.75 CPUs + display_name: 1.9 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 1992701952 mem_limit: 1992701952 @@ -45,7 +45,7 @@ basehub: node.kubernetes.io/instance-type: r5.xlarge default: true mem_3_7: - display_name: 3.7 GB RAM, upto 3.75 CPUs + display_name: 3.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 3985403904 mem_limit: 3985403904 @@ -54,7 +54,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_7_4: - display_name: 7.4 GB RAM, upto 3.75 CPUs + display_name: 7.4 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 7970807808 mem_limit: 7970807808 @@ -63,7 +63,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_14_8: - display_name: 14.8 GB RAM, upto 3.75 CPUs + display_name: 14.8 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 15941615616 mem_limit: 15941615616 @@ -72,7 +72,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_29_7: - display_name: 29.7 GB RAM, upto 3.75 CPUs + display_name: 29.7 GB RAM, upto 3.7 CPUs kubespawner_override: mem_guarantee: 31883231232 mem_limit: 31883231232 @@ -81,7 +81,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.xlarge mem_60_6: - display_name: 60.6 GB RAM, upto 15.72 CPUs + display_name: 60.6 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 65094813696 mem_limit: 65094813696 @@ -90,7 +90,7 @@ basehub: node_selector: node.kubernetes.io/instance-type: r5.4xlarge mem_121_2: - display_name: 121.2 GB RAM, upto 15.72 CPUs + display_name: 121.2 GB RAM, upto 15.7 CPUs kubespawner_override: mem_guarantee: 130189627392 mem_limit: 130189627392 diff --git a/deployer/commands/generate/resource_allocation/generate_choices.py b/deployer/commands/generate/resource_allocation/generate_choices.py index 08ae9f5191..ddc4eee541 100644 --- a/deployer/commands/generate/resource_allocation/generate_choices.py +++ b/deployer/commands/generate/resource_allocation/generate_choices.py @@ -1,4 +1,5 @@ import json +import math import sys from enum import Enum from pathlib import Path @@ -52,6 +53,11 @@ def proportional_memory_strategy( available_node_mem = nodeinfo["available"]["memory"] available_node_cpu = nodeinfo["available"]["cpu"] + # Only show one digit after . for CPU, but round *down* not up so we never + # say they are getting more CPU than our limit is set to. We multiply & divide + # with a floor, as otherwise 3.75 gets rounded to 3.8, not 3.7 + cpu_display = math.floor(available_node_cpu * 10) / 10 + # We always start from the top, and provide a choice that takes up the whole node. mem_limit = available_node_mem @@ -61,9 +67,9 @@ def proportional_memory_strategy( # This makes sure we utilize all the memory on a node all the time. cpu_guarantee = (mem_limit / available_node_mem) * available_node_cpu - # Memory is in bytes, let's convert it to GB to display + # Memory is in bytes, let's convert it to GB (with only 1 digit after .) to display mem_display = f"{mem_limit / 1024 / 1024 / 1024:.1f}" - display_name = f"{mem_display} GB RAM, upto {available_node_cpu} CPUs" + display_name = f"{mem_display} GB RAM, upto {cpu_display} CPUs" choice = { "display_name": display_name, From 328422a64ea95e09de642bb282bab6c0a419069b Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 8 Jan 2024 13:27:21 +0200 Subject: [PATCH 251/494] Add a project board field update workflow --- .github/workflows/project-board-update.yml | 46 ++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/project-board-update.yml diff --git a/.github/workflows/project-board-update.yml b/.github/workflows/project-board-update.yml new file mode 100644 index 0000000000..3413528d7f --- /dev/null +++ b/.github/workflows/project-board-update.yml @@ -0,0 +1,46 @@ +name: Set project board status fields +on: + issues: + types: + - labeled + +jobs: + update-project-board-fields: + if: github.event.label.name == 'support' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Parse the ticket tracker issue template form + uses: stefanbuck/github-issue-praser@v3 + id: issue-parser + with: + template-path: .github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml + - name: Get ticket impact from the form + shell: python + id: get-ticket-impact + run: | + import os + + form = ${{ steps.issue-parser.outputs.jsonString }} + impact = form.get("ticket_impact") + # Export the `pending_info` string to GITHUB_OUTPUT to be used in following steps + with open(os.environ["GITHUB_OUTPUT"], "a") as f : + print(f"impact={impact}", file=f) + - name: Update the "Impact" field with info from the issue form + uses: EndBug/project-fields@v2 + id: fields + with: + operation: set + fields: Impact + github_token: ${{ secrets.PROJECT_BOARD_PAT_TOKEN }} + project_url: https://github.com/orgs/2i2c-org/projects/22 + values: "${{ steps.get-ticket-impact.outputs.impact }}" + - name: Update the "Type" field to "Support" + uses: EndBug/project-fields@v2 + id: fields + with: + operation: set + fields: Type + github_token: ${{ secrets.PROJECT_BOARD_PAT_TOKEN }} + project_url: https://github.com/orgs/2i2c-org/projects/22 + values: "Support" From 973c30bc2ae14d3e27bc055887114e81e76ddb5c Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 8 Jan 2024 13:29:57 +0200 Subject: [PATCH 252/494] Rephrase for clarity --- .github/workflows/project-board-update.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/project-board-update.yml b/.github/workflows/project-board-update.yml index 3413528d7f..b83f8d363b 100644 --- a/.github/workflows/project-board-update.yml +++ b/.github/workflows/project-board-update.yml @@ -26,7 +26,7 @@ jobs: # Export the `pending_info` string to GITHUB_OUTPUT to be used in following steps with open(os.environ["GITHUB_OUTPUT"], "a") as f : print(f"impact={impact}", file=f) - - name: Update the "Impact" field with info from the issue form + - name: Set the "Impact" project board field uses: EndBug/project-fields@v2 id: fields with: @@ -35,7 +35,7 @@ jobs: github_token: ${{ secrets.PROJECT_BOARD_PAT_TOKEN }} project_url: https://github.com/orgs/2i2c-org/projects/22 values: "${{ steps.get-ticket-impact.outputs.impact }}" - - name: Update the "Type" field to "Support" + - name: Set "Type" field of the project board to "Support" uses: EndBug/project-fields@v2 id: fields with: From 28c63a11eee55ff5bf5640ced8c7454511987ae0 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 8 Jan 2024 13:30:45 +0200 Subject: [PATCH 253/494] Update outdated comment --- .github/workflows/project-board-update.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/project-board-update.yml b/.github/workflows/project-board-update.yml index b83f8d363b..e4b3c24952 100644 --- a/.github/workflows/project-board-update.yml +++ b/.github/workflows/project-board-update.yml @@ -20,10 +20,9 @@ jobs: id: get-ticket-impact run: | import os - form = ${{ steps.issue-parser.outputs.jsonString }} impact = form.get("ticket_impact") - # Export the `pending_info` string to GITHUB_OUTPUT to be used in following steps + # Export the `impact` string to GITHUB_OUTPUT to be used in following steps with open(os.environ["GITHUB_OUTPUT"], "a") as f : print(f"impact={impact}", file=f) - name: Set the "Impact" project board field From bc11e46c1f3792cadde7e5aca5cdd920b283feb4 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 8 Jan 2024 13:43:22 +0200 Subject: [PATCH 254/494] Update fields --- .github/workflows/project-board-update.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/project-board-update.yml b/.github/workflows/project-board-update.yml index e4b3c24952..aad29f14f1 100644 --- a/.github/workflows/project-board-update.yml +++ b/.github/workflows/project-board-update.yml @@ -1,5 +1,5 @@ name: Set project board status fields -on: +on: issues: types: - labeled @@ -27,7 +27,7 @@ jobs: print(f"impact={impact}", file=f) - name: Set the "Impact" project board field uses: EndBug/project-fields@v2 - id: fields + id: impact-field with: operation: set fields: Impact @@ -36,7 +36,7 @@ jobs: values: "${{ steps.get-ticket-impact.outputs.impact }}" - name: Set "Type" field of the project board to "Support" uses: EndBug/project-fields@v2 - id: fields + id: type-field with: operation: set fields: Type From 0501fe1a17ddb38cc7d123cc0e75cd3a6c3791c4 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 8 Jan 2024 10:20:59 -0800 Subject: [PATCH 255/494] Re-add singleuser image tag Should be removed as part of https://github.com/2i2c-org/infrastructure/pull/3582 instead --- config/clusters/utoronto/default-staging.values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/clusters/utoronto/default-staging.values.yaml b/config/clusters/utoronto/default-staging.values.yaml index cd2eb0f0a0..97a9dbb105 100644 --- a/config/clusters/utoronto/default-staging.values.yaml +++ b/config/clusters/utoronto/default-staging.values.yaml @@ -4,6 +4,9 @@ jupyterhub: tls: - hosts: [staging.utoronto.2i2c.cloud] secretName: https-auto-tls + singleuser: + image: + tag: "14320bae73a0" hub: config: CILogonOAuthenticator: From f76de913f919ae34db9a7844ddb11452fa84b669 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 8 Jan 2024 14:11:50 -0800 Subject: [PATCH 256/494] Fix crashing docker daemon in binderhub-staging Ref https://github.com/2i2c-org/infrastructure/issues/3588 --- config/clusters/2i2c/binder-staging.values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/config/clusters/2i2c/binder-staging.values.yaml b/config/clusters/2i2c/binder-staging.values.yaml index 5927be3c88..9546d4ace7 100644 --- a/config/clusters/2i2c/binder-staging.values.yaml +++ b/config/clusters/2i2c/binder-staging.values.yaml @@ -8,6 +8,18 @@ binderhub: - binder-staging.2i2c.cloud registry: url: https://us-central1-docker.pkg.dev + + dind: + daemonset: + image: + name: docker.io/library/docker + # Temporarily pinned, until https://github.com/2i2c-org/infrastructure/issues/3588 is fixed + tag: "24.0.6-dind" + # We may have multiple dind docker daemons in the same node, and they all need to be + # using different paths for storing their socket & lib directories. Otherwise, they + # will race and crash. + hostSocketDir: /var/run/dind/binderhub-staging + hostLibDir: /var/lib/dind/binderhub-staging config: DockerRegistry: token_url: https://us-central1-docker.pkg.dev/v2/token?service= From 7995fc7a88c5fdc0216faf130613806155ca003e Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Mon, 8 Jan 2024 21:50:21 -0300 Subject: [PATCH 257/494] docs: fix make live command and some warnings --- docs/Makefile | 2 +- docs/conf.py | 1 + docs/howto/prepare-for-events/exam.md | 2 +- .../hubs/other-hub-ops/move-hubs/across-clusters.md | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/Makefile b/docs/Makefile index 3eb714e153..1f60f31263 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -15,7 +15,7 @@ help: .PHONY: help Makefile live: - sphinx-autobuild --ignore */_build/* --ignore */tmp/* -b html -n . _build/html + sphinx-autobuild --ignore */_build/* --ignore */tmp/* --ignore */_static/hub-*.json -b dirhtml -n . _build/dirhtml # Catch-all target: route all unknown targets to Sphinx using the new # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). diff --git a/docs/conf.py b/docs/conf.py index c6fb4840e6..0b5b2e4a1f 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -44,6 +44,7 @@ # -- Options for MyST ------------------------------------------------- panels_add_bootstrap_css = False +myst_footnote_transition = False myst_enable_extensions = [ "colon_fence", "deflist", diff --git a/docs/howto/prepare-for-events/exam.md b/docs/howto/prepare-for-events/exam.md index 7443971a39..45b9c49d56 100644 --- a/docs/howto/prepare-for-events/exam.md +++ b/docs/howto/prepare-for-events/exam.md @@ -39,7 +39,7 @@ This page documents what we do to prep, based on our prior experiences. If the hub has a profile list enabled, based on the instance types setup for the hub, you can find the new allocation options by running: - ```{bash} + ```bash deployer generate resource-allocation choices ``` diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md index d8bb00f782..d538d935f9 100644 --- a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md @@ -5,7 +5,7 @@ to ensure data is preserved. ## 1. Setup a new hub -Setup [a new hub](../../../topic/infrastructure/config.md) in the target cluster, mimicking +Setup [a new hub](config) in the target cluster, mimicking the config of the old hub as much as possible. (copy-home-dirs)= From aa100664aae8957d482e77a28523f736587aee4e Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Tue, 9 Jan 2024 01:24:54 -0300 Subject: [PATCH 258/494] docs: fix intersphinx links --- docs/contributing/code-review.md | 2 +- docs/topic/access-creds/secrets.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/contributing/code-review.md b/docs/contributing/code-review.md index f72ebb6a35..924af810b8 100644 --- a/docs/contributing/code-review.md +++ b/docs/contributing/code-review.md @@ -3,7 +3,7 @@ Much of our active infrastructure is configured and automatically updated via CI/CD pipelines. This means that changes in this repository often immediately impact the infrastructure that we run. -As such, we follow team policies for review/merge that are more specific [than our general development merge policies](tc:development:merge-policy). +As such, we follow team policies for review/merge that are more specific [than our general development merge policies](inv:tc#development:merge-policy). This document codifies our guidelines for doing code review and merging pull requests on active infrastructure (ie, anything in the `infrastructure/` codebase). diff --git a/docs/topic/access-creds/secrets.md b/docs/topic/access-creds/secrets.md index ac9044987a..73115e2ca7 100644 --- a/docs/topic/access-creds/secrets.md +++ b/docs/topic/access-creds/secrets.md @@ -50,7 +50,7 @@ For example, if a service we use has become compromised, and we need to generate To rotate our secrets, take these steps: 1. Determine which configuration file you'd like to update. See [](secrets:locations). -2. Unencrypt the configuration file. See [the team compass documentation](tc:secrets:sops) for instructions on unencrypting. +2. Unencrypt the configuration file. See [the team compass documentation](inv:tc#secrets:sops) for instructions on unencrypting. 3. Generate a new key with `openssl`: ``` From df4ff83b30c8348c63f5f7480a3da63b0da58c20 Mon Sep 17 00:00:00 2001 From: Angus Hollands Date: Tue, 9 Jan 2024 13:47:11 +0000 Subject: [PATCH 259/494] Add some new hires (Harold, Angus) to Helm chart. --- helm-charts/basehub/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index 665b2a12cf..c3b1afb50f 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -88,23 +88,27 @@ jupyterhub: add_staff_user_ids_to_admin_users: false add_staff_user_ids_of_type: "" staff_github_ids: + - agoose77 - AIDEA775 - choldgraf - colliand - consideRatio - damianavila - GeorgianaElena + - haroldcampbell - jmunroe - jnywong - sgibson91 - yuvipanda staff_google_ids: + - ahollands@2i2c.org - asilva@2i2c.org - choldgraf@2i2c.org - colliand@2i2c.org - damianavila@2i2c.org - erik@2i2c.org - georgianaelena@2i2c.org + - hcampbell@2i2c.org - jmunroe@2i2c.org - jwong@2i2c.org - sgibson@2i2c.org From 5cde2405b7818c71e5470fb2bc7b65ef9a46eb89 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Tue, 9 Jan 2024 13:24:24 -0300 Subject: [PATCH 260/494] docs: how to deploy with external aws account --- .../new-cluster/external-account.md | 25 +++++++++++++++++++ .../hub-deployment-guide/new-cluster/index.md | 1 + 2 files changed, 26 insertions(+) create mode 100644 docs/hub-deployment-guide/new-cluster/external-account.md diff --git a/docs/hub-deployment-guide/new-cluster/external-account.md b/docs/hub-deployment-guide/new-cluster/external-account.md new file mode 100644 index 0000000000..29adde23ff --- /dev/null +++ b/docs/hub-deployment-guide/new-cluster/external-account.md @@ -0,0 +1,25 @@ +# AWS with external account + +In some cases, the organization has its own AWS account and is provided it to us to deploy the cluster. +This method is far simpler as we don't have to handle cloud billing, since it is handled by the organization. + +There are some steps to do before the deploy: + +1. Instruct the external organization to create one AWS IAM account with full permissions. + Since we will have one account per engineer, + this should be for a specific engineer who is responsible for setting up the hub. + +1. The organization sends the credentials for this account to `support@2i2c.org`, + [encrypted using age encryption method](inv:dc#support:encrypt). + +1. The engineer accesses this information and [decrypts it using the provided instructions](/sre-guide/support/decrypt-age). + +1. This engineer can use the IAM service in the AWS Console to create accounts for each engineer + and then sends the credentials to each engineer, for example, through Slack. + + ```{tip} + Create a **User group** with admin permissions. + ``` + +1. Continue with the cluster setup as usual (following [new cluster on AWS](aws)). + On the section [](new-cluster:aws-setup-credentials) follow the steps for "For accounts without AWS SSO". diff --git a/docs/hub-deployment-guide/new-cluster/index.md b/docs/hub-deployment-guide/new-cluster/index.md index e324a7163c..f36c28feee 100644 --- a/docs/hub-deployment-guide/new-cluster/index.md +++ b/docs/hub-deployment-guide/new-cluster/index.md @@ -31,4 +31,5 @@ Deploying Kubernetes to AWS has a distinctly different workflow than GCP or Azur new-cluster.md aws.md smce.md +external-account.md ``` From 2fc3debd0264aa3eb03d70e1602fa41e7c360b09 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 09:01:41 +0100 Subject: [PATCH 261/494] terraform, azure: increase misc config resolution to help during upgrades --- terraform/azure/main.tf | 33 ++++++++++++++---------- terraform/azure/projects/utoronto.tfvars | 21 ++++++++++++--- terraform/azure/variables.tf | 29 +++++++++++---------- 3 files changed, 53 insertions(+), 30 deletions(-) diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf index ce605763ac..8f8f94d0cf 100644 --- a/terraform/azure/main.tf +++ b/terraform/azure/main.tf @@ -93,22 +93,31 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { } } - # Core node-pool + # default_node_pool must be set, and it must be a node pool of system type + # that can't scale to zero. Due to that we are forced to use it, and have + # decided to use it as our core node pool. + # + # Most changes to this node pool forces a replace operation on the entire + # cluster. This can be avoided with v3.47.0+ of this provider by declaring + # temporary_name_for_rotation = "core-b". + # + # ref: https://github.com/hashicorp/terraform-provider-azurerm/pull/20628 + # ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#temporary_name_for_rotation. + # default_node_pool { - # Unfortunately, changing anything about VM type / size recreates *whole cluster - name = "core" - vm_size = var.core_node_vm_size - os_disk_size_gb = 40 + name = var.core_node_pool.name + vm_size = var.core_node_pool.vm_size + os_disk_size_gb = var.core_node_pool.os_disk_size_gb enable_auto_scaling = true - min_count = 1 - max_count = 10 + min_count = var.core_node_pool.min + max_count = var.core_node_pool.max vnet_subnet_id = azurerm_subnet.node_subnet.id - node_labels = { + node_labels = merge({ "hub.jupyter.org/node-purpose" = "core", "k8s.dask.org/node-purpose" = "core" - } + }, var.core_node_pool.labels) - orchestrator_version = var.kubernetes_version + orchestrator_version = coalesce(var.core_node_pool.kubernetes_version, var.kubernetes_version) } auto_scaler_profile { @@ -140,7 +149,7 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { for_each = var.notebook_nodes - name = "nb${each.key}" + name = coalesce(each.value.name, each.key) kubernetes_cluster_id = azurerm_kubernetes_cluster.jupyterhub.id enable_auto_scaling = true os_disk_size_gb = 200 @@ -152,7 +161,6 @@ resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { node_labels = merge({ "hub.jupyter.org/node-purpose" = "user", "k8s.dask.org/node-purpose" = "scheduler" - "hub.jupyter.org/node-size" = each.value.vm_size }, each.value.labels) node_taints = concat([ @@ -180,7 +188,6 @@ resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" { vm_size = each.value.vm_size node_labels = merge({ "k8s.dask.org/node-purpose" = "worker", - "hub.jupyter.org/node-size" = each.value.vm_size }, each.value.labels) node_taints = concat([ diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index eaf3d01c87..8c3eeaddaf 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -13,16 +13,31 @@ ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQJ4h39UYNi1wybxAH+jCFkNK2 # kubernetes_version = "1.26.3" -# FIXME: upgrade core_node_vm_size to Standard_E4s_v5 -core_node_vm_size = "Standard_E4s_v3" +core_node_pool = { + name : "core", + vm_size : "Standard_E4s_v3", + kubernetes_version : "1.26.3", +} notebook_nodes = { "default" : { + name : "nbdefault", # NOTE: min-max below was set to 0-86 retroactively to align with # observed state without understanding on why 0-86 was picked. min : 0, max : 86, # FIXME: upgrade user nodes vm_size to Standard_E8s_v5 vm_size : "Standard_E8s_v3", - } + # FIXME: remove this label + labels : { + "hub.jupyter.org/node-size" = "Standard_E8s_v3", + }, + kubernetes_version : "1.26.3", + }, + #"usere8sv5" : { + # min : 0, + # max : 100, + # vm_size : "Standard_E8s_v5", + # kubernetes_version : "1.28.3", + #} } diff --git a/terraform/azure/variables.tf b/terraform/azure/variables.tf index b9cd943680..a7982e1c55 100644 --- a/terraform/azure/variables.tf +++ b/terraform/azure/variables.tf @@ -48,20 +48,6 @@ variable "kubernetes_version" { } -variable "core_node_vm_size" { - type = string - description = <<-EOT - VM Size to use for core nodes - - Core nodes will always be on, and count as 'base cost' - for a cluster. We should try to run with as few of them - as possible. - - WARNING: CHANGING THIS WILL DESTROY AND RECREATE THE CLUSTER! - EOT -} - - variable "global_container_registry_name" { type = string description = <<-EOT @@ -92,8 +78,23 @@ variable "ssh_pub_key" { EOT } +variable "core_node_pool" { + type = object({ + name : optional(string, ""), + min : optional(number, 1), + max : optional(number, 10), + vm_size : string, + labels : optional(map(string), {}), + taints : optional(list(string), []), + os_disk_size_gb : optional(number, 40), + kubernetes_version : optional(string, "") + }) + description = "Core node pool" +} + variable "notebook_nodes" { type = map(object({ + name : optional(string, ""), min : number, max : number, vm_size : string, From 7eb118d15445f38adeac13b992e0eae77e3b4034 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 09:02:26 +0100 Subject: [PATCH 262/494] terraform, utoronto: upgrade from 1.26.3 to 1.27.7 --- terraform/azure/projects/utoronto.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index 8c3eeaddaf..d06c6b8007 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -11,7 +11,7 @@ ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQJ4h39UYNi1wybxAH+jCFkNK2 # FIXME: upgrade to 1.27.7, and then 1.28.3, based on the latest versions # available via: az aks get-versions --location westus2 -o table # -kubernetes_version = "1.26.3" +kubernetes_version = "1.27.7" core_node_pool = { name : "core", From 04f93699993d344deeea7e20a45fe640f486901d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 17:41:00 +0100 Subject: [PATCH 263/494] terraform, azure and utoronto: k8s upgrade with misc variables to support it --- terraform/azure/main.tf | 23 +++++++----- terraform/azure/projects/utoronto.tfvars | 47 ++++++++++++++++++------ terraform/azure/variables.tf | 19 ++++++---- 3 files changed, 60 insertions(+), 29 deletions(-) diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf index 8f8f94d0cf..5777b68340 100644 --- a/terraform/azure/main.tf +++ b/terraform/azure/main.tf @@ -99,7 +99,7 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { # # Most changes to this node pool forces a replace operation on the entire # cluster. This can be avoided with v3.47.0+ of this provider by declaring - # temporary_name_for_rotation = "core-b". + # temporary_name_for_rotation = "coreb". # # ref: https://github.com/hashicorp/terraform-provider-azurerm/pull/20628 # ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#temporary_name_for_rotation. @@ -108,9 +108,11 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { name = var.core_node_pool.name vm_size = var.core_node_pool.vm_size os_disk_size_gb = var.core_node_pool.os_disk_size_gb - enable_auto_scaling = true - min_count = var.core_node_pool.min - max_count = var.core_node_pool.max + enable_auto_scaling = var.core_node_pool.enable_auto_scaling + min_count = var.core_node_pool.enable_auto_scaling ? var.core_node_pool.min : null + max_count = var.core_node_pool.enable_auto_scaling ? var.core_node_pool.max : null + node_count = var.core_node_pool.node_count + kubelet_disk_type = var.core_node_pool.kubelet_disk_type vnet_subnet_id = azurerm_subnet.node_subnet.id node_labels = merge({ "hub.jupyter.org/node-purpose" = "core", @@ -147,13 +149,14 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { - for_each = var.notebook_nodes + for_each = var.user_node_pools name = coalesce(each.value.name, each.key) kubernetes_cluster_id = azurerm_kubernetes_cluster.jupyterhub.id enable_auto_scaling = true - os_disk_size_gb = 200 + os_disk_size_gb = each.value.os_disk_size_gb vnet_subnet_id = azurerm_subnet.node_subnet.id + kubelet_disk_type = each.value.kubelet_disk_type orchestrator_version = each.value.kubernetes_version == "" ? var.kubernetes_version : each.value.kubernetes_version @@ -173,14 +176,14 @@ resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { } resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" { - # If dask_nodes is set, we use that. If it isn't, we use notebook_nodes. - # This lets us set dask_nodes to an empty array to get no dask nodes - for_each = var.dask_nodes + # If dask_node_pools is set, we use that. If it isn't, we use user_node_pools. + # This lets us set dask_node_pools to an empty array to get no dask nodes + for_each = var.dask_node_pools name = "dask${each.key}" kubernetes_cluster_id = azurerm_kubernetes_cluster.jupyterhub.id enable_auto_scaling = true - os_disk_size_gb = 200 + os_disk_size_gb = each.value.os_disk_size_gb vnet_subnet_id = azurerm_subnet.node_subnet.id orchestrator_version = each.value.kubernetes_version == "" ? var.kubernetes_version : each.value.kubernetes_version diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index d06c6b8007..c4246f9bf6 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -8,18 +8,40 @@ location = "canadacentral" storage_size = 8192 ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQJ4h39UYNi1wybxAH+jCFkNK2aqRcuhDkQSMx0Hak5xkbt3KnT3cOwAgUP1Vt/SjhltSTuxpOHxiAKCRnjwRk60SxKhUNzPHih2nkfYTmBBjmLfdepDPSke/E0VWvTDIEXz/L8vW8aI0QGPXnXyqzEDO9+U1buheBlxB0diFAD3vEp2SqBOw+z7UgrGxXPdP+2b3AV+X6sOtd6uSzpV8Qvdh+QAkd4r7h9JrkFvkrUzNFAGMjlTb0Lz7qAlo4ynjEwzVN2I1i7cVDKgsGz9ZG/8yZfXXx+INr9jYtYogNZ63ajKR/dfjNPovydhuz5zQvQyxpokJNsTqt1CiWEUNj georgiana@georgiana" -# FIXME: upgrade to 1.27.7, and then 1.28.3, based on the latest versions -# available via: az aks get-versions --location westus2 -o table -# -kubernetes_version = "1.27.7" +# List available versions via: az aks get-versions --location westus2 -o table +kubernetes_version = "1.28.3" core_node_pool = { name : "core", + kubernetes_version : "1.28.3", + + # FIXME: transition to "Standard_E2s_v5" nodes as they are large enough and + # can more cheaply handle being forced to have 2-3 replicas for silly + # reasons like three calico-typha pods. See + # https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632. + # + # Transitioning to E2s_v5 would require reducing the requested memory + # by prometheus-server though, but that should be okay since + # prometheus has reduced its memory profile significant enough recently. + # vm_size : "Standard_E4s_v3", - kubernetes_version : "1.26.3", + + # FIXME: stop using persistent disks for the nodes, use the variable default + # "Temporary" instead + kubelet_disk_type : "OS", + + # FIXME: use a larger os_disk_size_gb than 40, like the default of 100, to + # avoid running low when few replicas are used + os_disk_size_gb : 40, + + # FIXME: its nice to use autoscaling, but we end up with three replicas due to + # https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632 + # and its a waste at least using Standard_E4s_v3 machines. + enable_auto_scaling : false, + node_count : 2, } -notebook_nodes = { +user_node_pools = { "default" : { name : "nbdefault", # NOTE: min-max below was set to 0-86 retroactively to align with @@ -33,11 +55,12 @@ notebook_nodes = { "hub.jupyter.org/node-size" = "Standard_E8s_v3", }, kubernetes_version : "1.26.3", + # FIXME: stop using persistent disks for the nodes, use Temporary instead + kubelet_disk_type : "OS", }, - #"usere8sv5" : { - # min : 0, - # max : 100, - # vm_size : "Standard_E8s_v5", - # kubernetes_version : "1.28.3", - #} + "usere8sv5" : { + min : 0, + max : 100, + vm_size : "Standard_E8s_v5", + } } diff --git a/terraform/azure/variables.tf b/terraform/azure/variables.tf index a7982e1c55..dda5c1fab6 100644 --- a/terraform/azure/variables.tf +++ b/terraform/azure/variables.tf @@ -81,18 +81,21 @@ variable "ssh_pub_key" { variable "core_node_pool" { type = object({ name : optional(string, ""), + enable_auto_scaling = optional(bool, true), min : optional(number, 1), max : optional(number, 10), + node_count : optional(number), vm_size : string, labels : optional(map(string), {}), taints : optional(list(string), []), - os_disk_size_gb : optional(number, 40), - kubernetes_version : optional(string, "") + os_disk_size_gb : optional(number, 100), + kubernetes_version : optional(string, ""), + kubelet_disk_type : optional(string, "Temporary"), }) description = "Core node pool" } -variable "notebook_nodes" { +variable "user_node_pools" { type = map(object({ name : optional(string, ""), min : number, @@ -100,20 +103,22 @@ variable "notebook_nodes" { vm_size : string, labels : optional(map(string), {}), taints : optional(list(string), []), - kubernetes_version : optional(string, "") + os_disk_size_gb : optional(number, 200), + kubernetes_version : optional(string, ""), + kubelet_disk_type : optional(string, "Temporary"), })) - description = "Notebook node pools to create" + description = "User node pools to create" default = {} } -variable "dask_nodes" { +variable "dask_node_pools" { type = map(object({ min : number, max : number, vm_size : string, labels : optional(map(string), {}), taints : optional(list(string), []), - kubernetes_version : optional(string, "") + kubernetes_version : optional(string, ""), })) description = "Dask node pools to create" default = {} From ed82584f65c608251bf0c86723da688b072bfa23 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 17:42:07 +0100 Subject: [PATCH 264/494] terraform, utoronto: cleanup old user node pool --- terraform/azure/projects/utoronto.tfvars | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index c4246f9bf6..361f726e2e 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -42,25 +42,9 @@ core_node_pool = { } user_node_pools = { - "default" : { - name : "nbdefault", - # NOTE: min-max below was set to 0-86 retroactively to align with - # observed state without understanding on why 0-86 was picked. - min : 0, - max : 86, - # FIXME: upgrade user nodes vm_size to Standard_E8s_v5 - vm_size : "Standard_E8s_v3", - # FIXME: remove this label - labels : { - "hub.jupyter.org/node-size" = "Standard_E8s_v3", - }, - kubernetes_version : "1.26.3", - # FIXME: stop using persistent disks for the nodes, use Temporary instead - kubelet_disk_type : "OS", - }, "usere8sv5" : { min : 0, max : 100, vm_size : "Standard_E8s_v5", - } + }, } From ee19ad8753a59f9a6ccb276ecb15e830cf153e53 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 17:48:30 +0100 Subject: [PATCH 265/494] utoronto: reduce prometheus required memory to fit better on smaller nodes --- config/clusters/utoronto/support.values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config/clusters/utoronto/support.values.yaml b/config/clusters/utoronto/support.values.yaml index c87482edba..74e7c9526d 100644 --- a/config/clusters/utoronto/support.values.yaml +++ b/config/clusters/utoronto/support.values.yaml @@ -23,10 +23,11 @@ prometheus: hosts: - prometheus.utoronto.2i2c.cloud resources: + # utoronto's prometheus seems to lie stable below 10Gi at around 6Gi requests: - memory: 16Gi + memory: 12Gi limits: - memory: 16Gi + memory: 12Gi grafana: grafana.ini: From 9485b3ddff566541a9d9d9c5219ae23f5cc4befc Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 18:06:48 +0100 Subject: [PATCH 266/494] terraform, utoronto: remove resolved comment This comment was relevant before https://github.com/2i2c-org/infrastructure/pull/3595, but not after. --- terraform/azure/projects/utoronto.tfvars | 4 ---- 1 file changed, 4 deletions(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index 361f726e2e..fc51571045 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -20,10 +20,6 @@ core_node_pool = { # reasons like three calico-typha pods. See # https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632. # - # Transitioning to E2s_v5 would require reducing the requested memory - # by prometheus-server though, but that should be okay since - # prometheus has reduced its memory profile significant enough recently. - # vm_size : "Standard_E4s_v3", # FIXME: stop using persistent disks for the nodes, use the variable default From e2b8d1fe09eac96f521d9b66a7e350ac6ba7f33e Mon Sep 17 00:00:00 2001 From: Brian Freitag Date: Tue, 9 Jan 2024 12:06:28 -0600 Subject: [PATCH 267/494] add collaborators to GHG hub --- config/clusters/nasa-ghg/common.values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index 2ef7e48bf0..5c1d5c1c9a 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -42,6 +42,10 @@ basehub: GitHubOAuthenticator: allowed_organizations: - US-GHG-Center:ghgc-hub-access + - US-GHG-Center:ghg-use-case-1 + - US-GHG-Center:ghg-use-case-2 + - US-GHG-Center:ghg-use-case-3 + - US-GHG-Center:ghg-external-collaborators scope: - read:org Authenticator: From 58770b3aff51b721269efc375fca5e5f39ce183e Mon Sep 17 00:00:00 2001 From: Brian Freitag Date: Tue, 9 Jan 2024 12:09:10 -0600 Subject: [PATCH 268/494] add Jeanne-le-Roux as admin --- config/clusters/nasa-ghg/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index 5c1d5c1c9a..eb4276944f 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -53,6 +53,7 @@ basehub: - freitagb - j08lue - slesaad + - Jeanne-le-Roux singleuser: defaultUrl: /lab profileList: From c13775b02082e76c2fa692393c9ebded48aa3205 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 9 Jan 2024 10:43:56 -0800 Subject: [PATCH 269/494] utoronto: Don't force usage of notebookapp https://github.com/2i2c-org/infrastructure/pull/3582 has been merged, so we can stop forcing NotebookApp in prod. Without this, JupyterLab actually fails to launch, fixed upstream in https://github.com/jupyter-server/jupyter_server/pull/1384 Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/default-prod.values.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/config/clusters/utoronto/default-prod.values.yaml b/config/clusters/utoronto/default-prod.values.yaml index 3410ca3531..279893d2a3 100644 --- a/config/clusters/utoronto/default-prod.values.yaml +++ b/config/clusters/utoronto/default-prod.values.yaml @@ -1,12 +1,4 @@ jupyterhub: - singleuser: - extraEnv: - # Required to get jupyter-contrib-nbextensions to work, until - # https://github.com/2i2c-org/utoronto-image/pull/58 can land. An image - # including that is already in the staging hub, but not in the prod - # hub. This config can be removed when we promote that image to - # production. - JUPYTERHUB_SINGLEUSER_APP: "notebook.notebookapp.NotebookApp" ingress: hosts: [jupyter.utoronto.ca] tls: From ba341421e8c57a01dbccfa4d0aed443eddab8173 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Tue, 9 Jan 2024 13:49:56 -0800 Subject: [PATCH 270/494] Revert "[Merge Jan 9] utoronto: Enable automatic login on utoronto hubs" --- config/clusters/utoronto/common.values.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index 4f4e75c716..95f7ecb0a5 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -74,12 +74,6 @@ jupyterhub: concurrent_spawn_limit: 100 # We wanna keep logs long term, primarily for analytics extra_log_file: /srv/jupyterhub/jupyterhub.log - Authenticator: - # If users come directly to jupyter.utoronto.ca or any of the other hub landing pages, - # we don't actually want to show them the landing page - just auth them if needed and - # send them over to wherever they need to go. This is because there is an *external* home - # page that is sending people to appropriate locations with /hub/user-redirect. - auto_login: true CILogonOAuthenticator: allowed_idps: https://idpz.utorauth.utoronto.ca/shibboleth: From 1dc69f9bcf1fbf21857e73cb9f805ac21ffe9e8e Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 9 Jan 2024 14:10:49 -0800 Subject: [PATCH 271/494] Use same home page branch for utoronto prod hub too Everything should use the `utoronto` branch now, as set in the common config file Ref https://github.com/2i2c-org/infrastructure/issues/2729 --- config/clusters/utoronto/default-prod.values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/clusters/utoronto/default-prod.values.yaml b/config/clusters/utoronto/default-prod.values.yaml index 279893d2a3..3793e7dec1 100644 --- a/config/clusters/utoronto/default-prod.values.yaml +++ b/config/clusters/utoronto/default-prod.values.yaml @@ -17,9 +17,6 @@ jupyterhub: # that pods in `kube-system` will still schedule. # So even though this is under `userPlaceholder`, it really is operating as a `nodePlaceholder` memory: 57350076Ki - custom: - homepage: - gitRepoBranch: "utoronto-prod" hub: db: pvc: From ed69e2825ea8a9264e2969086e85ab7b3fcb3880 Mon Sep 17 00:00:00 2001 From: sean-morris Date: Tue, 9 Jan 2024 16:29:04 -0800 Subject: [PATCH 272/494] [cloudbank] ELAC Added --- config/clusters/cloudbank/cluster.yaml | 8 +++ config/clusters/cloudbank/elac.values.yaml | 68 +++++++++++++++++++ .../cloudbank/enc-elac.secret.values.yaml | 20 ++++++ 3 files changed, 96 insertions(+) create mode 100644 config/clusters/cloudbank/elac.values.yaml create mode 100644 config/clusters/cloudbank/enc-elac.secret.values.yaml diff --git a/config/clusters/cloudbank/cluster.yaml b/config/clusters/cloudbank/cluster.yaml index 27fef824cb..43577c6924 100644 --- a/config/clusters/cloudbank/cluster.yaml +++ b/config/clusters/cloudbank/cluster.yaml @@ -148,6 +148,14 @@ hubs: - common.values.yaml - sbcc-dev.values.yaml - enc-sbcc-dev.secret.values.yaml + - name: elac + display_name: "East Los Angeles College" + domain: elac.cloudbank.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - elac.values.yaml + - enc-elac.secret.values.yaml - name: lacc display_name: "Los Angeles City College" domain: lacc.cloudbank.2i2c.cloud diff --git a/config/clusters/cloudbank/elac.values.yaml b/config/clusters/cloudbank/elac.values.yaml new file mode 100644 index 0000000000..494814680c --- /dev/null +++ b/config/clusters/cloudbank/elac.values.yaml @@ -0,0 +1,68 @@ +jupyterhub: + ingress: + hosts: [elac.cloudbank.2i2c.cloud] + tls: + - hosts: [elac.cloudbank.2i2c.cloud] + secretName: https-auto-tls + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: East Los Angeles College + logo_url: https://www.elac.edu/sites/elac.edu/files/elac-logo.svg + url: https://www.elac.edu/ + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: CloudBank + url: http://cloudbank.org/ + funded_by: + name: CloudBank + url: http://cloudbank.org/ + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: "https://palomar.cloudbank.2i2c.cloud/hub/oauth_callback" + allowed_idps: + http://google.com/accounts/o8/id: + default: true + username_derivation: + username_claim: "email" + OAuthenticator: + # WARNING: Don't use allow_existing_users with config to allow an + # externally managed group of users, such as + # GitHubOAuthenticator.allowed_organizations, as it breaks a + # common expectations for an admin user. + # + # The broken expectation is that removing a user from the + # externally managed group implies that the user won't have + # access any more. In practice the user will still have + # access if it had logged in once before, as it then exists + # in JupyterHub's database of users. + # + allow_existing_users: True + Authenticator: + # WARNING: Removing a user from admin_users or allowed_users doesn't + # revoke admin status or access. + # + # OAuthenticator.allow_existing_users allows any user in the + # JupyterHub database of users able to login. This includes + # any previously logged in user or user previously listed in + # allowed_users or admin_users, as such users are added to + # JupyterHub's database on startup. + # + # To revoke admin status or access for a user when + # allow_existing_users is enabled, first remove the user from + # admin_users or allowed_users, then deploy the change, and + # finally revoke the admin status or delete the user via the + # /hub/admin panel. + # + admin_users: + - sean.smorris@berkeley.edu + - rrregis@gmail.com diff --git a/config/clusters/cloudbank/enc-elac.secret.values.yaml b/config/clusters/cloudbank/enc-elac.secret.values.yaml new file mode 100644 index 0000000000..d2634d730e --- /dev/null +++ b/config/clusters/cloudbank/enc-elac.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:cBuFC2bLV5pA85K9L22EcM5h7ZUSASK2y+vOh5grlAyKnqpUgepynWL4mjL5SxVY+zM=,iv:Xhy+Y3C+zJsibs/W+sPb/hSReQzN8KekOzT5NZceVj4=,tag:JM1r+8A8b1CNXE0TdPzNcg==,type:str] + client_secret: ENC[AES256_GCM,data:vt+PnqCXNB27sosc9Xy1Vci4nAFviw+kA/NoNOqy4Zjom42MKGRxfOgJEl4jbxWZPaCliD9H90cKYniFp0dmhQYQSE3HCHXI2Cc/6w1Fg05O+1oRO1Y=,iv:h2Y8NTEk3GToKcUfd+DKQSVFF72RHdsKuP6T9+AnCmk=,tag:5HyGGS9mJSJPXPPZ3JXEZg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-01-10T00:27:47Z" + enc: CiUA4OM7eLfMw3q0WBdHZiBTymDsk+C76sHrwR95zkwZjvq8JjN8EkkAjTWv+vo3ugKpDVeUKrKsmQ2a2VcWkjozp4IxKpOT7g6uOO02UT9uocWKxaS7YkePydtkiVFaHe0L6voF6G9SBPl1yKK9062W + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-01-10T00:27:48Z" + mac: ENC[AES256_GCM,data:m4vTLeMe9C9wUq8wyDmOz11f1trXBKQ8+rwljVbq4q7iAUuyK12PGbWhcH6Pk7HPmfhlMoEM8wyhbSTwuOf2nrMV5ExpGvYQ63DkIOk9cGYh5MFQEMeX4dNJlbQVkt5D4NjSrzAxjdQINnWcYr8teXQ1zgpTca+qTi8s21qh78I=,iv:nfQvJQYZ0huTCe3UJOa8lLgQTNzfIjqi3B3MB1o5m2k=,tag:Vul6XzPkhV7DUFZobjAo5w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 From 7780d97917604f31884353d6618e3e7c3b2c9fb8 Mon Sep 17 00:00:00 2001 From: sean-morris Date: Tue, 9 Jan 2024 16:29:04 -0800 Subject: [PATCH 273/494] [cloudbank] ELAC Added --- config/clusters/cloudbank/elac.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/cloudbank/elac.values.yaml b/config/clusters/cloudbank/elac.values.yaml index 494814680c..756b044cd3 100644 --- a/config/clusters/cloudbank/elac.values.yaml +++ b/config/clusters/cloudbank/elac.values.yaml @@ -28,7 +28,7 @@ jupyterhub: JupyterHub: authenticator_class: cilogon CILogonOAuthenticator: - oauth_callback_url: "https://palomar.cloudbank.2i2c.cloud/hub/oauth_callback" + oauth_callback_url: "https://elac.cloudbank.2i2c.cloud/hub/oauth_callback" allowed_idps: http://google.com/accounts/o8/id: default: true From d02bc52b4653c5216821b0508ff77aef624fd612 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 10 Jan 2024 09:18:39 +0100 Subject: [PATCH 274/494] terraform, azure: autoscaling core node pool and refactor to reduce duplication --- terraform/azure/main.tf | 118 +++++++++++------------ terraform/azure/projects/utoronto.tfvars | 66 +++++++------ terraform/azure/variables.tf | 45 ++------- 3 files changed, 102 insertions(+), 127 deletions(-) diff --git a/terraform/azure/main.tf b/terraform/azure/main.tf index 5777b68340..36e0b567d7 100644 --- a/terraform/azure/main.tf +++ b/terraform/azure/main.tf @@ -37,6 +37,7 @@ terraform { provider "azuread" { tenant_id = var.tenant_id } + provider "azurerm" { subscription_id = var.subscription_id features {} @@ -93,35 +94,6 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { } } - # default_node_pool must be set, and it must be a node pool of system type - # that can't scale to zero. Due to that we are forced to use it, and have - # decided to use it as our core node pool. - # - # Most changes to this node pool forces a replace operation on the entire - # cluster. This can be avoided with v3.47.0+ of this provider by declaring - # temporary_name_for_rotation = "coreb". - # - # ref: https://github.com/hashicorp/terraform-provider-azurerm/pull/20628 - # ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#temporary_name_for_rotation. - # - default_node_pool { - name = var.core_node_pool.name - vm_size = var.core_node_pool.vm_size - os_disk_size_gb = var.core_node_pool.os_disk_size_gb - enable_auto_scaling = var.core_node_pool.enable_auto_scaling - min_count = var.core_node_pool.enable_auto_scaling ? var.core_node_pool.min : null - max_count = var.core_node_pool.enable_auto_scaling ? var.core_node_pool.max : null - node_count = var.core_node_pool.node_count - kubelet_disk_type = var.core_node_pool.kubelet_disk_type - vnet_subnet_id = azurerm_subnet.node_subnet.id - node_labels = merge({ - "hub.jupyter.org/node-purpose" = "core", - "k8s.dask.org/node-purpose" = "core" - }, var.core_node_pool.labels) - - orchestrator_version = coalesce(var.core_node_pool.kubernetes_version, var.kubernetes_version) - } - auto_scaler_profile { skip_nodes_with_local_storage = true } @@ -131,7 +103,8 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { } network_profile { - # I don't trust Azure CNI + # Azure CNI is the default, but we don't trust it to be reliable, so we've + # opted to use kubenet instead network_plugin = "kubenet" network_policy = "calico" } @@ -144,68 +117,92 @@ resource "azurerm_kubernetes_cluster" "jupyterhub" { client_secret = azuread_service_principal_password.service_principal_password[0].value } } -} + # default_node_pool must be set, and it must be a node pool of system type + # that can't scale to zero. Due to that we are forced to use it, and have + # decided to use it as our core node pool. + # + # Most changes to this node pool forces a replace operation on the entire + # cluster. This can be avoided with v3.47.0+ of this provider by declaring + # temporary_name_for_rotation = "coreb". + # + # ref: https://github.com/hashicorp/terraform-provider-azurerm/pull/20628 + # ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#temporary_name_for_rotation. + # + default_node_pool { + name = var.node_pools["core"][0].name + vm_size = var.node_pools["core"][0].vm_size + os_disk_size_gb = var.node_pools["core"][0].os_disk_size_gb + kubelet_disk_type = var.node_pools["core"][0].kubelet_disk_type + enable_auto_scaling = true + min_count = var.node_pools["core"][0].min + max_count = var.node_pools["core"][0].max + + node_labels = merge({ + "hub.jupyter.org/node-purpose" = "core", + "k8s.dask.org/node-purpose" = "core" + }, var.node_pools["core"][0].labels) + node_taints = concat([], var.node_pools["core"][0].taints) + orchestrator_version = coalesce(var.node_pools["core"][0].kubernetes_version, var.kubernetes_version) -resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { - for_each = var.user_node_pools + vnet_subnet_id = azurerm_subnet.node_subnet.id + } +} - name = coalesce(each.value.name, each.key) - kubernetes_cluster_id = azurerm_kubernetes_cluster.jupyterhub.id - enable_auto_scaling = true - os_disk_size_gb = each.value.os_disk_size_gb - vnet_subnet_id = azurerm_subnet.node_subnet.id - kubelet_disk_type = each.value.kubelet_disk_type - orchestrator_version = each.value.kubernetes_version == "" ? var.kubernetes_version : each.value.kubernetes_version +resource "azurerm_kubernetes_cluster_node_pool" "user_pool" { + for_each = { for i, v in var.node_pools["user"] : v.name => v } + + name = each.value.name + vm_size = each.value.vm_size + os_disk_size_gb = each.value.os_disk_size_gb + kubelet_disk_type = each.value.kubelet_disk_type + enable_auto_scaling = true + min_count = each.value.min + max_count = each.value.max - vm_size = each.value.vm_size node_labels = merge({ "hub.jupyter.org/node-purpose" = "user", "k8s.dask.org/node-purpose" = "scheduler" }, each.value.labels) - node_taints = concat([ "hub.jupyter.org_dedicated=user:NoSchedule" ], each.value.taints) + orchestrator_version = each.value.kubernetes_version == "" ? var.kubernetes_version : each.value.kubernetes_version - min_count = each.value.min - max_count = each.value.max + kubernetes_cluster_id = azurerm_kubernetes_cluster.jupyterhub.id + vnet_subnet_id = azurerm_subnet.node_subnet.id } -resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" { - # If dask_node_pools is set, we use that. If it isn't, we use user_node_pools. - # This lets us set dask_node_pools to an empty array to get no dask nodes - for_each = var.dask_node_pools - name = "dask${each.key}" - kubernetes_cluster_id = azurerm_kubernetes_cluster.jupyterhub.id - enable_auto_scaling = true - os_disk_size_gb = each.value.os_disk_size_gb - vnet_subnet_id = azurerm_subnet.node_subnet.id +resource "azurerm_kubernetes_cluster_node_pool" "dask_pool" { + for_each = { for i, v in var.node_pools["dask"] : v.name => v } - orchestrator_version = each.value.kubernetes_version == "" ? var.kubernetes_version : each.value.kubernetes_version + name = each.value.name + vm_size = each.value.vm_size + os_disk_size_gb = each.value.os_disk_size_gb + kubelet_disk_type = each.value.kubelet_disk_type + enable_auto_scaling = true + min_count = each.value.min + max_count = each.value.max - vm_size = each.value.vm_size node_labels = merge({ "k8s.dask.org/node-purpose" = "worker", }, each.value.labels) - node_taints = concat([ "k8s.dask.org_dedicated=worker:NoSchedule" ], each.value.taints) + orchestrator_version = each.value.kubernetes_version == "" ? var.kubernetes_version : each.value.kubernetes_version - min_count = each.value.min - max_count = each.value.max + kubernetes_cluster_id = azurerm_kubernetes_cluster.jupyterhub.id + vnet_subnet_id = azurerm_subnet.node_subnet.id } -# AZure container registry resource "azurerm_container_registry" "container_registry" { - # meh, only alphanumberic chars. No separators. BE CONSISTENT, AZURE name = var.global_container_registry_name resource_group_name = azurerm_resource_group.jupyterhub.name location = azurerm_resource_group.jupyterhub.location @@ -213,6 +210,7 @@ resource "azurerm_container_registry" "container_registry" { admin_enabled = true } + locals { registry_creds = { "imagePullSecret" = { diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index fc51571045..e3c3bb8daa 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -11,36 +11,38 @@ ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQJ4h39UYNi1wybxAH+jCFkNK2 # List available versions via: az aks get-versions --location westus2 -o table kubernetes_version = "1.28.3" -core_node_pool = { - name : "core", - kubernetes_version : "1.28.3", - - # FIXME: transition to "Standard_E2s_v5" nodes as they are large enough and - # can more cheaply handle being forced to have 2-3 replicas for silly - # reasons like three calico-typha pods. See - # https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632. - # - vm_size : "Standard_E4s_v3", - - # FIXME: stop using persistent disks for the nodes, use the variable default - # "Temporary" instead - kubelet_disk_type : "OS", - - # FIXME: use a larger os_disk_size_gb than 40, like the default of 100, to - # avoid running low when few replicas are used - os_disk_size_gb : 40, - - # FIXME: its nice to use autoscaling, but we end up with three replicas due to - # https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632 - # and its a waste at least using Standard_E4s_v3 machines. - enable_auto_scaling : false, - node_count : 2, -} - -user_node_pools = { - "usere8sv5" : { - min : 0, - max : 100, - vm_size : "Standard_E8s_v5", - }, +node_pools = { + core : [ + { + name : "core", + + # FIXME: transition to "Standard_E2s_v5" nodes as they are large enough and + # can more cheaply handle being forced to have 2-3 replicas for silly + # reasons like three calico-typha pods. See + # https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632. + # + vm_size : "Standard_E4s_v3", + + os_disk_size_gb : 40, + + # FIXME: stop using persistent disks for the nodes, use the variable default + # "Temporary" instead + kubelet_disk_type : "OS", + + min : 1, + max : 10, + }, + ], + + user : [ + { + name : "usere8sv5", + vm_size : "Standard_E8s_v5", + os_disk_size_gb : 200, + min : 0, + max : 100, + }, + ], + + dask : [] } diff --git a/terraform/azure/variables.tf b/terraform/azure/variables.tf index dda5c1fab6..afeee2db6e 100644 --- a/terraform/azure/variables.tf +++ b/terraform/azure/variables.tf @@ -78,50 +78,25 @@ variable "ssh_pub_key" { EOT } -variable "core_node_pool" { - type = object({ - name : optional(string, ""), - enable_auto_scaling = optional(bool, true), - min : optional(number, 1), - max : optional(number, 10), - node_count : optional(number), +variable "node_pools" { + type = map(list(object({ + name : string, vm_size : string, - labels : optional(map(string), {}), - taints : optional(list(string), []), os_disk_size_gb : optional(number, 100), - kubernetes_version : optional(string, ""), kubelet_disk_type : optional(string, "Temporary"), - }) - description = "Core node pool" -} - -variable "user_node_pools" { - type = map(object({ - name : optional(string, ""), min : number, max : number, - vm_size : string, labels : optional(map(string), {}), taints : optional(list(string), []), - os_disk_size_gb : optional(number, 200), kubernetes_version : optional(string, ""), - kubelet_disk_type : optional(string, "Temporary"), - })) - description = "User node pools to create" - default = {} -} + }))) + description = <<-EOT + Node pools to create to be listed under the keys 'core', 'user', and 'dask'. -variable "dask_node_pools" { - type = map(object({ - min : number, - max : number, - vm_size : string, - labels : optional(map(string), {}), - taints : optional(list(string), []), - kubernetes_version : optional(string, ""), - })) - description = "Dask node pools to create" - default = {} + There should be exactly one core node pool. The core node pool is given a + special treatment by being listed directly in the cluster resource's + 'default_node_pool' field. + EOT } variable "create_service_principal" { From 54098b0bce5fef78a1d4be4029d0349be266f691 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Wed, 10 Jan 2024 10:27:08 +0200 Subject: [PATCH 275/494] Fix typo Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- .github/workflows/project-board-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/project-board-update.yml b/.github/workflows/project-board-update.yml index aad29f14f1..182ea476b0 100644 --- a/.github/workflows/project-board-update.yml +++ b/.github/workflows/project-board-update.yml @@ -11,7 +11,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Parse the ticket tracker issue template form - uses: stefanbuck/github-issue-praser@v3 + uses: stefanbuck/github-issue-parser@v3 id: issue-parser with: template-path: .github/ISSUE_TEMPLATE/5_freshdesk-ticket.yml From 8a1cccb6a817f90dc66681ed82fa8152e0471606 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 10 Jan 2024 11:05:29 +0200 Subject: [PATCH 276/494] Merge the two set fields steps --- .github/workflows/project-board-update.yml | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/.github/workflows/project-board-update.yml b/.github/workflows/project-board-update.yml index 182ea476b0..e649053dd7 100644 --- a/.github/workflows/project-board-update.yml +++ b/.github/workflows/project-board-update.yml @@ -25,21 +25,12 @@ jobs: # Export the `impact` string to GITHUB_OUTPUT to be used in following steps with open(os.environ["GITHUB_OUTPUT"], "a") as f : print(f"impact={impact}", file=f) - - name: Set the "Impact" project board field + - name: Set the "Impact" and "Type" project board fields uses: EndBug/project-fields@v2 - id: impact-field + id: set-fields with: operation: set - fields: Impact + fields: Impact,Type github_token: ${{ secrets.PROJECT_BOARD_PAT_TOKEN }} project_url: https://github.com/orgs/2i2c-org/projects/22 - values: "${{ steps.get-ticket-impact.outputs.impact }}" - - name: Set "Type" field of the project board to "Support" - uses: EndBug/project-fields@v2 - id: type-field - with: - operation: set - fields: Type - github_token: ${{ secrets.PROJECT_BOARD_PAT_TOKEN }} - project_url: https://github.com/orgs/2i2c-org/projects/22 - values: "Support" + values: ${{ steps.get-ticket-impact.outputs.impact }},Support From d6d89f53721960baf2c257051e360d17ccc25b7e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 10 Jan 2024 09:51:21 +0100 Subject: [PATCH 277/494] utoronto, terraform: refine comments slightly --- terraform/azure/projects/utoronto.tfvars | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index e3c3bb8daa..f7888250e5 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -1,3 +1,11 @@ +# IMPORTANT: Due to a restrictive network rule from storage.tf, we can't perform +# "terraform plan" or "terraform apply" without a workaround. +# +# One known workaround is to allow your public IP temporarily as +# discussed in https://github.com/2i2c-org/infrastructure/issues/890#issuecomment-1879072422. +# This workaround is problematic as that may temporarily allow access +# to storage by other actors with the same IP. +# tenant_id = "78aac226-2f03-4b4d-9037-b46d56c55210" subscription_id = "ead3521a-d994-4a44-a68d-b16e35642d5b" resourcegroup_name = "2i2c-utoronto-cluster" @@ -16,17 +24,20 @@ node_pools = { { name : "core", - # FIXME: transition to "Standard_E2s_v5" nodes as they are large enough and - # can more cheaply handle being forced to have 2-3 replicas for silly - # reasons like three calico-typha pods. See - # https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632. + # FIXME: Transition to "Standard_E2s_v5" nodes as they are large enough to + # for the biggest workload (prometheus-server) and can handle high + # availability requirements better. + # + # We are currently forced to handle three calico-typha pods that + # can't schedule on the same node, see https://github.com/2i2c-org/infrastructure/issues/3592#issuecomment-1883269632. # vm_size : "Standard_E4s_v3", + # core nodes doesn't need much disk space os_disk_size_gb : 40, - # FIXME: stop using persistent disks for the nodes, use the variable default - # "Temporary" instead + # FIXME: Stop using persistent disks for the nodes, use the variable default + # "Temporary" instead by removing this line. kubelet_disk_type : "OS", min : 1, From 83aea73def5909589ae9d43d8a68673a535da98e Mon Sep 17 00:00:00 2001 From: Alejandro Ismael Silva Date: Wed, 10 Jan 2024 11:34:17 -0300 Subject: [PATCH 278/494] Apply suggestions from code review Co-authored-by: Georgiana --- docs/hub-deployment-guide/new-cluster/external-account.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/hub-deployment-guide/new-cluster/external-account.md b/docs/hub-deployment-guide/new-cluster/external-account.md index 29adde23ff..c803887afc 100644 --- a/docs/hub-deployment-guide/new-cluster/external-account.md +++ b/docs/hub-deployment-guide/new-cluster/external-account.md @@ -1,21 +1,21 @@ # AWS with external account -In some cases, the organization has its own AWS account and is provided it to us to deploy the cluster. +In some cases, the organization has its own AWS account that is provided to us to deploy the cluster. This method is far simpler as we don't have to handle cloud billing, since it is handled by the organization. There are some steps to do before the deploy: 1. Instruct the external organization to create one AWS IAM account with full permissions. Since we will have one account per engineer, - this should be for a specific engineer who is responsible for setting up the hub. + this initial account should be created for the specific engineer who is responsible for setting up the hub. 1. The organization sends the credentials for this account to `support@2i2c.org`, [encrypted using age encryption method](inv:dc#support:encrypt). 1. The engineer accesses this information and [decrypts it using the provided instructions](/sre-guide/support/decrypt-age). -1. This engineer can use the IAM service in the AWS Console to create accounts for each engineer - and then sends the credentials to each engineer, for example, through Slack. +1. This engineer can use the IAM service in the AWS Console to create accounts for each of the other engineers + and then sends the credentials to each, for example, through Slack. ```{tip} Create a **User group** with admin permissions. From 321260f0249f720baa4f748a385204de1bfdf391 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 10 Jan 2024 18:50:39 +0200 Subject: [PATCH 279/494] Move the GitHub app's details under the default hubs common --- config/clusters/utoronto/common.values.yaml | 14 -------------- .../clusters/utoronto/default-common.values.yaml | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index 95f7ecb0a5..3e0d1e79b1 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -49,20 +49,6 @@ jupyterhub: memory: limit: 2G guarantee: 1G - extraFiles: - github-app-private-key.pem: - mountPath: /etc/github/github-app-private-key.pem - # stringData field will be set via encrypted values files but added here - # to meet the chart schema validation requirements without the need to - # use secret values during the validation. - stringData: "dummy" - gitconfig: - mountPath: /etc/gitconfig - # app-id comes from https://github.com/organizations/utoronto-2i2c/settings/apps/utoronto-jupyterhub-private-cloner - stringData: | - [credential "https://github.com"] - helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 93515 - useHttpPath = true hub: db: pvc: diff --git a/config/clusters/utoronto/default-common.values.yaml b/config/clusters/utoronto/default-common.values.yaml index 9d8866521e..7e6e1db1e1 100644 --- a/config/clusters/utoronto/default-common.values.yaml +++ b/config/clusters/utoronto/default-common.values.yaml @@ -3,6 +3,20 @@ jupyterhub: image: name: quay.io/2i2c/utoronto-image tag: "14320bae73a0" + extraFiles: + github-app-private-key.pem: + mountPath: /etc/github/github-app-private-key.pem + # stringData field will be set via encrypted values files but added here + # to meet the chart schema validation requirements without the need to + # use secret values during the validation. + stringData: "dummy" + gitconfig: + mountPath: /etc/gitconfig + # app-id comes from https://github.com/organizations/utoronto-2i2c/settings/apps/utoronto-jupyterhub-private-cloner + stringData: | + [credential "https://github.com"] + helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 93515 + useHttpPath = true hub: config: Authenticator: From 2da40df72780aafa08823ca084d605015848047a Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 10 Jan 2024 10:58:39 -0800 Subject: [PATCH 280/494] [utoronto] Bump R Image Ref https://github.com/2i2c-org/infrastructure/issues/3603 Brings in https://github.com/2i2c-org/utoronto-r-image/pull/17 --- config/clusters/utoronto/r-common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/utoronto/r-common.values.yaml b/config/clusters/utoronto/r-common.values.yaml index 74de7001a8..8fe1757fa5 100644 --- a/config/clusters/utoronto/r-common.values.yaml +++ b/config/clusters/utoronto/r-common.values.yaml @@ -14,4 +14,4 @@ jupyterhub: defaultUrl: /rstudio image: name: quay.io/2i2c/utoronto-r-image - tag: "b0f448387134" + tag: "eebaeecd1987" From 6f5135619c1e3c8a72c53339fabb2b08937128df Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 10 Jan 2024 11:11:16 -0800 Subject: [PATCH 281/494] Revert "Move the " UToronto JupyterHub Private Cloner" GitHub app's details under the default hubs common" --- config/clusters/utoronto/common.values.yaml | 14 ++++++++++++++ .../clusters/utoronto/default-common.values.yaml | 14 -------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/config/clusters/utoronto/common.values.yaml b/config/clusters/utoronto/common.values.yaml index 3e0d1e79b1..95f7ecb0a5 100644 --- a/config/clusters/utoronto/common.values.yaml +++ b/config/clusters/utoronto/common.values.yaml @@ -49,6 +49,20 @@ jupyterhub: memory: limit: 2G guarantee: 1G + extraFiles: + github-app-private-key.pem: + mountPath: /etc/github/github-app-private-key.pem + # stringData field will be set via encrypted values files but added here + # to meet the chart schema validation requirements without the need to + # use secret values during the validation. + stringData: "dummy" + gitconfig: + mountPath: /etc/gitconfig + # app-id comes from https://github.com/organizations/utoronto-2i2c/settings/apps/utoronto-jupyterhub-private-cloner + stringData: | + [credential "https://github.com"] + helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 93515 + useHttpPath = true hub: db: pvc: diff --git a/config/clusters/utoronto/default-common.values.yaml b/config/clusters/utoronto/default-common.values.yaml index 7e6e1db1e1..9d8866521e 100644 --- a/config/clusters/utoronto/default-common.values.yaml +++ b/config/clusters/utoronto/default-common.values.yaml @@ -3,20 +3,6 @@ jupyterhub: image: name: quay.io/2i2c/utoronto-image tag: "14320bae73a0" - extraFiles: - github-app-private-key.pem: - mountPath: /etc/github/github-app-private-key.pem - # stringData field will be set via encrypted values files but added here - # to meet the chart schema validation requirements without the need to - # use secret values during the validation. - stringData: "dummy" - gitconfig: - mountPath: /etc/gitconfig - # app-id comes from https://github.com/organizations/utoronto-2i2c/settings/apps/utoronto-jupyterhub-private-cloner - stringData: | - [credential "https://github.com"] - helper = !git-credential-github-app --app-key-file /etc/github/github-app-private-key.pem --app-id 93515 - useHttpPath = true hub: config: Authenticator: From b94af678124dac80c05e85190cac1b2330536cc5 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 10 Jan 2024 11:50:23 -0800 Subject: [PATCH 282/494] Document we may share GitHub apps for private nbgitpuller use Ref https://github.com/2i2c-org/infrastructure/issues/3603 --- docs/howto/features/private-nbgitpuller.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/howto/features/private-nbgitpuller.md b/docs/howto/features/private-nbgitpuller.md index 0115c783b3..c2b0671c88 100644 --- a/docs/howto/features/private-nbgitpuller.md +++ b/docs/howto/features/private-nbgitpuller.md @@ -4,6 +4,10 @@ used to pull repos from public GitHub repositories. We can also allow users to pull from *private* GitHub repositories, with [git-credential-helpers](https://github.com/yuvipanda/git-credential-helpers). +When supporting a cluster of hubs for use by the same community (such as a +large university), we can use the *same* GitHub app for all of the hubs +(unless explicitly requested to not). This simplifies instructors workflow. + ## Configure the image The image used in the JupyterHub must have the [git-credential-helpers](https://pypi.org/project/git-credential-helpers/) From d8a4e8b62d64e4c810d21ea5b1f985227eaf0e64 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 10 Jan 2024 16:19:08 -0800 Subject: [PATCH 283/494] Make GHG profileList match VEDA's Brings in https://github.com/2i2c-org/infrastructure/pull/3566 (and follow-ups) to the GHG hub Ref https://github.com/2i2c-org/infrastructure/issues/3565 --- config/clusters/nasa-ghg/common.values.yaml | 306 +++++++------------- 1 file changed, 108 insertions(+), 198 deletions(-) diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index eb4276944f..4b64ecb26c 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -57,210 +57,120 @@ basehub: singleuser: defaultUrl: /lab profileList: - # NOTE: About node sharing - # - # CPU/Memory requests/limits are actively considered still. This - # profile list is setup to involve node sharing as considered in - # https://github.com/2i2c-org/infrastructure/issues/2121. - # - # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB - # overhead for misc system pods, and transitioning from GB in - # description to GiB in mem_guarantee. - # - CPU requests are lower than the description, with a factor of - # 10%. - # - - display_name: "Small: up to 4 CPU / 32 GB RAM" - description: &profile_list_description "Start a container with at least a chosen share of capacity on a node of this type" - slug: small + - display_name: "Modified Pangeo Notebook" + slug: modified-pangeo + description: Pangeo based notebook with a Python environment default: true - profile_options: - image: &image_options - display_name: Image - choices: - pangeo: - display_name: Pangeo Notebook - default: true - slug: pangeo - kubespawner_override: - # Uses JupyterLab <4, so jupyterlab-git and dask-dashboard work - image: "pangeo/pangeo-notebook:2023.07.05" - rocker: - display_name: Rocker Geospatial with RStudio - slug: rocker - kubespawner_override: - image: rocker/binder:4.3 - # Launch RStudio after the user logs in - default_url: /rstudio - # Ensures container working dir is homedir - # https://github.com/2i2c-org/infrastructure/issues/2559 - working_dir: /home/rstudio - qgis: - display_name: QGIS on Linux Desktop - slug: qgis - kubespawner_override: - # Explicitly unset this - we set this to 'jupyterhub-singleuser' - # in basehub/values.yaml. We instead want to leave this unset, - # so the default command for the docker image is used instead. - # This is required for .desktop files to show up correctly. - cmd: null - # Launch people directly into the Linux desktop when they start - default_url: /desktop - # Built from https://github.com/2i2c-org/nasa-qgis-image - image: "quay.io/2i2c/nasa-qgis-image:78d96c092f8e" - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_1: - default: true - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.904G - cpu_guarantee: 0.013 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.809G - cpu_guarantee: 0.025 - mem_4: - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.617G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.234G - cpu_guarantee: 0.1 - mem_16: - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 14.469G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 28.937G - cpu_guarantee: 0.4 kubespawner_override: - cpu_limit: null - mem_limit: null - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - - display_name: "Medium: up to 16 CPU / 128 GB RAM" - description: *profile_list_description - slug: medium - profile_options: - image: *image_options - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share + image: public.ecr.aws/nasa-veda/nasa-veda-singleuser:5068290376e8c3151d97a36ae6485bb7ff79650b94aecc93ffb2ea1b42d76460 + profile_options: &profile_options + resource_allocation: &profile_options_resource_allocation + display_name: Resource Allocation choices: - mem_1: - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.942G - cpu_guarantee: 0.013 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.883G - cpu_guarantee: 0.025 - mem_4: + mem_1_9: + display_name: 1.9 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 1991341312 + mem_limit: 1991341312 + cpu_guarantee: 0.234375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge default: true - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.766G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.532G - cpu_guarantee: 0.1 - mem_16: - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 15.064G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 30.128G - cpu_guarantee: 0.4 - mem_64: - display_name: ~64 GB, ~8.0 CPU - kubespawner_override: - mem_guarantee: 60.257G - cpu_guarantee: 0.8 - mem_128: - display_name: ~128 GB, ~16.0 CPU - kubespawner_override: - mem_guarantee: 120.513G - cpu_guarantee: 1.6 + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 3982682624 + mem_limit: 3982682624 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 7965365248 + mem_limit: 7965365248 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 15930730496 + mem_limit: 15930730496 + cpu_guarantee: 1.875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 31861460992 + mem_limit: 31861460992 + cpu_guarantee: 3.75 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_60_6: + display_name: 60.6 GB RAM, upto 15.7 CPUs + kubespawner_override: + mem_guarantee: 65094813696 + mem_limit: 65094813696 + cpu_guarantee: 7.86 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + mem_121_2: + display_name: 121.2 GB RAM, upto 15.7 CPUs + kubespawner_override: + mem_guarantee: 130189627392 + mem_limit: 130189627392 + cpu_guarantee: 15.72 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: "Rocker Geospatial with RStudio" + slug: rocker + description: R environment with many geospatial libraries pre-installed kubespawner_override: - cpu_limit: null - mem_limit: null - node_selector: - node.kubernetes.io/instance-type: r5.4xlarge - - display_name: "Large: up to 64 CPU / 512 GB RAM" - description: *profile_list_description - slug: large - profile_options: - image: *image_options - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_4: - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.821G - cpu_guarantee: 0.05 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 7.643G - cpu_guarantee: 0.1 - mem_16: - default: true - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 15.285G - cpu_guarantee: 0.2 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 30.571G - cpu_guarantee: 0.4 - mem_64: - display_name: ~64 GB, ~8.0 CPU - kubespawner_override: - mem_guarantee: 61.141G - cpu_guarantee: 0.8 - mem_128: - display_name: ~128 GB, ~16.0 CPU - kubespawner_override: - mem_guarantee: 122.282G - cpu_guarantee: 1.6 - mem_256: - display_name: ~256 GB, ~32.0 CPU - kubespawner_override: - mem_guarantee: 244.565G - cpu_guarantee: 3.2 - mem_512: - display_name: ~512 GB, ~64.0 CPU - kubespawner_override: - mem_guarantee: 489.13G - cpu_guarantee: 6.4 + image: rocker/binder:4.3 + # Launch RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + profile_options: *profile_options + - display_name: "QGIS on Linux Desktop" + slug: qgis + description: Linux desktop in the browser, with qgis installed kubespawner_override: - cpu_limit: null - mem_limit: null - node_selector: - node.kubernetes.io/instance-type: r5.16xlarge + # Explicitly unset this - we set this to 'jupyterhub-singleuser' + # in basehub/values.yaml. We instead want to leave this unset, + # so the default command for the docker image is used instead. + # This is required for .desktop files to show up correctly. + cmd: null + # Launch people directly into the Linux desktop when they start + default_url: /desktop + # Built from https://github.com/2i2c-org/nasa-qgis-image + image: "quay.io/2i2c/nasa-qgis-image:78d96c092f8e" + profile_options: *profile_options + - display_name: "Bring your own image" + description: Specify your own docker image (must have python and jupyterhub installed in it) + slug: custom + profile_options: + image: + display_name: Image + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: {} + resource_allocation: *profile_options_resource_allocation scheduling: userScheduler: enabled: true From d0ad3a226d6ba25bdaecfef40ec13bdf1ea3185c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 11 Jan 2024 08:54:10 +0100 Subject: [PATCH 284/494] terraform, azure: add node_pools variable validation --- terraform/azure/projects/utoronto.tfvars | 2 +- terraform/azure/variables.tf | 41 +++++++++++++++++------- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/terraform/azure/projects/utoronto.tfvars b/terraform/azure/projects/utoronto.tfvars index f7888250e5..6a552efa24 100644 --- a/terraform/azure/projects/utoronto.tfvars +++ b/terraform/azure/projects/utoronto.tfvars @@ -55,5 +55,5 @@ node_pools = { }, ], - dask : [] + dask : [], } diff --git a/terraform/azure/variables.tf b/terraform/azure/variables.tf index afeee2db6e..85856ea2e3 100644 --- a/terraform/azure/variables.tf +++ b/terraform/azure/variables.tf @@ -79,17 +79,21 @@ variable "ssh_pub_key" { } variable "node_pools" { - type = map(list(object({ - name : string, - vm_size : string, - os_disk_size_gb : optional(number, 100), - kubelet_disk_type : optional(string, "Temporary"), - min : number, - max : number, - labels : optional(map(string), {}), - taints : optional(list(string), []), - kubernetes_version : optional(string, ""), - }))) + type = map( + list( + object({ + name : string, + vm_size : string, + os_disk_size_gb : optional(number, 100), + kubelet_disk_type : optional(string, "Temporary"), + min : number, + max : number, + labels : optional(map(string), {}), + taints : optional(list(string), []), + kubernetes_version : optional(string, ""), + }) + ) + ) description = <<-EOT Node pools to create to be listed under the keys 'core', 'user', and 'dask'. @@ -97,6 +101,21 @@ variable "node_pools" { special treatment by being listed directly in the cluster resource's 'default_node_pool' field. EOT + + validation { + condition = length(var.node_pools["core"]) == 1 + error_message = "The core node pool is mapped to the cluster resource's `default_node_pool`, due to this we require exactly one core node pool to be specified." + } + + validation { + condition = length(setsubtract(keys(var.node_pools), ["core", "user", "dask"])) == 0 + error_message = "Only three kinds of node pools supported: 'core', 'user', and 'dask'." + } + + validation { + condition = length(setintersection(keys(var.node_pools), ["core", "user", "dask"])) == 3 + error_message = "All three kinds of node pools ('core', 'user', and 'dask') must be declared, even if they are empty lists of node pools." + } } variable "create_service_principal" { From 1d7bfca158356430056f67f1ce6e001106d57988 Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Thu, 11 Jan 2024 14:01:02 -0600 Subject: [PATCH 285/494] Add AMS workshop participants access --- config/clusters/nasa-ghg/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index 4b64ecb26c..fd83c62e06 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -46,6 +46,7 @@ basehub: - US-GHG-Center:ghg-use-case-2 - US-GHG-Center:ghg-use-case-3 - US-GHG-Center:ghg-external-collaborators + - US-GHG-Center:ghg-ams-2024-workshop-access scope: - read:org Authenticator: From eddc4106aad3f5e5af6af2d9e5d5888609c08021 Mon Sep 17 00:00:00 2001 From: Jenny Wong Date: Fri, 12 Jan 2024 11:51:19 +0000 Subject: [PATCH 286/494] Update Showcase Hub Handbook Authoring image tag --- config/clusters/2i2c-aws-us/showcase.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index 957262ba15..f926469ea1 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -129,7 +129,7 @@ basehub: display_name: Handbook Authoring slug: handbook kubespawner_override: - image: quay.io/2i2c/handbook-authoring-image:bbe4225a7940 + image: quay.io/2i2c/handbook-authoring-image:3559ba6430b3 pangeo: display_name: Pangeo Notebook default: true From 2e54e842636578d416864adc434d35fd3c919f3a Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 12 Jan 2024 15:12:44 +0200 Subject: [PATCH 287/494] Update cryptonono's location --- .github/workflows/bump-helm-versions.yaml | 2 +- helm-charts/support/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bump-helm-versions.yaml b/.github/workflows/bump-helm-versions.yaml index 2c11de3929..6a016366db 100644 --- a/.github/workflows/bump-helm-versions.yaml +++ b/.github/workflows/bump-helm-versions.yaml @@ -33,7 +33,7 @@ jobs: chart_urls: '{"binderhub": "https://raw.githubusercontent.com/jupyterhub/helm-chart/gh-pages/index.yaml"}' - name: "support" chart_path: "helm-charts/support/Chart.yaml" - chart_urls: '{"cryptnono": "https://yuvipanda.github.io/cryptnono/index.yaml", "cluster-autoscaler": "https://kubernetes.github.io/autoscaler/index.yaml", "ingress-nginx": "https://kubernetes.github.io/ingress-nginx/index.yaml", "grafana": "https://grafana.github.io/helm-charts/index.yaml", "prometheus": "https://prometheus-community.github.io/helm-charts/index.yaml"}' + chart_urls: '{"cryptnono": "https://cryptnono.github.io/cryptnono/index.yaml", "cluster-autoscaler": "https://kubernetes.github.io/autoscaler/index.yaml", "ingress-nginx": "https://kubernetes.github.io/ingress-nginx/index.yaml", "grafana": "https://grafana.github.io/helm-charts/index.yaml", "prometheus": "https://prometheus-community.github.io/helm-charts/index.yaml"}' steps: # We want tests to be run on the Pull Request that gets opened by the next step, diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 47e40ba73d..5ad0a62913 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -40,8 +40,8 @@ dependencies: condition: cluster-autoscaler.enabled # cryptnono, counters crypto mining - # Source code: https://github.com/yuvipanda/cryptnono/ + # Source code: https://github.com/cryptnono/cryptnono/ - name: cryptnono version: "0.3.1-0.dev.git.107.heb504bc" - repository: https://yuvipanda.github.io/cryptnono/ + repository: https://cryptnono.github.io/cryptnono/ condition: cryptnono.enabled From 9ae6f1c9fb7566343f4cc0978ff3e38344388aa1 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 12 Jan 2024 12:35:23 +0200 Subject: [PATCH 288/494] Update hhmi user image tag and name --- config/clusters/hhmi/common.values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index 65a4f37fb3..750f87275b 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -139,10 +139,10 @@ basehub: image: "{value}" choices: spyglass: - display_name: Spyglass-NWB + display_name: Spyglass slug: spyglass kubespawner_override: - image: "quay.io/2i2c/hhmi-spyglass-nwb-image:28e92dae096f" + image: "quay.io/lorenlab/hhmi-spyglass-image:c307f9418a60" - display_name: "Community Images" description: "Start a container with a community maintained image" slug: community From 95443afe6f479721b3b524f8d580390d24d50e84 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 15 Jan 2024 20:30:24 -0800 Subject: [PATCH 289/494] Don't apply archival storageclass rule unless necessary --- terraform/aws/buckets.tf | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/terraform/aws/buckets.tf b/terraform/aws/buckets.tf index b1f77afb24..2b1c7244d5 100644 --- a/terraform/aws/buckets.tf +++ b/terraform/aws/buckets.tf @@ -17,15 +17,21 @@ resource "aws_s3_bucket_lifecycle_configuration" "user_bucket_expiry" { } } - rule { - id = "archival-storageclass" - status = each.value.delete_after != null ? "Enabled" : "Disabled" + dynamic "rule" { + # Only set up this rule if it will be enabled. Prevents unnecessary + # churn in terraform + for_each = each.value.archival_storageclass_after != null ? [1] : [] - transition { - # Transition this to much cheaper object storage after a few days - days = each.value.archival_storageclass_after - # Glacier Instant is fast enough while also being pretty cheap - storage_class = "GLACIER_IR" + content { + id = "archival-storageclass" + status = "Enabled" + + transition { + # Transition this to much cheaper object storage after a few days + days = each.value.archival_storageclass_after + # Glacier Instant is fast enough while also being pretty cheap + storage_class = "GLACIER_IR" + } } } } From 7720a64df2ec34eca5c2e7f0bc6492458f929d68 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Tue, 16 Jan 2024 09:00:14 +0000 Subject: [PATCH 290/494] Bump charts ['binderhub'] to versions ['1.0.0-0.dev.git.3373.h41b9d77'], respectively --- helm-charts/binderhub/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/binderhub/Chart.yaml b/helm-charts/binderhub/Chart.yaml index d479e13496..da294edf98 100644 --- a/helm-charts/binderhub/Chart.yaml +++ b/helm-charts/binderhub/Chart.yaml @@ -5,7 +5,7 @@ name: binderhub version: "0.1.0" dependencies: - name: binderhub - version: "1.0.0-0.dev.git.3361.h6ba80cf" + version: "1.0.0-0.dev.git.3373.h41b9d77" repository: "https://jupyterhub.github.io/helm-chart/" - name: dask-gateway version: "2023.1.0" From f758e6332296fe355c07aa66111a46296464ceca Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Tue, 16 Jan 2024 09:00:28 +0000 Subject: [PATCH 291/494] Bump charts ['grafana', 'cryptnono'] to versions ['7.2.1', '0.3.1-0.dev.git.129.ha9d73b8'], respectively --- helm-charts/support/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 53747ba508..bf03895aff 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -21,7 +21,7 @@ dependencies: # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 7.0.19 + version: 7.2.1 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from @@ -42,6 +42,6 @@ dependencies: # cryptnono, counters crypto mining # Source code: https://github.com/yuvipanda/cryptnono/ - name: cryptnono - version: "0.3.1-0.dev.git.107.heb504bc" + version: "0.3.1-0.dev.git.129.ha9d73b8" repository: https://yuvipanda.github.io/cryptnono/ condition: cryptnono.enabled From 9d86d5f4b0e6d4c7a59c2284b0d073221e9689fa Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 16 Jan 2024 10:11:50 +0100 Subject: [PATCH 292/494] dask-gateway: bump from 2023.9.0 to 2024.1.0 This makes `latest` tag not come with `IfNotPreset` pull policies, which easily could cause issues if a `latest` tag was used. I recall there is also a fix related to the precision of resource requests. --- deployer/commands/deployer.py | 2 +- helm-charts/daskhub/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployer/commands/deployer.py b/deployer/commands/deployer.py index a25bf5f4d6..dcadca96ad 100644 --- a/deployer/commands/deployer.py +++ b/deployer/commands/deployer.py @@ -97,7 +97,7 @@ def deploy( help="Name of hub to operate deploy. Omit to deploy all hubs on the cluster", ), dask_gateway_version: str = typer.Option( - "2023.9.0", help="Version of dask-gateway to install CRDs for" + "2024.1.0", help="Version of dask-gateway to install CRDs for" ), debug: bool = typer.Option( False, diff --git a/helm-charts/daskhub/Chart.yaml b/helm-charts/daskhub/Chart.yaml index 37445c078e..fe6701f1d3 100644 --- a/helm-charts/daskhub/Chart.yaml +++ b/helm-charts/daskhub/Chart.yaml @@ -11,5 +11,5 @@ dependencies: # in the deployer's CLI # https://github.com/2i2c-org/infrastructure/blob/HEAD/deployer/deployer.py#L195 - name: dask-gateway - version: "2023.9.0" + version: "2024.1.0" repository: "https://helm.dask.org/" From 885ee0e61a2417d37ef8514bca8647b146147e2b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 16 Jan 2024 10:26:56 +0100 Subject: [PATCH 293/494] terraform, 2i2c-uk and callysto: cleanup replaced node pool --- terraform/gcp/projects/2i2c-uk.tfvars | 6 ------ terraform/gcp/projects/callysto.tfvars | 6 ------ 2 files changed, 12 deletions(-) diff --git a/terraform/gcp/projects/2i2c-uk.tfvars b/terraform/gcp/projects/2i2c-uk.tfvars index 091fed4b98..97b6e2f9e7 100644 --- a/terraform/gcp/projects/2i2c-uk.tfvars +++ b/terraform/gcp/projects/2i2c-uk.tfvars @@ -19,12 +19,6 @@ enable_filestore = true filestore_capacity_gb = 1024 notebook_nodes = { - # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4 - "user" : { - min : 0, - max : 100, - machine_type : "n2-highmem-4", - }, "n2-highmem-4" : { min : 0, max : 100, diff --git a/terraform/gcp/projects/callysto.tfvars b/terraform/gcp/projects/callysto.tfvars index 7dd737e961..5a90ec389d 100644 --- a/terraform/gcp/projects/callysto.tfvars +++ b/terraform/gcp/projects/callysto.tfvars @@ -19,12 +19,6 @@ enable_filestore = true filestore_capacity_gb = 1024 notebook_nodes = { - # FIXME: Delete this node pool when its empty, its replaced by n2-highmem-4 - "user" : { - min : 0, - max : 100, - machine_type : "n2-highmem-4", - }, "n2-highmem-4" : { min : 0, max : 100, From 743af8997aabd85ddc526ac28ee8394daea75866 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Tue, 16 Jan 2024 16:13:32 -0800 Subject: [PATCH 294/494] Fix location of cryptnono chart --- helm-charts/support/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 8e668057fd..9c23c9e7b8 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -43,5 +43,5 @@ dependencies: # Source code: https://github.com/cryptnono/cryptnono/ - name: cryptnono version: "0.3.1-0.dev.git.129.ha9d73b8" - repository: https://yuvipanda.github.io/cryptnono/ + repository: https://cryptnono.github.io/cryptnono/ condition: cryptnono.enabled From 161b51ac6742cf2091087ef3c8f59bbf616aab5f Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Tue, 16 Jan 2024 16:19:27 -0800 Subject: [PATCH 295/494] Don't upgrade grafana --- helm-charts/support/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 9c23c9e7b8..eeaff70123 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -21,7 +21,7 @@ dependencies: # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 7.2.1 + version: 6.60.1 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from From f28a480e6c67bc37e174e337448d696cc219575f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 17 Jan 2024 08:17:44 +0100 Subject: [PATCH 296/494] eksctl, nasa-cryo: cleanup replaced node group --- eksctl/nasa-cryo.jsonnet | 4 ---- 1 file changed, 4 deletions(-) diff --git a/eksctl/nasa-cryo.jsonnet b/eksctl/nasa-cryo.jsonnet index 592135f026..fb129998ca 100644 --- a/eksctl/nasa-cryo.jsonnet +++ b/eksctl/nasa-cryo.jsonnet @@ -25,10 +25,6 @@ local nodeAz = "us-west-2a"; // A `node.kubernetes.io/instance-type label is added, so pods // can request a particular kind of node with a nodeSelector local notebookNodes = [ - # FIXME: Delete the r5.xlarge node group when empty. It has an old k8s - # version and is tainted to prevent it from scaling up or scheduling - # new pods on it. - { instanceType: "r5.xlarge" }, { instanceType: "r5.xlarge", nameSuffix: "b" }, { instanceType: "r5.4xlarge" }, { instanceType: "r5.16xlarge" }, From 6e2fe53af2401fcbc352f3863bbbd1028e81b7b3 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 17 Jan 2024 17:10:15 +0200 Subject: [PATCH 297/494] Deactivate the configurator for hubs where profileLists override the same config --- config/clusters/2i2c-aws-us/itcoocean.values.yaml | 2 ++ config/clusters/2i2c-aws-us/ncar-cisl.values.yaml | 2 ++ config/clusters/2i2c-aws-us/showcase.values.yaml | 2 ++ config/clusters/2i2c/imagebuilding-demo.values.yaml | 3 ++- config/clusters/2i2c/ohw.values.yaml | 2 ++ config/clusters/earthscope/common.values.yaml | 2 ++ config/clusters/gridsst/common.values.yaml | 2 ++ config/clusters/hhmi/common.values.yaml | 2 ++ config/clusters/jupyter-meets-the-earth/common.values.yaml | 2 ++ config/clusters/leap/common.values.yaml | 2 ++ config/clusters/nasa-cryo/common.values.yaml | 2 ++ config/clusters/nasa-esdis/common.values.yaml | 2 ++ config/clusters/nasa-ghg/common.values.yaml | 2 ++ config/clusters/nasa-veda/common.values.yaml | 2 ++ config/clusters/openscapes/common.values.yaml | 2 ++ config/clusters/smithsonian/common.values.yaml | 2 ++ config/clusters/ubc-eoas/common.values.yaml | 2 ++ 17 files changed, 34 insertions(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/itcoocean.values.yaml b/config/clusters/2i2c-aws-us/itcoocean.values.yaml index 314f022eea..ee89a25b0d 100644 --- a/config/clusters/2i2c-aws-us/itcoocean.values.yaml +++ b/config/clusters/2i2c-aws-us/itcoocean.values.yaml @@ -11,6 +11,8 @@ jupyterhub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml b/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml index cce5859706..19d84efe5a 100644 --- a/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml +++ b/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml @@ -12,6 +12,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index f926469ea1..c8c7eb5457 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -15,6 +15,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/2i2c/imagebuilding-demo.values.yaml b/config/clusters/2i2c/imagebuilding-demo.values.yaml index b34845e2e8..19c42a9519 100644 --- a/config/clusters/2i2c/imagebuilding-demo.values.yaml +++ b/config/clusters/2i2c/imagebuilding-demo.values.yaml @@ -10,7 +10,8 @@ jupyterhub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" - + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/2i2c/ohw.values.yaml b/config/clusters/2i2c/ohw.values.yaml index 877e755e43..52c9225471 100644 --- a/config/clusters/2i2c/ohw.values.yaml +++ b/config/clusters/2i2c/ohw.values.yaml @@ -66,6 +66,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index f1a527c3ab..f1c42f498c 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -16,6 +16,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "google" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/gridsst/common.values.yaml b/config/clusters/gridsst/common.values.yaml index 515cf7193a..5b2c3eeeff 100644 --- a/config/clusters/gridsst/common.values.yaml +++ b/config/clusters/gridsst/common.values.yaml @@ -19,6 +19,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index 750f87275b..96b70c6186 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -14,6 +14,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/jupyter-meets-the-earth/common.values.yaml b/config/clusters/jupyter-meets-the-earth/common.values.yaml index 4e99ea5003..e45f1810ab 100644 --- a/config/clusters/jupyter-meets-the-earth/common.values.yaml +++ b/config/clusters/jupyter-meets-the-earth/common.values.yaml @@ -18,6 +18,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index 234662894e..8235910299 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -21,6 +21,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/nasa-cryo/common.values.yaml b/config/clusters/nasa-cryo/common.values.yaml index f5b6c40eb0..e98b4c6353 100644 --- a/config/clusters/nasa-cryo/common.values.yaml +++ b/config/clusters/nasa-cryo/common.values.yaml @@ -16,6 +16,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/nasa-esdis/common.values.yaml b/config/clusters/nasa-esdis/common.values.yaml index 5c813840fc..33a1428892 100644 --- a/config/clusters/nasa-esdis/common.values.yaml +++ b/config/clusters/nasa-esdis/common.values.yaml @@ -15,6 +15,8 @@ jupyterhub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index fd83c62e06..ee71a39746 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -19,6 +19,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index 3e9d7e7ae6..9ebc388e99 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -19,6 +19,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index 745f6c87dd..db40829920 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -16,6 +16,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: gitRepoBranch: "openscapes" templateVars: diff --git a/config/clusters/smithsonian/common.values.yaml b/config/clusters/smithsonian/common.values.yaml index 334bbb877f..ae6a90f7f8 100644 --- a/config/clusters/smithsonian/common.values.yaml +++ b/config/clusters/smithsonian/common.values.yaml @@ -17,6 +17,8 @@ basehub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: diff --git a/config/clusters/ubc-eoas/common.values.yaml b/config/clusters/ubc-eoas/common.values.yaml index a510052347..65063fe49c 100644 --- a/config/clusters/ubc-eoas/common.values.yaml +++ b/config/clusters/ubc-eoas/common.values.yaml @@ -19,6 +19,8 @@ jupyterhub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "google" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: From 916ca3fa46f8aa5d0443a83b0c3696c8e0f8a813 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 19 Jan 2024 10:54:56 +0000 Subject: [PATCH 298/494] [showcase] Enable env var access to scratch bucket --- config/clusters/2i2c-aws-us/showcase.values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index c8c7eb5457..59190858a1 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -48,6 +48,9 @@ basehub: Authenticator: enable_auth_state: true singleuser: + extraEnv: + SCRATCH_BUCKET: s3://2i2c-aws-us-scratch-researchdelight/$(JUPYTERHUB_USER) + PANGEO_SCRATCH: s3://2i2c-aws-us-scratch-researchdelight/$(JUPYTERHUB_USER) profileList: - display_name: "NASA TOPS-T ScienceCore-ClimateRisk" description: "For collaborative work on 2i2c/MD's NASA TOPS-T ScienceCore Module" From bbdf1c79b164abce5c91b85ab33d3eecd29840d4 Mon Sep 17 00:00:00 2001 From: Jenny Wong Date: Fri, 19 Jan 2024 10:57:31 +0000 Subject: [PATCH 299/494] Update image --- config/clusters/2i2c-aws-us/showcase.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index c8c7eb5457..6977dd7464 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -131,7 +131,7 @@ basehub: display_name: Handbook Authoring slug: handbook kubespawner_override: - image: quay.io/2i2c/handbook-authoring-image:3559ba6430b3 + image: quay.io/2i2c/handbook-authoring-image:ad18f6ea575d pangeo: display_name: Pangeo Notebook default: true From 02045d0610ded8ed41e640b4353c12e895d71e67 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 19 Jan 2024 13:11:41 +0000 Subject: [PATCH 300/494] [showcase] Add a persistent bucket --- terraform/aws/projects/2i2c-aws-us.tfvars | 3 +++ 1 file changed, 3 insertions(+) diff --git a/terraform/aws/projects/2i2c-aws-us.tfvars b/terraform/aws/projects/2i2c-aws-us.tfvars index 7a9448f16e..e9adf7b423 100644 --- a/terraform/aws/projects/2i2c-aws-us.tfvars +++ b/terraform/aws/projects/2i2c-aws-us.tfvars @@ -14,6 +14,9 @@ user_buckets = { "scratch-researchdelight" : { "delete_after" : 7 }, + "persistent-showcase" : { + "delete_after" : null + }, "scratch-ncar-cisl" : { "delete_after" : 7 }, From a8a751851c67a8000e18d5cb2a68fc9ed73d908b Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 19 Jan 2024 13:16:40 +0000 Subject: [PATCH 301/494] Add persistent-showcase bucket to hub permissions --- terraform/aws/projects/2i2c-aws-us.tfvars | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/terraform/aws/projects/2i2c-aws-us.tfvars b/terraform/aws/projects/2i2c-aws-us.tfvars index e9adf7b423..4e5dbb4a5c 100644 --- a/terraform/aws/projects/2i2c-aws-us.tfvars +++ b/terraform/aws/projects/2i2c-aws-us.tfvars @@ -42,7 +42,10 @@ hub_cloud_permissions = { }, "researchdelight" : { requestor_pays : true, - bucket_admin_access : ["scratch-researchdelight"], + bucket_admin_access : [ + "scratch-researchdelight", + "persistent-showcase" + ], extra_iam_policy : "" }, "ncar-cisl" : { From 35a7b051bbad5943d0af2eec1d60caa4669f884f Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Fri, 19 Jan 2024 17:31:08 -0300 Subject: [PATCH 302/494] Add UVRI hub on catalystproject-africa cluster --- .../catalystproject-africa/cluster.yaml | 8 +++ .../enc-uvri.secret.values.yaml | 20 ++++++ .../catalystproject-africa/uvri.values.yaml | 70 +++++++++++++++++++ 3 files changed, 98 insertions(+) create mode 100644 config/clusters/catalystproject-africa/enc-uvri.secret.values.yaml create mode 100644 config/clusters/catalystproject-africa/uvri.values.yaml diff --git a/config/clusters/catalystproject-africa/cluster.yaml b/config/clusters/catalystproject-africa/cluster.yaml index 6e217fdec6..3276b0b1b4 100644 --- a/config/clusters/catalystproject-africa/cluster.yaml +++ b/config/clusters/catalystproject-africa/cluster.yaml @@ -34,3 +34,11 @@ hubs: - common.values.yaml - must.values.yaml - enc-must.secret.values.yaml + - name: uvri + display_name: "Catalyst Project, Africa - UVRI" + domain: uvri.af.catalystproject.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - uvri.values.yaml + - enc-uvri.secret.values.yaml diff --git a/config/clusters/catalystproject-africa/enc-uvri.secret.values.yaml b/config/clusters/catalystproject-africa/enc-uvri.secret.values.yaml new file mode 100644 index 0000000000..0b439c7441 --- /dev/null +++ b/config/clusters/catalystproject-africa/enc-uvri.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:eg4yo+7kobztYqLXpeR3vcQtXIU=,iv:v7u+Soe3C+cj5sAhTP7Cv6HwMpNhJ2T7PsER0Hrr//M=,tag:Q9y22FgQlEIlzFiQLxXFFw==,type:str] + client_secret: ENC[AES256_GCM,data:BA4HqDHaWCgRqWuKikUasKh+aqTBm+Q7j4D1U0OfbOwxIx6kHKc8gQ==,iv:ZVw7RFLm4s0iSPEAiibFxOjfRxlcqNwnv18peDq/Lgk=,tag:j5fKtwvvuF3K2LdAE3LMsQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-01-19T19:50:33Z" + enc: CiUA4OM7eMb0zTHlzhLypRrf0SjUiVx7JlJThSHKlNYroiPeRR11EkkAjTWv+k7KcyKwMMfp+QIGzPoWp+4CkmNl9pz/mAB3v8/6xFjimprYziUq99t9NrH+sdGtWua+AEgL808qn9Y6khAJ/uH4zJuN + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-01-19T19:50:34Z" + mac: ENC[AES256_GCM,data:0V0DG6N5cQ8Wgr2wuZjEDqWIk5gAgbxJj2aG6CF+Ct3nEMz1hG9kK+2QeSJTBt8Yclkb08pw62DUhGxD9MXOM0jDv8PRck7w02179sRzLZPX9tqlk61IuywINmsD5B0qozwRBiBIyGXCCQYI7FngxYPsqCrYZTKp0El6P9CXXy8=,iv:tuEYh5OWhK6YlcEh/uph0pVIzWC1SgyrwjMLUC0Rj04=,tag:CQubFcxH6Jh9Ceilq4GSqg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/catalystproject-africa/uvri.values.yaml b/config/clusters/catalystproject-africa/uvri.values.yaml new file mode 100644 index 0000000000..810d04b3da --- /dev/null +++ b/config/clusters/catalystproject-africa/uvri.values.yaml @@ -0,0 +1,70 @@ +jupyterhub: + ingress: + hosts: [uvri.af.catalystproject.2i2c.cloud] + tls: + - hosts: [uvri.af.catalystproject.2i2c.cloud] + secretName: https-auto-tls + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Catalyst Project, Africa - UVRI + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: "2i2c" + url: https://2i2c.org + operated_by: + name: "2i2c" + url: https://2i2c.org + funded_by: + name: Chan Zuckerberg Initiative - Open Science + url: "https://chanzuckerberg.com/science/programs-resources/open-science/" + hub: + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://uvri.af.catalystproject.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - CatalystProject-Hubs:uvri + scope: + - read:org + # Authenticator: + # admin_users: + # - + singleuser: + profileList: + - display_name: Jupyter + slug: jupyter-scipy + description: "Python environment" + default: true + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-27 + default_url: /lab + profile_options: &profile_options + resource_allocation: + display_name: Resource Allocation + choices: + mem_8: + default: true + display_name: ~8 GB RAM, ~1.0 CPU + kubespawner_override: + mem_guarantee: 6.684G + cpu_guarantee: 0.75 + mem_limit: null + cpu_limit: null + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + - display_name: RStudio + description: R environment + kubespawner_override: + image: rocker/binder:4.3 + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + profile_options: *profile_options From a750c5884f04cf8638ae77fab32fd8a2bffc8044 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 22 Jan 2024 12:10:23 +0000 Subject: [PATCH 303/494] [victor] enable unlisted choice on staging for testing purposes ref: https://2i2c.freshdesk.com/a/tickets/1257 --- config/clusters/victor/staging.values.yaml | 55 ++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/config/clusters/victor/staging.values.yaml b/config/clusters/victor/staging.values.yaml index 5e3e57f6c4..c0e824090a 100644 --- a/config/clusters/victor/staging.values.yaml +++ b/config/clusters/victor/staging.values.yaml @@ -13,3 +13,58 @@ basehub: config: GitHubOAuthenticator: oauth_callback_url: https://staging.victor.2i2c.cloud/hub/oauth_callback + singleuser: + profileList: + # Create a small instance that can launch a custom image + - display_name: "Bring your own image - Small: m5.large" + description: "Specific your own image (must have python and jupyterhub installed in it) - ~2 CPU, ~8G RAM" + slug: custom + profile_options: + image: + display_name: Image + unlisted_choice: + enabled: true + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + mem_limit: 8G + mem_guarantee: 6.5G + node_selector: + node.kubernetes.io/instance-type: m5.large + choices: {} + #=== Below are copied from common file ===# + # The mem-guarantees are here so k8s doesn't schedule other pods + # on these nodes. + - display_name: "Small: m5.large" + description: "~2 CPU, ~8G RAM" + default: true + kubespawner_override: + # Explicitly unset mem_limit, so it overrides the default memory limit we set in + # basehub/values.yaml + mem_limit: 8G + mem_guarantee: 6.5G + node_selector: + node.kubernetes.io/instance-type: m5.large + - display_name: "Medium: m5.xlarge" + description: "~4 CPU, ~15G RAM" + kubespawner_override: + mem_limit: 15G + mem_guarantee: 12G + node_selector: + node.kubernetes.io/instance-type: m5.xlarge + - display_name: "Large: m5.2xlarge" + description: "~8 CPU, ~30G RAM" + kubespawner_override: + mem_limit: 30G + mem_guarantee: 25G + node_selector: + node.kubernetes.io/instance-type: m5.2xlarge + - display_name: "Huge: m5.8xlarge" + description: "~16 CPU, ~60G RAM" + kubespawner_override: + mem_limit: 60G + mem_guarantee: 50G + node_selector: + node.kubernetes.io/instance-type: m5.8xlarge From 78cbf760ea1e83e85227bdf96ec7670c7cc8073f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jan 2024 10:42:09 +0000 Subject: [PATCH 304/494] Update comment to provide info about which account under SSO 2i2c-aws-us cluster belongs to --- config/clusters/2i2c-aws-us/cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/cluster.yaml b/config/clusters/2i2c-aws-us/cluster.yaml index f549d9a664..a1dd7f42bc 100644 --- a/config/clusters/2i2c-aws-us/cluster.yaml +++ b/config/clusters/2i2c-aws-us/cluster.yaml @@ -1,5 +1,5 @@ name: 2i2c-aws-us -provider: aws # https://2i2c.awsapps.com/start#/ +provider: aws # https://2i2c.awsapps.com/start#/ under the two-eye-two-see account aws: key: enc-deployer-credentials.secret.json clusterType: eks From 4b1eb0684f305b228a4366b197417726a5e0203d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jan 2024 10:48:04 +0000 Subject: [PATCH 305/494] Add env var to access persistent bucket --- config/clusters/2i2c-aws-us/showcase.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index 9849dc7a99..3aec7b1096 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -51,6 +51,7 @@ basehub: extraEnv: SCRATCH_BUCKET: s3://2i2c-aws-us-scratch-researchdelight/$(JUPYTERHUB_USER) PANGEO_SCRATCH: s3://2i2c-aws-us-scratch-researchdelight/$(JUPYTERHUB_USER) + PERSISTENT_BUCKET: s3://2i2c-aws-us-persistent-showcase/$(JUPYTERHUB_USER) profileList: - display_name: "NASA TOPS-T ScienceCore-ClimateRisk" description: "For collaborative work on 2i2c/MD's NASA TOPS-T ScienceCore Module" From 643aa3e7c3523f1946728a4dc15e3582b678519d Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 23 Jan 2024 17:10:45 +0000 Subject: [PATCH 306/494] [openscapes] bump python image requested in: https://2i2c.freshdesk.com/a/tickets/1261 --- config/clusters/openscapes/prod.values.yaml | 2 +- config/clusters/openscapes/staging.values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/openscapes/prod.values.yaml b/config/clusters/openscapes/prod.values.yaml index c3fc16cd34..29311e3ec8 100644 --- a/config/clusters/openscapes/prod.values.yaml +++ b/config/clusters/openscapes/prod.values.yaml @@ -16,7 +16,7 @@ basehub: description: Python datascience environment default: true kubespawner_override: - image: openscapes/python:6ee57a9 + image: openscapes/python:4f340eb profile_options: &profile_options requests: display_name: Resource Allocation diff --git a/config/clusters/openscapes/staging.values.yaml b/config/clusters/openscapes/staging.values.yaml index 464e79bf4e..81ab539c90 100644 --- a/config/clusters/openscapes/staging.values.yaml +++ b/config/clusters/openscapes/staging.values.yaml @@ -27,10 +27,10 @@ basehub: image: "{value}" choices: default: - display_name: openscapes/python:6ee57a9 + display_name: openscapes/python:4f340eb default: true kubespawner_override: - image: openscapes/python:6ee57a9 + image: openscapes/python:4f340eb requests: &requests_profile_options display_name: Resource Allocation choices: From 952dfaba512dd659e44cc79aa6c0228c3022fcd1 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 24 Jan 2024 14:41:32 -0800 Subject: [PATCH 307/494] Check for technical support contacts as part of new hub turn-up As part of https://github.com/2i2c-org/infrastructure/issues/3048#issuecomment-1907195217, we now have an airtable be the 'source of truth' for who is allowed to initiate support requests. This PR adds an item in the checklist for new hub turn up, making sure we validate that there *is* a technical contact for this hub. The airtable in use may change soon as well as the terminology (as partnerships works on it https://github.com/2i2c-org/infrastructure/issues/3048#issuecomment-1909011115). But it is important to have a verification step here, so we don't let whatever airtable it is be out of date. Ref https://github.com/2i2c-org/infrastructure/issues/3048#issuecomment-1907335901 --- .github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml b/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml index a436559ce2..94225974db 100644 --- a/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml +++ b/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml @@ -172,6 +172,20 @@ body: validations: required: false + - type: checkboxes + attributes: + label: Technical support contacts listed + description: | + Technical contacts are the folks who are authorized to open support tickets about this hub. + The source of truth is maintained in [this airtable](https://airtable.com/appxk7c9WUsDjSi0Q/tbl3CWOgyoEtuGuIw/viwtpo7RxkYv63hiD?blocks=hide). + + Validate that there is at least one technical contact listed in the airtable for this hub. If not, ping + partnerships to ensure they find out who that is and fill that information in. + options: + - label: Technical contact present + validations: + required: true + - type: dropdown attributes: label: (Optional) Preferred cloud provider From bf4dfe6c35808e6cd1f4eea0a42aad448e2ea6b8 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 16 Jan 2024 15:47:31 -0800 Subject: [PATCH 308/494] Document how to enable auth0 authentication Ref https://github.com/2i2c-org/infrastructure/issues/3533 --- .../configure-auth/auth0.md | 74 +++++++++++++++++++ .../configure-auth/index.md | 1 + 2 files changed, 75 insertions(+) create mode 100644 docs/hub-deployment-guide/configure-auth/auth0.md diff --git a/docs/hub-deployment-guide/configure-auth/auth0.md b/docs/hub-deployment-guide/configure-auth/auth0.md new file mode 100644 index 0000000000..0174ea6282 --- /dev/null +++ b/docs/hub-deployment-guide/configure-auth/auth0.md @@ -0,0 +1,74 @@ +(auth:auth0)= +# Auth0 + +[Auth0](https://auth0.com/) is a commercial authentication provider that some communities +would like to use, for the various extra features it offers. Since it's outside the primary +two authentication mechanisms we offer, this costs extra - please confirm with partnerships +team that the community is being billed for it. + +## Set up the hub with CILogon + +First, we set up the hub and use [CILogon](auth:cilogon) for authentication, so the community +can get started and poke around. This decouples getting started from the auth0 process, +to make everything smoother (for both 2i2c engineers and the community). + +## Requesting credentials from the community + +We have to ask the community to create and provision Auth0 credentials for us. They will need +to create a [Regular Auth0 Web App](https://auth0.com/docs/get-started/auth0-overview/create-applications/regular-web-apps) +for each hub - so at the least, for the staging hub and the production hub. + +Under [Application URIs](https://auth0.com/docs/get-started/applications/application-settings#application-uris), +they should use the following URL under"Allowed Callback URLs": + +`https:///hub/oauth_callback` + +Once created, they should collect the following information: + +1. `client_secret` and `client_id` for the created application. +2. The "Auth0 domain" for the created application. + +These are *secure credentials*, and must be sent to us using [the encrypted support mechanism](https://docs.2i2c.org/support/#send-us-encrypted-content) + +They can configure this with whatever [connections](https://auth0.com/docs/connections) they +prefer - 2i2c is not responsible for and hence can not really help with configuring this. + +```{note} + +It may be advantageous to 2i2c engineers to have shared access to this auth0 web application, +so we can debug issues that may arise. But we don't want to create too much friction here, +by having to manually create accounts for each 2i2c engineer for each auth0 application we +administer. Solutions (potentially a shared account) are being explored. +``` + +## Configuring the JupyterHub to use Auth0 + +We will use the upstream [Auth0OAuthenticator](https://github.com/jupyterhub/oauthenticator/blob/main/oauthenticator/auth0.py) +to allow folks to login to JupyterHub. + +In the `common.yaml` file for the cluster hosting the hubs, we set the authenticator to be `auth0`. + +```yaml +jupyterhub: + hub: + config: + JupyterHub: + authenticator_class: auth0 +``` + +In the encrypted, per-hub config (of form `enc-.secret.values.yaml`), we specify the secret values +we received from the community. + +```yaml +jupyterhub: + hub: + config: + Auth0OAuthenticator: + auth0_domain: + client_id: + client_secret: +``` + +## Selecting `username_claim` + +## Passing on auth0 tokens to user servers via environment variables \ No newline at end of file diff --git a/docs/hub-deployment-guide/configure-auth/index.md b/docs/hub-deployment-guide/configure-auth/index.md index 2da95120b0..b7cb0939ae 100644 --- a/docs/hub-deployment-guide/configure-auth/index.md +++ b/docs/hub-deployment-guide/configure-auth/index.md @@ -12,4 +12,5 @@ Switching authentication providers (e.g. from GitHub to Google) for a pre-existi :caption: Authentication Providers github-orgs cilogon +auth0 ``` From f3552718e039c9bfc41bb3b266ea5bf736b9da71 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 18 Jan 2024 14:57:36 -0800 Subject: [PATCH 309/494] Add earthscope staging config --- config/clusters/earthscope/common.values.yaml | 35 ++++++++++++++++++- .../earthscope/enc-staging.secret.values.yaml | 8 +++-- .../configure-auth/auth0.md | 9 +++++ 3 files changed, 49 insertions(+), 3 deletions(-) diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index f1c42f498c..f1502d2d1d 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -33,9 +33,41 @@ basehub: name: "EarthScope Consortium" url: https://www.earthscope.org/ hub: + extraConfig: + 001-username-claim: | + from oauthenticator.auth0 import Auth0OAuthenticator + + class CustomAuth0OAuthenticator(Auth0OAuthenticator): + async def authenticate(self, *args, **kwargs): + auth_model = await super().authenticate(*args, **kwargs) + username = auth_model["name"] + print(auth_model) + if username.startswith("oauth2|cilogon"): + cilogon_sub = username.rsplit("|", 1)[-1] + cilogon_sub_parts = cilogon_sub.split("/") + username = f"oauth2|cilogon|{cilogon_sub_parts[3]}|{cilogon_sub_parts[5]}" + auth_model["name"] = username + return auth_model + + def populate_token(spawner, auth_state): + token_env = { + 'AUTH0_ACCESS_TOKEN': auth_state.get("access_token", ""), + 'AUTH0_ID_TOKEN': auth_state.get("id_token", ""), + 'AUTH0_REFRESH_TOKEN': auth_state.get('refresh_token', '') + } + spawner.environment.update(token_env) + c.Spawner.auth_state_hook = populate_token + + c.JupyterHub.authenticator_class = CustomAuth0OAuthenticator config: JupyterHub: - authenticator_class: cilogon + authenticator_class: auth0 + Auth0OAuthenticator: + scope: + - openid + - offline_access + username_claim: sub + allow_all: True CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: @@ -46,6 +78,7 @@ basehub: username_derivation: username_claim: email Authenticator: + enable_auth_state: true admin_users: - timdittmann - chad-earthscope diff --git a/config/clusters/earthscope/enc-staging.secret.values.yaml b/config/clusters/earthscope/enc-staging.secret.values.yaml index bab6d99775..eaf6677ac2 100644 --- a/config/clusters/earthscope/enc-staging.secret.values.yaml +++ b/config/clusters/earthscope/enc-staging.secret.values.yaml @@ -2,6 +2,10 @@ basehub: jupyterhub: hub: config: + Auth0OAuthenticator: + auth0_domain: ENC[AES256_GCM,data:QIf7pJ+PuhRcLGmiJBrxbe101fgJHGfO,iv:uxvwv+jsi4hdJoq8G/C6hup7+HmqxTvgbLvrr6GcB68=,tag:CsvbXofKbCdtZGKDND5ZeQ==,type:str] + client_id: ENC[AES256_GCM,data:zAZAcTnDoYXd6+HEHyCTAZcWDfFb4MVGaHguf+l80jc=,iv:aQidh2IJMcMcEPBCyB7I94of0ywyvNNc4R/9jrTh/Xo=,tag:EN3jpNVKALN4L5mBw21Ptg==,type:str] + client_secret: ENC[AES256_GCM,data:glfuw+S6w1n8hNOvYlEPvTVU6yfAePNt1/zzz8ttrW8eTro5o05dKLeUgULp75/tk5BbVoYkjt3VsruVWq5nWg==,iv:GtB9642/chhguJaLsvI/It1kGWH/VZ5J/ubdbu5GzvY=,tag:Ym62f23AnqPDEFTDC9RwAA==,type:str] CILogonOAuthenticator: client_id: ENC[AES256_GCM,data:Lv/25K0A8CZs6dK20mujkn536hpreimP/MUqGOJ4cpXLTFnJNRmGkN7mYPC2klalEKcn,iv:nj4b7Y75A9wgg+w2XBas17Cs8Az3AzDkeO9u1ZwI1Jo=,tag:gCMMoa3iQWVRQvTQkCIkAg==,type:str] client_secret: ENC[AES256_GCM,data:EAD3iQGXs7soD4VxRXol2YuuJBmOpDBbX5Cg+VyTk7xA7Jn715vZMNBeOKtal1a6kzyds3tuw+h+DWsF3Dod2MxHS7H4FARHLopP9xuAvS6Tw3mZZ28=,iv:F8CqwLYz7WR5qge0Yj91aU/w5pj6fiEaBvndVe4zvG4=,tag:60BekNlkRhf2a3Nkvo1kWg==,type:str] @@ -14,8 +18,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-12-14T18:42:52Z" - mac: ENC[AES256_GCM,data:DWO/hv47PbcFx8NATfOJrLUMkOV3dTUzr53nUtpDge+NseEOSoMKeEWz1L7jWYhM+Iga05csm78BT9c3gI921dKlOXRJ6fn1e5guxqKPOAuZugbWUeEqGa8Z26sAwuSRXIZyWiWDJZJThsNk4+s0s7vZmXcrGHGjWA3eCEvTwxE=,iv:9QDeyrmE0euFgqcvZMCuubNA44YB8x2Sa1CqEGJjKjM=,tag:qj5ZnX1TS2Lt4QbXuJFB0Q==,type:str] + lastmodified: "2024-01-18T22:56:16Z" + mac: ENC[AES256_GCM,data:RTdv7Ry6i7GNQJsKiNSIj8lFbFAPPk4cypVnPsrR8wT8CFN4kDxINw6u5XTbMeWtijoRSuZGSaFvjQZn/9jcHhyXipA3FNXpzvJRKMluGYDiBermpchwsFZiD2QC/OdPJwBDgMnYXRJ8aau4O4ccR1y4hGaeZSyoiACUnVlJRh4=,iv:/XngY8fbnCJ9Uu68V0u7vyitzGpNa0jaguvdrvZQlCA=,tag:hWoFsNuoQgwMiOtDgF49wg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/docs/hub-deployment-guide/configure-auth/auth0.md b/docs/hub-deployment-guide/configure-auth/auth0.md index 0174ea6282..a1e9371494 100644 --- a/docs/hub-deployment-guide/configure-auth/auth0.md +++ b/docs/hub-deployment-guide/configure-auth/auth0.md @@ -67,8 +67,17 @@ jupyterhub: auth0_domain: client_id: client_secret: + scope: openid + username_claim: sub ``` +Once deployed, this should allow users authorized by Auth0 to login to the hub! Their usernames will +look like `:`, which looks a little strange but allows differentiation between +people who use multiple accounts but the same email. For example, + ## Selecting `username_claim` +TODO: `sub` is not always a valid username, as CILogon produces `sub` like `oauth2|cilogon|http://cilogon.org/servera/users/32158821`. +Need to figure out how to make this happen. + ## Passing on auth0 tokens to user servers via environment variables \ No newline at end of file From 591c18f5467c580ed525460cb8922b4fc567f875 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 19 Jan 2024 12:48:55 -0800 Subject: [PATCH 310/494] Require 'geolab' scope to allow logins --- config/clusters/earthscope/common.values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index f1502d2d1d..6df0fa94dc 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -41,6 +41,8 @@ basehub: async def authenticate(self, *args, **kwargs): auth_model = await super().authenticate(*args, **kwargs) username = auth_model["name"] + if 'geolab' not in auth_model['auth_state']['scope']: + return None print(auth_model) if username.startswith("oauth2|cilogon"): cilogon_sub = username.rsplit("|", 1)[-1] @@ -65,7 +67,13 @@ basehub: Auth0OAuthenticator: scope: - openid + # This gives us refresh token - offline_access + # This allows EarthScope to control who can login to the hub + - geolab + extra_authorize_params: + # This isn't an actual URL, just a string. Must not have a trailing slash + audience: https://api.dev.earthscope.org username_claim: sub allow_all: True CILogonOAuthenticator: From 5340cb91bbf847e1736d073d1fabeec0fe71bb54 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 19 Jan 2024 17:09:20 -0800 Subject: [PATCH 311/494] Require 'geolab' scope to allow login to the hub Brings in https://github.com/jupyterhub/oauthenticator/pull/719 --- config/clusters/earthscope/common.values.yaml | 49 +++++++++++++++++-- 1 file changed, 45 insertions(+), 4 deletions(-) diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index 6df0fa94dc..7f89f10766 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -36,14 +36,34 @@ basehub: extraConfig: 001-username-claim: | from oauthenticator.auth0 import Auth0OAuthenticator + from traitlets import List, Unicode class CustomAuth0OAuthenticator(Auth0OAuthenticator): + # required_scopes functionality comes in from https://github.com/jupyterhub/oauthenticator/pull/719 + # Can be removed from here once that PR is merged + required_scopes = List( + Unicode(), + config=True, + help=""" + List of scopes that must be granted to allow login. + + All the scopes listed in this config must be present in the OAuth2 grant + from the authorizing server to allow the user to login. We request all + the scopes listed in the 'scope' config, but only a subset of these may + be granted by the authorization server. This may happen if the user does not + have permissions to access a requested scope, or has chosen to not give consent + for a particular scope. If the scopes listed in this config are not granted, + the user will not be allowed to log in. + + See the OAuth documentation of your OAuth provider for various options. + """, + ) + async def authenticate(self, *args, **kwargs): auth_model = await super().authenticate(*args, **kwargs) username = auth_model["name"] - if 'geolab' not in auth_model['auth_state']['scope']: - return None - print(auth_model) + # This is required until https://github.com/jupyterhub/oauthenticator/pull/717 + # gets merged, can be removed after that. if username.startswith("oauth2|cilogon"): cilogon_sub = username.rsplit("|", 1)[-1] cilogon_sub_parts = cilogon_sub.split("/") @@ -51,6 +71,21 @@ basehub: auth_model["name"] = username return auth_model + async def check_allowed(self, username, auth_model): + if await super().check_allowed(username, auth_model): + return True + + if self.required_scopes: + granted_scopes = auth_model.get('auth_state', {}).get('scope', []) + missing_scopes = set(self.required_scopes) - set(granted_scopes) + if missing_scopes: + self.log.info(f"Denying access to user {username} - scopes {missing_scopes} were not granted") + return False + else: + return True + + return False + def populate_token(spawner, auth_state): token_env = { 'AUTH0_ACCESS_TOKEN': auth_state.get("access_token", ""), @@ -58,12 +93,17 @@ basehub: 'AUTH0_REFRESH_TOKEN': auth_state.get('refresh_token', '') } spawner.environment.update(token_env) + c.Spawner.auth_state_hook = populate_token c.JupyterHub.authenticator_class = CustomAuth0OAuthenticator config: JupyterHub: authenticator_class: auth0 + CustomAuth0OAuthenticator: + required_scopes: + # This allows EarthScope to control who can login to the hub + - geolab Auth0OAuthenticator: scope: - openid @@ -75,7 +115,6 @@ basehub: # This isn't an actual URL, just a string. Must not have a trailing slash audience: https://api.dev.earthscope.org username_claim: sub - allow_all: True CILogonOAuthenticator: allowed_idps: http://github.com/login/oauth/authorize: @@ -90,6 +129,8 @@ basehub: admin_users: - timdittmann - chad-earthscope + - google-oauth2|101500906458831444600 + - oauth2|cilogon|servera|32158821 singleuser: profileList: - display_name: "Shared Small: 1-4 CPU, 8-32 GB" From cc89392a4b2da63512f0844d48259e66ccd0cd70 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 24 Jan 2024 15:02:01 -0800 Subject: [PATCH 312/494] Show granted scopes in debug log too --- config/clusters/earthscope/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index 7f89f10766..16b420da25 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -79,7 +79,7 @@ basehub: granted_scopes = auth_model.get('auth_state', {}).get('scope', []) missing_scopes = set(self.required_scopes) - set(granted_scopes) if missing_scopes: - self.log.info(f"Denying access to user {username} - scopes {missing_scopes} were not granted") + self.log.info(f"Denying access to user {username} - scopes {missing_scopes} were not granted, only {granted_scopes} were granted") return False else: return True From 708ddee9b9364ed5672892567ef858205d504d33 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 24 Jan 2024 15:03:32 -0800 Subject: [PATCH 313/494] Setup earthscope production credentials too --- .../earthscope/enc-prod.secret.values.yaml | 7 +++++-- .../earthscope/enc-staging.secret.values.yaml | 5 ++--- config/clusters/earthscope/prod.values.yaml | 5 +++++ .../clusters/earthscope/staging.values.yaml | 5 +++++ .../configure-auth/auth0.md | 21 +++++++++++-------- 5 files changed, 29 insertions(+), 14 deletions(-) diff --git a/config/clusters/earthscope/enc-prod.secret.values.yaml b/config/clusters/earthscope/enc-prod.secret.values.yaml index 323551895b..2894018c8d 100644 --- a/config/clusters/earthscope/enc-prod.secret.values.yaml +++ b/config/clusters/earthscope/enc-prod.secret.values.yaml @@ -2,6 +2,9 @@ basehub: jupyterhub: hub: config: + Auth0OAuthenticator: + client_id: ENC[AES256_GCM,data:DwOUn4AFZyJrPv2gw3SvArLXNrEOQgoWJPYLpJSQetE=,iv:HFevqec5FROZQkAfCnkoVZacFhVsRB2Fym82XHDzFBw=,tag:O9it7h27UX7a89sExeXs9A==,type:str] + client_secret: ENC[AES256_GCM,data:fQdBLKrl9OG1zB9wX0+j10K+1+rgSTz1/v/tVOcV8ZZcXM8FCs9EKR2nhvfrMHL3nX59NMUeI64Jb9EG16mE5g==,iv:JfSBDbzia4xNSWPmW3Cde8RqUg78l6t34yviXx54VXU=,tag:9ID3wzmWvZa1hbfsT2rTyw==,type:str] CILogonOAuthenticator: client_id: ENC[AES256_GCM,data:1C0ercYZjjc63vTPPcVa7B0Y1bnuawg854Yf3Kl4UnJ0gYuqem+zuv1lQfOzU8zKXy5L,iv:2IZjb7WzomJg8I9uDDXINjULJPXUBfJCldMOxH+B8tA=,tag:Dv1xaVkDCpI7/GLuGv6GzA==,type:str] client_secret: ENC[AES256_GCM,data:2mGbTTnKcVZp57ZX2Tj2o+j2y0NfABPtTiV6sw3oWlR/t7w4fiFkSK9cyArnJwQfRjWc6M6NNB50A3zWZrKaoPLRj8Afiq8pFTjtRZnZGe5g4h2mXYg=,iv:xmJEHc2V0aG1KEh2eAPj80tZoNzFnBz42QdCSmzO2mc=,tag:+48SuYVdlJCizaYVMn9hrA==,type:str] @@ -14,8 +17,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-12-14T18:24:34Z" - mac: ENC[AES256_GCM,data:0Kde6XE/A7k9CwhxQFsa3I61ohr9WN7AO2haWkFETpDG+jXtU5MYkrScbwnlayLa0vM6vk2OfUxR6LrB9jPcxTx8+n2Pqx6kPTzgr8a8ORhG4xc6Lqj0a1KyDMdnGi5beqoXSxolPyd1mnSTAFAVIGwle37Gg0fIr0VFii9lsfQ=,iv:gPVYPvyTEriA9sxbmtMRo611b5dB5idYa0J+DtEYcaY=,tag:RNOItHNKtUGZ/UgfT1Ea2Q==,type:str] + lastmodified: "2024-01-24T22:53:57Z" + mac: ENC[AES256_GCM,data:MgnyRZmQryZqw+0gy3yUp3syuIYsWi3vvkOQrjW4jkk3/ZfIjWyo81cnO3Jgxr2pAADAbqX4qKITpBuWpX05lEDhv3kg3L6DAhnY0iExuDSWHGYJ04856pADGtuHIFIYmQxG46u+RfpTljVZK4cHAY4OVUraHVbKVxg/iP5pkpU=,iv:XF43toaqgiGjUh0W3HG0Iq2Y10paP24BGnPk9HomLKk=,tag:bsp93INUlVt1WJA4h7uVLw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/config/clusters/earthscope/enc-staging.secret.values.yaml b/config/clusters/earthscope/enc-staging.secret.values.yaml index eaf6677ac2..7dc792e327 100644 --- a/config/clusters/earthscope/enc-staging.secret.values.yaml +++ b/config/clusters/earthscope/enc-staging.secret.values.yaml @@ -3,7 +3,6 @@ basehub: hub: config: Auth0OAuthenticator: - auth0_domain: ENC[AES256_GCM,data:QIf7pJ+PuhRcLGmiJBrxbe101fgJHGfO,iv:uxvwv+jsi4hdJoq8G/C6hup7+HmqxTvgbLvrr6GcB68=,tag:CsvbXofKbCdtZGKDND5ZeQ==,type:str] client_id: ENC[AES256_GCM,data:zAZAcTnDoYXd6+HEHyCTAZcWDfFb4MVGaHguf+l80jc=,iv:aQidh2IJMcMcEPBCyB7I94of0ywyvNNc4R/9jrTh/Xo=,tag:EN3jpNVKALN4L5mBw21Ptg==,type:str] client_secret: ENC[AES256_GCM,data:glfuw+S6w1n8hNOvYlEPvTVU6yfAePNt1/zzz8ttrW8eTro5o05dKLeUgULp75/tk5BbVoYkjt3VsruVWq5nWg==,iv:GtB9642/chhguJaLsvI/It1kGWH/VZ5J/ubdbu5GzvY=,tag:Ym62f23AnqPDEFTDC9RwAA==,type:str] CILogonOAuthenticator: @@ -18,8 +17,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-01-18T22:56:16Z" - mac: ENC[AES256_GCM,data:RTdv7Ry6i7GNQJsKiNSIj8lFbFAPPk4cypVnPsrR8wT8CFN4kDxINw6u5XTbMeWtijoRSuZGSaFvjQZn/9jcHhyXipA3FNXpzvJRKMluGYDiBermpchwsFZiD2QC/OdPJwBDgMnYXRJ8aau4O4ccR1y4hGaeZSyoiACUnVlJRh4=,iv:/XngY8fbnCJ9Uu68V0u7vyitzGpNa0jaguvdrvZQlCA=,tag:hWoFsNuoQgwMiOtDgF49wg==,type:str] + lastmodified: "2024-01-24T23:03:04Z" + mac: ENC[AES256_GCM,data:ZPZmbQLCeuK1C7FR8USNXtJiE8xV6esOt4tcqSRuwe73HxAyogAstYBqDz5rlsi5qf68ew6dLkhX17oiJxABTCi4PpNMMktuVGe10OrlAEgZm4cRc3H4MfdMEfS/2I7V0PcItJINqte0EGQbYqRYgkz5XCA4+0k8075uIqypoug=,iv:uzeiyu9hP6mo7YphNJU/AZOquKU055IxznWiDXrETrA=,tag:qwDi7EleXQaYHagsXS7jzA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/config/clusters/earthscope/prod.values.yaml b/config/clusters/earthscope/prod.values.yaml index a850dd41e8..82b586bccd 100644 --- a/config/clusters/earthscope/prod.values.yaml +++ b/config/clusters/earthscope/prod.values.yaml @@ -12,5 +12,10 @@ basehub: name: "EarthScope" hub: config: + Auth0OAuthenticator: + auth0_domain: login-dev.earthscope.org + extra_authorize_params: + # This isn't an actual URL, just a string. Must not have a trailing slash + audience: https://api.earthscope.org CILogonOAuthenticator: oauth_callback_url: https://earthscope.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/earthscope/staging.values.yaml b/config/clusters/earthscope/staging.values.yaml index bb621d8433..51874fce2d 100644 --- a/config/clusters/earthscope/staging.values.yaml +++ b/config/clusters/earthscope/staging.values.yaml @@ -12,5 +12,10 @@ basehub: name: "EarthScope staging" hub: config: + Auth0OAuthenticator: + auth0_domain: login.earthscope.org + extra_authorize_params: + # This isn't an actual URL, just a string. Must not have a trailing slash + audience: https://api.earthscope.org CILogonOAuthenticator: oauth_callback_url: https://staging.earthscope.2i2c.cloud/hub/oauth_callback diff --git a/docs/hub-deployment-guide/configure-auth/auth0.md b/docs/hub-deployment-guide/configure-auth/auth0.md index a1e9371494..9ab0b97f39 100644 --- a/docs/hub-deployment-guide/configure-auth/auth0.md +++ b/docs/hub-deployment-guide/configure-auth/auth0.md @@ -64,20 +64,23 @@ jupyterhub: hub: config: Auth0OAuthenticator: - auth0_domain: client_id: client_secret: +``` + +And in the *unencrypted*, per-hub config (of form `.values.yaml`), we specify the non-secret +config values. + +```yaml +jupyterhub: + hub: + config: + Auth0OAuthenticator: + auth0_domain: scope: openid username_claim: sub ``` Once deployed, this should allow users authorized by Auth0 to login to the hub! Their usernames will look like `:`, which looks a little strange but allows differentiation between -people who use multiple accounts but the same email. For example, - -## Selecting `username_claim` - -TODO: `sub` is not always a valid username, as CILogon produces `sub` like `oauth2|cilogon|http://cilogon.org/servera/users/32158821`. -Need to figure out how to make this happen. - -## Passing on auth0 tokens to user servers via environment variables \ No newline at end of file +people who use multiple accounts but the same email. \ No newline at end of file From de54ad37befafaba81a23a73051c8c7024d67d01 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 24 Jan 2024 16:27:00 -0800 Subject: [PATCH 314/494] Fix auth URLs to be correct --- config/clusters/earthscope/prod.values.yaml | 2 +- config/clusters/earthscope/staging.values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/earthscope/prod.values.yaml b/config/clusters/earthscope/prod.values.yaml index 82b586bccd..e8e7aeee13 100644 --- a/config/clusters/earthscope/prod.values.yaml +++ b/config/clusters/earthscope/prod.values.yaml @@ -13,7 +13,7 @@ basehub: hub: config: Auth0OAuthenticator: - auth0_domain: login-dev.earthscope.org + auth0_domain: login.earthscope.org extra_authorize_params: # This isn't an actual URL, just a string. Must not have a trailing slash audience: https://api.earthscope.org diff --git a/config/clusters/earthscope/staging.values.yaml b/config/clusters/earthscope/staging.values.yaml index 51874fce2d..4f2a7d6049 100644 --- a/config/clusters/earthscope/staging.values.yaml +++ b/config/clusters/earthscope/staging.values.yaml @@ -13,9 +13,9 @@ basehub: hub: config: Auth0OAuthenticator: - auth0_domain: login.earthscope.org + auth0_domain: login-dev.earthscope.org extra_authorize_params: # This isn't an actual URL, just a string. Must not have a trailing slash - audience: https://api.earthscope.org + audience: https://api.dev.earthscope.org CILogonOAuthenticator: oauth_callback_url: https://staging.earthscope.2i2c.cloud/hub/oauth_callback From 8646f4b58ebe1e813c259d8ab188452ee7640ab7 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 25 Jan 2024 15:32:00 +0200 Subject: [PATCH 315/494] Add a validation for configurator config --- deployer/commands/validate/config.py | 75 ++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/deployer/commands/validate/config.py b/deployer/commands/validate/config.py index 165d27bad9..67740e06ba 100644 --- a/deployer/commands/validate/config.py +++ b/deployer/commands/validate/config.py @@ -236,6 +236,81 @@ def authenticator_config( ) +@validate_app.command() +def configurator_config( + cluster_name: str = typer.Argument(..., help="Name of cluster to operate on"), + hub_name: str = typer.Argument(None, help="Name of hub to operate on"), +): + """ + For each hub of a specific cluster: + - It asserts that when the JupyterHub GitHubOAuthenticator is used, + then `Authenticator.allowed_users` is not set. + An error is raised otherwise. + """ + _prepare_helm_charts_dependencies_and_schemas() + + config_file_path = find_absolute_path_to_cluster_file(cluster_name) + with open(config_file_path) as f: + cluster = Cluster(yaml.load(f), config_file_path.parent) + + hubs = [] + if hub_name: + hubs = [h for h in cluster.hubs if h.spec["name"] == hub_name] + else: + hubs = cluster.hubs + + for i, hub in enumerate(hubs): + print_colour( + f"{i+1} / {len(hubs)}: Validating authenticator config for {hub.spec['name']}..." + ) + + configurator_enabled = False + singleuser_overrides = False + for values_file_name in hub.spec["helm_chart_values_files"]: + if "secret" not in os.path.basename(values_file_name): + values_file = config_file_path.parent.joinpath(values_file_name) + # Load the hub extra config from its specific values files + config = yaml.load(values_file) + # Check if there's config that specifies an authenticator class + try: + if hub.spec["helm_chart"] != "basehub": + singleuser_config = config["basehub"]["jupyterhub"][ + "singleuser" + ] + custom_config = config["basehub"]["jupyterhub"]["custom"] + else: + singleuser_config = config["jupyterhub"]["singleuser"] + custom_config = config["jupyterhub"]["custom"] + + configurator_enabled = custom_config.get( + "jupyterhubConfigurator", {} + ).get("enabled") + if configurator_enabled: + profiles = singleuser_config.get("profileList", None) + if profiles: + for p in profiles: + overrides = p.get("kubespawner_override", None) + if overrides and overrides.get("image", None): + singleuser_overrides = True + break + options = p.get("profile_options", None) + if options: + if "image" in options: + singleuser_overrides = True + break + except KeyError: + pass + + # If the authenticator class is github, then raise an error + # if `Authenticator.allowed_users` is set + if configurator_enabled == True and singleuser_overrides == True: + raise ValueError( + f""" + Please disable the configurator for {hub.spec['name']}. + """ + ) + + @validate_app.command() def all( cluster_name: str = typer.Argument(..., help="Name of cluster to operate on"), From abe0942d55e6f7f6218520ecb2a27832ccbb1c15 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 25 Jan 2024 15:37:17 +0200 Subject: [PATCH 316/494] Refactor hubs list into a reusable func --- deployer/commands/validate/config.py | 35 +++++++++++----------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/deployer/commands/validate/config.py b/deployer/commands/validate/config.py index 67740e06ba..63f9a0aa1e 100644 --- a/deployer/commands/validate/config.py +++ b/deployer/commands/validate/config.py @@ -69,6 +69,17 @@ def _prepare_helm_charts_dependencies_and_schemas(): subprocess.check_call(["helm", "dep", "up", support_dir]) +def get_list_of_hubs_to_operate_on(cluster_name, hub_name): + config_file_path = find_absolute_path_to_cluster_file(cluster_name) + with open(config_file_path) as f: + cluster = Cluster(yaml.load(f), config_file_path.parent) + + if hub_name: + return [h for h in cluster.hubs if h.spec["name"] == hub_name] + + return cluster.hubs + + @validate_app.command() def cluster_config( cluster_name: str = typer.Argument(..., help="Name of cluster to operate on"), @@ -99,14 +110,8 @@ def hub_config( _prepare_helm_charts_dependencies_and_schemas() config_file_path = find_absolute_path_to_cluster_file(cluster_name) - with open(config_file_path) as f: - cluster = Cluster(yaml.load(f), config_file_path.parent) - hubs = [] - if hub_name: - hubs = [h for h in cluster.hubs if h.spec["name"] == hub_name] - else: - hubs = cluster.hubs + hubs = get_list_of_hubs_to_operate_on(cluster_name, hub_name) for i, hub in enumerate(hubs): print_colour( @@ -185,14 +190,8 @@ def authenticator_config( _prepare_helm_charts_dependencies_and_schemas() config_file_path = find_absolute_path_to_cluster_file(cluster_name) - with open(config_file_path) as f: - cluster = Cluster(yaml.load(f), config_file_path.parent) - hubs = [] - if hub_name: - hubs = [h for h in cluster.hubs if h.spec["name"] == hub_name] - else: - hubs = cluster.hubs + hubs = get_list_of_hubs_to_operate_on(cluster_name, hub_name) for i, hub in enumerate(hubs): print_colour( @@ -250,14 +249,8 @@ def configurator_config( _prepare_helm_charts_dependencies_and_schemas() config_file_path = find_absolute_path_to_cluster_file(cluster_name) - with open(config_file_path) as f: - cluster = Cluster(yaml.load(f), config_file_path.parent) - hubs = [] - if hub_name: - hubs = [h for h in cluster.hubs if h.spec["name"] == hub_name] - else: - hubs = cluster.hubs + hubs = get_list_of_hubs_to_operate_on(cluster_name, hub_name) for i, hub in enumerate(hubs): print_colour( From 43eb3c66368ff8e575ed025cb0b182748db3fec9 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 25 Jan 2024 14:14:50 +0000 Subject: [PATCH 317/494] [utoronto] bump python image Brings in https://github.com/2i2c-org/utoronto-image/pull/60 requested in https://2i2c.freshdesk.com/a/tickets/1259 --- config/clusters/utoronto/default-common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/utoronto/default-common.values.yaml b/config/clusters/utoronto/default-common.values.yaml index 9d8866521e..fb80a3aae6 100644 --- a/config/clusters/utoronto/default-common.values.yaml +++ b/config/clusters/utoronto/default-common.values.yaml @@ -2,7 +2,7 @@ jupyterhub: singleuser: image: name: quay.io/2i2c/utoronto-image - tag: "14320bae73a0" + tag: "b4104c211e98" hub: config: Authenticator: From cc947feb02f8ae422ab8f224dcb1fb6474ff8fb0 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 25 Jan 2024 18:12:08 +0200 Subject: [PATCH 318/494] Update comments --- deployer/commands/validate/config.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/deployer/commands/validate/config.py b/deployer/commands/validate/config.py index 63f9a0aa1e..043249e404 100644 --- a/deployer/commands/validate/config.py +++ b/deployer/commands/validate/config.py @@ -242,8 +242,8 @@ def configurator_config( ): """ For each hub of a specific cluster: - - It asserts that when the JupyterHub GitHubOAuthenticator is used, - then `Authenticator.allowed_users` is not set. + - It asserts that when the singleuser configuration overrides the same fields like the configurator, + the later must be disabled. An error is raised otherwise. """ _prepare_helm_charts_dependencies_and_schemas() @@ -254,7 +254,7 @@ def configurator_config( for i, hub in enumerate(hubs): print_colour( - f"{i+1} / {len(hubs)}: Validating authenticator config for {hub.spec['name']}..." + f"{i+1} / {len(hubs)}: Validating configurator and profile lists config for {hub.spec['name']}..." ) configurator_enabled = False @@ -264,7 +264,6 @@ def configurator_config( values_file = config_file_path.parent.joinpath(values_file_name) # Load the hub extra config from its specific values files config = yaml.load(values_file) - # Check if there's config that specifies an authenticator class try: if hub.spec["helm_chart"] != "basehub": singleuser_config = config["basehub"]["jupyterhub"][ @@ -278,6 +277,7 @@ def configurator_config( configurator_enabled = custom_config.get( "jupyterhubConfigurator", {} ).get("enabled") + # If it's already disabled we don't have what to check if configurator_enabled: profiles = singleuser_config.get("profileList", None) if profiles: @@ -287,10 +287,9 @@ def configurator_config( singleuser_overrides = True break options = p.get("profile_options", None) - if options: - if "image" in options: - singleuser_overrides = True - break + if options and "image" in options: + singleuser_overrides = True + break except KeyError: pass @@ -299,7 +298,8 @@ def configurator_config( if configurator_enabled == True and singleuser_overrides == True: raise ValueError( f""" - Please disable the configurator for {hub.spec['name']}. + When the singleuser configuration overrides the same fields like the configurator, + the later must be disabled. Please disable the configurator for {hub.spec['name']}. """ ) From 904d80d12757510a6fe7f7797f8cce753139d5e6 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 25 Jan 2024 18:24:14 +0200 Subject: [PATCH 319/494] Rm depecrated message --- deployer/commands/validate/config.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployer/commands/validate/config.py b/deployer/commands/validate/config.py index 043249e404..7eaf748de9 100644 --- a/deployer/commands/validate/config.py +++ b/deployer/commands/validate/config.py @@ -293,8 +293,6 @@ def configurator_config( except KeyError: pass - # If the authenticator class is github, then raise an error - # if `Authenticator.allowed_users` is set if configurator_enabled == True and singleuser_overrides == True: raise ValueError( f""" From 11b6442a9542ba080803152b5229f3da00b0f9b8 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 7 Sep 2023 13:39:46 -0400 Subject: [PATCH 320/494] Add rudimentary codespell config --- pyproject.toml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index fee93ca4f3..526e848805 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,3 +10,8 @@ asyncio_mode = "auto" testpaths = [ "./tests", ] + +[tool.codespell] +skip = '.git,*.pdf,*.svg' +# +# ignore-words-list = '' From e8d04671ae52bb18f3c00a4758d7803e3c4ebd0a Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 7 Sep 2023 13:39:46 -0400 Subject: [PATCH 321/494] Add pre-commit definition for codespell --- .pre-commit-config.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 99a5dafb94..f70d6bcfb3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -55,6 +55,14 @@ repos: # Add files here if they contain the word 'secret' but should not be encrypted exclude: secrets\.md|helm-charts/support/templates/prometheus-ingres-auth/secret\.yaml|helm-charts/basehub/templates/dex/secret\.yaml|helm-charts/basehub/templates/static/secret\.yaml|config/clusters/templates/common/support\.secret\.values\.yaml|helm-charts/basehub/templates/ingress-auth/secret\.yaml + # Prevent known typos from being committed + - repo: https://github.com/codespell-project/codespell + rev: v2.2.5 + hooks: + - id: codespell + additional_dependencies: + - tomli + # pre-commit.ci config reference: https://pre-commit.ci/#configuration ci: autoupdate_schedule: monthly From 4027ab265bc1178d6a38d08d68469f3e8df0d3d1 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 7 Sep 2023 13:41:27 -0400 Subject: [PATCH 322/494] Ignore some .key and .secret. (json or yaml) files, and aks command --- pyproject.toml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 526e848805..870aa15469 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,6 +12,5 @@ testpaths = [ ] [tool.codespell] -skip = '.git,*.pdf,*.svg' -# -# ignore-words-list = '' +skip = '.git,*.pdf,*.svg,*.secret.*,*.key' +ignore-words-list = 'aks' From 1ebd1183f6535ae8ed4fd744fa3da797c02591ae Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 7 Sep 2023 13:45:10 -0400 Subject: [PATCH 323/494] [DATALAD RUNCMD] Do interactive fixing of some ambigous typos === Do not change lines below === { "chain": [], "cmd": "codespell -w -i 3 -C 2", "exit": 0, "extra_inputs": [], "inputs": [], "outputs": [], "pwd": "." } ^^^ Do not change lines above ^^^ --- docs/howto/troubleshoot/logs/cloud-logs.md | 2 +- docs/hub-deployment-guide/deploy-support/configure-support.md | 2 +- docs/hub-deployment-guide/new-cluster/aws.md | 2 +- docs/topic/features.md | 2 +- docs/topic/monitoring-alerting/grafana.md | 2 +- terraform/gcp/variables.tf | 2 +- tests/test_billing.py | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/howto/troubleshoot/logs/cloud-logs.md b/docs/howto/troubleshoot/logs/cloud-logs.md index 6e2db98741..121d371326 100644 --- a/docs/howto/troubleshoot/logs/cloud-logs.md +++ b/docs/howto/troubleshoot/logs/cloud-logs.md @@ -25,7 +25,7 @@ logs are kept for 30 days, and are searchable. as time sliders. However, for most of our logs, the 'log levels' (error, warning, etc) are not parsed correctly, and hence are useless. -4. Google provies a [query library](https://cloud.google.com/logging/docs/view/query-library) set of [sample queries](https://cloudlogging.app.goo.gl/Ad7B8hjFHpj6X7rT8) that you can access via the Library tab in Logs Explorer. +4. Google provides a [query library](https://cloud.google.com/logging/docs/view/query-library) set of [sample queries](https://cloudlogging.app.goo.gl/Ad7B8hjFHpj6X7rT8) that you can access via the Library tab in Logs Explorer. ### Common queries diff --git a/docs/hub-deployment-guide/deploy-support/configure-support.md b/docs/hub-deployment-guide/deploy-support/configure-support.md index 12c8313d60..1f0671dfb8 100644 --- a/docs/hub-deployment-guide/deploy-support/configure-support.md +++ b/docs/hub-deployment-guide/deploy-support/configure-support.md @@ -119,7 +119,7 @@ Namecheap.com](https://ap.www.namecheap.com/Domains/DomainControlPanel/2i2c.clou 2. `*.`, for all other hubs, grafana and prometheus instances. -Use an `A` record when we point to an external IP addresse (GCP, Azure), and a +Use an `A` record when we point to an external IP address (GCP, Azure), and a `CNAME` record when we point to another domain (AWS). ```{note} diff --git a/docs/hub-deployment-guide/new-cluster/aws.md b/docs/hub-deployment-guide/new-cluster/aws.md index 6e21d149f8..f517c18d59 100644 --- a/docs/hub-deployment-guide/new-cluster/aws.md +++ b/docs/hub-deployment-guide/new-cluster/aws.md @@ -35,7 +35,7 @@ terraform to provision supporting infrastructure, such as storage buckets. (new-cluster:aws-setup-credentials)= ### Setup credentials -Depending on wether this project is using AWS SSO or not, you can use the following +Depending on whether this project is using AWS SSO or not, you can use the following links to figure out how to authenticate to this project from your terminal. - [For accounts setup with AWS SSO](cloud-access:aws-sso:terminal) diff --git a/docs/topic/features.md b/docs/topic/features.md index 2ca11f4014..a5c7359f28 100644 --- a/docs/topic/features.md +++ b/docs/topic/features.md @@ -60,6 +60,6 @@ of a project. We set the environment variable `PERSISTENT_BUCKET` to the form `:///` so users can put stuff in this. ```{warning} -Objects put in `PERSISTENT_BUCKET` *must* be deleted by the users when no logner in use +Objects put in `PERSISTENT_BUCKET` *must* be deleted by the users when no longer in use to prevent cost overruns! This *can not* be managed by 2i2c. ``` diff --git a/docs/topic/monitoring-alerting/grafana.md b/docs/topic/monitoring-alerting/grafana.md index c5453db6b3..730cbbc33d 100644 --- a/docs/topic/monitoring-alerting/grafana.md +++ b/docs/topic/monitoring-alerting/grafana.md @@ -65,7 +65,7 @@ Navigating at , shows a `JupyterHub - user CPU usage distribution - user memory usage distribution - server start times - - hub respone latency + - hub response latency There is also a Panel section about `Anomalous user pods` where pods with high CPU usage or high memory usage are tracked. diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 9a9e5f2faf..79aa0eef97 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -267,7 +267,7 @@ variable "user_buckets" { 'delete_after' specifies the number of days after which any content in the bucket will be deleted. Set to null to not delete data. - 'extra_admin_members' describes extra identies (user groups, user accounts, + 'extra_admin_members' describes extra identities (user groups, user accounts, service accounts, etc) that will have *full* access to this bucket. This is primarily useful for moving data into and out of buckets from outside the cloud. See https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam#member/members diff --git a/tests/test_billing.py b/tests/test_billing.py index 6b80f2bfe8..66547184e0 100644 --- a/tests/test_billing.py +++ b/tests/test_billing.py @@ -198,7 +198,7 @@ def test_shared_cluster_internal(shared_cluster, start_date, end_date): ), "Utilization for 2i2c_costs should be 0.75" assert ( "staging" not in rows - ), "Utilization for 2i2c_costs should replace interal namespaces" + ), "Utilization for 2i2c_costs should replace internal namespaces" def test_shared_cluster_aggregates_internal(shared_cluster, start_date, end_date): From e766f8497ed20844ae24a702e5efa406a5a4a445 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 7 Sep 2023 14:59:32 -0400 Subject: [PATCH 324/494] [DATALAD RUNCMD] A few more fixed to be done by codespell For some reason codespell by default ignores .github/ but then pre-commit is triggering check on those files anyways === Do not change lines below === { "chain": [], "cmd": "codespell -w .github/workflows/ensure-uptime-checks.yaml .github/workflows/deploy-hubs.yaml", "exit": 0, "extra_inputs": [], "inputs": [], "outputs": [], "pwd": "." } ^^^ Do not change lines above ^^^ --- .github/workflows/deploy-hubs.yaml | 4 ++-- .github/workflows/ensure-uptime-checks.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 9b877dfca1..493a581596 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -44,7 +44,7 @@ on: # https://github.blog/changelog/2021-04-19-github-actions-limit-workflow-run-or-job-concurrency/ concurrency: deploy -# This environment variable triggers the deployer to colourise print statments in the +# This environment variable triggers the deployer to colourise print statements in the # GitHug Actions logs for easy reading env: TERM: xterm @@ -85,7 +85,7 @@ jobs: uses: actions/cache@v3 with: path: ~/.cache/pip - # key determines if we define or re-use an existing cache or not. Our + # key determines if we define or reuse an existing cache or not. Our # key ensure we cache within a workflow run and its attempts, but not # between workflow runs. key: "${{ github.run_id }}" diff --git a/.github/workflows/ensure-uptime-checks.yaml b/.github/workflows/ensure-uptime-checks.yaml index 8c2ad4c224..d5ca8a2d64 100644 --- a/.github/workflows/ensure-uptime-checks.yaml +++ b/.github/workflows/ensure-uptime-checks.yaml @@ -19,7 +19,7 @@ on: # https://github.blog/changelog/2021-04-19-github-actions-limit-workflow-run-or-job-concurrency/ concurrency: uptime-checks -# This environment variable triggers the deployer to colourise print statments in the +# This environment variable triggers the deployer to colourise print statements in the # GitHub Actions logs for easy reading env: TERM: xterm From 93fe345d8834f65660603c06fdb4640fb4f4cad7 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 25 Jan 2024 12:13:41 -0500 Subject: [PATCH 325/494] [DATALAD RUNCMD] run codespell throughout but ignore fail === Do not change lines below === { "chain": [], "cmd": "codespell -w || :", "exit": 0, "extra_inputs": [], "inputs": [], "outputs": [], "pwd": "." } ^^^ Do not change lines above ^^^ --- README.md | 2 +- config/clusters/2i2c-aws-us/go-bgc.values.yaml | 2 +- config/clusters/2i2c-aws-us/itcoocean.values.yaml | 2 +- config/clusters/2i2c-aws-us/ncar-cisl.values.yaml | 6 +++--- config/clusters/catalystproject-africa/must.values.yaml | 2 +- .../clusters/catalystproject-africa/nm-aist.values.yaml | 2 +- .../clusters/catalystproject-africa/staging.values.yaml | 2 +- config/clusters/catalystproject-latam/common.values.yaml | 2 +- config/clusters/leap/common.values.yaml | 2 +- config/clusters/linked-earth/common.values.yaml | 2 +- config/clusters/nasa-cryo/common.values.yaml | 2 +- config/clusters/qcl/common.values.yaml | 2 +- config/clusters/smithsonian/common.values.yaml | 2 +- deployer/README.md | 2 +- deployer/commands/generate/billing/importers.py | 2 +- deployer/commands/generate/dedicated_cluster/common.py | 2 +- deployer/commands/grafana/tokens.py | 4 ++-- deployer/commands/validate/cluster.schema.yaml | 2 +- docs/contributing/code-review.md | 4 ++-- .../generate-general-info-table-about-hubs.py | 6 +++--- docs/helper-programs/generate-hub-features-table.py | 4 ++-- docs/howto/features/anonymized-usernames.md | 2 +- docs/howto/features/cloud-access.md | 2 +- docs/howto/manage-domains/redirects.md | 2 +- docs/howto/troubleshoot/cilogon-user-accounts.md | 8 ++++---- docs/howto/troubleshoot/logs/kubectl-logs.md | 2 +- .../cloud-accounts/new-gcp-project.md | 2 +- .../deploy-support/configure-support.md | 2 +- .../hub-deployment-guide/hubs/other-hub-ops/delete-hub.md | 6 +++--- .../hubs/other-hub-ops/move-hubs/across-clusters.md | 8 ++++---- docs/reference/ci-cd/auto-bumping.md | 2 +- docs/reference/options.md | 4 ++-- docs/reference/tools.md | 2 +- docs/sre-guide/common-problems-solutions.md | 2 +- docs/sre-guide/manage-k8s/node-administration.md | 2 +- docs/sre-guide/node-scale-up/azure.md | 2 +- docs/sre-guide/node-scale-up/index.md | 2 +- docs/sre-guide/support/grafana-account.md | 4 ++-- docs/topic/access-creds/cloud-auth.md | 2 +- docs/topic/features.md | 2 +- docs/topic/infrastructure/config.md | 2 +- docs/topic/infrastructure/hub-helm-charts.md | 2 +- extra-scripts/comment-deployment-plan-pr.py | 2 +- helm-charts/basehub/templates/home-dirsize-reporter.yaml | 2 +- helm-charts/daskhub/values.yaml | 2 +- helm-charts/images/hub/Dockerfile | 2 +- helm-charts/support/Chart.yaml | 2 +- helm-charts/support/values.yaml | 2 +- terraform/aws/projects/nasa-cryo.tfvars | 4 ++-- terraform/gcp/cluster.tf | 4 ++-- terraform/gcp/main.tf | 2 +- terraform/gcp/variables.tf | 2 +- terraform/gcp/workload-identity.tf | 2 +- 53 files changed, 72 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index 70136f4163..538fdc460b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Infrastructure for deployments -This repository contains deployment infrastucture and documentation for a federation of JupyterHubs that 2i2c manages for various communities. +This repository contains deployment infrastructure and documentation for a federation of JupyterHubs that 2i2c manages for various communities. See [the infrastructure documentation](https://infrastructure.2i2c.org) for more information. diff --git a/config/clusters/2i2c-aws-us/go-bgc.values.yaml b/config/clusters/2i2c-aws-us/go-bgc.values.yaml index d66e38ef4c..b6eda53924 100644 --- a/config/clusters/2i2c-aws-us/go-bgc.values.yaml +++ b/config/clusters/2i2c-aws-us/go-bgc.values.yaml @@ -59,7 +59,7 @@ jupyterhub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee # https://cloud.google.com/kubernetes-engine/docs/concepts/plan-node-sizes. diff --git a/config/clusters/2i2c-aws-us/itcoocean.values.yaml b/config/clusters/2i2c-aws-us/itcoocean.values.yaml index ee89a25b0d..99b8abf493 100644 --- a/config/clusters/2i2c-aws-us/itcoocean.values.yaml +++ b/config/clusters/2i2c-aws-us/itcoocean.values.yaml @@ -86,7 +86,7 @@ jupyterhub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee # https://cloud.google.com/kubernetes-engine/docs/concepts/plan-node-sizes. diff --git a/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml b/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml index 19d84efe5a..7e9ee9d2f2 100644 --- a/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml +++ b/config/clusters/2i2c-aws-us/ncar-cisl.values.yaml @@ -41,8 +41,8 @@ basehub: - read:org Authenticator: admin_users: - - kcote-ncar # Ken Cote, Initial adminstrator - - NicholasCote # Nicholas Cote, Initial adminstrator + - kcote-ncar # Ken Cote, Initial administrator + - NicholasCote # Nicholas Cote, Initial administrator - nwehrheim # Nick Wehrheim, Community representative singleuser: image: @@ -60,7 +60,7 @@ basehub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/config/clusters/catalystproject-africa/must.values.yaml b/config/clusters/catalystproject-africa/must.values.yaml index 88501779b6..b8b838f089 100644 --- a/config/clusters/catalystproject-africa/must.values.yaml +++ b/config/clusters/catalystproject-africa/must.values.yaml @@ -57,7 +57,7 @@ jupyterhub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/config/clusters/catalystproject-africa/nm-aist.values.yaml b/config/clusters/catalystproject-africa/nm-aist.values.yaml index 0c8d95a4ae..23d8c138ea 100644 --- a/config/clusters/catalystproject-africa/nm-aist.values.yaml +++ b/config/clusters/catalystproject-africa/nm-aist.values.yaml @@ -56,7 +56,7 @@ jupyterhub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/config/clusters/catalystproject-africa/staging.values.yaml b/config/clusters/catalystproject-africa/staging.values.yaml index bb78aa00ac..c32b32f352 100644 --- a/config/clusters/catalystproject-africa/staging.values.yaml +++ b/config/clusters/catalystproject-africa/staging.values.yaml @@ -53,7 +53,7 @@ jupyterhub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/config/clusters/catalystproject-latam/common.values.yaml b/config/clusters/catalystproject-latam/common.values.yaml index 087caaa658..5174a4ffe2 100644 --- a/config/clusters/catalystproject-latam/common.values.yaml +++ b/config/clusters/catalystproject-latam/common.values.yaml @@ -27,7 +27,7 @@ jupyterhub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee # https://cloud.google.com/kubernetes-engine/docs/concepts/plan-node-sizes. diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index 8235910299..32a6ecfa9c 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -90,7 +90,7 @@ basehub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/config/clusters/linked-earth/common.values.yaml b/config/clusters/linked-earth/common.values.yaml index 4ec4b7e663..43a1012559 100644 --- a/config/clusters/linked-earth/common.values.yaml +++ b/config/clusters/linked-earth/common.values.yaml @@ -55,7 +55,7 @@ basehub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/config/clusters/nasa-cryo/common.values.yaml b/config/clusters/nasa-cryo/common.values.yaml index e98b4c6353..02b4b36df1 100644 --- a/config/clusters/nasa-cryo/common.values.yaml +++ b/config/clusters/nasa-cryo/common.values.yaml @@ -107,7 +107,7 @@ basehub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/config/clusters/qcl/common.values.yaml b/config/clusters/qcl/common.values.yaml index 9576780aca..36f24213c8 100644 --- a/config/clusters/qcl/common.values.yaml +++ b/config/clusters/qcl/common.values.yaml @@ -61,7 +61,7 @@ jupyterhub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee # https://cloud.google.com/kubernetes-engine/docs/concepts/plan-node-sizes. diff --git a/config/clusters/smithsonian/common.values.yaml b/config/clusters/smithsonian/common.values.yaml index ae6a90f7f8..b313591b39 100644 --- a/config/clusters/smithsonian/common.values.yaml +++ b/config/clusters/smithsonian/common.values.yaml @@ -67,7 +67,7 @@ basehub: # https://github.com/2i2c-org/infrastructure/issues/2121. # # - Memory requests are different from the description, based on: - # whats found to remain allocate in k8s, subtracting 1GiB + # what's found to remain allocate in k8s, subtracting 1GiB # overhead for misc system pods, and transitioning from GB in # description to GiB in mem_guarantee. # - CPU requests are lower than the description, with a factor of diff --git a/deployer/README.md b/deployer/README.md index 134de872b6..47ffcc8f72 100644 --- a/deployer/README.md +++ b/deployer/README.md @@ -383,7 +383,7 @@ Once you run this command, run `export DOCKER_HOST=tcp://localhost:23760` in ano docker daemon. #### `exec shell` -This exec sub-command can be used to aquire a shell in various places of the infrastructure. +This exec sub-command can be used to acquire a shell in various places of the infrastructure. ##### `exec shell hub` diff --git a/deployer/commands/generate/billing/importers.py b/deployer/commands/generate/billing/importers.py index cf25b66321..1094181a32 100644 --- a/deployer/commands/generate/billing/importers.py +++ b/deployer/commands/generate/billing/importers.py @@ -251,7 +251,7 @@ def get_shared_cluster_hub_costs(cluster, start_month, end_month): # Rename project to use hub names totals["project"] = totals["hub"] totals.drop("hub", axis=1) - # Calcluate cost from utilization + # Calculate cost from utilization # Needs to account for uptime checks and 2i2c paid for stuff totals["cost"] = totals["utilization"].multiply( totals["total_with_credits"].astype(float), axis=0 diff --git a/deployer/commands/generate/dedicated_cluster/common.py b/deployer/commands/generate/dedicated_cluster/common.py index bfe32c97da..3a87585d02 100644 --- a/deployer/commands/generate/dedicated_cluster/common.py +++ b/deployer/commands/generate/dedicated_cluster/common.py @@ -92,7 +92,7 @@ def generate_support_files(cluster_config_directory, vars): - `config//support.values.yaml` - `config//enc-support.secret.values.yaml` """ - # Generate the suppport values file `support.values.yaml` + # Generate the support values file `support.values.yaml` print_colour("Generating the support values file...", "yellow") with open( REPO_ROOT_PATH / "config/clusters/templates/common/support.values.yaml" diff --git a/deployer/commands/grafana/tokens.py b/deployer/commands/grafana/tokens.py index 4ed30dbc99..417305752d 100644 --- a/deployer/commands/grafana/tokens.py +++ b/deployer/commands/grafana/tokens.py @@ -122,7 +122,7 @@ def get_deployer_token(sa_endpoint, sa_id, headers): ) if not response.ok: print( - f"An error occured when retrieving the tokens the service account with id {sa_id}.\n" + f"An error occurred when retrieving the tokens the service account with id {sa_id}.\n" f"Error was {response.text}." ) response.raise_for_status() @@ -144,7 +144,7 @@ def create_deployer_token(sa_endpoint, sa_id, headers): if not response.ok: print( - "An error occured when creating the token for the deployer service account.\n" + "An error occurred when creating the token for the deployer service account.\n" f"Error was {response.text}." ) response.raise_for_status() diff --git a/deployer/commands/validate/cluster.schema.yaml b/deployer/commands/validate/cluster.schema.yaml index 6f43cb3ed1..602776363e 100644 --- a/deployer/commands/validate/cluster.schema.yaml +++ b/deployer/commands/validate/cluster.schema.yaml @@ -235,7 +235,7 @@ properties: type: string description: | Status code expected from hitting the health checkpoint for - this hub. Defaults to 200, can be overriden in case we have + this hub. Defaults to 200, can be overridden in case we have basic auth setup for the entire hub domain: type: string diff --git a/docs/contributing/code-review.md b/docs/contributing/code-review.md index 924af810b8..68ba2d1d01 100644 --- a/docs/contributing/code-review.md +++ b/docs/contributing/code-review.md @@ -44,7 +44,7 @@ or can wait for review. That said, sometimes the only way to understand the impact of a change is to merge and see how things go, so use your best judgment! -Here is a list of things you can clearly, unambigously self merge without +Here is a list of things you can clearly, unambiguously self merge without any approval. 1. Updating admin users for a hub @@ -119,7 +119,7 @@ To deploy changes to the authentication workflow, follow these steps: - cluster: `utoronto`, hub: `staging` (Azure AD) - cluster: `2i2c`, hub: `staging` (CILogon) 1. **Login into the staging hubs**. Try logging in into the hubs where you deployed your changes. -1. **Start a server**. Afer you've logged into the hub, make sure everything works as expected by spinning up a server. +1. **Start a server**. After you've logged into the hub, make sure everything works as expected by spinning up a server. 1. **Post the status of the manual steps above**. In your PR's top comment, post the hubs where you've deployed the changes and whether or not they are functioning properly. 1. **Wait for review and approval**. Leave the PR open for other team members to review and approve. diff --git a/docs/helper-programs/generate-general-info-table-about-hubs.py b/docs/helper-programs/generate-general-info-table-about-hubs.py index dd61c0180f..2b94038cde 100644 --- a/docs/helper-programs/generate-general-info-table-about-hubs.py +++ b/docs/helper-programs/generate-general-info-table-about-hubs.py @@ -2,7 +2,7 @@ This is used in two places: -- docs/_static/hub-table.json is published with the docs and meant for re-use in other parts of 2i2c +- docs/_static/hub-table.json is published with the docs and meant for reuse in other parts of 2i2c - docs/tmp/hub-table.csv is read by reference/hubs.md to create a list of hubs """ import pandas as pd @@ -81,7 +81,7 @@ def build_hub_list_entry( def build_hub_statistics_df(df): # Write some quick statistics for display # Calculate total number of community hubs by removing staging and demo hubs - # Remove `staging` hubs to count the total number of communites we serve + # Remove `staging` hubs to count the total number of communities we serve filter_out = ["staging", "demo"] community_hubs = df.loc[ df["name"].map(lambda a: all(ii not in a.lower() for ii in filter_out)) @@ -167,7 +167,7 @@ def main(): write_to_json_and_csv_files(df, "hub-table") write_to_json_and_csv_files(community_hubs_by_cluster, "hub-stats") - print("Finished updating list of hubs and statics tables...") + print("Finished updating list of hubs and statistics tables...") if __name__ == "__main__": diff --git a/docs/helper-programs/generate-hub-features-table.py b/docs/helper-programs/generate-hub-features-table.py index 34646060f0..8fd6e18a05 100644 --- a/docs/helper-programs/generate-hub-features-table.py +++ b/docs/helper-programs/generate-hub-features-table.py @@ -2,7 +2,7 @@ This is used in two places: -- docs/_static/hub-options-table.json is published with the docs and meant for re-use in other parts of 2i2c +- docs/_static/hub-options-table.json is published with the docs and meant for reuse in other parts of 2i2c - docs/tmp/hub-options-table.csv is read by reference/options.md to create a list of hubs """ import hcl2 @@ -171,7 +171,7 @@ def build_options_list_entry(hub, hub_count, values_files_features, terraform_fe "user buckets (scratch/persistent)": terraform_features.get( hub["name"], {} ).get("user_buckets", False), - "requestor pays for buckets storage": terraform_features.get( + "requester pays for buckets storage": terraform_features.get( hub["name"], {} ).get("requestor_pays", False), "authenticator": values_files_features["authenticator"], diff --git a/docs/howto/features/anonymized-usernames.md b/docs/howto/features/anonymized-usernames.md index c23ecb6317..42dc81ffbd 100644 --- a/docs/howto/features/anonymized-usernames.md +++ b/docs/howto/features/anonymized-usernames.md @@ -40,7 +40,7 @@ useful privacy guarantees to be worth it. Those are: 2. We live in a world where user data leaks are a fact of life, and you can buy tons of user identifiers for pretty cheap. This may also happen to *us*, and we may unintentionally leak data too! So users should still be hard to - de-anonymize when the attacker has in their posession the following: + de-anonymize when the attacker has in their possession the following: 1. List of user identifiers (emails, usernames, numeric user ids, etc) from *other data breaches*. diff --git a/docs/howto/features/cloud-access.md b/docs/howto/features/cloud-access.md index f6d8b8c7ff..5dd9ef9d74 100644 --- a/docs/howto/features/cloud-access.md +++ b/docs/howto/features/cloud-access.md @@ -136,6 +136,6 @@ This AWS IAM Role is managed via terraform. If the hub is a `daskhub`, nest the config under a `basehub` key ``` -7. Get this change deployed, and users should now be able to use the requestor pays feature! +7. Get this change deployed, and users should now be able to use the requester pays feature! Currently running users might have to restart their pods for the change to take effect. diff --git a/docs/howto/manage-domains/redirects.md b/docs/howto/manage-domains/redirects.md index 9e22d87f64..358b0614b5 100644 --- a/docs/howto/manage-domains/redirects.md +++ b/docs/howto/manage-domains/redirects.md @@ -16,5 +16,5 @@ redirects: ``` You can add any number of such redirects. They will all be `302 Temporary` -redirects, in case we want to re-use the old domain for something else in +redirects, in case we want to reuse the old domain for something else in the future. diff --git a/docs/howto/troubleshoot/cilogon-user-accounts.md b/docs/howto/troubleshoot/cilogon-user-accounts.md index 87390c1888..85ac131db1 100644 --- a/docs/howto/troubleshoot/cilogon-user-accounts.md +++ b/docs/howto/troubleshoot/cilogon-user-accounts.md @@ -1,15 +1,15 @@ # CILogon: switch Identity Providers or user accounts By default, logging in with a particular user account will persist your credentials in future sessions. -This means that you'll automatically re-use the same institutional and user account when you access the hub's home page. +This means that you'll automatically reuse the same institutional and user account when you access the hub's home page. ## Switch Identity Providers 1. **Logout of the Hub** using the logout button or by going to `https://{hub-name}/hub/logout`. -2. **Clear browser cookies** (optional). If the user asked CILogon to re-use the same Identity Provider connection when they logged in, they'll need to [clear browser cookies](https://www.lifewire.com/how-to-delete-cookies-2617981) for . +2. **Clear browser cookies** (optional). If the user asked CILogon to reuse the same Identity Provider connection when they logged in, they'll need to [clear browser cookies](https://www.lifewire.com/how-to-delete-cookies-2617981) for . ```{figure} ../../images/cilogon-remember-this-selection.png - The dialog box that allows you to re-use the same Identity Provider. + The dialog box that allows you to reuse the same Identity Provider. ``` Firefox example: @@ -40,6 +40,6 @@ If you see a 403 error page, this means that the account you were using to login ```{figure} ../../images/403-forbidden.png ``` -If you think this is an error, and the account should have been allowed, then contact the hub adminstrator/s. +If you think this is an error, and the account should have been allowed, then contact the hub administrator/s. If you used the wrong user account, you can log in using another account by following the steps in [](troubleshoot:cilogon:switch-user-accounts). diff --git a/docs/howto/troubleshoot/logs/kubectl-logs.md b/docs/howto/troubleshoot/logs/kubectl-logs.md index b379443fc2..4b8f741914 100644 --- a/docs/howto/troubleshoot/logs/kubectl-logs.md +++ b/docs/howto/troubleshoot/logs/kubectl-logs.md @@ -139,7 +139,7 @@ The following commands require passing the namespace where a specific pod is run ``` ### Kubernetes pod logs -You can access any pod's logs by using the `kubectl logs` commands. Bellow are some of the most common debugging commands. +You can access any pod's logs by using the `kubectl logs` commands. Below are some of the most common debugging commands. ```{tip} 1. The `--follow` flag diff --git a/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md b/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md index 1efccf79dd..43929595a4 100644 --- a/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md +++ b/docs/hub-deployment-guide/cloud-accounts/new-gcp-project.md @@ -49,7 +49,7 @@ Finally, we should check what quotas are enforced on the project and increase th ```{warning} This must be only done if it is a **new** billing account handled by 2i2c for a specific project, -rather than just for a new project under the same billing account. This is a somewhat rare occurance! +rather than just for a new project under the same billing account. This is a somewhat rare occurrence! If there is already billing export set up for this **billing account** as you try to complete these steps, do not change it and raise an issue for engineering to diff --git a/docs/hub-deployment-guide/deploy-support/configure-support.md b/docs/hub-deployment-guide/deploy-support/configure-support.md index 1f0671dfb8..e621cf522b 100644 --- a/docs/hub-deployment-guide/deploy-support/configure-support.md +++ b/docs/hub-deployment-guide/deploy-support/configure-support.md @@ -2,7 +2,7 @@ # Configure and deploy the `support` chart The `support` chart is a helm chart maintained by the 2i2c Engineers that consists of common tools used to support JupyterHub deployments in the cloud. -These tools are [`ingress-nginx`](https://kubernetes.github.io/ingress-nginx/), for controlling ingresses and load balancing; [`cert-manager`](https://cert-manager.io/docs/), for automatically provisioning TLS certificates from [Let's Encrypt](https://letsencrypt.org/); [Prometheus](https://prometheus.io/), for scraping and storing metrics from the cluster and hub; and [Grafana](https://grafana.com/), for visualising the metrics retreived by Prometheus. +These tools are [`ingress-nginx`](https://kubernetes.github.io/ingress-nginx/), for controlling ingresses and load balancing; [`cert-manager`](https://cert-manager.io/docs/), for automatically provisioning TLS certificates from [Let's Encrypt](https://letsencrypt.org/); [Prometheus](https://prometheus.io/), for scraping and storing metrics from the cluster and hub; and [Grafana](https://grafana.com/), for visualising the metrics retrieved by Prometheus. This section will walk you through how to deploy the support chart on a cluster. diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md b/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md index a1c91b52da..81643391a4 100644 --- a/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/delete-hub.md @@ -5,7 +5,7 @@ If you'd like to delete a hub, there are a few steps that we need to take: ## 1. Manage existing data -The existing data should either be migrated to another place or should be deleted, depending on what has been aggreed to with the Community Representative. +The existing data should either be migrated to another place or should be deleted, depending on what has been agreed to with the Community Representative. If the data should be migrated from the hub before decommissioning, then make sure that a 2i2c Engineer has access to the destination in order to complete the data migration. @@ -76,12 +76,12 @@ This will clean up some of the hub values related to auth and must be done prior If the hub remains listed in its cluster's `cluster.yaml` file, the hub could be redeployed by any merged PR triggering our CI/CD pipeline. -Open a decomissioning PR that removes the appropriate hub entry from the +Open a decommissioning PR that removes the appropriate hub entry from the `config/clusters/$CLUSTER_NAME/cluster.yaml` file and associated `*.values.yaml` files no longer referenced in the `cluster.yaml` file. You can continue with the steps below before the PR is merged, but be ready to -re-do them if the CI/CD pipeline was triggered before the decomissioning PR was +re-do them if the CI/CD pipeline was triggered before the decommissioning PR was merged. ## 4. Delete the Helm release and namespace diff --git a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md index d538d935f9..44ebcc4e2c 100644 --- a/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md +++ b/docs/hub-deployment-guide/hubs/other-hub-ops/move-hubs/across-clusters.md @@ -15,7 +15,7 @@ Next, copy home directory contents from the old cluster to the new cluster. ```{note} This might not entirely be necessary - if the source and target cluster -are in the same GCP Project / AWS Account, we can just re-use the same +are in the same GCP Project / AWS Account, we can just reuse the same home directory storage! ``` @@ -33,7 +33,7 @@ Primarily used with GKE right now. NFS server will be able to open SSH connections to the source NFS server. 4. Copy the NFS home directories from the source NFS server to the target NFS server, making sure that the NFS exports locations - match up appopriately. For example, if the source NFS server has + match up appropriately. For example, if the source NFS server has home directories for each hub stored in `/export/home-01/homes`, and the target NFS server also has hub home directories stored under `/export/home-01/homes`, you can `scp` the contents across with: @@ -99,7 +99,7 @@ source & dest EFS instances are created, create a DataSync instance in the the VPC, Subnet and Security Group that have access to the EFS instance (you can find these details in the 'Network' tab of the EFS page in the AWS Console). Set the transfer to hourly, but immediately manually start the sync task. Once the -data is transfered over and verified, switch the EFS used in the hub config. +data is transferred over and verified, switch the EFS used in the hub config. Remember to delete the datasync instance soon after - or it might incur extra charges! @@ -191,7 +191,7 @@ Tip: You can use [this script](https://github.com/2i2c-org/infrastructure/tree/H Make sure the new cluster has Grafana Dashboards deployed. If not, follow the steps in [](setup-grafana). Also, verify if the old cluster had Prometheus deployed and whether you also need to migrate that. ## 4. Take down the current hub -Delete the proxy service to make the hub unreacheable. +Delete the proxy service to make the hub unreachable. ``` bash kubectl delete svc proxy-public -n diff --git a/docs/reference/ci-cd/auto-bumping.md b/docs/reference/ci-cd/auto-bumping.md index b2186a5018..6995214692 100644 --- a/docs/reference/ci-cd/auto-bumping.md +++ b/docs/reference/ci-cd/auto-bumping.md @@ -55,7 +55,7 @@ Two inputs are required for this Action: 2. A variable called `chart_urls` which is a dictionary containing information about the sub-charts we wish to bump in the given config file. By providing a dictionary in this way, we can choose to include/exclude sub-charts in the given config from being bumped. -The `chart_urls` has the sub-charts we wish to bump as keys, and URLs where a list of pulished versions of those charts is available. +The `chart_urls` has the sub-charts we wish to bump as keys, and URLs where a list of published versions of those charts is available. An example below would bump the JupyterHub subchart of the basehub helm chart. ```json diff --git a/docs/reference/options.md b/docs/reference/options.md index 2d838a7203..c053abac5a 100644 --- a/docs/reference/options.md +++ b/docs/reference/options.md @@ -48,7 +48,7 @@ $(document).ready( function () { {"render": checkbox}, // dedicated cluster column {"render": checkbox}, // dedicated nodepool column {"render": checkbox}, // user buckets (scratch/persistent) column - {"render": checkbox}, // requestor pays for buckets storage column + {"render": checkbox}, // requester pays for buckets storage column null, // authenticator column {"render": checkbox}, // user anonymisation column {"render": checkbox}, // allusers access column @@ -231,7 +231,7 @@ flowchart TB public_bucket[Publicly accessible] from_hub[Buckets accessible from the Hub] outside_hub[Buckets accessible from outside the Hub] - requestor_pays[Requestor Pays] + requestor_pays[Requester Pays] hub_cloud_permissions --> outside_hub hub_cloud_permissions -- default --> from_hub diff --git a/docs/reference/tools.md b/docs/reference/tools.md index eb9b2f5c35..34881f7073 100644 --- a/docs/reference/tools.md +++ b/docs/reference/tools.md @@ -84,7 +84,7 @@ to encrypt our secrets, so you need the Google Cloud tools installed and authenticated locally (following [the instructions here](https://github.com/mozilla/sops/#23encrypting-using-gcp-kms)) before you can use sops. -`sops` is called programatically by our deployment scripts to decrypt +`sops` is called programmatically by our deployment scripts to decrypt files for deployment, and you will use it interactively to modify or encrypt new files. diff --git a/docs/sre-guide/common-problems-solutions.md b/docs/sre-guide/common-problems-solutions.md index f3b8df36cc..fc64871c89 100644 --- a/docs/sre-guide/common-problems-solutions.md +++ b/docs/sre-guide/common-problems-solutions.md @@ -196,7 +196,7 @@ name of with our second environment variable. export GITHUB_ENV=test.txt # You can call this file anything you like, it's the setting of GITHUB_ENV that's important ``` -This mimicks the GitHub Actions environment where a `GITHUB_ENV` file is available +This mimics the GitHub Actions environment where a `GITHUB_ENV` file is available to store and share environment variables across steps/jobs, and this will be where our JSON formatted job matrices will be written to. diff --git a/docs/sre-guide/manage-k8s/node-administration.md b/docs/sre-guide/manage-k8s/node-administration.md index 446e52fa73..b6f22b92c0 100644 --- a/docs/sre-guide/manage-k8s/node-administration.md +++ b/docs/sre-guide/manage-k8s/node-administration.md @@ -11,7 +11,7 @@ This separation should protect against user pods exhausting the resources needed The machines where the core nodes run, are different than the ones on which the user nodes run. The type of these machines is chosen based on the number, type, and the resource needs (CPU, memory, etc.) of the pods that will be scheduled to run on these nodes. -Because of this resource dependance, these types might be adjusted in the future. +Because of this resource dependence, these types might be adjusted in the future. You can checkout the exact type of the core and user nodes VMs in the `terraform` config for each cloud provider. For example, here is the [`terraform` config for Google Cloud](https://github.com/2i2c-org/infrastructure/tree/HEAD/terraform/gcp/variables.tf). diff --git a/docs/sre-guide/node-scale-up/azure.md b/docs/sre-guide/node-scale-up/azure.md index 01fc6b7fda..785145852e 100644 --- a/docs/sre-guide/node-scale-up/azure.md +++ b/docs/sre-guide/node-scale-up/azure.md @@ -29,7 +29,7 @@ server startup faster. then in order to scale up the node pool to an exact number of nodes, temporarily deactivate the autoscaler, by selecting the `Manual` option, introduce the desired number of nodes then click `Apply`. -1. After the Apply succeded, you should see the new nodes coming up. +1. After the Apply succeeded, you should see the new nodes coming up. You can then click on `Scale node pool` option again, **enable the `Autoscale`**, and set the `Min` number of nodes to the desired one the you set in the step before. diff --git a/docs/sre-guide/node-scale-up/index.md b/docs/sre-guide/node-scale-up/index.md index ff2552fe28..42f856f797 100644 --- a/docs/sre-guide/node-scale-up/index.md +++ b/docs/sre-guide/node-scale-up/index.md @@ -1,6 +1,6 @@ # Scaling nodepools -When we provision Kubernetes clusters, we setup two, somtimes three, nodepools: +When we provision Kubernetes clusters, we setup two, sometimes three, nodepools: - `core` that contains 'always-on' services such as the hub itself; - `notebooks` where users' notebook servers are created; diff --git a/docs/sre-guide/support/grafana-account.md b/docs/sre-guide/support/grafana-account.md index ef2d64f3bd..69a3006c2d 100644 --- a/docs/sre-guide/support/grafana-account.md +++ b/docs/sre-guide/support/grafana-account.md @@ -29,7 +29,7 @@ However, for now, we can **invite** individual users to a grafana via the Grafan and then select "Users". ```{figure} ../../images/grafana-grant-access_step-3a.jpg - Location of the "hamburger" menu on the Grafana dashbaord + Location of the "hamburger" menu on the Grafana dashboard ``` ```{figure} ../../images/grafana-grant-access_step-3b.jpg @@ -72,5 +72,5 @@ However, for now, we can **invite** individual users to a grafana via the Grafan ``` ```{warning} - Anyone posessing this invite link can access the grafana, so make sure to not leak it! + Anyone possessing this invite link can access the grafana, so make sure to not leak it! ``` diff --git a/docs/topic/access-creds/cloud-auth.md b/docs/topic/access-creds/cloud-auth.md index 3953ad4b28..f05d3326d9 100644 --- a/docs/topic/access-creds/cloud-auth.md +++ b/docs/topic/access-creds/cloud-auth.md @@ -44,7 +44,7 @@ AWS Organizations (cloud-access:aws-management-account)= AWS Management Account -: A special account that is a centralized place for configuration for an AWS Organization and other accounts that might be in it. Our AWS Management account is `2i2c-sandbox`. It defines our **payment methods** for centralized payment across all of our accounts. So each of our AWS Accounts generates a bill, and these are consolidated into `2i2c-sandbox` and payed with a single credit card. +: A special account that is a centralized place for configuration for an AWS Organization and other accounts that might be in it. Our AWS Management account is `2i2c-sandbox`. It defines our **payment methods** for centralized payment across all of our accounts. So each of our AWS Accounts generates a bill, and these are consolidated into `2i2c-sandbox` and paid with a single credit card. (cloud-access:aws-sso)= diff --git a/docs/topic/features.md b/docs/topic/features.md index a5c7359f28..517f7fee16 100644 --- a/docs/topic/features.md +++ b/docs/topic/features.md @@ -28,7 +28,7 @@ improving the security posture of our hubs. By default, the organization *hosting* data on Google Cloud pays for both storage and bandwidth costs of the data. However, Google Cloud also offers -a [requestor pays](https://cloud.google.com/storage/docs/requester-pays) +a [requester pays](https://cloud.google.com/storage/docs/requester-pays) option, where the bandwidth costs are paid for by the organization *requesting* the data. This is very commonly used by organizations that provide big datasets on Google Cloud storage, to sustainably share costs of maintaining the data. diff --git a/docs/topic/infrastructure/config.md b/docs/topic/infrastructure/config.md index 87a563c4ac..d0fe8c7991 100644 --- a/docs/topic/infrastructure/config.md +++ b/docs/topic/infrastructure/config.md @@ -26,7 +26,7 @@ pieces of config people want to know values for, and where you can find them. The default memory limit and guarantee for all users across all our hubs is set in [`helm-charts/basehub/values.yaml`](https://github.com/2i2c-org/infrastructure/tree/HEAD/helm-charts/basehub/values.yaml#L104), -under `jupyterhub.singleuser.memory`. This is sometimes overriden on a per-hub +under `jupyterhub.singleuser.memory`. This is sometimes overridden on a per-hub basis in the config for the hub under [`config/clusters`](https://github.com/2i2c-org/infrastructure/tree/HEAD/config/clusters) ### 2i2c staff lists diff --git a/docs/topic/infrastructure/hub-helm-charts.md b/docs/topic/infrastructure/hub-helm-charts.md index 9dd83ca40c..1d0965b575 100644 --- a/docs/topic/infrastructure/hub-helm-charts.md +++ b/docs/topic/infrastructure/hub-helm-charts.md @@ -41,7 +41,7 @@ subcharts of the daskhub. ``` % The editable version of the diagram is here: https://docs.google.com/presentation/d/1KMyrTd3wdR715tPGuzIHkHqScXBlLpeiksIM2x7EI0g/edit?usp=sharing -This hierachy is the reason why when adding a new hub using the `daskhub` +This hierarchy is the reason why when adding a new hub using the `daskhub` specific configuration in a `*.values.yaml` file needs to be nested under a `basehub` key, indicating that we are overriding configuration from the *basehub/jupyterhub* parent chart. diff --git a/extra-scripts/comment-deployment-plan-pr.py b/extra-scripts/comment-deployment-plan-pr.py index 26c8d261ca..66d8b9edec 100644 --- a/extra-scripts/comment-deployment-plan-pr.py +++ b/extra-scripts/comment-deployment-plan-pr.py @@ -45,7 +45,7 @@ # If "Link" is present in the response headers, that means that the results are # paginated and we need to loop through them to collect all the results. # It is unlikely that we will have more than 100 artifact results for a single -# worflow ID however. +# workflow ID however. while ("Link" in response.headers.keys()) and ( 'rel="next"' in response.headers["Link"] ): diff --git a/helm-charts/basehub/templates/home-dirsize-reporter.yaml b/helm-charts/basehub/templates/home-dirsize-reporter.yaml index 2032105ee3..0def5663f3 100644 --- a/helm-charts/basehub/templates/home-dirsize-reporter.yaml +++ b/helm-charts/basehub/templates/home-dirsize-reporter.yaml @@ -38,7 +38,7 @@ spec: image: quay.io/yuvipanda/prometheus-dirsize-exporter:v3.0 resources: # Provide limited resources for this collector, as it can - # baloon up (especially in CPU) quite easily. We are quite ok with + # balloon up (especially in CPU) quite easily. We are quite ok with # the collection taking a while as long as we aren't costing too much # CPU or RAM requests: diff --git a/helm-charts/daskhub/values.yaml b/helm-charts/daskhub/values.yaml index 202d220105..b9d484762e 100644 --- a/helm-charts/daskhub/values.yaml +++ b/helm-charts/daskhub/values.yaml @@ -99,7 +99,7 @@ basehub: dask-gateway: enabled: true # Enabling dask-gateway will install Dask Gateway as a dependency. - # Futher Dask Gateway configuration goes here + # Further Dask Gateway configuration goes here # See https://github.com/dask/dask-gateway/blob/master/resources/helm/dask-gateway/values.yaml gateway: backend: diff --git a/helm-charts/images/hub/Dockerfile b/helm-charts/images/hub/Dockerfile index c58effa62d..73ed81ab51 100644 --- a/helm-charts/images/hub/Dockerfile +++ b/helm-charts/images/hub/Dockerfile @@ -16,7 +16,7 @@ FROM jupyterhub/k8s-hub:3.2.1 # chartpress.yaml defines multiple hub images differentiated only by a # requirements.txt file with dependencies, this build argument allows us to -# re-use this Dockerfile for all images. +# reuse this Dockerfile for all images. ARG REQUIREMENTS_FILE COPY ${REQUIREMENTS_FILE} /tmp/ diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index eeaff70123..952be24096 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: support version: "0.1.0" -description: Cluster wide depdencies for deployed hubs +description: Cluster wide dependencies for deployed hubs dependencies: # Prometheus for collection of metrics. diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index 39996dc6ad..42702aedcd 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -297,7 +297,7 @@ grafana: # prometheus and grafana. # # Grafana's memory use seems to increase over time but seems reasonable to - # stay below 200Mi for years to come. Grafana's CPU use seems miniscule with + # stay below 200Mi for years to come. Grafana's CPU use seems minuscule with # peaks at up to 9m CPU from one user is browsing its dashboards. # # PromQL queries for CPU and memory use: diff --git a/terraform/aws/projects/nasa-cryo.tfvars b/terraform/aws/projects/nasa-cryo.tfvars index 57255c60d1..1f45519983 100644 --- a/terraform/aws/projects/nasa-cryo.tfvars +++ b/terraform/aws/projects/nasa-cryo.tfvars @@ -25,7 +25,7 @@ hub_cloud_permissions = { requestor_pays : true, bucket_admin_access : ["scratch-staging", "persistent-staging"], # Provides readonly requestor-pays access to usgs-landsat bucket - # FIXME: We should find a way to allow access to *all* requestor pays + # FIXME: We should find a way to allow access to *all* requester pays # buckets, without having to explicitly list them. However, we don't want # to give access to all *internal* s3 buckets willy-nilly - this can be # a massive security hole, especially if terraform state is also here. @@ -60,7 +60,7 @@ hub_cloud_permissions = { requestor_pays : true, bucket_admin_access : ["scratch", "persistent"], # Provides readonly requestor-pays access to usgs-landsat bucket - # FIXME: We should find a way to allow access to *all* requestor pays + # FIXME: We should find a way to allow access to *all* requester pays # buckets, without having to explicitly list them. However, we don't want # to give access to all *internal* s3 buckets willy-nilly - this can be # a massive security hole, especially if terraform state is also here. diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf index 5d14d383da..d12860e302 100644 --- a/terraform/gcp/cluster.tf +++ b/terraform/gcp/cluster.tf @@ -254,7 +254,7 @@ resource "google_container_node_pool" "notebook" { version = coalesce(each.value.node_version, var.k8s_versions.notebook_nodes_version) # terraform treats null same as unset, so we only set the node_locations - # here if it is explicitly overriden. If not, it will just inherit whatever + # here if it is explicitly overridden. If not, it will just inherit whatever # is set for the cluster. node_locations = length(each.value.zones) == 0 ? null : each.value.zones @@ -357,7 +357,7 @@ resource "google_container_node_pool" "dask_worker" { version = var.k8s_versions.dask_nodes_version # terraform treats null same as unset, so we only set the node_locations - # here if it is explicitly overriden. If not, it will just inherit whatever + # here if it is explicitly overridden. If not, it will just inherit whatever # is set for the cluster. node_locations = length(each.value.zones) == 0 ? null : each.value.zones diff --git a/terraform/gcp/main.tf b/terraform/gcp/main.tf index 5c25c9af1d..e9cb62e3e8 100644 --- a/terraform/gcp/main.tf +++ b/terraform/gcp/main.tf @@ -44,7 +44,7 @@ provider "google" { # the API for all our existing GCP projects and new GCP projects, and # then reference var.project_id instead. # - # But who knows, its hard to understand whats going on. + # But who knows, its hard to understand what's going on. # user_project_override = true billing_project = var.billing_project_id diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 79aa0eef97..91a7526f3e 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -226,7 +226,7 @@ variable "core_node_max_count" { Core nodes can scale up to this many nodes if necessary. They are part of the 'base cost', should be kept to a minimum. This number should be small enough to prevent runaway scaling, - but large enough to support ocassional spikes for whatever reason. + but large enough to support occasional spikes for whatever reason. Minimum node count is fixed at 1. EOT diff --git a/terraform/gcp/workload-identity.tf b/terraform/gcp/workload-identity.tf index b898cfa32d..99e907c74e 100644 --- a/terraform/gcp/workload-identity.tf +++ b/terraform/gcp/workload-identity.tf @@ -32,7 +32,7 @@ resource "google_service_account_iam_binding" "workload_identity_binding" { ] } -# To access GCS buckets with requestor pays, the calling code needs +# To access GCS buckets with requester pays, the calling code needs # to have serviceusage.services.use permission. We create a role # granting just this to provide the workload SA, so user pods can # use it. See https://cloud.google.com/storage/docs/requester-pays From 28d4e3debaaa63135f94424bacfcc57fab7c1fdd Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Thu, 25 Jan 2024 12:14:21 -0500 Subject: [PATCH 326/494] [DATALAD RUNCMD] Do interactive fixing of some ambigous typos === Do not change lines below === { "chain": [], "cmd": "codespell -w -i 3 -C 2", "exit": 0, "extra_inputs": [], "inputs": [], "outputs": [], "pwd": "." } ^^^ Do not change lines above ^^^ --- deployer/commands/exec/infra_components.py | 4 ++-- helm-charts/basehub/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployer/commands/exec/infra_components.py b/deployer/commands/exec/infra_components.py index 5b98620c89..7ea1fba30f 100644 --- a/deployer/commands/exec/infra_components.py +++ b/deployer/commands/exec/infra_components.py @@ -210,8 +210,8 @@ def ask_for_dirname_again(): """ Function that asks the user to provide the name of the source and dest directories using typer prompts. - Returns the name of the source and dest directories as a touple if they were provided by the user - or the None, None touple. + Returns the name of the source and dest directories as a tuple if they were provided by the user + or the None, None tuple. """ print_colour("Asking for the dirs again...", "yellow") continue_with_dir_names_confirmation = typer.confirm( diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index c3b1afb50f..ec16311659 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -329,7 +329,7 @@ jupyterhub: # images, this is just invisible in the UI and there is no performance overhead # for these extra bind mounts. An additional positive here is that in case *students* # end up accidentally hardcoding paths in their notebooks, it will continue to work - # regardless of wether they or on RStudio or JupyterLab (described to us as a serious + # regardless of whether they or on RStudio or JupyterLab (described to us as a serious # problem by openscapes) - name: home mountPath: /home/rstudio From 039ce211a47812567ebfdd3fd8f591564f068dc6 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Thu, 25 Jan 2024 10:19:37 -0800 Subject: [PATCH 327/494] Fix typo Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/hub-deployment-guide/configure-auth/auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub-deployment-guide/configure-auth/auth0.md b/docs/hub-deployment-guide/configure-auth/auth0.md index 9ab0b97f39..ff5f34d6a1 100644 --- a/docs/hub-deployment-guide/configure-auth/auth0.md +++ b/docs/hub-deployment-guide/configure-auth/auth0.md @@ -19,7 +19,7 @@ to create a [Regular Auth0 Web App](https://auth0.com/docs/get-started/auth0-ove for each hub - so at the least, for the staging hub and the production hub. Under [Application URIs](https://auth0.com/docs/get-started/applications/application-settings#application-uris), -they should use the following URL under"Allowed Callback URLs": +they should use the following URL under "Allowed Callback URLs": `https:///hub/oauth_callback` From e986799ff71b324ab8daf50672e7f737cb17088d Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 25 Jan 2024 11:26:48 -0800 Subject: [PATCH 328/494] Handle deployment-service-check user for auth0 That user (which we use for our health checks) does not have any auth state, so this was causing health checks to fail. Follow-up to https://github.com/2i2c-org/infrastructure/pull/3618 --- config/clusters/earthscope/common.values.yaml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index 16b420da25..9894867279 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -87,12 +87,15 @@ basehub: return False def populate_token(spawner, auth_state): - token_env = { - 'AUTH0_ACCESS_TOKEN': auth_state.get("access_token", ""), - 'AUTH0_ID_TOKEN': auth_state.get("id_token", ""), - 'AUTH0_REFRESH_TOKEN': auth_state.get('refresh_token', '') - } - spawner.environment.update(token_env) + # For our deployment-service-check health check user, there is no auth_state. + # So these env variables need not be set. + if auth_state: + token_env = { + 'AUTH0_ACCESS_TOKEN': auth_state.get("access_token", ""), + 'AUTH0_ID_TOKEN': auth_state.get("id_token", ""), + 'AUTH0_REFRESH_TOKEN': auth_state.get('refresh_token', '') + } + spawner.environment.update(token_env) c.Spawner.auth_state_hook = populate_token From 5bc5b571c0666b94d48ac501a42c143542a11a35 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 25 Jan 2024 12:51:37 -0800 Subject: [PATCH 329/494] Move the technical contact check higher up --- .../ISSUE_TEMPLATE/2_new-hub-provide-info.yml | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml b/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml index 94225974db..f095d227c2 100644 --- a/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml +++ b/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml @@ -23,6 +23,20 @@ body: validations: required: true + - type: checkboxes + attributes: + label: Technical support contacts listed + description: | + Technical contacts are the folks who are authorized to open support tickets about this hub. + The source of truth is maintained in [this airtable](https://airtable.com/appxk7c9WUsDjSi0Q/tbl3CWOgyoEtuGuIw/viwtpo7RxkYv63hiD?blocks=hide). + + Validate that there is at least one technical contact listed in the airtable for this hub. If not, ping + partnerships to ensure they find out who that is and fill that information in. + options: + - label: Technical contact present + validations: + required: true + - type: textarea attributes: label: Hub important dates @@ -172,20 +186,6 @@ body: validations: required: false - - type: checkboxes - attributes: - label: Technical support contacts listed - description: | - Technical contacts are the folks who are authorized to open support tickets about this hub. - The source of truth is maintained in [this airtable](https://airtable.com/appxk7c9WUsDjSi0Q/tbl3CWOgyoEtuGuIw/viwtpo7RxkYv63hiD?blocks=hide). - - Validate that there is at least one technical contact listed in the airtable for this hub. If not, ping - partnerships to ensure they find out who that is and fill that information in. - options: - - label: Technical contact present - validations: - required: true - - type: dropdown attributes: label: (Optional) Preferred cloud provider From 32c486695605b51481b181d0543214ea07e82047 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 25 Jan 2024 14:59:13 -0800 Subject: [PATCH 330/494] earthscope: Redirect back to the hub home page on logout Otherwise, you just get stuck on a page that says 'OK'. Contributed upstream in https://github.com/jupyterhub/oauthenticator/pull/722 Upstream work is tracked via https://github.com/2i2c-org/infrastructure/issues/3637 --- config/clusters/earthscope/common.values.yaml | 25 ++++++++++++++++++- config/clusters/earthscope/prod.values.yaml | 2 ++ .../clusters/earthscope/staging.values.yaml | 2 ++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index 9894867279..3cc66f3c2f 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -36,7 +36,8 @@ basehub: extraConfig: 001-username-claim: | from oauthenticator.auth0 import Auth0OAuthenticator - from traitlets import List, Unicode + from traitlets import List, Unicode, default + from urllib.parse import urlencode class CustomAuth0OAuthenticator(Auth0OAuthenticator): # required_scopes functionality comes in from https://github.com/jupyterhub/oauthenticator/pull/719 @@ -59,6 +60,28 @@ basehub: """, ) + # Upstreamed at https://github.com/jupyterhub/oauthenticator/pull/722 + logout_redirect_to_url = Unicode( + config=True, + help=""" + Redirect to this URL after the user is logged out. + + Must be explicitly added to the "Allowed Logout URLs" in the configuration + for this Auth0 application. See https://auth0.com/docs/authenticate/login/logout/redirect-users-after-logout + for more information. + """ + ) + + @default("logout_redirect_url") + def _logout_redirect_url_default(self): + url = f"https://{self.auth0_domain}/v2/logout" + if self.logout_redirect_to_url: + # If a redirectTo is set, we must also include the `client_id` + # Auth0 expects `client_id` to be snake cased while `redirectTo` is camel cased + params = urlencode({"client_id": self.client_id, "redirectTo": self.logout_redirect_to_url}) + url = f"{url}?{params}" + return url + async def authenticate(self, *args, **kwargs): auth_model = await super().authenticate(*args, **kwargs) username = auth_model["name"] diff --git a/config/clusters/earthscope/prod.values.yaml b/config/clusters/earthscope/prod.values.yaml index e8e7aeee13..1bba5920c2 100644 --- a/config/clusters/earthscope/prod.values.yaml +++ b/config/clusters/earthscope/prod.values.yaml @@ -12,6 +12,8 @@ basehub: name: "EarthScope" hub: config: + CustomAuth0OAuthenticator: + logout_redirect_to_url: https://earthscope.2i2c.cloud Auth0OAuthenticator: auth0_domain: login.earthscope.org extra_authorize_params: diff --git a/config/clusters/earthscope/staging.values.yaml b/config/clusters/earthscope/staging.values.yaml index 4f2a7d6049..728745a671 100644 --- a/config/clusters/earthscope/staging.values.yaml +++ b/config/clusters/earthscope/staging.values.yaml @@ -12,6 +12,8 @@ basehub: name: "EarthScope staging" hub: config: + CustomAuth0OAuthenticator: + logout_redirect_to_url: https://staging.earthscope.2i2c.cloud Auth0OAuthenticator: auth0_domain: login-dev.earthscope.org extra_authorize_params: From aa2542caa011338f064f94775b81f3c4c949a0ca Mon Sep 17 00:00:00 2001 From: Georgiana Date: Fri, 26 Jan 2024 13:58:17 +0200 Subject: [PATCH 331/494] Fix typo Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- deployer/commands/validate/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployer/commands/validate/config.py b/deployer/commands/validate/config.py index 7eaf748de9..b57098dc4e 100644 --- a/deployer/commands/validate/config.py +++ b/deployer/commands/validate/config.py @@ -243,7 +243,7 @@ def configurator_config( """ For each hub of a specific cluster: - It asserts that when the singleuser configuration overrides the same fields like the configurator, - the later must be disabled. + the latter must be disabled. An error is raised otherwise. """ _prepare_helm_charts_dependencies_and_schemas() From 897839ad79d9c3c6c0f862c12410ab2a8f0d3a4f Mon Sep 17 00:00:00 2001 From: Georgiana Date: Fri, 26 Jan 2024 13:59:35 +0200 Subject: [PATCH 332/494] Be more explicit about what the error message is about Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- deployer/commands/validate/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployer/commands/validate/config.py b/deployer/commands/validate/config.py index b57098dc4e..4e9eb2053f 100644 --- a/deployer/commands/validate/config.py +++ b/deployer/commands/validate/config.py @@ -242,7 +242,7 @@ def configurator_config( ): """ For each hub of a specific cluster: - - It asserts that when the singleuser configuration overrides the same fields like the configurator, + - It asserts that when the singleuser configuration overrides the same fields like the configurator, specifically kubespawner_override and profile_options, the latter must be disabled. An error is raised otherwise. """ From 033e2686531d25435b6b86eb55b48ec46a9923f2 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Fri, 26 Jan 2024 13:18:00 +0000 Subject: [PATCH 333/494] Fix a link that wasn't rendering properly --- docs/howto/features/ephemeral.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index fea87e1ffe..b5c3e320fb 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -175,7 +175,7 @@ for distributing content. This allows creation of a specific link that will put users who click it on a specific notebook with a specific UI (such as lab, classic notebook, RStudio, etc). -The [http://nbgitpuller.link/](nbgitpuller link generator) supports mybinder.org +The [nbgitpuller link generator](http://nbgitpuller.link/) supports mybinder.org style links, but for use with *ephemeral hubs*, just use the regular 'JupyterHub' link generator. [Firefox](https://addons.mozilla.org/en-US/firefox/addon/nbgitpuller-link-generator/) and [Google Chrome](https://chrome.google.com/webstore/detail/nbgitpuller-link-generato/hpdbdpklpmppnoibabdkkhnfhkkehgnc) From d7ec474886dd625d12ef77b2280d07108be97e29 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Fri, 26 Jan 2024 17:06:09 -0300 Subject: [PATCH 334/494] uvri: Add admin user --- config/clusters/catalystproject-africa/uvri.values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/catalystproject-africa/uvri.values.yaml b/config/clusters/catalystproject-africa/uvri.values.yaml index 810d04b3da..f1c0b5e724 100644 --- a/config/clusters/catalystproject-africa/uvri.values.yaml +++ b/config/clusters/catalystproject-africa/uvri.values.yaml @@ -33,9 +33,9 @@ jupyterhub: - CatalystProject-Hubs:uvri scope: - read:org - # Authenticator: - # admin_users: - # - + Authenticator: + admin_users: + - eddUG singleuser: profileList: - display_name: Jupyter From 71d344a1e4e626c112e16378b83fec312f3fdb19 Mon Sep 17 00:00:00 2001 From: Alejandro Ismael Silva Date: Fri, 26 Jan 2024 17:23:31 -0300 Subject: [PATCH 335/494] uvri: disable the configurator Co-authored-by: Georgiana --- config/clusters/catalystproject-africa/uvri.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/catalystproject-africa/uvri.values.yaml b/config/clusters/catalystproject-africa/uvri.values.yaml index f1c0b5e724..918ed6ab94 100644 --- a/config/clusters/catalystproject-africa/uvri.values.yaml +++ b/config/clusters/catalystproject-africa/uvri.values.yaml @@ -8,6 +8,8 @@ jupyterhub: 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false homepage: templateVars: org: From 353aaa46bf4152fe10a04ee74957cda3369dedfe Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Wed, 13 Dec 2023 16:34:36 -0300 Subject: [PATCH 336/494] Add CICADA hub on catalystproject-latam cluster --- .../catalystproject-latam/cicada.values.yaml | 39 +++++++++++++++++++ .../catalystproject-latam/cluster.yaml | 8 ++++ .../enc-cicada.secret.values.yaml | 20 ++++++++++ 3 files changed, 67 insertions(+) create mode 100644 config/clusters/catalystproject-latam/cicada.values.yaml create mode 100644 config/clusters/catalystproject-latam/enc-cicada.secret.values.yaml diff --git a/config/clusters/catalystproject-latam/cicada.values.yaml b/config/clusters/catalystproject-latam/cicada.values.yaml new file mode 100644 index 0000000000..bae8de3cff --- /dev/null +++ b/config/clusters/catalystproject-latam/cicada.values.yaml @@ -0,0 +1,39 @@ +jupyterhub: + ingress: + hosts: [cicada.latam.catalystproject.2i2c.cloud] + tls: + - hosts: [cicada.latam.catalystproject.2i2c.cloud] + secretName: https-auto-tls + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Catalyst Project, LatAm - CICADA + url: "https://cicada.uy/" + logo_url: https://cicada.uy/wp-content/uploads/2021/07/Logo-Cicada-e1625771419399.png + designed_by: + name: "2i2c" + url: https://2i2c.org + operated_by: + name: "2i2c" + url: https://2i2c.org + funded_by: + name: Chan Zuckerberg Initiative - Open Science + url: "https://chanzuckerberg.com/science/programs-resources/open-science/" + hub: + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://cicada.latam.catalystproject.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - CICADA-hubs + scope: + - read:org + Authenticator: + admin_users: + - mfariello + - luciauy diff --git a/config/clusters/catalystproject-latam/cluster.yaml b/config/clusters/catalystproject-latam/cluster.yaml index cd11869c40..d8e7af81d8 100644 --- a/config/clusters/catalystproject-latam/cluster.yaml +++ b/config/clusters/catalystproject-latam/cluster.yaml @@ -33,3 +33,11 @@ hubs: - common.values.yaml - unitefa-conicet.values.yaml - enc-unitefa-conicet.secret.values.yaml + - name: cicada + display_name: "Catalyst Project, LatAm - CICADA" + domain: cicada.latam.catalystproject.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - cicada.values.yaml + - enc-cicada.secret.values.yaml diff --git a/config/clusters/catalystproject-latam/enc-cicada.secret.values.yaml b/config/clusters/catalystproject-latam/enc-cicada.secret.values.yaml new file mode 100644 index 0000000000..e175c410c7 --- /dev/null +++ b/config/clusters/catalystproject-latam/enc-cicada.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:zxCOJ8mjqR+xBpsz0HpFsUStS8I=,iv:7d2fjvmGVxkOTZ8xz50b2wrvT72ytOknwNem3KSllcM=,tag:o57jzgHPoOSuT9CAHnbREw==,type:str] + client_secret: ENC[AES256_GCM,data:O6CpyvDhCDlA40vtiKTwQ8A8/o3Lk+mgCv8cs00fFxbxerxsC64pVg==,iv:DSPf5/jq8lsqKsoVP+Ok81tWif3gji7+ZXkepJj+Lzc=,tag:uWc0o3L4D6jMwNVSQaPTUg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-12-14T20:04:27Z" + enc: CiUA4OM7eAFaGyBVMS6lLZIWNElU5r/7ZRC8lwFzpfXqMp/ezVPPEkkAjTWv+iK4ew9YxFceEes4r01ULi4kS1467tLMNP4wiK0wajCBqwefCnR3JuA0dAhF8f8OTYEfVAlRiQIBFfOoTrReCW6LMKPs + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-12-14T20:04:28Z" + mac: ENC[AES256_GCM,data:rec/sZYtFB9rbEw6wcLxwmWZ3FQQgBUPrf+OncCCDcdJfTpJgbf0tA4HUYbmfw0KQV0u/6dQ9N1E+i31Vc1r5NcuCcaFiB0hiwv+x6RLlSR5dT4anO0CjHflKzA4x8RQRNZ69fv3/31kPAKThiVu5ronpsASJxSwdT64GT/yDtQ=,iv:0mDEHvYdYCZSCpeORvs4GAulPIyi21cT4KepcHY2DIc=,tag:lwnnxngi59sEm7kfOeTdSQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 From 7ff6d88302bb95b097a6f2d1f4cbb3d291c9881e Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Tue, 16 Jan 2024 13:34:54 -0300 Subject: [PATCH 337/494] cicada: simplify the profileList options --- .../catalystproject-latam/cicada.values.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/config/clusters/catalystproject-latam/cicada.values.yaml b/config/clusters/catalystproject-latam/cicada.values.yaml index bae8de3cff..786cbefad2 100644 --- a/config/clusters/catalystproject-latam/cicada.values.yaml +++ b/config/clusters/catalystproject-latam/cicada.values.yaml @@ -37,3 +37,35 @@ jupyterhub: admin_users: - mfariello - luciauy + singleuser: + profileList: + - display_name: Jupyter + slug: jupyter-scipy + description: "Python environment" + default: true + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-27 + default_url: /lab + profile_options: &profile_options + resource_allocation: + display_name: Resource Allocation + choices: + mem_8: + default: true + display_name: ~8 GB RAM, ~1.0 CPU + kubespawner_override: + mem_guarantee: 6.684G + cpu_guarantee: 0.75 + mem_limit: null + cpu_limit: null + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + - display_name: RStudio + description: R environment + kubespawner_override: + image: rocker/binder:4.3 + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + profile_options: *profile_options From cd0f82ac51818d4077bf0e413273e69bc7657e59 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Thu, 18 Jan 2024 00:11:58 -0300 Subject: [PATCH 338/494] Add GITA hub on catalystproject-latam cluster --- .../catalystproject-latam/cluster.yaml | 8 +++ .../enc-gita.secret.values.yaml | 20 ++++++ .../catalystproject-latam/gita.values.yaml | 70 +++++++++++++++++++ 3 files changed, 98 insertions(+) create mode 100644 config/clusters/catalystproject-latam/enc-gita.secret.values.yaml create mode 100644 config/clusters/catalystproject-latam/gita.values.yaml diff --git a/config/clusters/catalystproject-latam/cluster.yaml b/config/clusters/catalystproject-latam/cluster.yaml index d8e7af81d8..b19d00710b 100644 --- a/config/clusters/catalystproject-latam/cluster.yaml +++ b/config/clusters/catalystproject-latam/cluster.yaml @@ -41,3 +41,11 @@ hubs: - common.values.yaml - cicada.values.yaml - enc-cicada.secret.values.yaml + - name: gita + display_name: "Catalyst Project, LatAm - GITA" + domain: gita.latam.catalystproject.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - common.values.yaml + - gita.values.yaml + - enc-gita.secret.values.yaml diff --git a/config/clusters/catalystproject-latam/enc-gita.secret.values.yaml b/config/clusters/catalystproject-latam/enc-gita.secret.values.yaml new file mode 100644 index 0000000000..4f2cb62669 --- /dev/null +++ b/config/clusters/catalystproject-latam/enc-gita.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:/+L+lrHasy1fXdJqk81ICAQRFhw=,iv:P7XQGmkhfJwNUK5CdPogNILKUgdQV2LkSoNqRIIOzVc=,tag:a6LsC1wO9vvC0swaO+5zFg==,type:str] + client_secret: ENC[AES256_GCM,data:OEWuWUlxuM66ocyh30vHbVo7rKV+MCsGnYGPaAvGJLpZ6o35cUg43A==,iv:bEzJFVq1CZNwmWypGT7L5FZmHEl4iiOW1DOkOSORaDI=,tag:UTLjevBcSzDbnFxcyE8kKw==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-01-18T02:23:15Z" + enc: CiUA4OM7eOCBjXdrS9uc0fxzNQ79Yev2HDrme79QfHX0rDak3EqLEkkAjTWv+lJst5+W/Lw8PYZMteMCrM+kOv6erRDdafuu8w2ZsEo1RsULgfwoyewk/ZzyaFM91obHsQevECit/+1RWxB+krWrN2GU + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-01-18T02:23:16Z" + mac: ENC[AES256_GCM,data:mE/2Mcl5pMRXv4dVAKtQwcPluFChcbKlajczKdUzHp7+QjLqCn+Fdl4Bn8YIhvXG8HX/kkW2ZfdaCcvWaiUulwHZ4PJWN0IWBDWMezfK7E5gLiH/PGinc6lwZG++HT/tKw7bP1mX8Ltc6724maH1ZG2QpSF+Bo7hfU8ACr25Mlc=,iv:QTdUWv4bQsrV2H+hNNyTOabpYMNq7MKejScVLtMehME=,tag:cDr5P87/FXV7bfE0mFZiZA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/catalystproject-latam/gita.values.yaml b/config/clusters/catalystproject-latam/gita.values.yaml new file mode 100644 index 0000000000..bf3217f13d --- /dev/null +++ b/config/clusters/catalystproject-latam/gita.values.yaml @@ -0,0 +1,70 @@ +jupyterhub: + ingress: + hosts: [gita.latam.catalystproject.2i2c.cloud] + tls: + - hosts: [gita.latam.catalystproject.2i2c.cloud] + secretName: https-auto-tls + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: Catalyst Project, LatAm - GITA + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: "2i2c" + url: https://2i2c.org + operated_by: + name: "2i2c" + url: https://2i2c.org + funded_by: + name: Chan Zuckerberg Initiative - Open Science + url: "https://chanzuckerberg.com/science/programs-resources/open-science/" + hub: + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://gita.latam.catalystproject.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - CatalystProject-Hubs:gita + scope: + - read:org + # Authenticator: + # admin_users: + # - + singleuser: + profileList: + - display_name: Jupyter + slug: jupyter-scipy + description: "Python environment" + default: true + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-27 + default_url: /lab + profile_options: &profile_options + resource_allocation: + display_name: Resource Allocation + choices: + mem_8: + default: true + display_name: ~8 GB RAM, ~1.0 CPU + kubespawner_override: + mem_guarantee: 6.684G + cpu_guarantee: 0.75 + mem_limit: null + cpu_limit: null + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + - display_name: RStudio + description: R environment + kubespawner_override: + image: rocker/binder:4.3 + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + profile_options: *profile_options From 3f5ba8048780c2436ce6fe9bfe55202769530a82 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Thu, 18 Jan 2024 00:12:45 -0300 Subject: [PATCH 339/494] cicada: change GitHub organization --- config/clusters/catalystproject-latam/cicada.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/catalystproject-latam/cicada.values.yaml b/config/clusters/catalystproject-latam/cicada.values.yaml index 786cbefad2..1d9e18a963 100644 --- a/config/clusters/catalystproject-latam/cicada.values.yaml +++ b/config/clusters/catalystproject-latam/cicada.values.yaml @@ -30,7 +30,7 @@ jupyterhub: GitHubOAuthenticator: oauth_callback_url: https://cicada.latam.catalystproject.2i2c.cloud/hub/oauth_callback allowed_organizations: - - CICADA-hubs + - CatalystProject-Hubs:cicada scope: - read:org Authenticator: From e3e67a64c46794a66452a148dd51364b5c88516b Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Fri, 26 Jan 2024 18:08:29 -0300 Subject: [PATCH 340/494] cicada: Add admin user --- config/clusters/catalystproject-latam/gita.values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/catalystproject-latam/gita.values.yaml b/config/clusters/catalystproject-latam/gita.values.yaml index bf3217f13d..fd07c26bbe 100644 --- a/config/clusters/catalystproject-latam/gita.values.yaml +++ b/config/clusters/catalystproject-latam/gita.values.yaml @@ -33,9 +33,9 @@ jupyterhub: - CatalystProject-Hubs:gita scope: - read:org - # Authenticator: - # admin_users: - # - + Authenticator: + admin_users: + - rafaelorozco511 singleuser: profileList: - display_name: Jupyter From 04b07fd2a3c26d8cda3abd42b720b42825ec097a Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 29 Jan 2024 12:02:14 +0000 Subject: [PATCH 341/494] Add ephemeral spyglass hub to the hhmi cluster - ref: https://github.com/2i2c-org/infrastructure/issues/3643 --- config/clusters/hhmi/cluster.yaml | 7 ++ .../hhmi/enc-spyglass.secret.values.yaml | 20 +++++ config/clusters/hhmi/spyglass.values.yaml | 84 +++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 config/clusters/hhmi/enc-spyglass.secret.values.yaml create mode 100644 config/clusters/hhmi/spyglass.values.yaml diff --git a/config/clusters/hhmi/cluster.yaml b/config/clusters/hhmi/cluster.yaml index dacadffa58..3e9ef08ba5 100644 --- a/config/clusters/hhmi/cluster.yaml +++ b/config/clusters/hhmi/cluster.yaml @@ -32,3 +32,10 @@ hubs: - common.values.yaml - prod.values.yaml - enc-prod.secret.values.yaml + - name: spyglass + display_name: "HHMI Spyglass (ephemeral)" + domain: spyglass.hhmi.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + - spyglass.values.yaml + - enc-spyglass.secret.values.yaml diff --git a/config/clusters/hhmi/enc-spyglass.secret.values.yaml b/config/clusters/hhmi/enc-spyglass.secret.values.yaml new file mode 100644 index 0000000000..6b5f8dd829 --- /dev/null +++ b/config/clusters/hhmi/enc-spyglass.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + CILogonOAuthenticator: + client_id: ENC[AES256_GCM,data:tRMrV5gjq/CVdXVDLXV7GZ9CVbpuvqso6YqG/uGmiSf41tHm/JhhB3wK8KsF8PR1WhSX,iv:pNzlRpFjfuKhhy2yY4tjgno/loUJ1fILm4QyG4RTfQo=,tag:p4PvWRRHVrQ2T5636SeQvA==,type:str] + client_secret: ENC[AES256_GCM,data:/7S4rIlrctYvslOgQT3ca4ccnSHF91CgZWa/BFqoaS/+bM90JQXOOG+Ym16QOGaMAmz3nHTbb1Wcw97XEVA2QojSoXFolPSLW48SIu4DYXvNOhCDbvs=,iv:uNYsw9FEIrdYapjqu3iaxajjKi2EMS2HuoTDGoaYwM8=,tag:AyY2wBdTTcU06YD4suqfeA==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-01-29T11:47:45Z" + enc: CiUA4OM7eH7LaSZsJNEg4vcii34JBUu7DausMz17GSm8D1aEF+3gEkkAjTWv+irAbeNsrWhiyLRJkjvnjtp+Exfp4PnP//gxEfQY/l3yWzokRL2dH7i2pPcA0ZXBFpoh61y96zOawKhugploAubWVThg + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-01-29T11:47:45Z" + mac: ENC[AES256_GCM,data:+Sh6T1SAZXwtLAIwisQESaC8CrERYfdiwEMxHXUesaep5hf1rYR4dYp7+I8U07b+gHKES/t2m8AGNtFsndikEXCLfRAZ4vM2EQDXaf4CiZuMxFzLhoF3qSqp/0UC8Bh/ipqyTlKhCh/Gj1Ri93VVWtnSQeZRSvcJJfOzMtFzyRI=,iv:KSRpgoAozq4NpsYYYz1iM9fEk3sRtCVO3jfjnyihMjs=,tag:MavUCCPfDR2TgHj1FGz2XQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml new file mode 100644 index 0000000000..3e90bc8db3 --- /dev/null +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -0,0 +1,84 @@ +nfs: + enabled: true + dirsizeReporter: + enabled: true + pv: + mountOptions: + - soft + - noatime + serverIP: 10.55.112.74 + baseShareName: /homes/ +jupyterhub: + ingress: + hosts: + - spyglass.hhmi.2i2c.cloud + tls: + - secretName: https-auto-tls + hosts: + - spyglass.hhmi.2i2c.cloud + custom: + singleuserAdmin: + # Turn off trying to mount shared-readwrite folder for admins + extraVolumeMounts: [] + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + homepage: + templateVars: + org: + name: "HHMI" + url: https://www.hhmi.org/ + logo_url: https://github.com/2i2c-org/infrastructure/assets/1879041/76419ba9-6d1a-41fe-b9b7-56fd89e0da40 + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "" + url: "" + custom_html: HHMI and Stratos + singleuser: + initContainers: [] + storage: + # No persistent storage should be kept to reduce any potential data + # retention & privacy issues. + type: none + extraVolumeMounts: [] + defaultUrl: /lab + image: + name: quay.io/lorenlab/hhmi-spyglass-image + tag: "c307f9418a60" + extraContainers: + - name: mysql + image: datajoint/mysql # following the spyglass tutorial at https://lorenfranklab.github.io/spyglass/latest/notebooks/00_Setup/#existing-database + ports: + - name: mysql + containerPort: 3306 + resources: + limits: + # Best effort only. No more than 1 CPU, and if mysql uses more than 4G, restart it + memory: 4Gi + cpu: 1.0 + requests: + # If we don't set requests, k8s sets requests == limits! + # So we set something tiny + memory: 64Mi + cpu: 0.01 + env: + # Configured using the env vars documented in https://lorenfranklab.github.io/spyglass/latest/notebooks/00_Setup/#existing-database + - name: MYSQL_ROOT_PASSWORD + value: "tutorial" + hub: + config: + JupyterHub: + authenticator_class: cilogon + CILogonOAuthenticator: + oauth_callback_url: https://spyglass.hhmi.2i2c.cloud/hub/oauth_callback + allowed_idps: + http://github.com/login/oauth/authorize: + default: true + username_derivation: + username_claim: "preferred_username" + allow_all: true From a9f332d23a62418cd6d784b121a7002358b04f11 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Mon, 29 Jan 2024 12:04:46 +0000 Subject: [PATCH 342/494] [hhmi] fix logo link --- config/clusters/hhmi/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index 96b70c6186..508ac5ad9b 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -20,7 +20,7 @@ basehub: templateVars: org: url: https://www.hhmi.org/ - logo_url: https://drive.google.com/uc?export=view&id=1tg5PRRT3_VjDaxq6Ax_JA3S92FuQ_NFt + logo_url: https://github.com/2i2c-org/infrastructure/assets/1879041/76419ba9-6d1a-41fe-b9b7-56fd89e0da40 designed_by: name: 2i2c url: https://2i2c.org From 798ddb23cf37c0d690cabd96672fab58d23497f9 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 29 Jan 2024 16:19:52 -0800 Subject: [PATCH 343/494] Disable NFS completely when setting up ephemeral hub We disallow all persistent storage anyway, so we don't need the PersistentVolume and other base infrastructure setup by the nfs stanza --- docs/howto/features/ephemeral.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index b5c3e320fb..2d236203fe 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -92,6 +92,9 @@ As users are temporary and can not be accessed again, there is no reason to provide persistent storage. So we turn it all off. ```yaml +nfs: + enabled: false + jupyterhub: custom: singleuserAdmin: From 9c64733b049d6ce749888ea2d924a961bdc14ddf Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 18 Jan 2024 14:41:37 -0800 Subject: [PATCH 344/494] Unify Openscapes profile list config The staging hub was separate only to make sure people can bring their own image. This PR merges that functionality in, and uses our team based profile access instead. Since this requires auth_state to be enabled, we actually need to *log out* everyone before deploying this. That can be done with `k -n delete secret hub` manually before deployment. To minimize interruption, this should be co-ordinated with the openscapes community I've also added some documentation on how to enable this feature for communities with pre-existing users --- config/clusters/openscapes/common.values.yaml | 123 ++++++++++++++++++ config/clusters/openscapes/prod.values.yaml | 87 ------------- .../clusters/openscapes/staging.values.yaml | 116 ----------------- .../configure-auth/github-orgs.md | 30 +++++ 4 files changed, 153 insertions(+), 203 deletions(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index db40829920..cb7dff1449 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -37,6 +37,126 @@ basehub: singleuser: serviceAccountName: cloud-user-sa defaultUrl: /lab + profileList: + - display_name: Python + description: Python datascience environment + default: true + allowed_teams: + - 2i2c-org:hub-access-for-2i2c-staff + - NASA-Openscapes:workshopaccess-2i2c + - NASA-Openscapes:longtermaccess-2i2c + - NASA-Openscapes:championsaccess-2i2c + kubespawner_override: + image: openscapes/python:4f340eb + profile_options: &profile_options + requests: &profile_options_resource_allocation + display_name: Resource Allocation + choices: + mem_1_9: + display_name: 1.9 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 1992701952 + mem_limit: 1992701952 + cpu_guarantee: 0.234375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 3985403904 + mem_limit: 3985403904 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 7970807808 + mem_limit: 7970807808 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 15941615616 + mem_limit: 15941615616 + cpu_guarantee: 1.875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 31883231232 + mem_limit: 31883231232 + cpu_guarantee: 3.75 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_60_6: + display_name: 60.6 GB RAM, upto 15.7 CPUs + kubespawner_override: + mem_guarantee: 65094813696 + mem_limit: 65094813696 + cpu_guarantee: 7.86 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + mem_121_2: + display_name: 121.2 GB RAM, upto 15.7 CPUs + kubespawner_override: + mem_guarantee: 130189627392 + mem_limit: 130189627392 + cpu_guarantee: 15.72 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + - display_name: R + description: R (with RStudio) + Python environment + allowed_teams: + - 2i2c-org:hub-access-for-2i2c-staff + - NASA-Openscapes:workshopaccess-2i2c + - NASA-Openscapes:longtermaccess-2i2c + - NASA-Openscapes:championsaccess-2i2c + kubespawner_override: + image: openscapes/rocker:a7596b5 + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + profile_options: *profile_options + - display_name: Matlab + description: Matlab environment + allowed_teams: + - 2i2c-org:hub-access-for-2i2c-staff + - NASA-Openscapes:workshopaccess-2i2c + - NASA-Openscapes:longtermaccess-2i2c + - NASA-Openscapes:championsaccess-2i2c + kubespawner_override: + image: openscapes/matlab:2023-11-28 + profile_options: *profile_options + - display_name: "Bring your own image" + description: Specify your own docker image (must have python and jupyterhub installed in it) + slug: custom + allowed_teams: + - NASA-Openscapes:longtermaccess-2i2c + - 2i2c-org:hub-access-for-2i2c-staff + profile_options: + image: + display_name: Image + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: {} + resource_allocation: *profile_options_resource_allocation scheduling: userScheduler: enabled: true @@ -46,7 +166,10 @@ basehub: JupyterHub: authenticator_class: github GitHubOAuthenticator: + enable_auth_state: true + populate_teams_in_auth_state: true allowed_organizations: + - 2i2c-org:hub-access-for-2i2c-staff - NASA-Openscapes:workshopaccess-2i2c - NASA-Openscapes:longtermaccess-2i2c - NASA-Openscapes:championsaccess-2i2c diff --git a/config/clusters/openscapes/prod.values.yaml b/config/clusters/openscapes/prod.values.yaml index 29311e3ec8..235ca2d304 100644 --- a/config/clusters/openscapes/prod.values.yaml +++ b/config/clusters/openscapes/prod.values.yaml @@ -11,93 +11,6 @@ basehub: singleuser: extraEnv: SCRATCH_BUCKET: s3://openscapeshub-scratch/$(JUPYTERHUB_USER) - profileList: - - display_name: Python - description: Python datascience environment - default: true - kubespawner_override: - image: openscapes/python:4f340eb - profile_options: &profile_options - requests: - display_name: Resource Allocation - choices: - mem_1_9: - display_name: 1.9 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 1992701952 - mem_limit: 1992701952 - cpu_guarantee: 0.234375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - default: true - mem_3_7: - display_name: 3.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 3985403904 - mem_limit: 3985403904 - cpu_guarantee: 0.46875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_7_4: - display_name: 7.4 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 7970807808 - mem_limit: 7970807808 - cpu_guarantee: 0.9375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_14_8: - display_name: 14.8 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 15941615616 - mem_limit: 15941615616 - cpu_guarantee: 1.875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_29_7: - display_name: 29.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 31883231232 - mem_limit: 31883231232 - cpu_guarantee: 3.75 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_60_6: - display_name: 60.6 GB RAM, upto 15.7 CPUs - kubespawner_override: - mem_guarantee: 65094813696 - mem_limit: 65094813696 - cpu_guarantee: 7.86 - cpu_limit: 15.72 - node_selector: - node.kubernetes.io/instance-type: r5.4xlarge - mem_121_2: - display_name: 121.2 GB RAM, upto 15.7 CPUs - kubespawner_override: - mem_guarantee: 130189627392 - mem_limit: 130189627392 - cpu_guarantee: 15.72 - cpu_limit: 15.72 - node_selector: - node.kubernetes.io/instance-type: r5.4xlarge - - display_name: R - description: R (with RStudio) + Python environment - kubespawner_override: - image: openscapes/rocker:a7596b5 - # Ensures container working dir is homedir - # https://github.com/2i2c-org/infrastructure/issues/2559 - working_dir: /home/rstudio - profile_options: *profile_options - - display_name: Matlab - description: Matlab environment - kubespawner_override: - image: openscapes/matlab:2023-11-28 - profile_options: *profile_options hub: config: GitHubOAuthenticator: diff --git a/config/clusters/openscapes/staging.values.yaml b/config/clusters/openscapes/staging.values.yaml index 81ab539c90..eb16900803 100644 --- a/config/clusters/openscapes/staging.values.yaml +++ b/config/clusters/openscapes/staging.values.yaml @@ -11,122 +11,6 @@ basehub: singleuser: extraEnv: SCRATCH_BUCKET: s3://openscapeshub-scratch-staging/$(JUPYTERHUB_USER) - profileList: - - display_name: Python - description: Python datascience environment - default: true - profile_options: - image: - display_name: Image and Tag - unlisted_choice: &unlisted_choice - enabled: true - display_name: "Custom image" - validation_regex: "^.+:.+$" - validation_message: "Must be a publicly available docker image, of form :" - kubespawner_override: - image: "{value}" - choices: - default: - display_name: openscapes/python:4f340eb - default: true - kubespawner_override: - image: openscapes/python:4f340eb - requests: &requests_profile_options - display_name: Resource Allocation - choices: - mem_1_9: - display_name: 1.9 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 1992701952 - mem_limit: 1992701952 - cpu_guarantee: 0.234375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - default: true - mem_3_7: - display_name: 3.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 3985403904 - mem_limit: 3985403904 - cpu_guarantee: 0.46875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_7_4: - display_name: 7.4 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 7970807808 - mem_limit: 7970807808 - cpu_guarantee: 0.9375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_14_8: - display_name: 14.8 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 15941615616 - mem_limit: 15941615616 - cpu_guarantee: 1.875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_29_7: - display_name: 29.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 31883231232 - mem_limit: 31883231232 - cpu_guarantee: 3.75 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_60_6: - display_name: 60.6 GB RAM, upto 15.7 CPUs - kubespawner_override: - mem_guarantee: 65094813696 - mem_limit: 65094813696 - cpu_guarantee: 7.86 - cpu_limit: 15.72 - node_selector: - node.kubernetes.io/instance-type: r5.4xlarge - mem_121_2: - display_name: 121.2 GB RAM, upto 15.7 CPUs - kubespawner_override: - mem_guarantee: 130189627392 - mem_limit: 130189627392 - cpu_guarantee: 15.72 - cpu_limit: 15.72 - node_selector: - node.kubernetes.io/instance-type: r5.4xlarge - - display_name: R - description: R (with RStudio) + Python environment - profile_options: - image: - display_name: Image and Tag - unlisted_choice: *unlisted_choice - choices: - default: - display_name: openscapes/rocker:a7596b5 - default: true - kubespawner_override: - image: openscapes/rocker:a7596b5 - # Ensures container working dir is homedir - # https://github.com/2i2c-org/infrastructure/issues/2559 - working_dir: /home/rstudio - requests: *requests_profile_options - - display_name: Matlab - description: Matlab environment - profile_options: - image: - display_name: Image and Tag - unlisted_choice: *unlisted_choice - choices: - default: - display_name: openscapes/matlab:2023-11-28 - default: true - kubespawner_override: - image: openscapes/matlab:2023-06-29 - requests: *requests_profile_options hub: config: GitHubOAuthenticator: diff --git a/docs/hub-deployment-guide/configure-auth/github-orgs.md b/docs/hub-deployment-guide/configure-auth/github-orgs.md index 6e58d14d32..a7b286f3c6 100644 --- a/docs/hub-deployment-guide/configure-auth/github-orgs.md +++ b/docs/hub-deployment-guide/configure-auth/github-orgs.md @@ -230,3 +230,33 @@ To enable this access, that profile. Add `2i2c-org:hub-access-for-2i2c-staff` to all `allowed_teams` so 2i2c engineers can log in to debug issues. If `allowed_teams` is not set, that profile is not available to anyone. + +### Enabling team based access on hub with pre-existing users + +If this is being enabled for users on a hub with *pre-existing* users, they +will all need to be logged out before deployment. This would force them to +re-login next time, and that will set `auth_state` properly so we can filter +based on team membership - without that, we won't know which teams the user +belongs to, and they will get an opaque 'Access denied' error. + +1. Check with the community to know *when* is a good time to log everyone + out. If users have running servers, they will need to refresh the page - + which will put them through the authentication flow again. It's best to + do this at a time when minimal or no users are running, to minimze + disruption. + +2. We log everyone out by regenerating [hub.cookieSecret](https://z2jh.jupyter.org/en/stable/resources/reference.html#hub-cookiesecret). + The easiest way to do this is to simply delete the kubernetes secret + named `hub` in the namespace of the hub, and then do a deployment. So + once the PR for deployment is ready, run the following command: + + ```bash + # Get kubectl access to the cluster + deployer use-cluster-credentials + kubectl -n delete secret hub + ``` + + After that, you can deploy either manually or by merging your PR. + +This should log everyone out, and when they log in, they should see +the profiles they have access to! From 508b4a4bc63e3de62f781f648a9f0f97e97a5bc9 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 29 Jan 2024 21:47:10 -0800 Subject: [PATCH 345/494] Disable configurator & enable hook prepuller in ephemeral hubs The ephemeral hub doc already suggests enabling prepuller, but doesn't actually document it explicitly. Ref https://github.com/2i2c-org/infrastructure/pull/3646 --- docs/howto/features/ephemeral.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index 2d236203fe..417772ed98 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -125,6 +125,22 @@ jupyterhub: tag: ``` +## Enable hook pre-puller & disable JupyterHub + +Startup time is very important in ephemeral hubs, and since the JupyterHub +configurator can not be used (no admin users), [the hook pre-puller](https://z2jh.jupyter.org/en/stable/administrator/optimization.html#pulling-images-before-users-arrive) +can be enabled. + +```yaml +jupyterhub: + custom: + jupyterhubConfigurator: + enabled: false + prePuller: + hook: + enabled: true +``` + ## Disabling home page customizations `tmpauthenticator` doesn't actually show the home page - it just launches From bcb736cabc7c993d5dddb029aac2b45a056d48c0 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 30 Jan 2024 10:33:06 +0000 Subject: [PATCH 346/494] Disable nfs --- config/clusters/hhmi/spyglass.values.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 3e90bc8db3..ca0b772004 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -1,13 +1,5 @@ nfs: - enabled: true - dirsizeReporter: - enabled: true - pv: - mountOptions: - - soft - - noatime - serverIP: 10.55.112.74 - baseShareName: /homes/ + enabled: false jupyterhub: ingress: hosts: From 39ef61e82184dad75f6d17458367caf9642622a1 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 30 Jan 2024 10:34:10 +0000 Subject: [PATCH 347/494] Disable configurator --- config/clusters/hhmi/spyglass.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index ca0b772004..e798980119 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -9,6 +9,8 @@ jupyterhub: hosts: - spyglass.hhmi.2i2c.cloud custom: + jupyterhubConfigurator: + enabled: false singleuserAdmin: # Turn off trying to mount shared-readwrite folder for admins extraVolumeMounts: [] From dade37a580f726df6f689e06d3f69d54175d3afc Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 30 Jan 2024 10:34:56 +0000 Subject: [PATCH 348/494] enable prepuller --- config/clusters/hhmi/spyglass.values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index e798980119..3a35474bd1 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -33,6 +33,9 @@ jupyterhub: name: "" url: "" custom_html: HHMI and Stratos + prePuller: + hook: + enabled: true singleuser: initContainers: [] storage: From 8ebb5d4a8be6594381c82c861a55861c1ba4d3e0 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 30 Jan 2024 10:46:48 +0000 Subject: [PATCH 349/494] Explicitly disable nfs pv --- config/clusters/hhmi/spyglass.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 3a35474bd1..2edf0f10ce 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -1,5 +1,7 @@ nfs: enabled: false + pv: + enabled: false jupyterhub: ingress: hosts: From 4b397f3b27b29ed93a83d3fb497ebb25b0de1b5f Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 30 Jan 2024 13:08:35 -0800 Subject: [PATCH 350/494] Enable stronger cryptnono protections for public hubs - Bring in last 6 months of work on cryptnono for mybinder.org into this repo, and document it heavily. Read the documentation for more info! - Enable stronger cryptnono protections for HHMI spyglass ephemeral - Move HHMI spyglass ephemeral hub to using tmpauthenticator open to the world instead of CILogon - Document that ephemeral hubs should have this extra protection be enabled Ref https://github.com/2i2c-org/infrastructure/issues/3643 --- config/clusters/hhmi/spyglass.values.yaml | 15 +- config/clusters/hhmi/support.values.yaml | 6 + deployer/__main__.py | 1 + .../generate/cryptnono_config/__init__.py | 33 ++++ .../enc-blocklist-generator.secret.py | 21 +++ deployer/infra_components/cluster.py | 5 +- docs/howto/features/cryptnono.md | 176 ++++++++++++++++++ docs/howto/features/ephemeral.md | 87 +++++---- docs/howto/features/index.md | 1 + helm-charts/support/values.yaml | 6 + 10 files changed, 301 insertions(+), 50 deletions(-) create mode 100644 deployer/commands/generate/cryptnono_config/__init__.py create mode 100644 deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py create mode 100644 docs/howto/features/cryptnono.md diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 2edf0f10ce..1765f1bb42 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -72,12 +72,9 @@ jupyterhub: hub: config: JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - oauth_callback_url: https://spyglass.hhmi.2i2c.cloud/hub/oauth_callback - allowed_idps: - http://github.com/login/oauth/authorize: - default: true - username_derivation: - username_claim: "preferred_username" - allow_all: true + authenticator_class: tmpauthenticator.TmpAuthenticator + TmpAuthenticator: + # This allows users to go to the hub URL directly again to + # get a new server, instead of being plopped back into their + # older, existing user with a 'start server' button. + force_new_server: true diff --git a/config/clusters/hhmi/support.values.yaml b/config/clusters/hhmi/support.values.yaml index d8980db70e..e27e6edfee 100644 --- a/config/clusters/hhmi/support.values.yaml +++ b/config/clusters/hhmi/support.values.yaml @@ -26,3 +26,9 @@ grafana: - secretName: grafana-tls hosts: - grafana.hhmi.2i2c.cloud + +cryptnono: + detectors: + # Enable execwhacker, as this cluster has a hub that is widely open to the public + execwhacker: + enabled: true diff --git a/deployer/__main__.py b/deployer/__main__.py index 782f047f34..bffe455a0f 100644 --- a/deployer/__main__.py +++ b/deployer/__main__.py @@ -6,6 +6,7 @@ import deployer.commands.exec.cloud # noqa: F401 import deployer.commands.exec.infra_components # noqa: F401 import deployer.commands.generate.billing.cost_table # noqa: F401 +import deployer.commands.generate.cryptnono_config # noqa: F401 import deployer.commands.generate.dedicated_cluster.aws # noqa: F401 import deployer.commands.generate.dedicated_cluster.gcp # noqa: F401 import deployer.commands.generate.helm_upgrade.jobs # noqa: F401 diff --git a/deployer/commands/generate/cryptnono_config/__init__.py b/deployer/commands/generate/cryptnono_config/__init__.py new file mode 100644 index 0000000000..ee871b52dd --- /dev/null +++ b/deployer/commands/generate/cryptnono_config/__init__.py @@ -0,0 +1,33 @@ +from deployer.cli_app import generate_app +from pathlib import Path +import subprocess +import shutil + +HERE = Path(__file__).parent +REPO_ROOT_PATH = HERE.parent.parent.parent.parent + + +@generate_app.command() +def cryptnono_secret_config(): + """ + Update the secret blocklist for cryptnono + """ + unencrypted_path = HERE / "unencrypted_secret_blocklist.py" + + try: + # The code to generate this blocklist is small but encrypted. + # We temporarily decrypt it before importing the file via regular means, + # and then delete the imported file. + shutil.copyfile(HERE / "enc-blocklist-generator.secret.py", unencrypted_path) + subprocess.check_call( + ["sops", "--decrypt", "--in-place", str(unencrypted_path)] + ) + + from .unencrypted_secret_blocklist import write_encrypted_cryptnono_config + + secret_config_path = ( + REPO_ROOT_PATH / "helm-charts/support/enc-cryptnono.secret.values.yaml" + ) + write_encrypted_cryptnono_config(secret_config_path) + finally: + unencrypted_path.unlink() diff --git a/deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py b/deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py new file mode 100644 index 0000000000..fcf397b04b --- /dev/null +++ b/deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py @@ -0,0 +1,21 @@ +{ + "data": "ENC[AES256_GCM,data:QHpd2KOljy8H5B2Q+WPP1TPizd7Pdk/B+9/Gq9a1gEp9J9z7BD5KZeHqh3MyZEjM3kdHJczknOsH+xH/hfFS8afLINfQFDWSkkXfDjbbY5HNcqtNA3F2mAsqWk9fWChT2Zd7KcgV3B/y1Wxh88w+PEWS5TZqZcrBSBRbl0QmtvPrTKy5hhlS31YtLK9NNreigm104YIPP9PgF3y9Qqs6zib3kZUfHDvsEuopKl/Xand1mcc6BN1kX+4/lRlNbamCCnW2ZrmNHfYO800su4wCODaNL3QxRVD4UGV+zY6xrFiD+rF7UohtNWeREHTWrjr+MNaRxH0TjnfHa+cDHtPT4nlDOmrgr6O15AicSaQ1JnU4TToihS35TAOoktJg1y1eLFqny59juh2NpSHvi/DGTJqZ32Y/hhpzDrswfTsyoPjO3eSYet/ULE5+ATMLVHOr9boLYtfoiQi7+98cTfkkwOZwT1+Mxf9yvVOg/WT6m7/Xv4/wt71FOSR+MbZ2bi8lghHNdpKqxIB3gNnHbCgeu8YPPLu2sNgSiWClFZoKGA3a4NtIZG6Gtq5To4NUMmyQXp+cSIHPJLuPOlbdudWynOfQN2FmRUiGEyVzcWEyViYLbjl7pdgMnVQQNbM8nRQYrnkOfrFv3cb2mH5DZA06oW5joUEsWbLBefGCgZWgvpfjqxJb/0ndhqF/tCm7diDCaaXKEGo5nLV8sX4/iuYfp8LFZ0VlrBdq5HqAs+tCRliN32SncIRcc87IWvv1KgxI+nC45zT85NcmROe85zJ+k/qAX1PAQDLx0Gcgl6DFKTVja8g4yr1CtIemFJRQIgbqVKxYFEIbJkojhbSk5nQenT0n5o+3h5BhycI+S/158YLSiqtQe6PeOR0E5+0TN6yP8qKqytQ04aQKu/1GF7s37LN9RGEwovrmovgIz0cb29dPjnug4ZbUE3y6wyz9qVYPl8gIFMT05meq8iyl9R9knDyLe5Z1z+pxp4Jp25OYEaiaRzRpjdWfwyuU6ei6fNLbATd+4IUyp2NNJlgbXYmSzUuC9VQ6h/LwADkP8GL+NbqTf56juINkGkjs5v53YfSNoqGGgfCNaRcGHDKVQeFkDHVq7imKHqvXa1qv784z2JEm2CJD1CltEbSZwhpcTQcAcaCvzOitZAAKWmUh3bY+L2QX0TBNeyBl99KtBFG75iw8o9UjLSg6E03rdD2nsBAkln9XZN6DGfJAFTWFU8j0Iu9H+m4vIT/89HODHwtzZbmMe7GAZL8rY68Gd/6xJpZFrTbvOEbxcRkq/ePuMMGczlnUpkE0g0rPt+UHnijITxXhp2T2i7+eKPAANT7F0STJOKNx95HNjIEtHoHbHwoBRBUGuwSd6q1ApGFz3FJ8ZtJUqJ3LydNMz2ma/mCe/wtdvTezqXBXH/knUAhhdToZjOjlPHAaaS2PCypQFmvrgJhZMoEj35jF7UiTB1eiQ2CtovARjZQ+aZrsMERXeN6bggxGdB+AO7V3edER252ehVz3gEFKcVltUHZbgz1fIRmLBpzmxsoET64MFfzEHjZZ6tw4vNFwGvxQai9qzLWAfGXKcodXsRcZcR3KqZRnMmyhqUCKvsQAoE52H1JsbHKG5c4NfNAs0nou+aU7JMypAkJqf6hKHfH519R4BV0d6t7GRdmzb8OPwIsijjxEsISb6BRNI7fO/BL7m91kt9RioYoL2pOJCGBNK3PjYBC+/dSjD/ysseA08DzMplbw4/plwWt1JA6buXBpNRhbcxgkAwUQPkaY0XBzwtrnMqXAzlpGVBHBrdueWrQAewL+b2G18I5YIhmO5oieUiJX89KG6kyIW1kaYvFppF5yxhGs7FWj1F22WxDyn2ToWUBHLXMlc/nP6KEdcEshywl5m4wcE5kOcXhHZ4FKT9r5rwbveY4w19p0vEEKvGyQ0mGJBkRURnBtr1NozdfSFYZO7jrrC1yV5PHEgR4lKwll7jsqqQMG/4Npeh9UK/bm+QLCTWtmDxHNRuTe6qpEfjhIEe0e0vb6Bbgl8d7+N0ogGmLEWUGVLrwvDapQG+/y6BewFXighW0aAhv0eT7jVNkcDHBgMPdpbBNu4uPaaAQppnvW0EO0jTU4qGdKwjRhjhCbPHF+Ch3az3A/ZOTw2IWpm1h3v2GwKbk9BhTLz9AEofdlmnEPLzG8d13V3qkEcYHEAE0zuhfqyt0m4RR9GdIvR9YbfPsUo//DMzwY80LrjhZ81EXLuaNAzuPKWrhbM/RU3HVZBe6KNXjTG83laQEGGwHyBaqNErQZP/a/vDLYjPMCfnYp4jxUfdhndWATn5Yltb7lf/6wxeqlGj3hYxfaapU1yvDOmP8iaNdVFBmB2jdIbEx06Y237aIZrSQ4zmgz26hjDo8WEU2AgI09/30ER2Fe7IyOHN60kUj+KZhkOqwPY8ZnJG2swYShMXBi+zANEJCFRV3DmzlMhZEjQKBPCJdpNZfmMmWwjNcU/T1bJipPQAcgWCrhxFRY6n9z9bPGHgkWdv8eApbjtTvus9EwEdpDamST7JZqUVz0ODylMofdrQuOwFTGteLd0oRhxgWC+vy1rphi8XJ5TGAGG+zLbpomw2OsUo5pch+Rn0UwUsmpRA5np8rSTfIQ2fm+gbFZLSF504fgJnVnqUFMDWVKv0u+9K8+cILY6DQulQ5A05o+YC4u7vHFt7t4fH8O3zoyDP+ww1IVTTdoIyJUrx5moXFk5THOWXpTEUUfeG7C/N0QPO9UBaD4F0b6UYqK6rter9/v4OwyZfeGDrGNgx7cpdItH4MDl9cA/qy1OzhXbvGwfoxfKHVltP6+mXT/mjpsvJOs2A5SL1lowUq5P0L4ZTpXURgyF6P93SyvCtAGRnWPW19P2hVzIZBLT0KOJWggRaOSKffzxr3LkseWO58+isjUythNyq03ptK3noQuINRmmpQmczMNCoKPM/iOwYSIp0zPJHRZDbMiP3QnDzwfSUyUfH5CRA/uOuHxwMQZKDc9xbQJJblGXsDG1Am0WUNgk7V2nTCszfIqR6r+DJbBUDQaxnljplXr7DqqoikE+zoOcomKYVFo6wQiMA2LRQ9VJUG5QMt1M6kieNi3CLkUJFGBquq5BfBPg1djXfSZrpmUf74wYyS90szuFQHAix5KZUbaMKKqCzS88ppQH9vfar6uoiS8COcy+RgJ87M/arJSLf4Fmdz+3hN14llZo81tXdTd+tZm3i1U52BUtm2Lj8VZXhNCu7JVrZwlAYtb5kQa1BcS/1EaC9931VYQjKpNMkL3Wu6tJKOXiK7Yt8pR2LdeIOvMEgbbdVW6Se0pDjwFnfcqUXYJvQWZBx/zy4b+Udzcr2tXRCBlHdloZzgBY7rhBQ2ci7Heh2/mKFMSfd/P5euVFeY0BVBjFClp7+9H0+f4v1/9Q5tjZZ9PBpXtzg1s8MZ/L82t937c7XJ1aD4E6bYzPO3mexwASHmPKtTwXMZkEWu1RQutTgIRHo6vswyY4aFn9YA5vpOWxfAX6ifk6J4JTo5p49tf8X9KqXganrI8iso7Nnmr4Q5Dfezj/ovUSh8tkgVIlCGnWaxQFYx3pIW0LUwkPzDOIoQEZ65u9ak0dgUex+xMpltQtLZv58/C91aX+5nscWaM+gc3FGKoJG+NUlKgwQmCyLge20js7S71atmDlPNFD93E87gWuh/Nv2Q5JUTZdLEET1LOjSyKOvNYIWW2WLoJ8XQzBArgEe7vtyjeFWm0jhJniDU57dtgQLzuAzXJbMCfesMEz429rNT/qXuc7X/vzCC/mlvphsQ9n2mYUMjt53amg4Bmgv7qPS7hr5QohN9WF1/HDopHePv9jkS5AuDHctq9vtixRwutR8acIRfGVg0XvYOdfX6r6bq0CzuDTD04ZdOay7kA/6DJjWRI2saMbq5BfEFgQFZLleJ1Z6UZIcODj5joWDCaliL3YkPz7ffQFY/yCBVAKCGS2GZAsbIsYIRWEbzQvxYfQxVgvSD0J4NiOlLagDsKn3YpxkL/rjWulcP0cfbRRDYLAuy6Y0rAr4/a2FcRPN+bZbpywC2tQiLO/WMyoyujH/+++2l/Z03/T4Z3QeMUMaPrlLv2gByLIOZWzGnrbxgqC85xBoINAPE28oIT75QDX2JJwTjAlMnFcBnxIOfRSYiUU6dN0DMb4r/+aDgRtso4sEzOUcwVaIMG90Gdv0Of5Sm8jYLGKUYVtcHkm1/6ahmRPFEvTVyCD0bE+k3+KukQehVafvwkG/d0O37XKJgO456yh33qNn+gJgTB0Na5/gqe1Km7NK0K4OXTadvG0s4lwGSxesk55y1uCwzYigQi5ehw12ENLuBAfVWE2cO/FEKa7uegy3uUkKtzDMrltbSBqn7BXyrdFcJhD/7HryPm3brSvCUxIlflWkyWo9K+FUsOn80Ouh2D3EtUN5c1b1g7WfJZeWY0UPGCzdUITEBD/CjI/rrJpbHCyn9vTDp7Ka7e23D1mi9qqA94oucr3WPPBrgU5RXhMSJOAbptA6Bna2Z0NzKH7VL7FMFKo2jd+g8CtKzrQwa+QWELARSUFmAhDAyh7YS7vDiibmiPA8il9slSf7U866Oj/cBH1QoTf3uStNNHg5m0IzXlwblJSP+23kucVM9vnGq2mLOmL09MhEGbuXsLN1P8qzDzEB6zSloG/nZpEkaRn4WaXb+IqpIgA+M8BpTtOiDwFMpeHL2Mu06MnhhWHTcWTaaG1AEABqozXdsjfaLfwcuRHdOoPYCdhfOZuppJ4cJxxwiaNhGATwJHCZQaoXbynElpVK6+uWtIq9AiZeZ3rA4zdtSzSxLwJ3hCj5XPeuoPm7tLJ9SKMIVwc2t0l75QQkYpiDmjuhz9m5bctDQ9Uy44KIKvNbGj6zdhKYcN1biD2eT01rRfmABCGbRzOd3fT8hinesxw2BU1BHplBWpafK+0TRjM1M5HIvxdzOOxhtmWeIWhSga2Uj8XjGMTxErlX0mYHt5N9sGYFuIRC6XOyIK0BJwuJ5+xFqQH/PIQiSITSE7AcxeCkZ+6EbV/c7KxN021mEIc1FpWQ8Sx+jQjgIA4Owg4rFcf+3hMlkn2s0g2SU/KFyMCi1mgJdNbprfSDOpqL1i8PQrSHBtdteTKlE6zL95i3c06M23jbz45/3jNAipPmivCbknfXn4JmJ/WZd26K+ndf0yLVMWFQE1QXf2OawMPtaIij47y9FGU/Sny6p/Hxee9bYwfryIHPjGFwwH3XmjhYoaDUpzvog2PMGXmNJ6vBjyDzZWj7vqSFgHMA4+s9F4sZ5zrXd6LU3ZrmaHcBRupMZYaZaWyuPNaQYcgNgoGz41cwuBcBlkViSBJ1VTf4X5DtcfAnMp8sbY8Fkuv0g1I130C2WnbEMKtFR4hc80htjLM/x5u1Ezt4OvPw/KyUiGSFEyoaBvsA0yfTWXd6zZL/kA12RmNK1vvAFjVnp2GDCd1C2U6JveGT6CEFc/ge33OGJjBsqyOSGkeWIHmaR+9VbWDR5VNNhENxjtbhO+554u5S0j2j87mJemoGLN1cTqlkqnDa7yeLuQ9W9H7amAjOFn8taVJQYQublULpnpQAxOcSy0XT+Co3s69176v7SNdyl00z2/BFHMCeS3qimpUYh3GaLRhwFFrKdKIfpv6tb19I8kUHAjjh+MTNgMJ4hg0ry8WiySTvpNvYqdbEguD1HbRZuLJGVOgKiZr/qdhqDZpZQokZJsCxeq0455JZlzB1JkvfrEtpy4IZSwyLCUfKZFeowSbsciOSH2AUvG9drTFHkILkknQj+C7wTgFiKNJJQj2tj8p4Fk34+A7x5i2dqFNjlSUaa1K09TCZLVfWcURMYePwfNlybykAgujZs5Vh6jTNDlmw9oENrjoAmMawA5a2DPqiQb8zCNwrerLRhyQ/fQHuH/Rb3vjTcF3kcRsthoOModLH92chAE5BLCLGClIY/meY1DsxC8LKYR0oXImw8TVdt3tWeQZdoniBa8S1o9cLdPmphz6UXvYTg956c40d+kKFyhuQnMWzl0NsP2/S1H9Exz7f2ElV1uo/kaza2hh/+HvpkYBwSoo/Y5Ur8kzEjQ+6OfWRziD3PHpiXJ3e7U+QYEUfHjUegJDfM5q8sOkUh7h7YXdRjz2NX1OokbHQS4435wgaRspp5ZY7vziDcX/DBEItjgBVSfU6mzEFA3nCSRbRQzzlLM4LC7rgolsRaVSd70KoUYl+MBGeYdXGoh9sW63jOCsvn4lEiXKWYtnIZRa3tpzE0yjHyhkq91nTGf0zvxSP5ZZ4hWvePhyvg1fw3nlPU4s9maGKjFSf9GRzs2PPEiYRG/ie3rK/S3K3ruv8OiESVKPqEU6XznE/Rbgh+1m/GsB9xDaDIsPM8FTocGZQarm2mJ0HlhSSKY0QBpDHm1kwUDZe25aCudnQCsIrKdar08JxRWd50ggBA3lOzm72N9H5yJXbfXW8YaOGiAitiAqvNFdUq7as7h/wIgpNZGuMxKMECIVFstDS6bvkzCmwNqkUBoGrYNc5jJQXJnRvJx2vPm3G/aTqBNYa41ji2LbvtBAWHa7CN/9Z8ItV1NmiBRTKRiKdOSMqJG5SbmKKGke7/6bPljHk4vxypdN68HVFs0jwbuS8pcMJ2u9dGhzYIUkNttBL3teirhXiylUwUt8TcrcBBclYY/Holbl8yarEDTUsqt4KSBcNKq6W48u2VYYAfQj8U2tXx9aO7dsK1nGiky6dXGU+vLuyTfHUs3QAfBmRJ6UCenNOw3KFQYxfrnxmx6+BHCmazHA6TFjCJZ/oogsf7TIucu96TOCL5YVTEtBRvdFwV4QTm3BGrQ3pVYZt4IOa1wGbD3uCd2LSqx9axU3sh9V9h7CTbtJ52TTP2hBfB4P2g260Gny2ezVLVjWoLvLwaNSGhQgHyQCaRmOLYDMjGFzKGuMHiwj2eB3Y5DggcvnVwKf/Krix56CVhBzj0bbATBvFXskq24YlSm0DFC5ZIkfd7gkt00R44d5fpM8lsdkgSqvz080nCXI6vQVT5hTeReguci3EW96LfXtit5lt+x4iUv4aD3qcJG3Miff6zhSM7W0YkFB/5YdF4Nj+Oh4OcRc42ur8JbXC8q1oTefNwHl8UX4pZl8VN5EoIjhsFRcnNAabOSBiYLO+SMZAYXxucg/hUisrVT00rd5KiDBdBGFFnzbunZjjh8eDGwlGRCkiQD3AW3THPUrrDISu3I4I7dDOQpVntmy2100JgyMh8I20qa39WMIPTzlVAnU6W9AP07EhZWK6B5Ttx5AgCxvqkzhpTjy6dfwWycMTKaoeVaAvpZC2ZXtRn1scHCvkFr5LQy57z/zLwQkeWJ4kmL5WGx5aOhFfjibyRRnQeXW04KRkuAOwdfsTA90083KUmh9UFgdcSkJlwNx0z8mcJX2myBsTN/r5pFyI2Sb9NsPxCHX0xBDutS2yW2/1M6QgxhsmDOfqLcVroeXDjM1lXQPT5hWB3luLDi3WlRx55nf9tjnzsBfjANjy1YsfHtSeER6JBPD5Hjinm2fyxgScx13t7GuMqze5q0Zu7Y4RXDBo/NXm9ZJL8Y08JJVCPss9EeUb3RxaVdtkNc3gRc7Lzq89EHLrwAkVDQEauHHws1VZCe48yUxAWEwQH2kaT8Dqkl19iYOUcKF9/6uo7urf3Hy6rBwEJjFBSHCKMUVnfsRwcVMq1k4qAgZu4YXlozqe8Jsr2vd2Jt/EUyCXDAhEbC42oWWGHBOJAP7EHH6QzId8M1uLzBoja8oUnYuuy9MN7RMggw0nhOTCGA9jLdyeDVZE4JuIilbJNPFydEBpMlDRS9XAb74FOj+B2oO4glnxZRMpH0aLbgVJb9VfY9N9yLPn9RFthreP3jr+WG4Fqvis56B1/+YqU5pxaPnJjNziWNxxMa6AqU2IhFheBH/kJyC+IufxQRvscRBJ9rIs1wh8pVGfXlmkSC+wNwJrOLR1xcp+bzJlANAfiAKNXqNXSVDYalumi5PK62NaswJzcmQb5U4Fx1Tqc7clLxFgzDyZcyv+juoBRBxDn5yEQ38EdIPvkNZsj84FeQ7GP8F7dF9xbAY22Rcsuhym4sFkhFF84JCUSfSqxamw1rzZa4WXIWILoJimsIo357XEc8OnOMHAbO9g==,iv:TZ8YGS+cfxUUdYDE5GS+f5REAkp8rRUsHbllvkAIPQE=,tag:wwi8RPqEI3AwKKIrl3Vg3Q==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2024-01-30T21:02:48Z", + "enc": "CiUA4OM7eCxHPiBqy6mOWR2S3PJbLSWYZXzFOQnZJ8lrTylqCTNlEkgAjTWv+o7jO3nOhYDxVi96kSIKuPF6qw/LbnuwkQhW1Q2KPYvEqWxnuSlGmdbgaB3ue6zs963VkoviKthuemqMELyCzwFLdR8=" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2024-01-30T21:02:49Z", + "mac": "ENC[AES256_GCM,data:y1DPJnP1DLtDdLpCHbtq15gg9G7ZxDz7AB2++fAsrwml+vnEUpsE03Mv7IWP0glVpoY5MEvANTz5QmGtVzLIwyL2iVRlP2qYeZFW54z40pO69p5foUH4wfS+D7G2oKCIOJ4F29MziTVkCkINHb9PVM/6ePvZyh1EGIXXTn5Hs74=,iv:SBgSWs19yRmSxbJ2l3Ddpc4/EZpNaMYnnOBIUEM6gxs=,tag:zGt6bSNusiSF4Q8QN/nc6w==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/deployer/infra_components/cluster.py b/deployer/infra_components/cluster.py index db6fe71d4c..4af2a6840c 100644 --- a/deployer/infra_components/cluster.py +++ b/deployer/infra_components/cluster.py @@ -71,7 +71,10 @@ def deploy_support(self, cert_manager_version): subprocess.check_call(["helm", "dep", "up", support_dir]) # contains both encrypted and unencrypted values files - values_file_paths = [support_dir.joinpath("enc-support.secret.values.yaml")] + [ + values_file_paths = [ + support_dir.joinpath("enc-support.secret.values.yaml"), + support_dir.joinpath("enc-cryptnono.secret.values.yaml"), + ] + [ self.config_path.joinpath(p) for p in self.support["helm_chart_values_files"] ] diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md new file mode 100644 index 0000000000..d407c80b29 --- /dev/null +++ b/docs/howto/features/cryptnono.md @@ -0,0 +1,176 @@ +(howto:features:cryptnono)= +# Enable stronger anti-crypto abuse features for a hub + +For JupyterHubs and BinderHubs that are broadly open to the public, cryptomining +attacks are the most common security threat. They take up resources and rack up +cloud costs. While most hubs can get away with gating access to them via some +kind of login restriction, for a subset of hubs this is not ideal (for equity and +access reasons). + +For those cases, we enable a stronger deployment of [cryptnono](https://github.com/cryptnono/cryptnono). +The cryptnono project (in use on mybinder.org as well) helps detect and kill cryptominers via +various 'Detectors'. + +## Detectors + +Cryptnono currently has two primary detectors: + +1. A detector for the [monero](https://www.getmonero.org/) cryptocurrency, that is based on + official guidance [from the monero project](https://blog.px.dev/detect-monero-miners/) on + how to detect it. This is fairly safe and has a very low false positive rate, and requires + no configuration. So by default, **this detector is enabled on all hubs**. + +2. A detector (`execWhacker`) based on heuristics, where the full commandline used to execute a process ( + regardless of how it is started) is used to detect if a process is likely crypto mining, + and if so, immediately kill it. This relies on a tweakable config of banned strings to + look for in the commandline of a process, and is [constantly being tweaked](https://github.com/jupyterhub/mybinder.org-deploy/security/advisories/GHSA-j42g-x8qw-jjfh). + Since making the list of banned strings public would make ban evasion easy, the list of + strings (and the method used to generate them) is encrypted. You can read more details + about the specific method used by looking in the encrypted code file (`deployer/commands/generate/cryptnono_config/encrypted_secret_blocklist.py`) + in this repository. + + Since this detector may have a non-0 false positive rate, it is currently *not* enabled by + default. However, eventually, once the config matures enough (and we have tested it enough), + this would also be enabled by default everywhere. In the meantime, we only enable it for + *clusters* with any hub that allows unfettered external access. + +## Enabling the `execWhacker` detector + +The `execWhacker` detector can be enabled with the following configuration in the appropriate +`support.values.yaml` for the cluster: + +```yaml +cryptnono: + detectors: + # Enable execwhacker, as this cluster has a hub that is widely open to the public + execwhacker: + enabled: true +``` + +Upon deployment of this change, you can verify the detector is enabled by looking for a container +named `execwhacker` in the `cryptnono` daemonset in the `support` namespace. + +```yaml +kubectl -n support get daemonset support-cryptnono -o yaml +``` + +## Testing the `execWhacker` detector + +To test that the detector is actually working, you can login to a hub on the cluster and +try to execute the following command: + +```bash +ls phahPaiWie2aeluax4Of7tiwiekujeaF7aquuPeexeiT7jieJailaKai7haiB0raetib9ue8Ai2daeTaehaemohJeeyaifeip6nevae5Safeir9iep8Baic3nohn9zoa +``` + +It should immediately die, with a message saying `Killed`. This is a randomly generated test string, set up +in an unencrypted fashion in `helm-charts/support/values.yaml` under `cryptnono.detectors.execwhacker.configs`, +to enable testing by engineers and others. + +## Looking at logs to understand why a process was killed by `execwhacker` + +Cryptnono is deployed as a [daemonset](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/), +so there should be one pod per node deployed. It will log each process it kills, why it kills them, and if it +intentionally spares a process, why as well. So if a process is being killed due to this, you can look at logs +to understand why - it may also lead to more tweaking of the generator config. + +1. Find the *node* in which the user server is running. + + ```bash + kubectl -n get pod -o wide + ``` + + The `-o wide` will add an additional column, `NODE`, showing which node the pods are running in. Find the + node of the user pod you care about. + +2. Find the appropriate `cryptnono` pod for this node. + + ```bash + kubectl -n support get pod \ + --field-selector spec.nodeName=\ + -l app.kubernetes.io/name=cryptnono + ``` + + This should show *just* the cryptnono pod running on the node in which the user server in question was running. + +3. Look at the logs on that pod with `kubectl logs`: + + ```bash + kubectl -n support logs -c execwhacker + ``` + + The logs will be structured as `json`, and will look like this: + + ```json + {"pid": 13704, "cmdline": "/usr/bin/ls --color=auto phahpaiwie2aeluax4of7tiwiekujeaf7aquupeexeit7jiejailakai7haib0raetib9ue8ai2daetaehaemohjeeyaifeip6nevae5safeir9iep8baic3nohn9zoa", "matched": "phahpaiwie2aeluax4of7tiwiekujeaf7aquupeexeit7jiejailakai7haib0raetib9ue8ai2daetaehaemohjeeyaifeip6nevae5safeir9iep8baic3nohn9zoa", "source": "execwhacker.bpf", "action": "killed", "event": "Killed process", "level": "info", "timestamp": "2024-01-30T19:35:36.610659Z"} + ``` + + This tells us that the name of the process, as well as why it was killed. + + ```{note} + We will eventually be able to see the [pod & namespace](https://github.com/cryptnono/cryptnono/issues/30) information + of killed processes as well. + ``` + + ```{tip} + To make the JSON easier to read, you can pipe the logs command to `jq`. + ``` + +## Regenerating list of banned strings + +Periodically, we will have to regenerate the list of banned strings to tune `cryptnono`, +by running the following command: + +```bash +deployer generate cryptnono-secret-config +``` + +This will update the file `helm-charts/support/enc-cryptnono.secret.values.yaml` and re-encrypt it. + +## Working on the banned strings generator + +The banned strings generator is a fairly simple python script, present in `deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py`. +It's unencrypted and loaded by code in `deployer/commands/generate/cryptnono_config/__init__.py`. There is inline +documentation in `encrypted_secret_blocklist.py`, but how does one hack on it? + +1. Unencrypt the file with `sops` + + ```bash + sops --decrypt deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py > deployer/commands/generate/cryptnono_config/blocklist-generator.secret.py + ``` + + This will create `deployer/commands/generate/cryptnono_config/blocklist-generator.secret.py` (which is in `.gitignore` and hence + can not be committed accidentally) with the unencrypted code. + + ```{note} + + Because this file is in `.gitignore`, your IDE may not show it to when you search for files by default! + ``` + +2. Work on the code as you wish - it's just a regular python file. + +3. Re-encrypt it with `sops` + + ```bash + sops --encrypt deployer/commands/generate/cryptnono_config/blocklist-generator.secret.py > deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py + ``` + +4. Run `deployer generate cryptnono-secret-config` to test. + +## Right to Replicate considerations + +2i2c's [Right to Replicate](https://2i2c.org/right-to-replicate/) guarantees that communities can leave +with their hubs whenever they please, without any secret sauce. Cryptnono has two pieces of secret info +here: + +1. The script to generate the secret config. +2. The secret config itself. + +If a community wishes to leave and needs the config, we can make sure they know what the config is and +how to keep it updated - very similar to how we would handle passing on CILogon credentials or similar to +them. Since none of the code for cryptnono itself is secret, this does not conflict with right to replicate. + +## Future work + +`cryptnono` also exposes prometheus metrics about processes it has killed. We currently do not collect these, +but we should enable collection so we can diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index 417772ed98..50ef00f954 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -45,46 +45,6 @@ jupyterhub: force_new_server: true ``` -## Shared systemwide password setup - -Unfortunately, a shared password is required to guard against random cryptobros -abusing using our systems for 'free' compute. This password is same for all -users, and can be shared by the community champions of the hub in whatever -form they wish. - -This requires two bits of config - one in the `.values.yaml` file for the hub, -and another in the `enc-.secret.values.yaml` file. - -In `.values.yaml`: - -```yaml -ingressBasicAuth: - enabled: true - -jupyterhub: - ingress: - annotations: - # We protect our entire hub from cryptobros by putting it all - # behind a single shared basicauth - nginx.ingress.kubernetes.io/auth-type: basic - nginx.ingress.kubernetes.io/auth-secret: ingress-basic-auth - nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" -``` - -In `enc-.secret.values.yaml`: -```yaml -ingressBasicAuth: - username: - password: -``` - -```{tip} -Pick a *passphrase* for the password, like [the holy book says](https://xkcd.com/936/). -``` - -```{note} -Make sure the `enc-.secret.values.yaml` is encrypted via [sops](tools:sops) -``` ## No persistent storage @@ -199,3 +159,50 @@ style links, but for use with *ephemeral hubs*, just use the regular 'JupyterHub link generator. [Firefox](https://addons.mozilla.org/en-US/firefox/addon/nbgitpuller-link-generator/) and [Google Chrome](https://chrome.google.com/webstore/detail/nbgitpuller-link-generato/hpdbdpklpmppnoibabdkkhnfhkkehgnc) extensions are also available. + +## Enable stronger anti-crypto abuse features for a hub + +Ephemeral hubs with public access must have [stronger anti crypto abuse features +enabled](howto:features:cryptnono) before going live. + +## (Optional) Shared systemwide password setup + +Optionally, in addition to the cryptnono setup documented above, a shared +password may be used as additional protection to guard against random cryptobros +abusing using our systems for 'free' compute. This password is same for all +users, and can be shared by the community champions of the hub in whatever form +they wish. + +This requires two bits of config - one in the `.values.yaml` file for the hub, +and another in the `enc-.secret.values.yaml` file. + +In `.values.yaml`: + +```yaml +ingressBasicAuth: + enabled: true + +jupyterhub: + ingress: + annotations: + # We protect our entire hub from cryptobros by putting it all + # behind a single shared basicauth + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: ingress-basic-auth + nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" +``` + +In `enc-.secret.values.yaml`: +```yaml +ingressBasicAuth: + username: + password: +``` + +```{tip} +Pick a *passphrase* for the password, like [the holy book says](https://xkcd.com/936/). +``` + +```{note} +Make sure the `enc-.secret.values.yaml` is encrypted via [sops](tools:sops) +``` \ No newline at end of file diff --git a/docs/howto/features/index.md b/docs/howto/features/index.md index 3e42dfc921..5045b7d8f3 100644 --- a/docs/howto/features/index.md +++ b/docs/howto/features/index.md @@ -53,6 +53,7 @@ See the sections below for more details. 4. (default enabled) Configurator 5. (dedicated clusters only) Grafana <../..//topic/monitoring-alerting/grafana> 6. Using JupyterHub as an identity provider +7. Stronger anti-crypto abuse features for a hub ``` ### Performance Layer diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index 39996dc6ad..e4d2b95f8c 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -422,6 +422,12 @@ cryptnono: # Disable the execwhacker detector for now, as it matures by being deployed on mybinder.org execwhacker: enabled: false + configs: + unencrypted-test-01: + bannedCommandStrings: + # Provide an unencrypted, randomly generated test string. All processes that have this in their commandline will be killed. + # This is helpful for testing by engineers + - phahPaiWie2aeluax4Of7tiwiekujeaF7aquuPeexeiT7jieJailaKai7haiB0raetib9ue8Ai2daeTaehaemohJeeyaifeip6nevae5Safeir9iep8Baic3nohn9zoa monero: enabled: true resources: From 2b340c2d09fbf972132859fe4aeea45841f1d53b Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 30 Jan 2024 19:01:02 -0800 Subject: [PATCH 351/494] Enable mounting shared directories from one hub to another - Also enable this for the HHMI spyglass ephemeral hub, as it turns out this is a critical part of the demo --- config/clusters/hhmi/spyglass.values.yaml | 29 ++++-- docs/howto/features/ephemeral.md | 108 ++++++++++++++++++---- helm-charts/basehub/templates/nfs.yaml | 2 +- helm-charts/basehub/values.schema.yaml | 5 + 4 files changed, 117 insertions(+), 27 deletions(-) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 1765f1bb42..9c363353ae 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -1,7 +1,16 @@ nfs: - enabled: false - pv: + enabled: true + dirsizeReporter: enabled: false + pv: + enabled: true + mountOptions: + - soft + - noatime + serverIP: 10.55.112.74 + baseShareName: /homes/ + shareNameOverride: prod + jupyterhub: ingress: hosts: @@ -41,14 +50,20 @@ jupyterhub: singleuser: initContainers: [] storage: - # No persistent storage should be kept to reduce any potential data - # retention & privacy issues. type: none - extraVolumeMounts: [] + extraVolumes: + - name: shared-dir-pv + persistentVolumeClaim: + claimName: home-nfs + extraVolumeMounts: + - name: shared-dir-pv + mountPath: /home/jovyan/shared-readonly + subPath: _shared + readOnly: true defaultUrl: /lab image: - name: quay.io/lorenlab/hhmi-spyglass-image - tag: "c307f9418a60" + name: quay.io/2i2c/hhmi-spyglass-image + tag: "8be848d09076" extraContainers: - name: mysql image: datajoint/mysql # following the spyglass tutorial at https://lorenfranklab.github.io/spyglass/latest/notebooks/00_Setup/#existing-database diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index 50ef00f954..5f07632433 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -46,10 +46,10 @@ jupyterhub: ``` -## No persistent storage +## No persistent home directory As users are temporary and can not be accessed again, there is no reason to -provide persistent storage. So we turn it all off. +provide persistent storage. So we turn it all off - particularly the home directories. ```yaml nfs: @@ -69,6 +69,77 @@ jupyterhub: extraVolumeMounts: [] ``` +## (Optional) Sharing `shared` directories from another hub with an ephemeral hub + +In some specific cases, we may need to share a `shared` directory from another hub +on the same cluster with the ephemeral hub. The 'source' hub whose `shared` directory +we mount may be used to provide common data files, teaching materials, etc for the +ephemeral hub's users. + +1. Setup the [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) + in the ephemeral hub's config to point to the same NFS share that the 'source' hub is + pointing to, with the following config: + + ```yaml + nfs: + enabled: true + dirsizeReporter: + # We don't need to report directory sizes here, as it's already being reported on by + # the 'source' hub + enabled: false + pv: + enabled: true + mountOptions: + serverIP: + baseShareName: + shareNameOverride: + ``` + + A few options should copied from the config of the 'source' hub, and `shareNameOverride` + should be set to whatever is the `name` of the 'source' hub in `cluster.yaml`. + + When deployed, this should set up a new PersistentVolume for the ephemeral hub to use + that references the same NFS share of the 'source' hub. You can validate this by + comparing them: + + ```bash + # Get the source hub's NFS volume + kubectl get pv -home-nfs -o yaml + # Get the ephemeral hub's NFS volume + kubectl get pv -home-nfs -o yaml + ``` + + The section under `spec.nfs` should match for both these `PersistentVolume` options. + + ```{note} + If you want to learn more about how this is setup, look into `helm-charts/basehub/templates/nfs.yaml` + ``` + +2. Mount *just* the shared directory appropriately: + + ```yaml + jupyterhub: + singleuser: + storage: + # We still don't want to have per-user storage + type: none + extraVolumes: + - name: shared-dir-pvc + persistentVolumeClaim: + # The name of the PVC setup by nfs.yaml for the ephemeral hub to use + claimName: home-nfs + extraVolumeMounts: + - name: shared-dir-pvc + mountPath: /home/jovyan/shared + subPath: _shared + readOnly: true + ``` + + This will mount the shared directory from the 'source' hub under `shared` in the + ephemeral hub - so admins can write stuff to the `shared-readwrite` directory in the + 'source' hub and it'll immediately show up here! It's mounted to be read-only - since + there are no real 'users' in an ephemeral hub, if we make it readwrite, it can be easily + deleted (accidentally or intentionally) with no accountability. ## Image configuration in chart @@ -130,23 +201,6 @@ jupyterhub: url: "" ``` - -## Customizing the uptime check to expect a HTTP `401` - -Our [uptime checks](uptime-checks) expect a HTTP `200` response to consider a -hub as live. However, since we protect the entire hub at the Ingress level, -all endpoints will return a HTTP `401` asking for a password. We can configure -our uptime checks to allow for `401` as a valid response in the appropriate -`cluster.yaml` definition for this hub. - -```yaml - - name: - display_name: - uptime_check: - # This is an ephemeral hub, fully password protected with HTTP Basic Auth - expected_status: 401 -``` - ## Use `nbgitpuller` for distributing content We encourage users to use [nbgitpuller](https://github.com/jupyterhub/nbgitpuller) @@ -205,4 +259,20 @@ Pick a *passphrase* for the password, like [the holy book says](https://xkcd.com ```{note} Make sure the `enc-.secret.values.yaml` is encrypted via [sops](tools:sops) +``` + +### Customizing the uptime check to expect a HTTP `401` + +Our [uptime checks](uptime-checks) expect a HTTP `200` response to consider a +hub as live. However, since we protect the entire hub at the Ingress level, +all endpoints will return a HTTP `401` asking for a password. We can configure +our uptime checks to allow for `401` as a valid response in the appropriate +`cluster.yaml` definition for this hub. + +```yaml + - name: + display_name: + uptime_check: + # This is an ephemeral hub, fully password protected with HTTP Basic Auth + expected_status: 401 ``` \ No newline at end of file diff --git a/helm-charts/basehub/templates/nfs.yaml b/helm-charts/basehub/templates/nfs.yaml index d14980035f..980d4bfc42 100644 --- a/helm-charts/basehub/templates/nfs.yaml +++ b/helm-charts/basehub/templates/nfs.yaml @@ -10,7 +10,7 @@ spec: - ReadWriteMany nfs: server: {{ .Values.nfs.pv.serverIP | quote }} - path: "{{ .Values.nfs.pv.baseShareName }}{{ .Release.Name }}" + path: "{{ .Values.nfs.pv.baseShareName }}{{ .Values.nfs.pv.shareNameOverride | default .Release.Name }}" mountOptions: {{ .Values.nfs.pv.mountOptions | toJson }} --- apiVersion: v1 diff --git a/helm-charts/basehub/values.schema.yaml b/helm-charts/basehub/values.schema.yaml index cbf6f3ca1b..dbf5b46926 100644 --- a/helm-charts/basehub/values.schema.yaml +++ b/helm-charts/basehub/values.schema.yaml @@ -213,6 +213,11 @@ properties: type: string baseShareName: type: string + shareNameOverride: + type: string + descirption: | + Optional string to use as the name of the share - defaults to name of the + hub specified in the cluster.yaml file. inClusterNFS: type: object additionalProperties: false From a341a6d70fd7cb836871fc6319dbcf41c3cd2679 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 30 Jan 2024 19:04:27 -0800 Subject: [PATCH 352/494] Exclude encrypted python file from pre-commit hook --- .pre-commit-config.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 99a5dafb94..b90f26e671 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,12 +34,16 @@ repos: rev: "23.12.1" hooks: - id: black + # This is a `.py` file but is encrypted with sops + exclude: deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py # Lint: Python code - repo: https://github.com/pycqa/flake8 rev: "6.1.0" hooks: - id: flake8 + # This is a `.py` file but is encrypted with sops + exclude: deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py # Run `terraform fmt` on all our terraform files automatically - repo: https://github.com/yuvipanda/terraform-bin From 0674c50861536fd22508a1b4eb59e3b16cb260fe Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 31 Jan 2024 03:04:53 +0000 Subject: [PATCH 353/494] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- deployer/commands/generate/cryptnono_config/__init__.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deployer/commands/generate/cryptnono_config/__init__.py b/deployer/commands/generate/cryptnono_config/__init__.py index ee871b52dd..0e8b793a13 100644 --- a/deployer/commands/generate/cryptnono_config/__init__.py +++ b/deployer/commands/generate/cryptnono_config/__init__.py @@ -1,7 +1,8 @@ -from deployer.cli_app import generate_app -from pathlib import Path -import subprocess import shutil +import subprocess +from pathlib import Path + +from deployer.cli_app import generate_app HERE = Path(__file__).parent REPO_ROOT_PATH = HERE.parent.parent.parent.parent From 5622cabaf231c7c7fea19a755fc534ead3ab118d Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 30 Jan 2024 19:22:51 -0800 Subject: [PATCH 354/494] Add Chad as earthscope admin Ref https://2i2c.freshdesk.com/a/tickets/1279 --- config/clusters/earthscope/common.values.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/config/clusters/earthscope/common.values.yaml b/config/clusters/earthscope/common.values.yaml index 3cc66f3c2f..29b2c8b9d1 100644 --- a/config/clusters/earthscope/common.values.yaml +++ b/config/clusters/earthscope/common.values.yaml @@ -153,10 +153,8 @@ basehub: Authenticator: enable_auth_state: true admin_users: - - timdittmann - - chad-earthscope - - google-oauth2|101500906458831444600 - - oauth2|cilogon|servera|32158821 + # Chad Trebant, https://2i2c.freshdesk.com/a/tickets/1279 + - google-oauth2|117718799995701713253 singleuser: profileList: - display_name: "Shared Small: 1-4 CPU, 8-32 GB" From 55f5d6ed3b5e50688ec8d364ccc8e0813fb9d60e Mon Sep 17 00:00:00 2001 From: Jenny Wong Date: Wed, 31 Jan 2024 11:31:26 +0000 Subject: [PATCH 355/494] Add gh-scoped-creds environment variables --- config/clusters/2i2c-aws-us/showcase.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index 3aec7b1096..250bf3de69 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -52,6 +52,8 @@ basehub: SCRATCH_BUCKET: s3://2i2c-aws-us-scratch-researchdelight/$(JUPYTERHUB_USER) PANGEO_SCRATCH: s3://2i2c-aws-us-scratch-researchdelight/$(JUPYTERHUB_USER) PERSISTENT_BUCKET: s3://2i2c-aws-us-persistent-showcase/$(JUPYTERHUB_USER) + GH_SCOPED_CREDS_CLIENT_ID: Iv1.f9261c4c78b4dfdd + GH_SCOPED_CREDS_APP_URL: https://github.com/apps/2i2c-community-showcase-hub profileList: - display_name: "NASA TOPS-T ScienceCore-ClimateRisk" description: "For collaborative work on 2i2c/MD's NASA TOPS-T ScienceCore Module" From f95c5fe4fd866ff287362c96bb1e4fac492eda50 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 31 Jan 2024 13:00:59 +0100 Subject: [PATCH 356/494] 2i2c-aws-us, showcase: fix bucket access after rename --- config/clusters/2i2c-aws-us/showcase.values.yaml | 2 +- terraform/aws/projects/2i2c-aws-us.tfvars | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index 250bf3de69..d092317c1b 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -4,7 +4,7 @@ basehub: # When we renamed this hub, we did so at a DNS level and not an infrastructure # level. No terraform config was touched. Hence the kubernetes annotations retain # the original hub name. - eks.amazonaws.com/role-arn: arn:aws:iam::790657130469:role/2i2c-aws-us-researchdelight + eks.amazonaws.com/role-arn: arn:aws:iam::790657130469:role/2i2c-aws-us-showcase jupyterhub: ingress: hosts: [showcase.2i2c.cloud] diff --git a/terraform/aws/projects/2i2c-aws-us.tfvars b/terraform/aws/projects/2i2c-aws-us.tfvars index 4e5dbb4a5c..cf56c5e671 100644 --- a/terraform/aws/projects/2i2c-aws-us.tfvars +++ b/terraform/aws/projects/2i2c-aws-us.tfvars @@ -40,7 +40,7 @@ hub_cloud_permissions = { bucket_admin_access : ["scratch-dask-staging"], extra_iam_policy : "" }, - "researchdelight" : { + "showcase" : { requestor_pays : true, bucket_admin_access : [ "scratch-researchdelight", From 482ee4259889835746158ef0f9166efdab4768b3 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 08:15:25 -0800 Subject: [PATCH 357/494] Fix renamed file Co-authored-by: Erik Sundell --- docs/howto/features/cryptnono.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index d407c80b29..c3313d08ce 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -131,7 +131,7 @@ This will update the file `helm-charts/support/enc-cryptnono.secret.values.yaml` The banned strings generator is a fairly simple python script, present in `deployer/commands/generate/cryptnono_config/enc-blocklist-generator.secret.py`. It's unencrypted and loaded by code in `deployer/commands/generate/cryptnono_config/__init__.py`. There is inline -documentation in `encrypted_secret_blocklist.py`, but how does one hack on it? +documentation in `enc-blocklist-generator.secret.py`, but how does one maintain it? 1. Unencrypt the file with `sops` From b973462f998cf931cefa5ce7417fc79e5fa531d5 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 08:24:32 -0800 Subject: [PATCH 358/494] Import REPO_ROOT_PATH from existing module Co-authored-by: Georgiana --- deployer/commands/generate/cryptnono_config/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployer/commands/generate/cryptnono_config/__init__.py b/deployer/commands/generate/cryptnono_config/__init__.py index 0e8b793a13..8d2b27d675 100644 --- a/deployer/commands/generate/cryptnono_config/__init__.py +++ b/deployer/commands/generate/cryptnono_config/__init__.py @@ -3,9 +3,9 @@ from pathlib import Path from deployer.cli_app import generate_app +from deployer.utils.file_acquisition import REPO_ROOT_PATH HERE = Path(__file__).parent -REPO_ROOT_PATH = HERE.parent.parent.parent.parent @generate_app.command() From 6ef52f964912812ff6efad5cd3c72b311684569a Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 08:27:50 -0800 Subject: [PATCH 359/494] Update spyglass tag again --- config/clusters/hhmi/spyglass.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 9c363353ae..37ea3eb386 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -63,7 +63,7 @@ jupyterhub: defaultUrl: /lab image: name: quay.io/2i2c/hhmi-spyglass-image - tag: "8be848d09076" + tag: "67523d9ea855" extraContainers: - name: mysql image: datajoint/mysql # following the spyglass tutorial at https://lorenfranklab.github.io/spyglass/latest/notebooks/00_Setup/#existing-database From b3ef0d33c822e32ff1f4c574a1cb7ebef5fd54ff Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 08:29:33 -0800 Subject: [PATCH 360/494] Clarify what repository 'this' is Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- docs/howto/features/cryptnono.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index c3313d08ce..1156284e48 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -27,7 +27,7 @@ Cryptnono currently has two primary detectors: Since making the list of banned strings public would make ban evasion easy, the list of strings (and the method used to generate them) is encrypted. You can read more details about the specific method used by looking in the encrypted code file (`deployer/commands/generate/cryptnono_config/encrypted_secret_blocklist.py`) - in this repository. + in the `infrastructure` repository. Since this detector may have a non-0 false positive rate, it is currently *not* enabled by default. However, eventually, once the config matures enough (and we have tested it enough), From 27afa5cdb93ddc3a45cb3dd30182ad990df659be Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 08:33:53 -0800 Subject: [PATCH 361/494] Fix typo Co-authored-by: Erik Sundell --- docs/howto/features/cryptnono.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index 1156284e48..2ffb79eadc 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -87,7 +87,7 @@ to understand why - it may also lead to more tweaking of the generator config. ```bash kubectl -n support get pod \ - --field-selector spec.nodeName=\ + --field-selector spec.nodeName= \ -l app.kubernetes.io/name=cryptnono ``` From da428d21126e4ae9653c69b261fd5a8da807ce57 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 08:57:11 -0800 Subject: [PATCH 362/494] Fix indent issue Co-authored-by: Erik Sundell --- docs/howto/features/ephemeral.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index 5f07632433..95d764940c 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -119,20 +119,20 @@ ephemeral hub's users. ```yaml jupyterhub: - singleuser: - storage: - # We still don't want to have per-user storage - type: none - extraVolumes: - - name: shared-dir-pvc - persistentVolumeClaim: - # The name of the PVC setup by nfs.yaml for the ephemeral hub to use - claimName: home-nfs - extraVolumeMounts: - - name: shared-dir-pvc - mountPath: /home/jovyan/shared - subPath: _shared - readOnly: true + singleuser: + storage: + # We still don't want to have per-user storage + type: none + extraVolumes: + - name: shared-dir-pvc + persistentVolumeClaim: + # The name of the PVC setup by nfs.yaml for the ephemeral hub to use + claimName: home-nfs + extraVolumeMounts: + - name: shared-dir-pvc + mountPath: /home/jovyan/shared + subPath: _shared + readOnly: true ``` This will mount the shared directory from the 'source' hub under `shared` in the From 7340efbb68481a027037287ee5fa63ac2e429950 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 09:01:41 -0800 Subject: [PATCH 363/494] Use a shorter test string --- docs/howto/features/cryptnono.md | 5 +++-- helm-charts/support/values.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index 2ffb79eadc..a4c48063b2 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -60,12 +60,13 @@ To test that the detector is actually working, you can login to a hub on the clu try to execute the following command: ```bash -ls phahPaiWie2aeluax4Of7tiwiekujeaF7aquuPeexeiT7jieJailaKai7haiB0raetib9ue8Ai2daeTaehaemohJeeyaifeip6nevae5Safeir9iep8Baic3nohn9zoa +sh -c 'sleep 1 && echo beiquatohGa1uay0ahMies9couyahPeiz9xohju3Ahvaik3FaeM7eey1thaish1U' ``` It should immediately die, with a message saying `Killed`. This is a randomly generated test string, set up in an unencrypted fashion in `helm-charts/support/values.yaml` under `cryptnono.detectors.execwhacker.configs`, -to enable testing by engineers and others. +to enable testing by engineers and others. We also put the `sleep` in there as it can sometimes take cryptnono +upto a second to kill a process. ## Looking at logs to understand why a process was killed by `execwhacker` diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index e4d2b95f8c..4e433d4389 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -427,7 +427,7 @@ cryptnono: bannedCommandStrings: # Provide an unencrypted, randomly generated test string. All processes that have this in their commandline will be killed. # This is helpful for testing by engineers - - phahPaiWie2aeluax4Of7tiwiekujeaF7aquuPeexeiT7jieJailaKai7haiB0raetib9ue8Ai2daeTaehaemohJeeyaifeip6nevae5Safeir9iep8Baic3nohn9zoa + - beiquatohGa1uay0ahMies9couyahPeiz9xohju3Ahvaik3FaeM7eey1thaish1U monero: enabled: true resources: From fc028476616cd47b9747f656341d4f3c36dad220 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 09:01:51 -0800 Subject: [PATCH 364/494] Provide information about container & pod when killed --- docs/howto/features/cryptnono.md | 31 +++++++++++++++++++++++-------- helm-charts/support/values.yaml | 3 +++ 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index a4c48063b2..9a45732969 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -103,18 +103,33 @@ to understand why - it may also lead to more tweaking of the generator config. The logs will be structured as `json`, and will look like this: ```json - {"pid": 13704, "cmdline": "/usr/bin/ls --color=auto phahpaiwie2aeluax4of7tiwiekujeaf7aquupeexeit7jiejailakai7haib0raetib9ue8ai2daetaehaemohjeeyaifeip6nevae5safeir9iep8baic3nohn9zoa", "matched": "phahpaiwie2aeluax4of7tiwiekujeaf7aquupeexeit7jiejailakai7haib0raetib9ue8ai2daetaehaemohjeeyaifeip6nevae5safeir9iep8baic3nohn9zoa", "source": "execwhacker.bpf", "action": "killed", "event": "Killed process", "level": "info", "timestamp": "2024-01-30T19:35:36.610659Z"} + { + "pid": 23933, + "cmdline": "/usr/bin/sh -c 'sleep 1 && echo beiquatohga1uay0ahmies9couyahpeiz9xohju3ahvaik3faem7eey1thaish1u'", + "matched": "beiquatohga1uay0ahmies9couyahpeiz9xohju3ahvaik3faem7eey1thaish1u", + "source": "execwhacker.bpf", + "container_type": "cri", + "labels": { + "io.kubernetes.container.name": "notebook", + "io.kubernetes.pod.name": "jupyter-921a1d97-2d4cb1-2d4eb1-2da427-2dd5eed98e3ab9", + "io.kubernetes.pod.namespace": "spyglass", + "io.kubernetes.pod.uid": "d2ed6416-812f-413b-ba53-e62d11646809" + }, + "image": "quay.io/2i2c/hhmi-spyglass-image:67523d9ea855", + "action": "killed", + "event": "Killed process", + "level": "info", + "timestamp": "2024-01-31T16:59:32.990489Z" + } ``` - This tells us that the name of the process, as well as why it was killed. - - ```{note} - We will eventually be able to see the [pod & namespace](https://github.com/cryptnono/cryptnono/issues/30) information - of killed processes as well. - ``` + This tells us that the name of the process, the name of the pod (and hence user) who was cryptomining, the + namespace (and hence hub name) it happened in, the image being used as well as what string was matched that + caused it to die. ```{tip} - To make the JSON easier to read, you can pipe the logs command to `jq`. + The logs by default output one JSON object per line, which is hard for a human to read. You can pipe it + to `jq` to make it easier to read! ``` ## Regenerating list of banned strings diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index 4e433d4389..da8b22c3f3 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -422,6 +422,9 @@ cryptnono: # Disable the execwhacker detector for now, as it matures by being deployed on mybinder.org execwhacker: enabled: false + # Cryptnono can get information about what container the kill was in, so we can identify which + # user was cryptomining + containerdHostPath: /run/containerd/containerd.sock configs: unencrypted-test-01: bannedCommandStrings: From 87b98f079d4345ef698c955dbd1993614cf8c0ae Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 09:11:08 -0800 Subject: [PATCH 365/494] Collect cryptnono metrics --- docs/howto/features/cryptnono.md | 4 ++-- helm-charts/support/Chart.yaml | 2 +- helm-charts/support/values.yaml | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index 9a45732969..b29d1d8922 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -188,5 +188,5 @@ them. Since none of the code for cryptnono itself is secret, this does not confl ## Future work -`cryptnono` also exposes prometheus metrics about processes it has killed. We currently do not collect these, -but we should enable collection so we can +`cryptnono` also exposes prometheus metrics about processes it has killed. We currently *do* collect these, +but there is no Grafana dashboard that exposes them yet. diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index eeaff70123..f28a596dcd 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -42,6 +42,6 @@ dependencies: # cryptnono, counters crypto mining # Source code: https://github.com/cryptnono/cryptnono/ - name: cryptnono - version: "0.3.1-0.dev.git.129.ha9d73b8" + version: "0.3.1-0.dev.git.133.hd195428" repository: https://cryptnono.github.io/cryptnono/ condition: cryptnono.enabled diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index da8b22c3f3..c090237288 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -425,6 +425,8 @@ cryptnono: # Cryptnono can get information about what container the kill was in, so we can identify which # user was cryptomining containerdHostPath: /run/containerd/containerd.sock + metrics: + enabled: true configs: unencrypted-test-01: bannedCommandStrings: From 4d69d55418963089b9d47ec2d55c44f013512be7 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 10:27:20 -0800 Subject: [PATCH 366/494] Fix case of execwhacker --- docs/howto/features/cryptnono.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index b29d1d8922..ff79eab1f8 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -20,7 +20,7 @@ Cryptnono currently has two primary detectors: how to detect it. This is fairly safe and has a very low false positive rate, and requires no configuration. So by default, **this detector is enabled on all hubs**. -2. A detector (`execWhacker`) based on heuristics, where the full commandline used to execute a process ( +2. A detector (`execwhacker`) based on heuristics, where the full commandline used to execute a process ( regardless of how it is started) is used to detect if a process is likely crypto mining, and if so, immediately kill it. This relies on a tweakable config of banned strings to look for in the commandline of a process, and is [constantly being tweaked](https://github.com/jupyterhub/mybinder.org-deploy/security/advisories/GHSA-j42g-x8qw-jjfh). @@ -34,9 +34,9 @@ Cryptnono currently has two primary detectors: this would also be enabled by default everywhere. In the meantime, we only enable it for *clusters* with any hub that allows unfettered external access. -## Enabling the `execWhacker` detector +## Enabling the `execwhacker` detector -The `execWhacker` detector can be enabled with the following configuration in the appropriate +The `execwhacker` detector can be enabled with the following configuration in the appropriate `support.values.yaml` for the cluster: ```yaml @@ -54,7 +54,7 @@ named `execwhacker` in the `cryptnono` daemonset in the `support` namespace. kubectl -n support get daemonset support-cryptnono -o yaml ``` -## Testing the `execWhacker` detector +## Testing the `execwhacker` detector To test that the detector is actually working, you can login to a hub on the cluster and try to execute the following command: From 32eb06dbf07eaa6252a8bedc012a0b35a96e94e8 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 12:33:03 -0800 Subject: [PATCH 367/494] Clarify who is testing what Co-authored-by: Erik Sundell --- helm-charts/support/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/values.yaml b/helm-charts/support/values.yaml index c090237288..67ced6a2ea 100644 --- a/helm-charts/support/values.yaml +++ b/helm-charts/support/values.yaml @@ -431,7 +431,7 @@ cryptnono: unencrypted-test-01: bannedCommandStrings: # Provide an unencrypted, randomly generated test string. All processes that have this in their commandline will be killed. - # This is helpful for testing by engineers + # This is helpful for testing execwhacker is enabled and functional - beiquatohGa1uay0ahMies9couyahPeiz9xohju3Ahvaik3FaeM7eey1thaish1U monero: enabled: true From 45de2018d294968f03106e27b6d5f6384716e80d Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 12:33:15 -0800 Subject: [PATCH 368/494] Fix typo Co-authored-by: Georgiana --- helm-charts/basehub/values.schema.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/basehub/values.schema.yaml b/helm-charts/basehub/values.schema.yaml index dbf5b46926..1fdb6fe267 100644 --- a/helm-charts/basehub/values.schema.yaml +++ b/helm-charts/basehub/values.schema.yaml @@ -215,7 +215,7 @@ properties: type: string shareNameOverride: type: string - descirption: | + description: | Optional string to use as the name of the share - defaults to name of the hub specified in the cluster.yaml file. inClusterNFS: From 72de37f241d89fbb1a76fe4f4e71e8874bbdf37e Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 12:32:34 -0800 Subject: [PATCH 369/494] Add a comment about shareNameOverride --- config/clusters/hhmi/spyglass.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 37ea3eb386..af62d15c68 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -9,6 +9,8 @@ nfs: - noatime serverIP: 10.55.112.74 baseShareName: /homes/ + # The spyglass hub will be using the same *shared* directory from the 'prod' hub, so + # hub admins can *write* to the shared directory there and it'll show up readonly here. shareNameOverride: prod jupyterhub: From 6eeb95d0eaf191b2e272db71979c3d08cedb35ab Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 12:39:01 -0800 Subject: [PATCH 370/494] Add missing encrypted cryptnono config Follow-up to https://github.com/2i2c-org/infrastructure/pull/3657 --- .../support/enc-cryptnono.secret.values.yaml | 6071 +++++++++++++++++ 1 file changed, 6071 insertions(+) create mode 100644 helm-charts/support/enc-cryptnono.secret.values.yaml diff --git a/helm-charts/support/enc-cryptnono.secret.values.yaml b/helm-charts/support/enc-cryptnono.secret.values.yaml new file mode 100644 index 0000000000..f86a923a68 --- /dev/null +++ b/helm-charts/support/enc-cryptnono.secret.values.yaml @@ -0,0 +1,6071 @@ +#ENC[AES256_GCM,data:+T4xil80WTLtE+RpWGBkdIGuKTcrIHH7VPIHMvQXeCs/jGehIsRi11ogllRIJFurJv1qIgPS5rM7JK5TdlvlOLm7SPGkDOMJ+qT01Q==,iv:ScipOIXGo6aYqvMPGAekbW2Z9Ax8S/xt2zesNjO8NdE=,tag:wbKuuJ3pD6dSGYEyr2+5nA==,type:comment] +#ENC[AES256_GCM,data:H+BQiX1W7Qci0maDlWeiY5ca0piTFys=,iv:6C52MjZQkDENM7WUJ2ZFdXa7hnrLzdGivbl2SUhGAWk=,tag:OjtiWlZQrOpfnanOdVVdgA==,type:comment] +cryptnono: + detectors: + execwhacker: + configs: + encrypted-01: + bannedCommandStrings: + - ENC[AES256_GCM,data:61AMxOkAPakgoPXsynNUVXVX,iv:H8I8cp9+ALZkg1XRvtYrTbWAAa6X+ikp3dq9s4+TrNM=,tag:gbUw3W/0HVt/06nT7oOkvw==,type:str] + - ENC[AES256_GCM,data:rM+V8bE=,iv:INPR18UeaWyCU7jjmXTFeebVyjnAhv78LXdqXJ0cDCs=,tag:e+CIkJnG8LnIi/dSkdsCrg==,type:str] + - ENC[AES256_GCM,data:qGYQJHVAg9tb3wE=,iv:MfHZE7OKlwZ7cOkJRv2STqOcmzan8NcSY2pTpk63aoA=,tag:5mlhsLmuxdEljN0wT2zhgw==,type:str] + - ENC[AES256_GCM,data:CS0R4EM=,iv:lPV1+ftXw7vVX4F7VGv+bJr9hqJwwNjGHbd/mvM5L3w=,tag:aQmS/RGgdDzLxLYo1uj64A==,type:str] + - ENC[AES256_GCM,data:baafgeQF2Akak/c/,iv:dUDP7aqEsfEEmWko7WPf3RLy14AX4E3C28bEufNiEiU=,tag:q6cGprdyV2mlZeftsQTCVg==,type:str] + - ENC[AES256_GCM,data:bM1UA4gDjQTQ,iv:4yB/qoy2BfT8bGr3b2B0jiIp1eFnhOJ4hpa7admdUGA=,tag:kCJGJUtiTOSf1x9WOTexvA==,type:str] + - ENC[AES256_GCM,data:AXbW3e2eyZo=,iv:ubTDUSebsMflM9GaSbhDOy6S59H2EORGDbKFW+EgwIg=,tag:tY6l3VYR4GVMypZrjopRdQ==,type:str] + - ENC[AES256_GCM,data:wAfJfGXhnC4Z,iv:CoFKwjJBQ+lsm1q7c8erQpreJx82GdDRq+7qb0u/M0s=,tag:p57zx6ZGPx2/+RIc+U2cnQ==,type:str] + - ENC[AES256_GCM,data:ri5mxBZQ1uGs,iv:R1hKhZZVydw3YXKe5o8tKHtInd9ZWCNmpmUW2ICOooQ=,tag:zRjoBp61vhb8MzqnxN/lMg==,type:str] + - ENC[AES256_GCM,data:pB+hk8w+0A==,iv:sdGMl4fC9D0cLVdk/1b7jCbSwu+/n10Q7UCiDk316v4=,tag:h9dYEfdI/8S2sbv47I2Zjg==,type:str] + - ENC[AES256_GCM,data:o2DydcbYOoQgzjJQ,iv:m+BABx7IC6zdvd4F+YnugNO51G3XIKb73J9tyA/yPgE=,tag:8ryE5T6ErXMFjLSoKkKMbA==,type:str] + - ENC[AES256_GCM,data:r1MmajY=,iv:lZZmClA8dHf6VqxvoqOBqdWQnLH2PO4NAogVB1kC1hw=,tag:PtjZfFCAKUw3csxhl0LC4A==,type:str] + - ENC[AES256_GCM,data:0TFUg/++/rY=,iv:AwOFN0S2RnxF02+eeuaSn65www83BcqF24IlGlOwJDg=,tag:VJ2ZkVi10qy+yQvGxeF6+g==,type:str] + - ENC[AES256_GCM,data:WEyK9Q6JoCdb,iv:m4/23TU58clVbhMSNnkfGRfId/q5qf3VIIioeu0PbOw=,tag:SNKDhvaI7QHcfEUgJQEIFA==,type:str] + - ENC[AES256_GCM,data:53kIm877,iv:hfFSDOLfEo8hKVJsVQg9jGcak+cHbYxAo8Y8xo3n4f8=,tag:/CDsXMJxuffvKU0XtD+rbQ==,type:str] + - ENC[AES256_GCM,data:71R4TRbLgFk=,iv:Ec4U0QjW/z50ONBG18BkUWfPgQV6UbyC47Fv47BL4Mw=,tag:t2O61NF12KOrOLeZas/r3w==,type:str] + - ENC[AES256_GCM,data:B9bjaLC+XU43,iv:JyGuc7ZEl4UmXr3M6Jyi6IZqIbI/kIRw9NnBIZR9mH0=,tag:A3cYK0QUKZxwYJQVT3DfdA==,type:str] + - ENC[AES256_GCM,data:K2vyB6BSw5+aZCViIsLqPBpW,iv:1EWg9ZPR9pRIrs9VoDZspl6Zvhiuw4dhbmOwnLZYUd8=,tag:Dv316E3GJl2nTF6GdagpOw==,type:str] + - ENC[AES256_GCM,data:BJlRsfc=,iv:5evgzzs0KFC2fEfRcGn8z9nTvdjkaBnKxVxmaLRO2ys=,tag:B5vMQTIbnem0k+LFfY6DKw==,type:str] + - ENC[AES256_GCM,data:nqrwhPs1psMH6YjegocFzp8=,iv:K5JNan3FBcvzy2SZYrWNtK/Cy8o5np405okkdUsVda4=,tag:/N5AmET62K4N4kKrUtAD6A==,type:str] + - ENC[AES256_GCM,data:HQunyS5e,iv:wAphAqtcG9RPqOh24x+kC0dF7s9GOHtB2YqWMwc8BEM=,tag:ItvuxW3/Ftv/m4eTvH8UWg==,type:str] + encrypted-02: + bannedCommandStrings: + - ENC[AES256_GCM,data:xwOMVtrGU2tkiU/RJNl5JbI=,iv:+5m4vvkBACvbjnCER71AF4CMzk2wzDIHxZ9mC/sbitU=,tag:y9izSh8d1CNxWpsqvZ76jg==,type:str] + - ENC[AES256_GCM,data:KMButCSMosCBzLaG,iv:PpVmL7lw/uJOu2qus4H5yKpIx88QaT6rM/T7iO62VVY=,tag:D69Pmd1FXHQgK3ht4QePRA==,type:str] + - ENC[AES256_GCM,data:DrWMtWNAFptrlAdyiA==,iv:2cMw/aTHd+HOfCjQv2qHHdOaChSDvRhLA5RFP5GHBq4=,tag:5UlgEO6lgptjQKeMxGjISQ==,type:str] + - ENC[AES256_GCM,data:6vfe8e2jCQ==,iv:RVVB6z1MZ/txqWBAda3MFlfKMCbQsfEjwqi97MDAK7U=,tag:yrCFuKaZdhUbg0s93SxUFA==,type:str] + - ENC[AES256_GCM,data:UsjMMuChkA==,iv:V1Sjhj+3HZ8i1R29kOnAmI81JGLYyhC7QyXFL0w7AIM=,tag:9e69OZ80AkiFQZ1HwuQyRQ==,type:str] + - ENC[AES256_GCM,data:fxryBUCn706qpbM=,iv:FW7Z+vc3jUrL11y2beo5sTTv4EUjreeYd4Dwtb0wq1U=,tag:E13osnImM+lCG6Sn4xuECQ==,type:str] + - ENC[AES256_GCM,data:IS0ernce0YhC,iv:HXPyXiBJK51oqogZYK5LyJLQodOSzcCY9seH3zdNVOE=,tag:ckFvDOQOmxaZd9nvsqb7XA==,type:str] + - ENC[AES256_GCM,data:/lAzZ96IK+Q=,iv:g8UGBIVoOHaIrGyNbAzXd7NR0xFuL5FG34Pc6Jtkr3E=,tag:N5L1eA0V2DKcFeBGHSF09g==,type:str] + - ENC[AES256_GCM,data:k/Y+5rpXotSwIuM=,iv:GgpcWPh2epVY0umKK5hPK1/MQ9VfGmCyMdU6YkGQuT4=,tag:rMuky0lwoyzFGfNjCZ6iHg==,type:str] + - ENC[AES256_GCM,data:YbX2KJpsQ06Z,iv:ccdIUG1O266G9ejSEIp7ms4G2tytnea2WeN+qI70zI8=,tag:ZXP0A+WnDfgBPoy81bV91A==,type:str] + - ENC[AES256_GCM,data:XjzgpZk3FYyKbw==,iv:nfw23yw0/ory4mPXiPfMB7QPQXR9I7cFc/eWKc8kr2A=,tag:LjaZPlN/NohV4Clz0d2HRA==,type:str] + - ENC[AES256_GCM,data:irROfCWP9a4LUg==,iv:0OWcVHY4xknM49rU8kAT6fWzCZ8KX578ON412XZt5JQ=,tag:fn5OWz6gPAOwwHypSfoc0g==,type:str] + - ENC[AES256_GCM,data:LbX4y5XhZxF2IA==,iv:aAfpHwtciOfiC8ES8klIVStGTCnpPUU1XQsvETbfp2k=,tag:dJA2ieWrrIKk/m4A3myUbA==,type:str] + - ENC[AES256_GCM,data:tHNGfVrZ8/nI/Is=,iv:Nki3tCYKck0l6UezPuL3wRHlJpwlB/3vL+BmWS+RLuY=,tag:y3le3Il6Tu9pqz/VWAue9g==,type:str] + - ENC[AES256_GCM,data:Bcvsq0rRfsUtngxq/5U=,iv:93RYYTLM40icC8Bnm1okOERmacpzM603gviEPnEbfP4=,tag:hmbmV+nZd/Fjnnmd7IvmDw==,type:str] + - ENC[AES256_GCM,data:dO6lghAhI25/EFY=,iv:bUjw+BK0JXVUBgHR2bNgkZimWLwEwBtIk+V2bFKl6u0=,tag:RZ/REzmnoJP7dL51p0cBNQ==,type:str] + - ENC[AES256_GCM,data:ROEK0rUk4u8zZQ==,iv:PwEnb3wiu3N5suyRvk/B8Vk3G2A7vew9+u8IgG9nyS8=,tag:VnQ3ySHL8MRQx2F/e8kt7w==,type:str] + - ENC[AES256_GCM,data:Nq1O7cZxGmB2A9nqT4maxg==,iv:eWCUIvNhdcP7yF4MPiMgsD7X2Fab5vf8L41RxjSVrks=,tag:rQmupG3n2/pFRSpvZ2jcBA==,type:str] + - ENC[AES256_GCM,data:QqeB6vdi1popKGN7C/E=,iv:aoir4xjWIyL3fRhP1V55m/HYxtHnLgNwpkjCHfFeHyg=,tag:hP+RTCchcSfJD+f18st0TQ==,type:str] + - ENC[AES256_GCM,data:cIwVCEFM6EX6QA==,iv:pngEJBhrDFSWL5NMF26QIZlblhGDSu4c57i851rJXEo=,tag:arcozgK/oq1KumwvqdloYw==,type:str] + - ENC[AES256_GCM,data:KjzsbsseLpuriQ/z,iv:SZ+pNsmyIiCWrSZ+YVcVaUG9Z07SFuwBFUVdI03eDJg=,tag:C/ZkPiOmlm2NWW0O8RWLuQ==,type:str] + - ENC[AES256_GCM,data:1HlHNWbdGhYqkErREIffk41ry6U=,iv:3v947s/qWdHDCjy0OxCqfTX3Bz7BgL6esG2mRTeOf/E=,tag:U99rDATZateK07HzGELceg==,type:str] + - ENC[AES256_GCM,data:Nj/2FH8NjUxOAFC/xox9Kg==,iv:ocZRGbHulTFF3ptX1eAVNONLDivTKC8vp05jU8ClZZs=,tag:Bi8Bm2ru/vXl1C9MBfsrFw==,type:str] + - ENC[AES256_GCM,data:4fc/n59a/JUzi6Iu,iv:Ads58JYPNL1d83to+wgFzR4HB2Mf8/YGaJzILLif+nc=,tag:VHQY2U9Hb85KjuMtpIH2Ow==,type:str] + - ENC[AES256_GCM,data:UGvwyHZuTiEojP4=,iv:YEM/wAFB6EbE/RwXH61sHE0USMKZnRCj4NVg2HT+elE=,tag:59FjMI85sUDAOHcPuhgQwQ==,type:str] + - ENC[AES256_GCM,data:ttym58XjWk/v0SFILyKZ0Q==,iv:qr04hzscUEB1FKfcLFo0b5zbVsbZ/rdl0qYvQCgxtFE=,tag:ZBK1BahwDTzfxfWze28Mtw==,type:str] + - ENC[AES256_GCM,data:bJHDl3bkDvcRxqY=,iv:jhIz2LCjZn+BwI5ZmeoRYrx4A7lH1cezpt5UNDbAz84=,tag:2SZ4Kvadq0gUNXBgwRjKOA==,type:str] + - ENC[AES256_GCM,data:A1wanpB4MTDscwdO,iv:ELvI+sFssIeB1H1flYmlISSJcTR/UmznBLUdQ+6iUOI=,tag:AzHgi+YCbNTsjFtH5tXyCA==,type:str] + - ENC[AES256_GCM,data:+pXrbZjVT0dd,iv:Wl8XVW71tX7zwvIScXYC5J5jyjP8jpawopceXqayYPU=,tag:+lJYPLPaHLKhC2dZtdDRCg==,type:str] + - ENC[AES256_GCM,data:pvA/MBuz/Rz4WGHP,iv:/wEyK51mSiNvviLI7Qvwbo56BddESjvgZGh1ogyqOGU=,tag:8tjXlsVPc6cAWdwRPSWKBQ==,type:str] + - ENC[AES256_GCM,data:77A3IqdGKhEhbOyN,iv:7c8TyFJ3b5oPThHCAiAc1raif4gh/Hn2YeHPDEOuGg4=,tag:0R0EHVK5R+H3O9cpJe7VBA==,type:str] + - ENC[AES256_GCM,data:JmftS8a0sj+j,iv:NXLMRJw4gAeINUGTcjSvb3q/yU7Ii3EMz7cE5+eJToQ=,tag:yaCCvgpodIln9I1O7aXb+Q==,type:str] + - ENC[AES256_GCM,data:MqH0r2Pw0UA=,iv:T+ePgIRDTq0nYGDBobdu/g7kMGMzWgiC+l0pDKsNGx4=,tag:X4zbHMaFUT/aOv4ingK6jQ==,type:str] + - ENC[AES256_GCM,data:Y1ZiJzs4PP9Da3YGGsOl,iv:HqF+4MYHg2Z75Q9bE/Ns03Pfi/mgRdi0LLqy/ACygdE=,tag:hsAjyyuDMmt2mQ4650ZxZw==,type:str] + - ENC[AES256_GCM,data:20mdXGCJjb8yM/LxT1W15Q==,iv:0jBwogrKLyXoKzZMN8YtXrcDVMjY5BW2zgHIX4cGGa0=,tag:LMiS4PuGaRF5LF6p4Lqh9g==,type:str] + - ENC[AES256_GCM,data:wwiTECAHpnrZanKbjlPG+cJ3,iv:v3MgUaKSMyI1YJFZUg5BMWLl6dAWJtJtyPx2w36akrg=,tag:2rWtteQQGdpx86plUEMBuQ==,type:str] + - ENC[AES256_GCM,data:RLjOg/xjFyHQAPpZxD0I5VrGlhNHSg==,iv:l7d4jn+Z6kEF5+gqWICKqKmueIDWn4j+mNmCSh2brsw=,tag:1ns2UKeYIxFRWcR0LlNGFg==,type:str] + - ENC[AES256_GCM,data:DIQZVNf73JpDvvT+RXNYYoA=,iv:mB5keEnPx8xzNzqbfMjtQaeeupqPVzgrX78yLgrffmc=,tag:7A+fZ8VuoK1vGVkKTo8z+g==,type:str] + - ENC[AES256_GCM,data:FY1GzvSytjPfXevtz9HLCIzdhQ==,iv:Kdcv1QeujM0tiwCpiA0bjGRKIZjZXlwZpUyU0aMecp0=,tag:w5KI4+Odl7SAasE3Zu6y9A==,type:str] + - ENC[AES256_GCM,data:ktSX53vxTibaE73fpRSSOA==,iv:9pYjY0V27GdUYT4DlY+NEurRbkzZc7m6HwO6V04lHaI=,tag:T49+/Wk94IQF0DM093gp8Q==,type:str] + - ENC[AES256_GCM,data:x7ZkaTZqcshLt5Bn,iv:3EKS8KSqs+XqzWGi056fiuJ9xr+2fB/QGu1Kj9QHMmQ=,tag:eBBa+/LD9cG/vhyaA4vHuA==,type:str] + - ENC[AES256_GCM,data:/odXSWob+aBq,iv:Yri4skmTCm3s3uvxVhBY+5klHpqWAyIeWxXkUPPJyIg=,tag:fnAa1A9D6g+j3eH6Elzpdg==,type:str] + - ENC[AES256_GCM,data:JZwEmI2xn5SkvG4=,iv:xaJbe+72vacq+OUyoprgbYcv/eP2JiJom2S5zfN/UnQ=,tag:s/hE/Q10qkI7yqYuWXKZWw==,type:str] + - ENC[AES256_GCM,data:LY0hKdyb91MLH+MJbeY=,iv:jFsL0HG6bxU6SnSoIFlzUDUqsz35JFaWUs5F1O6U+WY=,tag:vY+jo6n2PAcQ5i6gxtZz3A==,type:str] + - ENC[AES256_GCM,data:pv6fw7GPumGi,iv:zwpnz6262Mudhh9mr7CdBtQYRbaQdrOPuLUBtOGgVro=,tag:8Dx/4w4dcJT7LHDYE4OvIQ==,type:str] + - ENC[AES256_GCM,data:/B3+YUxMWYc4ig==,iv:ucTxrDhmY1fwhIcvGN58NhqoYqkAjt4idk5hoM/1sfU=,tag:x/lMvOXuGTsgafzliH0IvQ==,type:str] + - ENC[AES256_GCM,data:ixswApJiNfWL,iv:A9Xu9HZyybg1MzNBPh2esyMGoUnBzSLUjnURydN3zl4=,tag:Y323OWVhLafE7i7MJIwSuA==,type:str] + - ENC[AES256_GCM,data:R3I1HKKEtoZE8MQ=,iv:GvuHpqRkdIS8R6gllxPDHQRS4t/DDyPnMSRpGuUwf4I=,tag:32BWz3ZPGnuTPdSjQ5T4Fw==,type:str] + - ENC[AES256_GCM,data:ld++3PuLcEL+,iv:qW7MmIIxvT0humoAZoszXDZ02OncdW3K90B9iqNjBsw=,tag:Eg75I8z4hy6ccOz7ZaGHTA==,type:str] + - ENC[AES256_GCM,data:6TGytI0DRFv8hw==,iv:eU4rctC2wVpI8Emc1LXrWbs7Dj6fyjMHpswDqdTUyMI=,tag:zeyq77DMQJxC5Ja9TJ9Cgw==,type:str] + - ENC[AES256_GCM,data:hbbqRA9Zw4t73/hJcyeA,iv:TDS9ZokRKA2f6DaLtpw6Rt8xzr/KuxRGq58/Xf3FIo8=,tag:/7FGoFY0jLGabKI5+lJnSA==,type:str] + - ENC[AES256_GCM,data:Yv/Ute9rzNMQrn+2,iv:tYTs66D0QjZRKgMqOYU1l/Ztt1SvndQC16OnPevlnBs=,tag:hfYU79M44PUHMWxsxVQETQ==,type:str] + - ENC[AES256_GCM,data:OCkd337cw/O93WqxGA==,iv:eL3OJIx1SVXHKV8VwY3IXB9fO4cfh4Z6VmWVBAi3jZg=,tag:2VY5W0cuol9UNlShcD1STw==,type:str] + - ENC[AES256_GCM,data:a2l+5nkHanmp4my3,iv:5Q1QyjmRfCVV/HEzP3+Wqc5t3rW0fMCnCczaPGh8cTo=,tag:/S4d3HuARXhkIyFAfhcdRA==,type:str] + - ENC[AES256_GCM,data:kMlWLPjq7KuxdA==,iv:M2Y3rsAhoAg+rN8JhgGsdGQzvMfc19/YHRkHR66qZU4=,tag:KMpRLF7ac3/jsILyegIE3A==,type:str] + - ENC[AES256_GCM,data:mKtyd4DHtErjxImBgL+r,iv:vKK4vwDVUuTf8Z8FO381R2RbrSSTyVZjDEC5SxVN974=,tag:jxByS8fFap51D4fczY5XKA==,type:str] + - ENC[AES256_GCM,data:ueEJC4Vy15VhEbrBYYmbcw==,iv:UdJw/kGtvr1cqf4W+tEnIwmYVw75lSs7wZPGXpxrpaU=,tag:jf8bvuhd5pBHz6zWOrh1VA==,type:str] + - ENC[AES256_GCM,data:q+15JFr6j0WsrTIyog==,iv:iDxFBOAjfZ6Dn8UxPz89nfuy7l9KkykTkw/BFpkVW28=,tag:05br3b2B8GHogW/ceaQ0JA==,type:str] + - ENC[AES256_GCM,data:e2FSiaTPSldp,iv:rRKS1gi3OW3LS/2xPLAhhteSkqkl0u4jJB+5LPdLMJs=,tag:2DMLPTy5SgcOf4KKYQm8vQ==,type:str] + - ENC[AES256_GCM,data:lecAaajY3gW3AlU=,iv:eqo6jzFt6ea308UN3xXz+GgXlSHf1vjnUJNsq049gZw=,tag:OPomp6AM0E+EgSnTzeUZaw==,type:str] + - ENC[AES256_GCM,data:HQH7NZrvVsyu,iv:qzQ8am5i4Yd5ypQs63iP/5/+wX+9fCEWYIEUVuohJXM=,tag:vTRoTSnml3ZxO/fEQrHdNA==,type:str] + - ENC[AES256_GCM,data:s57L59J2PxuZmXFs,iv:GHxm8sCC/ngGQHDyzKwbWaq/W+9JD73FvrRlB2as7PQ=,tag:xm5QxtmToHwnJUFtxjWrBQ==,type:str] + - ENC[AES256_GCM,data:TNH2rEY/j3rRZg==,iv:RpysnoPJe1JSBprGO9HYa/NBHe4vMnGUaYy9i5mzCEo=,tag:9NHsOG4HXgf1ZiZvwFdy/g==,type:str] + - ENC[AES256_GCM,data:WYN0ssrWOQT+XeM=,iv:l8GeA/xbWkL9A57XKLDiTZxoIkSScjnk+Vw7Ta1qW8o=,tag:4Gss/3nWllhJbZNzydER1w==,type:str] + - ENC[AES256_GCM,data:gzXP2RCL3WWvg0E=,iv:9d9QuKFmHJEveq6X0shvy2a2/ngd+oyfjZjA7hxDw9I=,tag:0My9MNSlGlCR3NvLWNtKLQ==,type:str] + - ENC[AES256_GCM,data:AlHTgXXXKaEu,iv:qwVsaZheqA5NnlVfvEyUA1BTZ02BR619+Uac1OlsAaE=,tag:FGuV8HV4GpvI+EN3IEMvcw==,type:str] + - ENC[AES256_GCM,data:FJm4lNYWrgBVCg==,iv:US0nd9PobbXKqZUvhLcGk9Xzg82VQ6uRdGig0914Ztg=,tag:9oIJowXGljqCFANQu32/7A==,type:str] + - ENC[AES256_GCM,data:iVHYmV0AWXhpB7I=,iv:lXEbseT9otaoZmkRm/6Oq8JsG9bZ6/b0xJwYCc+pqLY=,tag:WcptSiW2+nHADnAaKmhiZA==,type:str] + - ENC[AES256_GCM,data:W1K7zIJf4/w+Hw==,iv:ZdIyOqoloXNWaLqV1MsWuLrajO4GZoH2JT8aVJibX2g=,tag:kEaAgrAjlJ9itw5Kqxjrsg==,type:str] + - ENC[AES256_GCM,data:fuIvUu3ZXA==,iv:3Uj2E2MZHTEBZAXMy7F/gNsuf9XYcl9QzsUgUtA28RQ=,tag:bRBCyGAhCetNASe8Sugvhw==,type:str] + - ENC[AES256_GCM,data:KFudylJ2ktE=,iv:j8JR7/7QC9rV+NpC5OuVhr+zt5axFpcf+3YnOoiC1EM=,tag:+2QG6tXdCebSwDKsQlt3ig==,type:str] + - ENC[AES256_GCM,data:hnQbf/W2GFwVT7o=,iv:OgGjcaVP+5XLPypOueN+SZ/IuvqvV+ZNE+84O/HUfqw=,tag:b1qxiA2nh4pQG+weUemv6w==,type:str] + - ENC[AES256_GCM,data:85K+aZrBTH32r2PuNT56sIJQ,iv:AJYHQchEfUUgndhuEUzJeo0lZoXW7ITVd2PI5UUHr7Y=,tag:aj+mDU1skIYuIHTn7OTRKg==,type:str] + - ENC[AES256_GCM,data:CoNyvQ4jqTmT77U34t8=,iv:zXLgjE2jEedBxS3N9mIREqfwEJEAoUe8c9gXMUTHqos=,tag:KXVM7LtGI1k6KI3KORbQMg==,type:str] + - ENC[AES256_GCM,data:nHf34IOm7AQBlSSQ,iv:dEClGdw5kefgClLYGGvB1pSbS90B4r4pVXtwTawxbcs=,tag:m30wIZyVjtCinkipUgo7vQ==,type:str] + - ENC[AES256_GCM,data:lNEmn3UH/hpt2jkSXQ==,iv:U78zbaqfgcADB79WCviIHk2e3Pd6uTIZRsCpVQapS9o=,tag:wi1Ppti+kAVcCQu0GGCkNg==,type:str] + - ENC[AES256_GCM,data:DgLyC2QDU9LWPunQKgI=,iv:Jfu5bbOHHEry9D6dmuyT1VoHq9rLx04NReFQkrset44=,tag:2yUdLbBi40SrTLy7PXB0/w==,type:str] + - ENC[AES256_GCM,data:56iO6NZaK2gGtPI=,iv:0D/tW+WjR/0+auRG+6wPLnsZZij1VjXZ4opIJatHyc8=,tag:c4QIP/J5/6tJXsWhxAoM3w==,type:str] + - ENC[AES256_GCM,data:rj3NIqWeWRM=,iv:3GHKGPfb1mmfi2p3dWoQT4/PB7Qxkg5j6ptIsEWnwwc=,tag:JCqio96KNM7bMfQX3/U9fg==,type:str] + - ENC[AES256_GCM,data:buqt1dMj,iv:V4uN+3P9dCeMPs+UbkvjF7w9ftcOjf4l3jnCoDZUr1w=,tag:sUDpeVn02B9Iq5jspoP2Ag==,type:str] + - ENC[AES256_GCM,data:N6fkwBab8xdn,iv:Vf4rlQvQLg8wxSpCcpBau0jKQYqI6aWiN5oTXK5keS8=,tag:WV4AgxQcIvPfZl30tOMUBQ==,type:str] + - ENC[AES256_GCM,data:BllBNC8JLUqmcKU=,iv:ebfDFuWkoW/7T9yCmhncg9WYz1oxqPKYxe11ViuUVTs=,tag:7Ge746oLuc4YDhDGXb9B1g==,type:str] + - ENC[AES256_GCM,data:QKQ8iXSf4g==,iv:LDeKeKYHnUKcG7uNlEf5ZKWDFQRgrLJdJThb6TdB3nM=,tag:IcgXcnoUbfAdTvcW7sV3nQ==,type:str] + - ENC[AES256_GCM,data:ZLs4Vxpu3cIlcf6S6In4eOc=,iv:fZAiAqxgIHS7kmuQpj1vE8FWkz+PVQgRgfh/MwIhF0s=,tag:Fy8Btltg2ggfbm1OVRFRKg==,type:str] + - ENC[AES256_GCM,data:VtX9Eo6L3jKw,iv:9J7w7kzbkgxpgy6RH4RowD+z7ymmCH1MxWTAKT4s+Og=,tag:BQqo9qvipp8I8ppwgmDzCg==,type:str] + - ENC[AES256_GCM,data:RQwkKuJCKot9GZMKp2eP,iv:AAyTjGfLVvqrgnasNfuIkXLxMYD3Dun1JVXgN7YNWk0=,tag:CVtEW4Vl3n+VsDGMh4BW1Q==,type:str] + - ENC[AES256_GCM,data:SiDqSZJbj/7OKVJQMPmm6nM=,iv:pIkqmt/Imd/i/1wMmzN0sxIlt1M+6U2PslIfuD9UxW8=,tag:fv7CJZGPiGHbe/NnGLX4qQ==,type:str] + - ENC[AES256_GCM,data:Uw5CDg9QthGw1W8=,iv:vJj7VBI4Xk/JDCP2W+WPoi7qbdl5iqxUFjecMmZJsx8=,tag:gAbZ9gEtHo0beOaSr8smZQ==,type:str] + - ENC[AES256_GCM,data:CqL/lVrp4ZuLk7VCMZ1Z,iv:BPbsmRbfH2MXoVU1GJTQgsozCW65G/g/DsqxmFeiVZM=,tag:CYXrAnYA0DVHYkI0p7Pukw==,type:str] + - ENC[AES256_GCM,data:QqtqO+Rflz0sghnlzI4=,iv:3yvrzsZDFhnjMSM9DQAp1nqcPfWF028PrkJ3PLKNXCM=,tag:PlynqTwcwNwrzOAn84XZeQ==,type:str] + - ENC[AES256_GCM,data:hJKJINn42mQua9HhKYI=,iv:N5XhbCdvIk3VLgGljw4jOg/a/jR5JoDXS5W+q6dsjhI=,tag:Why1CY2379aiWo2MeVzMbw==,type:str] + - ENC[AES256_GCM,data:6Lor4TIShQ==,iv:s0OXmnIIdjreKNGiHpZ7h3N3n4wXrUvnZ2jUrAzW+ck=,tag:tPce3Kilge+mcx3MXICadA==,type:str] + - ENC[AES256_GCM,data:Ekl8JhbY4EU7uDwObhCc,iv:2VKaS5sBdwC924CS31nbuHXp2suhYaf6f4dFHkkEMVY=,tag:nYLnqEpTaxu4k+YVKvF1eA==,type:str] + - ENC[AES256_GCM,data:8OwGPon0MNlsBs0P,iv:4hKNuRzwOec+kTyumcjS87AxTp2vS6Hg94iVjezc8Yo=,tag:UVhDC31yHgDkXqnoBOuN+g==,type:str] + - ENC[AES256_GCM,data:TjCMeSESwV2upjtJpCQ=,iv:ogS/1s5pyOMskXRAZjcqOtp6vhOSS4ghE9VySh8NrsU=,tag:Bs4O9v/6stfD9eo0w+TAgg==,type:str] + - ENC[AES256_GCM,data:fxWcnBToEKEh,iv:afRrbl5S+Z6jfKoENUBCIpog0QTRv7o0IAcB/ISZ944=,tag:HoPT8QJ/C8dKI/oHoOTLdA==,type:str] + - ENC[AES256_GCM,data:We0lyUVRITi/,iv:debv0FWafxBQHKk41vpssdZqVUERVpZhXy3Nm2n8suE=,tag:36aY9cCV8caObbOXKzqh2g==,type:str] + - ENC[AES256_GCM,data:QcIbGIZGC90=,iv:ChTF32Z7YL8yhK4rBFQ37yr80TDme/wys53VEvaPIzA=,tag:R6rR/utdjeKjY4eSzXmYTw==,type:str] + - ENC[AES256_GCM,data:nWxSpbryd1in,iv:ZNeHTW/inh0/r4e1Iq3hGPkqPWWd+AH0POMUGTEorAY=,tag:ZQMloqwp7mKasNB4rdieYQ==,type:str] + - ENC[AES256_GCM,data:B7Q6t2F+un7Fy1tJjA==,iv:6qOHegWcyYdRNLrKlL8hugy7FYTJuaHsFG/2zgBboeI=,tag:kJ3xNmqFIVplfcYff7K9aA==,type:str] + - ENC[AES256_GCM,data:WynvETftqUUKtNA=,iv:nquCIg1qMLrzvFxq/xHG4lnYLUr3MRc8Hzj7bLnE7Lg=,tag:jrKanh8Nukaq1AosAXkqLg==,type:str] + - ENC[AES256_GCM,data:B0JT2LXxz0Sp5w==,iv:MuADskj7hwy7p6Okj923k+kwzGfaMh+HnBzFY0TbY1Y=,tag:yngKe3ewAqV5GmqA4O002A==,type:str] + - ENC[AES256_GCM,data:AXuixyCGpcqN0rZMlDd/j+E=,iv:0DtT3dedwSbLWrXuQB1yQEF8VClSBC6Tq/fBFcMnIPM=,tag:zxsqNoaDtl8KjMcw7YW4ew==,type:str] + - ENC[AES256_GCM,data:Bc6Z2BDaLgvnRbI=,iv:wKCf7qGyZihFQveXu0gek7DPZr/UnQfrwSUCSurrYzI=,tag:nZXjj/suIzVbFgh1ue2wdA==,type:str] + - ENC[AES256_GCM,data:Wop/RR6aCx80MTc=,iv:zifivntFsR9FyhCZ5IEPMe3xju8uJLqIbQOrA2GOpZs=,tag:IA+Fl0RcHCLiAW5s5Vw42Q==,type:str] + - ENC[AES256_GCM,data:GGvZJgzYppJ9lQ==,iv:RBxmmdmncm2CTYUtacN56K+Taxdn385psGjxHycR0b8=,tag:yWGHbSIMzpR+mk1MJWyxwg==,type:str] + - ENC[AES256_GCM,data:0b9Rz+vJA5kZ,iv:ycl1/RSd99Ve6Wd2W6okEbKoVsKHU8E2EWhnmXbUsgg=,tag:MMG/xehldZ/FeS8+XNF1bQ==,type:str] + - ENC[AES256_GCM,data:aYk5oSJE0Hk1Yg==,iv:JZvv5msNolI0yKXJT1rkBE9GNeYCyo3ILV5u1T9/ZTc=,tag:/5+38F0Xf/ilnxcY7M2fNQ==,type:str] + - ENC[AES256_GCM,data:tA2L6UBbb6SJEeOBcQ==,iv:umXNYnIGMWew1DEJOE2GA+SW+mAH7+ZPbQwAoToPsIk=,tag:hWvM16Gskv7RabeRuUySkg==,type:str] + - ENC[AES256_GCM,data:lap1zSL9N2MbmQ==,iv:FQ6FDF2H2lfGTofOhGsYpdZuPTKXvoCCeLPSxu2rc68=,tag:5se9ClP34AaYdIgm8KTPIA==,type:str] + - ENC[AES256_GCM,data:nVU8FewePw==,iv:PCsSFm/GhA0EoFHA6PvL3MQmQYWFu7ROIFNsU+RTqfk=,tag:1SZpyz8W+842wSRFXu3Alg==,type:str] + - ENC[AES256_GCM,data:Kw2ie3S0j/mD,iv:EOWa/dTTXVMTi9YYVy5n2ryqUMe4OTOY46xC13UMUJc=,tag:y2yNUmVXf/Ub98bBQCv1+w==,type:str] + - ENC[AES256_GCM,data:Jb7QHGHq/Q+z/N49fdpmEg==,iv:Kaw6BaY5yr4pbW9zAHayrxZjAWZ4Klgpug8XuAdznm8=,tag:S1TPuTG7L+mdzDBfaUMS0A==,type:str] + - ENC[AES256_GCM,data:lEJ24Ap6/+Td28xLsg==,iv:2UJxaGGnyK01UiH7cqyqpd1kIOx6muemL7i9wg1Ir/8=,tag:pZZmlb/iJqELQByJb+ANDQ==,type:str] + - ENC[AES256_GCM,data:2dvbKLJN4yrYN4gP5g8=,iv:ACwjc2UuJI4F4uS/QUW7tz4XFyCuuPJJ0wDVtPe0hqk=,tag:HztspWyDmJYW8qNnvmKPMA==,type:str] + - ENC[AES256_GCM,data:LugU23ll8YkKTAK+o9ik,iv:LkDZ2+kd/TpTdExq3pB7IokZ0t2QwWolzTJpyUHdBaA=,tag:x7ZJ2Kj5SDTrORCmTuQyTQ==,type:str] + - ENC[AES256_GCM,data:JMhTrZeAm8o2iuVNiGrO,iv:b5E6EDviPwKMunh8TlgAX4lSfBH3NifNa4WbuzoIh5U=,tag:l8/BEh7QzU4Ope1m03m3vQ==,type:str] + - ENC[AES256_GCM,data:uBS4Zl+Lha0kZI0=,iv:KM1SC9eqLeLykFISSljjEoSxHc/vbxjuMK3mFacaTYQ=,tag:4OvUATIdGyQO6E60VNgvUQ==,type:str] + - ENC[AES256_GCM,data:Ca2ilzVLQjurN58cB+4=,iv:QYF2z83L2bz7DakFkvdM3FV6JeRArPLmHzw7qDFqS6w=,tag:O4krKZ410fGtZKeyZtCAkg==,type:str] + - ENC[AES256_GCM,data:V4VYt3D3Zg72tg==,iv:bF47eQSOwc5RIr3P/k9qVQHtvk1cL4GFGPTUKa7p0eQ=,tag:zY0zGSPO/NhCAqwRIPda8Q==,type:str] + - ENC[AES256_GCM,data:vLjP0hC8PHFolA==,iv:nRJi8EEXm4yCb85mMru7uOA8sW/atrdL32wtKt9kI2o=,tag:G+dYY7VDlE8qDYQGLJlZsg==,type:str] + - ENC[AES256_GCM,data:+11RIi1UcbD0eFzZYA==,iv:OewfJOkmJytfHLkrFVvLQ0tBzhBUiPqVjD8cRhvGyIo=,tag:rtICl+UOD0ZLoPiQ+8w1gg==,type:str] + - ENC[AES256_GCM,data:nLHWiQ89YE0JsL8VXBQB,iv:ol5f0fvOZKLPPObTWynvpwIFUPxq5SJjo5fnPx4UQH8=,tag:H+hnE2oelZrC4e5mLtQEWA==,type:str] + - ENC[AES256_GCM,data:21ekVhVoSlStMpChcarKuTT9,iv:1ojH04gSzEzF/sq+ohs0geBJl8mHIXxlzUlggg9/Dl0=,tag:yxYJrMB4voR+NxeH4VX6tA==,type:str] + - ENC[AES256_GCM,data:vuBSVtxRuCPYOeq56fou5Q==,iv:U55YqYJgxuCBlFXkx99D5MbqK2FY5m5SkdWydtmDZRM=,tag:clHwvOH7mfwAAu/s/PRvXQ==,type:str] + - ENC[AES256_GCM,data:GxpPVWWrz4pxOA==,iv:JGLzz6hDHuZBhsZXkhJOiRMjJzQB+GKI2X/glnQ9CQ8=,tag:kf0PNtLI+LJH4xwfgdgG5A==,type:str] + - ENC[AES256_GCM,data:m2TEXty1+L4yImMDc2si9gqvLw==,iv:F2cYh0Yi8bZyARGxeXY8Otcdoyuu77AJbpK72mkHnLs=,tag:JudFO84wa0olctKiBGei5g==,type:str] + - ENC[AES256_GCM,data:HARZXG4+eS3mkYV8nEmaCvf/Lw==,iv:voExxZFO2DNXErnPXJTnxDsROBszZqtg9SNiiLUSN7Y=,tag:tgEuoLg4jb+w6zNFAULWyg==,type:str] + - ENC[AES256_GCM,data:siOzSqCdib4smj1x8Q==,iv:z87CoOiLAFDyNHQpgpTYmf1JO841/piJS8KSuw3rO0w=,tag:9AY35rWeX/CumwOGFpwaGg==,type:str] + - ENC[AES256_GCM,data:iiMU8XG++h5E+Q==,iv:T6431gV2tleguDZCTZmpjLFTgC0z14nvt3XJy8hpkU8=,tag:5E9f5pBfNfqux1XBmfJejw==,type:str] + - ENC[AES256_GCM,data:2IXUiQ05Hr+v/8UitHpjmp2T,iv:H+uJrSgLsv4igBvev2HTqeAKNpFg59dnxyvjOsEgQgE=,tag:8Im14O+r9R6PzBHDG/ZqMQ==,type:str] + - ENC[AES256_GCM,data:vqkXFfHY0ESWFHZomCnI,iv:j+rV3UZqGbbg7WcPW/Razwvm7qdukdS4QQLks6f5KuI=,tag:45xworwq/RIdRg5Twkis8A==,type:str] + - ENC[AES256_GCM,data:SJC9llQs+jfRkInr,iv:YfeE/uYZ/+STE65kmnHvk+PPRfVpJI89EBFPwRXcItM=,tag:o66zdDamq3tGA2AwGlwlmQ==,type:str] + - ENC[AES256_GCM,data:A7i3ad3/OZh/DA==,iv:NkaWUoP2AzJkrr3S29I8tblUgbD0fa8TnSmcdJvidxI=,tag:O3JsH6Kqu/fMkzXbAGgeTQ==,type:str] + - ENC[AES256_GCM,data:/wIsh/CRL2UZC1+s,iv:WW/1ywale/+8uHMbfH1jeL2caGq0SQvrWdDytfKHNA0=,tag:tuWjJ7oU9n8HUlyxpooPfQ==,type:str] + - ENC[AES256_GCM,data:VzyDLs8SLQ==,iv:trjRa6fpzm/t/zQdoKSFuLzIU/bSBtheV4/BTN+rzMQ=,tag:wT/v0pKo3B5Evqd3h56/Sg==,type:str] + - ENC[AES256_GCM,data:TFgJSC7o9jDT68o=,iv:d5UM0H4Fjl6jVQQCUS/ATVOMP3uSISEAB3FB3KY4jYk=,tag:V8ydyr4EWJvOUnLZm9TnJw==,type:str] + - ENC[AES256_GCM,data:6KQZFzbLGQ==,iv:MYIut2uxmXVkdHoeFBHoKb6+EJ+Jevu7x0Fcy9jIwrE=,tag:a5UfdCTrzXKveGhYKvuYlA==,type:str] + - ENC[AES256_GCM,data:RwBPI6MvXQA+s5Oj,iv:EkMn8iiSP4QD2Nt34Q3ak6Ei9HqshyoWPf+3fcPmkjA=,tag:HB7WKFgbpV7BCof7h2FA7A==,type:str] + - ENC[AES256_GCM,data:Da0on0rE8g==,iv:ZH0TiPYejVnK0deLBsCydktkmpAYLcmoT8T/rOvoR0o=,tag:qelQ4EXCZTV+FwJbQW4ISg==,type:str] + - ENC[AES256_GCM,data:QNp68/6CqOmp,iv:RvyWK3H1q3I1ix1k/mML60r7n6m+4UauhIoCNJGLQMc=,tag:hs5TQwUSHwl01jesZhbfeA==,type:str] + - ENC[AES256_GCM,data:j90oGHs+9cy2xuPX,iv:p5iBSvbCHHqBdx3OqeY4XNTWj7QVyk7LvGS8gbk1GTU=,tag:NRu3JQjdUhJCM3Qt7oMQJw==,type:str] + - ENC[AES256_GCM,data:eg/5upPw2G//QA==,iv:jUHmLCjyk89cnYDQMUUpDisdVmoMEZPOTUlYZlqPs1A=,tag:Vu9rLHgB7/tzNbThPGtpEw==,type:str] + - ENC[AES256_GCM,data:aqfbp7o4OKVQx9k=,iv:hxJTKSQq/S8LFeM2+MICfmibOWr9pFqtT37uqHBMa5U=,tag:AlzsBvXyyrvoAuMCqlPcfA==,type:str] + - ENC[AES256_GCM,data:RDrTmmEce6DX1VJOSA==,iv:f3cMsuRWPcSqV+6T5CNc1pyzMjkvJ9z4vrKxgQVT4w8=,tag:AUaBEpJPkQu4nles5KaCUQ==,type:str] + - ENC[AES256_GCM,data:HjDjqCPbpLuGnx+D92w=,iv:gpCHA+55GuuYBjyPJTm7tP4OD3Da4wFbs54BXLBjzfA=,tag:2E1fULzzlQQaAnkpOhdzvw==,type:str] + - ENC[AES256_GCM,data:0e1M27dJFF9y9w==,iv:u6BxDNmsnIDCqpP1Vmua3v8pPbB+WOa/C9jW5cBW0hM=,tag:IEIiMEJSUwxxT1BwtnUH/g==,type:str] + - ENC[AES256_GCM,data:CBZOBE7PYX4=,iv:40le+ns6mkZ9yz44PsMo7bPzfO1btwTnlmLFmCAkl5s=,tag:hP+jWPWZZO/an7rvuMwhRg==,type:str] + - ENC[AES256_GCM,data:/ly3B0QoZx4REmPmyg4=,iv:Hy+1ACRbOr5hmpkpbRIDcxn5ebPIrotj5cIA/Xyqsjc=,tag:BsiWUKpI+lLEK8TJs5f8ZA==,type:str] + - ENC[AES256_GCM,data:4RVvuR8Vh4Y=,iv:EwXA+lB3aftTj4pZB37m2omwJQnVwM0sHphMQ6h1UeY=,tag:LrWWFmhEIOmQpF07j2FuZg==,type:str] + - ENC[AES256_GCM,data:dY06VIBCGOqhrg==,iv:bmkRibsfIoax667hqhCPmOBRmzNkY6EYJP0QEIq+rp4=,tag:VTjodKfTdoLxAANhpvHgzg==,type:str] + - ENC[AES256_GCM,data:GozUPKI9gzAwwRxSvF5THFI=,iv:ll71mUXqU8cijNiiPoUUcw4SB3BmOAsVIFccUdmZSmw=,tag:M5cI1pvrvDgFTv8MaY+hbA==,type:str] + - ENC[AES256_GCM,data:qsgq8W4vmA==,iv:xP/NuknTdiERjZ1F35a+5bjUF9zjaygiVTtp08+mZ+w=,tag:5FCLDPwazNBA/5qqux8pBA==,type:str] + - ENC[AES256_GCM,data:eT0A7wgebZ+d1HlJ8xo=,iv:Lm9BWI/6MbF9SPyHVtJRBPFWeOK04G5ei1K3s/fxsvc=,tag:06NnXJDg7DBnFLT/AKMUGg==,type:str] + - ENC[AES256_GCM,data:Io8ep7i8lH+C,iv:ZoyEix+rqLYj1Bb4phpRQg9wAsmdugPnapWPQvCw1mc=,tag:ggFt7qsGL6Hg9uu7gl1new==,type:str] + - ENC[AES256_GCM,data:6dyH0UdrxOuP1mQ=,iv:W/nYwdLMlWcQ8dMEv/eb+BL+Tc+HK7RBRmDott66oV0=,tag:H4OxHSiJT42l/xE2tUi+PQ==,type:str] + - ENC[AES256_GCM,data:mIzTWPIeTlDVFg==,iv:duw1APdfaf80Rsn90eyw2x4s0gDhW75TyEfYqbl6ApQ=,tag:nADQ0fliA8oh3HR6bgt/iA==,type:str] + - ENC[AES256_GCM,data:NLVfF511Pcm2JTIoL9AH,iv:zig4v6jR9oiYcK5x09j7gGZqpJcARVWMdJV1zi5Z6oc=,tag:ApAa4FY3ZBtHqtMTBfFIfA==,type:str] + - ENC[AES256_GCM,data:R+pILRAVH+TMxT0K4bKg0u1C,iv:vRSCI9llJpoR1D+I7jNsPEpMafl7aex55VcXDQCYmg8=,tag:wibyOWJeHUoOLLzp0yZJvg==,type:str] + - ENC[AES256_GCM,data:cWsBDjseE5KMyA==,iv:gBLjN0cvxz+4LiC+6AE/zfOwdC2kZStoviSQkWN9l8A=,tag:jNwwQ1Mm7xJd6663Bijzlg==,type:str] + - ENC[AES256_GCM,data:a/Gp5z734tw+,iv:3B+mKwC/vRgg3Ng68cjqsU4DcYRntNVoxDXsr0UHxAg=,tag:SNYdz/K5GHTVjFkm8lhjEg==,type:str] + - ENC[AES256_GCM,data:IhD1WbUTR8GHxETLsiywHHA=,iv:8luYbrBGxMm0BJusSwoUOI/q8mknmJYUVXEzuOz/RU4=,tag:XN1OL+HlKf36YTzXs1uu7g==,type:str] + - ENC[AES256_GCM,data:yzdE0p4=,iv:hUboXNuzuFkUo5alru6rOnP4T30wH5U6ZC6AbziWFB0=,tag:r5E4w2UY3WA4Dzuxf/lLNw==,type:str] + - ENC[AES256_GCM,data:EWq0fhDePlPhv2w=,iv:KhprPgFJlTVFBZdDxXhW5wnNv4Qj8YZWrnZXc1iTyZQ=,tag:rOXAvKIkMKOM+nKCSZSrOg==,type:str] + - ENC[AES256_GCM,data:adAmRRuEG4/u8YMQ,iv:2Su9ifDWt5C5Gjt2IrDfYZZJG/9r9VpdqcGRtjPZXTs=,tag:1S40knbgONL//R1Vgiwq+w==,type:str] + - ENC[AES256_GCM,data:L7h9YDgoQXhKITeY2g==,iv:7fkx0PlaSKnokQ3OKv5KTC7Dc+TOpRBxsyTwf8G4lNA=,tag:+LT7y6bPS8r1T7wjZBoLFQ==,type:str] + - ENC[AES256_GCM,data:59eqI+uaDsg3Ow==,iv:1brgLDy2H7bpvgRSJKWLNl9yhor0QwIdzfAdcG53KRo=,tag:6xj3TypQ2Us02/XHL+9FPA==,type:str] + - ENC[AES256_GCM,data:maA9jFD4ptociwE=,iv:2Lt0e/CpjZ3RLPbK+dcvP7F+dStrVnkHoJts9gBpCUQ=,tag:pJ4bRSnxSxYlcVxZXbE0zQ==,type:str] + - ENC[AES256_GCM,data:GgzfaIWY5gR6kg==,iv:FIWrSOQLcCr5uxWlv9sqXGDQ+WRUJtpJYPOPHmQjpY8=,tag:KMJRLxqyTOrrzIzMwuzhBQ==,type:str] + - ENC[AES256_GCM,data:2od/g75TQf4=,iv:XG5Uf67IwzDE2dtSGeGAEFSYD4e1+WUug4fYwez59Ds=,tag:N3plVjLkYlKRhBW3xFHi3g==,type:str] + - ENC[AES256_GCM,data:yF3FU8Hn3F7Z,iv:8YwSjP9WXlWQU0yWVdZRDJ8aezeHRbXx3wh/Yyef05w=,tag:CI33O+JzKdx5owIRYk2Npg==,type:str] + - ENC[AES256_GCM,data:SaXpJx/J,iv:JeRkIdZZH5nN1m6hCSUzquL015OxNN3twUs/mj9tGEA=,tag:MVMR/sGbCIA7an4ytYtlAg==,type:str] + - ENC[AES256_GCM,data:n76/9p7d,iv:8ZxnYYJGlzyccIFF2yEPykkjwQ4qVs/VbdXFReoLzas=,tag:jfe+VqGX/UKRexsRNYtf9g==,type:str] + - ENC[AES256_GCM,data:5odgK4M8ecp7QItav6A=,iv:ArhS5J2ajeHY+a5iItruY/LSHhtqKaviz/csakB2hM4=,tag:cwVIw7+x068dS+hFkel98g==,type:str] + - ENC[AES256_GCM,data:ia4Nn+nvbd9d95mb4LA=,iv:WUJDJJ0aeN5iBK8ORm9r1HqV5rSw9RV4+v2hSKHmjKM=,tag:kId/MUR6yFRh7rlqxmTk7w==,type:str] + - ENC[AES256_GCM,data:p5CKkCNH6yipiKMCi3E=,iv:WIrTtpxo9zfEffTm6kOQLpetIlPO+dwxGdpntrRDZTE=,tag:KbkXtye8PKUyTa9rTFy6aA==,type:str] + - ENC[AES256_GCM,data:xxGRMqQglrIiAbQPOJU=,iv:IuYib9OhVBrQDxjf6iEhmlSPDTabQeHHHfbgJ8WAFQQ=,tag:bhU9s13ouwhpj6GB05mtEA==,type:str] + - ENC[AES256_GCM,data:Z8rT9o7HiUZ9MeUqH88=,iv:6AB6HwIA2HRXK2w9QTbelGf6AHSpWHcY7OtEJpjbuSo=,tag:3Zz53lHX8xgtmoS8RARIbw==,type:str] + - ENC[AES256_GCM,data:gL+Hem5sRXI=,iv:lwwoeC1kTfCTC8gURVGjQU9l+FEJwEGkFAZ3TQRRMyI=,tag:NKYH2AC2M723h54S9LweBQ==,type:str] + - ENC[AES256_GCM,data:Y8v3uuo4NE6n,iv:J8BvU3xuzAtJM6cbbppGMjqB+oVe6zSJMnp1GW24WH0=,tag:CjWX4WGQqP8aAVVGnOCmHQ==,type:str] + - ENC[AES256_GCM,data:HAx7BEzCejRKqA==,iv:q4HxKdC+mI3ACt/gBK0TTXsCX6udpttXiFXZIW7iuLE=,tag:aMXsq0j6bngs2vGa0j6Zrg==,type:str] + - ENC[AES256_GCM,data:EyrgIWp2lmP6aK68iB0=,iv:7kxAEEttE6Pg1RgfEhBrqK2Xed2WdPZSC32cHoD5nxI=,tag:0krJMVxZA2MSkLyZMgbZvA==,type:str] + - ENC[AES256_GCM,data:LlvThfLaG87bzLl+gw==,iv:z113VWb4Hk9hQAx48lACy6vUFvD63W/dclCUjB/pvhQ=,tag:qfnWC/BjSp+UYbXMj3g7GQ==,type:str] + - ENC[AES256_GCM,data:tBZk8gIf+4mz9TMSXg8=,iv:20sUg1v9jheHZCaHwNFx58NNYR9uGDQDjGGNd4MRuRc=,tag:yypd4+chMd7zBK/9kWlb9Q==,type:str] + - ENC[AES256_GCM,data:5msEgArAjcLezbyBGMk=,iv:Jf1J64i0Hx1rzRwB0lQPNa13bNeAzKIfVo+LQ/OhMVw=,tag:ocvqwyZzhDhqmXwPA+cYqA==,type:str] + - ENC[AES256_GCM,data:yASAm9NcMDhlDQ==,iv:zCHJ3WPe/3b9dmnmvmi4Egg31ClLfb7lYoio5VkLemg=,tag:x5cbUdewprTrvGHLf/pK2Q==,type:str] + - ENC[AES256_GCM,data:GYbCE8Zc/c709DE/4w==,iv:6y3Po7Ybr9u+Xxx+egHGpM1ODNJNuCawZVTx1NWciik=,tag:taRFtjP9zO8OXnfE6gZD1g==,type:str] + - ENC[AES256_GCM,data:hD1ZKKIZVV/nZavwtQ==,iv:9Wzd8q2jcDM71mYwWChSx2bElC2S2S9BOluDF+HXvDE=,tag:8lpVWV9kM4wvfzgF0RdE1w==,type:str] + - ENC[AES256_GCM,data:5V8zCncpafbITnG1d08=,iv:bwitvZ1afiSruvBynuB3pCptXCL+twRTr57TTl+3PjM=,tag:+NhFj37PCHPnXKwIlEBCaA==,type:str] + - ENC[AES256_GCM,data:xLE62zNIRQOoJ30=,iv:Zi/v6ROhU2PT1sESxVJJ6BHYpXSZJKdimB00cdGbkP8=,tag:coUJdFP2RDhF9gx+n8mu5Q==,type:str] + - ENC[AES256_GCM,data:PfqurFA/JxYCq0o=,iv:Fs60qaihESJcnGeArFdD5IpLFFgMKqFBbd0Gdh51k2k=,tag:x0dT0FWLdii2RudodOoqVQ==,type:str] + - ENC[AES256_GCM,data:KaZI1sEzMMkFJlnzhQ==,iv:xkWLLaysUrMH35D2vWb0w+4JGEkDcFi9pj7cXF6laa0=,tag:hEOazqKoj4p/yjmN0iOHDw==,type:str] + - ENC[AES256_GCM,data:5itt2od7+YsOsyh4Pvo=,iv:JTit1SAarsLUWC+Grlp68w3qfUxeyVEF+tEJBuZ7qII=,tag:RkleAMz/33++bl5wvGbrvQ==,type:str] + - ENC[AES256_GCM,data:OWWK79kk399u,iv:lObT7HUAXXX0MU9F0B1c7pNctYaaws8VIXUH/Cl1eTY=,tag:1sGeKpHLPk6609+vsdelmg==,type:str] + - ENC[AES256_GCM,data:OU6CKGZwBfkcfdpxU9g=,iv:vwdcZf8Lhk56+A2X7En3DvE/6hO+LOO8drNi7FcUNn0=,tag:mEYADsDkzQULwX1RnBMOxw==,type:str] + - ENC[AES256_GCM,data:PPY8l9+9mg==,iv:k/LX61qrWCh/CMt731uOaB9UV4apMLhkezlaMlpzBFU=,tag:G0PAdtclue94Z+DHOUVghw==,type:str] + - ENC[AES256_GCM,data:tnTP2ymBc8fMXLdRXwkL,iv:4r7xfAEolUxBqOmVk6f1KIeAgFWwYblrOPYz3kWOLAA=,tag:lcYNV80JAh92fslSp1DiAA==,type:str] + - ENC[AES256_GCM,data:iDOFO83gnWB40BM=,iv:6vm1RK7BOxF8qaOCcPe8P05g1ZtY1Sy+N0S0dReFs1Q=,tag:cmBc5lZ+mZR+bJWoIUBTUg==,type:str] + - ENC[AES256_GCM,data:89kk9dvU21Gmdg==,iv:XQet+dNYUr3N/0Xp5D6MXL2v4w9qzKJ/Ao6ECx/Ytq4=,tag:W+H7PqBya0l8nGSIJPL5Wg==,type:str] + - ENC[AES256_GCM,data:TLSMa1/roD3mVMfpZYbPoQ==,iv:uW4x/F9zJv0VOpEreccIojhFy6IwbilHnNYLK/Hs2+0=,tag:WdRPu5tbDhwkfI6e0AkMUg==,type:str] + - ENC[AES256_GCM,data:XlovqxyqwIxX9g==,iv:58obtr4oDtCv5B7ArKjCmbuRIO8xCBQ3ClVq65/2AUg=,tag:knX2MqyO+zYeMr486vQ1fw==,type:str] + - ENC[AES256_GCM,data:byfn5F0=,iv:68t3de3tSUx6hU0y9wILOoQpHAld9A2igTmmuegXBaA=,tag:c58F02VlMjvPV81elMVLag==,type:str] + - ENC[AES256_GCM,data:rLr1METjrA==,iv:X+OKGKoJbZKW8ivQZJQtfJ5/zOQzsbHfLekDt8a9VwU=,tag:VxXOuFSn7epkzpXNFomruw==,type:str] + - ENC[AES256_GCM,data:0bOdQI6EQpEuhOCfjAoiTxWMuf6HMgxz0i8rC9W16vwzjQE=,iv:Zm98KG8a7s5GwfOFbyb5HbBV5ztlzL6b6RkSIB9jo18=,tag:GXER4yWvvgIpVhOD06qVpA==,type:str] + - ENC[AES256_GCM,data:W+r/5i7NiLY=,iv:Fme+EBgy0IVPdINiFcFv00zcN0gyu0drgp510spw1yE=,tag:hlchlN53MlcrplpK+IT0yg==,type:str] + - ENC[AES256_GCM,data:h7ir7migtG/KNfUmwggW,iv:yFgavGCd0vV0ViunxeZlxwUYe+DQ/ZZilrtVDu33LFs=,tag:vE/kd4YTaMsh4mI9GIyq4g==,type:str] + - ENC[AES256_GCM,data:3aPAUGy62WkYm1zQDq4v,iv:XUhEsWjMGAtO5oX2qrEX7BfCgmDVZjh3jgf6ub+OrBg=,tag:gavpRAK3ZLV0/gnB9QN4jQ==,type:str] + - ENC[AES256_GCM,data:Zoi++4l2uw==,iv:W2AHqLs75hHXgow2oaxZpUJVa0Ema3JwmUAMig/g7yM=,tag:XPnRhrqkLppp0+3u9j5X0Q==,type:str] + - ENC[AES256_GCM,data:hi0KGOCbtr52e7nHPVI=,iv:CgufMJILHPdcH/HlLMnSW/8+dGPiWA//eMAOkzqnBno=,tag:YKHojZ2XGd+IS7ftuDvHCA==,type:str] + - ENC[AES256_GCM,data:LGCwjGReA9ZHRsCJ,iv:B7uJrSUaqymt170PwlDZoJHN8iV0TlDHwTxRy2dFlg4=,tag:9LZFSHC99M0ObunMVxoylQ==,type:str] + - ENC[AES256_GCM,data:oLsJoT7HjRLGuAx8,iv:8sLX5lR7nEcjy+1UH7z9y6Bpj9GY3ozT0tXOpJCA+ZA=,tag:qTf7IyZbMOzmdAFVvPcHTA==,type:str] + - ENC[AES256_GCM,data:b2axU66jWw==,iv:z3O8WLUJ2rKMIbspfCcickmQsBxjLPIRPJSvWNlRPFI=,tag:aHhc9k2e1qObxkJsKJrbfw==,type:str] + - ENC[AES256_GCM,data:sMzQxXABhWE=,iv:PulQ7W6O9S/btmyYKvvydLXnAfXQJnfJgpgurZVY2xY=,tag:yOlDz68r9yaOnVDvyshVfg==,type:str] + - ENC[AES256_GCM,data:ZF4G/ypsV50avw==,iv:PNO1LHWpnFwMKxo4GZLtw+PYhPlGKXa63mDx3OZhgG4=,tag:HlQGXYgRrw3Xf92ZLkYqjA==,type:str] + - ENC[AES256_GCM,data:cnLkkJjG1Ok8,iv:IptZB2aEc9t0yweRsii0tmByLt4cPm9lPIiL1kPJGsM=,tag:p4zaM8hN0a2u+vROqFK7hg==,type:str] + - ENC[AES256_GCM,data:eaBEwM4ruhyp,iv:Qp5NAnx26Hdi9UgromRDSmBbqURLLMKW2JLZNI1HvEE=,tag:bN2SHggeDsGJc2N7NconJw==,type:str] + - ENC[AES256_GCM,data:2V51gFvzCewOrbGmjo74,iv:BaebxMVJYGAaGWjLOT0FTIw5u+Wf5F1pHFLk3ZN8emM=,tag:4D1S4eP6jmqLHvo5dsASOw==,type:str] + - ENC[AES256_GCM,data:TKpkjbjUTjE=,iv:zMELA2ZVI7R37/9WQ/n5DaH4kVDrGtpYxNzNcbrgXQ0=,tag:WS1UgAqssBM+Xwp1g/X18g==,type:str] + - ENC[AES256_GCM,data:Ulwm4bt2asU=,iv:RD00Amep4CYJ1+u3NTmGx+QDlJJDA4RIJkbR8Pwaq/0=,tag:ACtt3atAT72O2FlM1tIdzQ==,type:str] + - ENC[AES256_GCM,data:vdCN8vFmJfSLIbk=,iv:N64gR9nEouMkZX4IZjcru1CgyjjsWqp7OkC5hwR3tHI=,tag:v/TfU6c42w6ZszrlkEJ0Cw==,type:str] + - ENC[AES256_GCM,data:3y/FUaabBN/g,iv:iZHULFQcaLybxzuygkE9l8m5z5nElEk9ndVvvRUXdUY=,tag:XgmJNMLuPLXUgxVLOEbRNA==,type:str] + - ENC[AES256_GCM,data:dDp5n93wsFA=,iv:A0J9UpU6J8tbiT+q1Bn/VBo9+r/HeqyatfW4LUJUpw4=,tag:HJtLWVwyHrjfLvE+bFLnLA==,type:str] + - ENC[AES256_GCM,data:ugyAtGRlCSEw6065nVZkPA==,iv:skPcdY9UtxcOh50ofQrA173NqRGC/P2+3EevhB5Iago=,tag:BNethxC0p1qe3Turl/x00A==,type:str] + - ENC[AES256_GCM,data:b71bVGd1DJqQLV4=,iv:0WPshiM2fDMJX9bOnA4ksXJfPE3HF8QUsiNd+Vn9ffo=,tag:18bYvXY0W6dkodhs9X5/yQ==,type:str] + - ENC[AES256_GCM,data:fa84HILANZUNX53l3E4=,iv:xA3LHb/684wd2bNUPPeOXFghHt6KXrivX6K+cP5/qQA=,tag:0oVoF9mEsLAvd8gabrV0bg==,type:str] + - ENC[AES256_GCM,data:NX9oEdAC6tubmvPW8g==,iv:waW6jiPl2RCjnB83qhd0frVG6aXmw7C37nnUsd5TknE=,tag:cw/qQjMsbHgyVEzFQ2DJBw==,type:str] + - ENC[AES256_GCM,data:AvU7Qs/5QBAZzQ==,iv:0k0in7w0Q+M5crY/Sx8ZAfe2swoBFOG78I2CY/A8fkA=,tag:Pr9/IL0SzQCUwNIVUdZ8lA==,type:str] + - ENC[AES256_GCM,data:mNBBN5EPE51tGQ==,iv:nvKRW1G2X2GctSYlWLDDhohArq6bBbthrs+LxVNmaA8=,tag:1i8VAkI7zxgrnYt3k3Bf0A==,type:str] + - ENC[AES256_GCM,data:diK2cnoZtgddkA==,iv:xzYY5i+Dp39aEDg0Vae+EvClWh7d1MwyQ4aHO/rMNAA=,tag:H6iRcONTZSidh4In2Ve69g==,type:str] + - ENC[AES256_GCM,data:4S0Fg2WK3U7zCbA=,iv:p01LLb7E3ftsTQtY9bSqDHS/P69IXD40gx/a8us4Fzw=,tag:dpP52cD28Zig/yinn9yunA==,type:str] + - ENC[AES256_GCM,data:hbNmg4OpZO5igQ==,iv:3D6SNJq/j5AkSmMIZkOk+2Wy8S0s/frpb7JUAdfogKk=,tag:g4cNWHNPaER79Dfws5nnBg==,type:str] + - ENC[AES256_GCM,data:lId9hdibWrBz,iv:PaGRuP8dQErmuvjszAlSdGt57E0zeNeZNH7/UVkP5cw=,tag:AeX7XA5BI7aj1IdPiGRitg==,type:str] + - ENC[AES256_GCM,data:AsiFAVc9z1c=,iv:XzPPn4ztUZDrKhS11Y/PSoQt45a2y74sEvj0Uh/bBIE=,tag:gjJVuni7PqyJ/awY7s4w3w==,type:str] + - ENC[AES256_GCM,data:oSLUADGTKUPqNvTK,iv:t+8Sfji2OGKg2/6o7hBpmgwYph9Aq8juACX6PiGYWR0=,tag:Dz9tT+x7S/28VmgO7oIIlg==,type:str] + - ENC[AES256_GCM,data:NCMFN6Ph/A==,iv:O/4gYlN0aCwbizcVP08J5gR49znGLYMB6yaDV+KcCJo=,tag:oe2jokPUE7kJW1/rqB3IkA==,type:str] + - ENC[AES256_GCM,data:AYlk9P7aguYUUQ==,iv:oLwcFAkORzbWxH9oA2A8DhmRNbH3E7Qj/c0+25B6KRY=,tag:BtWE7TXLpRiiz0NKs+rkzA==,type:str] + - ENC[AES256_GCM,data:hOcyatVYtujS,iv:+1t4RkVGlFo4WAiFsyLVaYu1BxNpQKsgEM3bp3AxNT8=,tag:UPI/4r0V124TzF3ZCqehrQ==,type:str] + - ENC[AES256_GCM,data:KkSbLE63i6cpWA==,iv:GKD6yXQJif4Bm0AVGWVDzNhaF6Xd9AlOOrK2VnwcWTA=,tag:WP1en9ZRn4MS4OYTU1F3gw==,type:str] + - ENC[AES256_GCM,data:L+Wpu9o0VvZJ2BOZ,iv:bBm1rFcwziE17yz16al/kYrUgqeUAW2W0YccZBGrEzw=,tag:/6GCO3H98HwD0uUTf04R3g==,type:str] + - ENC[AES256_GCM,data:HuTRuqwPKt2wsnACMw==,iv:yBOYn6Fode1ryVL+4sb7nZY6YTSuIAUt+/ucvwOzdNw=,tag:2dIgZKivgk3NOYopgZEOSA==,type:str] + - ENC[AES256_GCM,data:oFBKlsEp9HKp6iwd2rcf,iv:yJJyX5ZMHVc598a2n4/0jSqstX35Xfe2wVqtEX+K3U4=,tag:pYW2rDS7nwHKoCJ7qIFdqw==,type:str] + - ENC[AES256_GCM,data:kamF0EIRlrae9aCv0A==,iv:DgvkLSGZ93oldDO359VHLEWIxv1RBuFMKROkIIkUJnk=,tag:unLj2mfrvtii1LOPrhTLvA==,type:str] + - ENC[AES256_GCM,data:pPjhlsQommdqThTs3rI59k4=,iv:2fyId4nIBdKy8bVnheUk7LZt2+A+F65X8bjPTsAqq14=,tag:ICsUc6zDGETesMJ0YQjyWA==,type:str] + - ENC[AES256_GCM,data:MrjiAEjraFClG8M=,iv:c/Gh5Q98WdDUv4sTDCLxjujTFN4x8vHi1SMdeWlGneU=,tag:YG6rqfGsTFlHhDjorUxIdQ==,type:str] + - ENC[AES256_GCM,data:YmMdOY1mHdSAqWv1,iv:Wwk/ZrCJ7I8Tvjv/VCuIH2IyV05MTPRHJmGjl45XehQ=,tag:xaaIxSU1IUm76ZhCp/nIrQ==,type:str] + - ENC[AES256_GCM,data:BF2drLA0Bur1yw==,iv:SPANBDo8J+lBzejszUiTxhGz3SmVZaLE0nSwrduhhRU=,tag:6bbh+h4kd30SM48O9kFw9Q==,type:str] + - ENC[AES256_GCM,data:DOdW1IjpDd5TQEc=,iv:xOZz+RzfVQI83K1sBS1+Q4bR2l3bP2VXrVvq1JBHLH0=,tag:jXasdwMC8/QugwtRvJK6XQ==,type:str] + - ENC[AES256_GCM,data:BWENDaNRiN8rJQ==,iv:jsXDOW1RJrbAd9gDvTNRTn73eB2F2d2UYbPjplmp4yg=,tag:TmHruNkUwwdXTjybwoEWgA==,type:str] + - ENC[AES256_GCM,data:ioJiHQDrUfF3Qi74IJuN,iv:y807ozjd9yLEJpxfMcRU4UMvwYUu2BINbGUys1ML4b8=,tag:NRIGobRvAcxcHlvVntWSIQ==,type:str] + - ENC[AES256_GCM,data:nFVDixzYmfoWAf4raal1,iv:3FVM36Zue7gM/yoTHG8rNtvgFOGg/zvQ9jkK0jXRJv0=,tag:OGj/JQyaxfRR1S09vCxC3g==,type:str] + - ENC[AES256_GCM,data:cKorRe7dqOLlMw8=,iv:VqH72TY9pHQFNYpYXNUhpTmjoekxw30Ux+gl1V9Mlww=,tag:0iWiVK7yAo3ObGdBBQ48HQ==,type:str] + - ENC[AES256_GCM,data:AOWeMpz7LV77og==,iv:WOxNv+8YvFBeciV7tp0xaEOQn8WBz4inGUiOzOrukAM=,tag:aXvELH4XBtWfdqXvopnE7A==,type:str] + - ENC[AES256_GCM,data:jw6kFlCEW7lJaw==,iv:2jkxTa3tLFusZKYnwnEMSbRdO+UF2EJrziPdUGsxbEs=,tag:iQUaJywaYXvdPfjn7qe9cQ==,type:str] + - ENC[AES256_GCM,data:7U8VKRVWAhXD,iv:/hlfMbiVuCzKPi5ygrv8IXC++Ywdam4ZVWCJ1scu894=,tag:GX/3AI6/TdJAervc5N5zkw==,type:str] + - ENC[AES256_GCM,data:l/swj4ug64Cdaw==,iv:FN+Xom7vK+KfjdEOQ3qerAwuuXUdGzcw/auuhBJlIf4=,tag:2T/MAn9UlUwshcycb9w2og==,type:str] + - ENC[AES256_GCM,data:Ydu+hDANHiBw9hoO,iv:RATzLzm/J7kH/6XuvHRg26ZFlW/Lo5x9xGESW6fVkWs=,tag:WL2gInuMOp8twGISGNSYtQ==,type:str] + - ENC[AES256_GCM,data:Ov5J61tyygFUhU+l7t8=,iv:+3+hOfUuhSFdAeIoPbPF1ukZ9F7pQOUV+zfMEOpsl5M=,tag:UrjKy2cVZcPkBGbz4pPJ6A==,type:str] + - ENC[AES256_GCM,data:vTdXWILgHrh+EDDsCfDf,iv:yEaahEJV3tRb7ijuDBQpoAdLQJbn3L3BLsY6jlHiNp8=,tag:aE0YybNZV+2fn5cMZRCr9A==,type:str] + - ENC[AES256_GCM,data:dQziepm+Sw==,iv:/n1c/49wUOR1elYVdNnNA7Iguy1hNHsnoajmGigfGpg=,tag:fuYNMqStm/vuGii0Akd3tA==,type:str] + - ENC[AES256_GCM,data:dMlhcesV,iv:8AFvR5ZBR21kqqDqdblZVtIKe05if+BjUnYQJL683mI=,tag:t01D5r5+SLJHDmrwEovfTw==,type:str] + - ENC[AES256_GCM,data:zIoI/qPDbm4=,iv:Rq+lGNmEaWvZNFDtWT7XwJaMhdmmavfXR3v6m+qolxM=,tag:KJJA2HpaCd9uTfoirP07rw==,type:str] + - ENC[AES256_GCM,data:Ry0jaOuMBHT4ZCxfjw==,iv:iGuRKu/StiRreaX9zvG7vkDsGvihRvND7rJIKsFYimE=,tag:7Z+bKtOhQaKsJ1z6GAyHkA==,type:str] + - ENC[AES256_GCM,data:/vkrQZJs8HH9,iv:ufdPQ0TGNkeLQbFZmTXoBi6xAivmjuw6+HHybYyGqY8=,tag:/g6Su2ecAyslYkBZN5XtNQ==,type:str] + - ENC[AES256_GCM,data:lJBbur9ZXR4F7oyEhi5hdNIg,iv:saRjvSLVdsbUk211H+2Yw8CX2MW/znoYtm1PvUswLoM=,tag:RBXuPZWPZFupy+MaglMHgA==,type:str] + - ENC[AES256_GCM,data:kVOPdsZF5HKK,iv:PDZOOBTUbX0BFG0iXlR4Vd3qmueYtJcjjv7G/lIYKDw=,tag:ygNEpCiUrzCsF9miGJlf2A==,type:str] + - ENC[AES256_GCM,data:kfyHEIiQ+hR9bYnM,iv:745yTKkVYa3rRs3ALXKf1R6ISlKRJQnuWzS6UOi6VDA=,tag:/Pw1qtbbuwdmnOigZmK89w==,type:str] + - ENC[AES256_GCM,data:2ue5GgRZTjsB,iv:Yt7aLzVCoDGwOKGhJVzl0uTKxmAudQUGhWywlI7we2E=,tag:h/+JzwotxhqLsHJ9fiaLvQ==,type:str] + - ENC[AES256_GCM,data:TAfPz+Pu4f4dGQ==,iv:5n2n8EQ5F/IBM8fpaT91q12VDqMLi8hipQEA6ReEuaU=,tag:JnTe0Fq60slNArR965JNVg==,type:str] + - ENC[AES256_GCM,data:IV+SqZgBzxRFgzk=,iv:wHYJLH/ICx161Abc89xOh65Bnv/yAeCRfgqVev4cpGs=,tag:vOLbKBL4r3d5AXxO4H0sgg==,type:str] + - ENC[AES256_GCM,data:rLMb8u5oNaBzcQ==,iv:jbUaX9ev2D8p8lqHaLaCWf41HY9OtzuhouYjyEBlyrw=,tag:2SDjuSCROxi/wPIxLAkalQ==,type:str] + - ENC[AES256_GCM,data:d5zm15BATQHg5Ak=,iv:LzMzQ/5kH3rtNs1tetsa31WNgMqkjmlRlGWJuzTklDA=,tag:a018FgpTvxCBv9ARq7lp8A==,type:str] + - ENC[AES256_GCM,data:8TdrMVPEmqI1TQ==,iv:MlsXHItuVq3Xdt9qW+8bQKVeJXgFzTg43XFXWtLVO98=,tag:lkK1keNljFnhJghZ9ThIcQ==,type:str] + - ENC[AES256_GCM,data:v0OPN6kljUXWcQ==,iv:rW9OHnLrKVqi72S8kwKGgRg+0m6AD8TQ3Yv6fH580PE=,tag:cYQ/2E7S9Osl6+015QGl3Q==,type:str] + - ENC[AES256_GCM,data:zGncB9Ly83M/KQ==,iv:EgztcRsXSkKda3oOCk0ehZ9g0MJqv1QqpPMz7Zs9BsU=,tag:mBQrlgghob4I4SDB8O6rdg==,type:str] + - ENC[AES256_GCM,data:MHuizgGQHFm0HK+r0g==,iv:xuUY8XgSyTTelot9O+F3FJG2TGZF89wxAZbaSBSY8ak=,tag:/EQS2SQR7B/dbmn8iyu68w==,type:str] + - ENC[AES256_GCM,data:e5T5YDXAcT9JKM4=,iv:j7JclS7OP2Ldi4/4fZLuFYK61URFHYHGKMLN49kLnJE=,tag:d5CIhYgLGWN2Foehr3rO2g==,type:str] + - ENC[AES256_GCM,data:k3sgN30cSQ==,iv:LHNZHqp5vGxtneeOBQORHzht0b0IXr+Ed8tQFevH0fA=,tag:5cWN5pyEdGvg52gbxOi2yQ==,type:str] + - ENC[AES256_GCM,data:MFCjlt8QnQsnncxOGsM=,iv:oqGQ2Y3NdLtGzr8Q8SVEEZCXi75KCaMwcFr/aHNZYmc=,tag:13UySdFeC5ivrcwANy+36Q==,type:str] + - ENC[AES256_GCM,data:9Uz+OmceSxgwSEA=,iv:TKd7JJchRiQY01RsH6epUuUrLY1vBHRiD3gZJEq3RjQ=,tag:42YBwI+pfnwdceLXIaFdOA==,type:str] + - ENC[AES256_GCM,data:ComrDuTHu653tw==,iv:JMnRsmDp8byJDgvVfkVXylYBbAsO6l5L05d8kVzrkyc=,tag:v+yF2QPKgpHXWHto5Y8xLQ==,type:str] + - ENC[AES256_GCM,data:+XvefT+p9Bjv2g==,iv:GCwO4p4Ka3wBB4lNE+iaz/uIBHpewszy+jHYU3/WW8k=,tag:EOtacqW2iUbooMBCIGo9uA==,type:str] + - ENC[AES256_GCM,data:br0z+luLyLDY3ADSb7w=,iv:SIHLWXHIJhFF8rtrwPHkAK5nEseqyqBwkLWbeIjTDrg=,tag:QyQSeT2NICPyL0BNnudGzA==,type:str] + - ENC[AES256_GCM,data:V4bZJoFhzaV0rCZapo63,iv:XtARD//9jUZ2mDxFjoVTBBcyRbKOJukCVlDpLj2B6Iw=,tag:YfdaD7UTbzP5ASeSSngPdQ==,type:str] + - ENC[AES256_GCM,data:qsExqpuxDK7D,iv:dFu1u5scJ2S4w2lxTITwgKbyaMlPTtmU3O6wtr3ErL4=,tag:Z3QIYW5Nd+rPOGBOVcotbg==,type:str] + - ENC[AES256_GCM,data:41TyrIkFogQyIECM,iv:1D4+y7wTTkn5ABplo/dWAh/L9wKqWWv7ePHbMZsq0R4=,tag:L2XnFdTI9+KMDPwWd61gbw==,type:str] + - ENC[AES256_GCM,data:UnANgUAyqNegQ6s=,iv:WbhHdTakiqK4HphKPvmiHD0JykWz9FrPgT6ltuB3m30=,tag:dbYbyptG3JuM1GX1KqRJBg==,type:str] + - ENC[AES256_GCM,data:KSMlUpg+XFfSmOi3,iv:o0Rnw39hSnl8/IhsHdLr9rIqrXMKwwMHP6PwFnC4/No=,tag:owiW5HebtV9SFBe9ZMgxkw==,type:str] + - ENC[AES256_GCM,data:Cp5QNSIkk8YUlqbD,iv:jng71HnZxyBOnPDE+gQyu0pHtdghjZJ0Saox8U9fw7M=,tag:fdaBaMmKz/AMjp0j5Dw9Tw==,type:str] + - ENC[AES256_GCM,data:BjmHysNzNw4D,iv:J6p9fCAl2VqZPKlw01cG4hY12zcKUK8ds0D4MlX2us8=,tag:q1EH34ENA1jsBo8l7xsMCQ==,type:str] + - ENC[AES256_GCM,data:B/3WRvughVhs,iv:YKj7ZpSuUL6DcFxOul0M6Fd+KE/kVbCEnq3MG+EZmWo=,tag:s3GHqhIs6+iuI0yM/Aud+Q==,type:str] + - ENC[AES256_GCM,data:5iczBVlNqD2aTgT5Bg==,iv:5bqjmxA2dzfR1g6xGeLG0k+eVg8neVUw66vcBBwjPdM=,tag:jRI0kvHPMrB6/3JytaM4iA==,type:str] + - ENC[AES256_GCM,data:PXuelSnQv9M=,iv:46+n7KH84Ih8R6dTnI7dRVGL7zx1ePv9fGoGAZe/6s0=,tag:0nyfWXHv1HkTNz5L7jyjPw==,type:str] + - ENC[AES256_GCM,data:e0b0HiRavMq6,iv:EESoWexj6H6n1ojxIf7BbTkkZo25ijB9PTn38WWH6Vo=,tag:/bkIhR9YAnSyDi/s8E9VwQ==,type:str] + - ENC[AES256_GCM,data:SNmLXwF95naKSw==,iv:/foJFNRp1mXVA5T0ciOG9Ys+R/iZCsY064XhR5xeb7w=,tag:EoxBe3UvQkniJc62Q+gSRg==,type:str] + - ENC[AES256_GCM,data:xPtrsfRL,iv:VyXMV//Aw5C+q0wkJ5rAMfR8/L61nfHu09QBz+hypEc=,tag:TXTfucpsDt/XVwEJzrU70g==,type:str] + - ENC[AES256_GCM,data:EBVQ/TMPGbuP,iv:CYWrEfy5sxEeXGtgmlV97c80a7S1XDKTZbnuNf8xhqc=,tag:Y2x2ep/RxocQdDbVabTVig==,type:str] + - ENC[AES256_GCM,data:kT2LtgR5UiqluxFbkdk=,iv:+r7zzp6HHya6h8PcKKP4OnKO4showLHoJBM18IV1lGE=,tag:n1qjTFNl8Rr7fBHrixa/mQ==,type:str] + - ENC[AES256_GCM,data:wQNuhvIYB6jU,iv:u2dw96bjsJOm843JGl/rIFBrer0O8MTlaz90pGvhksw=,tag:i3rVuekEZedauitG2UT7qQ==,type:str] + - ENC[AES256_GCM,data:DVMv/+5bjQoCoA==,iv:zfpQsyeHqudKO9Sc/rgFkOEoauh5za5ecQdbdWr/3cQ=,tag:EMA7CQrMoc8ykx0oM/4ikw==,type:str] + - ENC[AES256_GCM,data:F+N2Lo2yHE1D0a8plw==,iv:iJPzViKXvHPw2+FVbc9g7df3RA5h9yejYuEgLxYIDNE=,tag:v8jT/58yWJyBC4WsEPn+1A==,type:str] + - ENC[AES256_GCM,data:exi0Obujbpwc,iv:n2RWTZdBoPG/oxHppmqeTvZMeBV51/QeNwkmzXFnRAs=,tag:E/DW7yuyE3ArSCqFc2FRww==,type:str] + - ENC[AES256_GCM,data:1HEvk+pPl0lSEtmAhQ==,iv:hpFRUhUx5floX9JS1tnr0m1oivK3Wohexg0TObGecic=,tag:rWvekGK1d4Zt8cjeENeQXA==,type:str] + - ENC[AES256_GCM,data:KZKbg2hP2Qe/Mug=,iv:8FgfJX5Jh/KPhpP/U7saQv2Eg2EnbK+OSG3qUOxwehA=,tag:s3i3REGrmA5BgT+/IX3LwQ==,type:str] + - ENC[AES256_GCM,data:RHGEnCD4Q/kPeA==,iv:oSY9+adKoJ4dobG0CYIKun1YNnc4q7h7fNmzFaTdVqc=,tag:8UYy+OQ8KCM6YJ7ZjvpXrw==,type:str] + - ENC[AES256_GCM,data:XT6s5Y1POIAZFw==,iv:DeTcbk6GOOnpB4ptf9uGsRNSJ1AurscMUf0mPj2rusM=,tag:YWMbGpwHpdjYVbj8Jn7JDg==,type:str] + - ENC[AES256_GCM,data:yecr+j7drt8eqA==,iv:7EvWvaYDmdPPinTkLlEzHE5nEojcN17NAlX/ureiOMA=,tag:0NDhdLjNn2CF4fs6hlAnGA==,type:str] + - ENC[AES256_GCM,data:YbSaqpYF76uSKQ==,iv:ApyKYBG1BNkiojEo9VldT6RWSR5+AAvLr3woWulYjfk=,tag:8FXs7plyapc3pWERCALxpg==,type:str] + - ENC[AES256_GCM,data:ATB7PjLLRt4gQQ==,iv:UbmSCKDh+C50vACXozDxGrt+g12JrYMDVattvGWlAmg=,tag:tXOwI8qS+DxB72lzWt1Z3w==,type:str] + - ENC[AES256_GCM,data:amxinrAE4rs1Nw==,iv:dC87aN7KeuLnYNr8K9xjyuObwuggBJjCKtIvdHfExfA=,tag:wUs63Z+fe259W61ICJigQw==,type:str] + - ENC[AES256_GCM,data:Hj7CEZmMHjLlzA==,iv:ihwlDpRLQE+D8VoE0LO9Q0MzVk24CpNVxyWX7svaKVE=,tag:BdiBzaFWncbkaVv1niojXw==,type:str] + - ENC[AES256_GCM,data:7Xa+JYq04DoX8Q==,iv:CEKFN0v/M08M/u1NbCk7cx9Yfo14XMjN4zBhN7hTQxY=,tag:QRXgna9ynY6O8sYFfTos/A==,type:str] + - ENC[AES256_GCM,data:9PyFBK+MOxBkLw==,iv:qk54mn58BRJM6qgn4NYDSIaShZSvqbva4lc7yfENpTI=,tag:RZf/HZ4twc4Cb22MyUAgEQ==,type:str] + - ENC[AES256_GCM,data:sce0GfOiMd2FNw==,iv:zcdGyXu/ojcFgJPTXWLFZxuLuw+EVPf/S3TO0vwcLRA=,tag:Sy4XEclmudc1NyQSeUmtlg==,type:str] + - ENC[AES256_GCM,data:mhzv2mqyAVMEDg==,iv:2ubD4gD/b1FMMquDX0dTNSIqsdz0Hs8h6KjKO1kL9q8=,tag:400j4du393oRjafuw00+fw==,type:str] + - ENC[AES256_GCM,data:t2kisgO08cYlaw==,iv:1ANb1OCKWkfEtTsWIsnEyoTwcKHYmhUuD1T2QJWvLmk=,tag:zIWNvsWGhLlymEd4XpmTxw==,type:str] + - ENC[AES256_GCM,data:W/upT75LrZw+wRE=,iv:bIvmERMWqrZsByP4klvP27kJly6Nbc6q8AR9uNTIFbI=,tag:z4r6iqikiTNhLXTiGBKYxQ==,type:str] + - ENC[AES256_GCM,data:ufypSS//LxDTqg==,iv:Hive0YEjhfoOduZSbFmjcoiZjmAZ6VtXclgSIV26rSo=,tag:tskb1JK1yAeU5tB/Zx/D+Q==,type:str] + - ENC[AES256_GCM,data:AkZ6Hj1mHD0YD9I=,iv:B9C/YsYBUgfC9rs2qZNuOHVQx8IrqdKTyWyWbA/OxGQ=,tag:Qmzjv4f1d++NGi4v5af5Iw==,type:str] + - ENC[AES256_GCM,data:VEsxHBzWuKoHBZI=,iv:BEtlkkwZUftGlrYis5RN6d6animm1lrygYStkug/lrs=,tag:WbtaAJxL5E37KX/MKpfcPQ==,type:str] + - ENC[AES256_GCM,data:STxrjINfEBW/z0srqlTitw==,iv:f3DLU6ugPD4VUeKsU4estVNcNtYq5CRX79NWwUlCyTs=,tag:pgmR7LMr8T6S9z5W29+Feg==,type:str] + - ENC[AES256_GCM,data:clAwbkCfedAN2OgeHw==,iv:+BZ0lOUROohRTSHVd9h1ga3J/H89Q+iMGwt3yBHnJhQ=,tag:aFTCRa+VPdXro/cclI3b7g==,type:str] + - ENC[AES256_GCM,data:BxL+0I7+DvhbH+Y=,iv:Tu29YJwBMz6sL4VOFl/X95MlyeNg5UXVEfebw4spK30=,tag:uvHPte5wNZPl5iB19WAgBQ==,type:str] + - ENC[AES256_GCM,data:O5TXXCCCyBelJWC4HA==,iv:TSQVXdyTRwkvOd935ffVCtfCJeGyXeW8ei2kBVToHUI=,tag:+0QaYWfiu91TfS7XQTq3QQ==,type:str] + - ENC[AES256_GCM,data:VlZg8pWEEDc=,iv:TvHsG6x1J3KdXbvjFnKD10REr4AVZsbPc8SEwiTTPcE=,tag:OT63PzrHe5RNr7djrYVtcQ==,type:str] + - ENC[AES256_GCM,data:tuNbPAff1uiMWw0=,iv:A1OqhP2OtsGz65Vb5G8uCAwH2+DxLtjYTxDSB9yxLvE=,tag:7bqvMYBSUbV7vwg4NfzDGA==,type:str] + - ENC[AES256_GCM,data:9NpHupp2zDIrvWKaYA==,iv:iSYc/acDAIMvzjEIug/uj8OWT0ky+lO6vXKD5CM62/s=,tag:p8SKQL3cUT8W9hGOmCjbkA==,type:str] + - ENC[AES256_GCM,data:NZu+Y2Ox42SdmIk=,iv:A1ka0LVq7pJIquCBwCo0rnxVuvlI0g49NadSZ2gBDVY=,tag:ejMnsA1J2/vVX+Ett4TBOQ==,type:str] + - ENC[AES256_GCM,data:Vsnku/K4xZDeVMzI/ZU=,iv:4GPDysvuQsVr0I0cSZ73KnaBJ5px1vzccKP7oCRaNjQ=,tag:cze1qxC79ngx7KVvjKTvDQ==,type:str] + - ENC[AES256_GCM,data:tNoSoIYdUCk=,iv:PT65IVxjsuHQ94rhGXrKl2VPSkHDbj/GKlLpA66ivt4=,tag:U7gqeJmvWn749zwQe86OZQ==,type:str] + - ENC[AES256_GCM,data:7GvsMGl+C+gZsBxEcYQ=,iv:nOGS0LAKOriy2grGTNTc/34qTvnIFN7GtDoCKzIDaQ4=,tag:5U10qUzL50stfzukh7R90g==,type:str] + - ENC[AES256_GCM,data:HmHiohPDUtUy1PJf,iv:+I02R4zXR/epwnUrPl/95qrgYvUMfhDCO+qF27B38MU=,tag:Hq4w57SJo5Jau3eU1fMh/A==,type:str] + - ENC[AES256_GCM,data:rR2vEYgQDbnpqIQ=,iv:h8JGUyS9PEzcVkSabp4L96drRWqrJ5QPBJI9vQo8axw=,tag:6iKcIzOoItPED1fIg3tq8w==,type:str] + - ENC[AES256_GCM,data:U7yiw1Xm4gLc,iv:EVqQCSLGDaBYIvopVBXBJzMrSwFW1n1cDmvnWzLrATI=,tag:BoRgnqvIPdhJxIaKUF7Mtw==,type:str] + - ENC[AES256_GCM,data:uVCKwggDmjEyCw==,iv:DE5eYhSSDkvjf5DZD0Tw2Sr5CmNwjJIkai2ZzJ4b2Eo=,tag:6UnQ+GHCvN/Ud4WhjAsnWg==,type:str] + - ENC[AES256_GCM,data:4NUWcWz0L6BI3mo=,iv:OLxaF0bKMu6fjWSZgqysuUUQz1NmdqOe9tQzKiZa8W4=,tag:XmFNLA8nYUQUb3o2CWT9Qw==,type:str] + - ENC[AES256_GCM,data:C5EW9MZaZIqP4pRQ,iv:b1I/QN7AfUGeat/l21rk0EvQNBDYvL3yBDzv22Souik=,tag:76Y78j7ttFR6P2ChJFm/vw==,type:str] + - ENC[AES256_GCM,data:9VrVRhXov5oO4GFfs3a5,iv:kZvA8SjffH7/riCsrinojApo6DxIDVZTAKpvUgSWoK4=,tag:4TedmyHmJQRMw6bPhHsRxw==,type:str] + - ENC[AES256_GCM,data:aZ7XKarWYlDSEaLoqFA7ISI5+9y7AfY=,iv:5+CzSXI/Be1Gm/TKFPUhQEcNOUKRAk735w0CHw0ZiHg=,tag:porWAmTAdxfyUDhiB1pE0g==,type:str] + - ENC[AES256_GCM,data:GAq61v+pt6HG8WMRUlhzw/pRJZXrNnp47+o=,iv:oOdLtPg6OlzH/5jgwPgQbFSjU8yG0tk5+0b2rVR3eg8=,tag:UIPclX0LoMcSzxHBVzNLPQ==,type:str] + - ENC[AES256_GCM,data:U90Ccjz4ZxHk8rGIbA==,iv:WCaEkrJ2m001Bo1ScOkrE9T+TKuT6mA6vIS+MSTM9AA=,tag:9wE/UbNr9okgKATrjA8Qew==,type:str] + - ENC[AES256_GCM,data:ukC3pHiL/mx+WzV7ScKYUlo=,iv:NLutptGqkB4gVK6md116COAQNnILWLzk2EBwJ4sxUsc=,tag:InDIgTZ6zpN+3Qq6ddDfEg==,type:str] + - ENC[AES256_GCM,data:NSVuBmQUfh13hCsFUMAT3EYII0o=,iv:S3xtAkYrbbJCaEb18iEU4+/wMRNfbS4zRuW7GrPPa7E=,tag:t4Nf7EgI/NWlvnF1n9GvSQ==,type:str] + - ENC[AES256_GCM,data:hw5ScsFDBrOwMyOB,iv:je6LTcyWCCUVYI+DFrJA2VKQ0/NUmwSJ9rX4qizlhYQ=,tag:+DY/fCcQsENbMt9S4GPeEA==,type:str] + - ENC[AES256_GCM,data:q1YHaw3Tgioj,iv:RxuGS/yHUnG6n7K++Ns1N55yNpTt8b57UAcXV2udLms=,tag:OZF+3GZgGapQgKhN0RY8qg==,type:str] + - ENC[AES256_GCM,data:uJQ7YeVu+nYeGXH5,iv:w1nxbLOhoeHZ+U3Sg8oVFwnbiBeikHgzKA77qz60DPQ=,tag:rSoWatZzT7dSoAeqy/k45A==,type:str] + - ENC[AES256_GCM,data:NRzF6kZC6Ec=,iv:y0TSyMbPasQQ1O7w9hKEXfsuyJXlWal5garRWxUEID4=,tag:1m1YKU+PNZsh+4wwXmVbXw==,type:str] + - ENC[AES256_GCM,data:0GplY+xhTyPaDg==,iv:nFiMbvzT2pZGc1m0HN7pHHSG7xxFn3/j/WTIZIRqhv0=,tag:lOp2Dl4l7H+TlainSNicLQ==,type:str] + - ENC[AES256_GCM,data:lnPicGOcAQh9ltCEJKve,iv:JDkpejWrp05sHbb9vnNicvSCrEZCK4jS6gwPMKZIWac=,tag:fUU8Arbu8AHZL43piuHM1g==,type:str] + - ENC[AES256_GCM,data:HLRJKYJuBpIUIY+5lw==,iv:TrhdklAX5C5ZuAqDnJRTNQqn8cYqd6zvBdSjSjVwz+E=,tag:VHy/DTu2oxonqee5LhvgRw==,type:str] + - ENC[AES256_GCM,data:b1PT2sYSanp5BEgP,iv:rxEf1GwxahswzCqs7kwjUPzIdG87nen3GmyHf3nV/D0=,tag:mxBFq2P6FlvJyyn8RLgexA==,type:str] + - ENC[AES256_GCM,data:t6GSODsyrfZPrek=,iv:XiMoiyAgTNqGs9OLD2j9O7eCwhLzZLMT7d3WXuTFjlM=,tag:fc46kabMKuaMML6RUDizmQ==,type:str] + - ENC[AES256_GCM,data:fwwHdppAX4y2,iv:CjfCIrz0l4PLx+dqoHF+Qse/W/+0edzW4BbulBjBZQE=,tag:f5kBO1C06RkNXNRT39ZCzg==,type:str] + - ENC[AES256_GCM,data:f1hebgmjpKWO,iv:KpGVwwtKh8w+0ZVcOvvvZkxy4/YuvpNsXTiyAYb7VhY=,tag:TBv/AcgwMj+HflHfrifPLA==,type:str] + - ENC[AES256_GCM,data:f9OCy+u2eDRs,iv:FXU5zHIdyr9r38caZY/xaX7PuJX4zNoye0pJYu2J95Y=,tag:WmvwQafgDzVz8OG1B206VA==,type:str] + - ENC[AES256_GCM,data:uCTNpm86JdAKWIN83PPb36Y=,iv:ip+JxG1xANZYrEBvTZFusQO4q8gN7dWIOg7wH4zkDRY=,tag:4e0FVyBHH8HqcVBqEjeG2w==,type:str] + - ENC[AES256_GCM,data:jWEWdGUrei+Sqmpzl2M=,iv:SgLdPUVOS2j8gDcdwNfp++TjZ1Kp5Mhiig13Ic7XFGY=,tag:hnOYYF26N8uGbrsLy3gIXA==,type:str] + - ENC[AES256_GCM,data:nkblyG8VA5svkpclBQ==,iv:E8vT4020B0zNkVizWkS5uoDeneOzlFyA+TPkzHAr9Go=,tag:qGSWRkeN1xLaOVsC3dZc+Q==,type:str] + - ENC[AES256_GCM,data:6v1wrzv9uLl150s=,iv:raYzlijj74HQjoq8/FQtE7uMQkYOBKLSChqkc7Q/oLc=,tag:PBiSvR0mAKFInIDYYp9X1g==,type:str] + - ENC[AES256_GCM,data:qsIwL/XGxamO,iv:ebSWk+8QbKRRX61nOgsr+7X8ZLXi/tfdWVzG/khOfbs=,tag:4BFPkTJvR3eGbLPkppIXXw==,type:str] + - ENC[AES256_GCM,data:zrQjJfhpXwgkeW0=,iv:OBC12yE9aekF71JsLxZ2rp4ta3e47sr2ts4ygDCUE9s=,tag:OhG63HxvfkjPqGobJDcBag==,type:str] + - ENC[AES256_GCM,data:ijO8T7jZNP2FK+79ohE=,iv:iZO1NF6SM1w1N4UDl0D/dbFHskBWy+JY5Kwh0H7JAQc=,tag:zFi+k6RF6uo5iSN6X+P1ew==,type:str] + - ENC[AES256_GCM,data:pdAWvAwZQyo4keG1TbsET2+pKprD,iv:lzwKET3SP+7J7vUbnuLjSf1njYglxbMcZFKJekC5pE4=,tag:GJLzgl+1Qzc8rKBdWpTXfQ==,type:str] + - ENC[AES256_GCM,data:zNtvpOF1P4iOgFEFHtKgpE2pgcXj,iv:EaK8XwvARWr6WTEfmUrPot6H18hsth5klke5SL7qy3s=,tag:KiCTRIhgkrY5XvyK/y2rcA==,type:str] + - ENC[AES256_GCM,data:X9wjQngKgjTP17c3c0KHafoUWNSq,iv:3BJUmrqZkgpkmKlz39JKn/aIouJ9F/gGGRTI6pmjZOc=,tag:td1xqUTjCXbVMaAVV/vD9g==,type:str] + - ENC[AES256_GCM,data:d6PPi688R6vmzpNUaMudJ1b2ORw=,iv:GThZIL9t8e0gGHA8SL2MOq3/rfP7ZJPKTZ/MiuY6egg=,tag:EhdZmU0eaTux3pFyjbgJtA==,type:str] + - ENC[AES256_GCM,data:Hkm77H34BRPLqFZ7Yko=,iv:wGNSI7vK6wXumZTLqGFSpOM14pz/NeZRfMwCmD2E89s=,tag:j2QV8Atu44ECEgIQ2V+p6g==,type:str] + - ENC[AES256_GCM,data:0xT2s67nmVuIgHgmtg==,iv:pQ8gd6ZVwbtODSkiU213m1AzSNwMCMic7KyukGs8gfg=,tag:5cEXu88KSibYQySywBpYwA==,type:str] + - ENC[AES256_GCM,data:KKDFfDfCtTwb6w==,iv:aFy96xPQK3ByrcAsR32kL4zfH4lAnAD3gGt0FSccbLo=,tag:f3d4pmWQ10VRiyacq+5gyw==,type:str] + - ENC[AES256_GCM,data:fxF+FhAI3XpDT5s=,iv:HZzJYUk95R80iceh17i8QUS7uIceybE3GH8BPB3kP3c=,tag:MXWzxLb5Ho1+3J5Qlh2Q4w==,type:str] + - ENC[AES256_GCM,data:OmBnSCndSb5WJ4iKvqOBPA==,iv:LVvx5ZV58h85+u5ssNuMR3WEiZFdYtGvgwtUoGPenuE=,tag:rU4OMx9ZVcLV0DqmjopNLw==,type:str] + - ENC[AES256_GCM,data:gO4c3x5JQRUQLg==,iv:mi5Sc1KG1/KgqbUvdHigHX6iAKjXkvvPLw7actTzQV0=,tag:JFnjyr5aVHvgwYBn4a6krA==,type:str] + - ENC[AES256_GCM,data:Zu6MV7bPUB5cBD5WmXgWlS9bk4YEkg==,iv:WaNGq++DgCY/1I4ykwTC9P4THV2kHpcAVZhgOzz4LPU=,tag:9+vtG0B17cRBJwlXxdmhrQ==,type:str] + - ENC[AES256_GCM,data:QuDtPBAKYBriThRvOO40bctQlA==,iv:KVd8ZyQXPNOxChKewi3i4bQ3A/X05w2qECWncLPFxIM=,tag:HTNRVu+KfQhTGwwa3t6nFw==,type:str] + - ENC[AES256_GCM,data:upl3W/HUPRFZr2R/d7XX,iv:A7zKrI2y5szF//XQgTS1zg4V9ZuFFiLJWMlvtItXW2g=,tag:k4o0Lwz/8J1wy6dWFZ1pAQ==,type:str] + - ENC[AES256_GCM,data:txYm+3IJE/scVv+bpv4ZcHWrOw==,iv:NVtlPsFanavjxdYv7JURGR8GeSwOPJTf62YecXa0Vbc=,tag:aFo2H7Z+5cXxXFlmfiifZg==,type:str] + - ENC[AES256_GCM,data:UwPFky1/PVjeR0NvHZeE7f4=,iv:ZAWoi3aKUyod8AsmylN5B3nO/9aoJyXe1wv4ZzyF0IU=,tag:SoWh06BV0dx3zM09bgk+pQ==,type:str] + - ENC[AES256_GCM,data:RJO5oedE9rO0q/RBDQ==,iv:gWA4tPV0K3WuevXpq6D+HuAI0jwZkVD+tFRdW+kzyn0=,tag:7VFmA7tfczZQ0haA5uZG8g==,type:str] + - ENC[AES256_GCM,data:fGqZUNvcmsNcSSbAiQ==,iv:ohJVt32QmYlqVwRMQ72+wysk248rv5lo6/wim3MX0wE=,tag:2KlPFju5sW6K+t8oezOvnw==,type:str] + - ENC[AES256_GCM,data:wQlD/EYJ,iv:ztoGQLdWFyupmFmU94r3fzOj+tnxRIJtcqhufL5TmN0=,tag:qTVqsSBZ5fgp1BM0UFGeVw==,type:str] + - ENC[AES256_GCM,data:Dq+qofXcrxGb/Mu0nA==,iv:yHSF8Fb0yEyF+/hO3G1/gkeLACGb+2cS5HdtasYPuhU=,tag:dGGmyzxRiOhe18G2t66IfA==,type:str] + - ENC[AES256_GCM,data:wnXGDOG4bdyVrEwx5A==,iv:kahcSqLeYeYlUhd3azUmfeF6Lt3GjGj2Ox15XZ0FAI8=,tag:H7bUMdSy6u4kh1pD/yw78g==,type:str] + - ENC[AES256_GCM,data:8Xmn7/bujoV2q8vb,iv:U0KX42lHsUqtbT2h76sxb0A6+MJqnjVeFTRg+0D3w8M=,tag:N5kheszeen80rom/ZQtYDg==,type:str] + - ENC[AES256_GCM,data:RE7d09LOfUNRDzB1CEN58TVv,iv:2MdjBebRa7jeSdig0C51Cfc035fA/M6cDvBgkDF9+PM=,tag:6r3a6Hhp1xxkdtU5nm7egg==,type:str] + - ENC[AES256_GCM,data:3GYxhH39zfTKTUDq,iv:BLww8cTzjnJ3+8RrqkOQ+29Uf/halR8/KwAE5cdcHTQ=,tag:9GjEru99Oqu8jQIEE87VxA==,type:str] + - ENC[AES256_GCM,data:7Uqol5KC+HlxXKng,iv:qPz9uQIwSI8x8LnUmwWrCVQEKjZeyXifkbFVYtM4f/E=,tag:O7idBL2Y4FezkCh+IrOPkg==,type:str] + - ENC[AES256_GCM,data:/jrrdLTwik5nbw==,iv:ejzBuA8LcmghDpru6vLrYU1Fj037wNTKzm7Dhw4srGw=,tag:yMtYX4xSMkajn5xHR49uPw==,type:str] + - ENC[AES256_GCM,data:l6ghS/PGr1B4dw==,iv:mWmydEI63JvBa8nFPElKrIPbtP17TGpEoYQ7PPXynwU=,tag:/DcX7I/gT+hHB3tgsvTRTw==,type:str] + - ENC[AES256_GCM,data:nVSoH0VF9UHcCU4w,iv:uYWWTGwnYwLnOIQDtlbVsaGWDczDoyuQTMIoOw0dAvs=,tag:6PUadf/xujmydJqOk39tbA==,type:str] + - ENC[AES256_GCM,data:+ETGOSekzTBNCQ==,iv:5pH2IfHNeUbQOXDerCU1+sfpot1PY3Ow0m1NpLvNAIE=,tag:STxGLox1pADNFB16Jtq8Gg==,type:str] + - ENC[AES256_GCM,data:T98EWVfO2Z7ZOQ==,iv:AnWLFNd8b1WQwbSDpxQR5vaLwy3245G1kFTJrXmPpiE=,tag:8jEP6Tq5Ffz8xupRyFeGzw==,type:str] + - ENC[AES256_GCM,data:aeNlMmLq4OwjAQ==,iv:TsHhw7zwFNQc+KKAGhqOe2s4TwzgEFUFnwKeifBYgp4=,tag:9Yo8teMV3yM7uhXv5oJAGg==,type:str] + - ENC[AES256_GCM,data:VZSFGuGcbBrMsg==,iv:yfHPIT4G9dvtj9Q3eLD5QDh2MRdecP9plj/0nMKvApE=,tag:EXaAlYjdW3FxipUZj4PEJQ==,type:str] + - ENC[AES256_GCM,data:2lxAbaRAxKyMGg==,iv:w17MCEQdAH4nYzxNvp/5fL7B4MxPbztUuBOdQlZscsE=,tag:eBr4fF6QYGDuOfgZKWGFyQ==,type:str] + - ENC[AES256_GCM,data:RuIF9fMBX/99Bw==,iv:5GSBiTBH+opQ3aTA1WAvOWgBJFr0bo0yqwRV6GYDZD4=,tag:6kRines7mvINKnWYQWK4wA==,type:str] + - ENC[AES256_GCM,data:K93wRhzHh+RxPQ==,iv:IAhGWLLdpvRJ6/N3YFdQt4u4WgWRJrHCfqne12CMkjQ=,tag:XvP3Cr7Rw5lXeGiDUUGRyA==,type:str] + - ENC[AES256_GCM,data:DWWi7txRi6ZSwA==,iv:jUKGz9eQUBYOetGouvKZWyJdps2xGZrux4mH2fJjr0A=,tag:wQZwLHnVQcodPHHAvUmMyg==,type:str] + - ENC[AES256_GCM,data:eIwDMqV2J8BkkA==,iv:EnPchv37m2noHG0ix77+QxblzZG6rrUIUHZEqXN96Mk=,tag:5nNC6K0Tyf7I5lzfdaaJ5w==,type:str] + - ENC[AES256_GCM,data:2BNrPVvQ6dodsA==,iv:sH1XqIWmnpxnKtnKV6r3R3YWkXkafPPsS/79Jzsj5BE=,tag:JlF/bv5fwIkboW1SC5Idyw==,type:str] + - ENC[AES256_GCM,data:bM8XQFlaZjjdmA==,iv:7vIr3Iky1EQRWNImd9GS5nzXQCyMOjAW1qYL2A71PA8=,tag:8THMgI+GSO1cnDNxJJpw2g==,type:str] + - ENC[AES256_GCM,data:0mLviCbNJktctg==,iv:a0GWGRlzCiC8yimFYf640ho9ui85bkJbOGiSqT5PgXs=,tag:jnkAbemyLMuep2iTJ4VgWA==,type:str] + - ENC[AES256_GCM,data:GP+W7vW44QgfV29U,iv:W8ABEvEH/wMRON7HskDuJqENUghkCxMy+wgG4t552C0=,tag:jBhvEyV5q0EiVGrRJCfkkw==,type:str] + - ENC[AES256_GCM,data:bB0Vglyy3gymlJ29PEI=,iv:2lF3zlk+ijA63CsdWOnXTa/sJJ46m79TZDbm5a551yc=,tag:BvN0vPhGEzdohq9TMngbgw==,type:str] + - ENC[AES256_GCM,data:CbR8v18vYztsibdIGQ==,iv:wjy/Uuev1rv2DmSxdCyCU33ej1ikO0uj+UtZms0/Q5c=,tag:oZDU/pBwv/+pqP+MEevYAA==,type:str] + - ENC[AES256_GCM,data:g+uG33vd1f0tPwoESA==,iv:DLVfG74nde0Tzcbp7FE+4Edef0bK2cUxwYF3/swt8Bc=,tag:7PuMe2HyX1FDag99T/j/cw==,type:str] + - ENC[AES256_GCM,data:NMcDgV+XzA1sPhI=,iv:OY0as8D9Yyp52HphY8rmwSawPO3TAgXX8VIi+lIyq08=,tag:OWIvYSLIvW82SMFbaZwuUQ==,type:str] + - ENC[AES256_GCM,data:izLVUIw08+KJr00Rf4do,iv:lUr00sBEdh92oHqm+ML5UA3QC+GXhb6CFWn+cria8Js=,tag:G4wwxgalQ4efZqaL+x0GPg==,type:str] + - ENC[AES256_GCM,data:XytxCZiS0aSwLSETF0Nq,iv:fQcSyA4Cm178mU/6rUOutVxDCM1gXMSX3rOblgJfGLk=,tag:77rFv/6QsS64tWUpG9objg==,type:str] + - ENC[AES256_GCM,data:KDivAkAL6JhENw==,iv:RYOBnQERQTxgFbWLZzuJ93GPOQOjhD2q2Yu/ynYL0Ho=,tag:AxBnc8DQShpsQFuzkd3Sqw==,type:str] + - ENC[AES256_GCM,data:3R+67eHtHwDRVDsyqFbT,iv:DHRKOoPw29X2/QYe60RG5AHqD7FFV9tYRZKmYy37ynw=,tag:G+SM1LbfasP1hKA4fPK+xA==,type:str] + - ENC[AES256_GCM,data:XNA0HaUu5gnGyLR1,iv:iCCfFOij6QgWgV2Lii/QXEqcXKD/QCjFF720Yw0Yxso=,tag:0I8w2PZYUeDxDGH8LJ/bLg==,type:str] + - ENC[AES256_GCM,data:moPCxK7l5fs+IhcaiQ==,iv:kXkqKvyPRmI1faChZUVBasTBgBARof2K8/rTb3pss0Y=,tag:/Hk0Uga0XRqWrKI5Ma1s7w==,type:str] + - ENC[AES256_GCM,data:3aei4Zbb/eCz9yH61ml0GHTy,iv:nDPilVLJz4rzQClUwtO9iNkjKzsTjets2nntDgtPyKA=,tag:stl56SgEQqnHHab74uBPwQ==,type:str] + - ENC[AES256_GCM,data:PebmvOLrBetxc8+kKkJPrO48Uls=,iv:tHx56Gkdqk1zfOzkgKHtzN1C1HU2diuPu3JDln0g6GI=,tag:t1+UIk4FN8h8lKYKhuhFZw==,type:str] + - ENC[AES256_GCM,data:0OSJLs/b9vVXqY8YzEehEg==,iv:qR/TO2fobu7LIOC6gdGVtg6zMiNHGTn6r502iWzPi1I=,tag:izNqv8sPOtgXAZj746scjA==,type:str] + - ENC[AES256_GCM,data:MCrCOdlfZBU=,iv:smFrEVIut1gnPAMgfYKGQCInbt0mSIr7jZ+M/WoaSPw=,tag:VKoqVtrt38YRcIAn7BcErw==,type:str] + - ENC[AES256_GCM,data:flnalAqtAzS+8yY=,iv:q6YcnjQ6awMn/ExXFoLsu99fJU+gIn6OMnW/pb9lvuk=,tag:Rnwn/pPD8vHzjpsUNnXxNg==,type:str] + - ENC[AES256_GCM,data:TnyZtAAK/a+EYg==,iv:Di/9+1u8+WppWxSFPKptYnYgTw3iAL9PEPLNnn0HmXU=,tag:J3ROortCFY21jhFeJT40Kg==,type:str] + - ENC[AES256_GCM,data:HUjl4V6rEsH8,iv:iH4Y2ziO5NuU2/wVtXvmLYt3A7zi4vb0jKk9tSsU0P0=,tag:w/lAjrB0BsPsrqBXvVlqeQ==,type:str] + - ENC[AES256_GCM,data:4kxcK1H7v5o=,iv:MwScb0AC7rBvFXbkHJclPepBCrNFxYKCWE4uUKD9Ohc=,tag:Ipr0EfWEi2WxVYwZb1OC8g==,type:str] + - ENC[AES256_GCM,data:X2Wz9g6gV/k=,iv:St95Jsn+f6dvncqPnuO0ir0MreFYUg1lbW8JS4oFbZo=,tag:WyjtUlcYIYXsDyeGwDbd0g==,type:str] + - ENC[AES256_GCM,data:jBU2LPsXiKu8UAWSGg==,iv:v4or7ZH+ZwP9D+oXD4l21Q4J0D4jhyD/qq595Crs7UY=,tag:aH9qSukLeO4/oPxeejigcQ==,type:str] + - ENC[AES256_GCM,data:9UtFxcwuzHqAM82RSC0FAA==,iv:tNmptw264IjPTzzZ9hb6QLHzKLOpTRUQhHlH0jkfrdo=,tag:UuLYqJ/um2WBfdzI+oxc1A==,type:str] + - ENC[AES256_GCM,data:Q9YEedFowJnpQuQc5Q==,iv:7vefcuUsxr1k2KPMcTHw6hr16MPOdiqXeN+iJwoTLAA=,tag:Oy6QcAajnhqDvcHaomkEag==,type:str] + - ENC[AES256_GCM,data:l3HtqlTLUCVa1rNCPfvW188=,iv:KfSMoYWh86cxJ9RSCDGdqyMXGvc4z6XOjFM0Xbs2JG0=,tag:p0lm5n7oJrXFWwKcwD5bEg==,type:str] + - ENC[AES256_GCM,data:nDmosgKrvUfV,iv:NLWYjIg6gM0F58aJS1aU81cNI1QbPLkzGFEezKoO+gs=,tag:pPYyK3UMvo+TKjgXAG7jaA==,type:str] + - ENC[AES256_GCM,data:vZJAQJRNyGmd0II=,iv:zBfqo/0qnxc3kzeo5dikJTqET/wy+SgUlvakvDiFx1o=,tag:egNtiWpbfUr9JSeUsjvwWQ==,type:str] + - ENC[AES256_GCM,data:HKpZyLYogou740Ee,iv:yqH46HixuPLCx6yHMZCBSgvh/hE1umABl+2AyHh6pqI=,tag:RVAIjm/CcokSoTUKeyJP/Q==,type:str] + - ENC[AES256_GCM,data:4J2Nxg2jEorWtg==,iv:WyajrI33qnfXY0RnGZhA6P+YwWE0TLjKSNKFv+ueKQo=,tag:34kcS+rVm/jdC01DRpOuVw==,type:str] + - ENC[AES256_GCM,data:VZaeJaWSms697g==,iv:aLzaQo8ss8ykXOWAmaKkAWG0dXZ42PgQIhFrvVv2KKQ=,tag:MgRVBYcOKx94xMl7JgPhFw==,type:str] + - ENC[AES256_GCM,data:k1MqNQ4vAy/zVjQ=,iv:+rqmkwXFMPyUbURGl3W9OBEMmqgca9oMbaTq3RTIag8=,tag:1eL9S4rZ0Fr/An2woooF6A==,type:str] + - ENC[AES256_GCM,data:XZIrdWXRPLDrhXwA,iv:+aN2DY18yD8nCzXvas4C1OniiOVTPAGM7k+k9LqvTx4=,tag:hY/RDJ38kaWj9N+bigqnUQ==,type:str] + - ENC[AES256_GCM,data:WCyvj9n3zSHuzL8lbg==,iv:SyhXgmZdaftzmZQRXfQ9u8xOUoDHDLkEoaNxR7YxBuk=,tag:35V+inE4nWpnIf/sgTmspA==,type:str] + - ENC[AES256_GCM,data:LyG+nBKDEJAM09oP,iv:7Ol4y3hVVE2s8mUJetigbxFoCZQsBgP0rvS2Tq2LMK8=,tag:/QDBSTYDULGMrcGSvXiUgg==,type:str] + - ENC[AES256_GCM,data:KEUp6hWpzoCdPE3l3eE18FneyZ/0Ig==,iv:3G2y4ibf89GnnqJmxomB9wBvQ3gKm+A6tBUmFmOU0AM=,tag:XXwl7f6rmIF2BRBD1vJYCA==,type:str] + - ENC[AES256_GCM,data:UTDlSF8wnpMTiq5XEdc=,iv:PI4DaVvgVgQBBQ/CIBrykGrzuKQcvxNQJgKzNCCbjGc=,tag:Wuf23Je5Ea/kd5eZOja2Bw==,type:str] + - ENC[AES256_GCM,data:rnV2X5rNkTrK9LlOFNNi0A==,iv:rCORefrNi5MaLHmBeVDLT3saM9pfIfN5EjqE34hCNZw=,tag:dYLvyAmzw7Q5IoT5uFBsSA==,type:str] + - ENC[AES256_GCM,data:jpgY+QUNhQjbGuHJew==,iv:ETB5KOkQTS9pB0qIkEbMiW/9DNeBslwtaiQQk93Esfc=,tag:5ekQzpZpSw6YfHBX3RX/Sw==,type:str] + - ENC[AES256_GCM,data:8I8KbNh8puJzIg==,iv:/vKwmKSAI27KkIKWcXWpAsxi4HJt8HLvDrd56tVu3bI=,tag:X+72haE9jHiBubXm8TMHpw==,type:str] + - ENC[AES256_GCM,data:DucruqHkUWrNElBcS24=,iv:dA3GMJWPEYRkPrfyOEvl06q8jX9GaniJBdhR+xjLBao=,tag:woW44h/GhT/Uh7tmYFCuBg==,type:str] + - ENC[AES256_GCM,data:bSFm0acubs1GrT51FdU=,iv:4GKDJWSlqrvkHuWKCPZS3HE1yhuZWAAtdjHgSw4edV8=,tag:J3pQZfO/2w+Z90sQXSosAw==,type:str] + - ENC[AES256_GCM,data:wAnvAnqINC1mW8uKx0Ep,iv:EdDVJ9+nF9ABqSYuT7cJMJbuPMSP7TRurljdjMA2+5Q=,tag:uklCnhQPDfbF5kdYjJq4Yg==,type:str] + - ENC[AES256_GCM,data:tnmZIIbeNsLfpxNO40ckow==,iv:uJw8ysYDLu+O7vrybVTHI8BUOiCpb3y9Ere0L/ctG14=,tag:10svDEYHV66ym7eSsnIIrw==,type:str] + - ENC[AES256_GCM,data:NMRtKOQne2xrh1QywmI=,iv:msk/VjQtG9d4qcaR/Q/+vM+nucLeQZ586y9FbAI7jCg=,tag:sok2k4KpVZ7RFvKShpqsNw==,type:str] + - ENC[AES256_GCM,data:3BnBXm+A6Afr8/ZUR/tjkY2deKTP,iv:0T2xSb1cmYDucjg8JfCTV0Xzo/q+8JSY7jB7YD/Vvys=,tag:57LWowFCyhuKZLZGo8FOlw==,type:str] + - ENC[AES256_GCM,data:d08gOuFC+zCSPXclMoLbcQ==,iv:D58Zy0ywuT1FjUR7cyyci9HClO1tzWTsfmgGRMuaqz0=,tag:fjUI3rG/pCEVZTb+JCeVCg==,type:str] + - ENC[AES256_GCM,data:vyLv/qbssplMDA==,iv:3QKi0gmuLCKRYTmKLZH+6CFQIpJRcaVoZFhtt918K4M=,tag:2fm5MsL+J9ygU7upSSlOUg==,type:str] + - ENC[AES256_GCM,data:W73X4oCrsseS6g==,iv:CJ4Iw4CepWnTBW64Ywetl41Iz6446et5T40a648xt7E=,tag:KJfia3pzCnhI4Pc214niNA==,type:str] + - ENC[AES256_GCM,data:m7TtseSS36H+hdVmT+yd0P4=,iv:GhXWl9u15Kj9KctanXNpNd1UfthVNuGeUt0GiBUfgtc=,tag:z57Lpmw1k7vct8Muzexktg==,type:str] + - ENC[AES256_GCM,data:S1tMP3W6Eo3oVT1MkA==,iv:fVpiyAEfmmueaSOL3vAJt/tznbBpx3NChtVEobXaxSE=,tag:HOUELPseEYrwXD/GQ8LwqA==,type:str] + - ENC[AES256_GCM,data:ji7ee7tkug==,iv:mKmsvblAEGqM0Slo0olg6o51z3z0hPqrQvVAdKUTfzY=,tag:nj1D1eocI0aTtGpXxt3UyQ==,type:str] + - ENC[AES256_GCM,data:8BYzk+uTlEybAlb+HNU=,iv:HjjI8IqZ5O5Z8J/xgHJGeBMTdZzGGbwFoU+bCQY0Aik=,tag:Vp0rEXlGxr+6cZ4RqMhTig==,type:str] + - ENC[AES256_GCM,data:+zF0mWotyoqI,iv:pY+RH7p8ciuBpBtsY+WXEkkVAyvVj16z+y7mj36JYNo=,tag:Su8AVWrMHNqx7BVVPiKtfw==,type:str] + - ENC[AES256_GCM,data:G5fLpz0Xpgq84g==,iv:jUwllzuF/B6xm4K4sYcUvvCxNsT5iHTYmxwg+zYt3Yg=,tag:nWT0mo/OemxHw2GaKY7otw==,type:str] + - ENC[AES256_GCM,data:+ULakW591H9CeQ==,iv:On9+X6a11pIHmlypj1m2kCGdF0/uoAyRdTWpqtTLY6Y=,tag:5lJ+SS6m43epG9GCnhibSA==,type:str] + - ENC[AES256_GCM,data:L1eZvxP9eqTyu3d2,iv:W7pIEZFyZCOMJOIYacy216uyV/Fh3rtxvl+CnGMhr0U=,tag:+0yAlfQB3M0HZ2DhNq/sjQ==,type:str] + - ENC[AES256_GCM,data:QAh8TOJ3t1iEQzaz,iv:gnAHlTzlOZvI0FiHBqqCE8bLgfTivFEt0VGcTeFzxp8=,tag:GPff2vWTdISQKcnvbbYeKQ==,type:str] + - ENC[AES256_GCM,data:lFRUd75bJ4BxpFdFDhil,iv:fdmyaiaUvHUPgKFj0or+IxlPZ6NQshpM3RRSxLVt7dk=,tag:9GTBhE9Rb2rabbCQfRQKwQ==,type:str] + - ENC[AES256_GCM,data:bOg80Cyon7Ka1WC19y0q,iv:D6XPMoCkCB68+SkvIXEY5nkTKMA8ovE25fZgG5cCZpg=,tag:xONWO88FjiU98S73g0aYqQ==,type:str] + - ENC[AES256_GCM,data:l+45kQSOYlSviDo=,iv:oXajpinop5i2eJqqSuujsPCX+erPm/33tGcxL+H2994=,tag:XLHBKD1A06PESAVda6GXJA==,type:str] + - ENC[AES256_GCM,data:z/H7ZPw1F7OJzPntxw==,iv:ouyjZer05mKlJNC3SRntpsw61wVkHGiB+gb1324rCxQ=,tag:Mr/NG4l+z73aAu7xS/c5cg==,type:str] + - ENC[AES256_GCM,data:cFBx5l9+i1Lye0+o,iv:e6zHCI95h5gwGSKtVtCLxLXh46YJ/ehoqwr+umrv1Jo=,tag:OEfOeCAqBotvTDuEYpoOwg==,type:str] + - ENC[AES256_GCM,data:m8HCFf9sIwYDTEQ=,iv:va7fTXsicXwXLAhjJB3fyE/DO+7zE892gchX3xh1G6s=,tag:gujZ8UdWZ/9g/KZCEAmtfA==,type:str] + - ENC[AES256_GCM,data:LOghlVjR7Nk1wxUgY4dZ,iv:sKgBJ/vGIzq0FHyWZv63whFG2rET8c3qeWuxNprxVkE=,tag:WF21NhQjuIvDEOWtKhdvxw==,type:str] + - ENC[AES256_GCM,data:LmjPZPl/rl+G1Xhx/fyABA==,iv:AKReowM/oj2wwMnqqIkl09f4+TKy59gkwkttAXLT4o4=,tag:vjt3ydDtaDoNZomuU/d0JQ==,type:str] + - ENC[AES256_GCM,data:6ln3qBTCiXiU,iv:rJm6jcmQIXKIxMqtf0R/iW7NpytZOFMAbR1HS5QFmE0=,tag:/f54b99Y8PolwCq9Mm/LWQ==,type:str] + - ENC[AES256_GCM,data:C5xPZWHlOi2918o=,iv:Gn48XkQdSoq8n2F7HO+RyYpzm9lm6fyU8UUieiPRvTA=,tag:GuGjmQlMaE0HJ/idftID5A==,type:str] + - ENC[AES256_GCM,data:C7njWMpdhiislIFC,iv:v9iS3LKQO0VKCNM5XdLy9Ipmy8dIvTnsGPoV4/LSCXY=,tag:qYvQkrzO8RzEErmhCLcWFA==,type:str] + - ENC[AES256_GCM,data:rTZ2X+d3BBhuU/swwQ==,iv:r9yHQZK3+6BC28BpRkai3m54IJFEOswRGKKmYeHD7Gw=,tag:yJ9N+OMRsZ7a6AxpY7eXZg==,type:str] + - ENC[AES256_GCM,data:ZRvomHMfNhiOBD4g,iv:+wF8uWwOphOQa8421JLd8rbp+ebvD2+E0GkRZrnRZJ0=,tag:in7hjRyaO4vDYZu21IV5/A==,type:str] + - ENC[AES256_GCM,data:VBu8FPmaffwL4F0=,iv:5G3Z6R+vjffBHIeIW8XESKKyK1TvtTtdrrTNdvpyA88=,tag:zbrTwn7Gx748PLwz48MyqQ==,type:str] + - ENC[AES256_GCM,data:Qvz9duyrXpe/,iv:I3R1EFBmL1K6/cBQOwwDIWrddVvSg779Ptzi6tzSdFc=,tag:nLxXvY9AP0c2Ii+NPp86kg==,type:str] + - ENC[AES256_GCM,data:mYpWoY5clmAVAup1AsBBIA==,iv:fIZ+NfcgnNDnpHdqRDktbEx4VEF1TA+zXG3A5FbyxhM=,tag:zKjxCp6mDowkJHGKicg++g==,type:str] + - ENC[AES256_GCM,data:o+BAc75MMiM5ShzZezksuw==,iv:TWJCkZs9sYGD4ju5gqAB7oVj5vYoWditwUYzI7lVZVo=,tag:xDdjhsJJYAr2MNKRwCHwYg==,type:str] + - ENC[AES256_GCM,data:S7+SosQH9K/7hnmr+ALU8g==,iv:/Y15AuDMs7tQ+l3eohXH0RMsTyBchRcG2UMB1i1xfq0=,tag:BVwpdf0I4pdQBaEtOHKiOw==,type:str] + - ENC[AES256_GCM,data:FaVr4IilqGOZONkBHGoiTQ==,iv:pCOE92LaXbcDB9/eIwu6gC5UB2RJx+WUAkJhLAfYb5w=,tag:9toW+X0k4ZDppr4G4KgOuw==,type:str] + - ENC[AES256_GCM,data:H08WcG8K6PyziQ==,iv:hFxpBRet0CFxS+hdEUfHxp1ZoeoqIw9G0bUBu/DebqU=,tag:av10hF3qOAHqAp80cX+wzg==,type:str] + - ENC[AES256_GCM,data:0Hy+L3q53AV9ZTtMJw==,iv:70eHMpfQX7u5D/cHC72Cr3TJetlWw6ql9l1W2GUlFWA=,tag:WBc8bw+k1+jnrdxWIDGasQ==,type:str] + - ENC[AES256_GCM,data:CAuCX15Tx9fzRNk=,iv:Mxg+TDxugiGAx8aWsMu8papxGbunSPSRsSCmuYqI6rc=,tag:p7rk6XiD04uAQdAySVHiog==,type:str] + - ENC[AES256_GCM,data:1IOF+33pqSEPnL7tBEiYT7k=,iv:wWiOJ5S2WGM2Iu1QGTBctDR6hHif6191L8KxWFF3QY8=,tag:wdg2LkLMMyCxm1e8DPu0/w==,type:str] + - ENC[AES256_GCM,data:w+C4IQtHbn8DUA3ULQlyvQ==,iv:Ph95B9FMmcoqiUY+dNtuLLTtyLbib9ExjfG6CQQNw/Q=,tag:IFrPBDzq8AWfr7qt9m2mNA==,type:str] + - ENC[AES256_GCM,data:TFOp8e8yOSMZqlM2Z6+ANdTX,iv:jWIaHbXAKona029RZ6xD7Rfx4aK17E5E+7ZZK6zAHWE=,tag:Hq7oc/WXkAuhzS6SKArU5g==,type:str] + - ENC[AES256_GCM,data:jpgnVHe8lODXL5MVcmig,iv:L7eeGYWqvS+ukyrP96T/i8Pglx0a/yEgI58xZYV0ocI=,tag:Ii315K6ifmNj8YLzUQINzQ==,type:str] + - ENC[AES256_GCM,data:Dwiz9SneNRVVnrAW7FJf/sKJP8WElw==,iv:/3KKKLrA2WahIYCDjBdjy9sH7w29/xOi2sOVdk8RWxU=,tag:ugNEiRYRYaLwwoi+V3JSxw==,type:str] + - ENC[AES256_GCM,data:RE9JEufPY4myfHY=,iv:4AmPEdLkldG284eY47Fr0jBzsRULA5S5zaOKmoubdnU=,tag:mDKy8BsFndWUwgEdyztrvA==,type:str] + - ENC[AES256_GCM,data:ymMpIp0Gg9kF0BrQ+w==,iv:2cjUcm5REX4dUx1UNzIbnH2npt366u/wIEodJrs1EAM=,tag:Cs2s0Fedap/jtnO3qNriOA==,type:str] + - ENC[AES256_GCM,data:KwKEUqlhvYXZXL+obQ==,iv:EYyvLyuCnAzqQPHTz1A3napKpFWLpZoKXyT9nk20LpE=,tag:iy0M1HwzyD7Z2xWwpczhvA==,type:str] + - ENC[AES256_GCM,data:/dG2n8uJXtANJN/cboA=,iv:lPJgYYtYzkz47WOx4lXMLyj10xLvA3lQxynvZQZGdxw=,tag:gWt99rdiUjkR23WawBqqDg==,type:str] + - ENC[AES256_GCM,data:T6dZ/j7+HknbDA==,iv:BGwOfoSJPhk3+Y7w8f3dwZW4AJ0hwd/hO0OckMWhR3U=,tag:X9S6cDgA2LwYGCZ1EKtn4Q==,type:str] + - ENC[AES256_GCM,data:yaP48Ep57e7BQKQ=,iv:b4q02AfjZgyGagfu+DZ795zmHlFwYfgIK1Jyke6VhKE=,tag:qf2/N3eHa8qEJfkqv2qbpA==,type:str] + - ENC[AES256_GCM,data:45hSxUbXBkznI9BoQNJ3,iv:sfZq+ThW08lDuLjc+GnJ7R5Ft2IZneipyK8GDwEA4bE=,tag:DUB9xUMQFEh/BpSLz93SEw==,type:str] + - ENC[AES256_GCM,data:43ihrYoTbhK3fTTQI7fV,iv:Jky7V0JndsjeyDGQljRjKf6dU7YfiHmIpvSaEcoTVAg=,tag:Y7MjY6W4gOcY/ZaEyvzKdA==,type:str] + - ENC[AES256_GCM,data:dNBuZKpw5DdKQubMG9Tq,iv:BQfbyfSmWn73cxVmxqqPfBdZ5bCZLpY/JsHi9C1sgxM=,tag:wPeZ/8QAvB0YMHIUA8mG+w==,type:str] + - ENC[AES256_GCM,data:Z2Dy8TB1IWXbTxfC,iv:jKg2lXBfzh5Xv6v1UNTr5fB9tYkFusfHfdlEHXA86IU=,tag:6niNuQyBSxUjc86+PWW4gA==,type:str] + - ENC[AES256_GCM,data:NRzwoYLQVE5HNg==,iv:NoJccqj/NkeAn7Ojgp6Ffyhg2E4S6lk8nHsSyf0iFzw=,tag:zSGDjWrsAOC1TlF3W+a5GA==,type:str] + - ENC[AES256_GCM,data:ZSbUy9XvDGkeeag=,iv:QKcWWnoOEGlyupnkMmrtBKhq0eIPnvpiAKCtgxjjzN4=,tag:2R8kQ+cmPO+JXWsjI69+Ag==,type:str] + - ENC[AES256_GCM,data:AJUnXzxSYWKHdBFsfw==,iv:3/8PIKwDuc+d0KZfPPmcStHTLHawoUsKivwMrWK4Arc=,tag:elNNOP376apwnolIKsvvWw==,type:str] + - ENC[AES256_GCM,data:xazirea3aipmTTvrdgU=,iv:S+IIOhz5ubqwsVMc+t0oh/Qrn2jTq+uUssO3VrJAjr4=,tag:s6FsnWUHVNpRMYL49sCQeA==,type:str] + - ENC[AES256_GCM,data:k+Fh6OtrLmvmbuU=,iv:CLjSpgDCrp5lzfDRWN0gXTU9pbFpJIk8hfle4Jiq5Q0=,tag:t43Y8xHCnEdxlXIS64juqg==,type:str] + - ENC[AES256_GCM,data:/7DBy9Afa8TCVVnnixemCA==,iv:ub/ccYvTZEQfszzxJc7Xzi+6OsPhLxgUKh8mTYHHHqM=,tag:pAPHGueM6OOczTfnyEyTZQ==,type:str] + - ENC[AES256_GCM,data:Q9GomoZS6DaoAqRgrC29CdAF8jc=,iv:IwvnZOfkCE1YSfuy3YC4ST5fNFY71qRN747UVg81qVk=,tag:CkkSz1VLzGw8YnPpyc9XJw==,type:str] + - ENC[AES256_GCM,data:3SMmMzynb7wqktyIWzGZiUUPJjoLnI4=,iv:1etNvyQ91VDrNq5L3MS5JweBwel8YK6sxDow+lhLvz8=,tag:xGed4LJmPfGAA8c1zDToEg==,type:str] + - ENC[AES256_GCM,data:EhZWvqnyE6RWhQ==,iv:EfTa/VToIyrvyHEmMgNzsruEvUTgBaA1hSRrubluiEg=,tag:qBCuDjJkq777r+NrEoQ5IQ==,type:str] + - ENC[AES256_GCM,data:CGmomzQlFyRKuQ==,iv:h9R6OvidmqG+npdK9i+EsVZLR9Mgu6zwSBRi+r/Zkvg=,tag:wJmPRwrauI7+7xeLwHCT+Q==,type:str] + - ENC[AES256_GCM,data:a155WXBtlftySTE=,iv:trusfsGfFK6bdBzo50EG+CDVSoipRXZ8gWFoVW478TI=,tag:Njv1AIeWFc94nutPTb2s6A==,type:str] + - ENC[AES256_GCM,data:HwPGjOktvMglQeQF4Q==,iv:ChNZAct02zcJY4E+N45BrfnoyqHIDOrUbuRtetSF0jw=,tag:1Q0eAhTYe8dMcXdz4YMmVA==,type:str] + - ENC[AES256_GCM,data:5vHohW238EYWAdUmxdCSf+k=,iv:oE1sqloFVHBhOOu6aXAYEXiz0UGK5k5Ya4ItTxK+JUk=,tag:8UJ41LlUKHzA69nza9himw==,type:str] + - ENC[AES256_GCM,data:RL54j5S7MdY5E4L1izSNMG6xYA==,iv:WJ462smA8qx884GsGxKNVFDe+1gRKwlLDU06xN7hYzw=,tag:8xb3N1G+ZgX9oLMAORiFgg==,type:str] + - ENC[AES256_GCM,data:8BgdCNIlOyrD0wjt,iv:dJLalw88G1ck7hRAxi0IizXIDfPyVsByZp6GKSx/EMc=,tag:/4og1e2DwzUuqAvqSl0c1w==,type:str] + - ENC[AES256_GCM,data:b+evOFVrgJyUTwmKiEyL/Fne6Q==,iv:+YeZi3QCHspXREQps00PnClhtorOxfUbcJxoDBWYf+k=,tag:zD8gKfaKSOFgDZRwlE4uqg==,type:str] + - ENC[AES256_GCM,data:AeNzE/PGr+EAqY3fZDu8,iv:pyWyMozfNbTlBs3elOghg6CWD4cJm3OuVrNII8eiJc4=,tag:ABhUFDtm2TZZuvWx+b3OtA==,type:str] + - ENC[AES256_GCM,data:3frwi05G1cQnU8mDqQ==,iv:aOOtc/R0FFwEQft87x0hKC5KJom90deIHAzpifOigvI=,tag:Z/hpO1vnBVnStGofud3EGw==,type:str] + - ENC[AES256_GCM,data:26kJkFDZI2/IkBVkPw==,iv:fOz1IWeLsHcJMmcZIUghlxkNiMq6RLz7y/iHRlo3bow=,tag:hhgCQN/1V/OwtDyOarEMew==,type:str] + - ENC[AES256_GCM,data:Z+9aGR8CaDfaon5Tu/utDQ==,iv:DTd+O9DlGDG1EFAkgOrn2e7dM5c2lgYF2eM8i77rFok=,tag:ov8jfCNp3E0h2ua/0hle0Q==,type:str] + - ENC[AES256_GCM,data:X0vKqJtEN0wMtOWRVM5g,iv:oZJt2VQfXv/VbDzSzPj4HVPbJ3+h9VCTkPR3quZcd6o=,tag:wH5Q0CSgrAeahB5DWi1+sQ==,type:str] + - ENC[AES256_GCM,data:tPHuvPr4osgRihPZIdaSzg==,iv:xxpw9lXCpm0WxjG/QY9mRHyfxvasc2sJKt1Vld2JVaQ=,tag:6MEiIVfPfQv7Rq+rI3JWtg==,type:str] + - ENC[AES256_GCM,data:qV5QKGRatPttjCYzZoIU,iv:bWQ2/Be/iYtgm79fT7P8ti/Z2VKgW0WCmRUAOZMoPzA=,tag:uVIUMCuBSOSXc6uv0Np41A==,type:str] + - ENC[AES256_GCM,data:+vNT5E3IyRMywv3oryU=,iv:tJX5p3PK67h2h4Ll2dEqohdD3Q6uOFlqnyx+CmnFqns=,tag:+hJoZwh/nO0fXOtnHcXk6g==,type:str] + - ENC[AES256_GCM,data:Z156mbHrmwz8op6ZAn4=,iv:yJNL7+tj6MDymYlQfdrdbjH9bX512QLUE/JgakPSY/A=,tag:whUC3JIyaofxjpPFoFq5Zg==,type:str] + - ENC[AES256_GCM,data:5vgpcoJaSod1YBkxAHCjow==,iv:1qC4BKZEbmRex9Hs08JYoGY3J6HaUdl3MfKpkEczX8M=,tag:XljQrOUld3v5XHA/FNlyiA==,type:str] + - ENC[AES256_GCM,data:9tzOYMLFTR20Bs14cbPYLA==,iv:ZHAclc/rlFpuo7zoXSsptI4oEwlABVQMu8Uw2Hzig4Q=,tag:n9rfsum+z9ADVa273Oh/3g==,type:str] + - ENC[AES256_GCM,data:uJacpKhTGKIU3AOq94nc,iv:8RsNnHin21KEyUlNafDbFLlAAXYd+KBhE8eQBRa24X8=,tag:GsjgN9pLWxhNqljJu86mmQ==,type:str] + - ENC[AES256_GCM,data:VI4DCcOTvfGSHlo=,iv:lx+ySpIB5P5ShQ8IsURapYY0G7PeLdIeT4D4Jsji8/M=,tag:ExN615IN3MxtWeE1c0pM2Q==,type:str] + - ENC[AES256_GCM,data:+QZF1BseyZ+TIr/1Jg==,iv:pmRlyUMEfZXRtDoGJgJakfHyCboh3zk0H1Lgz8rEYQU=,tag:myIbBb/lMc2oKiITl1LM4w==,type:str] + - ENC[AES256_GCM,data:lrVopHx6dQrMunov+O0=,iv:CGjSdU5NGNwc/HWIS9vEU2D8lkh+Ny0Wgy43u9VLeV4=,tag:wQzysFn1POHM771ZBx911A==,type:str] + - ENC[AES256_GCM,data:AMsqZ/dwkYS5C0ZCBanxSg==,iv:0WrGtZ1ZmP+W+u/WZI6LYFYik1VIaAu1xLJy+VEzzlY=,tag:/ofarmUu6yh1EdeC/26kIA==,type:str] + - ENC[AES256_GCM,data:b1TZiZpFt8/hFldM6SG4ZLw=,iv:3/GWkaMX68IrOdA+11IB+0JaJzCy4rFKo1iwM6kf2zg=,tag:BGD8D+xdX+vT97+GKLrKyA==,type:str] + - ENC[AES256_GCM,data:KdbUS8uqGzu6SA==,iv:S30f4PXK94skxzUR79qkuhtx0Lv3iiLEwV41YXYsx8I=,tag:4mYgKXZgpTkKUu2jzf8Egw==,type:str] + - ENC[AES256_GCM,data:O9eFtjYwHuQZUUH8AoQ=,iv:1A0xFFYA57D6WtZiRAHcOBfYjUvL8KdgJRik2wQlXFw=,tag:NBR9avYJtuayLlC8jsCq0A==,type:str] + - ENC[AES256_GCM,data:3+IrteQXf/et+gI=,iv:urssYsOz1AuRHJQZ3fLsrx1hH7nHdfcQb+g7kPAIUGg=,tag:sl+sONO+F+MJUIoYXkKVLA==,type:str] + - ENC[AES256_GCM,data:cqy75oD9MfPkhRQ=,iv:AxVrWcsAo45BH8BCd2g1gchq3cAhKw1YDkHkPdNe1FI=,tag:tkGyVyoC2qYigInhGc0WDw==,type:str] + - ENC[AES256_GCM,data:6dOnMtOX4QxisqhL,iv:Ev+UjUlxVpWx5DtcQ+R3pOpLQ+SVUWYRifeGYPh3VjM=,tag:n8gVMakgWR3X496o9+qpkg==,type:str] + - ENC[AES256_GCM,data:nrfSEDfqY+BI4iN5ZQIKNVU=,iv:fCwN9YPHKvcoBA3SpwcRi52qRDop8TrPXCoc//Rxr1c=,tag:8Ptwr9HWFYbyOPpY69WZxw==,type:str] + - ENC[AES256_GCM,data:oMPjZG8JXekmWqI7U+c=,iv:qSoH6YOnxhn33bVb+cBVsdh29G/hPX7gVipz6/+8sss=,tag:EYRYzZQVQnQqSc6i/epTJw==,type:str] + - ENC[AES256_GCM,data:DrM+6/zjJqfXRA==,iv:EUFEqmWCOrOF1/GxuTIETyoHWuh9AwyVmRs8IjX6AXI=,tag:GJbF3hSMVKR8YHeN1NM8Hg==,type:str] + - ENC[AES256_GCM,data:gNmRL/OZhlUQEAc=,iv:Ea7RUNFPADB8iu+uBkPLz1RhyXcG7GUHlqGFa9ydGJw=,tag:z8467M+ON7OWG1x0KKAANQ==,type:str] + - ENC[AES256_GCM,data:5bGBWjmM6Xznwz/p,iv:oVrDJYtjBv9hgz3JRDgAfLXo3WXZSKvbg3hjGYJkJFc=,tag:TnOf1OD3nF3KhAgWe1XsSg==,type:str] + - ENC[AES256_GCM,data:ojmYjnCl4+dpoeRRCDGX,iv:zqN2PaaoZphaYal8zbtrOQ3zA1WWrlpLHQPtVwHm8po=,tag:RcFBEwCRqceFYts+BcbJBA==,type:str] + - ENC[AES256_GCM,data:du6tDpe2cqk3Hj12a2wy,iv:/48BsdeGEgbTqXqovhNwDmXquXjU7PJm0i3gTWPxUps=,tag:gOBny+Ai2BE6dzz1cG5/lA==,type:str] + - ENC[AES256_GCM,data:4tqqKn/8dri/xUHbsbI=,iv:gIa0c459Mrsdm1WIGBMdk1nPHihQCizAr/DU3emoFKU=,tag:kdN4qGSOBVRG5gUtPU6ViQ==,type:str] + - ENC[AES256_GCM,data:lqQEt7krhEKTig==,iv:TIEUvTIH6AofzI4MROnLqMdXC7OOvCyky+e8I7wIj34=,tag:d4LVVZMzQjJ6YtgffK7YuQ==,type:str] + - ENC[AES256_GCM,data:3zHIpKOb4YFLOQAeLA==,iv:rKd/w1g5WnhqwKT1pV/GUjQP+p+PE6aBVlwXPd4SrdQ=,tag:sjYye8OboCsmg8jpIvEeBg==,type:str] + - ENC[AES256_GCM,data:ulUYp7Cn4Hhxm7m60/M=,iv:yd2oUKKHbEY9KjCcbrUoZSOJUbjEoDmSg+shoANyCs8=,tag:TXExM634qw5O3WS0Flm1BQ==,type:str] + - ENC[AES256_GCM,data:Dx+9FLSYO0DCNQ==,iv:KnpIs+5J6Iu/Fpg1TlGkyau0qxzpxYjFJLFg+Tm2e6g=,tag:qde0mfOQup6ayGGU4wYE8g==,type:str] + - ENC[AES256_GCM,data:Ls9EC6X24aHpWqkAvA==,iv:vggcqn6kPaaG755gcawlvvvA1pK+l1V7OerqiLhGAxg=,tag:K7LUtc7Ho6jASTrUYX8TWw==,type:str] + - ENC[AES256_GCM,data:+dbUg/8zSrVnPqyj9mIVtyA=,iv:OoIRz4KaNh7Cbvrfaciy70XGoXqQPZr+Q+GuGBn3fCA=,tag:1od5uDcjymz7zAhR7JEdqw==,type:str] + - ENC[AES256_GCM,data:CJEZmVubF7AgWqxeWX9dRG+u,iv:ki2yinZpkGDvqmP0pvgQ7hlBAjEEp5PV2grAY4WC5Wk=,tag:6zsmGYdrEsWWN0lJ8ZxNzw==,type:str] + - ENC[AES256_GCM,data:tfhBo2Ab7iOWog==,iv:3zh1iO+j8Z0/Uq5PTmqt9Q7GRx6x615zXYJKIAz2BcI=,tag:4Qj1DIgFTb+DvScYMrABZw==,type:str] + - ENC[AES256_GCM,data:lm1ljrMy2/flBZOs8urpL70N4xtI0VA=,iv:6g+IEkN0rH9t7LvvWOMsCM7CbW+2Bi1FMrYjXLI0ws4=,tag:M7Z2YMoqshc0Biye4yw+qA==,type:str] + - ENC[AES256_GCM,data:FX8Q0yiUYn+luE7H,iv:1bQ5Arj/Zbvowfhajc/kPBxe2ujf1VA5Ix4/P76QTZU=,tag:XxBl+RN+j2q1LmrsBOO7dw==,type:str] + - ENC[AES256_GCM,data:/vlS53bvKzWNeOMIFhilvy1M,iv:KrYVbG7dBQ5+Qjkt8Sg1naNwB852RLKyBJqCyWr1j+g=,tag:U46vqpmce6LlW2cXRJ3CvA==,type:str] + - ENC[AES256_GCM,data:0nlvj25IhCEkkhoKzRPBFl2HjJs+,iv:b4KH9ccb+79hXFVsF4YzglmPgUwLoLI6ygD8ySWwqck=,tag:VwSK6dFyp00aY4wuq117wQ==,type:str] + - ENC[AES256_GCM,data:fE8zHwSAV5wTMxYLvFnhVyDp,iv:dsIpqywW+7gzbPxarkZueTYmTOb12ks21q5/Bodhag0=,tag:hktMaFC4qwhfEN3KQejAsQ==,type:str] + - ENC[AES256_GCM,data:BG09ZO8oQdLn6ly979IQbnY=,iv:RWrLi+B4KrVGHFNP1UtqB2TKpSI7/VBtE4KN0/6YKZ8=,tag:2B8W6J6tVI3upEw4viQipQ==,type:str] + - ENC[AES256_GCM,data:6xEfF0ifBhaVmwp+W1o=,iv:5/N0EWq4RZbij3QTSm7mXoGAIZV7XttM+zV9ZvLdmmQ=,tag:ZHtfiy5VGQEPA6d/1HWZiA==,type:str] + - ENC[AES256_GCM,data:7nndBaFq7NsKU7GO8JCz,iv:KrKU2e6/DR/fqBqIS7yAq/3hIs8Dcm4BGRJiLNvHcJ8=,tag:aZtZ7viakI9L9z7UQy6o/Q==,type:str] + - ENC[AES256_GCM,data:XxWQH8eQbk95,iv:brjBJYJC4/KCmjrfnGpn07FEKZ30NlQz3aDleN/jh9Q=,tag:DwY3yuoCU8s1g6CZB3T/yg==,type:str] + - ENC[AES256_GCM,data:IWPg2mxv0k4PgeN7hxnC,iv:5ByNWT64OTKyFCyMyD3mQ1+6LyyUcEXJW7ttQXFj2lo=,tag:0o5fS2Ee7SV8JLdYGbujzA==,type:str] + - ENC[AES256_GCM,data:2FfNyCg49nJF,iv:MlMslZX88yIa/v0h5yy6G+5loYeRb3zNBrPR/i1CswI=,tag:ted9KRA2jDMxD6a3/P5ZWA==,type:str] + - ENC[AES256_GCM,data:wtQRk3DUK0ioVACCyKQ=,iv:frrV/EQbgdbCVb6LWrI0dJwxv2YAEE2/o+7e91Kd+RQ=,tag:hhIddaHkVphChAj0uM3JWw==,type:str] + - ENC[AES256_GCM,data:i3RiCrGKgLUNMGRrKw==,iv:Q/k35eigYTwJ1ysyWuIwi1LHnRpiRWmmsvzPqXi4P2w=,tag:EORZZbr8vXEnaJSHCQhvWg==,type:str] + - ENC[AES256_GCM,data:R6lZ786QV+YOyQEG2qxE,iv:T1nfXhgAKjif7HJt/GPx1UNfl/BnfeKPj/tcvAblk6I=,tag:3fls8ECqPdAGe9crp2Rxvg==,type:str] + - ENC[AES256_GCM,data:QiBkNAWmXpLsx+1B1Ac=,iv:zMw7WFOOI3VNYSASCxFkuoK9Ws7u1nJtugHYHVRhJkg=,tag:J1dsE1TZlWzioUTY8vXZ7A==,type:str] + - ENC[AES256_GCM,data:XV6J/j7WbvfRkOtjRbvqmLz8,iv:+G4YHsNzI1DwoEixaEUcLrZBNbrhuZFwqROYgpozYe4=,tag:LKTjx4wFXbPZ4Ic0dg5N+A==,type:str] + - ENC[AES256_GCM,data:e6ZAlRPSqCl32qgUorG0l0Ce,iv:Ri77+mLVxW+nhJake16dckjKAF3P3TddooYO8YJ/CS0=,tag:KkB3kD38jcupQBKVmRMsQA==,type:str] + - ENC[AES256_GCM,data:J69r+M+7f3K3G0z9IEctVamdp176,iv:O8TU7ZTQtv2tHcuSzKseCjaDnu46tK+EY5V5N88Re9Y=,tag:N3Gx4nE+kjc8ZxnhBzGtVQ==,type:str] + - ENC[AES256_GCM,data:LjSiUEuLzwzjrQuMBNM=,iv:wi/leT/tCoRxXzEp6AYw4adxlnWfrSNsRhJNqvSsOGs=,tag:Ho4yKGYxL8HwVUdpfkq3bw==,type:str] + - ENC[AES256_GCM,data:kGSngO1fcRvGZxDAQ3y6,iv:ZkupR24DIm1t83pQ3jxKPeVBW01CSQ1XtJxTGHNLrjM=,tag:G0VPih2OvqMujmg/vznnnA==,type:str] + - ENC[AES256_GCM,data:j3eOmHq6zbLgXUQ8,iv:UQhkzyFcd7kF39fdBF7aPY/lvir0P0rTO3ypGu6pYk0=,tag:C3F5zdRrYwklkGm8aUoq7g==,type:str] + - ENC[AES256_GCM,data:R+ypmb4EEQeTF91MtRFCIA==,iv:SW5QRrt80dXPW3JYaZVx9YhnFEyW/tq4iBbFsQG9ZV4=,tag:fiQ6ol3BUiuR+P2Hm/vLRQ==,type:str] + - ENC[AES256_GCM,data:I3jmlrmi8dmv3w==,iv:S8PqfQPdgobEJwJAHSvnsu+KjQI2iAZNZcOscyAWpfc=,tag:iSSSMaPbIpSnmaJngJUcbQ==,type:str] + - ENC[AES256_GCM,data:nuF0qqii1fSq+Z8=,iv:fWipkSZ4KVZO+JU++0f3WZ7DsGn97Gxt2zQiKBRKRNI=,tag:oC++wU9hW+0PKhEItspEhg==,type:str] + - ENC[AES256_GCM,data:V5dQWIdytqWqZU0IxanyeA==,iv:GqHrbPC05FBr4bjcgdZSfINZFqSszW1XHauQ70Wm60w=,tag:nFtd/aD0yasXAnDOhTBXMg==,type:str] + - ENC[AES256_GCM,data:yJgvrcT1RYsARqFksbvU,iv:UU/kyGpGNWdQnEfshtA/r6RH2hbl+MrEa0yLOJ1tO2w=,tag:WDjNhW8ozfSJfviVIVH62Q==,type:str] + - ENC[AES256_GCM,data:waeOTqQ3pOpV3Peqdg==,iv:SCIuiCF6cd5tUPlbw7CnXOAkAz54ps9BgZiAmW6rXA4=,tag:i20Mpm9XFfZexJqz5ImFoQ==,type:str] + - ENC[AES256_GCM,data:IY2pYPQSCERi+h6gyg==,iv:WFAYQHXt6IRO181nzyPj6SwdYVPBCZikmh2k5LiUVdE=,tag:Jd7YlH8Q+XukIWDvCMN2Kw==,type:str] + - ENC[AES256_GCM,data:mMC8FdvNU9v88VdezWnP5g==,iv:J9WGuymxq/8eQrF1axHs8E4VqTDOHtc+KU/+I/Q50RA=,tag:yFnVY3joBFcxxcmGhbJuMA==,type:str] + - ENC[AES256_GCM,data:hbIJ+30Dw7NWhoJg,iv:uGQ3zdz3tR2iqbmZWvgRoqa0m7rBzF3YFETlnIiBGSk=,tag:e0DC8nnH7XhPsUHbLVKPaA==,type:str] + - ENC[AES256_GCM,data:mLTNnbeydRQAqlAfZk41,iv:RT+RlNeoig8SOnFqUiD4D3lsFemUXu7Yx0SRICUffF0=,tag:VOHSQ3IuFJuzzn+2p7ahow==,type:str] + - ENC[AES256_GCM,data:qb2tCZ+uZ00Jfw==,iv:2cP/qbcNJzsL4Nhj3rYBDEt+drGGv8Nkzdv1ZozhkDM=,tag:PsjlL1VEf7qjt2zpZfo3WA==,type:str] + - ENC[AES256_GCM,data:QCJ23GcUXWY=,iv:9FgpnIFiom5YJ6NfBeyZ4wk/yfNp+A7SDevtvjIp18w=,tag:hsXr3ySy/OtEOkO5Z7fuRA==,type:str] + - ENC[AES256_GCM,data:jPleuPw55gCA,iv:E4uzZxf9Ry94kVyQfIXWy9K0vmEHkLxVw0+nVfeDC3k=,tag:zH6Kh4tiu4nVzVj3fxJENQ==,type:str] + - ENC[AES256_GCM,data:UNYvT35PSqBNvFcYVm8=,iv:rljs1m+0IFV2biLjXAvQvsc9U6uP0+E8XqlwbHBGrsQ=,tag:+cuMpagG8OWSL5PAjW2aDA==,type:str] + - ENC[AES256_GCM,data:VdaKvFTMy+gTPRR5qW9wbVVwfb9ESYw=,iv:I7nGUFvXKD9k4la7Kr+uF768jZvu4Yijn3qeAJeNXco=,tag:5Sdsn0ZR/iPcw7Ojnnbs7Q==,type:str] + - ENC[AES256_GCM,data:xOz7pIVSsQgAMLI=,iv:aF7ac2rGvB3UAqvgNMloT98nFzwXfcowPCDimKT+wMo=,tag:b26tL07XzdWvVElwVPvlCg==,type:str] + - ENC[AES256_GCM,data:hWoyUkD6ilwU,iv:aMBG4gQV+yWJkdU2UOdDcwbsER8gPlrwy6/LRNeTsbQ=,tag:IFs6oQmAohKDTLXsyRpr4w==,type:str] + - ENC[AES256_GCM,data:Vn13T8os5AJAf3OzMg==,iv:ctDz9jlcWn2FiJh6lg2g0mtAEGwuJNXKX26BXgpKoGY=,tag:6TrOeqxjr6QIr1uh7awXUw==,type:str] + - ENC[AES256_GCM,data:4z2JKUD/9fM=,iv:daW/MA5EaQbJqTVNeRihpZt5+JPsVz5hOXP6XBO6eIE=,tag:u0bgtG/oY8ImuUsabiMsMw==,type:str] + - ENC[AES256_GCM,data:hmVKMTW4Lo0hUppmFo9c9b43,iv:ya7eMdsgB1H/nvE6iAd+8YNY7lWzQPmGj0IXbFOqEws=,tag:dH5E6X4u+kCtpIAyTjxLSQ==,type:str] + - ENC[AES256_GCM,data:v+s2rBxrAseu7sIqVkW3Jg==,iv:jf/Ki6hzOC4nn8D5XjZmaMM4Q1ZLATrYcPauhyJ1W9I=,tag:AVCJEWm1YDJkbcZhogb2Fw==,type:str] + - ENC[AES256_GCM,data:OsXitnLbGKvQPtc0O+7k,iv:e8CJBkaeLZ6YrJBkMJky75gviAnvvaAj5LlC/44sAck=,tag:MLOV4ftd8+gCNxB14gzJLg==,type:str] + - ENC[AES256_GCM,data:vPLj3eEw9QgqTRuW2czCMQ==,iv:ye36ILm3Opmde7rwTrGBCS32BRFc08bgFv+/w1jEvFo=,tag:maHjqQ1LGnDXruKRdZThGQ==,type:str] + - ENC[AES256_GCM,data:CDPxA/71W+dJYiuO+Z+3,iv:3SnqWf9Tnp542sco1tEmeeZi/bGGuUhXYfmio9k+hN4=,tag:5m+42Gq4ZSoIvGVUbrW+HQ==,type:str] + - ENC[AES256_GCM,data:kVseV+y386n8WGt3rf4r/7RU,iv:BvjxPdcCcwJw/ZM6NAEcV2lSAeZTdJWbDi4qn8J7iCU=,tag:FX9g1p237ylu/lsTJyf4NQ==,type:str] + - ENC[AES256_GCM,data:TyDdGZvTT8c3/yk0ZunIANJd,iv:ebdShBb7z57URmbxrZTk+xWvrPkEHtloNBBnIm1kyPQ=,tag:Jp0f6GePZHB0cbIxqZK2aw==,type:str] + - ENC[AES256_GCM,data:48UPCPopg0ujInsMPO/zpQySqVeE,iv:PJmwbK7rCZeM2UT04E2Gokg2WKQ8qjlZSapVVoK2OUs=,tag:vt8mG77IvMkxkZTq4Nl8Lg==,type:str] + - ENC[AES256_GCM,data:aMa/LjF+/Irhndf/pgIN,iv:Li5R8gcxXtYZfhnj56vwkrmpZICSHLa06o9VV5cwk6U=,tag:DSEkvuSWkwdmvmqYwPOKRw==,type:str] + - ENC[AES256_GCM,data:J2nm6RUZ1ST2IBBN7H8lwKU=,iv:bCpcSpPumhfella/+6ceO3Q3M/jyrPQW4EDlqED3dzc=,tag:AYKOuA1PACOhwgJffRjv5g==,type:str] + - ENC[AES256_GCM,data:EjRKEU9ZklAzCvUAgYekpu8=,iv:iBWQXA77NgF1Y3RyyQd2gkHZngeoTBu7kECl0tAlOYI=,tag:qgPEoM9tM7Y/+ZcRuOr2jw==,type:str] + - ENC[AES256_GCM,data:eH8uk2GrgqeTI2jH3g==,iv:lRG5vpLR2XsKv0zsyI2FBMtBDWOrfnb6DaBdzbE/2t0=,tag:QDnTb1v4Df/lz3VWZhdVJQ==,type:str] + - ENC[AES256_GCM,data:5TWijGyhuJE1/kU=,iv:wzVlikbWdiiFerEy8KZin8zHteLWfCOggoPYV+a4s9o=,tag:yMgj3I7IYVxfWMT6Sts5hQ==,type:str] + - ENC[AES256_GCM,data:m0uqC6hdgO5sMsx5eMU=,iv:sk51FCvj8w1qFQvRXZYuiLwwLPTiSRnJELT7Y66mUjQ=,tag:tjQlZBiOHXo12IRpf4VWbA==,type:str] + - ENC[AES256_GCM,data:21Kc3sLeyl0qePYD,iv:bQkuXIvXIleldF4uGNiv7rbP8lg8XE7GUQ09ClbtJTI=,tag:QiFnqx4NdsE1V5/x2ADFtg==,type:str] + - ENC[AES256_GCM,data:sVzPuqX1uVTLpA==,iv:1BO/50E2MNsFYh20D9vW+OjXYR+42c+VP2AW4I/nrY0=,tag:8SD2vmdazhzvH0vuaHtNsg==,type:str] + - ENC[AES256_GCM,data:oIhuspdRmc7hgw==,iv:Cz2ZJlLJiCQFPXbrMcuHezCFlejbIrBxhQ3BYg8nVzo=,tag:arpoGMKwak9mU69T+7NVLA==,type:str] + - ENC[AES256_GCM,data:/PkXt0Bj7dVDcPFH,iv:g1/e2zu/30P/9myeFC+10UUbo7F110K7mTFBBtGXNlA=,tag:FnDiDiWCU2cvRHKSYBHTvg==,type:str] + - ENC[AES256_GCM,data:NmUOEDoXdmP0nkA3xA==,iv:vXivQmZSGpc8GSs3Gj5yOLsSeRR7H7E6luPbDEC0SOw=,tag:GnQg1ElGR39JSVJT9h4XiQ==,type:str] + - ENC[AES256_GCM,data:T0kDCNzj11HcveHj,iv:edA858K+iEgJNe1lm8L8Cf8lwTb3tNeRafha4yRKotY=,tag:BBxpysA4+zDSWVr5XlI9qg==,type:str] + - ENC[AES256_GCM,data:Ian1o0aRhTxDX54=,iv:Bu4njV6/j+37pFPFd5xDU7ouHR5+UCfOmerwvHJ+UuI=,tag:o1pCdDmmHaiA4xJY8ZbtoQ==,type:str] + - ENC[AES256_GCM,data:Yt0U2DETs0GzF6gq4J8=,iv:r1/MeuswKwzCIeZQjWM7rTvNxK4MlCj/HnLLQXVlX2I=,tag:gbuPRKbyFWYw+5LUuikVuw==,type:str] + - ENC[AES256_GCM,data:fyDEIffXlnTVwucx,iv:ZETpIIoa5vHPoPpWsJIaQkFcNk9Rj2+WqCADtTlZcIw=,tag:oC0BQrLEHxh2uGEDoMoaQA==,type:str] + - ENC[AES256_GCM,data:rN+GMNHSWa09jqo=,iv:ZtKD/uA4l7Fv5ffVeJFx2fWwpPZcwVC2Sa+c2RZFe9s=,tag:DL47DW/WqHmo+rrt4VP9Pg==,type:str] + - ENC[AES256_GCM,data:2EGpKhlUHhi/YlojWL5FGy4=,iv:b9ckqhpkhdKJQC19fIcUmfM+CWSx5on/3cajRoQxhfg=,tag:+zKHiQxL48nWdAf2OLNysw==,type:str] + - ENC[AES256_GCM,data:4zTyjDRT8RAswArorQ==,iv:T7+hmhend/JTPEV5oVhrdKQOC4im7ElsM3JB0eEzai4=,tag:vxBLAhr+xPK8Jay7Jbo7VQ==,type:str] + - ENC[AES256_GCM,data:o5Bj3ZzLzwo01jQ=,iv:ICY3HrPQBZ4wnsaBqzRx1/C7EUu9eC6ulUiY72eFJxo=,tag:hC4YT3LK/tARQLcs//eSxw==,type:str] + - ENC[AES256_GCM,data:uhe/j12RdUAMsvA=,iv:OmDeRTp4u8t/eAjRyUJmMScb4meSIAdZzZ2YeCXYMOU=,tag:K+m6gqfWTc6jXcFB9RoptQ==,type:str] + - ENC[AES256_GCM,data:Y6M4VJmoEkjrMTSrkvrw,iv:dgDh2sBUbWILLYjITJjdVnZnxvbPnr1GGfNBI5VHQLc=,tag:MbvkbrAtOjbkefmEH2i3eg==,type:str] + - ENC[AES256_GCM,data:KU6IhOuVJeaqTiHdaUrvFXhDSz4=,iv:LBeotHZjzjnlpSYYLl1mZWGhirIEroSEruQZbr/0DNY=,tag:FnsWjfgHlYV+MRgTBP6tqw==,type:str] + - ENC[AES256_GCM,data:gmqxA6516D0etQ==,iv:rN7q3W2PMeJfJrxhKYlEWe2x5COKlN2nahU1yl0Dqc4=,tag:cVspLnyrdvoF502tvQ+kRQ==,type:str] + - ENC[AES256_GCM,data:5Zo0QSgTyl3Jx3NFjPg4wFk67A+qdAL5S5Y=,iv:kIPxypR+A42Hz0KOh9vRStzyUgegHg0kbHNm7g26bH4=,tag:fqnkabDRqRJczI0b5L+M3A==,type:str] + - ENC[AES256_GCM,data:2Ak4PVLU7D9h9fLW,iv:LMNYV9ryEJ936qLLdaJL2tEutzIn2PzfzcH2EWe8L0c=,tag:Yx3gQ8aAgw0uTm5Wuo54YA==,type:str] + - ENC[AES256_GCM,data:sqHm17Ht6CleYbavB0jKvlZW1fJQ,iv:oaNGCPTLhy5gcTfAosO6e+mYEHXDWvsxXul8nt+m1AU=,tag:kFK5opbV+EsC/gaiLJiLAQ==,type:str] + - ENC[AES256_GCM,data:RWyCaaM5DaQG8UDdCosR8J6A,iv:gMVkZcjA79RnTz/M39LPNW6ems6XCIuQLU2AmACIGh0=,tag:KxqnFwcQupTejXeG9DCqwg==,type:str] + - ENC[AES256_GCM,data:6LbHHutTvZbUFKMM1vBTA5MHJjc=,iv:LmFtvB88JEvSHA3R0/NRhf/pM+0hHtw1zWibFURHez4=,tag:hpxFfBhYouupxbO0daV+Tw==,type:str] + - ENC[AES256_GCM,data:6v5HH4CAzHw57UM=,iv:ypuvQe0+sq8/9IQ8aorLkEUTENYVR9IA67VG/BzcEsI=,tag:2m1Ik9kYFNEdNkQEXoUEsg==,type:str] + - ENC[AES256_GCM,data:9l3JrFFLToc=,iv:JDoVX/i8IXeu1L0VETdpk+NhKP/quYIBC08gsxaQu9c=,tag:VSvQu9382We3Bi8HFy/zKg==,type:str] + - ENC[AES256_GCM,data:XuyfWTSm51I/gKijoB8=,iv:mXJ58bzemYrGN8Goy4g3aB9+j6htODq/U5tcv2mpEm0=,tag:dioi6Kb3x/Ie5aQCVqTJkA==,type:str] + - ENC[AES256_GCM,data:xtxccMC2vhiYujvtbo1eZxA=,iv:48Zz8Z4bg0H8YaD4+/ehKWxrCcNLhbDZLPzGBgbhYfI=,tag:3DjMlkSJzxdNTV0hibMjfQ==,type:str] + - ENC[AES256_GCM,data:jYNW0Ej5lX7Ifw4w,iv:zlHeQlcNixf0t8vR7JrSeryfILp9wCr+TBVMmOGAitI=,tag:E157SWXCGNp/Ul5wTVId3w==,type:str] + - ENC[AES256_GCM,data:lFd75RQ3hxNDww==,iv:T3LpYheLUdLq62e4BJ2WqHqT9411Pu+gBz6GezGqd8s=,tag:J7nt5WkztLCg0eTIz0rK1Q==,type:str] + - ENC[AES256_GCM,data:BZLt01c/0axT/Q==,iv:qv8sc8JMdwrm4ImF5YUTfSoStrMXYOiQoW5NSlEY+8k=,tag:7uYEuS0NmaBybz7hpyuBRQ==,type:str] + - ENC[AES256_GCM,data:rK3qurxVxljiKQA=,iv:XpUkLLLS5mAis+Vo+EDRhy/D+Aqj34QuCQkA0GRMdjg=,tag:rYlRpc+91hKA6xSfClZutw==,type:str] + - ENC[AES256_GCM,data:60SsYOx8gjnqxMdmvw==,iv:dwaRXKfzNcOxXYtiQOX4kv/xVCmadQPHLpkNidKf9AY=,tag:T4PGjtpJlKBYmlQVRvXluA==,type:str] + - ENC[AES256_GCM,data:yC4X+2XHQR2hzlnhRA==,iv:QAr0P6Q/M3ltrwNLUGS+WH5PKNsAF4mryj7PtdoKIyA=,tag:aqAYdmD2nCts84nsQot36w==,type:str] + - ENC[AES256_GCM,data:EQsbHUyZw3VJE90iYZg=,iv:UmdXYmFe5g1hPf9BB9c0cqz7l+lqCPH0y73kdJYsDv4=,tag:7Out4b+z+ctEi/s6m7nzLw==,type:str] + - ENC[AES256_GCM,data:m65ep1Y0/+l6Mg==,iv:6nCX9Gaqo7sKlNQJ77u/EpM54UGfONXJzlDvb10AGr8=,tag:fxVRjzRITVGl6h0LIB5WTQ==,type:str] + - ENC[AES256_GCM,data:ZNHTsM/G0m+w+fQ=,iv:S0yQnIs+symRgLFpgQMlIMyuJ74IljRVy/do62sftAQ=,tag:qrLpx/sYqV5WYrFROzR1Rg==,type:str] + - ENC[AES256_GCM,data:C4V0An0VUm9RDdiHUyRYbTo=,iv:nB1gh80pwwLfQMGQ3jA1cn+YRMQye1UU/lzFGwLtxVM=,tag:/sKK2E0eY6bv/wVZxizSsw==,type:str] + - ENC[AES256_GCM,data:t3RjOT/HJowoYHlQrF6irTeMLw==,iv:U3Wwsr6siG++N5HtOs7D7kOSwiW3KGfS5eCMN9DSA34=,tag:LgwRi7MIY48OUpqtx5aGPA==,type:str] + - ENC[AES256_GCM,data:cBpv7rzncFlZTQLDvm0m,iv:gsGfQSU7nYj95TO6Fa2KzKfVyI2muXGyuPOTgzlMSZY=,tag:G7oio85wxAh2En6B8qSdiA==,type:str] + - ENC[AES256_GCM,data:jtcAQ3y8/nsQFzN23OD6FQ==,iv:cmCwGJTc6Nl9FVhzyL0rO6ibpVDqp0lJuZO8i4x8MO8=,tag:qdHUzP+BWnmUz6QARjmnHQ==,type:str] + - ENC[AES256_GCM,data:k1vqU8KbKkHt25LEfMubyg==,iv:9Eaiad3wNwatPOxuPukyFlQi26NfrxVTAJ1W+1guL5Y=,tag:rl9CB0pkHXIUOVgxnhsoTw==,type:str] + - ENC[AES256_GCM,data:HbB0UdqpzGcNz50=,iv:ZuoGehzw3WnOedmhFvpItJc3Xe0t6ImM7AQMdODhzyI=,tag:Py6wfghxCflafDGAZSc6JA==,type:str] + - ENC[AES256_GCM,data:D8etRft9IhriWzs=,iv:bMRjxxUwo0ae5HEr3Qji7CSdu14BJyd2K/sDWrU+ZNA=,tag:gmRHCu+skhGsDNxBl0cdyg==,type:str] + - ENC[AES256_GCM,data:148l7WtQr7JniTUvDSJ6,iv:D0xIrqkabNJs9C2+rxxOIce1wi25tUPdrRX+mW3PCZQ=,tag:UcfPa2AZuWehNmc+wmMTug==,type:str] + - ENC[AES256_GCM,data:uZ8pDv3kGaZQbOYMR4ml,iv:HvZJQPLhQzuDHAnvoJh+S0w1OQllmtFO0Mq7EpBHPrM=,tag:Nh6YNkneBSqFElVnyX4ihA==,type:str] + - ENC[AES256_GCM,data:aZwZhPicts6Z6FqOCBf92e5z,iv:GEHn8gNMXksXL05uwYlvu7Xk3vhVv+y/UP2ikpT0ceQ=,tag:gPMIbH/CdyqdQaufIQ605w==,type:str] + - ENC[AES256_GCM,data:55YyXjafVDNC+cUE0tApjyivW0Q=,iv:t2VjnEn52EYShhbnLnH6zHr5hw+TRtlQz2Xq6mV1RJI=,tag:6GOPH7FHi025RXQeBXtZbQ==,type:str] + - ENC[AES256_GCM,data:E9gog+j75wIWU8Sf+0A=,iv:TbI+NW73JKDjDDI2hgNRoEwc8wyH25P4KLUxSmPGluo=,tag:IF/9iO9BIsZKKN9G1TgZFA==,type:str] + - ENC[AES256_GCM,data:4LRa1V+o/ffAcp4=,iv:8D2gvIDNDyCLWtIv/TkP5WEwNNcC8IBNqcOnitvW8wk=,tag:GO/5q/Z44tA61zCXui78pQ==,type:str] + - ENC[AES256_GCM,data:y0vd1lfFYsvMP8hVRdiYdCA=,iv:CB6XQ6bCsCWcodgPisGiVQn9C1NKKV841wceWztlI84=,tag:ofQuoT0488uJS5nK/dm2UA==,type:str] + - ENC[AES256_GCM,data:fRxVNag81oV5e47tDj4=,iv:xdME7g8TOKJdPpbl3vdq1V0Cslg3gavRTYFwLheX0H0=,tag:dwZFRdQIxmrr+aXS0eRJYA==,type:str] + - ENC[AES256_GCM,data:xxCmVR6FN6Hjy1vt9IM=,iv:ZJshMX5ucqLfLCe9IzQ2PTdG6gvMML2aaNGVCK1mlNA=,tag:v6RK4xS45OV/oDj8YgHXJQ==,type:str] + - ENC[AES256_GCM,data:VxnyKnd9E5usFbHcrbw=,iv:cq0Wr2hiQoZW3fhhgjDkkp82qTzgxt6xX808ICqLK8Y=,tag:rUnv9xIXThwZnH6ccrVVFg==,type:str] + - ENC[AES256_GCM,data:ihgGR1cHlLI16A0=,iv:TVU8C1dGq3AB6P1B8I+tqCq+IMnX50cXak3pZVxpoJ8=,tag:riRVwYnVJnBSNGV02NN/CQ==,type:str] + - ENC[AES256_GCM,data:NjM49Uzy/eqddvdn1xM=,iv:DVNxyD2YY7aOC3Ga6TyvXoVV5mE7VbNLGmlc5apdxJ0=,tag:b4f3BaYRN6Brk0SNLzLfuQ==,type:str] + - ENC[AES256_GCM,data:2XHcJNUJUjbOia+1qQ==,iv:tEuNiUtqwf12Cde+GYFfxbxVPsQg9hUvdKKldz7BqGQ=,tag:OZwAJiVzjEz/W6NSJacMKw==,type:str] + - ENC[AES256_GCM,data:Gl4Cz66yOaO0h62N,iv:7YST4fx+gNh5akzrMX05FLljgKc4aqDDYb+PEy3wmbA=,tag:jXZxWwLee4hWMCw0BUUe4A==,type:str] + - ENC[AES256_GCM,data:yd35e1hlvB3bWuXd,iv:XE+cmnN+MM2dJhF6iyjy9wGEb4exHGc+8vgFkZFP+0A=,tag:MEkSqUeFVJGxobZXIcUgOw==,type:str] + - ENC[AES256_GCM,data:QvIw080AyC5x4HTbUA==,iv:7KKgKvi86Ibv/8AY2ixA9TmChrSV21iym2MIXuTEaII=,tag:pPPHOLKM30CmbvueltTRDQ==,type:str] + - ENC[AES256_GCM,data:7oP/T27Y/SCktw==,iv:wEP61S+ut7ZBAZHrC4zhbP2P+w7x2nGvFOuEY9OQ9lI=,tag:fMeNMPuTkKGkZ2tF4uCVnA==,type:str] + - ENC[AES256_GCM,data:5AXCupdKMSU1D/APlQ==,iv:u+efzBNZlvlRxg2qjfv3qfqBCzipKH+w41SdquH1QzY=,tag:0GKMQfBXDko+bApN/Zlg0w==,type:str] + - ENC[AES256_GCM,data:7QvgK0xTrvcmnon+pn0=,iv:OZ5xy2CQYqlJN/HSE+cNj9qSUXLL2FNWhwbibkMeLRI=,tag:GLjh+R+Pmho+OxavfR2odA==,type:str] + - ENC[AES256_GCM,data:J1Dopg//vzwFaQ==,iv:TXhmKvHnLg4lr6zym55/d4XMmGUKX8qDWzfeiPoRjVo=,tag:qSAZfipZy/ubOj7T1Z9wHA==,type:str] + - ENC[AES256_GCM,data:em6vLfCT3l2lyRmVG/aQ,iv:KkaqroIbLNuVr0BgpcuD0B2ts93vkvC+2RgE5VsqtMc=,tag:BgVmToi0GTWeMkSbOQ82jQ==,type:str] + - ENC[AES256_GCM,data:Vtn0AYR5zEBOxl5p,iv:xNbRMK0BkU0fYWLz0m292uaILp00sC0u4Ye0rxWLdr0=,tag:LD4JOeKQdaWHxThayBspyg==,type:str] + - ENC[AES256_GCM,data:KAXd0VBsUEZ8ksfH5xkTnQ==,iv:46TfZTF/yTVTpbXQDmL6ZYR2EEPp9Xv+ooyQ/7GncG0=,tag:osJPF8MLim/FWYMaO8D0xQ==,type:str] + - ENC[AES256_GCM,data:Mhmp+13G,iv:FTohbPAFj1BfADfc4aTLXC/A7eo4d6gdeCy8Qec2JBI=,tag:uLs71vLod0DJkKeIJ72Irw==,type:str] + - ENC[AES256_GCM,data:Gt7W9BaL//wSbn0YOhFh1g==,iv:Vg/wOfxgvYu0PkKxAZNdyO15z6rFCT7yMU5ai8DXGRU=,tag:BTGt1uEKuwTMzQImsfV/gw==,type:str] + - ENC[AES256_GCM,data:jp/838ECKDE=,iv:60/yq0VL9+EqJ07XjTmgjVrNaKMtipDnsYexjDzxiWs=,tag:zQYmlp3ew7nBcUjXa299bA==,type:str] + - ENC[AES256_GCM,data:Y3CtC7TizI+0uA==,iv:CD2n14hw9CKMczhGX55EDae7u+7qih9PbfAn3JfpH2E=,tag:qhg0BzYdnEBvZxrhoXILhA==,type:str] + - ENC[AES256_GCM,data:Pi8Y8dQnoGmKQmY=,iv:ZsbfqVO9mJ1m1azfftYTDuoXpVKbXqH/UL+2kk/TvjY=,tag:fLOloVfL5L7zn7h8unXzKw==,type:str] + - ENC[AES256_GCM,data:DCzf/qK3zrm+Lg==,iv:BdOCFbqZx/VajrZGGl1FCaczVT+LPuoZ/0/kAWGvWAo=,tag:qY7YK5OsInoUx9O5O+lymA==,type:str] + - ENC[AES256_GCM,data:FehAjyuxXpJN,iv:DvjEHpEFCSA+1pvmEPwrrFMerutaJ4Ov/ax38OLzuSo=,tag:XisIAEViK9n7j/HKpW6RdQ==,type:str] + - ENC[AES256_GCM,data:26ptxXwuvU9lFLqI,iv:r2JEVvZ6FlbqphpALhr8D8o4DQJcpUVwr6fBM0L6lVk=,tag:1O2pqM07AcWP8RY0eD+XqA==,type:str] + - ENC[AES256_GCM,data:g04IJ9cFm6tBp4U=,iv:RDrT56pjGDRhOa6IMsNLRanLTWzx5pd7oXUNZs+yJ6E=,tag:BhJ3RckcEOSLhIBomcy4+w==,type:str] + - ENC[AES256_GCM,data:PVmO783PoUcVF8hu,iv:5HzeHtpSv2RmbzQbeSqNk8plGYtDGKNeGLmvE6bpAtc=,tag:iQ2bUo3iBqxXYd8666MiEw==,type:str] + - ENC[AES256_GCM,data:0uph2ZIrB64uBMWwFw==,iv:a96kNEyXKSE9ZSlhKzHd9eIvvQESQqPSST1mJ/MGvjg=,tag:zdZ3z5OkS6gpfEW0+LPvLQ==,type:str] + - ENC[AES256_GCM,data:Spiy2EQI7JPnVIDs4os=,iv:RlarYbmB0d4irChsqCSdHaSi50HSgh7Z2AyvhZlkmLs=,tag:hDI2SEgcspXL7qxV50+0pw==,type:str] + - ENC[AES256_GCM,data:CrQrXfTgLshChs7OgUU=,iv:jVzO5aKpiA4PKglNU+6ND29oJ1Yaer0npqDKx5FvSes=,tag:asHW4ablOHCwnraNBrLACA==,type:str] + - ENC[AES256_GCM,data:sK5ayh2mBBy1GAQ=,iv:4uOESwySve1ZY/br4ZUCEvPGNQ6jy2cuyI07hS7mA5w=,tag:QoPdlRGqw85emSq/Q377Jw==,type:str] + - ENC[AES256_GCM,data:BnCGAhrYkYZq6eeaMG8C,iv:WUERtn0R3PiavFFraC5/nmEE9J07WfFiwXIWXv3Pkq0=,tag:1lRFzTDFOh519qp86Pi7Zw==,type:str] + - ENC[AES256_GCM,data:rmyFm/cyQ2RynslGOtA=,iv:7zHpwif2VPzOzpsxx4dpSatZ8i/R9AV1bz7RUyr0Q6E=,tag:n3mKEAfy4YzfAilM19LCsg==,type:str] + - ENC[AES256_GCM,data:nGx1Hz2gkqBVSok=,iv:98eVaiSy/DF0D70Y7gMXvQEu3ycaQIpWONb3E1COmwU=,tag:r+6eIrftatDyWCl8dZQv2A==,type:str] + - ENC[AES256_GCM,data:UZOOT7kGOjPaag==,iv:9QYFvaRsWNNcnBOQb5Nc2WB4BcVxUTQHFrwAAmOvL3o=,tag:rp9jHdnb9ZdYLpX/BfcZxw==,type:str] + - ENC[AES256_GCM,data:ZaVZ9JE=,iv:PdAsXhFiT8BmUsUq+UmazNVmR2am/JJx38tkcc3Olpw=,tag:rCQc1U/8H+bbRd3cCA1tVQ==,type:str] + - ENC[AES256_GCM,data:yh2Ilz7CaP6OD2l1,iv:ntv49p38jNQBn+xsEEB3yDtv6F+FUWdremkTHKrxmok=,tag:pYjqFaMaGq66iQf4KMPkow==,type:str] + - ENC[AES256_GCM,data:kxQksB9ehlkmQ0QL,iv:8YzTBIlbqf8mo94fu3Xc0OL9+rc2AJWFYNX2SNVlLNw=,tag:iXvAsvPhmGbpbHv5XByJQw==,type:str] + - ENC[AES256_GCM,data:8TCz/WU20OO+9xuJ9F4y,iv:wMdT2V5qkrMfFnJ5skIRYezuKV3vAmzB4U3hjwWcA9M=,tag:X0rHuDh6NbQ9Hr6rAGay4Q==,type:str] + - ENC[AES256_GCM,data:Rbm+dAScE7us27hgShI=,iv:SV9fQYidYrvjXPozNQ9yV0G2uaD4dXRCAVOv3tUnxg8=,tag:UFkQn6kEtt1iRdLiLnF71A==,type:str] + - ENC[AES256_GCM,data:3WXMq/LF+xCTzw==,iv:CGs+RMXfDe0nUhTSB0SfBwoPIJ3/k3Oo1vXJDI+EmDE=,tag:5x1JelnvFcwkLFbGvtC28A==,type:str] + - ENC[AES256_GCM,data:i2PzU5xIiHSAxw==,iv:Qv9ZSjA1JPMWyPjL2uFvq3zVyh1Ftchud75FhpOhclY=,tag:ksSJqqdErW8Kr+rLwfloCQ==,type:str] + - ENC[AES256_GCM,data:E8ups1TakMRuoI1XF2T8jw==,iv:SDSNgvOdUIiYmuxS5cFd+tRduNdCUTUGmltl1cWrvpA=,tag:iF4VL3WJztl+sHp7kHzV8w==,type:str] + - ENC[AES256_GCM,data:ACb4Gk4QIab7iE0eVg==,iv:ZntyxJNXOLdHa4vJmfBZj1kJKkVn5tM/9kTVZrJnNeY=,tag:bt2Dj9IojoBYEKoDbUmRmg==,type:str] + - ENC[AES256_GCM,data:tyIJvDO6QLOCKiR/,iv:6P5UTpZ8ddsgwQRZ0kv8Rr70UG0GoUvKahTdQ26qV5o=,tag:bFNGjhZ6kpWnPWk2x9vqpQ==,type:str] + - ENC[AES256_GCM,data:pY89I+2p20iAnrk=,iv:uj+DWT529u5fdPa5UZjbrLBktpBG32rR6eN+vBqgYdM=,tag:uXojeDIqIZK/5VqpFFrL8Q==,type:str] + - ENC[AES256_GCM,data:dgFLIQPROohWl1mYJpuMiElZ,iv:NU9jjwQiTii8Gl6WAtnk6B7w9/M1Ke5ZEGpashDcC24=,tag:+eEJ1M39rCb8VCyr9kN0rQ==,type:str] + - ENC[AES256_GCM,data:DqPu3sHCBF1tJ8xkmjmEhE8=,iv:+w3WUj+iM+EqRN/VHhtymx1W6iwNEmwf2urkymiliSU=,tag:BhWKADgUOHZdi3rzLurBMQ==,type:str] + - ENC[AES256_GCM,data:v8Xv+rPyLIVYh9UoPZ5hdaY=,iv:xmhpwksV2iBZj1EKAtCGN8tbfn9HbsgQD1ZW5vCYb4M=,tag:mk7oYJ5qm0XA/AypOfVeFg==,type:str] + - ENC[AES256_GCM,data:4n2W7caUeyZ9cRI=,iv:JPKhsbesmFQR63pukzEheyig2U2QDoSDFJkOGeM8sOU=,tag:NFlXIdZjT/Mm/J7d0g6L6w==,type:str] + - ENC[AES256_GCM,data:HyEDmVCmYeiyZIvUfcE=,iv:yiNg8zlVO3z0Fzr6ud72XuRMkFmwBvTB5n9owMaPFUY=,tag:weFnNSEBnAF4YS6hSK7FAA==,type:str] + - ENC[AES256_GCM,data:8PtS/cxNLyNajKgOseM=,iv:hPtWG2IjJ0fIwhnwuWJdgaap17RQxcdZGSKrrZSEY4E=,tag:4pOe71DnI9rDTEatZdV7rA==,type:str] + - ENC[AES256_GCM,data:yBbUUeTdXLUje7I711U=,iv:QeaZACcoE6WcW7aHVsGwBO25U8MBDQqTuvQTqJyevHI=,tag:JCfxwnLWYpdGgX3d9BYr6Q==,type:str] + - ENC[AES256_GCM,data:X5yeaaH0h7gB83avw36q8GbUqQ==,iv:NARQMYTR3BvFHcXUzTta5yGXUYhDGghYv2iqbSlBW6g=,tag:DNmvr2EdVRcCZkh/2a87dA==,type:str] + - ENC[AES256_GCM,data:W0Ee+JkMhoY8OpJ52Ww=,iv:/pNBdPUreV/mOEhn6MJxDTALfx7bjwdmzro/Ny1CTXc=,tag:z4Pu+NvWi8u/NwgY9BYlzw==,type:str] + - ENC[AES256_GCM,data:o+JNXzxYo+tyIl3tyRbt,iv:+xYWTMm/VHZITr1ouitzQS6Q2lfGFI1QYYPpj57ODzc=,tag:5XztKWfmTcJe0evWd9YGDg==,type:str] + - ENC[AES256_GCM,data:vSKraymvYCLbeIuOPuvR,iv:kHRN1oWRO95NuucZ6G6QhY4pbwLjxuJlwWxtgY6wxYo=,tag:OX5l0GJcO7fTo+J7Jckmxw==,type:str] + - ENC[AES256_GCM,data:5OTUW//uLqUXWa1O,iv:O3kbxndNasD2HKes1icnyUQ5J4tqqHvE4M2xh3dpEQQ=,tag:PM07UVnQH39mNuRvo2xwHw==,type:str] + - ENC[AES256_GCM,data:xkmk94eq678avJSKWpun1SyLPg==,iv:3zhYfU7oNOEFNrGaNoiIeljWudJivI+GRf9neHU9Oq4=,tag:dA5A5nQlmxykp2EFR/v8Cg==,type:str] + - ENC[AES256_GCM,data:m+KfCcdknhYPvsAUZUmhjnMYxM8=,iv:cCN/Y98VPlrCA3RewIbhl9oBRo/frlwiZfQCx/HYy6A=,tag:pUSy81N5JC4crStzU0tYCA==,type:str] + - ENC[AES256_GCM,data:apds302mc1RlDIf0O68QkP6OfJeEreU=,iv:L7GlS/qkb6MA/qp/UkcYgWHN4WbTL9MS5zOf+fOa/6U=,tag:whvjmZUQJ5eS8U5tQ7P3Yg==,type:str] + - ENC[AES256_GCM,data:BErnD+oPwA/a2mLHRqcX,iv:eMY875IBEYwUTOt/z1ffFXff5PGkmqHiNlo59vxOVAo=,tag:mVvSCb18aAlI9riNk1pWfg==,type:str] + - ENC[AES256_GCM,data:uoVq9l5NE+vuX8c=,iv:RQCWHBy8TuYkkQj/H6MN8UXV/P2BCu6Sx0gLGfJ4dII=,tag:WfEs2rh1GQC+aila+NUL0g==,type:str] + - ENC[AES256_GCM,data:WjxWkI1litREtlli,iv:2nBpvcb4g6pqkOYO/2iw0+V3T2j7l+zkBrtczw9+0xs=,tag:LkDfMAO967oVQo9cADw9UA==,type:str] + - ENC[AES256_GCM,data:NPv0LOR3p0sYJxO2mA==,iv:L7XmSLF/tpY/Skn7ZAaRzC0uMeUphhCbYtCmrN2GEfQ=,tag:Q/WcokQotleJrWoqXuJrXw==,type:str] + - ENC[AES256_GCM,data:kDXusBhMCMZOvcc=,iv:LpXFDjpfdXuZngDt5gDrQZZP0y4IqenVFzrk52ZeWkg=,tag:eCAsih/Zqpq46RH3DJIj2w==,type:str] + - ENC[AES256_GCM,data:JBtpSCOsAwswifoC,iv:kywRmrwn7hiRyCxUbj4BWKrG2r8u9ZX3jD6PrqSrzEw=,tag:F+2TzjGKcek8Mat4/0zWCA==,type:str] + - ENC[AES256_GCM,data:LEr2Lbd9yZ+Xnhw=,iv:johnJ3Jvx4XMuCFQlP0FiqB9L8+8HOICaISqOjJelEU=,tag:O/YJoBZYhq8EdDw8zwpXwA==,type:str] + - ENC[AES256_GCM,data:NUO5dsWhMpr0D18=,iv:BPVUjV1p5/0dYG/HSK/kyp/Gl1HeHic77ve1AQXlhF0=,tag:V78N8D+T8fZYT5MK0EQaag==,type:str] + - ENC[AES256_GCM,data:xRYbT8FDZ25I3rVa7Q==,iv:98lfhYX78cJEBZMJo0SW7P9OLazJcYyLgN5EEtz6OsA=,tag:qfj0bcXTyS5xXYTJekwALw==,type:str] + - ENC[AES256_GCM,data:5fEWreRVefskiH4=,iv:0wRTJoIavgvIOEIVBRu0Qs/Dyvq+L8FhhgDFX0zc/4k=,tag:KCA4E5sjyFsu9ofLKr/SOQ==,type:str] + - ENC[AES256_GCM,data:basYOPN5e0Uj5Q==,iv:sml7SqpgQe+sHkttGSNCXJf+bsdx0VgfzFQnvAsPS4o=,tag:29Fwof6Cq3DDhsm37OSz8Q==,type:str] + - ENC[AES256_GCM,data:OrIv9/Q9uxxNufVl,iv:npoLgmxwP2bo0mWna2BOldnG7T5en3Ucl0xia8/UoNQ=,tag:Xvfa2EXtqBahXGgnuQpgNA==,type:str] + - ENC[AES256_GCM,data:KFKyk4tIMdioMMPzvZ/ouR0=,iv:ijikEh0cdslBeu3Y2pZf2XYNWYyIaUbwVpq7ioxMdfE=,tag:JmSQc8s3sxUEkbBJnn9kAQ==,type:str] + - ENC[AES256_GCM,data:Hp9gWmXRIzXgjXauTA==,iv:i1C2hn1n3apaoQwjSLDyAtY+IUzh0ZDrA9VesmNymYM=,tag:JOxi3B+/f/LFdgTZqrc6AA==,type:str] + - ENC[AES256_GCM,data:DgVfkXEuY+0ZrSSuyPxLUw==,iv:lR4J+f08F+gR7gfTuifhO5wVYsxeOJEGjTpUikiHeaA=,tag:A/GCXbZdxcC2Ya+Sc4IGnA==,type:str] + - ENC[AES256_GCM,data:N6S4x5WusS+Qw+QB/eU=,iv:I20AcPTZdcFfX+u5BDJcqpcxCka8dexER6smm3I3KnE=,tag:Pq8WL5vIZARZR83wmzIcaw==,type:str] + - ENC[AES256_GCM,data:S8KUfyGODc733q4+DVQb,iv:6Ah5gPUheUEzXQX8ds5K3nwqxkxrFoseQQU67ASr2Sw=,tag:Z3U1rbYG3Nj0n5ALOGG5Xw==,type:str] + - ENC[AES256_GCM,data:qa3qj834AS/0j1e2CLPe,iv:7T2CrL/mLBJirmMseAzznQsACUPLGqeYTVwLMUBXMzg=,tag:tACWxXaj5Mg9tT5vObZbEQ==,type:str] + - ENC[AES256_GCM,data:8zZbyFHKBFJ6mWaqQiR97Q==,iv:w1JXUGB2+ZbfFtbad0V/OukRalzfxWaCPQDmSyyv3HU=,tag:5dhydjpC4ShFL8sT5PNG8w==,type:str] + - ENC[AES256_GCM,data:Li9/eLj9CBspMhReTA==,iv:jiaPeyttNb7Stx+qRPo37RPtlTnK+GJyi9hb8ZkRY+Q=,tag:6NZ9LIs3ugFYG55lVKU8jg==,type:str] + - ENC[AES256_GCM,data:9I2Wi9H4g4f86Op2Bw==,iv:RfJ2YYwdCsNcEVFiYH6eZrzMHMruBVApziiSfYGBPcA=,tag://h10HSJSHQ1QWLDii/7lw==,type:str] + - ENC[AES256_GCM,data:HlWjZlfVDy/Nc7w/yQ==,iv:o66Np5mzBxupmKkhT3Zew0uMmH6+E1JIhnauiJ+n1Gg=,tag:XWWilACwOJnfPrmMKku9sg==,type:str] + - ENC[AES256_GCM,data:8Po7FRpM/c0suhldpg==,iv:pzQT1Lo5mVSz5fhxdgK+h+fIwrkTFPpy6B8APpnRqfw=,tag:qvUX7lZg1ij3izmRcpeTbg==,type:str] + - ENC[AES256_GCM,data:8DGfkQwwuMnu9Q==,iv:zX2JuxNteEGP/mMV8lh1m8dLQ6A9K3vqsN3nIch4TVY=,tag:dZPc7vhSCIhAdHEfvmzMOQ==,type:str] + - ENC[AES256_GCM,data:nxrJKKCqSA==,iv:GjjkAYD+C4ioIR6E42JRaZ1Nznl3C1h+bRpWZe1vlFQ=,tag:RyYyPF4hwvGeMOLxws671A==,type:str] + - ENC[AES256_GCM,data:Cr/fZe/snA==,iv:Oro8gGPxazyDFjJw45a4+aWWm4YHHg90rLF5qJxyH9Q=,tag:6CNUEnhFcqjoYEb3eYXiLQ==,type:str] + - ENC[AES256_GCM,data:GMoBmLqWfz2jTAZB7zP2,iv:l9zeVTW7PyQiEvXUFeWWpgn95MD8mvWH+sr/WxzZwPg=,tag:C6VSF92T6mrz/nVKO8/nWQ==,type:str] + - ENC[AES256_GCM,data:1rXU0QTJ8f2Cfr4=,iv:A+NKSIiuv+lCiUdSu7C0ZLiO6G9n05QpAsUWAtoKS78=,tag:yu1VMkDmlaPfKtnMWwhUCw==,type:str] + - ENC[AES256_GCM,data:RFJBSlbC,iv:62mtNypeINeZrPbnHkldJq4eOKRqTkoJrNfIaL28tI4=,tag:/TjUycLdd7RMrWQjhls84w==,type:str] + - ENC[AES256_GCM,data:ROGdUP+V0ncs54U=,iv:mtZfcNeORG3J21hbkvdlgt84z6vRFbIMzwUj93nka+0=,tag:q2FBZOfQ56qhnBS2IskRdQ==,type:str] + - ENC[AES256_GCM,data:KR58937SJHy6E6VszJo=,iv:70yNVw/mp2yikSh64nYNfUWOUSA3joui9cYw9mP43+k=,tag:xBanF2LR/oAVZWjVlEPt+g==,type:str] + - ENC[AES256_GCM,data:zkvpjToXkK51LsDJVMexO/yZ,iv:DvT9oQeC7HsoSk0kwjRqg6M+VQ81OMvSK/YyG9CNn4E=,tag:6QWhvG9LxrdGh7YR3s+t/g==,type:str] + - ENC[AES256_GCM,data:1NFyNrQaUu47XOpYqQ==,iv:RTuHhCqc2+SWdKbDw5EqyFutqO51tC4slH4uPWp9u3k=,tag:jLebiQDpnKOY1q9K+aAx0A==,type:str] + - ENC[AES256_GCM,data:ctG8hl1ZXkJig6U68IjYQjU=,iv:q5/DTvyjy1Y8hB/I2jLyhbJhwZaN29OC+72IDPs3Adk=,tag:96t4EyviITqcGmQ55uG7ew==,type:str] + - ENC[AES256_GCM,data:9ZkeoXlFyDY8Xq1Lr+MX,iv:Nq3M5Y6/833uQicWhLVY+IUFA7zaY18bNCe7RzbBgeU=,tag:WfNtoEbJwFoh0EK0yd6Nmw==,type:str] + - ENC[AES256_GCM,data:utTeilcNkrv0u+gtvUCe,iv:K2VelEo8OxX9utEwVybTAm0z6mqNNZlqoKi8QCQq/1M=,tag:uLdmSm6xngGgqMCqdGUobA==,type:str] + - ENC[AES256_GCM,data:AZZvipjgmx7YFAc=,iv:wGQAI2PofJpT8UCk6+53/fqTdm8TnB1QIG8RwHy8JZc=,tag:LfQSl2s8sNyRhGP2rd61hA==,type:str] + - ENC[AES256_GCM,data:spWoG+DNVN0+0w==,iv:CgiD3f1kkuB6ckfksgzEdNukLpElv3i5fDopDNm18YM=,tag:Lj7c7cawQYrgZq0im+dQmw==,type:str] + - ENC[AES256_GCM,data:yapr5P+Rct5U39emeigxq14=,iv:2bZwxII3+enx+Vh4C9c+53InCGnz5oWUPJrA9YCSCdw=,tag:68pUNUvSJOUo7jxVvXxVTg==,type:str] + - ENC[AES256_GCM,data:ueVCWkUW1uu4KXIh+A==,iv:1f4Up5eDvD5KMSqKIg0pRbXql/paSa7r0Em8bwtrCYU=,tag:JZm7fjzceDk+bENcJY1LmQ==,type:str] + - ENC[AES256_GCM,data:2SVJu/GUBUX1WZVN,iv:UHwm+83HRkwb2wQuGhZw/FUr4z2E+UJTBOnKQhBFCYk=,tag:zp6JKD+abfJ4pvgsDzjJBg==,type:str] + - ENC[AES256_GCM,data:3rFA4ygMFjGt,iv:LenXuyuUVHL8W/I4bvX3sAvUWns1TPE2AJTtPpdVT7M=,tag:BJor0wFhiweXp2oaowkJuQ==,type:str] + - ENC[AES256_GCM,data:RObM3RTCtb+m/qLl,iv:o3Cy3qe3p0rEbgeXv8bs4bumtOUs1MlW4ECQlWua2Tk=,tag:6sgo3wSQHyw5hYxLuakeOA==,type:str] + - ENC[AES256_GCM,data:Z3oO2Del6s5D0LEz,iv:swQEEEjbokyYRffIY5dptkc5zt2Uys0odDGX6U31Ce8=,tag:019hqjr/6FLOrjb1MDa5cA==,type:str] + - ENC[AES256_GCM,data:dRWch5xZ25ZshkcvqTbOwA==,iv:RSG4rq/gX167qezjlZ6dJ8Kyrmoa6LsjVqS+AVtATYg=,tag:eKt3a1ArbNOtV2x3TfZZvg==,type:str] + - ENC[AES256_GCM,data:5VAgJQjgNZccdCYsnfvm,iv:hDbeOTuvgEBAuW5M1clrxS7/q3ojp80iVRq6eKtmlD8=,tag:5dXGdK1LWihy4VaGInLlkw==,type:str] + - ENC[AES256_GCM,data:3IefxI4DLtMa35AQ,iv:c+xVqYmLy+w9bUvuJASXN5bQde5XTFYetx98IFXOlhs=,tag:2CHpjIs1Gk2jCVNbOVZySQ==,type:str] + - ENC[AES256_GCM,data:+XTYXdANAy/LidbSdw==,iv:iZ13FKCdrZByad5wBqkmeY3GS4JBVlIHdeHpj4vVZOM=,tag:vfWk0rpYTu/SCf3emA4DsQ==,type:str] + - ENC[AES256_GCM,data:cic2lBHDj7PBQ1Cctg==,iv:qF50yQKCYO73HvOoKv6v3bEiXCHpFuIH2JQaBjUxlK4=,tag:2Syh04xn9smBW12/ifaAHg==,type:str] + - ENC[AES256_GCM,data:WG7eJq7jAGBH2k4/k/E=,iv:AwVxGhvoG9aW9VfG6RWfY0euqS0zgMgAFhIdh5NJyrA=,tag:lyQvU8THCgySvnh3bjTqOw==,type:str] + - ENC[AES256_GCM,data:KkxLyHzKQIFPBp9YQQ==,iv:/UN9mMtLOfZaxsAAqi5bSYjtPfrrdd0WFFMwKuSq4NY=,tag:Ppufg2dRL89FZcEx176gLQ==,type:str] + - ENC[AES256_GCM,data:0YlHFI2TkWDz7twN21I=,iv:7NH5bbzD+fLrjBkF5eM1wBgb7mvCrI9F0DbdV9J6/sw=,tag:SbkbzVoaI6ZVHTeYLDsPzA==,type:str] + - ENC[AES256_GCM,data:GIOCAuUidrWXDQdQVhI=,iv:vY18aKZfiP12J42CpV40YrdVK3lxtSP+KyN+XF1jFWQ=,tag:+MLkVNujQPo36+Bbp4a6RA==,type:str] + - ENC[AES256_GCM,data:YgzzSU3XDW5uFMCLu3E=,iv:RqzJZy5NN3rUpKZtt/FVI0+sdG5S1Xg4X1DUIKItLAA=,tag:5uhS6GJUgm861BZVDQeRZg==,type:str] + - ENC[AES256_GCM,data:/gmw4hVj0eW2,iv:iRRzGWP7pBuAeZgQieXagoglOse5ESMNAgjkH6I9u+0=,tag:Tn2wRH1/HnzfFyQ5PC0rnA==,type:str] + - ENC[AES256_GCM,data:WM2uqt9Xf3ShN43XW6JyDQ==,iv:osC8VC3gAS7yoitms3WWwgQi9tR7H7SMPSgI2xkoQAI=,tag:zv0PGtGXZiuSt/L0ijqHEA==,type:str] + - ENC[AES256_GCM,data:bdAq2QXldgqRRpyQp3oN,iv:t5iAZ9qDL1ByaNXGV7Icl26GRVPD69/pQprVJtpBIEU=,tag:MbZ8lKMb1IUwA0lrHj5NBA==,type:str] + - ENC[AES256_GCM,data:NInzwfJEYBZEGCOQWg==,iv:wHRV70MR0q046e0wwiNJpd3inMDpwAiR7UMe91x0cRw=,tag:RdNqluDisMANV8494fQ7IQ==,type:str] + - ENC[AES256_GCM,data:kmQGQtnUTJpo1X2l4WyDN0E=,iv:DgyClgrRIj7UjW4WMG35dx1QB4Lm420ZPErUzTG/axU=,tag:UTpmBmy4TPR90caMnHaHYQ==,type:str] + - ENC[AES256_GCM,data:PupEV8ZIhtCDmB2099Goeg==,iv:sjF4jENSCwU2plqRT0wMKfFCB9Ca1iLCTogXKEGx3sw=,tag:PyDAnffaXndTgl5INgtmgA==,type:str] + - ENC[AES256_GCM,data:H3sXH000uj/m/IHMq5M=,iv:vTyoARntWiA5J+JpYBPJsvjfc+hz3iQW2cSKH2pYcAY=,tag:dSa0/JCtyJkLvZ6ZHGt9+Q==,type:str] + - ENC[AES256_GCM,data:WPhWqqBH3Z4BvM0Ya0kX9uSWw4bo,iv:a0vcG2GleBpajZvLVSY7PaFfeYyPywCtrTwvzs1kDOs=,tag:7liuc8yJSb8YH2JaAa+WpA==,type:str] + - ENC[AES256_GCM,data:J4bviggRfFvkFaDb,iv:q7R83u6+lV7/++3JcTfFF3XkQmLxPFJtgmwXTJHLHaE=,tag:fZUhOrtR7vcfnjVFdyiCzw==,type:str] + - ENC[AES256_GCM,data:52gkA2R3/6kylc0naKAE53U=,iv:/kRQgfqa2Ii4x043Yz2fvtzSgFUmS9LEnwWEP8zTlkM=,tag:AV5mHdE30DoNufZkyovQpA==,type:str] + - ENC[AES256_GCM,data:IDpBfZ7ZrxTzgi0C/Vv6,iv:ixT0f1sB6a78hIJk1a4DKzWY/IldbAKuCFAzPgAfFAo=,tag:RJPITXii7qVzTSGWhKQs+Q==,type:str] + - ENC[AES256_GCM,data:RdlBVFocPgfQ6UpPsBc=,iv:bXJmV5n4I5Ke1vW7LzaaEWgjdGBCGekknbFYqe7V2/o=,tag:TO9oL8Lv5cQx1xQEySOyjg==,type:str] + - ENC[AES256_GCM,data:3pNYuc/A40q1hubz4w==,iv:ivobUlbdbP2QdOblFLzNjErYc/LxN98DsmZjS8vJOVs=,tag:XFZrgLuBW44VZEG0QIQ9Mg==,type:str] + - ENC[AES256_GCM,data:FmVUYjaLJryFBrQy4jWG0g==,iv:3rhygDIc3UZY2Ob9jBkKNtb13yqtYHJ8jab9X92mMgA=,tag:QG4+xYdtbYrTpz5GbhXCbA==,type:str] + - ENC[AES256_GCM,data:VdrD89yn1/dRkjfSQ5Xp6uI=,iv:0Bl0b2niNFGk0tG1QsZf1/VjvKUdFPCm3alUHLIbq5Y=,tag:NbB8p0FdGBmUpfm9pKjeyA==,type:str] + - ENC[AES256_GCM,data:NOKbz01/Np9pKA==,iv:OT10OSwtbVfknS4lUGz3Dxgd5m86BgFRDc85UlJGnu0=,tag:9KGZXckOyh2+rAVnpeSB+w==,type:str] + - ENC[AES256_GCM,data:23cgnf3B81MKJHgVRzEUBmPdy0VS+g==,iv:KpSGTLPWdxaIXjV1O64JTN6mGfUgw/AyTo68W3ZrZew=,tag:RHlbL0UvsF3JhTx/skk7tg==,type:str] + - ENC[AES256_GCM,data:papFpkRsK7TQ7F47jn2ButtGuTc=,iv:kTHfxTYXmfA+eI5EYmhtJfnmC4AnuBYXAyhREqW+tKM=,tag:92gPrawrYk0a77VHcZo9vA==,type:str] + - ENC[AES256_GCM,data:t10nL/TOChYv520=,iv:AZpiRAMlOPXSqp+dZ8D7pfudumfGGzAYbw2/LOVQCA4=,tag:SNh5nkW8KD90XEy1OZKMBg==,type:str] + - ENC[AES256_GCM,data:D6lEygm8HEBMdSZWAQ5ZyZmd,iv:oW7rF6bGX3f7gNPWtYQ071ARVTNCbdZMZUfn6oLfe1A=,tag:qLiKhcxIzJNMdQp5gNCY+w==,type:str] + - ENC[AES256_GCM,data:ON8Cds7UNsRMcnsW4JAINA==,iv:y3sHpiO69nZ2PAS4po/+vVIUxnGCBgSIfXcX3EQzgmw=,tag:STt1pq64r+H/JcO9mlNnbQ==,type:str] + - ENC[AES256_GCM,data:EX5PVW8TUWGn+nLO2fDe2GPa,iv:Ng5WbkRmUtHQQDBbvH8msQay0jsmC5X8RjVz+UePUlw=,tag:Q9RdiTFr5VNufejvjL29NQ==,type:str] + - ENC[AES256_GCM,data:x5sjcL8/89Gft5vzvg==,iv:fmNuwFrUbSk3icoPic0fqTpLKkra9NhJhzMnMTjXXQg=,tag:0eOKf33qB3FPDh4cMQk1Sg==,type:str] + - ENC[AES256_GCM,data:PYrKGBNtzK651hI=,iv:utVqdOeV1PAaRURukRYDabWNkraoNGuhGonM4MdoWoc=,tag:bW5jpZ7+o3nNsk1SRikNfg==,type:str] + - ENC[AES256_GCM,data:ym7gkDBBnvR53UyvSCI=,iv:rzCCATYzZFpPLqvpZfueIzscsZa8s9aVsjSwiM+xAMg=,tag:DeJQE35m9R05zAjuacoImA==,type:str] + - ENC[AES256_GCM,data:czDW+D8bxKSgcIuRJbtWcTIROMrE,iv:yHaSoDjO7H/a6Np5KRH1yje3vtJgni/DmhLWF7rprcM=,tag:Mr3ARiroCpdd6+ZmWLZ2Yw==,type:str] + - ENC[AES256_GCM,data:tcai5JsV/dcqJEIa1g==,iv:fNVF6xSJi9wtC4ttG7llfK/47M3XjUO/0dMIklYp+p8=,tag:gV2RH0wvFxmUnsUKSbvbiA==,type:str] + - ENC[AES256_GCM,data:DLF97RMxwyh3Db2xoQIY9DoF0yw=,iv:B2/bcEAsELJQtXoVp98oZSC+J1WSPnJEzly4YaXbNIo=,tag:86yXwTHjEmrnnnA4u3VOXg==,type:str] + - ENC[AES256_GCM,data:LwtXZZC7z24qLPJE,iv:JAQdn3TDU7OhcJMUcZ9eo3kcC41wdt0D2bZlEZ4zdUQ=,tag:+UVLHiCmvz8xEGZ4vtCnXg==,type:str] + - ENC[AES256_GCM,data:jbIEDt1QpB+FnXlicw==,iv:piBV+ugQgzVwnJfW4AVYJ0bWevvB7UuGFOzLuYIKMNw=,tag:U6udjbl1J+YY2zn9byNMrA==,type:str] + - ENC[AES256_GCM,data:YuQMYE52dlfqivz+iDtKYQI=,iv:qjWPJZW8TEOOdZ1XXS/flPjivd8KFKzlJFPIg3/g9DM=,tag:+sOxc4l5yhbCcc62qmUyCg==,type:str] + - ENC[AES256_GCM,data:4JY2HY+SZuobQaWakqU=,iv:8hGwETqV1oX8MXAHuZdT47ffJ7+gbYqZyzzvPCVF0wI=,tag:mojsnZWLDTbrmQKIjxcVMA==,type:str] + - ENC[AES256_GCM,data:1j5iTGsxp5KMJJzSrCd0BaE=,iv:/fZab2OMII18Y6NPiOAhimdkfRyct7NmdPAfY8AtPtQ=,tag:L6t0BAqxQOQJ90+n+21MgQ==,type:str] + - ENC[AES256_GCM,data:G4x2zVZxAVDbUzgwfO4=,iv:BsBQRR+1PKluUUYSK9ks5bbYKjkIRa2MMToSgzcim+k=,tag:uP+6lcyi6LHayWr+T3GGkg==,type:str] + - ENC[AES256_GCM,data:yDcLyZ+VQz85sA==,iv:uNWNSzFD71rDSe1IV84hb41z6Dd9DexcW9zI1rGUFrA=,tag:wMaxq700kzCD0eFxfxLDPA==,type:str] + - ENC[AES256_GCM,data:LbZxutiudJWEpko5ATxs,iv:EOr07gXSIsV/6tQa1tdFK4lCa+UaDcGVVX/fiaExmt8=,tag:Vcr5mAGon01zo7Qphn85IA==,type:str] + - ENC[AES256_GCM,data:b4xY6lxEpuBJDKEZOg8=,iv:oaSEYUVz0LMzghg6w9xcD1IRHN/54AQgFVA+EJSyhG4=,tag:bXOBuhG8ZhlfB5BO2NeGFw==,type:str] + - ENC[AES256_GCM,data:YsdAw+sIhV5fCYrSBjhx,iv:aKk4Osk6MYM6ZyrSSKfgNF/fTp84NpCpPrILSAaWkI4=,tag:4Gw7MJ+aaIofai/zjQcfaA==,type:str] + - ENC[AES256_GCM,data:RN2JKB+oJJxnwg==,iv:fH8vmzh1JE3TPD125ESKjjodz5ohzekZ7mnzH3THtL0=,tag:88EELsOk8fTzieI8ME72qw==,type:str] + - ENC[AES256_GCM,data:l4UNnwNCO8c/wF5XhA==,iv:ZcuA8kqIilburKhkwEQ+kdvVoDc9pX8rc+/r6M+yY7c=,tag:kqhSNhrSr7g4Ckjn16G3xw==,type:str] + - ENC[AES256_GCM,data:z/MMi9MUnMHR6VbvY7iFmm3MJTpLcQ==,iv:7+bQyFlHaWQMms3Gq9daNJ5pgzthBwRyUaNQC9OgBNk=,tag:n74j/mwDXabU28tPh8ERMA==,type:str] + - ENC[AES256_GCM,data:4V/keHFYxRdfgBSGi1L0QBlukw==,iv:gfeLYDjToBrOlhWKBlWdqTBJnNnL5Z7hv7+9RmDXo3Q=,tag:jUfzREA1NOa4J7pPYR4yBQ==,type:str] + - ENC[AES256_GCM,data:ma8PGHtQlSMN,iv:S2KQz15jSmwYzFiShpriWoenxVAXjAzbx0IqQFO3b+Q=,tag:77ah/SWuTCNuvoFw3nN3kQ==,type:str] + - ENC[AES256_GCM,data:0FakySlVBFGDVGyOuweExEJC,iv:kehshIhzKT/ufQRHm5+W8KZGThnWC6Zkv/e7L70cu04=,tag:7w70VNmIs/9c31DV+wljlA==,type:str] + - ENC[AES256_GCM,data:HIyARmb9T2Y6ucs=,iv:zi2AXSOIMBv0KcSRDM8I+t1kNWVqJimGjCjoQ25EvXA=,tag:xNXtQpJss03wJ9GYK5RKRA==,type:str] + - ENC[AES256_GCM,data:vCbPFhpXMRVvXlnLP6zpVwI=,iv:FIrbVj3O0rPrn6xvdv+7Kd7Kk0WvfTaz/RNA075Q2nE=,tag:/hsQTorfKG4jfUJqstYUpg==,type:str] + - ENC[AES256_GCM,data:w0UtSLlt1yHydlg=,iv:r6AayOgRxT57/09aSrjEakV8JHPP7j1dc4N8y2E8Tko=,tag:xKNxJWGMrHAiy3Ra58ufzw==,type:str] + - ENC[AES256_GCM,data:PH2t1AcrR9ojPhR73w==,iv:SbNmX5baYsA9sEhtPoHkRlo5n3ADzAupBt2Hb6unCKU=,tag:+YOPtXoz277P2hY9uz4aSw==,type:str] + - ENC[AES256_GCM,data:rp/4zQDCTiz3cmZDQt/F,iv:rxSYq4BSjnhBdryo6J4/C4P4cxxHt6Ot8juRZC9v4VI=,tag:TIixVUv4D5f7uZRdBQUNZA==,type:str] + - ENC[AES256_GCM,data:WOgAdzWQGh2oKfnMnGU=,iv:Cq3UBU8h6DSUYkfHGmKouFEfZOp6iBAkCKC4DGmdzOE=,tag:l5VtYW1jDZ/M+RXFK5lGkQ==,type:str] + - ENC[AES256_GCM,data:jR4RAwbLCnb6m5fnDaJD,iv:/kVmSyTycvbVgfp4SH8kOVKTZcRWfKP3d3xEbgaxlEo=,tag:2Xdzm5A07zNQuaKjLNVmKA==,type:str] + - ENC[AES256_GCM,data:GIjb4KqIr5e6ng4zoVHkyLk=,iv:p3vB9pxhv/x8ictPr5P4lEiHqZ5KFZu2ZFRaI5cehuQ=,tag:IF87AlLvYwXFQDP+YQxfsA==,type:str] + - ENC[AES256_GCM,data:huzG/nDRA0/xRU0asEYH,iv:KP0cUtFPN0/NeHtHjAv/V8J/drXxk5waPlJ2bFzJ2gw=,tag:hRnwa2ghzqCFaYHUcuWznw==,type:str] + - ENC[AES256_GCM,data:iReVAxXi93h855GmvHpk,iv:qBeJE7QEMUsCroc7p3VBMV9a2SfoecyrxB0DDYdXFgk=,tag:Z84/Mk/DdDE45xzt4faXUw==,type:str] + - ENC[AES256_GCM,data:AK9AMGRPda2j88s=,iv:PnQdKHtTGbQnFTbdqJDN2TMnYNsxeaqPlLtu+vvdvhQ=,tag:rn44oVHxxZiyTJkbEmGpzA==,type:str] + - ENC[AES256_GCM,data:V7JRgdXVhWwFyA==,iv:ECuRH9qveKOKFABESr+jl4wTH9bQEcpQfNPCJbg70AQ=,tag:TP5BXJhPCpdEQzy1K4eUMA==,type:str] + - ENC[AES256_GCM,data:+KexJ6dS2jvgL6aS,iv:z5jnxe1xjYtmiH5YQPI88sUF3ISnN/1JWmw7uoI62Xg=,tag:cPjQq7SGr0LBY/0ISHhRDQ==,type:str] + - ENC[AES256_GCM,data:N+LBPBI0VwjmgG7q4w==,iv:ST+RlGMgEAl1lKeVT/p8Dyfc7j2UjEqzP0yc2Y5RHso=,tag:99fZMclBXkSxXPo4DhmVfg==,type:str] + - ENC[AES256_GCM,data:F5ouIkt9SqYM8ww=,iv:Wk3IcolqyLQ54XYfNoeaAk3GMbmWmOt57pjkqxbQ4EQ=,tag:RDi/68TFZ7LFuUYbtZLeoA==,type:str] + - ENC[AES256_GCM,data:035iLEoRX48EA3Q=,iv:xIddQIudHkO6F+yjI4QDlTokrtOuV5N6L5mWVaj6jCc=,tag:EhTjkjNtIKpd9RFk4u29OA==,type:str] + - ENC[AES256_GCM,data:0DhGbvUGCogrwRY=,iv:Viex5Gy4uHfFQzGDguJLuFOuT/lCk2We1trHNeuqc+w=,tag:4wtUmWfZjRwh6yw1DnAyxw==,type:str] + - ENC[AES256_GCM,data:dQq5H8AkI7nc,iv:/RMoSpAQ7MHoRD0JcoHYDfrvMbv1fcHUvDqSz7TUUPc=,tag:0t+lbzF2FhOzlHyUbda/Ow==,type:str] + - ENC[AES256_GCM,data:C8NADaeYCe+KKFPEgTk=,iv:L9EoIc5dyAna265ffzj3GS4Z0nwWKpbEbt48Cf5SEak=,tag:7aX5a7QpBZxxp9Npe6df9A==,type:str] + - ENC[AES256_GCM,data:1a+y9G57Uu531rXa0aSPW0jAdw==,iv:DFV0L2gEcGm4W8RZMUWHxYnt68WvPlLpNbfPSS6bTeI=,tag:w16lnGSQP0bU+8UXE+NwRQ==,type:str] + - ENC[AES256_GCM,data:jDJVBiWKo189Rq9wKA==,iv:x10nnhkcH9fkxkRIoqG3ffBjxsxzIOGBruqDm+fXwfQ=,tag:5kWtU8db0tNhGkyw3ALTPw==,type:str] + - ENC[AES256_GCM,data:nABreUVErV1VxDg=,iv:kgQu1I5U1jMN6D9q/M1jmTfsPar+A3FfwiY/ret+RrE=,tag:f73AkqgxYsdwYpySaBWKiw==,type:str] + - ENC[AES256_GCM,data:opnXiXYDanDCuEKY,iv:6w/xCJZLplagc/p7fuqb+IgCIEvkzvUaiZ463UxZC7g=,tag:VyEYweqjJaXOd4AVW7RcTQ==,type:str] + - ENC[AES256_GCM,data:dF+9nyo2FOaQ,iv:OS3kcDouBIp1IOMpX8uidM4o16c/PgGrcdvjmuawowo=,tag:xWa0GQ9nxP8dNWAJ02f69g==,type:str] + - ENC[AES256_GCM,data:wSGo0pGp7X0X,iv:0R5d0CE6211WlIZlmZt4wqmbUy5FO2pWuHZXHIiJLHk=,tag:mlO7pkWEvowP4d6ksNbehw==,type:str] + - ENC[AES256_GCM,data:wuPt3FgKwDlKjQ==,iv:2RDm6DA84E4nsC08srYmAc/I/aRxl3M2f7gQmufowPg=,tag:1uje5rntiknTLJkWP+XQGg==,type:str] + - ENC[AES256_GCM,data:DBIN89qvx052Cg==,iv:I/dHzwLeV+NsAvYfsh89hN+dMRBz0bFfu4MowN5Fexk=,tag:HUUycEM30YoM1k7narKaGA==,type:str] + - ENC[AES256_GCM,data:wdrM+/e2+G7FI1I=,iv:sguWrk20lCq2w9LoMTL0kPrus7ZyPBa8rBVzwYCORiQ=,tag:mlG6yrZOenVRRW2erEbzqw==,type:str] + - ENC[AES256_GCM,data:S3Pzl1QahEi0l9loFw==,iv:YkN4vzVk9RsXXjzIG4i0eko4NQguJ+lIVz3ijbNbNao=,tag:JrCwgxdjxhH9/9ONSvTSDQ==,type:str] + - ENC[AES256_GCM,data:A/p0l5U=,iv:pvBJ0Sfaqir2Zg045mlyg3X5cAQAkW59oDGM4zQW860=,tag:cSfUaRvZGl24g1sL79Ql9g==,type:str] + - ENC[AES256_GCM,data:GBb/IA1RbO59gQc=,iv:nh7g1ao8GICIYzG8qttC9xPYpw/bqv8wba2LmG+PnCU=,tag:jNUUCV25IEJMfEsF7BFjpA==,type:str] + - ENC[AES256_GCM,data:nz5zi7GklEzjWA==,iv:QSEwNJ6ric3zTi1nWLucXBe8rCcr8F9fL8QeOqTsfpI=,tag:m3zWzgZmJXUHHpWNA9uTKg==,type:str] + - ENC[AES256_GCM,data:r9Sfun+XCh3zJpbeWA==,iv:rFEZ3LH5jNVyfq25LXInUCuIQvouthqw/XKhtKyqu2w=,tag:aI94HTHBwMDPPCfXa4caqA==,type:str] + - ENC[AES256_GCM,data:w5S7JXdE48N2Y1c=,iv:H/lkygxDbloZuHknh3Dptgcnqsf/97QzRbphbVEo7Zc=,tag:Q3hk2/YIJlFL8YFKJrYiWg==,type:str] + - ENC[AES256_GCM,data:KQVydCWHywkSIFMC,iv:xiA2Uw6WSA4dPMmeAxMgAhCHcnP9nSXxVVBKlGNSJzc=,tag:Zas574ZyunUesR8wqdFxnw==,type:str] + - ENC[AES256_GCM,data:siw2NYePeFMwEnIL,iv:xdHmMjhILRi7UNd5sfnQTdnQL70uANmb78A9Th+ajxI=,tag:F400L5lSiXm++c4rIYAlbQ==,type:str] + - ENC[AES256_GCM,data:3oW6QRe/TKrZF46+IOBD,iv:W5zT3UxNyev7/gslh5IP4ml01b21nBci4pGamFUxJ6M=,tag:teMqZMrivGObxUDNIJPvKw==,type:str] + - ENC[AES256_GCM,data:Pe3WqTX4YQI52nD3o+ewBg==,iv:QRY/8qSvy3UdDNnzRoFqc2jh5rIcEg79aqpW0jZaEVs=,tag:qQdxpmyU0MOaJRoFfLW6Vg==,type:str] + - ENC[AES256_GCM,data:+GdDySsCVQ==,iv:l+UjSphGqkAGI27TWbzaFz+uHo9huYEgNqCmW577UBg=,tag:BPwPfaCXVOIAVtVKXD/l2A==,type:str] + - ENC[AES256_GCM,data:NDW42Nsdt18DW3Bm,iv:ATxFXCJl/yT7OLe9ufEpomhoebQyiVhmKu19sFwIpYM=,tag:KEfgqDQcQmZ2Eh/MlZAFEg==,type:str] + - ENC[AES256_GCM,data:C+wOBZxu4lHeVfbJBg==,iv:P0BC2Z6OV/v1UVGHo8qCYtcYyawmw4/yEi5eR6dSm40=,tag:99Bq5PvhZWwvrJiaLhzXkg==,type:str] + - ENC[AES256_GCM,data:UoM9BqadSEEsjp11Zw==,iv:+9YYd5LePnzh6fr/3Xak0R1T/B2b04G/bS3Yz6pdwL0=,tag:djas431OVBMQL00NKE5Mlw==,type:str] + - ENC[AES256_GCM,data:O9bJluNvzGwzQzxld3M=,iv:/95UpIDknZP5YsFz4wZUgFWDJz5kxphocHiw91D5l4o=,tag:YIy1NMd2tLWVe/h1uFmuNg==,type:str] + - ENC[AES256_GCM,data:3C+RcmBjNl8SC7p7DXM=,iv:mUIR+1K+/y4kZrfgpDkuWYUUj1O9Ys+u7LNxJ8Xbm/A=,tag:tbejEz0r05R23Tt/4GF48w==,type:str] + - ENC[AES256_GCM,data:EUWexHZimJpfYvI=,iv:hcrdNxiAl+P2WZry9AI5ek4m1In8DeTp5RUlBHcOv54=,tag:leAF5yBA5YHvZp6AJB6QRw==,type:str] + - ENC[AES256_GCM,data:rh+I7aDWsNX6ydpe40wH,iv:AsMlyQmb5GUfsl6OwR6k1wW6vWL9fVjjgLozmGsg3nY=,tag:z24Kel7z/jZoJxIh715roQ==,type:str] + - ENC[AES256_GCM,data:f0UIqcQicKabKd7OZnct9g4KotI=,iv:tBTbhTY7F/p/w1T05/282QqfOKOYeceZ7powcJMu4yw=,tag:lIGWKh+O8ZXiXDgqWXKOMw==,type:str] + - ENC[AES256_GCM,data:ihDf9YPzh9AcoyImavJm,iv:YsmeBm1Yc9chjIVbmfdxq/FKAPDTeX0kyO6FXHz3/DA=,tag:4huYc7OAG4stvVGV3H0aMA==,type:str] + - ENC[AES256_GCM,data:mxN5QE5Bbk0z692MSh4=,iv:wTRP3QTYH/rUPCJPO7yA+WZQsEMNkZ+ose4zSQHP+rU=,tag:YbqImwmJxNvYXP9kJSndLQ==,type:str] + - ENC[AES256_GCM,data:4KPf33jNYC3Jnc0=,iv:wLU+XB32X3ciS0VgIypdVu8NGz4B0GYAgkxGeTV8I5M=,tag:RyNdtsoaK4K1ACBl9b8v+w==,type:str] + - ENC[AES256_GCM,data:iiIZYTjYp/j+5ilfak4ZSlxeWQ==,iv:GBy0s8kv1ZgFOUt+au5L1F4thV5qkLSGmrZMtbQjhd4=,tag:G2Jql7xuucFthjfXe1Suig==,type:str] + - ENC[AES256_GCM,data:lSgaCn13nArSC6JvEgOpGA==,iv:BXTXqxwTaH6s1r6oGQyckrJMsxv3MnLXq6i1aZaWE7w=,tag:sWGnibnmzuciD98k8ihGvQ==,type:str] + - ENC[AES256_GCM,data:S9xEUKldaACHdc0e,iv:CRACNm9Nu+D0Qw+lNZKPCpJxaVVcxefWjRyZSYups3c=,tag:+V7tqeDD/XRZRV7A2GKjhA==,type:str] + - ENC[AES256_GCM,data:QU9KJOwBuw==,iv:0aSW7FoDdkjETWi8V4mwXhcgxm/wvyj+aU6gU0lp+m4=,tag:Oj+lz5wyMmhsbx8U1Ugcjw==,type:str] + - ENC[AES256_GCM,data:5ZBHOF3/tPNaec0=,iv:L5XQFcMw3VKHTN424x5lGWWHmtNZS3sSma/n6ZWb184=,tag:VChzwZx71v7iXso4GyEQyQ==,type:str] + - ENC[AES256_GCM,data:2MqYNylF63VvCRKUqgY=,iv:Qtg+NdeAqzxCw+Z4J8WIX2lQ3IBDC3u0SjKH/LuiaT8=,tag:zvpHuET+Bl0Y1L/2s4KzBQ==,type:str] + - ENC[AES256_GCM,data:NRfPjbuLY9mHH0BF6A==,iv:G8dxExrb6SQwggJwFhRAmNPcHQpbyQCJjZDug/jZT+g=,tag:iKpc19Unqi/Vegab9AaaeA==,type:str] + - ENC[AES256_GCM,data:1UrCX8uQHNc1XehFnVg=,iv:sFKy7qua36QRdMSjmhiAp5XGszXBMKJWwbu1DtYJeVw=,tag:d924lQcnv/d2sWotEP2QRA==,type:str] + - ENC[AES256_GCM,data:U5B+d/A6XzLyurPsDHvIIBdR,iv:nFrA70+T6EOArlTi5lm3q2/A4dnAMkxtLttZ6G7aQyg=,tag:03uQkDnw4SxzgVs//oTGeQ==,type:str] + - ENC[AES256_GCM,data:wjy9M6mR/XQNeKuyTmmay+g=,iv:Mv71bz1Oc5xXkcM0Rtpj8zlaT6rsMPvN6iq6YHNv0mA=,tag:kvBBdtr13SrD4vRoht5FJg==,type:str] + - ENC[AES256_GCM,data:EKLTr1j+BfujA7Y=,iv:/EtfAyyuFlggnxTjmi+3Kr8/2cjNrvWeYUkZgb+lmFM=,tag:u/NKzVRo3Wws3fVYuXuF8Q==,type:str] + - ENC[AES256_GCM,data:8AiyLn8Op+fH2vTLFa4g,iv:SUctf39vneQYzB8xFipYVzQWIBQMkMPOL6oD4g7A8tQ=,tag:OcrDPoKTbFiXl4/3IKxQWA==,type:str] + - ENC[AES256_GCM,data:bsLXzJ5P6FnQmar4kg==,iv:CAb99iOoq2ZSs59myC/s8yujkZwwgTlgwSS4YebnamI=,tag:mpax+Z6rB9DgoFccRv8bdw==,type:str] + - ENC[AES256_GCM,data:LW2f98iCrRnGpuKY0IT61QaCmg==,iv:HqYy4Y+K83hqWIYp36mMayjRPbElKxxe48qA+tp+wfw=,tag:rwNImm9J3K2eid9Fz4Lv+Q==,type:str] + - ENC[AES256_GCM,data:IPLxkLtIA5hPDW+z5Q==,iv:swDt3o+dgwMTRyqh3V9WLZeKlQR87E8x/c6LT40zjrs=,tag:dHQQohn9VBgSfISTjY5fVQ==,type:str] + - ENC[AES256_GCM,data:ukGAVa4ij1eTUA==,iv:aYzY4tDEX4OwifQYBgbVnQciAVwXwggusmrbZ2nDn3o=,tag:JeJ24HFlxI1RS2MMpXBGeA==,type:str] + - ENC[AES256_GCM,data:XpA0Im+1AClRddk=,iv:t5G5y68UEr+gKIzl4GDB+ExeH37Xg4RWdDARqwBDAls=,tag:rfQP7hsFYb0LPUenm7OZsw==,type:str] + - ENC[AES256_GCM,data:oFDgrthtqHv60Ag=,iv:0jHQt6l05D5RosbuvOrP7BkrC/TcQp6LwtfpzDQnKVI=,tag:FCUWHB1vkOGwqgJVyPVSTw==,type:str] + - ENC[AES256_GCM,data:Pz7fm0EdQvOus2Vtcg==,iv:8ekR0zvxf88c5v0X6sUMrG3KlFI6dtBSOcvHxUIP4Z4=,tag:ft+2DXiFrSpZbGr9TycSPg==,type:str] + - ENC[AES256_GCM,data:tjJ4KA0OCAnyN3L6,iv:yR3whaHq0sAwfEiH8UfCkUQURUFBj3XxrtdQxqT8NxE=,tag:yQUQwBr9UK+8I7133rDLJw==,type:str] + - ENC[AES256_GCM,data:AfFrLV40yioD5O/XNA==,iv:wOZuYuRVjaKMmaVT9Kd2HbODKZblDb0FNheJ/621WCc=,tag:5jtPdQaWF84Q5FPgXFDiNw==,type:str] + - ENC[AES256_GCM,data:S3pUbfYpBDj0dEvqkg==,iv:20OJBzVcp3MsjxDY3sajDbszDVZQvhBg5eAW7ZMYRXI=,tag:BoUc4wRu/1n7ahHNKwMWoQ==,type:str] + - ENC[AES256_GCM,data:s7L0Yr7bt7ecki0=,iv:mKfbt9+P4Cj9HxGM9tx6nocL87LckyOgGqb4IDd60Xg=,tag:95f7CEr05QXy0e0/OlpmMg==,type:str] + - ENC[AES256_GCM,data:N7YideEiCGbH,iv:FPuf7kjeHDeLtlyYGRCcdwCao1PJshSdVHgmZl2qTLw=,tag:w78ijxJSLsvlHgmJyZu5vA==,type:str] + - ENC[AES256_GCM,data:Rd9ine6LepMpdpKXkb0N,iv:ypIn8g745OXLfTSPZyxfhg+svTpl+t81+I3V0PyGDmg=,tag:r6twlwHFl8N3aopB6fK7lA==,type:str] + - ENC[AES256_GCM,data:AE1TBSe/Omapa8/ojA==,iv:56kzvvO5OOvGTBKVnSEwjKoJYAJ4RCDwEK5IHquoei8=,tag:1LWjLib6l5k9IilQDofWHQ==,type:str] + - ENC[AES256_GCM,data:gn5vWhBWkH9F,iv:bg6mM+vTYWeWNPoN/lPm6K99lyelX0GxI3L/Z0pphzc=,tag:Wfqc9YvuDtWE+Q0QV1ndPw==,type:str] + - ENC[AES256_GCM,data:pqusmxVya88LgDCjXg==,iv:THx7nLmm/a6Bsh/dGTf4epg2lGheR9dpSVUHhLHRDEw=,tag:h7mL/VfjOB0iTnZKhDuAVQ==,type:str] + - ENC[AES256_GCM,data:HK0viEzHfg3rvHggkIYo,iv:h8aL9OwsNLa1RZ0t+3L5tqVllfWzk+KFe/go2HcL3P8=,tag:kljoWddUIREziD5PeY20VQ==,type:str] + - ENC[AES256_GCM,data:tm4v31NsQ5rXgm6Ly3OZypa33eS0,iv:cltE39MWkg6vWjCrWsA5AVMFiL++yVK0kWsaRezobSI=,tag:YzgXx1xwBiSzkhPz+RVc7w==,type:str] + - ENC[AES256_GCM,data:xfLUWdhERSQTi5GqbsFWMJyOXw==,iv:KIVMvblsVZT3AnKJyvnBr+ZlZUdxJuJtYP/NuOW9ZMI=,tag:02tqNnVD1fEOAG7vNbW+lw==,type:str] + - ENC[AES256_GCM,data:o1/NnUwJH42b3o7QmENpiw==,iv:XuYIJDyMk0C1BpTJ4wQ1GEkU8B5At4BNQjfoKNRoSpc=,tag:WNRrvSf9nyW4zHcmm+LEVQ==,type:str] + - ENC[AES256_GCM,data:q43OCLQDQ0KhwfHL,iv:6PU7kGSkXY0wOwMA4LF3rGG5KUZ2c19DySO6bHvh1C8=,tag:NL0ZjMFDHzl68ICsm6Amjg==,type:str] + - ENC[AES256_GCM,data:Na7UUdH2y7bC09E=,iv:uTXC5cQMS3rf1hdTHDG6EcOsh0A5LLwcRDpBo4P16PY=,tag:QMvyKteC5xeW65S1Ypy13w==,type:str] + - ENC[AES256_GCM,data:8NxLhgy9BRQp9Js=,iv:o/IIHk9GP5Fp+adzA19yx6XfLG1R+oiMJRMUoFXHqAU=,tag:HPhcUoNIvWSdzdFoKRuOTA==,type:str] + - ENC[AES256_GCM,data:SEij7tp62D7NdOdx,iv:iQLDap+ofKJnD8Hf49lYlYdEUkV4aBnlrYDcSF20lqY=,tag:lxaQnfiyD0gQ7Sq6W4y56A==,type:str] + - ENC[AES256_GCM,data:MgEFzjFw1v0FJQdq0g==,iv:AdUkShMEkzzo7GiCuVewLcLIImtOvQdmLu57MB9MPMk=,tag:VycLoHn0l7Q5+ceF6OpWWQ==,type:str] + - ENC[AES256_GCM,data:mCJaTAX7LZ7jk+wo,iv:r+iEzzjTG6xnfzN1LifwrRhYi6g/VBP2lVdXzjP1Eyc=,tag:DhagTPm/QBw/2jXLTZ/fKQ==,type:str] + - ENC[AES256_GCM,data:H5KAwns/cl8m,iv:N7dL09i+NwFGanDWIc/e4wm2cN4HoK28f/8C0sBFjww=,tag:d7G/xfhJIjIXwN0QPof8Gw==,type:str] + - ENC[AES256_GCM,data:RoYHdEBDqMs8TiQyMz8=,iv:fRKcvoejkBbkdDS7qeV2rivU3E0nEKgZNA/u0L/J74c=,tag:KuhFXbkPCcpjTROVUifjSg==,type:str] + - ENC[AES256_GCM,data:WOz/9U4o0ksulA==,iv:9JiN1nbVEq6+CzELNoOjCcmYP7Y7rmE0AA5HAJuR6cg=,tag:VhIR8rSwITb2bFNHtVcTkg==,type:str] + - ENC[AES256_GCM,data:ijQaVugpDiUJH6Eo9g==,iv:HS5WSk2mxFK+xOClzBrw7TrSQUPjH+ValQWQvuwGO7M=,tag:tdm+fMP0injXid0t5Dy6sg==,type:str] + - ENC[AES256_GCM,data:sLUczPB+0tnB9bo=,iv:qV0s/fltIaayXcGNIo70lW248lhi/Yvb/4+z534k5Oo=,tag:9jVJ2vJrocc08FakCAfFRg==,type:str] + - ENC[AES256_GCM,data:e485/5XpACiQVk3a804=,iv:zT84VrplZHpsgMJAP9k1oA7EKaVuPdJbUNzJRmkE0Wk=,tag:qC74FYpwD/k+Hg4C3Vw3Ew==,type:str] + - ENC[AES256_GCM,data:Bgp/+HP7dW8kyeGqL58=,iv:m7f4yTdPeL+q/68cUj3GDLkAflACtQcls4Qp9sh/tJM=,tag:UFcCRM02TEUbbay6+s4fqg==,type:str] + - ENC[AES256_GCM,data:ns6U8B5QW2bulQ==,iv:tl6vf5ZEJTBKHOYtlZnxziF+Tso4ZffGr2oX0lRd5zY=,tag:JRoqaeoS9fZBHvKbDR+h5Q==,type:str] + - ENC[AES256_GCM,data:m5mbJi1jbrA4dNmCnQ==,iv:HWxnrRify/qCJe91CEz+Q6v/CTwSApgD0kPm8X5qPEA=,tag:r+aSuRB6r9oZXTI/rcfbZw==,type:str] + - ENC[AES256_GCM,data:GqQ54g2cOvYwAY64A+airA==,iv:jTuPnaPyLcDV0toefm53ih3XmrZ9hbe0GSNXwOIl/tk=,tag:FW3FxJUQX/qab4e1QhSWYw==,type:str] + - ENC[AES256_GCM,data:iQgm4J0RqwNZIGqWLw0=,iv:MhoZUqlG6Kt71Ad1sUk7arP/mcStLxMw01yBo6Qax0E=,tag:B+4MFdpQu1QrA037l+9a9g==,type:str] + - ENC[AES256_GCM,data:BTMV4E6y1/AOVo6AaPqY,iv:nQ51IWu1eVr/O9aDop1WPXRSFq+kZVy8q9IHvtgmrzo=,tag:9ev/HS6ObfMZU2NkEXKJZQ==,type:str] + - ENC[AES256_GCM,data:Rs2vk8wxslfxUdxYD0T7,iv:ITNOt8s5aTN1LJzfM8+lhcxOoNaMpRP8hU9g933X81M=,tag:kpUQ5m73AMf9JzDwB0mYaw==,type:str] + - ENC[AES256_GCM,data:mEhH4JkRZXmQAQc=,iv:7hFkg1g6rDGqqk9TVOneotWBmrab4P0Aux1eQvdcWNk=,tag:4Di6Kl2UpWPNzKsHq5W+1g==,type:str] + - ENC[AES256_GCM,data:I6gibzoaofrlC34kQw==,iv:m8y0TRYgXSHoQ0avihqx5DLRsAntoaxVA2PECsHCwCU=,tag:0o1SDuIF0evAY512MeQMsA==,type:str] + - ENC[AES256_GCM,data:iK3go9cW+gfyCmKU6zA=,iv:/Qc5VxB7ilfqTR/jqwTZB/dWHyTiFsiGQAqXXQH62pI=,tag:9pwI9GXk0CcYl0ScbrgKvw==,type:str] + - ENC[AES256_GCM,data:HfUi+5JN1kwB08sp8g==,iv:sj32oVd2e1d3uWncG2Q4HHLugPjuJRczbUZrnOXWAdg=,tag:Lw3X44MzVY8DdYAH4dPX4A==,type:str] + - ENC[AES256_GCM,data:rCVxGdHwiay2wROoZy8NVokHmg==,iv:bMCXeE8LtkJZpRplYknE5kkv0VC+7D1XEQ86oglXmD4=,tag:huJw+zXd4jOFpqf/AzS1KQ==,type:str] + - ENC[AES256_GCM,data:YkPKTU8adNc=,iv:ysYwSJCAyZCfJovlFtPBLLOauQIJ8revNsEhMP5pURI=,tag:AKWf22j6I1J25qNxRmDBZQ==,type:str] + - ENC[AES256_GCM,data:99KhSBTBi3VV13D9,iv:Xr7E5RfQNDcSh4CoEd0bkRL0LfCkvEchlL5u18+ml6A=,tag:QjlGvI0zLJpeJhk2ArSZkA==,type:str] + - ENC[AES256_GCM,data:HrdVEZ5N72dJ2vSLO+FL6Ew=,iv:Oqg+dZqGN75ToF61ymWg9j5Eo58i16YExnDWWKHWfQs=,tag:CfD+e6EbJqc7QrucI76YYw==,type:str] + - ENC[AES256_GCM,data:89EEe+/4APa2OaP/fbQqNFUc4w==,iv:fRT7vAvg8rSIGfTHHqDWuavePgfZwMAOD/d5tU/CCng=,tag:xZ7rYBh4i6MIvL4D4dFJwA==,type:str] + - ENC[AES256_GCM,data:lNYo94AwDd8UA7g=,iv:eU/tbJQHXztwmgpOyDrtpqLk3vNx9pU1KHDuWj886Fk=,tag:u4TCaf7gy+DBcjGNHVrW3A==,type:str] + - ENC[AES256_GCM,data:4qXx7Tm1Jg1deYgN8r0BZw==,iv:LXgqodappI+PO8GzxninvGNagqs3Lcbss27PrbNnNEQ=,tag:lsWlw8c6V0hrLWOnwsMTEA==,type:str] + - ENC[AES256_GCM,data:OBNGLg4fAZN/mC79i1FQIHAkfRfkHQ==,iv:2yfotiRsch/tZKJWqqobPEkVVm8A5/SJeth2anluc74=,tag:9QNhzXCD2LplqAJbr98G4g==,type:str] + - ENC[AES256_GCM,data:kTKE20lzAURBFA==,iv:z+dntYI8sz9N+PPA4iLui9Cf6LKHs2Qg9T/SFNFe118=,tag:rJlUYb8Ybr9K9gLDCyXJ4g==,type:str] + - ENC[AES256_GCM,data:S2uvFAljJ9TI0oTuCIxH,iv:NI4qYouvOH/xkkZ17WFNizWWC5ABBIIUx2cPpxYr+nA=,tag:cE9PoYFlnMF+Ywo3m/dnXw==,type:str] + - ENC[AES256_GCM,data:+Y6gvViBNIl9XhzHBIuNcQe5,iv:OfIGDoOHgX6PKvU31hG7KSY7mCwReeE5otk7+94KKvc=,tag:HgL8YuURK3ncDxQ+oaYFPQ==,type:str] + - ENC[AES256_GCM,data:mUFi5tcpkpfktxiGOmt0bgM=,iv:ii/dRcJFysdYfj2+aRRkWZ2Lf43N1Uv+Z4v6f9IoujY=,tag:WwPEWOTvUnoTY7WscHpTKA==,type:str] + - ENC[AES256_GCM,data:Mv+Idv5URVjNumEm,iv:1qxH4cPtrEU5fGf2wIC1QQGlpGxdF7ULp9nNz+CMSaI=,tag:f7dVYgqJ++vriZeVpWX0LQ==,type:str] + - ENC[AES256_GCM,data:ccX9IW3fCQwfCc+OdkE=,iv:mghIFvi7hyg8UInwAEDd/5M9lsz8+wZYWSSlFO3tkyo=,tag:Gtp1wlk11K1NIAVm0Y/dow==,type:str] + - ENC[AES256_GCM,data:Sz8ct5i0V1LeE2miNdV2tzUI,iv:b4f4AKYT8SXSWS4PG4jVZWgiCT2KQS1fCWpryeL2+jI=,tag:jQp+smdRrcNAQmvc5aRrjA==,type:str] + - ENC[AES256_GCM,data:8Veb3mu3NBSdxgwaoHHmiA==,iv:JwKvsxJ/xM/gqINZKTESIPxQ87q1UAkFnmowlCQlv/s=,tag:2xZBXAtPdSQbhRiMRPQqHQ==,type:str] + - ENC[AES256_GCM,data:5dGc2UC8qsi1cDLr,iv:rtyMFHbtT/1WBm4AHfTjQpFlyv97G/r0T0PiQTS5wRo=,tag:CJIuuRkA5sY9mIR+yYkeMA==,type:str] + - ENC[AES256_GCM,data:EtkHZUBdAEMmYWjc5A==,iv:eJE8fgjpsti8TDKVhc8kXVNn/sPHgH2g3wUwVOExGdA=,tag:+aREOvybJPwmv6hpCbjJkg==,type:str] + - ENC[AES256_GCM,data:fGto88gwTUO0CA==,iv:8fyCvAZu4mBXrvwpPazs2QzKFk5+/hJ5viiyWxyn+nY=,tag:+tp0b241I8585unvAXUrPA==,type:str] + - ENC[AES256_GCM,data:sTN1HQSWsNwu6aLYVjIg,iv:sR3PKIvLSmF4OWT9Kkj04OMZZlRjEpLP+l7k7EsDcEw=,tag:ncyIWK8hBrpSvBo2h2sP5Q==,type:str] + - ENC[AES256_GCM,data:zDc8PyRuLJfUhACl,iv:6uqMyBu6Zag9lngVYOZlhnwz6AOhofZHA7wCgvc1E2w=,tag:EdTM8XOafA9J/k9ipCCDdA==,type:str] + - ENC[AES256_GCM,data:nF7IXq3SyIUkIFbH,iv:H0Z4gbNjRwtRqsTo8xk0XQI9aVSnr057KGS8E4km+ko=,tag:wb6PoBVCGirFS3xHGRk0/Q==,type:str] + - ENC[AES256_GCM,data:/poYx657iezQ,iv:rSIQQunwEMWOkYDv6etcrw8/ALgydWbhkXNZ9q5xMPI=,tag:ZnLJzHaopcHmu8OW49tzbw==,type:str] + - ENC[AES256_GCM,data:vg3lUH/rVjykbd/QcQ==,iv:89AO/hkx3Ae99uVPBLlOn2QLsUszDzVGDcCEDgWoBp4=,tag:SVCINYTNRLzHOGSkWxDlDw==,type:str] + - ENC[AES256_GCM,data:QIqxUYgOB8y1,iv:k5q7n7FamsNhrb+xDTtaa9OialRg3eZFqOVdSBPswAY=,tag:kN87AH56bU6KPn14W0xN8g==,type:str] + - ENC[AES256_GCM,data:klKlV6mZZbFF9LMrYGAoP4Y8,iv:uyUUvee3K2/Y4j9aBHBLCp4AqNhZcCeXopCFTfTJceY=,tag:QJM/AHHm5ISLm6GRgXmjPA==,type:str] + - ENC[AES256_GCM,data:150qlaPWPpZ4noU6,iv:U8ctp8ik5kJ45vUNmmL22O0aS/HK50zbpfGnsUIC5aU=,tag:qdQw+kDrhxNarOFoyofxjg==,type:str] + - ENC[AES256_GCM,data:/1kNJ6py9PSAY9U=,iv:zdu6pWCpe5ZWvejd4ee60oK72flm3m1pG78sS4/H7Dg=,tag:HQBgvn9xRdP2JJVapI51gg==,type:str] + - ENC[AES256_GCM,data:OvAvoFK7SldqIBQ=,iv:NvQA7Lh/PXqDNil7vAQzW/LmUJ6F9nQ2m5ODt+6n/xg=,tag:mmPELAqJpXfhzV5y3HOMiw==,type:str] + - ENC[AES256_GCM,data:8J5+GV1uDI9kQYj7+Q==,iv:d1gbhsVWnMmzUziHgVDf8NNdMLwf7nZv7QvVtz9yFaU=,tag:y04fiT7kHjmLutubsV6WyA==,type:str] + - ENC[AES256_GCM,data:RAUtxuzdB4NoyCxOgQ==,iv:MMNk4HYd5974iEtsa2nr7PtyQIj4zBTKVUX7k95wbx4=,tag:S0e7xuZScWS3O0TJVk2E0Q==,type:str] + - ENC[AES256_GCM,data:KnAQU3LxzZakEmCYcg==,iv:Erzdgs6nwlr8XUrXWww4lKCUCyHjSv2LV1UgnvLI6dk=,tag:Wq/+25QiJVocxNHc0peCLg==,type:str] + - ENC[AES256_GCM,data:PkvneXCcCAnBow==,iv:Wz0yQJ+nXlboZB1EPIri8KsX2bLON/7LdDxgzkqXIeQ=,tag:cSbDorSQ0Bd11GbOLzJmsA==,type:str] + - ENC[AES256_GCM,data:SJ2pkZpft4SoFEnY3V8pFg==,iv:uLuN8ICtQK6ETFghB/J9RxrCoEPwbbH5kHTnF2qoOPk=,tag:PmBG/81YpVDN8U46vKYEfw==,type:str] + - ENC[AES256_GCM,data:FC3xOaAyXBr7WgM4dYm6iq5G,iv:aM1JeE0RRXiE6Zqlhdz5nI4yMPbBtw1ryU+73YJgGVM=,tag:7Mo0WpAgtjcOZD7zL2sd2w==,type:str] + - ENC[AES256_GCM,data:oYOWRsNenIYzINvkoqdk,iv:WcwI0w8pj0es/Ovcr0TB11V41WsgyX6ttgkz9Sv/rJQ=,tag:xUVSK05RO6i7sXNgBQJzOQ==,type:str] + - ENC[AES256_GCM,data:GWwW0kgmjPfTcwIGnbU=,iv:iL9bW+p5/8ZbsnokhsjMankKkji41dhd5L4+r7v1/dA=,tag:S0kRHIRpXfUqJvYF+qSufw==,type:str] + - ENC[AES256_GCM,data:Ljpat1n2zlWSt53n9A==,iv:Ig4ij2q+DkIKpg8lbc2S+3NSftcz1KvP+L75PZ1bvsk=,tag:A3QLh4+K9SmpUoes+eDZeA==,type:str] + - ENC[AES256_GCM,data:AV5I+vobj7GCdHo=,iv:lUSMH0WYLM2HuT/rYZ/71yx2lT5E6g+ojgYW9Sus0i8=,tag:7Cd/3ffxNyypMgTU5YNKpw==,type:str] + - ENC[AES256_GCM,data:Vrdw50BX0eK8UQGFHWk=,iv:QMCEfWK1QM2xUVALHo+XgWKAB0SRzq4A1Hv2Wxo5mdE=,tag:oVvaJ2bhZEWya3VktPvPdw==,type:str] + - ENC[AES256_GCM,data:mhSLkXTgeRyQPLAl4OrrYtA=,iv:ocZxKrFOlQIEl5wdSJ2uCGreVh24O1jtjI27sxJ0AQI=,tag:ZJ+RAeWPrmUdaExB2QBPkw==,type:str] + - ENC[AES256_GCM,data:GsmHx0mYUzJooSAf1DoaOFtdDA==,iv:zo2Q4ss574aE5FeANxP59z8/lKxHfIi00VTXUWZ+dRM=,tag:Le/OvveZ9ICvuT5++A8VDg==,type:str] + - ENC[AES256_GCM,data:TVofhRP8AOUGIHEKIr5A,iv:DeSoPx2Ph2UhTplN8IowWxkQ0tWCEnqFHdpSSmyVtgQ=,tag:9/VuO4YbYk8no8FB33YKUw==,type:str] + - ENC[AES256_GCM,data:J5S6JebC3INvEjD9wRBth6k=,iv:eNaZ3ZQtSm2a21QYBUDEh3ZxF2CUWzKqlkb61ml7DZQ=,tag:Vq3fg/c/xsAHTbHYe4hy+g==,type:str] + - ENC[AES256_GCM,data:6z2/9OU1ma2U1JmUh9g1fjpI,iv:b+Kvpu/ZByInV4HbvoYZ3da9lNJv+Oh9Z3VUyQOTiok=,tag:uDn0nz8lxPKcE8bih0/50Q==,type:str] + - ENC[AES256_GCM,data:8UK9M8xHA28VVJwU,iv:Otz1qkqpGhCRojw6oYud+uDBedY3sL6CP2BfeDc3olA=,tag:9S1v8F4iuvcFmghk9PDYmg==,type:str] + - ENC[AES256_GCM,data:cxtdzQ7R668N5/Mdew==,iv:qbi3OMGNoL7V/uWrYvE8pCXL5PE1LdfUv8B+dPyYPC8=,tag:bonp8hVpAS6qiYsj0Wo5Iw==,type:str] + - ENC[AES256_GCM,data:vnS3Zl7iKGfHer7O0g==,iv:G/Ammnux12HiQGLr2hy9T8mJGCNVVKloxWw8NR718Fw=,tag:3ITFzA36wouqaut6KlaqtA==,type:str] + - ENC[AES256_GCM,data:sZf7d2mstRYcag==,iv:jt3VHbQusQqXAC4oqaYtYBMSEuYs4R+MzTDwTAcINtA=,tag:GcgXK43QAFc1aXLfvBYhDw==,type:str] + - ENC[AES256_GCM,data:799uRiEF+/x4M7vtc2fU3w==,iv:iEUXYf6THf7lDnzvYOaJ+3KHAzFfmpSNIM64H6PxDqI=,tag:PpLt7HQxDeFVwzpv5IzsIQ==,type:str] + - ENC[AES256_GCM,data:f6KmDLRDTZMBw0/BNys=,iv:t/OVJ/wbfrCAOrU6QOySd1AzrjqFHVFQ/5ZZNhMPXD0=,tag:2O0ef1TPcXLNDK2Qq/7QlQ==,type:str] + - ENC[AES256_GCM,data:JzoVNDVvfifmukUSbpU=,iv:aCiKAvGyzAFSqeAp3ZWFmQB4NygNng3X1Q9uKweQ7hw=,tag:mTlvrXqt1aTrgxLGdtc/Aw==,type:str] + - ENC[AES256_GCM,data:qsSb4Dm5GMPQGZLJ0C45,iv:mjh8Z70FWT2JwQeuo3M1KDBV3iAEb3pBfQCXmXQil4s=,tag:8ogTbNk0k1dDhriTaZjDxA==,type:str] + - ENC[AES256_GCM,data:05ditxaCS891WJMNExbdFv8=,iv:17K+vm0zcv/BQMc9XdJ/CO0GTFdUoXo2j2vn1n3iAQ0=,tag:ACu+eSA5pgOgq75V0cqy+A==,type:str] + - ENC[AES256_GCM,data:KLtz14rqvbrFtS0ryQ==,iv:KXmvF0nk8BsJuUdTKETgF9UniHUekcLCfX3ZYaW7NkQ=,tag:sEVbWOftbparrHQYG2Kuow==,type:str] + - ENC[AES256_GCM,data:IN/6SRArp5raNDUz1Tw=,iv:EiopFzJ7Y+AIS2ZSC8Qam834jW1Kdg02LtoInh9P7GM=,tag:m1xe/ZnGJvBbYZoeXrtutQ==,type:str] + - ENC[AES256_GCM,data:D5voLq4J3pUqmjbPWnqj,iv:BFUjp+YVpLbhdWqhARycTWs7EF6ZNJOd7DsfMVfVK2Q=,tag:NBvQlsHVcrbii2emvGQK8g==,type:str] + - ENC[AES256_GCM,data:d9ofNEZFDvZZyog=,iv:42ghaGq70kYH3REb1NF0GT/5u5d+fXWTj8ChGtzEHXk=,tag:WByRG6yZat3S3w0+L3PJXQ==,type:str] + - ENC[AES256_GCM,data:LdIUOzBuZ61Z+6OqG8tjnQ==,iv:ZHS69JAdaQpy2Hd+Mx/QHLdVZrG3Gw08PHKOhoHvq6Y=,tag:cxFJt04DCJjYn66Ac6jonA==,type:str] + - ENC[AES256_GCM,data:UoKhWgxUOu8huOBlFALAPek=,iv:4irTm8yq3nhEFfvLSTBurA4EbR7f2O/f5wH81oQiJZk=,tag:J16pRjJNSetHgN375WKisA==,type:str] + - ENC[AES256_GCM,data:IMm0NE3wavp0AbYqtw==,iv:Z6t1ouC9Fyku53H3gUaz/Z/fH/EsmjHL4sRq/7bNLLM=,tag:Ql4Pm8ry2kEKigUgtuDVuw==,type:str] + - ENC[AES256_GCM,data:hOXjx0Zf3RXdI4Wk,iv:gdv24beAxIwQkR4dpwzlpLpOv8THOnpfe/ZWNNbm+GI=,tag:zlaC81YgL2JumgqcX2wrFw==,type:str] + - ENC[AES256_GCM,data:pbbuI5PWEQ==,iv:amJhuEmxmBaL4Ws1i9ks0uMkfEBH3LhpkU6GO2EiUl8=,tag:mK0RCqvhI4ycG/Gr2JhC7w==,type:str] + - ENC[AES256_GCM,data:ggveEGHkOg==,iv:yKHe3XBTbImiRo8ukAkgVf/AhoPILHDnPQEQFkpRu5A=,tag:BUMiO42aRDa/vKxW7E3gvA==,type:str] + - ENC[AES256_GCM,data:9Iu1vs/LQQ==,iv:XYzQydf0mndzApouDyXieFlSYLWBYdT07T+sSW0tNfc=,tag:5k7R+jBJ7cT+8xHa0L9D8A==,type:str] + - ENC[AES256_GCM,data:S1JKQBzR8g==,iv:Wgvng077wtbtudRZqVfzAwTori6HyHVJfR741bFJjjI=,tag:7WV+iQ3KqahBkT5S0eCs9w==,type:str] + - ENC[AES256_GCM,data:sV64h05cSA==,iv:jJcb4C6fSQkm1u9ZyHS/eIiL9By6TPEo3KEtPRALxGc=,tag:KzQfGL5rnYGa2NavF1TDCQ==,type:str] + - ENC[AES256_GCM,data:pOMPESnuRwQ=,iv:+odX31eoh/7ofeMYM0kHe6Heao4LGiTH8c3eAyfQI1I=,tag:TdKKzNWaRcExdYhhsrM/Nw==,type:str] + - ENC[AES256_GCM,data:nVoYMJ/CySXh,iv:DU0yDPMsmsue4cAR0H+vMW7Yeyzsa3pP5p+WX3gKxUA=,tag:xC/9W0dH82a2WKDoEkVJWQ==,type:str] + - ENC[AES256_GCM,data:i7wjDVljc2wxO/96+g==,iv:ug/sjXCVRb/pg++vIOwfzo7G3LQnTq0eXS5qcXvaAvY=,tag:2G2KmBQnqSz+gjgWr1V4BQ==,type:str] + - ENC[AES256_GCM,data:6oE5c48e3wu/Yw==,iv:hu/JxlrWfheTObZasZoIPXGdz9eyWFU1rjbDukKhh+g=,tag:9STm6dL65MALOmzYh8pOjw==,type:str] + - ENC[AES256_GCM,data:EVV/1ch9iwYyU2A=,iv:oQGqTxottiXqVrxd96ziWVOOU9FFS7xiatv+FOTPU4A=,tag:3Z4oYYX3iEEvEp6dSSbIRg==,type:str] + - ENC[AES256_GCM,data:mtEw9LTozuYAC4o=,iv:A0DiOMnxnCNb9htVsoeloMJVCnQeanowFYJ7veVJsxM=,tag:Tc5GC5TEyx2QDPlGYEBeSg==,type:str] + - ENC[AES256_GCM,data:TrW1VjPZf5O1,iv:rdqyoKk9VlpZHkJWv2fNeMtNNhTiL1437Etz1Mp1fqI=,tag:LY0zywGgfyFT7qOrKBNpkw==,type:str] + - ENC[AES256_GCM,data:8TuP8hDNUj3qmuHk,iv:CSw/PvTvi4wL0nFmKmQOu2GDVdPthDtqm6y6JrKCU5E=,tag:5Sf8PhvtqU5jNWb3zLeHgA==,type:str] + - ENC[AES256_GCM,data:x4L+iV7pLNJk+g==,iv:ZkSm3+xkkR/IWgIAu1N9LIf+As431D6uc7wL2+/ZS0E=,tag:oB8Jp/H0Tebv4ZDbM7xrLA==,type:str] + - ENC[AES256_GCM,data:fQHxn0sONSmqtdKl,iv:Tj+D6C8Ao9KVkI7MosDbuGde9CK6vZMw0iNSofEROzI=,tag:JWva33+S/mRWniGvS0JEyw==,type:str] + - ENC[AES256_GCM,data:X74HhRcZ+DTq3Q==,iv:fZtS5bvaE9I5OOQn3E5w7hMP1SM87V/bhJjvYj5G4ZM=,tag:dNkkkQQkmAxXTujI6mIV3Q==,type:str] + - ENC[AES256_GCM,data:TUTvfWKnW+53oYkKep4qxMM=,iv:NWVGgSRwJaJEsKbHn8x0s0FrrA4j/O84krM5nrKTuz4=,tag:u9v0CVGdYRzr6aKnxCIFIw==,type:str] + - ENC[AES256_GCM,data:ohVWaL+rsgsjUsxc,iv:w4NZO0v6ek75EePzBkjeauRjW7DswkJpB3JOrs8Y1GU=,tag:YZocPXFRefaPwekYt2w+eg==,type:str] + - ENC[AES256_GCM,data:W4DEEWuWO6lGQlk=,iv:URI//fpyy29I/d8pNzOcTyw7dmUToPh+ubN7wFETKNs=,tag:b+b8iPTujVMV5+Yb1cQa8Q==,type:str] + - ENC[AES256_GCM,data:MMsY1mpZMEb2LnwC,iv:jja2JwH4je57lCdR8YgbZQuX9anqvuoS1IAiCV7eSJI=,tag:Fb0z6epP6xAzcH8VLUxfeA==,type:str] + - ENC[AES256_GCM,data:2mIP3Cel9UTHDVR/RB48,iv:m0oceqsHu5kvSE/WRp8YHJZ1r0BIXWpkf5aJjPqEmSQ=,tag:efcBqzTKBZHztRWnCWkoSQ==,type:str] + - ENC[AES256_GCM,data:GTmbXdyRLK/FkA==,iv:K9hYqwzLm5hExJuHO8SGL1ucmzyqMr8/pPK12wjFmQw=,tag:tF511T9nBAuMb9qv9Hrjhg==,type:str] + - ENC[AES256_GCM,data:UtiUpp1iCijA2KMdwOcz,iv:TC/jZbeiubDGqAtciPeApGrYvGn01Lt0E2kgzeRkzIE=,tag:VzeFM/pKt3MKCQV1J37ylA==,type:str] + - ENC[AES256_GCM,data:tlYvuOejNyaVc8gawNkcBUAJ,iv:zl/DkYte0MmEbNg4zr2u2r1vIWwSONfOJotqRO0R11A=,tag:hPSefu5tk3A/84XYlf/Zew==,type:str] + - ENC[AES256_GCM,data:/If1QtZmt5zYDyEq7HrW,iv:xpOCzOZC05cRgzhszrjMjFgDgnYsFcmmselOGPludzs=,tag:DQN3JwjdKJteWcRaaZXp9g==,type:str] + - ENC[AES256_GCM,data:+XJPKzp+TJT/gU8=,iv:l3M1oeBZtE9BVuyCg9JuwhttChoPu04WgsoHlywx2ow=,tag:DyrUTYT5hg/guUhKCfJAAQ==,type:str] + - ENC[AES256_GCM,data:THcVtPSyhhYWRg==,iv:PTebpGuh848YbNlmQ6R6XjilDawImclxrRmf777i55U=,tag:P0lQCNd1114bFHUcicwCYA==,type:str] + - ENC[AES256_GCM,data:abRNww8kSAiFp/nWwmXxJIRO3NY=,iv:uBPPzhqlRty5L1aGfNFS0Gl5wv3Us/DJtpAchtoMjOk=,tag:GUJTn6u19JYPDnNe7odGTg==,type:str] + - ENC[AES256_GCM,data:WFfdu39qyZyAN5BWj4U8imeUag==,iv:hyL+d1j3KO/LjA2uRR38BBYZ6WRCCvxUZVxY/5hCCtg=,tag:HgOce09tthr84o3W4fWbZQ==,type:str] + - ENC[AES256_GCM,data:oduoW/Ah9qAryt7ypEQwN+1/bg==,iv:bHav+eAIon1X01A/AfZnRoA+isDvdXhh1YeTGs4cVZk=,tag:4QCliWNxp2IXjOoURcF0DA==,type:str] + - ENC[AES256_GCM,data:+kvEXpqdD+ptFjX+2dW/CMvT,iv:7QpmljxUov9RQl53Q9/iVJd980QvaTWSiFsVR6mzvKM=,tag:EwePCbQkvCfTsupq7dPsEQ==,type:str] + - ENC[AES256_GCM,data:FTPED8EXDUSuo+IH5Kba,iv:1JBGkHJ0QAa28dg2HofEXrqpV+oXVVGOwMenYoRhka8=,tag:gIo3EQfZEXI0a3wrh6p8nQ==,type:str] + - ENC[AES256_GCM,data:mw8SOwUHkuHm7OVnsk8CEPI=,iv:dkEsrJlKNsCDP4bwsJrtSIy1PPKakqwJOYpiWdahd6M=,tag:/0nGJC17WnvAE0TPR/JqGA==,type:str] + - ENC[AES256_GCM,data:TpHNth41UiDrQKstDQ4GaGriDw==,iv:CipW+RoVyQbU0/Lkfom2a1km0uGlWN3+c+uOWWms4X0=,tag:fIqG0UxdGObTUGuGmmdgMg==,type:str] + - ENC[AES256_GCM,data:MO8qI+r2ulpvrT7ItQs=,iv:3DIDvB5cjF+oqfRiVzYH1bjyCmoG/zJAaGvMUvTLHqc=,tag:CMSPgGgqAtnwA2mMeIuKjA==,type:str] + - ENC[AES256_GCM,data:m4GwqPDBNaYUHmILES6X45o=,iv:uci+vmZXMCAbQhDzRKixtlMg+e7xzqoRV0awX12vY38=,tag:YP2lrp59C7ibfChu2pu+JA==,type:str] + - ENC[AES256_GCM,data:VstsJlBXIf/aoX7bAOXNDrk=,iv:cRej7vagqHtcvmnyuJk3psBFCXsTJGMcfHK/D2hw3h0=,tag:uTk6UNUpXnQq928PDxFrKw==,type:str] + - ENC[AES256_GCM,data:JPEjPBE4+jnsxYMTsXUF,iv:F0C93EJ9qppPN+EQ9xY25o0c0XCwHz4YxctPSfG6dMU=,tag:nn6WmoRqCEdY+cI/wU2C0w==,type:str] + - ENC[AES256_GCM,data:YH0T5kpDXGui2WFrvT8a,iv:++7VJCzuutP9qnVmQ2eP2EK/sh5SqPx/V4zAc7gF2Ys=,tag:oSLe9MqNoqJ+aCnwF8Wm7g==,type:str] + - ENC[AES256_GCM,data:6SSAsNUhwSOBlsHYeLiyFyGjZlQ=,iv:eSNrlU9WltY/tVFSVSwM5LkMZTeWiV11Pv3ISJtQhN0=,tag:jbzfsptCsX23YB/muKw42A==,type:str] + - ENC[AES256_GCM,data:+yOusvXUyBbAikf4CBhgbRQ=,iv:yhrvbEBPNwRtI2CxftVv0iwvZEXPTz5g7FIG/8BpNtI=,tag:yOol+eULNB7JIXF5ns1D4w==,type:str] + - ENC[AES256_GCM,data:7AALnJTd8ugtCX3+gzwlvCQ=,iv:RUjrdtO+qNJ/nvjL7bXBZA8NqfsZ/lex2a+yAGFDCXg=,tag:NLnU00IVfPkgVp53K36g3Q==,type:str] + - ENC[AES256_GCM,data:E/9DCgKiuMKU/dNgCqU0C4k=,iv:k/EIq6JWJrFERVYigMuVs2QteyhUaPuSp7ZUcU1bV2s=,tag:mjR7v9JI/Qj6XabNLMg3qA==,type:str] + - ENC[AES256_GCM,data:P3LiJfuW/kzwvvsMoQN7d3kR5jNacQ==,iv:VsNkd2PvZqtbbk0cOqpMEsgTSq+z/BQoypmIHYRJdUA=,tag:vmVf/Ur8Qz2CLBdl3d/qkg==,type:str] + - ENC[AES256_GCM,data:caTDrp8aVxML2A==,iv:NzQ0FEiT0ErYBSHxAbOOPDsQKKL8bZZOXOvd4xoUZQI=,tag:+xqJ6I+QdPwL+q6NRxxT6w==,type:str] + - ENC[AES256_GCM,data:MvksuIgKYdVAKS0=,iv:p7p8WZRyk7cIIwfIyTrW4JSzqkwuzl1nHnoSoeFNV5U=,tag:PF6yVSs8DxPP3Hu9tSBr6Q==,type:str] + - ENC[AES256_GCM,data:QF33/7tzwWw6PA==,iv:fmpInu9Jvn4Gx9n4mzeQDKHxy0+sqhAW87ssSXufc68=,tag:/34bK5Pi6qOGxtrANljigA==,type:str] + - ENC[AES256_GCM,data:0wbnwNBB7pK56w==,iv:WPUv9KkaXaxfIxYfr8CVVsj2OAt9H2nQFvQkAzZyhVg=,tag:/gVnZ8ZJiSDUCLldBKVzgg==,type:str] + - ENC[AES256_GCM,data:BUFRUPaBztN8Fg==,iv:DzJElNIjyxR91gtJP1a/jAU4fzj2N1IMfJg8tUOGIAo=,tag:hEkc9cElRhcAbfowKHiTbw==,type:str] + - ENC[AES256_GCM,data:IYKLTDy1KChSYLUOEZVXpVvriALQiX25wG8e,iv:uESzJ9YQvC1Q82ag1zwOv55uwU9CEJXWWOvOK9QfUrw=,tag:z1F/OlOUhuo152BuhQrklg==,type:str] + - ENC[AES256_GCM,data:2rt6TmUGdLoVUW0fJXE=,iv:O0Dbw9TO178/W7HQclYoQ4YQNr+KCFDDSMgWKSQWIgE=,tag:Oy8Z9KLvVSji8g/udzNQ6w==,type:str] + - ENC[AES256_GCM,data:pLlL34ZW9sFdECjhN1yzGA==,iv:L0wQnbTBWLMdbCh4dhl0o9A10NFRsAreY4m0/cmJZL0=,tag:L4w7aVMlpjf2bhMjvTiDgQ==,type:str] + - ENC[AES256_GCM,data:5xF9vDmKFVJs3cVVamM0,iv:kT1f4jLJ9v6fQ2dD38dpxG1liPjjCEAmTCBaffgOPXg=,tag:S+jP2FPUhULYwwKw3nxK0A==,type:str] + - ENC[AES256_GCM,data:ZuI7sCSXA/MEPNNkT84=,iv:AdQL/PGNV4rCM3XJwz/JaMxG47ailSPZhNDZTH2/EoI=,tag:L2QPEzKOGjtphj+m0VkE4g==,type:str] + - ENC[AES256_GCM,data:PTlYGyNBDg3lkjrBP7+nz08=,iv:RDmN/49KF7QD6ikgrrRrTTx1lRk//GH9Qwl9bU1cGNQ=,tag:8pozK9zjOl0ZlQW6haCqgA==,type:str] + - ENC[AES256_GCM,data:xsijfRjIDXYgYPkbWw==,iv:wnkgarykYYCy6dTZSEH10T7oYgIDu+02J4cJQNoqpag=,tag:ksSuJWWOXsqPuI/fyNHx7A==,type:str] + - ENC[AES256_GCM,data:ca3CuoULMbI0W3kADIBOXIRi,iv:JTOxdrmR/BuvJzts6KjistW5wbGdsvZpwKg4oHvBGgo=,tag:bs5L1AFwC/tLe/dtMwV52w==,type:str] + - ENC[AES256_GCM,data:4OVy6JEJKQqyUIg5NVkx,iv:ZVPeCZGWHnnUIYrJytjLDGbAp2WAnrKxo0UfJdim86M=,tag:rS8anLD9e/FbDR7ca0evOA==,type:str] + - ENC[AES256_GCM,data:+B+Cu0JzfL3gOWLQJnk=,iv:KKUjNjd6/tZ85rFt0yR/xbYgXj3ABe00u8Aa2gopRVs=,tag:RwhUKHfkm3hXX/6VdgV+/g==,type:str] + - ENC[AES256_GCM,data:6lcgUMmJDVAdOJsnfUmYpDtHN04G,iv:CSe4s1XOOWEunJj/jxo6S8+NJe0YX19S2XqmJ4iIbMM=,tag:01jMYDXmkOlosbrmLD2B6A==,type:str] + - ENC[AES256_GCM,data:4zYvVEc7x8o4iPTKFUBUmsf4,iv:8L+/hANEmUzvx8RJ5zDkOiLOu1yzpmU73PrDmiVk8Ao=,tag:FFcGcM8cjXU2KWyfabPBzw==,type:str] + - ENC[AES256_GCM,data:yX/WtqPfH8FjlnLMco54MUge,iv:ZDTtR7Jh6zRNNr44xSuqdZChLhkgyuHjmGMujt2gB3w=,tag:H6JjWI8Q06wXQbtz81+Tfg==,type:str] + - ENC[AES256_GCM,data:gbNaVi/3/6+zOZ1GWC1sFFU=,iv:b5fZMlPbgm7YyIg9keKaHM0Fqt6BTV+9Rt9GKvbIXvc=,tag:/r9sR3rtqv7PYXbp4usD7w==,type:str] + - ENC[AES256_GCM,data:SQGEl2Bn/EV/RvTjA8FZZBw=,iv:LmAy3K0QwiLkFf514xgneqtIjDvYjOUmHvgbsgpzszU=,tag:yK2hlCJoE/EN960xmd7JqQ==,type:str] + - ENC[AES256_GCM,data:cUr1jT+j/B3vFKnPi7Q=,iv:JkXfuAkdVDXJdXZYAgX5dwGAq7Z+Bg6O32Zvh+kjcps=,tag:y+iWZarXFAIRxihB2QFrWw==,type:str] + - ENC[AES256_GCM,data:LATA6KcE6jlnvVMX,iv:5hG1WajRS+6IcFXzKsbxjDSvN6Uvdc09D3tl9Tfdz/w=,tag:3fp7umyvYGs7sB94IwlUGw==,type:str] + - ENC[AES256_GCM,data:8hwd04e7FfVGjpR1lscciRgJcnc=,iv:5fQESfdCv/ATbOsxQ3wMzg7tokjPtAts2CF6iMXUb1Y=,tag:aMV+Er6GfVZ/mkc3ZccJHA==,type:str] + - ENC[AES256_GCM,data:kJVuWyD7uxkCBOFVDwIg,iv:+YnuPqVwl1YJkXBPX7gnqI0lclVSJ4C25QuH5naDw0o=,tag:5BdlmcXj3H5ZP6syeMP9NA==,type:str] + - ENC[AES256_GCM,data:6yWnhYwVsQ3LU3lNOZk=,iv:uoi8so6LhmAc56/MyfDU8ZIILW2M9/RdilBLLXsPlAc=,tag:SNJt476L5HoEuE120WFavw==,type:str] + - ENC[AES256_GCM,data:esxMtDU33sBBfrITrg==,iv:N6p8m5rvs2F2YaeNYbRylXbyJI8RPdwfq1il4ZzNvYk=,tag:/Hskw9BoXswD7t9WHgqXkQ==,type:str] + - ENC[AES256_GCM,data:KJPo4x6hLz3Z4wgktayUWGs=,iv:+7gJbuJJJjafadK2mombF7Gzc4FxhNzJxdRKmZrExhI=,tag:NS2sXw7DEpYwSkm2B6HHsQ==,type:str] + - ENC[AES256_GCM,data:xJZvoJPEurst7PcfRg==,iv:iWjv55ki7tV56CAawYg6arr+RnuuqTMdGH925HQWCdA=,tag:uaT4xvvGH76ACnCG31aRvg==,type:str] + - ENC[AES256_GCM,data:722pfFAzk3PIIFThuF+x,iv:sxY6oamxITj/E8v4YnORSKIEvM9wmSaJmtNhWURT2UE=,tag:t5Ki+hgZTVb2cFpBLvxoJg==,type:str] + - ENC[AES256_GCM,data:egf/t7OaPChuaIM=,iv:Fq83ggpkuwGoV9AEFP7EtUUJ/TVrA1oz5lyZuaZI24M=,tag:LM8syhfx7MFtHKDMARc8LA==,type:str] + - ENC[AES256_GCM,data:uzcsWxONDEIbqCY=,iv:HqifKdLd21v+8SlAtnZ3FMwMxYv7qGj+pYm2jgAVvXY=,tag:q7IDoXECgO5FaAmKbo4STA==,type:str] + - ENC[AES256_GCM,data:VxabRzUM5SnMNu8IgFbMtRs=,iv:JaMysTrx36PTAMA7rMTo8BSHT+Scv6acIJie40FD6Rw=,tag:eSShd3TK1wlCWOEKd5G1ZA==,type:str] + - ENC[AES256_GCM,data:ta2UWaZcjahcpdMuBBw=,iv:EBFLK7Svv4i3QIi5jClJUJK/nvR6VH96VxKoRGjuiMs=,tag:Fwe3rAQhQiMeoyVYBC7xBw==,type:str] + - ENC[AES256_GCM,data:A1HXrOJA+BXf7YQDkQ==,iv:scgXFGpBZKplmPEzwJzk8k4qQ9wGescsQv4e/lWwCSw=,tag:/AYOefQXZEBJu/W2L01XEw==,type:str] + - ENC[AES256_GCM,data:RPqXHtRD7Osgvta2l/Ml/ldH,iv:tZVD/QVdtedKkbrj++gIM3lBd1AtqsDOjGp9i0ke/rI=,tag:4bvWSVMOw3OqGIoRVecsHw==,type:str] + - ENC[AES256_GCM,data:sH7u+tSbrM9kdEVtEe3cMTs=,iv:xvLHO98LPBSC258hvzRepzkLPzvEdGnO4fq4GTZT0eU=,tag:soimEfbbQOAMOTmqSMJYlw==,type:str] + - ENC[AES256_GCM,data:5fWd4NBMQPKjops=,iv:s7wmumcxgIytK0bWm/8VMTe+MvxZQoQM557GciOor9g=,tag:bURMnwzwM8zvJ5lHnt3ARQ==,type:str] + - ENC[AES256_GCM,data:AAdALWl7ea6aPGk92Qa3BC1XqQ==,iv:bAsEmuDrrZMMz09JYpROFEyQdFRjXkoQO1Vqhe4Nd9Y=,tag:EVtQDI2crlc1M8pDg6swUw==,type:str] + - ENC[AES256_GCM,data:n46OCc4I7nZO0N9Jsg==,iv:A2+Jt9CIUxgr9+dN3hSndEKX8xJqwzO8Q+4WscrNVks=,tag:kUive1bV2mVwsn2GbDTTWQ==,type:str] + - ENC[AES256_GCM,data:0dOPZMBlXW3DPFv3MMK5A50=,iv:EcNXh8ikCAn7zejqmdsQ0xjliMEZ4kjiFEgDonwfFos=,tag:Cq0Ok/kb+W8lrNSlQg+g2Q==,type:str] + - ENC[AES256_GCM,data:31SDzB4w/5NZxs5OymzLfL2/yg==,iv:Xzg4Ms2ESpgAgaG1X+TnQwT+5TQeBd3qi1GG9WkH3KI=,tag:O86geu7syaLPHvCISh4isQ==,type:str] + - ENC[AES256_GCM,data:pVx5B2GSyihP2Q==,iv:HnSa6GrFekhDXNCycpWrFXUDjlLT7Gip4IH5GYOwUPg=,tag:HY+e54xsXUKCkoSd6jRpqw==,type:str] + - ENC[AES256_GCM,data:oEEeuFw20lcjkxY10Q==,iv:SBvo8McNzggp7XmHlJ9keErrmlfFUbON1RnBV3qAgWY=,tag:jN1t1O1NcbEESuU0Qek0XQ==,type:str] + - ENC[AES256_GCM,data:/jcpIlGkCKLKOA==,iv:CxX8NItGY4oqcJULLgSgyV9OmyShlORozd6VWAdbGsQ=,tag:sK5FGMoCXSG65HAOK6kE0g==,type:str] + - ENC[AES256_GCM,data:ayrWmZV8zxfW478=,iv:mWfUWv8Gq63basGKsGdkmWfwzbXe2DZmcgOKrvIWsYI=,tag:NKua6VSVvJA3jROoi9a2ig==,type:str] + - ENC[AES256_GCM,data:aIc00RO/qweIG2Cy0A==,iv:CKPZcI/K3Hp/jSyN7K3KcKcDJneIWBoB+6T3qFNm9WU=,tag:uStBvrPszEQQCYcPKKLKAg==,type:str] + - ENC[AES256_GCM,data:+9KoU5LsVQusx5n2,iv:C1zNkUnWHXUPubwbxjbjUJRakwFlSmZ21yzkbpBVi/0=,tag:jOU0o6UVRb5xibXFn6g8Cw==,type:str] + - ENC[AES256_GCM,data:7QR1RzUxOwQfSeXL+D9L1EU=,iv:YGEVbz1SKpUJyFwffmqzqunMMqhx648Dwi3YVr9L+gY=,tag:pmNioyHsQBMWyaryiQBc9g==,type:str] + - ENC[AES256_GCM,data:RkW1WiEiGfgAN+k7t2U=,iv:vMa4v24EZbvH9YjCQ19+9H6LJ2787dSHKqCmhZrwT5o=,tag:4Pbm7019GKT+Z+yVRLQGtQ==,type:str] + - ENC[AES256_GCM,data:E9jidTq2OrCB/OWF,iv:8zpzeOiZz7klAJPyCen3GB/VW39ylWaymUTsaimnJqg=,tag:s8fL283Ix3i5HDxgatkRdw==,type:str] + - ENC[AES256_GCM,data:Sm5ELgvLKWjIPs8tv3qG,iv:7DNNZClkJMPJQer2K6Ffir4InaqclCUnMXbrvgiLiFc=,tag:f962wIjWZ9Xsv+mmdtsWTQ==,type:str] + - ENC[AES256_GCM,data:zI3XScjE2ADogo8=,iv:HaBb3ARoAa8pI0IdUf64VFTjTnSoldSbN4G0XXqXwnQ=,tag:CMAc4rMxAgG8JtmwVdCEpQ==,type:str] + - ENC[AES256_GCM,data:XhPBdzJtb8TxoIOf,iv:r+xfIsPf3TtrmkLJTJ4emoOXKqaujVSecwkxyqbaHzo=,tag:k4le+XsrSYZXdWz5imsGtA==,type:str] + - ENC[AES256_GCM,data:p5UIKLEuXRkDwUs=,iv:gA9AnFZi2Sc1qQSeSvthKujGEFVYO9MIbpK9wJfxMaQ=,tag:24Hx1GbCL79KYARseNgtAw==,type:str] + - ENC[AES256_GCM,data:FuTdJmTcuK8=,iv:0VHHW9+g7m9yXmuPumHZJHxeKTgFzK3H9eRGYkl4GAo=,tag:GGOHW05AM1Y5ZS3T/9DZmw==,type:str] + - ENC[AES256_GCM,data:2a/NXB01tWmVkoEVfw==,iv:FPHl0R9f+DZX1uiyz+kW9+uswXf49xXuGiW65GG89fA=,tag:I89PO5J+lnAIBuFIBICs2g==,type:str] + - ENC[AES256_GCM,data:bzlwIAKZoGU=,iv:hy1Q7DOB4WKgV9FP/Ay5j2+muqUiaopV8Sc4qXp49Uc=,tag:HdGkstnm1cQxWty0PXuMOw==,type:str] + - ENC[AES256_GCM,data:YAfk6SysFRzoFVx7aw==,iv:qrmyH1FKKkVh53zJjpNojROpQ3J+ESNUaNAFzl14DOE=,tag:UqaXO/rOttE8Vu6C/sRKYw==,type:str] + - ENC[AES256_GCM,data:pVqLWg0XTT7pCIpV,iv:cLALFkoKL4t3RscEzhWls8uH8pmGNYu61euwbcGv4OY=,tag:+3Q5zwAZsneq3CzlWJyQqg==,type:str] + - ENC[AES256_GCM,data:9tHlMEi7Ke+Vzso=,iv:3LOlPZTzz74DyHafCblBMy7YqlanHFwYXMc6cwy4Cto=,tag:I3/FDwuo6K49CjwAamzgfA==,type:str] + - ENC[AES256_GCM,data:n8Y/KPU5XYoHniM8ces=,iv:xTgR/Mb2B1sVZhpMB+EXXFz/Jmv0p7YK3lq1690cLmk=,tag:FDhJPImxCKCFqo/HRbZLug==,type:str] + - ENC[AES256_GCM,data:d3F6SssdHMxobzBGjw==,iv:EXl/Q8R9GB9cr71RngatIEqQ9hMKCjlc/3x8y2ZFyyU=,tag:apl4Wao6dWS69CX2qfTknA==,type:str] + - ENC[AES256_GCM,data:DOBV3MKETyK64ChH8w==,iv:RK69a6J6y8NQR5/CnZmqBpOd49jrCXWK/SoG4PqSJt0=,tag:kwFzYjvkb8t3pCFAdn/Zyw==,type:str] + - ENC[AES256_GCM,data:cH0rIo/dt0MPZugk,iv:ZA0zZc9myVvWYvSpPm/JYwGKssZXakBYNICmef/8464=,tag:Vh2foz45ESXNJdyfT1iXDQ==,type:str] + - ENC[AES256_GCM,data:PSd7ENEHxjYU,iv:+GKQ+kSXhM/UUvOfrFP1UIso+iLoNjMSqNRceQqSyuI=,tag:ZkCYxZ4FR2Y+ao2U+DQNgg==,type:str] + - ENC[AES256_GCM,data:Edt0XATVYcKf0eg=,iv:3M/lOhw3cyZD1wPJ2iMZ4zCYXG3xAJaElDpCMe6Nlhs=,tag:ZgH4U9xn7b1wlKOVKl1REQ==,type:str] + - ENC[AES256_GCM,data:KdoP473FTJJdt+BW,iv:1PG9gl9jbr4U0FFQJQ3AjZFnBX5TpyKAkgXVv+sC0e4=,tag:SaNUsbk87lAlCmsJi89Lcg==,type:str] + - ENC[AES256_GCM,data:iHJy5stM30msuhdP,iv:2q1qpcDfaKjob3uWc8noNtJcNQxf6tFZLyVtklp3mYk=,tag:SBUEwKqolXs80kP0QnHrKw==,type:str] + - ENC[AES256_GCM,data:0JtjCoxfp+ItIFYjM2Q=,iv:HzbYtjFJZpb5r2WI6QOvmhPy/o0E6DP6RlW5cB/Bs2w=,tag:imMHPufGisAZDE+dmStTsw==,type:str] + - ENC[AES256_GCM,data:GeuswMu9x9QzIEs=,iv:eczxVRSmsn/vnv4vikDc0W55YTdHp5U+H53oyiEde4A=,tag:k9oUIEZvPe9n5dC/ccl7OA==,type:str] + - ENC[AES256_GCM,data:AfmgPif5jhk3bg==,iv:xxwyfDK+Fk2/E8ykq4gjSsSYRXSqbxPIgSvQOWmDq3A=,tag:MbRTA4Db4pf8hMHU4pQ83g==,type:str] + - ENC[AES256_GCM,data:aSL0lvkkh14QogGpSDIf7bI=,iv:fI6lAcxAcN327LF/dKHB+VzlwESxyFCjyvQnuG4MPlM=,tag:LtWxe113OXLS1wSDSKYItQ==,type:str] + - ENC[AES256_GCM,data:CChIFVRCh1cbVzBkqw==,iv:QKcNDxgVytV3TYBd1zx92A1NzxrPtGQXZKt8xtDUlZg=,tag:4oH/J8HDjjU4bhEVzojl/g==,type:str] + - ENC[AES256_GCM,data:0di93vhhTdkP5Bo=,iv:W4feNSUF931L3olN7VbciKgxptpw9NZUCMsmMYu4M68=,tag:Zc0Bq+KMVJeGAKXvZsAWvg==,type:str] + - ENC[AES256_GCM,data:j9ntTQUnfTZXyMs=,iv:s2vahUiwildc/8/r0Vdd/jGOS64szPYQNf3BlFETeX4=,tag:ZzubcSEzMKVEztdLBuiVrQ==,type:str] + - ENC[AES256_GCM,data:jnBZ9FW8qoXK949H0FH3Oz4=,iv:ECoW2QyuSfuZPK946qmtodHu0uuGQBSxLimfonuJ4A0=,tag:I/V2IS9oBBtmlnGmrXb15w==,type:str] + - ENC[AES256_GCM,data:1EbHdpMByo4Jptc=,iv:qPUmkxy7vkE273Dz8Uads+kyC2rCqZ2Is7iKTk5l0c0=,tag:/kJA64oIPzvbuoRwQTluNA==,type:str] + - ENC[AES256_GCM,data:QFYgqi+iURECHj5SfNiktO+t7Jovtxc=,iv:5CeaqS0n9o3XnMFtnlSoy5YnICVs6KGzQX9GN39uKDs=,tag:qmHuOcjTJpV7190QP/j5Iw==,type:str] + - ENC[AES256_GCM,data:trwqCiDmHLCIZHj7,iv:Pk/Cm4JElt82B/iV5p56q7Y7RJ+3YxNlWT1KrHEHki4=,tag:k6mfK+j0dqeVBW9JqGl+Iw==,type:str] + - ENC[AES256_GCM,data:UCQjNXh6fDOUeqiS,iv:zR4FBjjrg+MsRj1e3dsAaK7K+2mEm2NeKnXRj639AQ4=,tag:bGVVMWgv5xsfD/KSCBfTKw==,type:str] + - ENC[AES256_GCM,data:sggwL4/Wsp7LSuv6OZ96,iv:RUM4sidDxakUP4oSKBFqcsbvrnIAIa86FZ0IcbykYTI=,tag:5OmgTcLkyqeRiq54bGhZSA==,type:str] + - ENC[AES256_GCM,data:RrdSNerE36tJVVAwvjc=,iv:d9iKSWGSsRgXzBaJ96rnYQ99WmBa3cIcCGYVQfBKBhU=,tag:G4RVv5bx/s2GWgH/sSNuYw==,type:str] + - ENC[AES256_GCM,data:6d02jnx1q4FOYfKkTxoHAupz,iv:UO9sHwFnJIYXHtuxlQabQ3LBHOw9SZ4DeWTo6q/jyUA=,tag:2EZFKx5ETnZxUJVuD3iRtQ==,type:str] + - ENC[AES256_GCM,data:9y+H6UWvhAAZ61zpJLv7,iv:kQuMO10O4ztZNN5e3QNrooTLL5f5+wXLMwNuNGQOxxE=,tag:M1RuIbJqB1XGUUWOIWTEpQ==,type:str] + - ENC[AES256_GCM,data:C9WxlvXynS7Y2aA=,iv:j1rOUlb4dO5qMh9WpRVbHhtXfXdVLhwAvOte4s7P60I=,tag:YC4zvwTy4F5JetDpUv+cTQ==,type:str] + - ENC[AES256_GCM,data:4u5Fg7pzQXq6hMW1uIE=,iv:qo7jTtJ3gfekKtpo1ue359pHX2F2ysoQN9ZqZZRE9/E=,tag:kplttw7tpeLfqJGY9R000w==,type:str] + - ENC[AES256_GCM,data:hQnLPnqxnK1+DtkOAPBT,iv:pSL0PMO5/Bzjd9R9Qt3u0mZyeRe4eK0PTc8mXYNvIXU=,tag:HHj4Q1Qi4bcBU/3hIaMKxQ==,type:str] + - ENC[AES256_GCM,data:+loTt70qIwNI41lz,iv:L/jTqUQ/l4IhmA78k+G6Gh9WHU5X/Y1FlI1qpQKKA54=,tag:uYTPzbWGyqfd5yPyWYm9QA==,type:str] + - ENC[AES256_GCM,data:K3Vs2bdDs4YIl7R4,iv:Mq7INp8uRf1HT2Ee1ePVxAzljO+EiyflDXNKM3JHJFo=,tag:AbPR6uXYXZ4kfJVwaW0+LA==,type:str] + - ENC[AES256_GCM,data:RhUOqa+m/jdDctF+yg==,iv:mcdQKsLSDihzGh5ooP3L0ovRFotdJCzVXllowDIOBSE=,tag:h6lin5VJ0lhcGzcFrEpV6A==,type:str] + - ENC[AES256_GCM,data:/T0sE4ff594IcrsSQGo=,iv:8QF5np6vuOruEWke0K8nC8+W/AaxJOq0gcfBXS7mFew=,tag:17qcDY/iZkcLinZpKcZmEg==,type:str] + - ENC[AES256_GCM,data:VOCXsDnQnu5UdOA=,iv:Yp8cJ7XjLQVQT7T10l9SWp9LvHNaKqViThlv3Iu59rg=,tag:Vzs3CexCeF1FLbRH1XJ3JA==,type:str] + - ENC[AES256_GCM,data:X7s8kbSezjuGp1wTJkU=,iv:vw2FW/k3NEioxqeO5m/G705IlMsta9s3qdLh5yqppYY=,tag:tu6b7n3RdDbqFxtk8aAzKQ==,type:str] + - ENC[AES256_GCM,data:95f/zUffyu+/wi732ii8uA==,iv:hYZFU4cbkpRNVnUkPgMYOAbUKS9f5p4W84TlSrrfMZ4=,tag:P6cLUQs1gNXBE085GEC2tg==,type:str] + - ENC[AES256_GCM,data:t6VzXEea1FUJupU=,iv:fVeS3MJ6wboZZ3c/MWerwlze69qlwy2ki74Dhy6b5go=,tag:VuwOs8lx2A+7r+HLNDQFDA==,type:str] + - ENC[AES256_GCM,data:MNIxE234c6OBFGY1,iv:fKVbWMF4oOQa2ck2NU9Dq4ZOYIZHNF6LM0gDp0HD6q8=,tag:PtT7EVrW8dbAkEtF9PqBww==,type:str] + - ENC[AES256_GCM,data:5Pvukv72ED0m9yo=,iv:v9tjIoRR8NxnNm//G/XbnFWPhC+mrvkfq44ICtThLL8=,tag:0lphBri9LaOvmG/XbbhjfQ==,type:str] + - ENC[AES256_GCM,data:lJHvy44dzNeC,iv:N0FxetBlZUknVRer6SbvsRu69n+8Owy54HIeF6LRNwk=,tag:79ct06+Qwvb96OHFpJQVkw==,type:str] + - ENC[AES256_GCM,data:JvuiNIuvZRCF+l6qzTQM,iv:Pvyn4HBncmWMkvqS7IWMQpEejkxWt9AVAJfbUXIC7sw=,tag:7oH9EIg7l514J5Vxjjwowg==,type:str] + - ENC[AES256_GCM,data:gcbys75z2hWM,iv:8Ie1FAJybvh8nUReOPyV4UhutNX00VA86xuwoCYhg+o=,tag:7cvL2EmHIpQ3MhNlAVSF7w==,type:str] + - ENC[AES256_GCM,data:dh8bR+63HMNn1sk=,iv:v1IFObBLSXUqQyzfmY3ULG9CA3eEJF4+TwI8tISO9/U=,tag:jh7Q8oBU/vX5dv9ccJsgRw==,type:str] + - ENC[AES256_GCM,data:dIdelYjUibylCqzs,iv:9i3oEHKeejm3vEl0OOZINkfm96eU/63fVaw0gSYNZM0=,tag:ONKs8BfkgjSi9TftPbG2EQ==,type:str] + - ENC[AES256_GCM,data:rUUJeXNA8uldOFXc05E=,iv:fTviJ99sufydphZdN+Qr+L5G2nbHZ3YRx3mDWG17ECo=,tag:MGNpHvu9zNRMyBu2dRDlBA==,type:str] + - ENC[AES256_GCM,data:AwKguIW1Ea2ADz4ZTXI=,iv:v3SDbMvKCE7APB9ojcAWA7ha8aG8Z4YISQpKRueIY9s=,tag:bTWeYDTHnbIKxC064mg79w==,type:str] + - ENC[AES256_GCM,data:nauXf3Vg7+6XtzUlyeAPnKYOgNhXfg==,iv:uHXmb11q6YZZGu5D8RaVb2F4WWBEEm2oAtxAdVp+uvs=,tag:Z7uObBvUNdNAB8bsOOxPbA==,type:str] + - ENC[AES256_GCM,data:4PaGU8objwGJaHirco0=,iv:7WN2vbq5dJ9rIFPhYgOMlxfs78LysXx7fp33C4zdHbw=,tag:xtMNIzVN/1as1x9tEttYRw==,type:str] + - ENC[AES256_GCM,data:/6ugCRr1AO0eOPE+Q/0=,iv:YUciFcYUERun8h7ljg1vwrMGIC1e4BRyjDVQgu43l+M=,tag:xzFKM84s9JKtlMD86V7ozQ==,type:str] + - ENC[AES256_GCM,data:J4HJD56k8jLpfEHw7RQ7byjj,iv:ZO39/LZKgcrNvGHqElrh2oY8eD6bjmqYUp2YRRhdRz0=,tag:0CBmqoS7IUJXUQIjGS7WIg==,type:str] + - ENC[AES256_GCM,data:oRLKFTgljQPnCJZh,iv:u5KtqrqXVD0T6PMBnDLWVKSe7m9KBtg9t9qv90ITfuI=,tag:MRjUKlwb+q7drPaAEbawoQ==,type:str] + - ENC[AES256_GCM,data:Tc0jIZveIPm17SA=,iv:KH0YWcm8WufywS7Vt8hPIhPmXW6IDqsyEK8/fOA5+yc=,tag:/Ez85Bc5JAzUlbtIR026UA==,type:str] + - ENC[AES256_GCM,data:BwmmpUAunwykM6jWhw==,iv:UxG8ucKL9UcF/0BXcQVLn9nhxQUhCx6XIdgBFnunYLo=,tag:mOMWP44dWVVYsqx2AjyjRw==,type:str] + - ENC[AES256_GCM,data:1yL5xLGAjySLlKVt,iv:YRSpxVZRBudzq+TY3tcEhiLvCy/XKNN2lbJI7TaUGzY=,tag:GhPMcEpOgApuQakNtl85aA==,type:str] + - ENC[AES256_GCM,data:vmBG7DqmSzaj9A==,iv:7KitvkkodbOLM0/YMO2ba6FVbXAQuXXq1k6kR2Cr0Wo=,tag:FED7hIQOppwtVn9Teb4cIA==,type:str] + - ENC[AES256_GCM,data:1Pn7J3nYGSSuaM5l3yMh,iv:x0TnBpb/2AeSCz+ZuAgP+tyPKHqZd8XH/BqsvFhBDdQ=,tag:lz+ZBMIQ28o8YDZxc936FQ==,type:str] + - ENC[AES256_GCM,data:L+16Ezt81PLB5aHvfXYutY4/,iv:kEbVTPRE4VHFMlieyddixNYToSjY0iWaco4MKQatLGU=,tag:mxt8o53ABRiUGLmNaSqoDw==,type:str] + - ENC[AES256_GCM,data:ujEETsg96JKRg0r0ShJHMD0=,iv:V+cJhKD06aUvl8kzeHh6tvvgO2J6ekQaFDbt8/9c2j0=,tag:jkx5QX2FBbWf7gnTL0MwXg==,type:str] + - ENC[AES256_GCM,data:kllXCnH7n8UIw8t9J+95AA==,iv:Dq36GcBNdS83Nks5P+wIwCC7nBfmjnZ/rvw5JllZCF8=,tag:BqVENyXWphbfgTorW00b7A==,type:str] + - ENC[AES256_GCM,data:BGJUCnSoUHlvfuvHCAES,iv:jjUuE9NpGer3nh4Ij3Z2rgSqsXKRROK2nRoQ8uxeDmI=,tag:68Y71JUPWjyGtgmQyIrJgw==,type:str] + - ENC[AES256_GCM,data:7wqyM9hSYsdM0MFJPrw=,iv:4A65CO1zhGnJqdDG6DUa77dcDSlKtMaK3GQkFZokLzE=,tag:HC0YOHSBeNk28k0rY/iCiw==,type:str] + - ENC[AES256_GCM,data:YmZM/tZIdyKivp+Q8to=,iv:yppEkf6E95GhtvrJEubnEKph1pzT0vivDGEgCOvXaiA=,tag:VfQG2uk6ImZVJQ0a9FU9ng==,type:str] + - ENC[AES256_GCM,data:yXR4nujJvg==,iv:RXusxiv7J+BSLqvCQw80S8Au2ZnaRXnHmReKnFzlXb4=,tag:4zW7M3/a1ygpWmJT5Ipx1Q==,type:str] + - ENC[AES256_GCM,data:knR6QX0ylOxa2w==,iv:LNUGGpwgV1yaGIoQl414OzqA2iqIG8JoBkYMSASbleM=,tag:qxS6HGo5dOST93QJNciHtw==,type:str] + - ENC[AES256_GCM,data:SMq0ct6qblsn2IKto7a0,iv:KD/vnLskIMgZsGuKJ8BR9TXeKuiuoYYwBzdIhBUe7PM=,tag:hdrpTEdTCi6PX8MiW3PYqQ==,type:str] + - ENC[AES256_GCM,data:LeSz1U0CoWqLetKPuiNN5A==,iv:pM4JXPgn/iuy3Qd1Y8M4iRY7x7YaT5bsLbXMAvV45HQ=,tag:vjDzXN2kYelccsisIppj/w==,type:str] + - ENC[AES256_GCM,data:gJ/tywyKELN9yjrbXX+G,iv:Tw+1TzUzss4sr3VggT87qNm55+L/1sZB9qQu6v+x+PY=,tag:E9FHoXbkmcKt0LMmw9776g==,type:str] + - ENC[AES256_GCM,data:D/zvgonQkBiP4nuqHwcqjQ==,iv:RIi9epAS3KM46BTOxMvDnrunL0KWSMAvZHWRQrKO8MU=,tag:ZjDVcCk3HpWZwqrTRBp6SQ==,type:str] + - ENC[AES256_GCM,data:+0b8Wk9OwzJlrOsZM3OC,iv:1SzPeK2b0z1f8fXsdHRGkpO/rxwz0iWH2H92tkVWvMU=,tag:Ap+QlxnV/NPqO2LVfG2+Bg==,type:str] + - ENC[AES256_GCM,data:Rr2FvneNw9LMtX7I7jk/,iv:CsW10TeuWfeUJ1cfEtay7vvR4QI4k5L2xkOOrsbVxiw=,tag:GsD3b5sePc3LaCQ/QkgYiw==,type:str] + - ENC[AES256_GCM,data:Pw0K1FQ5+Pi9WkLoTfejHKVZ,iv:9pFA88VLrshXFI6ip7pyoYwS32zeslMHPpNrKa1VdoM=,tag:+H/KvBtIXCop6+izsSU8Rw==,type:str] + - ENC[AES256_GCM,data:C1WP50wBBbsEc+yuqSeLAA==,iv:HcovMOp6mbuuL0Iak+gQ/1ik00vhkZzVEeSxklfbVuo=,tag:A7137noBGGvxnX+74fulKg==,type:str] + - ENC[AES256_GCM,data:MLwTmdsNNzWmdqgCwuMAmVNg,iv:8bVUMwx9vz/Nn2fYqTDhcfQjoL/MYCq9g3i77kYtIqo=,tag:jKjM9qgSXi3fw0gL83lwqg==,type:str] + - ENC[AES256_GCM,data:clpsRbzgdSFcQnsvX3Ez,iv:DdB1EqI+AwUMVAkiMpZdSKHF+r+Y0snJqzZJgZ2NHuU=,tag:YrHMgR+oVzgcIaTSH3zZVw==,type:str] + - ENC[AES256_GCM,data:+226zq1FysASKVb5PYYp,iv:+AjdxBYBuizIcktTzW6J2uIPPVBISsni+boHktpTiw8=,tag:uuUKgjeZF6RKpi7J9w/Vig==,type:str] + - ENC[AES256_GCM,data:ZrfUdt7a+MYxENHBr8PLJA==,iv:YYptqrB+dmHchx/EQe0w7HDArvMSpEBtQ+7SXxqmKGM=,tag:m9RxfUsAbTgoZJ66r1Czow==,type:str] + - ENC[AES256_GCM,data:9DVzKpSfn+UVbfgoezte,iv:mUl9g9WlweVDDUlUeDTAZcYYBwyiG43TmTGXtTsjku8=,tag:VkZQhnfy1yghaBEQprtrpA==,type:str] + - ENC[AES256_GCM,data:yZMsTsmDrnB8kP56WTMFjA==,iv:qUTA3T9CcFbHGVwH0A+s+UcElCB7bvNE49j6nVWe4Po=,tag:BafbSKXvZZBlxs240U+FYg==,type:str] + - ENC[AES256_GCM,data:L95w9AnO2kBw7/MrBYJhR62ZIJs=,iv:y7nwLRKiaBmJnulL372mYScAwZnNlNg5kAF/Aw4ZqNc=,tag:3GY5fEFznka97AQzMA3gbw==,type:str] + - ENC[AES256_GCM,data:Wr2bK2PKc9QmP4698oI1Cdk=,iv:7xsMuH48iFiZ0KqOAqWj1I8aqZEvFL9vcvq7iU7bO9Q=,tag:ftlqZtBHPGGUG6rHc40+xQ==,type:str] + - ENC[AES256_GCM,data:STTFH4xeKIXaLtJReXZ7zg8=,iv:SGJKwhMGKiNvE44Yi3mNSQBipCIYE0xoLbWX2hDcqEs=,tag:u55ypEW9Zs6fwcksEmGAew==,type:str] + - ENC[AES256_GCM,data:MgbHZQbWZT+JduaNk/wa4w==,iv:jLh42BbPXa+GDmEBlH/YCbd2P6Kvvxeqhu9SogkaS8E=,tag:5CreFtocuB6D/g6wkp3iPg==,type:str] + - ENC[AES256_GCM,data:uxat/p+Nn6ZJzTjK,iv:U5dd0lsgJ8c7RtbIOORqFYQw9+slDNOL1kw4qToDHHY=,tag:a40Wnix7LuoOlV+GPHF+GA==,type:str] + - ENC[AES256_GCM,data:VfDBWyy+8tgprj3o3916Ztfi,iv:jVemvWG+HO8bU7nGDlYs7S1QfiAyQy7oIc9M9Jum3UU=,tag:RPNP8ois+A5BNWUCysVAdQ==,type:str] + - ENC[AES256_GCM,data:3hQXc/PmQkvlyaYSiLzRLw==,iv:Xf0oQH6gBitup2o4v+xZRdw5+vg8yBJxj0FBwFXTX0c=,tag:RbLK1oserEFHPLjh0b6RDw==,type:str] + - ENC[AES256_GCM,data:lv2THr4q/VPEX33ipp3Nxw==,iv:9rlXjIUr4cy9jw2QHQnw0Hrh6PQSWp7aNyGj6sPSGjU=,tag:/OOWCtq275fFHJE3weC3Wg==,type:str] + - ENC[AES256_GCM,data:U7+HcsZuzNojK4OMoRAQ7g==,iv:el9vilv2NP1PcByGsFRRhyBnwZe0nJCCa2AEPYahNXM=,tag:j9JRh2c//I4s4/3FALJyJQ==,type:str] + - ENC[AES256_GCM,data:JP3RePf/WMpjLr6+,iv:Ywax+5mayf6+79zpXyf5raX8wtJ3Mq/QmGECwX4MO5M=,tag:eQB7EDwb2NNuMAqHtig8qA==,type:str] + - ENC[AES256_GCM,data:aTXlEo604eCQ4lwLdTyf,iv:mipAvnTDkTKlIVH6uuQuViXllCqbACTDVSnmuWWX+as=,tag:NTzDz1mDcWxCOHt1ZbBYTw==,type:str] + - ENC[AES256_GCM,data:XiR4Ite/Cyo/ev1a0VI4,iv:1bH/JQGVIC5H5OETrvvNMKsonhCZK/Bmv3lQSCPOogM=,tag:oS/GRq49ltg9PbXrwELw+Q==,type:str] + - ENC[AES256_GCM,data:6iqEObJ/mYuYKhmVlJ4X,iv:F0oGQYk8LIgpzHxN0JoTqcb+E2RTmIwEZ1ymxjkfpwg=,tag:Juausp2JlTZxQXed3Vp+fw==,type:str] + - ENC[AES256_GCM,data:fOLBA27KnPWVj6JVFw==,iv:U4+lDW6StGYU2hIe/07eGfxKDqIGwl8/o6nMFF9SVlY=,tag:SS2Vybc92OKS4YqZWDqh8g==,type:str] + - ENC[AES256_GCM,data:Y5de14x7xBuYUPPbUVm1,iv:S0qqLj/PH0kY64gChLIvd5eZpQJfYxiteXeWMEmKeQs=,tag:DsguwH0pgi992m25TbRMoA==,type:str] + - ENC[AES256_GCM,data:uyL5uvSaUW3mUjmTg7wSpg==,iv:b4w+x3gN5IcsHyJfyhS6tjVhaSpsD4xrt3H1Sp//W68=,tag:Dov6DlFZm3Pz98GnKtQo8w==,type:str] + - ENC[AES256_GCM,data:B800EQLEPuRsN48MMAlxuA==,iv:Qcp0YOa1lEI0X1jL4Q3Rla/4o05T9Q7Yp21rjobKFa4=,tag:sXvklNbcJHU2bETbyKILmA==,type:str] + - ENC[AES256_GCM,data:HUmC14Neguo9rTAie3xf,iv:kBcv1aNkjvhUI5Y2q7T/SKsHiJVYoARxe/3eAyedVQM=,tag:7ocHqzuR3DFl4a3oSzsyCw==,type:str] + - ENC[AES256_GCM,data:AZtZnKiH10K2bdjSlf61uDQ=,iv:sgb5PpuRinHkfWjtmIvrwKMyVGIhVTM1i01cefEt9J0=,tag:zI59bN6T/S2eLv0Cyy6Zhg==,type:str] + - ENC[AES256_GCM,data:+MrugJ+Q9v4IgXGCl2Zpc2E=,iv:UJqXNl/TkuU/sDm4FhsmV8Qvx6h7UuclJsC7En1zf+E=,tag:NtziQkRfq5taH1BmX0+/GA==,type:str] + - ENC[AES256_GCM,data:3XYIV1gSF3Sy+R2PJ0A6LRxaJ8Q=,iv:K3DfmNUVaJ2sBNIidpAPwoWmG/dRl94Lm/IrGH+OKXk=,tag:+qcgHpDLTGNYib+utRTv9Q==,type:str] + - ENC[AES256_GCM,data:kQD1Y0kgOnYsoGM=,iv:ZVSsOSTRptVMAxsZ1Wz80dUAiqah/lx149EQy3KwT3Q=,tag:7xaDeHD2F3TyEpFzhJ71gg==,type:str] + - ENC[AES256_GCM,data:r6AVrL/iGZ5YVw==,iv:6DXWIr122eSbvUAn/Rvx2vkEsZqGhxVzd9MxHrBQNg0=,tag:XvaA/kYwhsPgTYFLZ7qmAg==,type:str] + - ENC[AES256_GCM,data:LhNBo5zsJydCxeBx,iv:xjSda7h0sfjBT6HyFdjZvacxvwgRTJpqpEl6onE2sTM=,tag:ah4ymWp2buN//5BsoBsQ5Q==,type:str] + - ENC[AES256_GCM,data:lRsdWSZXWzRgC50=,iv:RjbLNN5kr884kD/3fU2tI36tUd4wKektiKNoMyOZNqI=,tag:cD+uK8QUouPYF+VaN6NU+A==,type:str] + - ENC[AES256_GCM,data:aJs4e2sB9kct/mTO,iv:umDC2g57HbPHrW2c1mB71Tt6g0j47rfJGL9Br4A/f+s=,tag:0Cl1dX/ZWe6BAlLex2xVlA==,type:str] + - ENC[AES256_GCM,data:DyCOfY5HOfJwFgEQgQc=,iv:9szKg9BuEyvjK3if5AQ4zA2pfnwTf7oN+aDCnEF1K4Y=,tag:K37+APyataQRJ+fdxxbsMQ==,type:str] + - ENC[AES256_GCM,data:h/sMhURuK/w2hQ8=,iv:SQeKFjvTIcc19IxV2wA6WynW8Z7KtVW+S51keZ++TLQ=,tag:vuBNdjmrv7X/oyzEuzZjaQ==,type:str] + - ENC[AES256_GCM,data:q9zKWV/ZPsJgRgA=,iv:hb1XzX4bmogdEXrzGNDsAal7FezaVbW9weJukF72HdM=,tag:uTH31xnaQ02wfNAjDif9iA==,type:str] + - ENC[AES256_GCM,data:qvRg4odr36z74jYwIIaYjKY=,iv:Bk45fnUPydNvzhGFOxQ+haRNsbwSo1rvjGqc7jwTwzw=,tag:9y6O/tRqT9lTwGs2/tnh1A==,type:str] + - ENC[AES256_GCM,data:X5KILkymvIJi0vG7,iv:a/Pfb120xmiKEzuNBvvb1m60Ari6bjztpDZvRCVIxN4=,tag:mpOWhKzYOAamxOLy/isksQ==,type:str] + - ENC[AES256_GCM,data:CzsB1BsWBw==,iv:lXR4d1Z3ypadkFnRqfH1Bk4uLQj0N13lQ1/2O23MYuY=,tag:icdEZ7o/3I6Z07tq3P8M1g==,type:str] + - ENC[AES256_GCM,data:iAnRbFB9iw==,iv:idRsHrHrREGxQFRx1Vx5HK/SQonVIxGn6M6VRNNAewc=,tag:OiQMOF+LLkUkNULg4Yjeyw==,type:str] + - ENC[AES256_GCM,data:9uS2L7edXe7+H5c=,iv:BpOa0PPD/azTilMwEA/ECpdFlaU7p8FNRycdKLjEiBM=,tag:uhFN63A+eZ7SCHLv4UTsRA==,type:str] + - ENC[AES256_GCM,data:8+QYQhw0PpZM,iv:X4Ijeu8acRT7+fHVXTR3PjzNZ1ug2siXZnfj33vtbOY=,tag:Gdrh5M46jQKyQbllij04fg==,type:str] + - ENC[AES256_GCM,data:p/ybUbwNrSZTvWPZ,iv:Xyi9+Gia7oEP3hsXt7oj9sclTkzQRNFEnQdLwmYsPxo=,tag:Bu/UOgbRPIo1SyF5dV2qrQ==,type:str] + - ENC[AES256_GCM,data:tZLy5KwWzA==,iv:CMUoGAZP4COVJGE050jAXNvKRXulO/A6z1abRp9cGhA=,tag:KGeTLTStlRE9i++UJbt74A==,type:str] + - ENC[AES256_GCM,data:ocGUwF9g1DpAng==,iv:7P+hH1si5n9z73Xh31l1/Mnqh7iqRYEWHAw/lCdf5Z0=,tag:ZLHnGN4SapjCAcb1CoUrXg==,type:str] + - ENC[AES256_GCM,data:AEi98degwA==,iv:ipA8yzX7dCFNqZ7fvLmKZN4aeXq7X6DB4FLDYUNQJic=,tag:N8sbXwWH2yoJEqGfPL+rjw==,type:str] + - ENC[AES256_GCM,data:tjJ+Y2vmUQ==,iv:aUDCNsczWlvAdEE0ifwSGepiQ2AJHZh1d4OIM4XnPpQ=,tag:K539wJaHCxCjSx6evkk9vw==,type:str] + - ENC[AES256_GCM,data:ED3b7d+T,iv:K4qbw/8KF2Svicz0Pd5TTs72e7+7LaslfJ92PWZFgLo=,tag:i8wG136WZp9mQrzPzI/PjQ==,type:str] + - ENC[AES256_GCM,data:op2W+Uwz,iv:Z+kYTpMglDSgFgt6FxB0tXNlttkOg3pETPvdAvccJYs=,tag:dtpIQ7R2TKw5nyS+Ikuc/A==,type:str] + - ENC[AES256_GCM,data:EWL0qA3g,iv:7/Mzr16uVOs5oVkKpSUg8uJ0ZANiAicIk9v0Zf9cOU8=,tag:Qx1s25DgU920rg6OgnL2Vw==,type:str] + - ENC[AES256_GCM,data:hZZr/m8S,iv:qVY61cu2wgfzFXWHZ602/Isf3LvGCnxFkwoEt1sf2XA=,tag:hKiWxKptYb9mN4nW64Q+IQ==,type:str] + - ENC[AES256_GCM,data:1Ouh/aVc,iv:obkEMWYzlPF+zqL/aoFgxHNEc8tuJPTTlWOOBuQZbOk=,tag:SoYt76esS54+2QFz71o4OA==,type:str] + - ENC[AES256_GCM,data:8YSxrA5Zo+IpKq8=,iv:dQdGalu+wleRp/51vf2xH0BLaOGkxSEdZAwwIKMHP9A=,tag:yaDg1gLwoMrSlwiBLLu+pQ==,type:str] + - ENC[AES256_GCM,data:XMQ9tgsRATXHQQ==,iv:fJwXGtrdf0FtbxfcDVlWVu6UcdayCRvg5Vo1wamypic=,tag:3ZyrxOnm0rbRoLKFLvp9LA==,type:str] + - ENC[AES256_GCM,data:DqoTljtLOgn689L+8MYRdA==,iv:NKgPJP1ZNCnRFDGRON4pplZ6vrVPPjm5Q3dh3t6Oshg=,tag:30rTTs4tFRpci25lICCbvQ==,type:str] + - ENC[AES256_GCM,data:rzo6HIqYCdnpRf6o/fEDX+kLew==,iv:sVu4G7mFzuVnX9j0jJ1ZxHYnty9oCJeTvgIpos7KYJA=,tag:kCFER0ilMo9U7pzFh0h6uw==,type:str] + - ENC[AES256_GCM,data:xrPXBfVctQN7WsA=,iv:xZEgx4/WAaAbVEBp3erlpHnM8/rNie4qHKLrLDsXxRQ=,tag:XkuZaqAICJKsVffPCLGThQ==,type:str] + - ENC[AES256_GCM,data:alwl8ws5n6E090D9+VfE,iv:shHNnPJadyNr68r0gYxX3juXhTLuoa9gGCzMiePJdBU=,tag:TN+7V7DfTguAPGPyok54Hg==,type:str] + - ENC[AES256_GCM,data:raPnIHn1SNAx2g==,iv:MkYCTTwN8QBhgWQ10OaaORXef3HfO3EE7V9siUzuSWE=,tag:NIEjfEop1sCoT1uYN+lkwQ==,type:str] + - ENC[AES256_GCM,data:yKG/ZgpLw5I=,iv:ElErOuV/aBEjlP6/1GsTtuxDfyIjr/mZ3cFFw0e45QY=,tag:ZFOh0RWXnyg2j94cpFulIg==,type:str] + - ENC[AES256_GCM,data:X2VFmQ7GsgVToIM=,iv:vc2sZj+lbekvHEGK5rGrFn8mPu0id6FcgAS6XyiCaUQ=,tag:XoQzBaOQ6621hvCX7B04BA==,type:str] + - ENC[AES256_GCM,data:Zy+n8BR86OIrUrJM1Opb+WjE,iv:t4/EePdklDM7/zzkQCbcc/d2FwBoF6HCd+0hdXYWlgw=,tag:wUjR6IvQb51lfP+GEDk9Aw==,type:str] + - ENC[AES256_GCM,data:Wj7QltM6GX9ficye,iv:PKpvVIEmdBECKIIbRTGTrDe5UzYLEy/WL8cxyruXtMw=,tag:A11Ap5eOKhEctufA2PTa8Q==,type:str] + - ENC[AES256_GCM,data:iiRfM5M=,iv:v/kriA8zKeJeypopCVIwRvs4CKXKcCAaAf1UuY+yyDU=,tag:KgzYPJvJXak8kC+5Hbo49g==,type:str] + - ENC[AES256_GCM,data:oAKz9gqr,iv:cTmN0c6WCw19xRtCMtRbFe3bSjbPVofxhX7vK3gBgl8=,tag:hAZsdd5YUeGJdYyVK5dKEA==,type:str] + - ENC[AES256_GCM,data:0p6SM9UGLQ==,iv:73hBVsGrQx7AMnMsOU4Tqw3oDCXo73Zb7E/xdzenOQ0=,tag:8NZ8SMVR0Q9nMll/7V5R4A==,type:str] + - ENC[AES256_GCM,data:y9LwPEY5d7Wp,iv:3pZ8495EB89wup9n+426L6jv8PIQLUSyl3NOZ6h6bWU=,tag:fp73Oxzn86xN90QMbyZGUA==,type:str] + - ENC[AES256_GCM,data:yN67jyE2oDk=,iv:hN7hdYQtj40aRNmdUguMgKBShpVg0/TebejovFWtmPI=,tag:MZUV27THKgfwXBB6nMEiFQ==,type:str] + - ENC[AES256_GCM,data:PxxDt+jUzYJfQg==,iv:8kvZij1Rln1qkery4BM8CNhkE1PeLovcZ7CarqkHxxc=,tag:ldVvYl4uMrp9nzZkfvAOWA==,type:str] + - ENC[AES256_GCM,data:wpv3IZ4ChRrHGf4=,iv:Q80uKyzRsv7KvQgYXH4hKQwIsv9Jt/DVk2BWpiG6orw=,tag:nGepq6jigPXWQQkCY86dIQ==,type:str] + - ENC[AES256_GCM,data:GqTvKcs6ITlJysrurzX1EA==,iv:6OQ9IhuW64bgjFLGFhkWJBU589VsM4Rl/VCRE4XGak4=,tag:5LrOUxwuIhdXlpPGnbozVw==,type:str] + - ENC[AES256_GCM,data:p1iJf2p7rU5goWaZmA==,iv:6N5vaedU6I2yKOR6u24kptUAWKyr/pgn3lmacq3Ad7Y=,tag:GOeRZCRl24CNHFRcw+mn6w==,type:str] + - ENC[AES256_GCM,data:B8veV8UuWBjAa2NT,iv:lmlVjX2Nj+I6GBEjQyMs3MD7JOkCAkEnFclhyOL3EQk=,tag:ULqHAD0BvujGudsg7K6oxg==,type:str] + - ENC[AES256_GCM,data:TdzpfXvMEkl7ks8=,iv:qnIuzqoWrcp8kEy6ndJvMusgp7uoWowI0zeD3ZUaFe8=,tag:2VIxhnL2LHJwgehPnV1DOw==,type:str] + - ENC[AES256_GCM,data:MAoSHkOxDSt7WhVVJCY=,iv:OJY8deWGMoZP/PIu9gACsD9kxzvF92V5djCi5XIvM5M=,tag:BP2Tu7skArurxk9qiE8Okg==,type:str] + - ENC[AES256_GCM,data:DdyjyDc5ysa3t/Hv,iv:qT/DWHd7CdPZU8ggIGunbi9mfrdUDAxnv4F0vBejfdo=,tag:d4vRGq7CV2QVjyaNjkerGg==,type:str] + - ENC[AES256_GCM,data:0l9Fv79vjKjsFZyugKHN,iv:LINGotbZoRcM4vdUeZVLtKDimtvxGvyed1Y0HhK7icI=,tag:ZznUi+U9tIqi0riNczdWYg==,type:str] + - ENC[AES256_GCM,data:Ii3zeQLkVu00dw==,iv:KMbhc3Pr9QQOnedB480PnCQ4O3SOzG1oWF8jQWN3i1o=,tag:hQzGWOIR5nBKNIrf9YKUDw==,type:str] + - ENC[AES256_GCM,data:Oj3QYXwWqW3x8QzSPgP0,iv:IUiuzacupEFE8fn6jpOMbnlb2aoGL80ZR7rVwn5Yl0E=,tag:CaxHVApkVT5hOHtamp31mQ==,type:str] + - ENC[AES256_GCM,data:0l7eWfj0SYVe,iv:5T2ZUouDfdQ5iYjW5nWpqO29ogI5n3LxAIt4a8fujMw=,tag:BInlkq7U9RgUjVWKkDLqxA==,type:str] + - ENC[AES256_GCM,data:J5Z4wyjBng==,iv:NKIHRvAc2DRhY/1jZLLH9+jYXbUMgHSvRl/Ll6/cgzk=,tag:9VQLW4Vu97msISnFgmjNwg==,type:str] + - ENC[AES256_GCM,data:WrQPBEIjJidr,iv:uGLUFM6RuOxm9d45ySnbN9ztmQa7wmECCxL795i15oQ=,tag:7wuC4HTLS9rOgjL3WICwGg==,type:str] + - ENC[AES256_GCM,data:cx5nrpz7RQMcknAk,iv:fEajd5Z/kLXjRPpRBs/4bFyDBaPOnG0tB9dnuBp9grA=,tag:WFcdGF25Njq8hfI4DvyL2g==,type:str] + - ENC[AES256_GCM,data:kUQs0xARsiiM7Q5P5w==,iv:WD3bv9TcTROJ4a69W6f+vTKVrCvkKYUl/0YOVxcjqqY=,tag:rvRA5zYd8TER4pALtPcKpg==,type:str] + - ENC[AES256_GCM,data:v5o5PMXsmxqQQVmM3Gw5LA==,iv:8+8+DX8qvSTQKzaaD188yW5/UvSgegufJDoBPODTS8w=,tag:jP0fMhs6y0cUOdkwUO+usQ==,type:str] + - ENC[AES256_GCM,data:vOeQ96j8xYjehO4=,iv:9w1ExutpLs4EzJMyLEFkm5l5J3naeZl4WdBEcpAjTGs=,tag:moRWPxPdm/jDkz0wooQthA==,type:str] + - ENC[AES256_GCM,data:By1KUDUGBw==,iv:LrNWUN3j5hYoX6K5EMlRjPRktO4ZBC2uY1gOehv7a28=,tag:FhBoOptdkBLCyco5V1wSqA==,type:str] + - ENC[AES256_GCM,data:PLaF+SmL,iv:Rv5TbBRyeAeWw8I3pPgcr79xZ9iPVsj6grMZig+vZtc=,tag:OC1ckMtdTiQ6psq8K60QdQ==,type:str] + - ENC[AES256_GCM,data:eFKy1BzNcQ==,iv:OBeUZgUaklbYytAqvWT1iFTCfkoXUvhBOXdLwalWPIA=,tag:C9YADJ5WDsMJozr3Y9eMMQ==,type:str] + - ENC[AES256_GCM,data:OMGh/OmlJ8g=,iv:z5p1RnJ8r8eDKOu1qgM1H4sYLdHlbZ+B+/n/zR6tI1A=,tag:1/qZ4OrGe+MMLAla5KeBPA==,type:str] + - ENC[AES256_GCM,data:2i50eKSKta2ND6Ku,iv:I1Z6Mtv+RGbM4LOJHt5fEtASHXFbaQ96SENe+uAyMlU=,tag:9HoeZ8OlskDAEi4W3ehnWg==,type:str] + - ENC[AES256_GCM,data:FBOfLGsKgKWXWSIo0ro=,iv:KHbunqYSOYgAvmbmfR/jmivxeSQakhZOv5su5rEEdeQ=,tag:kndO3bJI5DDsTPARZKJgLQ==,type:str] + - ENC[AES256_GCM,data:AxXJuSFIBBx7qxlHhUMI,iv:JLP5TiffegWK8V68lo7bxUxEDeVZj6da497Wbxcd8Vk=,tag:lziq0DVar9Lu1HutmOKTzA==,type:str] + - ENC[AES256_GCM,data:WUYvjIKYdw==,iv:JBszerxUPVNB2Uk8f3ZpXeNZ0k+DeVvLpqIyifmEzMU=,tag:RZMceaYVi/S7HQCAEeofLQ==,type:str] + - ENC[AES256_GCM,data:HJ77H/RI8gyVvA==,iv:gwKn3CHLjVc4Za/RtHxBKcGenkj5uSSf6mPOBc93ag0=,tag:tqnEJXhEaZN6pDaa7N1DTg==,type:str] + - ENC[AES256_GCM,data:ocboBb/nfP3WEF1S,iv:vK9UpX6IXPgjJRSHmaGzY3vgkZruRDxVnQR6OssCb9E=,tag:CLo+RonaoKglXl2BPBz3tw==,type:str] + - ENC[AES256_GCM,data:qPl8mEhMPR57Lg==,iv:L/hiVP0S85FK8y3e1m4g/ABk9Tup3Ypx7mY4eFGwfsI=,tag:wO9z4wAq2PdDBiSKpY+EVg==,type:str] + - ENC[AES256_GCM,data:2r1m3Yv3pMN06mo=,iv:kBUGcW555NP4AFm0eyb8q0cXGbiLjn6f8py9ZoCt2NU=,tag:bYmzaXpLfGK2XR+g752iNw==,type:str] + - ENC[AES256_GCM,data:a4ynm7JUxh9B0eq6p/I=,iv:WWH8BVoyEMnlc/ARtZ4yJCRneyTUhnnLbnd1kemLQy4=,tag:DkBogSKQA++PIpwVWmug+Q==,type:str] + - ENC[AES256_GCM,data:t/s4YkIi94Wz,iv:7yg3qpB3rhC6e49g1GvhlBLGZESLXuEvU24C+dLNuLQ=,tag:D/91SX0nUlQ5XlQv++kJ7A==,type:str] + - ENC[AES256_GCM,data:dXPkXuMhbfVGlg==,iv:xc5VP8XleOFrZ0NgAs2B0dZghaEaR14wo3HiCAOWISg=,tag:gov6IHy5ljqdSp0zfJmC3Q==,type:str] + - ENC[AES256_GCM,data:/nUbRNuim+/4vEte,iv:ggbdBm995DKBbh1RTwTp7jaumC5IO0aRJRs+hnz6jyI=,tag:XaqCvywUFB2U5twK2Ls6NQ==,type:str] + - ENC[AES256_GCM,data:osSU63hJ1qIpuyTu,iv:gqgfSPBXImUwran1RTXwTRZ0BTy++KO0J9wgKZrazY0=,tag:ckThI+i+EUkIXeS/xT/ImQ==,type:str] + - ENC[AES256_GCM,data:YUhnipff8Xo80Wep,iv:OfywfHd+On/rVVmZhxGOMH0S9bu4t7iZD8jHsOcXUOY=,tag:U/k5eXw0D2Nh8nqY5j5Nbg==,type:str] + - ENC[AES256_GCM,data:fSeKKX+D9aHCyWcmiA==,iv:btgdiNDMEJ1+MK1jDSvmx4wckbxHy1t0tL1rOrQuToU=,tag:HI67wPfsnv5gkxodhWDwBg==,type:str] + - ENC[AES256_GCM,data:A4v4Q0h6tNmcQspDEg==,iv:bY65YIFNerii6LRlhE2nKes03YDPXzNTIShQEHwTkZo=,tag:6GsVReYzAu2R8aXdR/lneQ==,type:str] + - ENC[AES256_GCM,data:LaIz4g6C1W6/x8E0iY0=,iv:xIxoeAnyryYwui2Kxbc9MJNTIkNp0eH81gq8JVxcnHg=,tag:/J6OGie2QQGiBVEfPmJQjQ==,type:str] + - ENC[AES256_GCM,data:8uFSM1bM7DbQnWfm,iv:WP0tP2byFFOOYv55+48rnpmYn4MAtHm4yTxVknDl0+E=,tag:YfwxdMEyR0L5ymeG8S/PEQ==,type:str] + - ENC[AES256_GCM,data:dp9Lav9JsRxqCDCa1+A=,iv:rvUEcvzA+nF9Q2MdtMurKisJCLPQ1YzmAVal/93AqyY=,tag:+eOpBRQ+JZ9wijTfxUS6hA==,type:str] + - ENC[AES256_GCM,data:YHb3n+LCG5buD6qR+tM=,iv:iYDO/zAKvpzWyuD5J+qaylrzMzCP9fCxZmSdlyrNfuo=,tag:/PD3/TMJ0BB16tKQMSyCpg==,type:str] + - ENC[AES256_GCM,data:11jx8mWDJgUVb3v2tD6+X8k=,iv:c/G8Go+rnh6rqt7e59jv6YTrwr7LUpATF00N9WObJZQ=,tag:XabsqQXWSAsOXvm+9knCqg==,type:str] + - ENC[AES256_GCM,data:JHMJY4E9Oc0gUlsNaTDOKzhW3g==,iv:Z5Egn4ee4HYzHGc3lSBacyU7JiBNhfJsia18arxdsTE=,tag:TYbhFOMcIYMBx8brWHW3dw==,type:str] + - ENC[AES256_GCM,data:Q9DTqezZguoHPOZI5CGjCw==,iv:W2+C0+ayIZfEChA0MQ3exCfYd/uITCPs2aNSAAizjqQ=,tag:up6dVHxQi/pqgynJqfvZWg==,type:str] + - ENC[AES256_GCM,data:krbeYAJTfTRoLY8=,iv:jPPAHumIOCvgesfxTRnQX0tofZdQZbkHKM+8oxAPVsI=,tag:c5WVOzE38IlxxdD8nrHRsw==,type:str] + - ENC[AES256_GCM,data:1v8JOcOE4miY01M=,iv:RbdoXsO9PZg7lGWGuKSOJJEq+pUSMxIO7v5cAmNRrY4=,tag:2pBsmsYhllN2FiTUoTNhYg==,type:str] + - ENC[AES256_GCM,data:REXGX+60t9Y=,iv:gFJiHLGsyOMilYM8HVNShJ/b2ihItAMMCw48yM3cHW0=,tag:ma0SRSdAJWC+d+9Jba9Q6A==,type:str] + - ENC[AES256_GCM,data:j7gQuLL1bu5y,iv:ra6uAen2MVmo7d3DdP0T02u3/bqIbOY63iJ/GrJRxdo=,tag:qD1DcZFm+fDoQBWCBqr1Dg==,type:str] + - ENC[AES256_GCM,data:MDPc5bgED0Nckw1h,iv:uqb1a1DNsJYPle2AGLqUNM7byML6emIDOoD0qGZMshA=,tag:2l/c1Hx3U7oVyiuT+2M8sw==,type:str] + - ENC[AES256_GCM,data:UahD9rmn0JZmRw==,iv:UC+2fXHRembtxI93NnvjER7HgQTo3Z0jyPKWzTpkQ/M=,tag:pxP1FIiayryQpBtHbUtNjQ==,type:str] + - ENC[AES256_GCM,data:Z6z1OmjP,iv:Cdxh4FJ3+V6700onZp3HEyobCQpfjfmsY98QL/gkslw=,tag:jW4S7XXYMXQYm/ChCWIhiw==,type:str] + - ENC[AES256_GCM,data:EklPg2SiU0CzsLvSug==,iv:ucyglAMyviE8iN8F1PNI/rOUPYR508+9QSsCeVmcNmI=,tag:65G0Z/Rf7dXEBDDoubWjaQ==,type:str] + - ENC[AES256_GCM,data:Dd6WMQ541LQgK2jdpg==,iv:ZN3THq+eoaKytWE6c+3Cgljxi4p/OA5GYufFoni1rRk=,tag:3EiH7QqktmmcK1/oQ4WWFg==,type:str] + - ENC[AES256_GCM,data:l3dKmypob9b356I=,iv:bIcnLoaVdjNTtCQpFFVzCqpcEOuH7eyOgm54rYJ4fTY=,tag:bcVx5rQM1QTKjcQa5NaZTA==,type:str] + - ENC[AES256_GCM,data:nWHwPtBTOUNNjFo=,iv:isMtttvpkajv2cU86sGwHmusMCLsuLybj4mGgCfnm3E=,tag:2UooJ0r1emOj6OrvtF1FKg==,type:str] + - ENC[AES256_GCM,data:1z8q4s5feZBhLpr3,iv:neJsg95KGzosyX93RT3fEjcsIum1w/wwRGAWZE3u4p8=,tag:au1PQ+SXZ2+LqI/Wq/Avew==,type:str] + - ENC[AES256_GCM,data:NhkT0bii8azT7w==,iv:3kMnhjuk95+KzQGCgG44+kCxpJ3VjB2hhRl8IoRZi1g=,tag:j6dahXB/ZsnEI5AsZMdnxw==,type:str] + - ENC[AES256_GCM,data:NPH2VXvJ9n+FmM8=,iv:6MccQbV5d0Z1ydN9ZWOX3PqfytPz/rxV5jEtFePZM04=,tag:mubMbbCyCfF+WzKHNs6YrQ==,type:str] + - ENC[AES256_GCM,data:hQZMdFFf+T+pqQ==,iv:8c5o8t2TEPYSJrndFw7H/6B7/wH83a0u1c5ksaPURqE=,tag:b8VdSOiVswiQ2PsRpEW7kQ==,type:str] + - ENC[AES256_GCM,data:XpfsIK6mGghJQIK9,iv:ZcABcbOVL4cQLWVKNyIS9nrB0mUFRP11MjD+pRZSIs0=,tag:gGNhjWVucEXizweIoZro6w==,type:str] + - ENC[AES256_GCM,data:DT9KIGzO8eOaOBRUsrWQ,iv:lD6kD1e/rZwA/qI6wNBJ6qO9lu9OhFLZgkrjQvPtxlM=,tag:PKN+3OEuuO/Fep57ODqFFQ==,type:str] + - ENC[AES256_GCM,data:KiYFFU9T0plpf7S/,iv:i7Hh66aFSyiN90VA/s1RY4dmu96xkodya7wV/CfI5Uo=,tag:p9yU9zgFYmuMVJo7yg5yoQ==,type:str] + - ENC[AES256_GCM,data:EK06zLKuMEk4GRA=,iv:SHyMquGYBzz6m6zH2wKUugnLHI6lR752Urp79GEgWiE=,tag:3hlKMQtqU/+DjlWze+v56g==,type:str] + - ENC[AES256_GCM,data:Z7RnQ0l5guj3uA==,iv:i7cgp7AjiV/qZSKfn8nU1qC8kqu1CPogTbUeK1SWid8=,tag:Z9tOPtcESS4D91Ki2n6JBw==,type:str] + - ENC[AES256_GCM,data:MjcBtAKgMulaW0As86o=,iv:pRsCzov3HX3v1vj1LY2vDdJiGlR6A/Iu+hkz7REuF+s=,tag:TrCCxptlTU0I68sEN1+chA==,type:str] + - ENC[AES256_GCM,data:tlspn4cYmfXp3dhF,iv:OynwXo9kSFXkXw95mzoWBeTeA5hfIikrj4nd3tdt+xE=,tag:ZnwJrlKE8ruyK38AQ1OiEg==,type:str] + - ENC[AES256_GCM,data:nHxPDLtJvpdftbCm,iv:vZPFBEwAZEJbPGcrLM3TByqWZsS7NXmKSoMGzms/+3s=,tag:5fgJy14tBrbh/F7R8pMqNQ==,type:str] + - ENC[AES256_GCM,data:/cdv+Gngd8FSCOc=,iv:75nNj+I9sDC+/7b8ioXRHLDqM8rzpKy+ZWW36QyfiU0=,tag:ghcSrKVVfjHGYrGqEnW4dQ==,type:str] + - ENC[AES256_GCM,data:rNllAKsY7b96iTk4If6GuA==,iv:qE7UzsgiP1DoozOje0JfWEfqdYuEzyZnet4rE65qfmo=,tag:RyS3EHWYjdfHZBIh4goJtw==,type:str] + - ENC[AES256_GCM,data:Xk6wZu3ERwM2817fVOnk,iv:21Wga69YQu7BfxvBFxNmfwflzSdgVgMODlLoURXo1gU=,tag:hJpjKlRgnisu18n9u+lmwQ==,type:str] + - ENC[AES256_GCM,data:0ppBwGL3/gaUwWF2cmEU5Q==,iv:Et+IVH/lNL0AJx4nIpz4SprwLytxw3XR0AnHdx2ultE=,tag:1luQKO8eQouluHVddv6fRA==,type:str] + - ENC[AES256_GCM,data:tXC6RF17WDCpJy8Ba4lQai1S,iv:XHB92eOokj1+CDic0bllPbhEAO1fo32FrG8j5J8vUuQ=,tag:4wRW8XWULikb2+HgrsomQw==,type:str] + - ENC[AES256_GCM,data:qCu1k0yv0oBRqBWcYw==,iv:kURj5VCeRxUYp6iTE5PvQlPlipLZ0iaiKnxZNNZDLWw=,tag:pIRdhYyhVsuwiq7RXrZJ3w==,type:str] + - ENC[AES256_GCM,data:zYRNg/mhiRB7REla,iv:7QtJtAPLee7fHLydsWI6jGAK6dnlJneoAYKhs+lOTGg=,tag:U2TaqGZrIh2hBNTPr14Nig==,type:str] + - ENC[AES256_GCM,data:E7uWQvArSrnebw4y,iv:ljaPiiOFTHpG5fxcHyWYwyPuqYpfBBtq3XX9HAfi2Ic=,tag:8zoJPh2B39z98eroKdv4BQ==,type:str] + - ENC[AES256_GCM,data:h3XOKfocTAHdfsyR,iv:tt8fQFJlAiWNeXsf2bnVR5na+ICbdg84dA8Aep5oTsc=,tag:rVX3EEPQhLcv0dCq76Tm0A==,type:str] + - ENC[AES256_GCM,data:4TcvBaPtdLgFbYtz,iv:mxgEjFgVMqM2mnrcdFEVADPJXm0tShdKomIxBpvQWdE=,tag:REahy8jXRXCUfSi8snPPjA==,type:str] + - ENC[AES256_GCM,data:spgNFiVS9qm7nx9LHGx5,iv:zXIhDN1OfIMM5hP42ngQtGa+7L3VvVgyrsUwL8MpawE=,tag:0YX+ibP4ftrjYs8rQ/Ikvg==,type:str] + - ENC[AES256_GCM,data:LVpjO7v96ZE31sMGgey2EUI=,iv:0ikIzTt4HT5jQ0P9radQCYLA6P9EwTH31kP8fwEu8II=,tag:6VuQaLaDTZkddQR6bxePog==,type:str] + - ENC[AES256_GCM,data:veQx7zvDkxv7dw==,iv:/qRFulRgNiiONU4z7QLqQEz7Mr+n9q198JYikkiuvrY=,tag:QEU5BAoZyCSTltqs5hQSYg==,type:str] + - ENC[AES256_GCM,data:TXZrH3e/ENoQAhcXXf7cr4ICKlQ=,iv:3J59y5pBqHXiQbf4CKGulrte8jHmAzd5AZZGI0vC/Jg=,tag:vgzB5+6nGyAqvz2RlCJ0sQ==,type:str] + - ENC[AES256_GCM,data:SXkAFF6cSr92oFnetw==,iv:ZbE4H+YPt5lXm0ModbRZDmV3zTCEoLBUakNd6qyNDGw=,tag:4Dd/KZuMGt4n/eVxxBLXOw==,type:str] + - ENC[AES256_GCM,data:v08rF4qbbBqFqLHn4lXH,iv:ZK/OkeURDtkHf+uUuPR+aQw3efU1kD/ul9WhbAlcYnw=,tag:LQDjdf68q/KuXRPYBETfWw==,type:str] + - ENC[AES256_GCM,data:oQ7TGp5lr+d5CHXW,iv:sqHSI7rT7Xxs/FyP6IZQ+gTQozqVH5xrZThaTpUAHlc=,tag:glnxf0PLbvsp2Bl0j2eL0A==,type:str] + - ENC[AES256_GCM,data:YjBsE8sU84WT2ncHJhKy/mdAeVU=,iv:fnrJ+kqiO0/ActJcCoxg7GVlr1QAqd7ulpcM6diT7m4=,tag:vzIlnJCLL9nQUYYQwTplEQ==,type:str] + - ENC[AES256_GCM,data:h1OJE8RWU4PwiXtt,iv:yAjHiCIOsRR/bhz7bMRfsZUa6jzCcvWk4jyzPAcDpHU=,tag:HXgLfTDuFzCovQXmmw5osA==,type:str] + - ENC[AES256_GCM,data:sET9G+wGDdg8jaM=,iv:Ke2cbvFGEdD8HA0gXcca8Hwz4Vb0rgFp54HKO1l2eq4=,tag:kXk8o4FxH2tmuspeh43N3g==,type:str] + - ENC[AES256_GCM,data:p54tkcCfmUxSD5Eck2xEWhE=,iv:IAkb8U2apPRrjIbSodEXIpM3xWS3fy5ObVikbX2AJog=,tag:87rUzOYsGnUyredtcklwjA==,type:str] + - ENC[AES256_GCM,data:zrqSMfDpt4WoTxukwsfvdw==,iv:7p1n+hboy/pqBl6tGYqACVB3CLf2wSxw281fCsE0jGc=,tag:PVQQzB7RM+28IRAssNVGfw==,type:str] + - ENC[AES256_GCM,data:E7JEw9O5,iv:miFDEdiTml8qGgNobQm6CnHKDzdndpThlErRE0PgbaQ=,tag:YBVOTbUKfMVZm2BN0FttDw==,type:str] + - ENC[AES256_GCM,data:wlUNtoTo8O9I9XY=,iv:UjC4BmDFyGuqY55KDNVR4u2vv9NI5TeIwEDPUSeItmQ=,tag:Wdz/YcB0K5wrJRJ/l1eCFw==,type:str] + - ENC[AES256_GCM,data:uD20jVMcRwzbxg==,iv:yRdFvYP7RjnFvOzPgH7jHHONtQ9NsgJBs7lqKITFlm4=,tag:lK/lPWAYyQBkNAH51pBNpw==,type:str] + - ENC[AES256_GCM,data:jbO34OuFB60rGw==,iv:b4lcjMPqZLHvx/BsNN1l/BQfoNGop+2z0s2czM+ib1Q=,tag:MR54XxAu9XG4fjxaQsvM8w==,type:str] + - ENC[AES256_GCM,data:xlQAvWhMgabZZ0oS,iv:ZUz2CIBfEqT7BsBq5IRATvkQyz5EQOFWfsjrgH3Ps/k=,tag:ENCUohZum6p3/wJyQuL2RQ==,type:str] + - ENC[AES256_GCM,data:EThL9CZ+8v5KoDWm0Q==,iv:8tZa+Hcg67uGowbwCoaAY/XPRCB2hQwJTvz3JtwNhu0=,tag:Ny+CfNV9UWKKrbUzd5iHKg==,type:str] + - ENC[AES256_GCM,data:0W/sCccE1IccpgawMh58,iv:w6eXPtZx9n3OSFkKmaUl/8Gh5SqHTRuLsEhaYtYGAzs=,tag:XqF5PHk99vntnKx3W1IfGQ==,type:str] + - ENC[AES256_GCM,data:fQ2OjCUc1w==,iv:ri46a9D5ghgGT4kFJrjg2nj7GnD+DcDuC9GjA20Fjs0=,tag:53myjasITFgXw238ptXA4w==,type:str] + - ENC[AES256_GCM,data:j8OZS3y2P611Th77l9Btnn4=,iv:/oDi67i1PhYIxIpFcFSbaljWyKm30sgIy0LHM7Vf4wU=,tag:Sd9XnJtEMFNNiOO74QyLIQ==,type:str] + - ENC[AES256_GCM,data:mebF2CwEAa6KaiBhYME=,iv:ZGsKRDvjRmwKS6FE6EJPXSQ7xAsivTV928EzAfwExyk=,tag:qDDz9AcX+LLnPlXRuyoTaQ==,type:str] + - ENC[AES256_GCM,data:A3tJBwF04uKKnug=,iv:u4FO8wTqASSMcmbDw1NwQ7hT5nGxEpgILDu40hCVRUE=,tag:GvUaisfzT/yPTFFDDi8MYA==,type:str] + - ENC[AES256_GCM,data:utNuJ5kIvFhe0mY=,iv:qhipAy81ptpSZl7OV+t0CS6RbPnMTEpsOeIG0WFOByQ=,tag:6zEmdORDxDDyRoQCOrvkWg==,type:str] + - ENC[AES256_GCM,data:3EQaoZVFC5q01dWgjT50,iv:yL8yiNBsoFtYDDNBop1bOQYtAMd8g45xHjnjFYepWNI=,tag:3eGFiRYCCfBwcWclCUnb9A==,type:str] + - ENC[AES256_GCM,data:hncCVdO1s0s8AJTD,iv:M5FscbErjrd8eTuABlotKpgJkgI4p3I3EMLI0SafQ/M=,tag:TKnV9bvVoVbdj4i3OJCB+w==,type:str] + - ENC[AES256_GCM,data:+mia3jvKJSs1Wj4u,iv:BWoVWF4rCt5z0GakR+Bkc9RL95rSsia4ICc5tIDjFCY=,tag:pvqXkr8qORgSU9A+kUim0Q==,type:str] + - ENC[AES256_GCM,data:6HHzRxUD5UU4aXU=,iv:jzpWuIsugailkuE7JhhkjeTLGE5T+aZkfIxy59WBt+Q=,tag:41HIR7+9YtrsfIeQMUvF9Q==,type:str] + - ENC[AES256_GCM,data:G91/ufDmy3Qq,iv:iLsF52zHV3FwUS/Egx8KxuXaBqmU6o4sxxw/OVbQDss=,tag:ohP3qE6paOlthhlQdzXX0A==,type:str] + - ENC[AES256_GCM,data:QME4fXt19Ds8CA==,iv:/de77MkAvFoiekuPzIIBhoTrJbL1U8JfG/fRWKILWp4=,tag:Z75WD30cBorj18DPb7Wctg==,type:str] + - ENC[AES256_GCM,data:1+U2fFcCH6AD6tcCPw==,iv:1OKK4CQqRngF6N1T/x5xgMkREIm8RqhLvBJf4Yxyqy4=,tag:yGchLSQ6EOlTRFjppP3bbg==,type:str] + - ENC[AES256_GCM,data:tNQG51Rp1t9xq14JIjk=,iv:TWvK0qSjy5CRI7VrHVUKVr91KbMFzhW5/xBNuiq1WBQ=,tag:TYO0fS/Gvg3nHBYA0o7I9g==,type:str] + - ENC[AES256_GCM,data:qHS4o40n13c=,iv:WChYwnS0SxAsUmGbdp+6UbFOXZya8zbhTJ2cDyExqmc=,tag:JmaWLZakYNDm4/Fg20zAfQ==,type:str] + - ENC[AES256_GCM,data:prOhe4H8SxE0,iv:EA9yShxDzFrlsf6VfitJbpmEaQpSgq5oZtOyWxaKLXw=,tag:4edl6B4YDru5lcDtjr/Dqw==,type:str] + - ENC[AES256_GCM,data:Ocp1TO+TIj3/5g==,iv:N36QCmlVJg8j7o68deYgmJVIX1toQWerYfJGQtxHpnc=,tag:sIGYOZBzAePyBnUKmq8LQQ==,type:str] + - ENC[AES256_GCM,data:/eBMPkvBxHELlv/Uqjnf,iv:TwxrzzQEe3NUu/msaS0ElG7gN+z/TJkwjJSIg/7NeCo=,tag:ItiTSQcUkoC4p3PcCVnsxg==,type:str] + - ENC[AES256_GCM,data:I9+Zs3wM2sc4Tp5Sx9lbcQ==,iv:TwE4DuXfvj8u1xrfGTNqRJ/zfR6NiY3h1yu8VbuvcV4=,tag:kSp0daPzVtsZiBfJnbn1eg==,type:str] + - ENC[AES256_GCM,data:0uoiuSW4WCmZCY2FH3iv,iv:RpOdc5d6y/uay3ZWP6+Z7MDSRX38GtadnNCqfeSmQpo=,tag:TVlIa91GNLHEjHFEjs4DPQ==,type:str] + - ENC[AES256_GCM,data:xtJpL3321s9syb4=,iv:4+fT6ITliE1mB+zBfPYd9LUNVzx4XRk+SFyk2aqFy1M=,tag:2sQZej083GcJigGS+dsuCg==,type:str] + - ENC[AES256_GCM,data:JyVP9t2/LIJF/iHxiw==,iv:2lCQgkaOZg6uErTiwYfJVLtIzp8eyKW07VJ2rvoekj8=,tag:kcZx+foDJFFTgE7AItZyGA==,type:str] + - ENC[AES256_GCM,data:b3+r1uuhkh41TXNYQRFroSZz+N8i11M=,iv:D3X3Z13O82SDPtPHTYeHQbwkpQNkMOWkmhtQDxvH3Uc=,tag:pZgHrK4/itn6dsVZBiXsWA==,type:str] + - ENC[AES256_GCM,data:ArHMGog9Lr913w==,iv:vKfYc6bbC8OkmgpQPyLSeE/5BG+70QcKJxpN5i/FmdI=,tag:JRT8FuUSxxYfBoPqXdXx4w==,type:str] + - ENC[AES256_GCM,data:AAhSh5nbPfls6TN/,iv:5W+06LFaVHO0qRwNR/GLJIGAk4FV69tsnLGKWeJGA6E=,tag:hggyikbVkfxFGf3At8tGJQ==,type:str] + - ENC[AES256_GCM,data:JJkReZgo+iIEo6epIg==,iv:DN+hRRClLwUVSob/kmFvhLqjnP4WK6CrhTiroLKZelg=,tag:1ABG1DEpoVGQ4off/G4+gA==,type:str] + - ENC[AES256_GCM,data:yN6MhIiTzDfg3+Gslcs=,iv:A9Qu9PmpVu0Kz0ztZxujjQLxN/0/7iJlNj7U3dMRQBg=,tag:RDjKlYgZJQ5dYv7Q14oZWQ==,type:str] + - ENC[AES256_GCM,data:0MyfDRcfOgYQaHaTDga/,iv:rAIpsQU9BA+UwZECVHYfyXm/7XI9Fso36F7Ef07IFTY=,tag:EqqSsp1C8X5WGYd5ZicIxA==,type:str] + - ENC[AES256_GCM,data:p3OpSPboNfFMSOxJCF0=,iv:OB+Vb86kTxIRxVjDPMGquv5T9ApIHyPlg4/wIW4BnUM=,tag:vODURmug0SFCteciOxH2sg==,type:str] + - ENC[AES256_GCM,data:VTA/YBXf52jdrhu5ZdCc,iv:gQ8M+RlGpdSM4FZwzbBtpE4WYpLSYkro4t0/kb93ilY=,tag:xDxsbZFGDmJ+Kgw8jUls7w==,type:str] + - ENC[AES256_GCM,data:ScyG3JJL+26SotPeQjOf,iv:+MZlln3naAoj1gWIFCNi3uB9SadDz2kus0Vn/G164JU=,tag:hqxNn6vTjgQQMLQiISpqYQ==,type:str] + - ENC[AES256_GCM,data:8HD4dVnrDyE=,iv:n8jRD4Ohs105EeUOjSE2HWh1tNndSuunOimnbUysvTI=,tag:LcVSInW0sgVhFzRBpI7Sdw==,type:str] + - ENC[AES256_GCM,data:ACRn/ycVYnCMLJoP,iv:KwPQmiyA21UnwmGLl5vld0w2D+lHswiOjA2jecUtX9s=,tag:YFmY/imaBFu1Q0xJN3FLHw==,type:str] + - ENC[AES256_GCM,data:WojO7ZeUi9LWbGhv,iv:MJQER/76Gv5E7+1LsyV9Mfeqh/MHh9LmRJelzTqdvyM=,tag:6RPgg5fVi/m98mX1YHvMNQ==,type:str] + - ENC[AES256_GCM,data:CmH8gRIPxrlz29Zhc6Gltg==,iv:EsTura19KHXJQSfzCJ5atHyMqkk5xGYbN1VI+rdxmlg=,tag:Yv5d1WyLfjsEm/DY7RXosw==,type:str] + - ENC[AES256_GCM,data:SFzR7oK1HX+AoNIiVGY=,iv:2zVtqf+cobGOFUnWoPqXLy2KionmmRucQnO47jdz6rg=,tag:ly2o7EgNZYIoy7ShwXfcSQ==,type:str] + - ENC[AES256_GCM,data:8XhOpgZxdgGE/bPQnFbAXPA=,iv:Ofh7Vx/+pGDLxpZMWJ9m2PX/+8qBZAvP6YFjPXHTeDk=,tag:wTy1GsAFl7Gw/KdWlbHpEQ==,type:str] + - ENC[AES256_GCM,data:Y6tSbDx/hgm7LfuM,iv:4bI9tGjtk/h+fM2OCoIS2Tuz9/CqzuwrqtRbyHAzl+I=,tag:0QuCEign8lG/vAQctaH59g==,type:str] + - ENC[AES256_GCM,data:2paVwVqctX+PCw==,iv:Cyj3wu5IlK6vvyx4oDr9YJG7Q4o3Lgh8NFO3ajyW+yM=,tag:QxExxUEwPvHpQm54yqQVqw==,type:str] + - ENC[AES256_GCM,data:b/nNUESXVFgc1u1S,iv:/dz9Yc0q8imJdKn5pnnK1vsFn4PY8ZZXuMHI03/dzJo=,tag:WBbtCNKtt8P6inHsxgdtcQ==,type:str] + - ENC[AES256_GCM,data:UbiNEUMrx7ib3/AU,iv:anLao7xFq88noQfjSrt7sh/SgaIWVWddl6/LQbDrMgs=,tag:a4SBNFtV6vfKfDr5LdCSuA==,type:str] + - ENC[AES256_GCM,data:MK+mraE=,iv:lBRjOhwQ4oQeglkTsFwCUDRLpjeMLjFTLWjgFknCyao=,tag:cSIoUd95Q1Zj+/WZ39HJNA==,type:str] + - ENC[AES256_GCM,data:T4OsVysG0+DoNfM=,iv:cbICUYTffYtCr2cdmuF/YY7VU8TXm8pD8ttfmJik3BM=,tag:YQeGTs+bxk+7Z6GmOXJnrQ==,type:str] + - ENC[AES256_GCM,data:Gdr6H5VT+jb7Mg0=,iv:hqkH3Knfq7B4uoCgftXqEsvRjx/iQrrxEISiV22MnhU=,tag:oDL6znDj1RCiaga1OPuf0g==,type:str] + - ENC[AES256_GCM,data:TuT0o2lN69k9CQ==,iv:2as+61A8Abf2ejtyqtkHKSUp350QKhviXb4cw5KC040=,tag:3mkaZFfOW30fJRFycGl/pA==,type:str] + - ENC[AES256_GCM,data:XjrsP0bQ0oMi,iv:D7OH4UxjdXDDwh32kkIPy36EhoS7d3bbl0HrTmUdpOg=,tag:8e0Dx6AaV9qh89gUZziDzw==,type:str] + - ENC[AES256_GCM,data:nj0q+W8rgUc+NZfW5A==,iv:tugC2rhw173P0SuZnpyJbrmLA1nbTktshx1VjK8eY8g=,tag:k8yJUxUp5v64hEDhjjcG1Q==,type:str] + - ENC[AES256_GCM,data:+ZXSzh0huH9aGQi/J9UV/w==,iv:L0oFpEjAejM/iCpaJmyc10Ynz0I+sqWcjvGwj44NG6k=,tag:JwP7hsvxFN1bEhQaIww91A==,type:str] + - ENC[AES256_GCM,data:Jy2ZnHrpp+CpuA8/9CJBJg==,iv:mZmPkxlQzCq2pJ+rdHXx8trCwZAATo8PlDJL6+8AjSE=,tag:0H2JrSyvTkJuP5lgN2XwtQ==,type:str] + - ENC[AES256_GCM,data:LY4LY4DaMi2llGs=,iv:mScwxwy2Cs7DkHlX0sa0HIcNrzxZu2v/YE5a26Dcrfs=,tag:f5auJG8nLPEhQLeaRWzIiw==,type:str] + - ENC[AES256_GCM,data:0wbNpWa82TnyYOpxaVJRrg==,iv:43q3j2msGgutKs6JtzU9JdJYXwM3GPEUi9/Uia97s1M=,tag:yp6He74reKHQp6YtySl0VA==,type:str] + - ENC[AES256_GCM,data:RB0kXUXNb4rIifTKiQ==,iv:wg6jWwDo++ZljFSzNwRwQViOCaszDkWnPE8Ws1pHVUE=,tag:gOYaaZGmpHKvZN4aw53KAg==,type:str] + - ENC[AES256_GCM,data:s0mEiw+JoV3UPEi6XrrQ,iv:aPhD+tN73vwZCS5RdXbbsceMisdC28l/O9366cEArZY=,tag:MFJsKHcdZmdDMJTAnnPvgA==,type:str] + - ENC[AES256_GCM,data:+HG/egMOeKnq,iv:2iljrxEXKLBx3XJ3rJUCJ8tf+IMsLz8rXsRxbocq0Ag=,tag:D3Nc0oVP63bRmnptiRPWQw==,type:str] + - ENC[AES256_GCM,data:eRvrvjk1H+sRmf/a5J8=,iv:5CkpGwD160w5spzVu3/RPHG3zm9uISFrs8L43306eOs=,tag:ffGzaA9KEoMKjZGBjpgV4A==,type:str] + - ENC[AES256_GCM,data:tpaBJpXmzFrFNNI=,iv:gnbKs4Hzvo3kaDxpBNR6ma11AC0ShNad7l3wYcXDJiw=,tag:3PZ4BwAlMJhpRpoODyeTYw==,type:str] + - ENC[AES256_GCM,data:mKIfWxd8cA==,iv:SfvJMzePgQ4Hyg7cA7OfjX6hZzwBZpTR/rbzbjxWHjs=,tag:SWVxYVaQe29PO6uMtfGG/A==,type:str] + - ENC[AES256_GCM,data:vJq5G1ypT8EhWwI=,iv:tRp1sq2ueAMq3YVJ9FStpYS6rKnE8g8xVux4CMnIcY8=,tag:57NYYdzELU2eS1I/qk5G4A==,type:str] + - ENC[AES256_GCM,data:QNIBcUr3Jw==,iv:/jYSK1DRel/9gWxSUkhqhXF8UA3/4fDLnnsqjN/bGtI=,tag:WzBw+fbayol7OZtICc2NrA==,type:str] + - ENC[AES256_GCM,data:gSOw92QMzIo2aA==,iv:m5kHcHI16exHFvEnLKBG9wftuFzeKYx41Yt+8wzITfc=,tag:Ul14ucsrtshZuPsD95FWHw==,type:str] + - ENC[AES256_GCM,data:gkmlaQKZoENlw1zgL9eeuy+I,iv:OVae7hiZx1BqjMidprpfPoUiF8Ao4qgVXenyS1NOuvo=,tag:PG22aDAuarGguItMqORblw==,type:str] + - ENC[AES256_GCM,data:vVvYq+Xe3enUVlnI6AUnAzY/,iv:E/DH+viIMYanMjcM/unjU0xW92x+ggQ3zO/dmC6bgpY=,tag:cWD2gHentJKDCwmXLp9g4A==,type:str] + - ENC[AES256_GCM,data:3ANiQ7/Vl3uAeiAt,iv:JuL6gmrOvDg51DcAhWaZ01NA2Vq8PKiQHgGuHPm26TA=,tag:Wufu2u+8dfGR+BWC1GTPRQ==,type:str] + - ENC[AES256_GCM,data:QZqGP/AyJ8LdcQ==,iv:iUdkbkFh3VFjnQzvIqyBxaXaP40fjxzLeys0aCYSlsg=,tag:nrQlRPvzWt8YxC0rK6zODA==,type:str] + - ENC[AES256_GCM,data:ND6Z99U3noSl7q2P7Ct6AQ==,iv:d89nJE0nA5TJeCHCby38HfHVkT4MuXPxg/EeEcrkSHQ=,tag:7Wt4TcqIP9mG4pLiTtQrGQ==,type:str] + - ENC[AES256_GCM,data:piBGEIyT3lYgxg==,iv:MSE2b3+yNN5tS35t1tT9R5P9SBfY2nSXrM/gAbImOC8=,tag:3uYXQM474Z1DQcmY/EcfUA==,type:str] + - ENC[AES256_GCM,data:D6G/brTrg4Db4g==,iv:r43USbYRIMJAq9mQGtf2+KUfiUKK8ljXNz7ppHeix5c=,tag:SqwaPoxhcAG9Bx4GFAhsTg==,type:str] + - ENC[AES256_GCM,data:ITKjBPJSoO1u/yRo298=,iv:KWP6P0psyeUrioExvXbqtJq8iKbQ6kNHd2pvt4B34sA=,tag:C9ryTP0B0T/cKNUQ/SLJ1g==,type:str] + - ENC[AES256_GCM,data:MQ8Q6tB2Vh3UHA==,iv:Y9wwbS+2hIT5KqfowqYfnAed+yxwhXatXzHoAGpnUiA=,tag:mS3I5DhYdO3ARGAodudsgQ==,type:str] + - ENC[AES256_GCM,data:35Nje1+HEbzmZK0=,iv:p/muDOQXm37x2YPew2knf9Y1R4k9nzxc/Ntc4SMJ2Vk=,tag:7ViRBmQxoqIe64eIEKWlEw==,type:str] + - ENC[AES256_GCM,data:h0tRVpqjxXkmTe3u,iv:oIbKbMHYDhtZlRpkOikV9WFzoqkxK1h2046wqUih8wo=,tag:yYjlJzJKQCvLKcTdkPosxg==,type:str] + - ENC[AES256_GCM,data:BavUZ7BJwnlAeg==,iv:vivnm6o2iepl/YPVMLxWjcwuP0tQKKHt6oEHL9Wa7og=,tag:QlvG0JOvKfPemoawgwGUew==,type:str] + - ENC[AES256_GCM,data:QXwhmV6Vmb2k,iv:L7rP2B5U8kFDTU7LTkEtU5pSxn2asOlBqAX4I79QzFY=,tag:t2MhzyS7eJljwfEYa/0nsg==,type:str] + - ENC[AES256_GCM,data:2lzna36Wqecrkg==,iv:LF/M4y2pL0J07UmUh1XY65Qrq6Dt4JKpX/8wIIE791g=,tag:MK2x8bWECuVPWHVIUHgBKg==,type:str] + - ENC[AES256_GCM,data:ra4SJ87jBuTZ,iv:Vb2iBF0rMrKwApgFJUjTU3o1SlRi9pLuQGHXFHSktWE=,tag:8RT2yKeOLiLbdCnjkbIS2g==,type:str] + - ENC[AES256_GCM,data:S3Qtt5h2e9WQ1AshIVo=,iv:zIP3SmqdU8MiQy1iNf/aP6NSjbMNTL6oYfEjTTUkuac=,tag:wvkys73qnSBlBhkhSfLb8g==,type:str] + - ENC[AES256_GCM,data:RzVtkHlI5IHE5wguSw==,iv:cmIV9o0QfKbeUoS0RN7jjKGkAJTlwDxBOCChLefMFQw=,tag:O46zwhbqwwHi8ls3yJ/vRw==,type:str] + - ENC[AES256_GCM,data:zwUXacLZLnLY8vTly/YXwSpo,iv:jsXL/8tW7mDkqzkQpjeeJmA0QG2aS0fXj+XAj59cmoY=,tag:SH4sE5ocoPBFv43O+VMK8w==,type:str] + - ENC[AES256_GCM,data:2TAB3wX4q5YG93IpZw==,iv:DIds88mTDYTo1Jb6/Lwp/anhZAmpWdWDQTLviEtyUAY=,tag:qiSLMTTz3nob1mUdvtU5dQ==,type:str] + - ENC[AES256_GCM,data:E32anM5nduYRqAMUjw==,iv:yRSk85RfDoGWavW4QY4+rXQzhEaONjtrXyYOSRKGwQg=,tag:qkz5c8DfZE+fKsOV2M4fFg==,type:str] + - ENC[AES256_GCM,data:2LKRSug6CDYC4hk/Y62RdekA97nX56nf,iv:7a2Tfpq69cOmMdwxpZya27EmCkDsHERd2YwJK0WAwfQ=,tag:c/vE35nF9ZEk1yVVth0nzw==,type:str] + - ENC[AES256_GCM,data:00QeYxu6ebED,iv:2uZrc4w25mdXXAAh7zYEWcTJBPBwkrcq8KEpKXXTWwg=,tag:IV68xer5H1QeRMkwfnBC6A==,type:str] + - ENC[AES256_GCM,data:a72lsSeW3WQgIAIFJnOcxg==,iv:mTXrhJcKk3dpoIYZltuma7jCcwwjWfAXKb9e5eagMTY=,tag:f24JBuESfTj4ie9WXGwBYw==,type:str] + - ENC[AES256_GCM,data:awM94ShUn30875HI,iv:oYKm+YpJWCO26ZlNU5KdWHbL8MZH8d7o9BGoSgr39xs=,tag:JDrOCQnMYDzGbnlmJ+vOLA==,type:str] + - ENC[AES256_GCM,data:WV/mM9pdKC+ujZYLnQ==,iv:z2DHb7RQOCW1HzPI3nUsZ64v2OOf5FY1trMaWl2DK6M=,tag:wiyjG+YDWFjpkuk+S2yoCQ==,type:str] + - ENC[AES256_GCM,data:IyF+hEF42Yv731b66Q==,iv:szcnSdcFRHOLxzKx4vtZTkv8JXjBIrK3ZUrWoS1FeWw=,tag:UDzqV1eyLINFVpXb/wdQMw==,type:str] + - ENC[AES256_GCM,data:AYlTQ7zwt7xdOw==,iv:uoxhP09wstI34Q1Y8tumyQDrfXm8T8iF7L6ayjYX9lo=,tag:2UUhIbWafWfmeWpsaCcaYw==,type:str] + - ENC[AES256_GCM,data:l1N0XLX29/F7Q8A8ryiUF1g=,iv:NzpRkd69PkBDjUhlW5nfACyj4f/OOgdZqpIsBsMJcWI=,tag:GWMP95+6JuTvNTNCy8rfpQ==,type:str] + - ENC[AES256_GCM,data:AjAu1BWDa8ftRAqIzi0K,iv:cXAwF++Bi6ySpY6rsV2bEZPQzJubwkmDsqQJLGTBkp8=,tag:Ve+6q51yUxTzZRD0tWtOzQ==,type:str] + - ENC[AES256_GCM,data:n2+31d7SdfYmXdk4TCw=,iv:OEbpQMHCRprtceJoJ3tA7GW+srwIUKuZNY3sCZ/kF9c=,tag:vbSCJqGVrIHxspsvLBd1sg==,type:str] + - ENC[AES256_GCM,data:ujnJK9XMNZqpKJz5,iv:RN9bs4c1WviXGHLz9x9UIo4pQ3hBY6Smk/EJaUE79B8=,tag:mbwdY1RlfE9QCVyCE5ttog==,type:str] + - ENC[AES256_GCM,data:mys0LwaNBNb1jfU3JQ==,iv:y14SgtAxzIEfRhDkLKwOWd2S5KinXmzBkhGSf7jvSA4=,tag:fWuTFWUV63sTZLWu5FztwA==,type:str] + - ENC[AES256_GCM,data:aDNv+903zq0TK23Z,iv:fqBIjKf7IpWldFeA6kkP8lD/KeV60fgkehTgThj/C5U=,tag:wGvemxRTH0OFG8nlbcc3dA==,type:str] + - ENC[AES256_GCM,data:W/Pi0xKoHp0QYo/lw1mG,iv:pucYJXdPTzbifdzrFZ7KBLO9VuVa3VoqcdgVBESACSk=,tag:YUHPf9Uej9y70UKV7PJy1Q==,type:str] + - ENC[AES256_GCM,data:bAgZWE2nyZJzVye0kpqWZ3rotQ==,iv:pfnqKLsm/EYofLeGBFt57mhprC99nuoShyqX48dtI24=,tag:fb2jT63at7SW2Ze+BehBTQ==,type:str] + - ENC[AES256_GCM,data:JlwmW/rEhO0LlsJhtLoG,iv:g8vdHGhzwVnid6+E3pP06cBNEr3snmPg2Nu1P3ad8Zc=,tag:4QZgGVoRrqhhQpG6SkuVBg==,type:str] + - ENC[AES256_GCM,data:A9/YIUI9IPhkWUhbsg==,iv:H5wTJ3PTwmUapn9VZKCD3AfzWxJBPjSkbkSesdtqazc=,tag:YkmXfJE6dDQtVA6KYJo3sw==,type:str] + - ENC[AES256_GCM,data:dkbEhEI658aIce+q,iv:He0H2pVJIyhfJQnlFKa0Kx0lqHxckag3ZT37978mlno=,tag:t5XFSNdOyX1BbkWuYiCJlQ==,type:str] + - ENC[AES256_GCM,data:IAt6zK1vci7RTjKo0o4=,iv:4Orrz/RsuZA+kWjYf9NN/wls4Km3/RqJ6DSqXguU3FY=,tag:5EsIL1Rgsfdo9ytnRn2FJQ==,type:str] + - ENC[AES256_GCM,data:qMS+0o6CsAeEeVfdIXX3dA==,iv:FumgflXwQdBDgEKD0vvXT5nArRJurSiV2SMz1N06fWs=,tag:rusTUxovTr4lQdkUDUeCGQ==,type:str] + - ENC[AES256_GCM,data:OzmCNkrJFEftjwxU,iv:NCS4H1uGyGak235gUrec2kLJsqnRhVCiZGbkVswbed4=,tag:GrTVSl0n6j8ppl23zx5spg==,type:str] + - ENC[AES256_GCM,data:mbRY8M//HH00ttkndJmy0IpI,iv:ZbBPL8NuIvkWkrP6r7sNmZ7EMl0lLBPnOH3KaZySmX8=,tag:z4mZdoQWqBhhiks5t/6BBw==,type:str] + - ENC[AES256_GCM,data:VrAVo1XotPKhNok=,iv:A14ceGUKto1v2IuGsciJokD9qpWcG6fngskgOK/n0Is=,tag:XJfN+VhCEaA6qYTKArfutg==,type:str] + - ENC[AES256_GCM,data:tNTJ5gVHrA==,iv:iNnpfmy2f38jAPum5NEvWUxp7Ufuy1OQq84ZG+t637I=,tag:H1VM4wvW7S8fhk27uJyE8A==,type:str] + - ENC[AES256_GCM,data:jhp0xpj5kL0=,iv:nx+HZl95WtFfCfxteAHZucI3gLFNIr+7VboLou84HY0=,tag:9OdsB/84W/8k+4fnbvZnbQ==,type:str] + - ENC[AES256_GCM,data:JjgeujvxSA3bM4Y=,iv:rrpThPJqg54w912Kx2SvXQ2Ca9JMJE0PpCtbUPpxfB0=,tag:/AU1qDCtJSsXWbUEvTFnSg==,type:str] + - ENC[AES256_GCM,data:5Sb4ItK3LYZNEMDQjg==,iv:Z1A/PyyCwNfleBhLbUoFNQBOCPcXya6JsFJqp7BSHpE=,tag:0udILc0Dyv71W7+9MttcKA==,type:str] + - ENC[AES256_GCM,data:tmW/+ZKTv98VXA==,iv:+p8BpVnH1f4XPUtlnULFf+pjsLCRAwVCHoGImvrpcOY=,tag:D95nkdV86zmaxBNMs4SSCw==,type:str] + - ENC[AES256_GCM,data:+TQ9kZj9VpkhJizV8A==,iv:i47klUdvC2Shtj2f5Iq2TWsT9slzkMQfpW6VFilVeAw=,tag:soJVJ2NDPPJtCZnxNgB4Kg==,type:str] + - ENC[AES256_GCM,data:awNdyz7vF70nIBiV,iv:uGwQiJm0Z4zNy9y8OvePSNP+bVAcrF/TkDkT8oTv0F4=,tag:c2urwLWQaw6rTTgwwqcLLg==,type:str] + - ENC[AES256_GCM,data:C7hgqOVpSEsyWRU=,iv:ZrYuzMRUz5PlbO8SGIkf+LsvPnRdsjWf03MYeQyu63I=,tag:rlqmgoPt8Zykt92swUvzew==,type:str] + - ENC[AES256_GCM,data:vgdmMk2MeET+CcRQtGs=,iv:J9DnQ3e+TGQAXdo7K53dqCAdtxtQeX5pmHuI51NXp4E=,tag:n4BLwxrblqWSkjPps+juYQ==,type:str] + - ENC[AES256_GCM,data:OJmfV7i07fHg8V4cyw==,iv:nxdeT9TeFHMSDncvJ9bRUW5W7b0fhXQNkmaumnYyTLU=,tag:Dx21rILiXwbFC/gZdppthg==,type:str] + - ENC[AES256_GCM,data:eWpZrTvqKKX0JstDPDhEvxA=,iv:NZmkHey2xgclp97eKzI8iAg08XwKsRwd070v9D9XcxY=,tag:wq1D3d/tJkGGS4OaGSfj4A==,type:str] + - ENC[AES256_GCM,data:vADEeDFrj2FrpMgAwuc=,iv:17F/z4pMkR/Zq8mE7oRhowefS88JMEG/Ann0nTcntm0=,tag:9J+eCf6Z+zwaiEGEQzGGqQ==,type:str] + - ENC[AES256_GCM,data:aj0PybiEZ/Q7NNFW,iv:+m3vjj7YzAlAfy5WQhOU7Akyccv1fKPCLfqBM9R9dzw=,tag:+6V10QqaEvZ9K41kk2rBug==,type:str] + - ENC[AES256_GCM,data:BZXEXe57EKuPRw==,iv:Migrejld0tHyFOdfvXgLEbCmG99xVRqCRFsTZIvfTSw=,tag:XDNxMoesLCBkxUyiV26lKw==,type:str] + - ENC[AES256_GCM,data:nbbSJk1UTzkZAQAl,iv:kPuUE69bdgvWKDA3T9Kcbk9DZKXKae3f9oTEA3l3btQ=,tag:Irqi1/Rh32rvpw7aYdgFIA==,type:str] + - ENC[AES256_GCM,data:cIzNQuPY19z52KfX5A==,iv:dEvBcnhxjOr2urlar3CjmSlYqf07TEBCOBSEBoCL5w0=,tag:c2aiDOZI75HBrTAXuxvjkQ==,type:str] + - ENC[AES256_GCM,data:D5P8v3eNZgQbFzDi,iv:JzErwO3LwpLbbqC62Cqv1b4RgLqg91jHQM3mmSofmeE=,tag:o+mMNyn5TMd3cSgjo2JhMg==,type:str] + - ENC[AES256_GCM,data:wIUoJo7Dhb+uezT5,iv:MkcQnXqPhdVSy7eoQ3GENOgHWSoQvZM02Qm82uJDdlo=,tag:xaUQgp5Y/N8WD8bOG6bxsw==,type:str] + - ENC[AES256_GCM,data:34zERqsjPFFkpWLO,iv:yDJ6RyFsKA9YlhFf3GKeW+LxLlgycJ4P0rt+If7AUqw=,tag:4uqKww7uLjdq8mxiT5cuOw==,type:str] + - ENC[AES256_GCM,data:vNDUI8r2HdbHIufOcLVC/g==,iv:Z3/F16Un6Ll7/Ap8HHB5L2MA29pQDT5XJeTjIZFYPnY=,tag:P6f7IioTA7/fObuyGMWuXQ==,type:str] + - ENC[AES256_GCM,data:lLCfs232tzTuTQ==,iv:4G+d+Cmx4iqaoyiUQIVXshjxC3I94GNkBrGRvaM8oGM=,tag:sEVr65BtmAD6x+8fDlQFkQ==,type:str] + - ENC[AES256_GCM,data:hxj18/1pystK7AQW76G/,iv:mageiPlmf9Cd4FPCbxH/kiSavHEp+1SvuGDw4VUAtEk=,tag:+X27BKZv5S10HckQaCyzJQ==,type:str] + - ENC[AES256_GCM,data:jZqSTi9Wh8fI9yg=,iv:qGACf8jS2DgJR+nCf57K0SBmqBsi6KhFhA3ORcHQlJ0=,tag:y5Fr/ojdC3KazV3UxgO0oQ==,type:str] + - ENC[AES256_GCM,data:y6pyukG9PwOdrS58P28=,iv:kLI6kJcbgmAA3GknWYyyb956GRioTBeyMQXhtSBNFCI=,tag:JbAd3LVXd0hmiImotCSneQ==,type:str] + - ENC[AES256_GCM,data:Wp4B76+3MaRUnSc=,iv:vb4KP5vP8F1SkpNmjWVHPUFsWP0Wg0B4sBbLpoNQdiM=,tag:X4KWPWwUtmJp+uungfuH8g==,type:str] + - ENC[AES256_GCM,data:/m/cYDJKl3TzVW6VLp+QDCcV,iv:KlExXNOf3Q4Aq2GTcGO/qaVFjuSE70jT5RIYKgQ7EeQ=,tag:WFxtkWR+KovcBGd0qrmKjw==,type:str] + - ENC[AES256_GCM,data:sS0X+7mP15lC8O/UFA==,iv:QxIMYNJP4viP6/NtUDbl6FaOkI5F7MQPS9yGNixoz4Q=,tag:NoYbZxuT4f5e16fvJdrLRw==,type:str] + - ENC[AES256_GCM,data:sbM5wtg1F7PykEKg1Esi7riv5A==,iv:GneQtaCJlx84klvmZCieVohVWDqCPJdacMQES0/J9fA=,tag:TrK4X2oEJrw6DwCGN2ab1g==,type:str] + - ENC[AES256_GCM,data:1MHpgmqdM392gR7/,iv:cXhYgHpwp4PtgvMgkAezf3lslYiKVfZmrfIn32H5A9s=,tag:XxJ9eGeFxwAf91TLPls/gg==,type:str] + - ENC[AES256_GCM,data:lj2CPdKAN1K0+tw=,iv:zQcMH4GJqSLcEihkoxjM5NyBNiOuJ5tSr1DHkZ1k7Jo=,tag:tcAp+7S0+zfrFtKVHL7VhQ==,type:str] + - ENC[AES256_GCM,data:HSXsfOnjLHHpYx/XuaU=,iv:VrJMp+PYG4DtkASXJDx3mmnW+2G5uUUBaRwPDaDkFxU=,tag:HLWZZmheqr1AE/eY4HrniQ==,type:str] + - ENC[AES256_GCM,data:CfJCg8F50crwAA==,iv:m2/eWCAIaazGkwuWdvVjdW74XL/IgOv2aHS6Rwa7I+0=,tag:bnjvn7Nb9d+qjifz4FlUbA==,type:str] + - ENC[AES256_GCM,data:KZh7I8J8xsomrw==,iv:aN5VOsweG6FlsaT85w6bNmPxcOwepTXnQJ9FTeecZTE=,tag:tfmy3yss75/3vIdYDNfgnQ==,type:str] + - ENC[AES256_GCM,data:rUOqTFuK/0CqP3YbFp0=,iv:OCK1PZDGXgXy/SDxz8/QbmhVKRJq3oVfhKTrBq76AQM=,tag:Qhi5T+b6HsGsl5OPNHTT6A==,type:str] + - ENC[AES256_GCM,data:PNbimvFdWIglww==,iv:9vZ5N5m9xl0eaGD0Z6jz5n/qUI5Ij+PLTkGzW3NbiOE=,tag:OB8TLnAusFsZcctcUF4d7g==,type:str] + - ENC[AES256_GCM,data:1JTqJPi6tPsjyZu0WH8fIZ0=,iv:FXHbWyLbwzAy1EmbzLZOIUeZeODcQC4AyTjrLqpYCFM=,tag:KUntE5nbspW7tN+1zU0DZQ==,type:str] + - ENC[AES256_GCM,data:dZIeEWHEgvHNz5Br0qLF,iv:YncBMtKLKVW7GOj2+VA7Wr+lkZV1aHhb7WQAr2hTra0=,tag:HzAWlMN6ECNVKxbcnOH+cw==,type:str] + - ENC[AES256_GCM,data:ZlL5iLSUiohfLQQiEss=,iv:zxcvoS0IavV2NK/Xaq3e6EsIfPnfGo2bZ+0d+3ebKPI=,tag:QuYBD/vYmO8WEGIUwwYWlA==,type:str] + - ENC[AES256_GCM,data:/8sy5aSh/c5uMIh6XRVgamQ=,iv:D7vmdAr3PFE85OfoOg+zJ5TtlkuU/mwES4t5/dlozME=,tag:tUS2SrsqfpzwncmuXnysuA==,type:str] + - ENC[AES256_GCM,data:a2O3VNmVWTHOUGBrxg==,iv:a8v/PZ7NDa4vzHciX/Jnd4ZQRypp7ge9/xhcGQynMYo=,tag:u1/EsdkKSy4saMq424Cqsg==,type:str] + - ENC[AES256_GCM,data:ar6Bv7/7iICOWPKbQzg=,iv:L7M6XMRHiUjPEBlxM+2LKLtgsW7++3xK5rTAp1s38GE=,tag:tsY3maKQOii46SWgaMVKEg==,type:str] + - ENC[AES256_GCM,data:t6ZL3GWkImb/I4ca,iv:4W7Tv2W/AvZ2NmwHQ85AJ8mTXvsDFe8TDCyxtoPMG0U=,tag:RcAlba9Po2BTlMW9dpw3tQ==,type:str] + - ENC[AES256_GCM,data:DjU7o0IJVhbJiw==,iv:CTW+C/MYD/GBx0qv6Ws18TvWvr6O3TmzgPdtL7xZq8E=,tag:VhYAxf9kBz55NZVUeWpGMw==,type:str] + - ENC[AES256_GCM,data:ID2LEEqOB5kF,iv:6HxmuFcvReU6Ulu1foFRx9BHxO4sTJ4fwO6FOFHyGeU=,tag:aU86tiJdrSXhzyyVn7NJ7w==,type:str] + - ENC[AES256_GCM,data:B41mJXbo/PQ8T8Qe3IPG,iv:dR8GQWYBA8jqjZFLy/0QVrYwxFbYlONevR5+kP0OCh4=,tag:DKlgyUaHbygUFkQpmpB72g==,type:str] + - ENC[AES256_GCM,data:aPfJVvWSTczCXT/u48r8,iv:dA8vSV5yYda3nDe9KmqGjkOX8N1sZ0ohX1zXOZR1d50=,tag:W2WOaFXadcaYf7cIKS6skg==,type:str] + - ENC[AES256_GCM,data:2rW2DAdzsX5ysTs=,iv:oeWbOqg8viZvYh2OJRraYNAN191J7Vf3jmzUeWnvueo=,tag:1O7+ElK7C5l8XJCMBWSNcQ==,type:str] + - ENC[AES256_GCM,data:MRmtjGsOGFr7UF4=,iv:bXcRgHZ8PrhXzoWeftFadCrNzVx3uGm4mzCBC+JQsn4=,tag:POlVwuCTtI06qQqN7FvKtQ==,type:str] + - ENC[AES256_GCM,data:414hGU/6k1TxfNc=,iv:Uf1TAme6PjtqhCLM1HdjSvwsDQR1WT/sL/oL5LVKQn0=,tag:IKgJLTkqetiFPl/0VV5d+Q==,type:str] + - ENC[AES256_GCM,data:wSQz+aOJwA==,iv:HN5ZJeSN2Mo6+IsdcJXVfz2vd7KG9aO60yVJuTe0Tb0=,tag:cGPOmRLiOteOdRPVyt/egg==,type:str] + - ENC[AES256_GCM,data:SjmFtJbdJQ==,iv:xFdTY4JCck6fmgiImClNzekTL7/RP3EVU9Scd7w/jgQ=,tag:OAtHABaux1+k82FmMRNf4Q==,type:str] + - ENC[AES256_GCM,data:KUXYhfEGzCQ=,iv:9NbCHa2xdiFb61Jh8wTqfcqflFMav5FpzDusR0GVAb0=,tag:C+q1Wcu7Uwy9XdzpFHKyhg==,type:str] + - ENC[AES256_GCM,data:KQkDdFrD3sRQiz8spTnp,iv:xpYcV+fOEnIslf/NsYNdSLds20HdR+312wfeczdMy2s=,tag:LX7B2Jhp3jsCPEXHlwkyQw==,type:str] + - ENC[AES256_GCM,data:k6g9AeVFpjHMFe/iHIY=,iv:ef8lp8PoIl00oySvVsaNDMG4u3HRrMoR9M1HRMbASgw=,tag:/yqODaUFeQdGwvudlbVeqw==,type:str] + - ENC[AES256_GCM,data:ygHUOvfpwSngd12zJg==,iv:0YBL/K0keZI2/ETbpY7hpeYyxrkWXtbZ0HuAOzUPu8w=,tag:fMVkKPTZR0e9PPbvK1ifNQ==,type:str] + - ENC[AES256_GCM,data:9QqA9WZX2s9yYjm2,iv:D2SlakL5usIe76BGFZiVedYl+IhHW1LCK3sJQ3+fgfU=,tag:c78DFhkbpUQ7RfUBnMDeAw==,type:str] + - ENC[AES256_GCM,data:dHNERG0LGHYkKoA=,iv:jCC0IbMTRsyskOXCHLOQNaeKuQP9J7jeDF2dQDAvbuI=,tag:kkoXK3GhWAFcFuoISUaalg==,type:str] + - ENC[AES256_GCM,data:iyy73nf/yslVoNNpTOVtwUYZ8Oqj,iv:YWat2ImRGM2ESMXy4Lk9Ln8bcmM7Ou0iAwcITpvsxrs=,tag:XHBMeMJVHWdyTNj4UT1JAA==,type:str] + - ENC[AES256_GCM,data:XXKhPN8UAO0=,iv:8POXHtfGygSYNITJ4zEdx+zmEBBL0PtUux32WIDBCts=,tag:Uoa+Nv1Nug5QE3M6f2eDKw==,type:str] + - ENC[AES256_GCM,data:5u9j0mmftYskaQ==,iv:BdhwzOfJEsw8Z0+2FZFEhPccoTC4rG7HpG5qCWpcTvk=,tag:0Qs5hgEP8i2hPKh6kaPgzg==,type:str] + - ENC[AES256_GCM,data:XtGT5ZpvaEjRnQ==,iv:sOD1OFgmqByWg16E7YYqnLt5BB8ovGG1lkuciDEijsA=,tag:9NfXnp2c/y4Ud1Bl8AMz4A==,type:str] + - ENC[AES256_GCM,data:t7dKWk1jWMEIt3JUSkQ=,iv:9yIUXHctuiKaMuSm7Ppb0sdsB8AM9DzBP74uNUBHVFo=,tag:onWTpv5F8QsSJFctWeWPmw==,type:str] + - ENC[AES256_GCM,data:uV+oCVjqhDP/bw==,iv:M2mPC1xdSJnYBNWA3LIUT4LMbUlnZ7q1AgijLqWdR/Q=,tag:5GH6O17SbCzXvNUuhVPYrw==,type:str] + - ENC[AES256_GCM,data:aNMffJZFaRBC8NhsXxvxqQ==,iv:07xwM+2eCUVagZutFduBhx+E/xkWQya1488qM+8i3GA=,tag:pEdVXpyiUm5xZGBq3aL6CQ==,type:str] + - ENC[AES256_GCM,data:IwrKvN5Nr+L/LXA=,iv:GoqlOh6fb9/YGNti37Y6PqUBrcKpEAbyc+RFFZDa2B8=,tag:8jiF5dtvs5+1nP0xjL5ZdA==,type:str] + - ENC[AES256_GCM,data:5Qk0PA2I03thJDY=,iv:8W+BUm47LHbSoTg5HqXunU9Crk6OwA+ULd7PLlJVT54=,tag:tCTA3EiaohLucTpovoWNRw==,type:str] + - ENC[AES256_GCM,data:bVG68HOyOSLOffszNpvq7IRV,iv:0j7AjI7HAk76ehIKGfv5QEevmKz5HDlTU4fjOlMEs2Y=,tag:BvlRaSohHRu1YeVu8O4nvQ==,type:str] + - ENC[AES256_GCM,data:vMdZ00o79rTXRf+0XKPt,iv:wrPkcpantzIsBz7iinkrdK2UAPZ86RqBo4BFyE/BX7o=,tag:06zywKZgWDYSQj6SUKFtog==,type:str] + - ENC[AES256_GCM,data:SSWoOttNoczLAOQIqgU=,iv:KttD31hiXHU+4RgxuitW7xD3Ge12kkeQM+ydptP5uFw=,tag:o3yEab0CPtCsxVLlMaAn3w==,type:str] + - ENC[AES256_GCM,data:YnIuP8+4vd5HLrFP,iv:p79hJw2OPp8GKkvn0Es+1ISfLdsOukX6Psyh7RH6gek=,tag:XyDWxkz6x9UHQr/eaID4mQ==,type:str] + - ENC[AES256_GCM,data:ScDUGOjk/z8lL09aNBLB+JMwvXU=,iv:ntMfpEbH1h6RMuPtsJZlID5xsjOYfPy4M5MKDgDqkmk=,tag:4Ee5UcPGm+fOk6b2hKHg8A==,type:str] + - ENC[AES256_GCM,data:4rWzME6T4ihF7LMI,iv:1FfjSZWEspAaiBgwucdGPrg3LoRtZIFcZGwrxJjOEzI=,tag:e9cSr1STH+yhvFlQljbsrw==,type:str] + - ENC[AES256_GCM,data:bZ5A+5ZdaozKprT+6w==,iv:ZRIOvu1mySPZ8uKpu0UOchLmX5D5BK8ZSHx7G0uGOug=,tag:iD7XRb5d5swyXlYp6B4WNQ==,type:str] + - ENC[AES256_GCM,data:vHxBtf5yrWUT818GZdg=,iv:DUNGrGJ37AiFpY/dMU3DEE2HIMAd9w2Y0hlQTihk86Y=,tag:QXRCuMZKpYz6ED/LggBBrg==,type:str] + - ENC[AES256_GCM,data:EgmxIfibBpZH1Dfe8SA1,iv:i0Nu6Ms/E1rbP6wWJ0MrcJmQEhTFkiWxc8+lDHkGlbg=,tag:wQBUZwVD4rlhji9rbIPcdw==,type:str] + - ENC[AES256_GCM,data:eqY5ybc7+g==,iv:7y0hFi/2s9G+Fx1ykimiLF/veQmLpVIuOLwbXo/B260=,tag:Ti+fMffeFnQ9VfT54Yd1BQ==,type:str] + - ENC[AES256_GCM,data:5Bx2/K3J/IZu+A==,iv:1qIrXJ5iVIfNX4yHWQTmtr99uyVm8OfcR/WqU2a4hGU=,tag:IcLMMAF4nZqecekkw3V5nw==,type:str] + - ENC[AES256_GCM,data:t6F9661S5k6s69+d8W4=,iv:MrkBvAOQzzDT6UV4RFUFL9b/k2+TAlrJZYu6HsTXEAQ=,tag:7oaxVrT3SMs73rUXS/xleg==,type:str] + - ENC[AES256_GCM,data:eY6GUC2mxRU=,iv:gSzRMpYWiD4zDgDVTxZ86gr3vK+AKGAncSdrXB7v0F4=,tag:8SOTjfZS80LLkWTFBxPIaQ==,type:str] + - ENC[AES256_GCM,data:xzhrNz1HMyr4gWz5pm2Udr3J5ENNtem6hSR6,iv:dJ9jQfnuE0C0tQ8dFDnGv5WbYulcPdz41ZRa6ZKbX3A=,tag:ReJ0TVk0IC6VOpS2slMkFQ==,type:str] + - ENC[AES256_GCM,data:JgXxyjF8VYc=,iv:KofaEqq5pkz9cf/OBuO8V1LGBcz+CJccmF3WM9+xDMg=,tag:G5QNqZPyrxFp+KDsS9ogmQ==,type:str] + - ENC[AES256_GCM,data:9TvuBrLjvxuzDpc=,iv:4FQKr0rDl2p+U8cfPHPNNhHvHiZORGEz2+MFGEHWkO4=,tag:jA1+rwY6aANlRNDRFU9yUg==,type:str] + - ENC[AES256_GCM,data:VvKB7ZrYiQgQL38=,iv:0xetaXaNCouZVkouGQRNZPqQxTtKJUtsqUFmBJMXRmM=,tag:K8yopEnRNu8zT4aMR1S5Mw==,type:str] + - ENC[AES256_GCM,data:kLfLFvpp8V7AgW8=,iv:jCMROErREEi13yYkeft/89ZjPhXWlHXJcB+8632jojE=,tag:+yR0BD6EsyHD+Z0Yg/EbkA==,type:str] + - ENC[AES256_GCM,data:W20EZ7qoJz/zhQ==,iv:0rWDWWQKzVwoZL3hMgJyjsOR4QnZddgpZAEKNr946Yw=,tag:gh4o5sxcBAsSa5ATJvzrdg==,type:str] + - ENC[AES256_GCM,data:ChCizab1UiOBnnQ=,iv:nsebB9PpAOYA68ZRm4b1Ozen57Lo23TA/GTE0FwnIB4=,tag:ZOccDpi5mrFxVO0phNMHxw==,type:str] + - ENC[AES256_GCM,data:OCr/ZP5TnIA=,iv:VwGEgFHRuVeV+mPIEY8Df+Y4vkHOA+sCZ4zyGWr7ITQ=,tag:WA7DwBUoe/fEhqnptmHGNw==,type:str] + - ENC[AES256_GCM,data:aYEABQjKp2FBaUx9cyg=,iv:ax+w99kgoC6EEzwFBf6a6aEaIMVjAS2wu+pbFdeWTsw=,tag:ZI4VcoGTO8f6gQ35IarD4g==,type:str] + - ENC[AES256_GCM,data:0rWwBXAZQMXPLvRuvwc=,iv:kJOnEZ83s0UQFpw1aHKZW4+5WNGrhqFnWkjatkGt1rU=,tag:uzt3lb7zIgVh13AoDijxKg==,type:str] + - ENC[AES256_GCM,data:KZ5Iv/4K+BIAPL8I,iv:vBTUlNYhKWybiK+vS9m7/Ny7avRsj212XPXwyFzO7Fg=,tag:xpIQeCSBnba9kxh2z5Qufg==,type:str] + - ENC[AES256_GCM,data:JwzL2qmDA50iXsw=,iv:s3TflV4b3oI2psiiQC9gkUC7JGmKIu5DprsNvYbQRbA=,tag:fjYtDkgoDscP6bbhmWVzdg==,type:str] + - ENC[AES256_GCM,data:dfqlftK8U0pTDGVn,iv:w+1zOsHA8p4wMsMp34NBRTe4zkuz0G+pM0n5PUWIukA=,tag:hDxlxb7wkL9JLEj0ItIUEw==,type:str] + - ENC[AES256_GCM,data:HpBd3vPJFInZbLsB1w==,iv:Ql2FsZrXy/mvdwlev+F5vUuuYkEHxqIzv+laBeO/M1k=,tag:XiJEiPNMx5wQUVZdkR+Ltw==,type:str] + - ENC[AES256_GCM,data:wayxlCZipJGhUf4A8Rc=,iv:dxKWF9bbal38GzybfDUR6egc/vdeJ7j/6glUa6cSmdQ=,tag:qw2JbHMO9jKFIAD7l3JP3g==,type:str] + - ENC[AES256_GCM,data:uoQmvwPKJ5UAWOffTSs=,iv:xMIC2fNNeWnImZf4w0SLEvtVkdjjZb4ggxRUmnw6YI0=,tag:FwVmhAQq/XNNybMbv+Vm1Q==,type:str] + - ENC[AES256_GCM,data:yyWl2vpigA5qOZa/sjHadBowPjY=,iv:E9T9X+83DU1cBKuNgGReBxdYHAs+7xy/5MjwgvvDlkI=,tag:kvwbo9xuIF2p557+b572ZA==,type:str] + - ENC[AES256_GCM,data:dlEwRy72zO3AuaMAieo=,iv:zXkH6e8JLsQ63dGMiWAkYOsruFXaXAdMTaw316hQtmQ=,tag:vgrz/Lba+HtAef9KKtLetQ==,type:str] + - ENC[AES256_GCM,data:KW44KaBEJ3v9Oph9,iv:QQZwbdrOlK5Apl/qhlbCOPRoM+KRMqG4T404oIeSjXk=,tag:0Sluvu4ox5NPosRqlWB2Jg==,type:str] + - ENC[AES256_GCM,data:PZ7Tuji1qE4pNVFKoZ18PA==,iv:OnOSexXH++j6zDyHkmmFZN2ycr1xRmJOy2LFkFkks1c=,tag:jtx7M69AFGhWaISgq7gT5g==,type:str] + - ENC[AES256_GCM,data:DgKXyD/J7Ul9idNM6gE=,iv:FT5bJoM5sQAkvQ/5TD2zHdIzUHKyvZme3J55ibxOkUw=,tag:dQVg4miMLBF8Yu531MRh9Q==,type:str] + - ENC[AES256_GCM,data:kY+4owL4u7fsPmt0SuxXjNI=,iv:d6cZ2gtBeVFJ1xT61RsDlCPOkWxCDHdaluqsR5PV8Do=,tag:OefW13SvbyeA8Knjn3hMZA==,type:str] + - ENC[AES256_GCM,data:txLgXeh55g8nmyzjp08=,iv:Ah1IjH9X/ErmbURG7RnWzktR2+jBTofjnIqYb2FTgIA=,tag:/78iuY0H3arykWlDC8Wsug==,type:str] + - ENC[AES256_GCM,data:AfZMSv7QQKU+qVd4CEA=,iv:94TYD3HXMCiTSyUWXqbfIOyDOUi64q2pbtmtb62uSDA=,tag:yMiSkqbeQEd4qzj3z1cZyg==,type:str] + - ENC[AES256_GCM,data:+/AZ8T7Fb0r0yKraZh0=,iv:v5rwYa0CSwEmZrfN4BikhEVNzCCRMiVdYvweCSHAdzM=,tag:yk62cir+RdsE6EAsyRTb4w==,type:str] + - ENC[AES256_GCM,data:/ZJNcx4mVShILqn+,iv:vmJuroA+S4k4cohJVe5V8S+50HuoIRCv9cjV8D99lBY=,tag:g5oZq2esoO0CMGh13gOccQ==,type:str] + - ENC[AES256_GCM,data:Pmq1d6EI8cpvNJY6rt8=,iv:RW4yVIGO7VvUEMpv5UXHeKaJGYGSiq9Xt+tDrI2P3CE=,tag:cChc/012bDsxdv0BDvSmgg==,type:str] + - ENC[AES256_GCM,data:IaSmFEX+x0BubQ==,iv:hEZ6VikBjWYwCUE38LNCiM8N6Y3ckFkVJD6avuWlxKg=,tag:SXYq3TAIEUpwE1rYqVEcDg==,type:str] + - ENC[AES256_GCM,data:aExMnYc/Ir7u2w==,iv:HGCnh0lEOnPXhKm6uXXAGAM+T9DsCaGMrGW7wod4Vto=,tag:qukudyv+abGSMGxj6T3+jg==,type:str] + - ENC[AES256_GCM,data:pJXX24LMmxU18WO8P7IbKA==,iv:/rFqC8wv4Q7AwMIj/Wlfs11s7VH2MzHqmpZzyBZ5M7E=,tag:ZK05uQ8LvwVr4bTKYxuJ9Q==,type:str] + - ENC[AES256_GCM,data:NbNhWNahGntGiXc=,iv:ucCuSvycaaFX+A1KcSab/XF7jTvmR+Tp5oVbWofiRws=,tag:7e3n6z5jEYjDsFObdBiFPA==,type:str] + - ENC[AES256_GCM,data:LKh4xVaHW3FKdVk=,iv:L88JaUsf6y48WL5vHsAQd5soBJC0VZIbICfzA9G5zOM=,tag:CxGc9nrsi47Eutldtpg4Tw==,type:str] + - ENC[AES256_GCM,data:yGNjnUeBOF3YPpI=,iv:hZW5Ks+qjOUIfiTois+kqYpSs8wNq4tw6/PFxdDWGkE=,tag:9Y/8tJurNWjPEnt7zQkbBA==,type:str] + - ENC[AES256_GCM,data:GTglWW7lvW2EGw==,iv:GWlWtH0rZfjbr6+fKlzds4YD8CVYt6339KcWEToDXFM=,tag:S4RiBjtaBVrAfPZ76UojyA==,type:str] + - ENC[AES256_GCM,data:kj04MUPzovY=,iv:Dug2NDleQLIeQS35IKkaY3tWyTBs91rTIS8VJw9yTi0=,tag:zPeBj6UnYkU+a5XFsgR0JA==,type:str] + - ENC[AES256_GCM,data:zhM5VpPKVw==,iv:e621vUbtyp3jVd6ZPG8W0B6vmpMgw+LmwgWJNyWSdHI=,tag:vciiNLWFYkwKZjgAd5jLBA==,type:str] + - ENC[AES256_GCM,data:2j+mkbZ6anM=,iv:+QhiABInmSxNrkptqjsNMFP50Q8UY7AyLWSAL/wMrAA=,tag:5unGe9hUAUXGJKrEAjwC/Q==,type:str] + - ENC[AES256_GCM,data:KwtnC//6fS4O,iv:jw0vsvXryG7DrCph30PH1P2+fEbJCq9/X2Y+D6ENn7I=,tag:qFlyq87PDEB4z3PYunpZMQ==,type:str] + - ENC[AES256_GCM,data:cBnh92I1SAhYow==,iv:ZtU6kIur5ji4Tkod0nglgNg79uloUU6sPOPnsykGcP8=,tag:MYpbGlStjGbPBEVwpTXIbg==,type:str] + - ENC[AES256_GCM,data:RE7WLCgkI1G8fEx/Jg==,iv:Eu/Q1URbSeuJQlrggurj63JVO6iBgKC+IAHYYb3Sfpw=,tag:got8PCCIZnHPqjJszfYkqw==,type:str] + - ENC[AES256_GCM,data:PB5YtsXi,iv:zF8oUNHhZ67rIH2ykKEXn3qeMReecJvCJbwgbB6GbY0=,tag:3jrKyRLkUgCauvEkX+ZYPA==,type:str] + - ENC[AES256_GCM,data:JpkEg/pyO2k=,iv:jnsPPVX+SD1+f4W8wW0XESPasGSQn8UjPyVXUuZwSss=,tag:WEtBVXXmcexdJM1oQpDGbw==,type:str] + - ENC[AES256_GCM,data:ThM7nDZ3bQ==,iv:DEbDOwa1cqCgXHYJNTOr23yBDLnoUPButtzetyT9e1o=,tag:3cFyeMpTyWuaU840RGGcQQ==,type:str] + - ENC[AES256_GCM,data:wYoo7ig=,iv:L3I22rKhmwQVLg7+BMTiy35+TjCaChfesdi17S5abbA=,tag:BqmGMKBAvAlhSNM0Fhba4g==,type:str] + - ENC[AES256_GCM,data:ZacELRA=,iv:Dcy+BvDizkDmcS6616lfmvl5JwrZu7yoiayt6nUivfo=,tag:Zpc1dODnjfpHu7YUzd2Hvw==,type:str] + - ENC[AES256_GCM,data:0wxcPRz15HgYeIuI,iv:3PquYSba09t1GaAoJGUCjI9Z/sFVuX397NqylNxcxeQ=,tag:MQHj5VCyVRYC87sjQektaQ==,type:str] + - ENC[AES256_GCM,data:PcDnjiqnytsF5OtO,iv:57RmpsdQ2xupeN4XUiou4+S0B/y2dtwFoifFAo5c6oU=,tag:Kz7myQ+9wp9uVxbucNJ2gA==,type:str] + - ENC[AES256_GCM,data:wsdqJ2sl+A==,iv:T7EgJTejBux7R3xwvZQ10HlH2LopW6Ac7e/pB2SvMj4=,tag:p4wL8eJjF4fnSSWx1BUDsA==,type:str] + - ENC[AES256_GCM,data:GZvzsg3UNzEXhbQ=,iv:tKPdC4PelRX7s4tFhD4DezdfVAGYbqBa+9ux2WmH9WI=,tag:j3AlMwVE83LBrHNVItH4dQ==,type:str] + - ENC[AES256_GCM,data:J9uuZ494sKEatC/x2g==,iv:r2Gssxnoo9BOjI22auYqSsCkwGDclyW7LyFK4kFmNmY=,tag:cSHdfuo4Xclprn+weT8rAQ==,type:str] + - ENC[AES256_GCM,data:jpKwvM5KVcQ/W1Pyy1nuz61r3qo=,iv:ftvANTwI6UpxM9OpJVf5GXIy9+G7m/KV4DHnJjitZec=,tag:P2g22XSmYYRGLW7cKY8d8w==,type:str] + - ENC[AES256_GCM,data:B4CeTNrDjyg4H4Q=,iv:8uzCc/oNlxX9XJkURs/g9v+wFDBtIsnEt2VyphUNovY=,tag:QawYmMll4etRt1ztZaEZhg==,type:str] + - ENC[AES256_GCM,data:FNCekFMGtoc0u+xcUt8=,iv:ia/+I4vWgooDNg5WeUJ1nYHIrrTstw8sqXZ+W3tCXDU=,tag:lsZXMpXtBsQQMzgh21r5gA==,type:str] + - ENC[AES256_GCM,data:2Hdx3MKK+vyT/gT7oSAzrQ==,iv:8ZIQlXPG0h70YcAMgigkLZwCgbKX4N54Mjqd6lcRdU0=,tag:IyLG5lvK/b9nLWn/IQG5vg==,type:str] + - ENC[AES256_GCM,data:R9XRF1EIbaXKx2Nc9w==,iv:Qj1sDwzcIxUIeF8hu+dtj8qEQJ1pC2KGN/Lu0Uy6S0Q=,tag:zNGkuXpcuNPDMViDpuaFJA==,type:str] + - ENC[AES256_GCM,data:XDuFAObZ1kle4hsigioT,iv:uMgTP3TpkzGHIaUX02/a+UzhHzAWOvbehAvW1SCizxM=,tag:DJlXoMvnVppfpzzrJ9ZlzQ==,type:str] + - ENC[AES256_GCM,data:jfyn6vh8jMM8J9cR/w==,iv:n/HOMpbIcMIv7IzwGgFHT2vlDJC4bZngwo0iQg30tbk=,tag:kmfIAfdQIhYOoqHkPrpzuQ==,type:str] + - ENC[AES256_GCM,data:WmcO1lEgZ28oaUsS5Q==,iv:mRGCkXZcgqRgKW5PHyEXKeGcLAlup0FpNLymeU1QD6U=,tag:QbhbM+boxsooFnhxudLpDA==,type:str] + - ENC[AES256_GCM,data:qWSiYkGYpt3qr4Nh,iv:33wj+T4F4m3dKAsAsE21zjAkLZN/0jZn0x6FfSCNZVU=,tag:QuVhNvzZdSPUsOrysU1/5A==,type:str] + - ENC[AES256_GCM,data:OH5bTjqevUKyXvbmqg==,iv:hTyExn9aR1lRYFcUeH7C3TLDYtvLq80mW7ljoOr/1C8=,tag:Im0RAAKYDZbfMYFgc4qxrg==,type:str] + - ENC[AES256_GCM,data:i7udGRafz6eV1YH4F2Q=,iv:4EkV+OXe+ZmL/+g59Za2Y+7ePSxJEJfCuwBxBovK10s=,tag:OG7wegedgvd60xuFSYPidg==,type:str] + - ENC[AES256_GCM,data:5/ky4GbJLHYULQrQTdFskw==,iv:lFxHA4Ppl/7APV8+jOZPBazkWFSsPfM8N69qZ5hYIF8=,tag:fXCmkLmzFAGHWpKVWWDNDw==,type:str] + - ENC[AES256_GCM,data:wiQab61vKXxHABMxgSU=,iv:nSZX6VRVeBy/qBtVR9QiS8G7IxATBsWzrUQvn5yXXeY=,tag:eAOapCAspC9d2ahBA7AShQ==,type:str] + - ENC[AES256_GCM,data:E8i5fuWv+BzRXZQd+iU0,iv:rXNkwquLnnbYt3NWcS2bLATNeWiLk5/M7ydFkA1KzMM=,tag:ZwIX9weF9u+EWSnlakMKvw==,type:str] + - ENC[AES256_GCM,data:LmDN9kzJwB8hHXjm,iv:zv6hPFmMphikaqQ9TPqYRCaUS6JK/O/2FoLUfpeEF4A=,tag:KJgp1kUHDyuqNFv+4r1+5g==,type:str] + - ENC[AES256_GCM,data:rrSIXdBxluYasD/AAzlxNw==,iv:Csarf+iVkTsA0A7bm+Q6UoxT8vbWBEcJU69biMbcJWI=,tag:YeiHjhv7TTHCzwiIHlllag==,type:str] + - ENC[AES256_GCM,data:dtlc5fyAEdvWcdcnHMwbGYQX,iv:O9Dtw88SSzzive7mWD1KauZKQjDnTKMVwjbh1lYCZWw=,tag:60GC2Q/70KoTj+p7jAVG/Q==,type:str] + - ENC[AES256_GCM,data:wp2jxD/YPA6tTg==,iv:2wcYoxPGiRUDohec2KWM924o8cU04d1jGOycNUIsyok=,tag:0OsHZj0Vl5lk0fGArEQ3hA==,type:str] + - ENC[AES256_GCM,data:sGyZyw+JjAjLp6c=,iv:1XoGEaf4mAZKektV/wKX2YZvu/bT/iputn/1uhs90jo=,tag:GRhPqRdr++vZWnWXsGQEjQ==,type:str] + - ENC[AES256_GCM,data:3LWyNmynfvMVXO+CtA==,iv:sRLcgmwOzAX+yJrNEbx1u16YwSh5+y83QsO2QNqsF4g=,tag:Z3pukWfHXZ136DEcwfeaSQ==,type:str] + - ENC[AES256_GCM,data:1IS9Iieh3Pf00lKyDHDcGQ==,iv:Uplt8BuzY3ErNePWcWyBNp3rp87YuvtxxjS5f6pSlug=,tag:CF68JAjrAzN5FxpfELLUAA==,type:str] + - ENC[AES256_GCM,data:xgWkwWvLUW9U9vV3,iv:JNVpgrZB0bY7ZXCQkkvfyb6dbWnYXTt+wKDjqkkRP9M=,tag:2dkZgqPX+7WQ9MQa2J6U0Q==,type:str] + - ENC[AES256_GCM,data:XyqNdQBtQlgU8+jksrxG,iv:iIvukX3QzV7gWPLzNt38MYXrBGD1H6wFIbBaIkN7qg4=,tag:JfzoTC7yfLdLerhAARW7nA==,type:str] + - ENC[AES256_GCM,data:EpeI+Lk6Vi1sJgs=,iv:26HWbZoMpgG4PrsT/A9nYfvQiQmY/WWH768j+dFavvg=,tag:h846WhNecdWdj117JrPmhg==,type:str] + - ENC[AES256_GCM,data:cqteJSsJMZSeyirabJIz,iv:NIDiBzYaNMLcUBSN1trkADtVjqA7elcga75bs1nqhug=,tag:EFpS5AVSiH4XBU4Uh7qtng==,type:str] + - ENC[AES256_GCM,data:24jIfwVrHQZhLqosCg==,iv:a/BD+LZQxE13ZZhoJoJRkW0GeCYgv+g711RNKMJmYF0=,tag:H5C1aGUlUgDTTOyCNUsvXQ==,type:str] + - ENC[AES256_GCM,data:+3pKDltgBbEcNs18+3fR,iv:aNmIG4I40rVRExeTzooBhWpu8SiCWUwJ67AJ3fdFetE=,tag:ta/jlCiZQefx+y+9I0LOIA==,type:str] + - ENC[AES256_GCM,data:Q5mXZOE04YBu7ioNhVQ=,iv:8ybmyqJKLRvS1lO03sGyFME4vR1trIPkgMn319M8L1g=,tag:ILg9ZHWOv7R9nLPIMd6rpw==,type:str] + - ENC[AES256_GCM,data:a1jvvbqU8R5EM33W,iv:bX1lq7WvNcQXHscnXZgCKOO2Al30Grp/x8Kfyhr/mSY=,tag:3HekHJifnqsodyY8tGKM3Q==,type:str] + - ENC[AES256_GCM,data:Bj0garhJBTXf,iv:Z0SxH/sQpHqK8CVSqUNDVSw0aVXLdaRN8e5khxnSrBQ=,tag:7NNH32dOKwvef4QCtNCmsg==,type:str] + - ENC[AES256_GCM,data:NFhnlTVyppFKa4Q=,iv:TE1cUNMfrKZMbh+9CrUW5r0vh5b4fDeiUlX6Ph3NnKE=,tag:r5CaqUQw0xUXlifjnn2F/A==,type:str] + - ENC[AES256_GCM,data:qT/ZE3UGiZgro5wy,iv:tqhnacB7KIOFTyaAG/GeScVeU3hVZtv5hzc+0yweVK8=,tag:i51j21XkH0Ur+u7oUWfWqA==,type:str] + - ENC[AES256_GCM,data:9hmRHbLpep9vLPGF,iv:mZH5MXVGpPv6PJjfUqfvKLQtcrUwuC/aqrJRi9es/zA=,tag:pcMZ2X9Uh/yGLbdheTAIUQ==,type:str] + - ENC[AES256_GCM,data:m4DxsoVuJx05,iv:f4VRw5r4mAJ1+caNRLpVEmQtszf6q7kKgPKyLZc+bgY=,tag:YvD5T6rZ6jv9yHcM5ZpimQ==,type:str] + - ENC[AES256_GCM,data:DhGiFG2dalQb6usYVg==,iv:KhVjTIkZhVuobvoMsn9w7zkJtMBq/ssOZWMJvktUOyw=,tag:MfmgHtPOatloTn0Rjb2wkQ==,type:str] + - ENC[AES256_GCM,data:zhTZkRIP+S78Ikg=,iv:Hckx1Nud8+ocvLGHoFKPXUFTynqfWnlmfoDZuYq0BZg=,tag:F4vbaXXnMSBruapU/86RaA==,type:str] + - ENC[AES256_GCM,data:4smP6b9e1u0hSQ==,iv:CWSlOrj7J5GXlsNhgwzzXk6MB9Zk04HNuL+ceuxW6Y4=,tag:baoeEVSaAmB6pM55SqmT8A==,type:str] + - ENC[AES256_GCM,data:bq8ufYih0h1X5s+BF/YW,iv:fLaq6rjqN+FgLPT5P63g2obegALo3dg8T+Qcd4LIx2A=,tag:WqJYKUkeeAf+957FSB+smQ==,type:str] + - ENC[AES256_GCM,data:LsGMVN1N7gqCmR+c,iv:VKgUPPBRHk+zu3KrmXmJY2z0QFFhykkb6Wyp/SAUCvg=,tag:BsoNs3P5T6YqbSZamFieUA==,type:str] + - ENC[AES256_GCM,data:DUj0QBZVfg//dDP3,iv:lqW2ssLqUTRCbgkFcvKZcoAeNqTzdLufFja5BKkBNtI=,tag:i8zkSRLvlFAF0i3lu0jAdw==,type:str] + - ENC[AES256_GCM,data:oDT2GtcXPDroR7M=,iv:/dkKJTkQJ3jMHasAvyEsIks1i+xojCxCEjWmbPCsKho=,tag:8xMsJEfSbIE7vFz6NqZH9Q==,type:str] + - ENC[AES256_GCM,data:YIQ4qynfzzNeQgJn29gYiAOEIN8=,iv:s5h5A+pxB8Wh7V1Ky01Gz0MR2SmBoaTUFJbxOHlBSMM=,tag:sBtFFQmgfeTZT/V1/7k+LQ==,type:str] + - ENC[AES256_GCM,data:Bwg32v8cnmDHOAxYJTxeEZftKPE=,iv:FD1NjDMK0gfhDMbOzpW3d+NcUHaOuGGEkdnTXyGE64Q=,tag:ffn30ccQ/1kvA1kv/jFCgg==,type:str] + - ENC[AES256_GCM,data:E2yUlGabLqCQjsI=,iv:a+UFtuXWuS1NjsGNBy6FNnrzk3zK0lJ39A3jTKK6s38=,tag:hrEs9BLOaEUWKSpisIWAgQ==,type:str] + - ENC[AES256_GCM,data:cJZSY6vSfnU31IoA,iv:EF42EcuZi0rsjpkqKjleYR6kJdkey+0HCI2SUZzSG8g=,tag:dAmn//Cq4mSe6Op1feeljQ==,type:str] + - ENC[AES256_GCM,data:i39B1O5BUuY0Ql5TAw==,iv:S1RrGqsi6GWTuWR+UeZasWPDh8EVlOCu1gZfGckiVww=,tag:KcQY5aPVs/b3tjnhxwapVA==,type:str] + - ENC[AES256_GCM,data:EdN9PmRpGqCKRL5W,iv:5jsF/DQ1PKfNnyIKNps5SYTaPe0b+LuGG9yzcNkwHhw=,tag:t47FI6LObXz22Aqeednfmw==,type:str] + - ENC[AES256_GCM,data:004V9kewPkpQpMgR,iv:WerLm7B+QXOz+uAs00aVGRglOwGejCzLG+Dbfvd+2Lg=,tag:tIRIaf6sbK3E8GsCoiN7tA==,type:str] + - ENC[AES256_GCM,data:Hy7yP+MxOXzZAtycDpYcaw4=,iv:ljE9PPOYednUdg+Lwplke+viKZEK5qSUWmDy9XqGEoE=,tag:hUoMhbzCt4eN3hTr4hyVeg==,type:str] + - ENC[AES256_GCM,data:t0wqz0kN0DvcdBzGow==,iv:VEp8zgJs/Z+M/55dRFHSOP52jiBCUqw+imOWdtf4uhU=,tag:OhYB+FBaNT7NvmPFxtCBYA==,type:str] + - ENC[AES256_GCM,data:3FC1JL7fiXMkNt21gQ==,iv:dxTRRl/JxDrvIyyfezNgaCKNoiN94fS9kd/7WlYSMss=,tag:fys//SVOQ0PbqhJHcN6sFA==,type:str] + - ENC[AES256_GCM,data:UCEs8BDyQJ4HdJpy,iv:31iMMzxarWeEWfJoP54P+A3FTo9n2azu1HQJZ1l+rFs=,tag:l3894bnN62hK/a0W+di8sQ==,type:str] + - ENC[AES256_GCM,data:mW9t14ONP+FOrgw=,iv:geUkgNvzou2BvLkAwc6JchKFlR+jEKcwjziC6kX6348=,tag:l1cZFrpgkPPgeSr5B5BD7w==,type:str] + - ENC[AES256_GCM,data:ci1FS76Qt26Yk0XFE/p1SiA=,iv:DY38lLA7FgfG4mk/3aSn3ERc+lADgzXNkAyJSvcD87g=,tag:PKbpTQVtH9R9+O7Dw8C/jw==,type:str] + - ENC[AES256_GCM,data:eHWepfFg8CEnfmJM7w==,iv:tt6fVq/2zGaOG9UNya+Pxni8AWOhPJH2HijjOBEsIh4=,tag:tVY3NKoRruhKGr9HSltW4w==,type:str] + - ENC[AES256_GCM,data:DJisMVW27rXQqPykJLg=,iv:JWnKDsMkpkFWBReYWnE0RZva7NAyyP381/obObj0HDE=,tag:yuW1UcW6OolBBPuqcxIkIw==,type:str] + - ENC[AES256_GCM,data:yBapncWmwmQs+0U=,iv:L27duHRaOpAG/ycP84+X4hISs9uQ81XTNqPShqecbfI=,tag:lU5IsBZqd5qTJ2EbG6JPdA==,type:str] + - ENC[AES256_GCM,data:dKzI+WqrZJ72nCU=,iv:rx66VrAI+rHrcS9dLAK88DtnNngA1y432YRjkXPxB+k=,tag:/hGrazGOKrtr2msjmrMCLw==,type:str] + - ENC[AES256_GCM,data:ZKYPq1F5du8QaBM=,iv:GLEiI60pK74XJwwohYN60kjyhM79jwyqOXoNASCn6Mo=,tag:fcaX7ru+/rg2aUioL58lCQ==,type:str] + - ENC[AES256_GCM,data:pohKNn8VAiuwDzU=,iv:9mLb9uwd++YzHXjO87Ob/ewbpCinFv+BG6qWeTOTS84=,tag:LbbcaLLFkcg0G3blCuuwXg==,type:str] + - ENC[AES256_GCM,data:6Wo3Z8DYpxz6qEgu,iv:FvVArEbd1+Wq2ifbXzLFB3inqa5ThoQVwZgsR5NItpg=,tag:K5/S2wBzRgfAJL4bHRyFKw==,type:str] + - ENC[AES256_GCM,data:Pwofyx8c+xtm3Zo=,iv:iiU4Vt3niPllgHcHG0jRYBRVQ0qg18ipQHM6+buhuo4=,tag:2br4UNmtCZJkHGlLTSsMXA==,type:str] + - ENC[AES256_GCM,data:liSSVBK9jAsha1A=,iv:VmSkbHFgX8SEKV2UGxDDsnZG9GjN3POsVj2D8M2yn+A=,tag:EvvO8Ok30ls7UIHGXt9y7g==,type:str] + - ENC[AES256_GCM,data:LRu37rSCZ8kndd8=,iv:x5oUlgE8q6/jQ1mpkSXoBESBAoZpk92RRGHeRqNCfgM=,tag:zGpbdYKr4vhZVoWdzwSx2g==,type:str] + - ENC[AES256_GCM,data:USq6CNJq3oZYDRz5,iv:uP/8egCxP6KysC58JF8HkvjItw7k677wASNCJbeeA1U=,tag:mJRrMtF2d936C0UNclb6xQ==,type:str] + - ENC[AES256_GCM,data:eVvKR6pFVqoBD8Ol,iv:kqJgM1pjLQviI3TtF/CucQ2EYMLp5o6859xhKduFo/8=,tag:T7tSZ4lrsxkqo8gJCM/sZg==,type:str] + - ENC[AES256_GCM,data:F0ho00TIzXRdulvrEZdf19w=,iv:UybcS9xUSY7wTZ1eu/GANIrKxJ1huEimaHfIXhOSf1M=,tag:Acd3xYjSwr8EtK5zQC111g==,type:str] + - ENC[AES256_GCM,data:XSH8UMejQ/jebdkdt2QmeQ==,iv:ZglxY1mFv0PngpSg23/hulwNOn01wzH1jGxaF483bZM=,tag:HLW7Y9UW2fMDNyU8mszNtg==,type:str] + - ENC[AES256_GCM,data:7Fb3kKkyKYlx7ew=,iv:f6e0QD1gtbETlgWbFK7v5cKib6RfUgmln16L62kDvSk=,tag:LuwoTHMlzmmCJA5je7PNow==,type:str] + - ENC[AES256_GCM,data:We2Np0gE7H4Y624=,iv:kGDQ7/Vb2UzbcWI/2R7KZ/l+n2/FynWmVe8DkBUs06A=,tag:NsZxo2evd8LCQPk9aSpQaQ==,type:str] + - ENC[AES256_GCM,data:RpwtBwTtw+QFu2Zy5Q==,iv:9hgj7b8Qq+lCiPkGYauOzvWyEk9G8vtQWkIr6VLMU/w=,tag:pCv8OVE0xjNJwFGuCQ7s7A==,type:str] + - ENC[AES256_GCM,data:UJpi+tfqzrSyijagiFaK,iv:POSHYR7s7NElPuZQj5Jsl9mifuBXDJkaKGx5aGiSDs4=,tag:AnnOo9DRm+KuqNrOClkQDA==,type:str] + - ENC[AES256_GCM,data:cuU+h7qJC+Cii7jyp30=,iv:ts5fH19RmH+GjnC9DMKNr5nBk3OlseTPFOi0MCzHpe4=,tag:Q8yQq5e9EgjPPqc/nIGddA==,type:str] + - ENC[AES256_GCM,data:whjf0DQgpRC5p39/3hg=,iv:gifzJa87ZwsPvs01s+wJcJyIQpjILqgdk/9wxictK1Q=,tag:d0LhWOHCngAnuOix9HDPhw==,type:str] + - ENC[AES256_GCM,data:Az5Ry4eEeq2C35EXuQ==,iv:M/kAZDVdyV8PEH9ynzZ8lKuNV2Dpne/0DjZ+udBVZ9A=,tag:ZmVWTWRZgCXNV8yRtNhkNw==,type:str] + - ENC[AES256_GCM,data:/4UIxUZb+TgegsQUFz4I9Z+sjzA=,iv:SxnJDAI52Lat8RMt/DxmyXlSZ3xAObsQ/+eYuIX6Dqw=,tag:ficHtv1RLK5YXcSRy45e3w==,type:str] + - ENC[AES256_GCM,data:MWPaQ0/SV1vaHIvDIlJz4FEt,iv:2iBnvn2tJY02r+ZX13DzSneAP4Ui27HwDD7T2toIAhk=,tag:qDD8ZwaJSxNiY5E9iQNYjw==,type:str] + - ENC[AES256_GCM,data:uupMvct/qp6aPgPYBtw=,iv:CKXESO7u1bBBRLa9QwExN1n2ez3pLKA2ICbZm+pAMaQ=,tag:L/YW4eThi2+6FmLsACczYA==,type:str] + - ENC[AES256_GCM,data:tPmtA9UxqBsSq06OMw==,iv:Gw1/Zo9AcHA4srWq+D/aM+V0lbyluhSTtodWXiwsew8=,tag:nBMnnk4Q2wDLF0p3rzEdMQ==,type:str] + - ENC[AES256_GCM,data:sw03NBf1GnechLpzyQ==,iv:j4oJOtAlg3DqdrWtWAA8CmtOoLYMnF4QVQtYAWv05os=,tag:ydhkPQROiMG3/D2DEN6x0A==,type:str] + - ENC[AES256_GCM,data:JU9EEWznGPflqRvFyA==,iv:7XmChinlFkRz4k7pbj4w6A9n+0utakZRUHvfBzyujrw=,tag:I5/qHg6pMVnGGcojq5brMA==,type:str] + - ENC[AES256_GCM,data:cCEjOOSzUUEu128J,iv:YpwGuDq9Zh7xaAMXVyC47fYB5XA6clSxCiX3SihTIEc=,tag:QNuFCDVDqrA6NLhjjxQcHw==,type:str] + - ENC[AES256_GCM,data:XOJvuFQWnGsVmanYug==,iv:XFLVTGjMFpL7ineN741twiBSE0UrMFOQXcK9of0oSNU=,tag:Mz3PXneeDXGBp0AHVODV/Q==,type:str] + - ENC[AES256_GCM,data:HKpOpy/9l0G63VTQ,iv:DEpMwtyqD2y6IjXTIxISX7fViKWM+BV8xJhlRSkvW1I=,tag:V6ybS9czvcUa29IUFymOog==,type:str] + - ENC[AES256_GCM,data:kjqk4T6VVcPTOgL4RA==,iv:tYc30o+H5MFY6AYdYAzXyFIjG1Nhzo47WFrHTK5LM10=,tag:tFuoeH1jFhIB/59kVgwzKQ==,type:str] + - ENC[AES256_GCM,data:0+H9WusEEd9/+qt4Og==,iv:ZIJS0BJeKBZqOLSZi3m98o+0hThqXvTXu0uRGKLlWNg=,tag:BQ8+/e5wKjsBdWZ1eo354w==,type:str] + - ENC[AES256_GCM,data:25N/P9HbQKFiD+SYxnM=,iv:m6gcRITogGBCKgUchfCEIk5xw55r5KEJcrwIuHf0rmc=,tag:Va/dYbUy1vReoYZb/p1Gqg==,type:str] + - ENC[AES256_GCM,data:BjgO1KzIeT4zRFk=,iv:XVD9A6gLQECPgnPidrez8hY18xkGOYLNdJFNK/NE4YA=,tag:DTo2TAhyxx2g22jIW0YUQQ==,type:str] + - ENC[AES256_GCM,data:KyXv/yZno3cjs+l/,iv:a2VTiXhCgz1qiBTjd53y/HM6Sb028hw2Zh1plbUQq3w=,tag:9pWukoRrC91rp9C/kToFjA==,type:str] + - ENC[AES256_GCM,data:fu9TwrL87cFuBmQ=,iv:ZabBBmhWUjfuez+A5sMxe5GHczqyR0tYQ7mc4WYJwwY=,tag:zLgleqs9cTPHYvC83dFPug==,type:str] + - ENC[AES256_GCM,data:KVCr0Tvd/djIW3Y=,iv:xdyPu0o0XFmTKOIw9Je+NTCPRnSghugmYQ9iSFJkS5o=,tag:J3obbnJpoTt1XU9ReZBg9g==,type:str] + - ENC[AES256_GCM,data:LZgoZLh6BEihUMxDjQG3R6nG4h0=,iv:GbbgTuKgSzF1gnc7A43aQ2yFYjPmMu/vFeXAngH1GaA=,tag:TNsybz1ewWv87uL7yi3A/Q==,type:str] + - ENC[AES256_GCM,data:gi2enxRaxq12iw==,iv:Xz89e0JzZosIaUvjdA2uIb8Ldc0PEmmoFZZvpDDTgtA=,tag:5FPqUVaqjrwS/5jT4ydbVA==,type:str] + - ENC[AES256_GCM,data:rLCGrtjXOaDgE/M=,iv:dFgxIhtD3OIH0sORceMxrSIhcqoebrlCvbi4JoharfQ=,tag:aM8SzgrPhBh/vOqXsqOnMA==,type:str] + - ENC[AES256_GCM,data:0Wat5yG/WI4swEW/Ww==,iv:oeEyya0djPQC8rnfgpuiiN6X2LavrZPUUob9yam5vGY=,tag:5s6gcTZc8RlPuNEnKEs9QA==,type:str] + - ENC[AES256_GCM,data:R6HVQc2GgibWcgaheVX/,iv:mw5m6zrrX/c5RE/Lous7yQ0F3+f+ydkVkVKXBhRzee8=,tag:10mJkazdH4icGD258q5W3Q==,type:str] + - ENC[AES256_GCM,data:0kuJ3wEcJnwnMQ==,iv:yRGPvZ3U2RTNx4P9SUKQhR/5rSKg2JEFv7/dMKjb9SU=,tag:pF7tWwUGD96PgQPBvPdsYw==,type:str] + - ENC[AES256_GCM,data:mcfg/wL8AnMndeTF/u+s,iv:b+XPsh9gOG/qamfXnhuCXXV8HAK/PgAvjKv99EPxY/k=,tag:P75MZBBa4trJjMgY45RQIw==,type:str] + - ENC[AES256_GCM,data:6LaBgniapjBKtQstU0ALIsyn,iv:aFSTzRbb86PyJwdiODTHWqhBaV27I8dAHFXg84fcUEc=,tag:DUYz8SelQWih+9l78H0m1A==,type:str] + - ENC[AES256_GCM,data:JR5uBzJrWGyUYGc=,iv:Z3gfuUkjfEDfC9xtCaWzlVChhzW8N2ESTKVAi+jtG1k=,tag:ZzR/Wp+YDuPi19ZHpC947g==,type:str] + - ENC[AES256_GCM,data:8q2IYSD/zrTwPVCYVQ==,iv:bFlfrq6aXF6C4C4OwzYnQvVaS9Zg/Mi5wC8QV9eusnU=,tag:9rYET5d60llJZJcyfEaWbQ==,type:str] + - ENC[AES256_GCM,data:QN4c+vkkww0/A8D49pqT+w==,iv:+cKvzm2vCNXPiiWc4qEfcZO5FgoR7FTHLSgPhz6/utY=,tag:w07WXmkqHCZSE1qenMyczw==,type:str] + - ENC[AES256_GCM,data:1moi2sndiSlkgSLvk4no,iv:m5bMDtZ0zGtqaK+uQ+a0uCXLefHatpii6Y3TrNEN6Y0=,tag:ysdBd8JV+kjGx2MUI3wtqw==,type:str] + - ENC[AES256_GCM,data:URzcxkBPnfQcK1QQohOz,iv:CvYkyNKJdtBI33MYUKEmNkYZW9evthZOlM5TlFgvPNk=,tag:BpKuUNdE4ILkRDWe09bIDw==,type:str] + - ENC[AES256_GCM,data:UlP0Fu+HXhf3uOtDf78=,iv:1hadzH3VII8JaNUjZRYg/cZcPAjlSpMOIYy3Zw/tcNk=,tag:jV0PBkigRK+AxLZ5819bgg==,type:str] + - ENC[AES256_GCM,data:+N7vk2sy5FQyym9Z,iv:r/0pE3Qmtkau6oxgyw+Abd5d500gklYuz/x2zzpCoSM=,tag:kaPGnt7h8D+uplKthjA/Fw==,type:str] + - ENC[AES256_GCM,data:cW7v9RoVXlvBRQS20veJ,iv:/5TdEhT4IwlukNVls0yBFhwb7NmM+cYrWsNIFM1N+xY=,tag:ojql82gEywoq2pFKapDu7w==,type:str] + - ENC[AES256_GCM,data:kFJ2GTGo3pJpehtXjaPb9j8=,iv:Sqcr/EDMIn/hy5mmY4jc4H70BxZceUkxnvq4EO4V+os=,tag:NkgVDxnShHUwiErRRuW7AA==,type:str] + - ENC[AES256_GCM,data:LFOnh0UHOyETYGo=,iv:WO4dVaye1JvRuTWSEqM2O7WrfZkWGlCqoJSkl4esSCg=,tag:B2hasPVhVWlbduv6ThmAEw==,type:str] + - ENC[AES256_GCM,data:YIhm0dcGe03UGWrB,iv:tO6wRO7eYyLclznj76+HBdwaJaQfK9l6LIDrSSWM2EM=,tag:S4yHu+6yrBMfVUa5NFbDMA==,type:str] + - ENC[AES256_GCM,data:CLPKjmC6cDEDUT+uvg==,iv:836kTsrDpHsVHmTJvSqWe0gUiYiPd3mc9gfVnFFCTPs=,tag:YW3698sgbtcEQwmRh8iCDQ==,type:str] + - ENC[AES256_GCM,data:P5JZHzv8flDcD63L4Pg=,iv:9OZllSX1wskGwcULQOjKBvW9kvU9AR683IryrcyOFPo=,tag:xt2zGbIrPFtV3Q4vDJh+6w==,type:str] + - ENC[AES256_GCM,data:07Aim70cGIXhxykKNw==,iv:j4JXO1Vh6rdzIihjgftr+wJRI5WPGTbfyvc8y5+cLgc=,tag:TBqtBDXGFVydZFW08DjGZg==,type:str] + - ENC[AES256_GCM,data:8+L8Pgp7F9Pdhw==,iv:F1y3LTabAsTsfJ4ag7nAkQR2yQaApm1+z/zwNilDgWU=,tag:pyXtY8eRNs9mWT4N7js+Ig==,type:str] + - ENC[AES256_GCM,data:EOMxcK+ZHmMNRauvg+E=,iv:xIDNm4MFarCHrZQCUrOg/1Sr00vzZHuyGXI1SCfb76w=,tag:ayx8YoiI72k0kxjqzy28WQ==,type:str] + - ENC[AES256_GCM,data:R5Wbhhv7E3cGFlCc,iv:XSfdntpVcD9OIb3+Cq2N6iZ+f9hyY77NMrKbLrEBOZ0=,tag:fSGqqeFd1uFfXgXPrAfbWw==,type:str] + - ENC[AES256_GCM,data:xC6VL4g8q5vPl1JVocQUX4o=,iv:HXL9+NGEzrbt/vOKL0OO3UTM6aN1Ge2zRQ0/s7FPauQ=,tag:K5MR84I2LjvvrxoCq2yf7A==,type:str] + - ENC[AES256_GCM,data:c6qcbizRNXr9lqA=,iv:pPIbxNjJAIAH4l00YnpuFZQGkTFnfYb1RjxA47hz6dY=,tag:o7sgUXJlDU/2uLX6qOe0IQ==,type:str] + - ENC[AES256_GCM,data:D6Fxrr0YRYR8PS9DMNY=,iv:ZpvSEfjENwn19OYnaoQxNjbGOiEf8YKQ38Oi+TAcLos=,tag:NXwD8vwSIYUVc1rjPm3rpA==,type:str] + - ENC[AES256_GCM,data:DVcjhC/wEXAdfUM08Q==,iv:tLBIshqSPQYFq031JU/FconT+YNZP503InpLTgory7c=,tag:RI/2vABe6nkkcsKKmC/OVA==,type:str] + - ENC[AES256_GCM,data:R2MWDG4OqJowYw==,iv:pvhJIr3OD/lnzOcM3ciRNMvgzx9sQu2ozQCRmcYBWc0=,tag:oSrSaJZLdaJPPqfa8maaUQ==,type:str] + - ENC[AES256_GCM,data:5k8mXysa4/U=,iv:T+yNji9EUD5F7kaUV0mmYV0hDYXgGuI2Oe66Ksp31so=,tag:RrGIpJvyw+2cbjnrEuCCTA==,type:str] + - ENC[AES256_GCM,data:jCvse4on65+rQ+Q=,iv:6NhHdIDRVBngSwJVwcTco7TP96ncVxN5Qyy5hoB4WkQ=,tag:7d5l/RvPapf16vqQa6AVaA==,type:str] + - ENC[AES256_GCM,data:82y7Nrk8Q73nbA==,iv:FJWmuWYseLfIcLuZSoXHGhJLoEIdOtT3tZ6KqnAW4Y4=,tag:4YLLXupaR+LDKCDOilVfug==,type:str] + - ENC[AES256_GCM,data:nCWRrD6Z3n+a,iv:xHazSiBwAq+DDNG5L59fIFk7yvWghsVWXq2Xn/d1uRk=,tag:NKofgA0We8Fljv7grN9HQw==,type:str] + - ENC[AES256_GCM,data:O/5Ki3laedwrv7U=,iv:KoHJrW/JcEzN4Sphn3wa/c7Z+m7bEPiHWFeEy93kClI=,tag:8xAWCWVVeZhy8ZxvhT8xjg==,type:str] + - ENC[AES256_GCM,data:q1IwoxJHrpHuIgEzBg==,iv:5+5fVNsFYs9iDnyf7vp0/D34Y6o+2tkWAQTXcVP3fyo=,tag:q1/jcLVtDiJCNnHZxwbJ8g==,type:str] + - ENC[AES256_GCM,data:LotFjSL+MAqsGnV7Z2Iibw==,iv:FOgV9tJeg7P3K58IHxTIW4tPXJKPUgt0LUpKsd5himM=,tag:ilcZS8JJv6XyDMVxlctf2A==,type:str] + - ENC[AES256_GCM,data:miDiGpVda3TcPDi/MOs=,iv:WESdjSYg84YByt1NN2/qY4yg0zGi03nMfyXTcJfT2kw=,tag:bySEGY4aTmqaA/WBnuD5Rw==,type:str] + - ENC[AES256_GCM,data:uAlF8epKEQJCTiR0,iv:sEDAec7NyVGA0Na5Jr7MJzKQmWuKZwa4rctp6uMOc5E=,tag:RFevsFFdksQQ94kVsdZoEA==,type:str] + - ENC[AES256_GCM,data:Es5SNrL9TT0WLQUv,iv:5TUjatpa0qx1UwVOhhNi2INXaGJn9AZ8Ums50stPlB8=,tag:YdqrCRfdVunsVsF06HC2GQ==,type:str] + - ENC[AES256_GCM,data:KszLl8IeEb/IYpY=,iv:iBVpFmMJR3mv4eDP8oUPQmMzETEeeaoTbtRcrcilVPo=,tag:kOpP7C/tctsYPjGgsJuDUA==,type:str] + - ENC[AES256_GCM,data:vYlhAa0i,iv:g1T+iUBOsRDf+aCJ/ogX7NtMmYN4xOGKYfSqAQQjTJk=,tag:mqtouBAWS+8RrBl+ZwATfg==,type:str] + - ENC[AES256_GCM,data:bOvGGDhC,iv:AcfWaf56o9pVs2iQ6ZBHt+pdqPSTwSJzlR7IWyYUui0=,tag:0scELlFrj2YIAFMvu5VKuw==,type:str] + - ENC[AES256_GCM,data:WzRnsYSUVAuOAaxn,iv:mPT2luujsISHznBkYJFprUM+NFzbfDdTq8w4twa510g=,tag:3DMpb30r+T/88ROASbDRQQ==,type:str] + - ENC[AES256_GCM,data:HFGAP/qOdwr0opc=,iv:Id5xsODaQbFD8nXqTh5lY/iyGRSxi4cYTwrcTLpgfHw=,tag:FBZSm+yswA4ajDoH3wPl7Q==,type:str] + - ENC[AES256_GCM,data:8yodje0cBGEHcF7uckcUN0E=,iv:XzVa5nQqHmw5AupopAr6fC8JL92tKiFbAvmWPAlxevc=,tag:H6yEczFGs0D1slaMqg8tkg==,type:str] + - ENC[AES256_GCM,data:bcEk7ga5BjEhGW4=,iv:Fy3BL/eh376+qAApqxYwvZfEqbj4OEdRbxRjxN34pWg=,tag:N1BppIHkahIoYjVNFIMMTA==,type:str] + - ENC[AES256_GCM,data:ayjl37S+zBKT0w==,iv:Ap5NKcTMlEg4nWeXTR0oHLzH1WJxDkWH3aLy0PXxajc=,tag:f+OxCnpzH3edCvROxzDFCg==,type:str] + - ENC[AES256_GCM,data:Zt1xAG1GM4oCKY0=,iv:sB9F9D7jToWQK+ScBQEiilBZhvQz3qSep/dgyrR+OuI=,tag:XMm5Fp73bnDWYPBxb1FKdg==,type:str] + - ENC[AES256_GCM,data:25vSxIFfkkzE5Y+djyE=,iv:O1880FtVEoUxXdvRqz8ObWOMCrt+fnz9MS2WB99aZfQ=,tag:MzwPT/MlAwizF2Po5dH4Mw==,type:str] + - ENC[AES256_GCM,data:UoSFK8BU+8oJWMnXuWBL3g==,iv:/PFPhtYDaR1DDyNiOd8Zvsr54E0Lk8/vGCIseMdkjuU=,tag:lsdzZEpGJ2FUBguovahlOw==,type:str] + - ENC[AES256_GCM,data:Of/Av1+P0zGGRtRMJSSqj1/01AQ=,iv:VLiWh4cFbM+SmOpe1KjXjb+n+Ng8xjE8mOBux/UKi/w=,tag:F3bfSR7cL7MJKpl7wflg/w==,type:str] + - ENC[AES256_GCM,data:hrlxvteP5ZJQ031xkpSTKlQ=,iv:h+O5101on9tlgtN31BCzgrYk+l3VIC+pmvpjRddHlow=,tag:VzqAl7Mku2hf+Aqtnok80A==,type:str] + - ENC[AES256_GCM,data:LK3GB7uklPyihz41pVHjGfo=,iv:2vt4vUoFYgJgMktS6n84pDezUDZ0dMBsWuqDG+22vOo=,tag:oLRJjmAHRUDS10yMl4bIvw==,type:str] + - ENC[AES256_GCM,data:/juE4w9tcDLdvoT5letVtKYQPQ==,iv:CxlZxP5Nt3utefbECcmq8cWiwLIyCjbu63UyKdTN4uA=,tag:1/02Btf3leVDSs3Oxx7WCA==,type:str] + - ENC[AES256_GCM,data:wJ6VxPLewqfIy0uilw==,iv:46KTJyDL0lM5VAjCm6AJEeXEYY98F4ODbbwYd6a4Gmc=,tag:Pok+epzLKaZwoMXTRqT+6g==,type:str] + - ENC[AES256_GCM,data:/qfwHj1TlKEPj+n+Ig==,iv:CRCLCJPeIskVSfB2Jazn0VPEcz6g5M6oyPSSCs4GjTM=,tag:va/dlwhiyi8fLzQ8lRptIg==,type:str] + - ENC[AES256_GCM,data:54dACaSTMg0cst60,iv:Hl9+CyddJiVjc0iCDRJnAMM3M7qSerS+qcPyIIAb7c4=,tag:TYXkRLKOi0t25k2GDEh+jg==,type:str] + - ENC[AES256_GCM,data:mgKYf1hF24ZgcCM=,iv:p6X4foXkGRztqKvk0vV037y4CnqzRdbdvWf2No73yrQ=,tag:ZROcrBYhcZxxN8gp3nnmzw==,type:str] + - ENC[AES256_GCM,data:lO6bMiBuGy72ZajJ,iv:Wyiy+W5RQduu4IYEeFqC8L37SRv1Ixo3NIe8pGUqVP4=,tag:2tp55lfGEXyMYzLQoDHnjg==,type:str] + - ENC[AES256_GCM,data:9QmXLUPbkbRatslfsNSV,iv:wOIDfNDnHoZ7EMn6PqQF3QxRkRca7AWKShsl/jP2uMk=,tag:prq7r2NocfOMbrozhDQavg==,type:str] + - ENC[AES256_GCM,data:iWeAtx3XetsRhi8=,iv:3K2Or55VuOuxAFJH07OLYeZ4LE9wNBe6Wz5ZcqZ+S4Q=,tag:p5Jsn56wC+Qi2FkzjSPYeg==,type:str] + - ENC[AES256_GCM,data:B4MrgpxaxYeSIdOo,iv:bIaPyVocORu7Nmcnpss9zjVCpkRFF9LmYpzFbY7vuFE=,tag:08g1wH89z579sWii9FMGGg==,type:str] + - ENC[AES256_GCM,data:ZqJr4B0P0yE=,iv:lkbJk7dwVCbz2uLzita7jVqmmWhycze9foLkrEeA6FI=,tag:rEcyeSwxMoKnQy4FAZ6syQ==,type:str] + - ENC[AES256_GCM,data:T4NfRhnlfE4=,iv:YmLv3+OLObWsC3HStohTwWLzsy782wVFsLGKybqDN0c=,tag:PoQIUjCo1ybgwIPtjxOb3g==,type:str] + - ENC[AES256_GCM,data:Ae4YAphDTLlw,iv:JFUecHh29qsiD7OsePI2D6hibuQnggjuX2ggyyuRhks=,tag:0YalORy5ob/1y1Kp7O50Ug==,type:str] + - ENC[AES256_GCM,data:mTzXvKU9twHyUQ==,iv:SrLR1rw+VK7Y6RpymKg09bl6GjQPQpjI3b3IsgZm00A=,tag:sbrQ8GkfBCGi+EERpUPcRA==,type:str] + - ENC[AES256_GCM,data:tfdFY84SYvBU,iv:s2BAC3vEMHxL9XeHctCjJ+uZhcs8knZ93kRMH7Xt/L0=,tag:+GnWQCwgKhVT6i1KHUt3rA==,type:str] + - ENC[AES256_GCM,data:VoRyAMxf9eReSKo7fQ==,iv:xsnicUWYm/m3mXm+IEd7uPpEp0En8tFAZSXdBvji5jQ=,tag:Dc59utj9ykqGNnlBd6pOgw==,type:str] + - ENC[AES256_GCM,data:/5xQfRmaeLiWfL1mrwCwJGz/gQ==,iv:d/f9PSv9IoTOJbn98TeS0USM4e+dZ+vQ0cQwa5ww2BI=,tag:IeIDGHy5tXz4WvOZJgGLLg==,type:str] + - ENC[AES256_GCM,data:NXKUC1DkRnglcvw+Crixv3M=,iv:9IABxectGgGYOdgh5N74iF7GBW0JdXE3C3NVN7G4VdY=,tag:tR3UC7a8kBHcwezoYBPeCg==,type:str] + - ENC[AES256_GCM,data:d/j7VngvpvFxB3KReKqU,iv:h29c6Fmm+Z7MnlVYo3/EDDmzk7vN8OjUOpJ+Gh+Ypu0=,tag:YjcqrnsCvDDQI/QrmhzBUw==,type:str] + - ENC[AES256_GCM,data:2FOTVhM6QhwhiaMZD5E=,iv:0VUlZ+GZQKor1tJpceW1CJPpoObqsO4tsCeOwZ8/amQ=,tag:DipYiRm1GHOgtLLLglxLxw==,type:str] + - ENC[AES256_GCM,data:4b+lnYsSaXkwDQ==,iv:w6B67n3Nsl3pB8bBGqfNbHI/nYDcCiLaXlefYp/65+M=,tag:+F2phOTAn2NFxgqq9wPF0g==,type:str] + - ENC[AES256_GCM,data:SMBt0LJ4Gx+AseM=,iv:rpX5EjxfIRpGKR6zZNNFBPlbn4PYsakA7JmZ317TZ+I=,tag:9dLVd2vqZNqy6wlgZ5Q+Fw==,type:str] + - ENC[AES256_GCM,data:zCeRIKSay3d6SckV8g==,iv:O/9Bag2hUoxzpOiqEf0z7uuuoHoE3V88XR5sd+1Z0sc=,tag:uOBi313IvvtQmLkCq7mAlw==,type:str] + - ENC[AES256_GCM,data:bj7JoBOb7695XirAHa4GaWI=,iv:caicmsPEDiwOdvUddpYHkd2wVDwvN5IXNBLZasdkh1o=,tag:lbS+VaH3O9HGfgv8LvOuIA==,type:str] + - ENC[AES256_GCM,data:F+OACYUe+nQg3wnd1nIg,iv:zfpqZ+fGDw8zNbJhWG1atNEqvXDrHAkEX3m2N0MOUIA=,tag:kXo7I3Hb2QGcN0pD1QoBOA==,type:str] + - ENC[AES256_GCM,data:uM5mDTAoJRbYeO1qHQ==,iv:CjRKpoUugKNvkGNxS+cNSUPZ5a6qUeJqoBaQ5793ZTc=,tag:uQ1xfEau+gKNVBYFGdShEA==,type:str] + - ENC[AES256_GCM,data:nmx9/dgtnVxpWw==,iv:4LnpSzmtq+H2TZFl81y6QhoXLHrNbV38bukgHrpgPGM=,tag:gjclK2RKi64fkrysDbeUlQ==,type:str] + - ENC[AES256_GCM,data:kygqpA9/NKw=,iv:x4af3KZTyDCgsMorCeHjbOtuqHI3LtC3ZEW/zkCVnYY=,tag:CsVaEOzmgU6azleEp9saYA==,type:str] + - ENC[AES256_GCM,data:eaq96hhlA/D+6wPXDXs=,iv:c6tDYxcGAY0ErSM+kRSzP+g97BxHS45rDMD4rW2/8fY=,tag:48DLh6JsQJaRprrQIA/NyA==,type:str] + - ENC[AES256_GCM,data:X4fr7xsV6SRyS8g7sg==,iv:y8Epj2f4+6U8NK6xyIPHxyGYRgYSpbBo9XjA9d6We0k=,tag:vnSQ5aj8RfgbIRQY9zSNDA==,type:str] + - ENC[AES256_GCM,data:6J2RHplJX4LCvq1M,iv:ytKyPICewzWUXzcj2uZ0+9RO88pIzzT9WdvtMj9cqvA=,tag:hIw8wH4IPuDegb9WzVnymw==,type:str] + - ENC[AES256_GCM,data:vnaL0hkWoXgZ9rJ4,iv:Mv/hYpJyqo4O8gKC0SBP2rYxMBFNZvtEx7Wj98oduYM=,tag:nvoKxjB/ssFkgL+Z2k1rNg==,type:str] + - ENC[AES256_GCM,data:ugIjHNMTGWHhr31vHg==,iv:HWZHXiwKvjLeG5bAt84hJnollmPzhMM2+QURA7IIbBA=,tag:Se6GpnZBL6lr1olSP497DQ==,type:str] + - ENC[AES256_GCM,data:1Hg9d3tbKjEI53gJ,iv:Uz7kvW4bk/N/nJ0di0Inb5eTrfYNrJnPez0tPiY1qFM=,tag:y7OsU69yEyyCpU3inVfiHQ==,type:str] + - ENC[AES256_GCM,data:tKgPu9vyLMqShVWKu/0=,iv:wZTSNzSMyYqij/DxxQsgwkylpEB8zHTW07gYEnKroAc=,tag:Xk0VUj5AxRTbdPfvZR5lbA==,type:str] + - ENC[AES256_GCM,data:MhayY4E0m8dQ,iv:bNgMx9jixvuh6cuKJTukvR6NznVAwvNwVlYrHOfFKB4=,tag:cmI/VEne/c+jozXUzScJwQ==,type:str] + - ENC[AES256_GCM,data:vKquDHOKIcuRWK4=,iv:R1xzNmv/Mx1Qi2sOdmHPFo8zA+s4OcOMyJL7pDhGDcU=,tag:J6s/TZY1xbPVP6LJ9m5I8Q==,type:str] + - ENC[AES256_GCM,data:kcczxH6AOX3zQG69q7PWFw==,iv:OX51MeGKgJvODqrSxOwBIsFhsONF8SFvqQYSbl2L8iY=,tag:AzzBxO06Ex8tGZFF36p80w==,type:str] + - ENC[AES256_GCM,data:lsZ/6CKSkK1V3ByCbv8=,iv:6zXlvKAk0uV0DXe2l4eKvq6Bl4gtCo2bSzYPx1Hkfm0=,tag:RmZM3EgvWtEU6PjGq4VnEg==,type:str] + - ENC[AES256_GCM,data:bilmW+9FoHFHP0kZpqIxdQw=,iv:Lfhq5owcvzHldqVbzQtVtSgGpcrDMAU5QNGfmDTkWBk=,tag:yirSuAf6aWB2nf4GzDJ5NQ==,type:str] + - ENC[AES256_GCM,data:w0Us82Yfv/RF5A==,iv:QOxHE5vLrwnTXgZXw45Hsg3QRRhi3utBGpYZNUqf1Dw=,tag:Eeb/l+IlhDTFJh5ZGybHsA==,type:str] + - ENC[AES256_GCM,data:m+p68eroJ0WqPQIRtg==,iv:WQ9scfq48vzljJX+qybm7cUu8tLpRH8wkDrb+SZRVp0=,tag:MANwPg0oYIfeciKUaBXepQ==,type:str] + - ENC[AES256_GCM,data:rerOWuf9r1Z7iQ==,iv:onJE7mh2Vcs2u3upAjMt0PjOH1xIvkmaOYSoNYWK1Bo=,tag:w6UBzXnAcB6wMQjserNlyw==,type:str] + - ENC[AES256_GCM,data:ZCFZHCYvzmZOmLjy8Q==,iv:9vAQBFrjWgoMJ0Z2OXb6QhOq0d3+kDSba8idX5B6jhY=,tag:8EyPjnWbmoTLj0NfcI29vQ==,type:str] + - ENC[AES256_GCM,data:3YB8Kyzv0D9J,iv:Fir2kE9HCpDWG4qi7DHyTuKRdUV6UMyFUaBfe0OMgnI=,tag:gr/HX2w7tjUguT7X4KNUCQ==,type:str] + - ENC[AES256_GCM,data:4GnStgpKFXuKRtbW27pr,iv:OFs4zRZi5THujSosOKKqntxSuIpaAycKVWK1Z7QFcHA=,tag:0PLP4UnfjA9eOt1bUwnFvA==,type:str] + - ENC[AES256_GCM,data:WI9Tc5d0+OS6oAY=,iv:dz6MMB0xC86OpraYZ+rou8luueN4/D1XkcDYy3Ww6yw=,tag:Tyf5IAmG80QQFFpt0PSbzQ==,type:str] + - ENC[AES256_GCM,data:LesoBttWyTnvnqJY,iv:4bEhq+S/WFf1GS12HexyOiQOA8O6L/7f+XvB0HktWXU=,tag:JRCU40ApnmCWSXRf3wjexw==,type:str] + - ENC[AES256_GCM,data:0xiyfgPQH2ms8DsDUw==,iv:CY7ihjvtnsiXMcYhD0oDzbsgusfpIJCfrJ5OXJg6dRg=,tag:lnrqCFM2FPCvWX/G9E13nA==,type:str] + - ENC[AES256_GCM,data:i7abwjQfSahZshADgu1qXjRNDQ==,iv:TxYvKaJyPpDz6+H+pzTWJbP3C/BoBSE+VCkOl3n7G6k=,tag:L5eAR//FcAENHOC1iZ7UTA==,type:str] + - ENC[AES256_GCM,data:QSAO1m6KWQCmSXE=,iv:D0Gq8NcMeIf8Xm5WtwFVqNDaqbYrojueSqkLY9GRCtQ=,tag:BFaT83G5YMudvii91vPTzQ==,type:str] + - ENC[AES256_GCM,data:QZ+kshcQD4hhDCs81AO7PQ==,iv:2O9+yHH84a6DKYqvPgyfSLzhMUyDcKW5hfS7zK2KJAo=,tag:47ijKyF1d6l1T5j/RxmlCQ==,type:str] + - ENC[AES256_GCM,data:vNQYmoCLJsVEyLEv372dS6k=,iv:VdfVkCV8ITkLTmDY/c6HWd6NDuiwBuv4ARGJy+qodQQ=,tag:0MIsBXurBpWA8FQXxhlykA==,type:str] + - ENC[AES256_GCM,data:tVY9qhE3WdQ+nrA=,iv:Bxh+n4TiqhzYJGUYFHknkO3rYk8B+h3VwxBZj4eA87w=,tag:sovReGTurIHaBhtjO9Sytg==,type:str] + - ENC[AES256_GCM,data:48mu0XPNmtNpwfbKlXdSVTM=,iv:JKUwixA+GXoyC91XhMSNZOjwk3JZWSCzMMZ2h3LkDEo=,tag:zcQZ3J99aFsyHgqyI4YSZA==,type:str] + - ENC[AES256_GCM,data:65VfUUmk33TtcdNeKCQ=,iv:AWOpSqsYA55PuM7VcWfEEjnenWSk+bBPfieMk2C0QOo=,tag:gUDsH1WCCcPgyLwR1AIuvw==,type:str] + - ENC[AES256_GCM,data:nTLahCi6RGLzoN3nahePSOA=,iv:UPESd9X6b7hzIHRBrdShSgf6OFniCUTJLzICbriJXY8=,tag:M3LxjTXJ7jpjx3ZCu1f1qA==,type:str] + - ENC[AES256_GCM,data:rn7Zt/EAD7eSe4gSz0c=,iv:SjtXEyHiJhqsfkte2xEau+IySezCXU2XlIqeXCu/w4k=,tag:tWzSn8ls34b9p0qyXJNhsw==,type:str] + - ENC[AES256_GCM,data:9+fxRRG5wX9OLAK4,iv:9/C5S8uxyUYzYQlOY8T/F1kQQ3y/6nKE33Q6g1M4fqo=,tag:9Iz9PxrZi02vdnSXwGgLaA==,type:str] + - ENC[AES256_GCM,data:+Y0Gkc/PpsxuDQ4oviwcLsE=,iv:IHdXaZgyoGu1cdQ8ktAxBK3866fHcE01ahR2cSNvV/g=,tag:x2+NqjYOwMyayC5QzJvpJw==,type:str] + - ENC[AES256_GCM,data:fj01BUFoTUoDhA==,iv:1Mkfr41BZK66WonKavTJ0dMyz3MgRQ1qWbXyAmuCwVQ=,tag:BmWOynUz2BfZvyohU/kEcw==,type:str] + - ENC[AES256_GCM,data:hHyU5xJSuyFxtEGhgUY=,iv:Xb2LxgzcophfVfBC74x7nTyQTAOPV4xXca+wGYTPWWg=,tag:MkFi+vXuxMBNMP5DFnKu1Q==,type:str] + - ENC[AES256_GCM,data:rWnqk+Vx3vtpWhIb,iv:81rVzBhLeitdxtFmAaOyV7VtnmruNruLRPSEi/f/TuQ=,tag:2qV8/XyOjTTENEY0XLWkNQ==,type:str] + - ENC[AES256_GCM,data:vk2JmmCiwUb80c6e7w==,iv:e2MPNCRVGGRCQI3gBDHQqHQCW1Bh8UDA0IbH2spPQOE=,tag:aB+Z3nRCSO1Or7ZeYRELrQ==,type:str] + - ENC[AES256_GCM,data:zdXpLyzZUCqKAg==,iv:ZoVlX3IIBY61ZS1w5sV2+EJNEN2cB9arPW1UVmaTRq4=,tag:RdMo5LtBQaWnuC79i/CvMw==,type:str] + - ENC[AES256_GCM,data:KK6nz/Mu5ZW+rFhP7cs=,iv:7vZAB9jIGVEiajEzU9SQX9W5lpk4KEKJmuxvRRLPhlw=,tag:iLdwLdwbfblNtIQ2A8TNHg==,type:str] + - ENC[AES256_GCM,data:hqAdigijtp5JwE14HNrZg60=,iv:z6742AapniF+R4FGUI2V5xNQpY9sRrUh0fGaMVlc5ik=,tag:7Ko7PxwqvyGbBp67Gpnrcw==,type:str] + - ENC[AES256_GCM,data:m0+TwOni12FAnE+Fu6c=,iv:8SU288EFFLcuxd9PKuFWgAhp4eRlj6b9HV2aJCgi1Zk=,tag:HgnHgDBHmEUjrlOHNls99Q==,type:str] + - ENC[AES256_GCM,data:Mxiq/b1E/WCUICwyVOjqDg==,iv:ayKKh2HWres5F0UVgHKgg84t3eQ7DJlcsJA/ZjXigm4=,tag:557rkNjpRYrEHCnMRClccw==,type:str] + - ENC[AES256_GCM,data:y2HsfFlrAqeidE4y8qY=,iv:UWoOq9auZ5TmxCHj/biDd8R1v97/u5TkIIDtU3tNOg4=,tag:dzOzsJBkX/APHroT0MqlMg==,type:str] + - ENC[AES256_GCM,data:LspAkZ6+l+pUOBWN5U4=,iv:5ttz28YB/OhV7Fd0OIeAmO291ooxkkUTSaSR4Or/k/g=,tag:S8bYSELj6sOQjZHJKm+z1g==,type:str] + - ENC[AES256_GCM,data:U0MjgY30FyNwxTzh,iv:bJKZTRxdsLBTiEYSKSUgGomwjSZnnbAlo/tRCnibIbg=,tag:KqxNZEl1RtNwO3ZC5X2HgA==,type:str] + - ENC[AES256_GCM,data:1+rFY90F9zDNqRgOmcnq8fU=,iv:544X2/JURi8Aa3MpOYAHIFunzoGZXTXOOOWc0941fnM=,tag:6RlJLEjyAjJBHcD4v36cAw==,type:str] + - ENC[AES256_GCM,data:o/QgaaDvuR0dwvY/iEIU0aKe8A==,iv:t1VRNG8t2ITYa0PSZugh2nHQc5CDi/PD4Bdi41HUfe4=,tag:hjHNJgDuxrPpwM+emyqIGw==,type:str] + - ENC[AES256_GCM,data:ScLoQzkP9qBcff+Y,iv:5m7xfIMZjLL05ebyHoYQMOOMW5a6ZxBZJPl3aa9Jm98=,tag:EIJ86uXFbWM4G6z54bpN+Q==,type:str] + - ENC[AES256_GCM,data:XCnQkbBAkN3rnp7Xv739,iv:0jkFawfXUR4ldWjBnTbvRYbdjJ3vshnfbVGyHSAXxb8=,tag:FkW6efLcpa7vp6sOhBE1Ug==,type:str] + - ENC[AES256_GCM,data:vy8DHdDJBAPZ6X/DmRHqaLcF8Zs=,iv:42ZBa2t9JtdriAl7JzkumcUlWVeIgKjC16JLWbKryPM=,tag:TdNR7NhJ2RoZuGbEwS5+0Q==,type:str] + - ENC[AES256_GCM,data:MgMGOomYGYa4DNT/2XK0,iv:DG4s/bl69WNDLoFjxUjdnBDMba1L3vwNuQ3ZuqQnipQ=,tag:UdVLWpWqOiRP5RVBheuryA==,type:str] + - ENC[AES256_GCM,data:ZiciOIkqjnCItYaasZ/sNao=,iv:yzIrhIMJzPdECTnx/ka2h7AL1CuJfO5ts+Wo+8+aO30=,tag:TJCbLRQfhwXjwa5QNQDYug==,type:str] + - ENC[AES256_GCM,data:dMSG2DsiznTbMVn+JzOKsw==,iv:jrKKr9quMXtz0i6jQjtsFpKMCR2IpxnBqCsPK4QYbe8=,tag:Z9USzh08KvyFlCFgiIzP+A==,type:str] + - ENC[AES256_GCM,data:kOe+Imtqk6YT9vLcqfdk5J8=,iv:wtzguo5id4yTxO7fab4oaHeTuigNd4NllyofL+iv2MU=,tag:2aUD9dGZQbgIM5Epg3RTvw==,type:str] + - ENC[AES256_GCM,data:k2DpJ7vucq4l2u/1EXMH3Q==,iv:RYaF7mpaz6/No4bcLDcxrYsYJp0+Wk0KNAMTEI+lx28=,tag:Ae2DoOQknfxcCpwl7aHxcg==,type:str] + - ENC[AES256_GCM,data:IwqiyTL8Ktnfflj1/LFMlA==,iv:9qL7u1/wxTBq4R/B5JpL22XF52sKHeeC/o/T/zTx3MY=,tag:IwHZUQGKbG1SXD1HGqyMlA==,type:str] + - ENC[AES256_GCM,data:FxC90jXFCFJJZrcziWfdPSA=,iv:+GdhjDUm0jpnM5y2Baolo3PQ5VOjIIv41HlSov2jaDA=,tag:f8PNKZrD7Ykqxuvs8wyREQ==,type:str] + - ENC[AES256_GCM,data:DUJjUkOpQvcTm7LiwjMF,iv:C7XaZ2iW3O8JU+5OFQkWJodgFYjce9vVIaiRSzZDvfE=,tag:xXRfuBCMkXY0vnVC/G37VQ==,type:str] + - ENC[AES256_GCM,data:iYfJeh6wKF+nrC1diqJ4,iv:X017Vv48r70KdAYknezEZqCPFPAwS2jXKEVT7k6lRzo=,tag:mdVzvGQYoT27ToX+9A7GXQ==,type:str] + - ENC[AES256_GCM,data:bC/csmU6kZC4150JUQ==,iv:K0HHNuXzsSme1sxAhs9s2TCWDgL8+ymjP0Bzjk/jd7Q=,tag:4KXbmo0VTvamjsHxr1CcPg==,type:str] + - ENC[AES256_GCM,data:8o62WPlyeVuAdhTl/rPeU19rUR6C9w==,iv:/MMu6wpH8w66yDQrjvPbtVJW/qb5PeZlSnalMvNWiwI=,tag:IfOw1qzFboljXiereWchBA==,type:str] + - ENC[AES256_GCM,data:+amXrAKirDAcvUR1/cs=,iv:Kz9FrfGbe5W8RfSEuPlVZKO+/rouG2P1d8VX68px+3Y=,tag:8j4Z2hY+2lLZa25gFAvrjQ==,type:str] + - ENC[AES256_GCM,data:oRSmF1iZNAx2JR1luBUDvg==,iv:Pom5PWURhqsVeOgzm9d1lmFK3/xSlKjF9OdHvP0eOJg=,tag:x5hTcVTzfUwSol7asBMMHg==,type:str] + - ENC[AES256_GCM,data:erIWUeuhfph/Vj/knu8Qc0Uq,iv:p5JsE5Vk9CYOdsYa4Ck/jiR21X9v2owlRGPYzM3JeEI=,tag:KPXtrd/TsBVE1Qjdv86klg==,type:str] + - ENC[AES256_GCM,data:OkftByYJr27I2YMjnzAV,iv:iY7BPzoBBIttF+U2aRhXfcilIYBqRZ7ViiJb0txlPgw=,tag:hSA3VoSRrMHEy7uroTpBPQ==,type:str] + - ENC[AES256_GCM,data:hje40Nt0iJzPoly0krBelYt7dQ==,iv:8WTox6bs0VdJzx3YLqDX22v9Tl84JucDZthJGwc/KaQ=,tag:2d2VhjLRM0OYt9hz0TLiiA==,type:str] + - ENC[AES256_GCM,data:85ODiZMJ+umz,iv:1QoPpzdfHRCt1opNyItStC1McZ5uGAowfj1ktNCRicA=,tag:h1ZWtIkVHOrfCTzlPWw7fQ==,type:str] + - ENC[AES256_GCM,data:R6acO8L9g9VVcJvmAg==,iv:Sr0DgTeIDR00B+LggJueAz49RvzSjD7KGUUmo6VlQeM=,tag:DpHNoiuAEBVu/jUBZXJ4gw==,type:str] + - ENC[AES256_GCM,data:ma+5p7medNmjyHyBBw==,iv:m6PpQVD+XbdePVfsH51lL2JCBXaYBqm7m9gtt4xEt7Y=,tag:96ljeEBqaaD0EJHJI3E0iw==,type:str] + - ENC[AES256_GCM,data:EJ+LC9ya5+zUA5GAIgc=,iv:3+PinKbmJPgsyMNa+vZJt0QTK7kpVOrg3rnru7Ri//g=,tag:RJhn7+1Hh+f4HAKLjq0KRw==,type:str] + - ENC[AES256_GCM,data:yMw5w26f4y/rkXkdSTCVGQ==,iv:YipBUvCwqJ3Q/navqkktT2pYT8tEjLQEGTJbMcwdSko=,tag:84u7p4T407o5HdyuzYvDvQ==,type:str] + - ENC[AES256_GCM,data:J49EVNXXy8pUS0hS3ZQ=,iv:zb/hgT9drIL0A5khKM11+HzFAkDESuh1vhheyVdZO5M=,tag:WZ76QO3LqK7DdXOKaxBZNg==,type:str] + - ENC[AES256_GCM,data:fg0MhdpgHqndJRmlsUvM+wat,iv:GFX0qnOZSdloLVe74X16dDHP6wpdtFtfNNN0SWiD1U4=,tag:s7qdRgzq8uNtdLEN4dOU9g==,type:str] + - ENC[AES256_GCM,data:Me6hZYsI9R6uVu/vgvo=,iv:7TQbDUX423d0Ki2Iz5PdCxdwp+iQKkQgXlg+q/Equ6Q=,tag:vnO7ozmg5+qrWAC0CzZCYg==,type:str] + - ENC[AES256_GCM,data:rnn50zK9/vEXJBJzwFaICA==,iv:Gbgf7uqWnbEJ4muCVmVwz3Y0c9FgJVLtjz7oX7GRT1w=,tag:6TxqYZ49RrfHmk/VsJkRdg==,type:str] + - ENC[AES256_GCM,data:uK7awf2OQLXTBUOE0JgSqQ==,iv:xBR7Bsds6X1Wql/GP8v+SEMjtyif7eyPHSHvO6crsNM=,tag:ok9QU/zx9ODIInCZDEGn/w==,type:str] + - ENC[AES256_GCM,data:Rs6tg3OhkkNxkJcVgMk=,iv:k/hiwUiDGYFaXQSOXswzNvgj88dBZJjlhcP9T5+RCq4=,tag:dPETqhPu7EQZX2dx1WYf/g==,type:str] + - ENC[AES256_GCM,data:KsyzOWBNxxDw7aJ0oiO1A1E=,iv:/vG0ayk9BRsEPh/wCuNoBka9Xd2HmmiHKN7ZiX0msXw=,tag:HXGMaaIjP+nC9r6pefS7EA==,type:str] + - ENC[AES256_GCM,data:zZ4ESeayBfQ25iml,iv:5pa/cAomp5FYVrtWNwJ7Bl50eE05tfGhAzUhkywITW0=,tag:w47Dp6FR2juhN5Ebnz8DDw==,type:str] + - ENC[AES256_GCM,data:OEozRfDwPAWyZ3KsCJLO,iv:HT6b1rgbKnyZgPL/RC7VF4+FvcpKbKrY4m0h2GCpN1k=,tag:AKdIKrfrAQ4QMI3sPMYnYg==,type:str] + - ENC[AES256_GCM,data:BqD6bu3IAVF/yQ3TizxP29Os,iv:QaGYydKvQc4JAC4i+r7v40T452g+wY2vOo6bSGHRjU0=,tag:+iLg/Zy1kzUq/3cajYh+RQ==,type:str] + - ENC[AES256_GCM,data:MDCJdxDMhaIMZt5N+BswGSqjwSY4bg==,iv:m3Yja3uzbu4IMhWy3ysX0w27XpoGHFr7vNqhpwR35hY=,tag:e2ESC7BLqUr5XwLA4hgzkQ==,type:str] + - ENC[AES256_GCM,data:ypYD0nOkQwP6+Fih+WA=,iv:z0AOJs3R5PFa2aOuwFggEoP39I1IeqelkhKVspacHk0=,tag:k38JbExJGhPZnfexOgAg7w==,type:str] + - ENC[AES256_GCM,data:wpKF7l2OzOJIFL+CZ3AF5SV6,iv:7IUV1RpOdtSUBFSEAax98oRENtzijt5LO5vdOSfk/SE=,tag:VfPZYaf/LI0UqXMBnz8P8A==,type:str] + - ENC[AES256_GCM,data:SMOKT3+NC4uweY+1aZXa9w==,iv:J/Pn7yNdU2yA7TicT4gawiG63XCBnxEPmIuujOeW3fg=,tag:By2vOCrH6p1IapbKKuoFdA==,type:str] + - ENC[AES256_GCM,data:JlVhOg/ka21iaBQtf+tgf6mf,iv:ohLnWfrARYOH+sHBDrgo9dx4qqg3XH0JM7V9+htk9eI=,tag:hJPdbrp4AXbW5imZgjDRDA==,type:str] + - ENC[AES256_GCM,data:Qf4aJfc80aeI/+dDYqfk,iv:ZLPA/LQ8cxZ+igPVVbTIqyI2+bS0PSaGx1u3feN190M=,tag:FD8cKZGvMnhTbEH4/ilpkg==,type:str] + - ENC[AES256_GCM,data:9l9TFMagWTGaG8fAbMbLjbFJiQ==,iv:lsaffarFUwr3IBdHVkwDRoFqwXZGxwqy8M4G2NNcXtY=,tag:Br0DlUkS8SLNNmMnSfZTHQ==,type:str] + - ENC[AES256_GCM,data:PQGji5oT6mZSElmP1/ABsVo3,iv:KjkoUmtf3UiuEGc0nbHFT81CLBXWifDH5W23URth9Mk=,tag:mWPL35XkCEnZNoqZHVSJIA==,type:str] + - ENC[AES256_GCM,data:rL6FBxjRBopPr6XnxjkCMH/PFw==,iv:SECz2BhhRpsKT1qq0uF8CXJMKG8HgVe1ymOZazfkVG0=,tag:cJk5iLJEdqXnTvx1px5iQw==,type:str] + - ENC[AES256_GCM,data:ifA4RbH2s2XtRkBS61PSOCjaESmTE5T77A==,iv:6jZjHSsSigCCxfrMLJcOd3T9wWZl5kJfd0mG20yo1ck=,tag:d6SZzujmMutZkkCZDda/7Q==,type:str] + - ENC[AES256_GCM,data:i7Gp0OVC9OPbAaNzrQWJf9WedSNHa18D,iv:yO7c4C6UaLb0P74QfZO4/xAuOug6oxCI2B/MEfQwsrs=,tag:S36DylvxLL/zCu+g7USOCA==,type:str] + - ENC[AES256_GCM,data:klNaDz5hM4XpZ0RB8WYe4m2xyw==,iv:4Bj1gnKXDO6vLPQv4VSmcR9YSvyc5xWEg8KU2m7PNZU=,tag:P1l++fHfv7pHJRVKUeFZZg==,type:str] + - ENC[AES256_GCM,data:920iCVGF//KzdrJnps7ut6U3TA==,iv:nvs1Gknz1+SX5fPV3MyAtuJhHpBZyhYlO/W+0wglbx8=,tag:sTOaTagIxY0U/OgTgex9zg==,type:str] + - ENC[AES256_GCM,data:SguGfN+VvdLEF2cQhPIAig==,iv:XKixxa48OzzCyiDhnwBXIIhmtbcn2kXPvk+r9wWKaws=,tag:rSiswqBn41u9Axz4bI+zVA==,type:str] + - ENC[AES256_GCM,data:ec5aIuKwGLJX89TZPc5I/DaerbUaoR4=,iv:x4Xoi1qc8MTvdo2xGKzNlk4BGp0DHQZnxNuhLK7epno=,tag:4dc/FzootkR0hYAfTRNORA==,type:str] + - ENC[AES256_GCM,data:xEK55ZTYAdXMdUyNFcA=,iv:6XKu8yJRQjd0qveItl9RNzajrqi0uuJUUa6/1h1Vw1I=,tag:uTpZy8NMVit7J0PdKWqLuw==,type:str] + - ENC[AES256_GCM,data:YY8aQ2OyTeNtxXvNoTkyNNCGCg==,iv:hIET2Y/5MpMfQkDwuh24Bf2oYgFU+V75pUuPpx6YQmM=,tag:BAlxg3nyv8j0PSg6+GdoHQ==,type:str] + - ENC[AES256_GCM,data:UVQcjNzwmrVEBq62xzg1IS38fr6+E9o=,iv:cJFROscDS7Tfr11NecJPUbvmE8nCeujIx47Udw9SgkQ=,tag:aCic22u28yRYLL1I+etdjw==,type:str] + - ENC[AES256_GCM,data:xCCA0YLsYVKmAGpQ,iv:fxdXt+Klfzdd5Oo9ZhCohnsjRGH4xkWewuIHMbAPwg4=,tag:9Shn91uoZ/VXY8q5CW1Bbg==,type:str] + - ENC[AES256_GCM,data:kvOmU/+a0StzQ0WQ3Bweztjf,iv:cbXmA/wnzW6FOm9kXczOdj2NAlRsY4NIFEPL4EVSOFc=,tag:w6I5922FL1yUOKa7NGWwZA==,type:str] + - ENC[AES256_GCM,data:Lu/nLha4JjOcDFhqHcvL,iv:cYwAXfscVX3Vkofx7u7gFtajsrIHpp6xBnikeSk/GkY=,tag:qr9xgfzWdVO39nq6ubSkgw==,type:str] + - ENC[AES256_GCM,data:VVh6GTN0YcKSckwuhKaH9w==,iv:8W0rEW+GT76kQOiyACQny1xeMpF55XCPhx5iW7b9Ad8=,tag:cHDRP+QOnuy2OmLFMZX6bw==,type:str] + - ENC[AES256_GCM,data:bJMMkCOcgKm9tC0mZ1tlii0=,iv:Z/GEXDrkSbPLmPm0UqhGqK7rXWMUzfuTkbdNukmtAaU=,tag:r1iIa5etT1iMAoftIBIp4A==,type:str] + - ENC[AES256_GCM,data:So7j4oQJL3Sm5SA+djzoBE8=,iv:kf1brHZepLkuKUVoclHD4QbvwqsTXUbC+CdOusVfpbg=,tag:dSjEZcezjWeUL6Qz5tovOg==,type:str] + - ENC[AES256_GCM,data:GfqDqW3lGU5gp2irG1U=,iv:Q/Nlia6Ldj6XnjXJNq96LarWgQ8RgAsJA1LcoNtCwhc=,tag:U70d7q29cATo1WgCtFtPyw==,type:str] + - ENC[AES256_GCM,data:xDKJeGDfLUfIHuQnFRb3RA==,iv:0j/7g2bgO8iGrPxs3cPqtsV8TzWI9u7lh2RybgY63MA=,tag:bEUk9Ajh6HdaUON0Q28qmA==,type:str] + - ENC[AES256_GCM,data:x/v2uDFuVrbr0QUEhT02JDk=,iv:Sd1y9V1hI17OsSnD4xnDWLYA2YkFtM6hb7Qx9b3W16M=,tag:pfYXPQ1nc6wJGGPOKUD/XQ==,type:str] + - ENC[AES256_GCM,data:iuN/+azUvqDoI8IWqw==,iv:gE8hzMonoF9Lx+qn3AvMA0y6Jrf9TRUxmw/s3Zx7FME=,tag:M6Lncg5Ar6asrXR3kWoiYA==,type:str] + - ENC[AES256_GCM,data:eed+1CYtB1QKMbO8JWM=,iv:xZjqJNAEmequuj2lDeS6+GrggrE+L3TWVJe2Nvn1/uk=,tag:A4U+Ez9aXnVhj1nq78M8Tg==,type:str] + - ENC[AES256_GCM,data:MNm6LIDsboy/1OlhFWkxYw==,iv:sdJ4mJ1n2dKs22xzw0jWMNdycTIhghKIypwG/LGXVm4=,tag:MUaqGribKtDEP/Te51Ou5A==,type:str] + - ENC[AES256_GCM,data:sba9BrCcndYmvrVriF8IB5Y=,iv:nCdo5oXkjWDGphzV6TZS44JQirzRTRJsf8nXMetf1uM=,tag:rPWOufQOZ6W35V+Tgt15aw==,type:str] + - ENC[AES256_GCM,data:YEpfjze7NqMZkHzOPBE=,iv:DFIs86yNaKvc7U6rYPVqTywbCseku5xZquqIOT9glBg=,tag:6uaGxakO/2Sl/BxdtYiuyA==,type:str] + - ENC[AES256_GCM,data:/nQoNauvnSR6y4JdQRwQsw==,iv:F14XoB2cX5VPxWVc0hC9MrGgAUXs20wC0Vfz7zXz+7o=,tag:aaiJmf92YxGSnZIAe5q/5A==,type:str] + - ENC[AES256_GCM,data:gCBXQBojzxSJr50nLEQ=,iv:hdepvvLmZCudzZ3sqHiBT2MYtegpvD+bqLhTyloonBk=,tag:GHXUfxkMsGrIvw2yDIT2zQ==,type:str] + - ENC[AES256_GCM,data:be7sicCs9hnRfiwFnM0=,iv:UCmygP8mt04XN+QUlsrq2oj0URicArXfsT1gdqYKFfU=,tag:ytbhThGI1e/+zHwEEV/xTA==,type:str] + - ENC[AES256_GCM,data:b1xwQhT2W17lSuSDZVyZDw==,iv:7E8QTfqqSL+BBWw149UQp8LfQ3e9ygbg85AZw3CwvFI=,tag:Q2P4J92VhoMNZUeSQS0DEQ==,type:str] + - ENC[AES256_GCM,data:RwYgUfcJMIUalfyqxP4r8rI3,iv:aBIHUip3FypEp3KQgt5W//BWiSDa9e51fwhbZBMz2wE=,tag:d/xZRt35zUcbMn7G/N9J3Q==,type:str] + - ENC[AES256_GCM,data:ZKRKvHId8yYYnk7Gv9wU,iv:ZQNJpVutvtF3SJ1/aUvkpXYSzI5vzayFK/3MCnZz9Fk=,tag:qSzG3vYdSnDfdSAgOnzHEQ==,type:str] + - ENC[AES256_GCM,data:Ha+un4zppceWh644/sy+,iv:ZbPCVnkRq/IjCd7SJtP9t0CrUvEGfNpLGdUkdfbn3WU=,tag:umySa+krQ6RPJywePiW5Zg==,type:str] + - ENC[AES256_GCM,data:NPKjvqZrwtrZ0qC8wTmxaLc=,iv:EwRAiCA99sdV4JLsUIGDCWpt8weOThtuOZp0m0kIPk0=,tag:a4XsUz5q8Q+irqdDq6+W5Q==,type:str] + - ENC[AES256_GCM,data:mGCc7yPhGeMuKUeTPWQ=,iv:avUHswmVCVt7Y1bcmh+4NKCrfyIJwYRrXDge/DnfCTM=,tag:MsWxAABwOKPNCPmgPVEX9w==,type:str] + - ENC[AES256_GCM,data:mlXfPjiwBn78L8T+EzI=,iv:5nKn8I7379X6H65SoIomyCvxkhVMdzT+IVJ82kXDBIM=,tag:5Rddg5p3C9dxg6giQaKHqQ==,type:str] + - ENC[AES256_GCM,data:fNGiNPnBCdAt9nl0mA==,iv:jCkR7x2hq1zgnob3PpbY9AZtHF7WIG/EQxGP1HXfKvg=,tag:LJlOkeren5mloyjZSqy8tw==,type:str] + - ENC[AES256_GCM,data:9HJJb/4MF9Dkpmf2Dac+QA==,iv:UaqLcomK3ZovQXxxS5RKDjqBlveDB3cTV3+IE4N6iSY=,tag:ZdbeKFsfXelyPGb/syWsEA==,type:str] + - ENC[AES256_GCM,data:+KT9vbk9oK2+NBMjBiw=,iv:N71Wyh/3Ws/bIsjzBcJOmmUYPbWCAmo/SLXh1xD8vWQ=,tag:lnquIT6dX6ZDuenCnEQXSw==,type:str] + - ENC[AES256_GCM,data:pHECKlvmjvjxLY9o4QcX,iv:gQbUg3kLbKoKvwtgM7Ghaau+gYGfieu6ABmWYRriheE=,tag:McjvKOA3syD4+BT3yZjcDA==,type:str] + - ENC[AES256_GCM,data:/X92mM9TVmmVmuk7Z8UPyWg=,iv:aHGDDxYVRdLxCFU1X+VuFjGJjpZlLM4kXFyl+a1KB+w=,tag:x4vHjz+qJMAkZ01XNMSDiw==,type:str] + - ENC[AES256_GCM,data:xNIWohnxzyu1z+6UAWH9wA==,iv:PhrXenXw0UtLLtSDzEC6R/J1pq08xHEeixbrfzAwQnI=,tag:FtQgBnpU6dKYw1C+xzgEJQ==,type:str] + - ENC[AES256_GCM,data:B/OMmM19+nOEI+69nJFcrzL8O7Y=,iv:2swZhp13Epgf/t0Uo1A6p4HEqy1Lz/XZJUf8bVuXx8g=,tag:v8Qamc/A/0vWS79pU3Exow==,type:str] + - ENC[AES256_GCM,data:myZvIJ4nGa9TkkoMoERhj9rgHg==,iv:EVeX2NquWQZTgTe3Nz9aTvZFvkv26lwk7jxdVowSzMI=,tag:POgFiImmSjbnu4h8CaHEww==,type:str] + - ENC[AES256_GCM,data:68wm5Pm5zNbewVvJ25qypPriY0k=,iv:Qztgl2fZbjO6+6oHvvboSnSoqJozYqSycWiERZhJBvo=,tag:9dwiIOWs7vHHWmgQS1QNDg==,type:str] + - ENC[AES256_GCM,data:FlDGKZFnFAT8kQ==,iv:9YbTPU8vLaC+dcu5VTAJNAOcdKBfA45eEGCpt2/56Rg=,tag:AApd58s6EXmnRLwd0NfYuA==,type:str] + - ENC[AES256_GCM,data:06Iy4QrSoog34Q==,iv:Yoq+KJxd/+oIup+AEVFTMxWfB6pP46bFLfSCBhPgYus=,tag:Dwpq4+XwiwBkTuVCeJdahQ==,type:str] + - ENC[AES256_GCM,data:1hXhEqK8kc3D52eSiohw,iv:TK8SWe826GGRPA6Izx8ydy6gw3pIOXX/lPdx1LHo1MA=,tag:co2pDkdSrAw4L2lPsCVong==,type:str] + - ENC[AES256_GCM,data:707ezt5ymSuS5hKUkOUIcDAE,iv:GgZZV+EpHnTQ9+SB93zLLNixK8n7x2wi7MH+e0pL8Sk=,tag:gnThcpFyJHcsFkr7RkxfbA==,type:str] + - ENC[AES256_GCM,data:NM82caKteZcMPxGpMrfG,iv:vyX2ZH7bNj68Jq18d/0APSHF2bKEk0M5HRmLLbLZWAw=,tag:sJzBtDBLeyPLxzA0RG2PPw==,type:str] + - ENC[AES256_GCM,data:Ho3Mx2NW4WSjJA67wA==,iv:MZzxtxkev7i40cDzNPo8vZuEZzTKc3ZAVN/ftUsoat8=,tag:7r3yWzYnddMVt502hGfzrA==,type:str] + - ENC[AES256_GCM,data:bpp/XNPOLGzg7rWcYBpY,iv:j3YGcX69tGnJqXbaK25q2V0K2XrELfWkteNSM0O4/bA=,tag:/9PHV0/pKAt8cBBt2pL+Hg==,type:str] + - ENC[AES256_GCM,data:yKZfdAorN59CNU1Aww==,iv:0wqPzmHUZjUBin1b1BUJHJMejZl9sgRi6v5ikDY4+6g=,tag:LusCYKf+Gg0NnAMrB5NTBQ==,type:str] + - ENC[AES256_GCM,data:8y1E4lNXfkFmWoXfKl6OejU=,iv:ytNB8NcRGRiybhcykNSxk9pcQrYpKSpJFAHGd2FcRBA=,tag:rdbQ1JjcBfeIRAmMxxNTFQ==,type:str] + - ENC[AES256_GCM,data:F93eknqbfMzckd+1qO1jD+glIsI=,iv:YtxFfs3oHsXxAcVrC1dXLezYHnWRwB7rnN2DJj7rexA=,tag:2CWLhS+Hwzmb0oMMB28xDw==,type:str] + - ENC[AES256_GCM,data:j9kQeUpiTah6bHwMKAwVwlcS,iv:+f15emkTvs97EEeeCrsoID3drosJpSVbEM/UYk8+4e8=,tag:kQ2FxcGwXs3mHZF84VRqxw==,type:str] + - ENC[AES256_GCM,data:yLcRUm35GpKLH8SI33kUp/nnBZDp,iv:30AE/CR+IiD5nCIsXKIonXTUxihUOwfue84DWDHvZog=,tag:vk6h4vMxFsF6pkQDppUsXg==,type:str] + - ENC[AES256_GCM,data:bX1s6XNqgqFrnOUlaSOK,iv:pWKC62x+qlFNPxX0pPMEfrtlI+ZIkd3XuQgRz/XGuYU=,tag:J5AWz1ai5VuMvojZShrU6Q==,type:str] + - ENC[AES256_GCM,data:soEkTAC/KRcMMJ93IA==,iv:DnDpyi4kEUdxSK++MWqEmt8mCOC8w+41ug3xY6JvvBE=,tag:T9xKNIyZ8wysrgTyjoLiOQ==,type:str] + - ENC[AES256_GCM,data:LZzzS2X20L5DlvaNw2wP,iv:FwXsitxTbUNGFSs3WlykEEz6el/tou8akBEu2aeqzIA=,tag:bAQX/93NKbyKq3UppZhoQA==,type:str] + - ENC[AES256_GCM,data:4h3KRSrQcCyYX3kX,iv:3xw2W1Xk1z8pukNktd1g6V5CLTkjhbs0carpt5sh2E4=,tag:MLSs2Oi8/lU/DNAecr9djQ==,type:str] + - ENC[AES256_GCM,data:bimDiPAjYRCkmxtDTgS3Sg==,iv:ddGhOMR0/TBxSRhn21eS66Cqo1mQsnY+2Qnm+84m/3A=,tag:mBax6a8MzhzNyI55XgRHww==,type:str] + - ENC[AES256_GCM,data:+O2wJDE+oYLJ3kYM5Gn2,iv:P8Mymm0PI7/QekA3l2J7zjrxDZjpmgwMwR+5Wu/xJzI=,tag:53y7zD5QjfkPY+fa1ttj1w==,type:str] + - ENC[AES256_GCM,data:i2XphMncGT9/BSMxPDE=,iv:toxBP3+ld9TgQnOywfOvcxrjq95VFK+BjaHGmo/7aZQ=,tag:8MuUeUcBCWdtVO1O6Y/0HQ==,type:str] + - ENC[AES256_GCM,data:SRCx9WxQU3whLKXw5A==,iv:hGTTA/aNimcKqswuS6B316Un93C2eeO4YbaNw9x8/Js=,tag:mtf1TE0gqbZwruTdbra1aQ==,type:str] + - ENC[AES256_GCM,data:tYBK9ul21WVPgEjCkQ==,iv:KnasiNI6kT17oRNZ1BTk1ig/Z/i5c1adU1O8LZV392c=,tag:LBDNc7zMkh6nsgqVRfNQsQ==,type:str] + - ENC[AES256_GCM,data:Xk/o1KNrw3AKGXamdqPl,iv:SB8ZCXNvRQWUFIwoymOtHlj1snyUF2exa37pnMYK3KM=,tag:w4y/qmi/XBOdSiKwC1a9sA==,type:str] + - ENC[AES256_GCM,data:qxWN02Xwx5kvWcbLOQ==,iv:PQIGoJn0X+EyA1MLOHvXmKhyDuC1YToDZoHPnQg8+/w=,tag:UpY/L5YjgFVGjYWjJ0tpwg==,type:str] + - ENC[AES256_GCM,data:5pc6kAOxfHxYyj8Vjw==,iv:RJqNZkjuw/r+wNPvCfFcLIXBu9+q22HMMNOjsd3oQrE=,tag:Up9pTiS+DSpOlpb+i4I6ig==,type:str] + - ENC[AES256_GCM,data:fPXIaKZzJ/1NV9fNSg==,iv:iaK9KsyD4Cz7LSfi8zbUGIdquRYbyX2ONgKAP9gFcy0=,tag:m9xFV6x6UpA8jEKam1WNCw==,type:str] + - ENC[AES256_GCM,data:EJ7DRcMzTwJFYO9kdz4=,iv:klcHwLqHd/ygpvx0wc1u3DSSxK1mH97IICD2+aY8lQU=,tag:7zWIYnn7soriCt8P3cMz4w==,type:str] + - ENC[AES256_GCM,data:e4uzMjrMK6naoYQHSSyf6XUo,iv:VGE+Np0g789xhhl0bAj1tHDECQeG9ahD4WyObG98Xq8=,tag:jAN5/O2YaKl8oQ//7D1hLw==,type:str] + - ENC[AES256_GCM,data:azJia3woci6jO1MA7DM=,iv:wfl0qBONvn7fcvG+RzJdCFP8fooLwiecxzOvZxjjoGQ=,tag:f5Gmg0WRureYwV0UNnqYEw==,type:str] + - ENC[AES256_GCM,data:N/nkWHZKJ332Hk1bIMM1z3Q=,iv:Ztyygrcphon84KU00SjQPb7jh2FQFx34zbkX0S95hvc=,tag:a6ldYUCBJ33aAGfoGzjC8A==,type:str] + - ENC[AES256_GCM,data:SspfGQiG5l0yVV58VAU=,iv:SVc0JoopFuIvgiLLphT7phMjicToOTIq/vumEDk8iAQ=,tag:GZJ//TrQUY5s4BdDI+lFLA==,type:str] + - ENC[AES256_GCM,data:XPrNM66yygdGtUrOU9hEWw==,iv:ZRTWNjNw7f2JLUIqVLLyws3WJOJ2vHYZzKGHRdskczc=,tag:0NZXPMFGnNwKOiBqeLBaqg==,type:str] + - ENC[AES256_GCM,data:OzS+68kRtisAcbfs7Ho=,iv:EWFpNSEh6AKvd3U15L5Hg6ZFOSRD9QXhby5kXpdrKag=,tag:QF6POKv9cTZH88jGdglSQg==,type:str] + - ENC[AES256_GCM,data:ZquV7FfVx2llnHl0hg==,iv:vbejI6eyI27xeEKiCGYd/hDaCA6r4MVJywRZZVNh+/M=,tag:bNxjvfZTEcfWCLha82zDVg==,type:str] + - ENC[AES256_GCM,data:HAiMEIcXEW6Mi8cj4pMR8g==,iv:lgYnjxMqDLQ0da3whTdhg8lTLeq6dU2eMRDQGxRCxS0=,tag:DwtHmzsKNYQmoQ2gT1XPnQ==,type:str] + - ENC[AES256_GCM,data:Rf/g/LkhSjBVz45xHw==,iv:gDJ7dFh4K0B3TAAdaxfQWXMbUtOaKeY/F57oms3eZ5Q=,tag:LxpDBdYm+9LbOH4FXleQKQ==,type:str] + - ENC[AES256_GCM,data:y171/xszEcxgOduymM4=,iv:gQOpjwkF1qYT10iOayH4N/nx0KQXMk+iKnOe9bRJytI=,tag:Q+PhsRStrUBftSaHLSCQbw==,type:str] + - ENC[AES256_GCM,data:PjCP0bwsdsnL1xmizrlo8Q==,iv:E+i3fHsOiSxE9sM1Ft/LG2U7njvyP5Rt826b4wweYIE=,tag:h8pitKl2b249R2QPrrcZeg==,type:str] + - ENC[AES256_GCM,data:k8RIxncxy2nYmbMz8LW+fLbq,iv:ud8o7vZVkKs/7I7/sFNKSXUTGzq3Mo8K3OBDy1soA9E=,tag:zUWewQldBZPuiZT848sqag==,type:str] + - ENC[AES256_GCM,data:4HSB628fvhkhXG9cnOYU16+I5Yo=,iv:rHHP7HofQVPtqmUB5LuUpWnan0auG98agLM56fz0Dac=,tag:/KscDtWmoK6qgxY5Xn9iiQ==,type:str] + - ENC[AES256_GCM,data:NAo53lBxmlVB9Y7HiWKSB1w+,iv:El7GyvZkSB2MjX7q0ehbVMh162D2ynD/i8fR5biUboM=,tag:aXpxwbhUx69I58l0Xb/qng==,type:str] + - ENC[AES256_GCM,data:s2h7vWVv/sjMR+AA7+Y+,iv:Pig6t22JjolKjCy8smn09iH6/QeHKaSd5fxxz7T3oAE=,tag:XJ2DLD6FrqjZsdNB49R+pg==,type:str] + - ENC[AES256_GCM,data:mK2Go9Nkl9TLYmPmHcQMTg==,iv:T6coaNDF6KjK7yTIqAk8IDx/O+R/apjzFrTZFrXjYKk=,tag:1vKdFya+b2Ltspej9zdcgQ==,type:str] + - ENC[AES256_GCM,data:UFUA5kaniPcEEwcTWqA=,iv:RH5LOKbgbZOYblpO5zRMhNsA3/42ea6Wi7kQTwmJI8A=,tag:2wpQ3I33I3jNZJL6vq4Ptw==,type:str] + - ENC[AES256_GCM,data:PjbrE3nHTuOFfYFSUQCDboXC,iv:/q08Fr+UwBjJehs0DR6/gfPTPRzsoTtyMHxVndHceBg=,tag:0NKlkPYGjvNhwp2Nsgt/mA==,type:str] + - ENC[AES256_GCM,data:3VXnNgz/WGSZPKe8CQE0jnsSzg==,iv:Oj1byB1b0/B27azXYSTWYK7ebVQfr1cW2sG21Ou5S7I=,tag:N6e+NzsvvdzxvLY2TNd73Q==,type:str] + - ENC[AES256_GCM,data:8XwFCT5Wq2OTkcry0so=,iv:b+gXVTNQMSok8U6Olb394a9Q1k7mYF2P2cRfHoFIuHo=,tag:jyQGPdC5J5z43S6UfrGqlg==,type:str] + - ENC[AES256_GCM,data:dLZ6or17Nlxvcd3FKw==,iv:choEBnaruyWVBQRr705zdcmWJfUtLu2q1rWrZwRbYEk=,tag:mZU0Ktzfj1XXO6I1GyrCUw==,type:str] + - ENC[AES256_GCM,data:For+ByJi0r5QSpry,iv:6UToOTfgWP2DDA/Ae8rntKzLBBRGwUung+VPqQZoCSA=,tag:ZAxDYTOHLqP3ccI0oEvLXA==,type:str] + - ENC[AES256_GCM,data:BcyzjBodAq2ufS9ar4WStsREZg==,iv:9ppmNSFdgS+mR4iZ2C0OA95VQF0YRFYHM6+qTpM16yY=,tag:042vEcd7Sj0ozPk7n2VTig==,type:str] + - ENC[AES256_GCM,data:+N16jBSH8mf4f+X8,iv:uTTZUZpZ37gYczkIcrIq6Qudpf2F+Jxqb8qLRKwxA8c=,tag:+8ZwfqRtBFdnrYiOKsXyOg==,type:str] + - ENC[AES256_GCM,data:NsDogfdWgLtmARY/8jTSLA==,iv:hcWUs+mu0KaGkY+7pHZK8UiiM8JSDOlEmnF1rDeTScw=,tag:jqUcHtTk4jWcBtLPStIPtQ==,type:str] + - ENC[AES256_GCM,data:qwbT0H5TxasTnqJ1vSu+wg==,iv:DsXLF8oTZPsRaF1XlFbqON6BNJ0k31bB6lpuasPHJEo=,tag:Yk8Iv57pR4n4T/Qpg2Svuw==,type:str] + - ENC[AES256_GCM,data:xWI6UrkIfvk58Bw=,iv:olepW4GO7i5LLW/7r5W+Blq78Qejq1NwQDdseU2b8ys=,tag:vNBsXbsn6BR9KESxRoj52Q==,type:str] + - ENC[AES256_GCM,data:JRfcf4mOj7dNRjQ2gPSmzQ==,iv:cQtBize6FLeadJIVNyQXjuTeQOqCEVMQrxvObhBJBII=,tag:6HJ5im/8dExZs9Y4cLvw0A==,type:str] + - ENC[AES256_GCM,data:v+CfmhsOROs1pS8JU7U=,iv:4845igxBnnDS33p5UamdE83cLDLMf8KoG4APTRjArvQ=,tag:7u0x1igr3pU0U347L3T41Q==,type:str] + - ENC[AES256_GCM,data:9ZMUHb5aEDxGe8RSxgX0OOY=,iv:MBKykvW7zsFENp8H0uoXG9dgQfkbyJS3bb7znsf8Gvw=,tag:v9spoeGxKqO/FPQfQqQ1gg==,type:str] + - ENC[AES256_GCM,data:ZQApQVkeQJpA89lkBpw=,iv:yT46QEYt+yi8UDlJHx02QdmNe+0pDZpyi5ZXP6bOMK0=,tag:gLikYKC3ua+339bYzq1W6w==,type:str] + - ENC[AES256_GCM,data:Tas7MYhOodYXUrD9pmU=,iv:q9cLKqRbPSRiuFwIjYD8+Dh6OEHOLzBXDfF2n/tlJgU=,tag:I1JFRDRRx2IHzfEMhVG2FA==,type:str] + - ENC[AES256_GCM,data:YLVYNXUzF71TnA==,iv:JhIa9b8jfJ0pn2ps4DRjKR2grLo+Nu3Jl18dPqE99jQ=,tag:xYhihr69dr9xwcmvC4wQGw==,type:str] + - ENC[AES256_GCM,data:6qaPxBiHX2hjo1Kk7w==,iv:y4DXxYzSmvNkhAOcjjPCPjL1XX0gTJY80NM8CVYJBBg=,tag:17rFzJYUNyFl/4m5EmMIZA==,type:str] + - ENC[AES256_GCM,data:WRC1lnpImaADw3cJa5e5cw==,iv:Apn88OuKntlaVIWFY984xtcV5u1jxa/347QZNpi1SH4=,tag:fSsGC3uh0o9IEFFoiLciww==,type:str] + - ENC[AES256_GCM,data:t0y+4D1oKKJIqWwHb24=,iv:gpjdk97quT1Im+vhcxyNF7gU/tF3jHnhll/RFURi+vw=,tag:Q82n4DVMwf7DiUPghRC7rA==,type:str] + - ENC[AES256_GCM,data:qu++zXZEI0i6MvYWOJI=,iv:UHARPZqMJGcJzCO5e4VMltRv/aY4VB61ccyjnwBG67w=,tag:aTChC0DJL/NlnjhHyQwuwA==,type:str] + - ENC[AES256_GCM,data:KIYSJFg6iXDACxK/pw==,iv:mnYpg+U39hzCkkT0Gk8/e+KH9nfS9MOt7WWosL8DnBI=,tag:8PpLWpod614R7o7JSPj8hw==,type:str] + - ENC[AES256_GCM,data:5pS5bSmU5xClFqof3Roc,iv:/AtUZ1pUscF/cqxSPOB/CU5Il4r7+spO7TQULED046U=,tag:K4z2z3tdCd/Ldd0solfUwQ==,type:str] + - ENC[AES256_GCM,data:jsJ3eT1qHxZV6W7vK2A=,iv:8z0Wrf7mx9AB2UvZH78fZkyPCl4EvZQNrxXE+PlXw1Q=,tag:O/iEmyLdpYdnbNNNSGL5EA==,type:str] + - ENC[AES256_GCM,data:WGbtTbFNZocnV+k=,iv:w5p5w+eX6WrHoIOD5PzMtipY+Qjnp48oznuWTI1BcPc=,tag:YeScVgu5O41HiWrJMokDnA==,type:str] + - ENC[AES256_GCM,data:9R+Ef0k5pl+l+2/Frg==,iv:sDAQD4gH0ZXfdtjZwxenq6abYY/4z3FpYE8h9CmZqAE=,tag:znnniHhHmsgvd64bwJ23kQ==,type:str] + - ENC[AES256_GCM,data:uUBl7qf59mml//GG,iv:/05Rl7pqe5ybYUKNf0OvFul5vAqVdpR0K1S5bdPUdCA=,tag:ZgoC6jBsnx8Cn5WMmu2TAA==,type:str] + - ENC[AES256_GCM,data:U8MvuPQQ1D/weTka7g==,iv:2ZfvbZ931bHPPKoaRiayu9kNL2dytY7Ad3sS9cbNp0o=,tag:iijuhQ4sA+j/4tOkcqOyLA==,type:str] + - ENC[AES256_GCM,data:fXiW07yb,iv:wPIMJkR1D85o2QN6CLPLCXzbDXHQVjbZSyi2vUNyKE8=,tag:aJYwazjqB9frCqo2AG2PGg==,type:str] + - ENC[AES256_GCM,data:MKipVB3i,iv:YlO1ulEPHSuQ9Pa5dIMCfc/5HScihdJWxcJYLlS9boU=,tag:EbLG5c21WjYGnNnBCFW0Vw==,type:str] + - ENC[AES256_GCM,data:c7Nq6QxiS6eFNYU=,iv:zK28C1YH1FdEtLuAaLEAQp8SyZEqtyPe7TE2QKJv1ck=,tag:6kJXhJwYKJxrXOhQ8EuNPg==,type:str] + - ENC[AES256_GCM,data:m7s9D2o=,iv:PMYdrhtdS5wLbInqlR9yA7TJ2rMAKBdGV1bkJxeF82w=,tag:tZtgX7xfl+4Wk/3ydQkcAg==,type:str] + - ENC[AES256_GCM,data:mna7kCjq8RbF9JU=,iv:wuHD3n88t58RBMOkaQ0Oqs9qK956N7JdVcgoxKS9tR0=,tag:eAjyZG3CAIa0roTvIvNiHg==,type:str] + - ENC[AES256_GCM,data:NK9dVskNuwKTfWk=,iv:YifeTmOe568uQHfR3Y/iohAqMMT5TaZQei8kMTcVp7Y=,tag:bEYN7RSOlRpdzID9B2N03g==,type:str] + - ENC[AES256_GCM,data:oW8+wD86JxADcPshbv673M6D,iv:3+zGVv+3YQJNnqTChJ7IZckxeL8nWmhjzbkiCYo1VIw=,tag:R0RHIMhr6t7iYPRTs62vtg==,type:str] + - ENC[AES256_GCM,data:mHLnLWBQSA==,iv:M4rc/b9JCCmUvAu34g7P6+vSGbZXlr2ZAupQbDYX5wM=,tag:+XbvPnh3Ek+jG/wiLtQiMQ==,type:str] + - ENC[AES256_GCM,data:4n3799YMQa/1V4ehK56lvJOO,iv:7qMalVN0vaHChdOL9lvFufQnM4ETE+1aPFnFeTFjVEA=,tag:yKyE+5SDAi5JP48ZkwkfQQ==,type:str] + - ENC[AES256_GCM,data:NvxrzauslSQdAMwLEXCvYWw=,iv:SeRejSQDjiumU77vVYxUh0D0IAWcDGNcCyv5MW3yxlo=,tag:Y+R2XbhQgbVWtuqiy7uJ4Q==,type:str] + - ENC[AES256_GCM,data:E2WArhsryrfDz9Fus6sNFqQ=,iv:NTKEqIIhZ7AGachgWTB/YbKn5DlSFG45KA0R8Rz8DIc=,tag:y8lQBwJT0Tk/JS4FvbsBPQ==,type:str] + - ENC[AES256_GCM,data:uHgZ3OcgTHWLriFsrAw=,iv:71neZVjCzm5D75HnpDqaddwndxsQbnEttPC/uv1tTv8=,tag:McfkSC2QGHkv+T7GP9l6Bw==,type:str] + - ENC[AES256_GCM,data:WDcRRxPl1C/Jew==,iv:jek4nAfL5IHpnzsux36lYEISqKh7PfxEfXGxfu4mfhY=,tag:b2mW891bJh/5TYBVAlCTFQ==,type:str] + - ENC[AES256_GCM,data:eA+PYqcdeo0AVeDZ2A==,iv:CxZrZS9/71FUGJsmDKeL8HgVhm8Az6X5TPl5G2BFGvg=,tag:cKa4vQGG+RfaZil8ZpWruA==,type:str] + - ENC[AES256_GCM,data:u7gbJZV44XWD15oi,iv:8uoGIjzDGFpSUc2bOZZChzXfhfq85Au6pCUCp3cnTko=,tag:zMnL37cUICgWahofS8tbgg==,type:str] + - ENC[AES256_GCM,data:D7P48HDzt+c=,iv:coypWICHUoRuLUK0tIfgLOFz4Jwk3aC8NexCrI2J1kU=,tag:TbaNVcsRk0vWqniRgD9n7A==,type:str] + - ENC[AES256_GCM,data:Ko/V0KmLXd3W9w==,iv:YTB2KRgIVNmYbk1Tno3NJ5+piBqjftWkHPWyfwOBNuw=,tag:Hk0hz8sFMUgcYvGgFn1BgA==,type:str] + - ENC[AES256_GCM,data:lm9p1nUzPg8Pia8=,iv:5iceplDm2c5kZo4fKw6bke1WUcBIfnONVz7TctzPCx0=,tag:sgeYy/dUhD3VA8on/TqcJg==,type:str] + - ENC[AES256_GCM,data:nGGi8F6uiRNvmYwIr8hM,iv:8WIlf3mIvMqc/KUg0/wkahF1Jkwxvr5ZisxMILHKt0U=,tag:UZB2dJ2cXPhSiIeV/tjmNg==,type:str] + - ENC[AES256_GCM,data:fvCPfIlo3M8Qjw==,iv:WW6kJj7WFpiVkaHaWfYzPm8j6Pc68SF7sII7JkZbFNw=,tag:FUdKdqejGSQglM5L4pA0aw==,type:str] + - ENC[AES256_GCM,data:h7N8MGVUHGaqruzBEro=,iv:YEFPmh6+k3atqwYDmtim0tFXWl3vCxwcUumdlIUsYKQ=,tag:EBsSGrBcWNbI+ZJojNSU8w==,type:str] + - ENC[AES256_GCM,data:Qm++W9HKG84=,iv:oBePlBLQWsf6FaDCy6wvr0Z9tynHECwc0MPTnh5RQc4=,tag:Ga9JnSe5ZsBeszOP1vEsVw==,type:str] + - ENC[AES256_GCM,data:6nw/xto8yvQ=,iv:mgNsivP6O5sv3db83gqLegEbIUp/u11K4tXt83MwPDI=,tag:V2KG/Ip+wtYhtxstXh5BoQ==,type:str] + - ENC[AES256_GCM,data:SaeLGuTq53Bt,iv:+T9cKnBOVNCO+o3s4V8gu4/hBw50KTCeADfLov4/o14=,tag:za3ZXSavPwsHKhD6T9cP+w==,type:str] + - ENC[AES256_GCM,data:eoiRiQXbFA==,iv:HZuOMAHFOYYwfvfE6HimtAixCenr8zQ+czodsuLb9+s=,tag:ibR23m5+fI/os75zj4Po5w==,type:str] + - ENC[AES256_GCM,data:oiLKpCR1Ksjh,iv:shooLtUhkamjwCcFYwaHmGW5cjoj2MbSIDPD+aSQJ1o=,tag:sdgN/zzG+ofVJk+4KWt15A==,type:str] + - ENC[AES256_GCM,data:y/8jO3j5DWB4,iv:gEvJH8I7IpyeU6As6GFE2YS+8Q2kAb59FpC93mqhapc=,tag:p0lN4d4d1gfiCVoeKZ3E1g==,type:str] + - ENC[AES256_GCM,data:y+CtrDwa6Rsq,iv:ZQKehdEE0tDKHj9jzYzmMzC2vvgFHHVtKa3Rnhgr5SI=,tag:p2zjoIGgspwl3Fz3ECB3jQ==,type:str] + - ENC[AES256_GCM,data:gj+DcjE09X/4,iv:B0ePOcDC1lDSxoz7QMfXx63UnmER7WEczQNFN/zEOoo=,tag:FDlR3IQXY5gdKRMMnTtLCA==,type:str] + - ENC[AES256_GCM,data:Qbh6Vssv5JpiVG/xxFodgtL/6K4vutJNjg==,iv:1k0sOtpzcgoDybBZ8qIno7K33TTiGVM872jOLwh2cgo=,tag:+dJcQsiGnTa8MjsuhTou4g==,type:str] + - ENC[AES256_GCM,data:OMO+XdLDybk+fTI=,iv:fu0mgRCEcex/N0j9tn1dJZgg+V1DBc9DZgOLV5/lkfU=,tag:o9ULPsEBjJ35TCrJ7fQRqw==,type:str] + - ENC[AES256_GCM,data:gcjTOrZnkOlr5pY=,iv:+T5+j3DvzRVOUBJf6pAo30tKv66yFv0j6tZL8YFssD4=,tag:boaRB7UC4IR59NmlVpZLnw==,type:str] + - ENC[AES256_GCM,data:inicZHxXF/OvXg==,iv:k55yt+5U7BDmplDfra5QE0d3da9NAHW4bifwDmPOgIw=,tag:ewmjSGMyq3bPjALN38LO0A==,type:str] + - ENC[AES256_GCM,data:2cugZ+g/A2lTrfRLRQ+8,iv:43jPt6crcK/vQH+e4p/Ei8i0gfO43W56zP0DsBfLTNg=,tag:9+Ply//9KAlXaeUjYP/j4w==,type:str] + - ENC[AES256_GCM,data:gO0XfIlGJR5UP1c=,iv:nWVpdmb3Sc+OnBqFrPnsqnb5HlMZywTKM8QNvZbvdac=,tag:ZjBWaXxGUj/oCzbQfJsFaw==,type:str] + - ENC[AES256_GCM,data:DK8vTQ9mONDelw==,iv:6o22SeuR4sEEEOISED9QUL8mcyxOoAkOJDdQOTLm34w=,tag:+L75zNWRNRHe7q7rD4zNrA==,type:str] + - ENC[AES256_GCM,data:yAb5l6NS4yCUm3Mxfco=,iv:Gry72LzgutjIyoIIRBnExVl+qURtDHXOKsajYjclNzc=,tag:tyGlmRrAS05M4pudr7MqUg==,type:str] + - ENC[AES256_GCM,data:jMR6JnaX3X3MaKcM,iv:Of9X34dLyZVy0wtgxNUrUT0FE2zsNvZ6xEtf8OL/p7U=,tag:hTozgW34Mou07thYZ/SdBg==,type:str] + - ENC[AES256_GCM,data:ePqQq4gUK7scQGo=,iv:Xmn/oLI0WEhxTK08VwrkWTlkuwFineQStXnF5vrrdNA=,tag:OaHwnTR49JfjbR+SoDBsag==,type:str] + - ENC[AES256_GCM,data:xCgf6nf40xu4,iv:yIk+8Kvq3+/1CIm+0R6cfuudaNMa8lFp0KeOcaSDwSI=,tag:EuHkx/ILzmuvx/W3cto7KA==,type:str] + - ENC[AES256_GCM,data:+n78KGOg6E/i,iv:MDEPCEodHuQo5fwaVjPRRI0GWjwOl//2PSpz+dmdsxU=,tag:4tV77I/hkc3FtME9DSUvIw==,type:str] + - ENC[AES256_GCM,data:ciH+iwF3AWv0RGBn,iv:ATYbjQJH+gP+5e9WBTTt3bYCa22yVOW/euBWYqxDbGo=,tag:RRdmiyHSluXemOk1/KiGnA==,type:str] + - ENC[AES256_GCM,data:yDqFy9t2Hn0InHEBV8gj1Ew=,iv:wX2RfpWyfXik62DOGVgLbkbQK6Xym94cwzZ/KF0C0O4=,tag:bF5j49Hgo3D09jDjTJvv4w==,type:str] + - ENC[AES256_GCM,data:yibpZ3VBukTXDtiWARwjtLc=,iv:tQrE35WhY6EtnKkgPbxw3p2OKbbKa3z1QuYJG2f0rp0=,tag:L5LYesdEL0qsdGYUKG84uQ==,type:str] + - ENC[AES256_GCM,data:pLwKLqI8eHZ5nNCRUV4bjY4M,iv:RYnuTtwW5TSAauexy+KgGTPasgs29y2a/s3Pvu3JxYc=,tag:FQeqD939iuIsGTN8HOhzzw==,type:str] + - ENC[AES256_GCM,data:2QqZPP7KNg4X,iv:7ZWv27jNEfa54UwD/d5rpJv8K/E5LDmetTm6okPpXUU=,tag:ZFRRvTbvKVZCOd/xyhUFRg==,type:str] + - ENC[AES256_GCM,data:i17QqO0HG+XbBfc=,iv:Mk1ZeYjAn9BNIx5DPHnIjkxoHZCk56PXSQCyCAizoDo=,tag:gdRN5xpSUTir6QvNPE0C+g==,type:str] + - ENC[AES256_GCM,data:1aK4pTcxr/QtUsk=,iv:SrpkGN897fQ5SsPTJb/70mZrrw5aMIx3rqrXf4NkcIA=,tag:HaIGCEfyUVvnIFlLufHU/w==,type:str] + - ENC[AES256_GCM,data:zzauS4sQkGPGIvvNygo+CTXA,iv:T/bO8WzQOT5r02BjREwKWkH15ymISyBkIcy0EITjdLo=,tag:faxU436S8dJurNOiXXUGgQ==,type:str] + - ENC[AES256_GCM,data:xzBqIRiBKRMgVg/A42e/aA==,iv:yI6RcRHu/iDlAQY6VdZNW29Nq35DVD1Yw4s93qCTus8=,tag:E5b+8d85IjnOb3c2DUfzoQ==,type:str] + - ENC[AES256_GCM,data:AEuYBkmeZRO0NZ7VGtn1kiHE,iv:EhvPsIjbRB+h5HTY7b9PnNiId8sAZnEAPHn4UVGL3Vg=,tag:Y9kHUfzd4CxG0l42GJo1tA==,type:str] + - ENC[AES256_GCM,data:l0Uj8d2KIfD9p2s+,iv:XH+rutqgNiTo/IetZ6H5OqFsFFL3x1G7qBtg3KcYZKs=,tag:6PRvOWtLZ6Q4z7ru5F5s9A==,type:str] + - ENC[AES256_GCM,data:0orw8ryC4dpawlvD,iv:Ip5CigAv6KI9Yt43HdYhBdtwcm5f2HV5ynorZCwF5IU=,tag:r150WGUSydEhyiqUcoFuhw==,type:str] + - ENC[AES256_GCM,data:Jo90sqTFjX/kwvJr,iv:ScY5c1r07c9+Xs3A+Nd+lcldpMC6UxJXUyc6zHUUqcE=,tag:M6HXmjqi+2nDJNbNiBbwiw==,type:str] + - ENC[AES256_GCM,data:FRuj2afnlupf+9aA,iv:7z8ItsKlpG+Vl1yCl+emzG7Tfj6i4CNTpdf3t/gkads=,tag:f2uA27BTy9UutGh9AZWCqg==,type:str] + - ENC[AES256_GCM,data:MSyQi2MoFUUwhQG+,iv:i+iz8XeHYTckUVUhybz7Pck4lS8sqcY0sRn0vh5d9zg=,tag:bI34KxBqCpbOyoYlQOlQGQ==,type:str] + - ENC[AES256_GCM,data:odS+UESlOMhWM652,iv:l/ROJ/teKetVZBsN7DDzhzcYiTQEy4ooH7GVnYqmagg=,tag:ushw14fWC7JLoGdmYhsOTQ==,type:str] + - ENC[AES256_GCM,data:KKW4wn6tNbqWXWoo,iv:5KSroXEeLxfv62hrGoAWk2ghuHwfp8S4N0sZ1dgpC0E=,tag:m3DXgfr/qlzwELP/dnSbIA==,type:str] + - ENC[AES256_GCM,data:SeI7eS5Gw+gsOH0+,iv:qo8XK7FfwSyFC4hFz9fe910cInIPkzMyci+OjJ0kRbU=,tag:m8M5PJY51Bm7maCst5TngQ==,type:str] + - ENC[AES256_GCM,data:BI5ZgGoVPMZ+guRT,iv:SRJVjleBdBT+NXRRrBsg8mEaMeShDie6bWYHGhCT+5I=,tag:gMf6JIj3rTwyetT578jL+w==,type:str] + - ENC[AES256_GCM,data:fHfoxwmnW7d7D+C7BdU=,iv:HzolBQxUsSn5lIEMCNo7Lqc14hMTE64vPr2xhXXUF7A=,tag:anEAqcqZgX/OmkXsXp0EDA==,type:str] + - ENC[AES256_GCM,data:7TBEeNQeI5T79qg=,iv:rH0KWdnJcCfttACM7fevb2tKAGAnLeXS7twPnNKWQ6U=,tag:YUfZJoLd6DdFZNB627nUPg==,type:str] + - ENC[AES256_GCM,data:AmewTNrfncJa1WA=,iv:le0liG+rjSgRHbZ5Z0ayHNDScFB71aW1LRWZmaN2SnA=,tag:HblvSjHIjQMImLQz7iGZMA==,type:str] + - ENC[AES256_GCM,data:XANkFq4mv2KD3A==,iv:CjceNqYJriREMHeUjnaqbF7vnQMtTzLXArnzMDpEDtE=,tag:a1UrwCnA2fqafAb4W0IJPA==,type:str] + - ENC[AES256_GCM,data:0yNeR0CDw8VFHy1EvQ==,iv:uk/Q9jKEWYujojGj4Xbs25SBgM3iEh8JbSLUM2XUrSo=,tag:RT8mi0J2VoOdAli4Latx/g==,type:str] + - ENC[AES256_GCM,data:GCsboNbpXmD+N46v,iv:oSSasRiXezs+k0MBTWCUyJRcNmzbjwNKkUwh1mpnXlc=,tag:WWJGe79ZU96/gZnAuauOoQ==,type:str] + - ENC[AES256_GCM,data:JpW5SNvnZolO8w==,iv:eA+NMv7Cqn0uj/VPyf9jxyUGYBCoMi2eO8v9Od4mkQk=,tag:X46P651HRVuKVQKV810Rgw==,type:str] + - ENC[AES256_GCM,data:gjEUYaDSTtYF+3s=,iv:6zWgg9KbXoMmY47KFGfw83604sc2Ks0U3K1M7BkW7pU=,tag:+NL3ATtuMlALKBHYR5fa4A==,type:str] + - ENC[AES256_GCM,data:TQFH5jMrPAs41dk=,iv:ty0fCOqYS6L/Ek8qV9D/TnOyJT8RSUVeap0KakGzzBc=,tag:SYx5dv66i5l1ko8mDEVjEQ==,type:str] + - ENC[AES256_GCM,data:UkKjtqJeCUjL28DtCB9ynos=,iv:GJZw506RDJ2WTMGYSD6VcTN9fk/2ZwHy9bq3XxM/Luo=,tag:LQtZYepKN/17arCsRWnw/w==,type:str] + - ENC[AES256_GCM,data:Ny/w9UZ5zqkDF9pDl2v+wgKfzZEV,iv:sMR+nXqJrbGbFCeaaSGi7wAWXSHah0zmO2m21dJndos=,tag:ZFdb/tRcHkMwJiKLRebkqg==,type:str] + - ENC[AES256_GCM,data:0RyvWgmhTo2FxycH,iv:ydkVXsiczxozj5CwMLQ8juj0pvdLzZiX6zuPzwtoPVQ=,tag:uBZS0rAr+O726/wu7YHZ/Q==,type:str] + - ENC[AES256_GCM,data:3eD7u1/+2EJjOsql,iv:o8TGf4nFlCCg+TJScwnAznrxD+YdkYKSCy5FflQyVsg=,tag:8rVKRgR3rdM6kuFRAqtNdw==,type:str] + - ENC[AES256_GCM,data:i4DIg9cxng==,iv:hK+h7VF80+u+IyiwQoG6YN7Zwx2/NAzaTPBjvz8WSXc=,tag:8PkG+fbC2V3u5WLvIH640A==,type:str] + - ENC[AES256_GCM,data:YFFsIq2mC18=,iv:ZukaIfj7DgGX12ooy56trkzVfUfXE5ZMBYn3uux8dBc=,tag:vyi3dyc+XhHpKh6QSNQ1FA==,type:str] + - ENC[AES256_GCM,data:HveJR6WjHogs/Ryw,iv:NffoHr/d9xh0KWsC5g+VKJQK4B16LArbrBV3cgkwqQw=,tag:dXF5bnqK/ghxPd5XqdB5Yg==,type:str] + - ENC[AES256_GCM,data:DdKseYQgbQRTAhAu,iv:1D38U/nSTMCOAt/cBxzftGcz4AYuvkDxPpTsTTGB7EM=,tag:w2ID8j4ciTvIrbtl5rgvfQ==,type:str] + - ENC[AES256_GCM,data:GUOtBCYuRnOuKgU=,iv:SSyPMXV1ceEWhOceNam5I1c41Apac6uj9yC4vyD0XTc=,tag:SMLCeCCA69zrr1c47EdCSQ==,type:str] + - ENC[AES256_GCM,data:b37ugBLsnK2vGDlYQzt69VX2,iv:QZhLBeCfwEx8GY2NNR4u6/31+ufkVYWQfzKz5lbuyrg=,tag:a9JU6dCTy3AlcDIztu6CRA==,type:str] + - ENC[AES256_GCM,data:5hbQrSvyJKDPi81UQIGa09lH+Q==,iv:+DjQ8f0p5DavESRwXg2zr94gbnkUl4pzfRFTXbqGkGA=,tag:ifp+ZPHzm8ZzniceGXlphw==,type:str] + - ENC[AES256_GCM,data:aiQb2jJ72CTEi+chUQ==,iv:Ujub2mDnUgmTLVricPHb+Vocf3wsOq3VFkPrRdtPQlg=,tag:GpqHL8JMPxx/LMTtaU6Fww==,type:str] + - ENC[AES256_GCM,data:7asDJyKluwz4McgqxwGzlwPKrw==,iv:T0fLnPyfD1vfbHtkbfZG0k2FA/P8kZO8Is0yWVsJUlY=,tag:pw+rzAkPTedGBxPfwCq6tQ==,type:str] + - ENC[AES256_GCM,data:aJBz46ItCERxv1ogMm+9k0zS+3w=,iv:SYcNLbu6nBB0RMlSRCcBOWjrVG5SCgdtlO/zXdxHkfc=,tag:EGDIb9/r6ECAy6DR5zwUrQ==,type:str] + - ENC[AES256_GCM,data:r7LsFe6YTo9ADnw/8A==,iv:HbWXxytDKowUcZh6W9JD1pN7VBk+rvOZWU4chNJFU28=,tag:qgO/6Xz67xumw4X3kBZTxg==,type:str] + - ENC[AES256_GCM,data:btJ0EKqAVRjbcLM=,iv:8fzYsDDS6KFh87ztUlSjzfYR5MjV1SNxCkXxY8nk/cA=,tag:3TLxhU+vRrMIwJ0upq/FnQ==,type:str] + - ENC[AES256_GCM,data:KIAi1vBCsyximRgb,iv:dSJJ55ATKF2iAqAG/wR1+omo1w6dS6e6BdFifD8BxFM=,tag:QRx57WKZFOkdDiJriC9l3g==,type:str] + - ENC[AES256_GCM,data:PFyjxkPReZ7pfZX46fszLpQ=,iv:Zy7rrFMQ3pAbrKpQCVZHZthZ6rK25HT10s3APG5LTZo=,tag:TxYqGAV9BNovksSF+X8wlg==,type:str] + - ENC[AES256_GCM,data:MMZdcxrqGngaukw=,iv:bWde7QIf49CDNsYht3fLp+xfmYePy22ELvlagTbu97o=,tag:iER1brNvbx3vNHkozFvrog==,type:str] + - ENC[AES256_GCM,data:7gg5EyMnSyE=,iv:3T/yProDMl5TuEX3JAQpCs5/H//yNkxLphdkveWFPlk=,tag:01xkzssfDg7qSufPKtr9eg==,type:str] + - ENC[AES256_GCM,data:MalNDG9xJSnSsSkPKQ==,iv:mDK+jrhuOZp7H8H0/vzGox9d4U5jDeMqjHTdaVA3HJw=,tag:XGaIMga1CP36yQTNE8CfiA==,type:str] + - ENC[AES256_GCM,data:0aDg6C0L52W6EHQ=,iv:M+/s8h+37bTPaHDg/jp1rWz9S0SUJbXC2vdiZB8G8hQ=,tag:cOMe6AZvQ/nQST9+dUOH2w==,type:str] + - ENC[AES256_GCM,data:u0BDFuL6A38LBw==,iv:VhlMNJuYsRPhK2U3nTi4V6s/w2G4Y0qo9V6F5yHGYcw=,tag:wJc/ub+uFJIRqOCLdUBq4w==,type:str] + - ENC[AES256_GCM,data:23hSWHONW/5X31jv51yzWE1lfspvik4=,iv:2NaVDrtIMS8dfOCYBr/ibCIBWGvxa+yn9UXjAeFbHsg=,tag:boyEg0vIQr94YDu3RJ29UQ==,type:str] + - ENC[AES256_GCM,data:ipIM+LNDMse36vAEVEClxkx0NFpY5Smv9WE=,iv:wm5TY5YtL2Mh9VQfrbheIXNysA5T/Ny7L/PIq3xhFHw=,tag:k/vv8mfUfj9UFUSgfe809w==,type:str] + - ENC[AES256_GCM,data:FvHG47s+PpqDwrp0ehETaXM=,iv:BVRfmIoai82hhUikgRs8HGPAHsbwdjxV1WOnOJpsevs=,tag:EzTja/ctJ/pBH7wJXeSN4A==,type:str] + - ENC[AES256_GCM,data:HZthY/7xF1mg+wIx3Q==,iv:r8r3ljwbRptrrMZVHeQsuG7pS90LIFtBFtNuIEOpa8M=,tag:d1DdzoGobpHkOdc9CUEBzQ==,type:str] + - ENC[AES256_GCM,data:ovQYw9DbWL8aCrSz,iv:mVUrd0lJccsN3S7lKD+txyXKtnTF+C2JGnSs6y7lzuM=,tag:L2ek7XikWXtMQ9xN9vCKSA==,type:str] + - ENC[AES256_GCM,data:k4ZNW0PvmqYa+BY=,iv:B/Jj7U0X7qYLl2N2GCBwykGENaGNmoFMqMSbXJYdAR0=,tag:ftmZeC5ABEihD1HPtR1hiA==,type:str] + - ENC[AES256_GCM,data:g8nqAd5qMbnKDA==,iv:2rydgm+yZlZLdNzyc/wPTl5qFIumKFR/Hyr96jmcvRI=,tag:BCuiVo/XlYaAmAqN/cGmqA==,type:str] + - ENC[AES256_GCM,data:8NagzYwLgKi7Avbh,iv:RO9ZJkHtR2dIBbhGnsUMfnbib+NCLjZsbADUeK8zR/U=,tag:z5V8aTU9fWGTeaA/ixMvFA==,type:str] + - ENC[AES256_GCM,data:tCpsDnOf3nSBNzCFZQ==,iv:GoGFhAvL7W/WZvNkmyTYCzxN0TMk+KR3CwNOmiYlnY8=,tag:f9WD0jHDBPnVDSxMHP0plQ==,type:str] + - ENC[AES256_GCM,data:/X8GiRXVmWKHQm5sp2u6VDfd,iv:uFukjU7TCDrD/ks2xR5Jb77V4jgHKQQ2qUHv81umQtE=,tag:3ncYZCOanWRA1qFDoEWQHw==,type:str] + - ENC[AES256_GCM,data:X/vrwcA3JaijciBdFLitgIuO/OfF9g==,iv:Y+jAdEBpgv+Ah3FAzncofDXpCzq8DeZq1BNThl2vlS0=,tag:HX2GI0w17khJRZ0BOWzhMA==,type:str] + - ENC[AES256_GCM,data:QpPloDxWvzDtjEXOX5nvDqo=,iv:kTY8gISGLOmHHLfFquanYGIG7GfEhhO8CJRkiFrmCzM=,tag:uzibuycgJbQmuq6dE8bfnw==,type:str] + - ENC[AES256_GCM,data:SHR5rNMjgfmK0sAQzg==,iv:j/zvCu9mtnac5TNoXhLAe8SmRepf4m5c+7H+hrIXFuo=,tag:WsLdsc31cjwoYmCZeA/dQA==,type:str] + - ENC[AES256_GCM,data:+vXUyjHGNQKqPsN2iZtA/p4hIA==,iv:uHXtrW3YO2YQ4BumxjraK7RHwtyUiiJ+FU9GL/tF4Uw=,tag:Z1XBOW5mscY0ffOctAbfsQ==,type:str] + - ENC[AES256_GCM,data:sjPU4AzL6s1K+zA=,iv:XEgVzodnJvbVPcMYYJEoy8kXgi0qolSLJb1oRrGwvvM=,tag:aYi4JdE1kDhcr7hLP4ynoQ==,type:str] + - ENC[AES256_GCM,data:hkXQqadR9GqOM0Si,iv:rf6jAX7GVLHtzCOBQ5imlq2U8GK0c3MkaN3jUUOY9CE=,tag:0m/TPTPnjNGopeE4iuMCkQ==,type:str] + - ENC[AES256_GCM,data:w0GPM2/fm8Aw1sNCGw==,iv:QnDQC2Da03AsakAT/6zrKtUWKIGsZwDkc/dElQzn0Pk=,tag:UOjI9x0/5fEHlbMUobvC2w==,type:str] + - ENC[AES256_GCM,data:P5XdP7pB5zcP0Q==,iv:p7jO/tZQrXR68jc0e7ssSK8dT9q74JfzTsRotcogXsA=,tag:41YSJjK+x9e8yXsRg2EemA==,type:str] + - ENC[AES256_GCM,data:Ai1o0djM8hjZ3KRedQWjUjk=,iv:5zLKp3qAkNdax5MIpC9/w1KmdDD3UOcLiVQasrHiVYg=,tag:JWkdRxbCDTw64rZNEZec7Q==,type:str] + - ENC[AES256_GCM,data:fM1tpjfCHHd/1f093Q==,iv:m4xTROKYBS4zrBVFmxh3MQdNsJXh0hR3fxo99mB9Glw=,tag:qlkUdIjMH+B1hbhRumc+5w==,type:str] + - ENC[AES256_GCM,data:LlXeIfYUeQ==,iv:fMEs8ErmTS73SejFWVIAIoTnGOBcZ6FXg87FCL8ifq8=,tag:d5rBtLYz7+adWeIQs5GiVw==,type:str] + - ENC[AES256_GCM,data:IKI0X3Q69imwOZR2II4S,iv:6Fg07M++J6qhdH4R/qywnJOsM+oCwGpLJex8EuswkWg=,tag:8Oa9r8irT6rqFzcIsafR1Q==,type:str] + - ENC[AES256_GCM,data:JPWpwdJXxLJP,iv:swYqsJJPTh+BP7HHF1/nyHRYrSLsxmPcNP+qrJntGyc=,tag:pBAL+Rs8Mif2m8DPD1gUwQ==,type:str] + - ENC[AES256_GCM,data:IV7L3aqzVwzYMKA=,iv:IM09FQVUF3RLu3ZOc5xKAbeyD9aDxlCc3y9Sf68gbwc=,tag:duFce7wG2ctnptp3Ho/2Gw==,type:str] + - ENC[AES256_GCM,data:BhtM5+oSmqZyPSxNKlY=,iv:b+h5X6Bv2hMf5g1CAT4gOpejqRJ95jS2XrR4jMfVumQ=,tag:jXss+Xa7SiDWYWZfkTAohQ==,type:str] + - ENC[AES256_GCM,data:FS9bjZ5itCjGLMQ=,iv:XO3ee0P2x2O4BNVtzBP6pAxYED0z32VpLP+cg4MX7cQ=,tag:M5f1C6zpSddzp1cI1rsA9A==,type:str] + - ENC[AES256_GCM,data:i9XroG2OO8f5cg==,iv:yT5NgIi7IKzVtKszxWu43guitUBlxsEBnlKvVDh3I4c=,tag:779uWWllNNVaXsx0YiXgzw==,type:str] + - ENC[AES256_GCM,data:k7Feu7yrrhgNpw==,iv:488z/eEbQj227PVMRpIwTO7QpBVJN3ue91LWYOOHXQs=,tag:pVA0eLqinxSl2RyehiiC7w==,type:str] + - ENC[AES256_GCM,data:wcfRjcJqJHif/ju3TR0=,iv:Ut2jSofvZxkD+aUzgdwuboMh7MYzJNyziQlraIYXE4o=,tag:8XKX+FkJAc7nVBIjVfclJw==,type:str] + - ENC[AES256_GCM,data:inIhEan0YAhfh24IxmbrI+c=,iv:OKCRjJ9sPKah/JTnG8+DUlKYS8dzpPocDZcrvKopkw8=,tag:R6OeZGW3By3wJ0TyvL3HAw==,type:str] + - ENC[AES256_GCM,data:rhsDQKGerGuSRI0=,iv:AxidLUbx6n/HXeUIrkQRNYMyomjZeZSv1Ifm4DWvhoc=,tag:rKPg8VmsInAHuVpENTv2Cw==,type:str] + - ENC[AES256_GCM,data:JLFcqG0geU611WqijAas,iv:Wnb0/G4rBSH9Y3dShgFuxgaQhj6gUJICE6LHziV9t4c=,tag:KAx+AgfVgxdHk9Xzr44Paw==,type:str] + - ENC[AES256_GCM,data:dgmftFLEtP83dtiWNw==,iv:DtW3VE+dODNKC8AeyKtc5YuMO1trcUjqU0WzIoAlg4I=,tag:bKMxvW5aBquUDnK6QzGPVQ==,type:str] + - ENC[AES256_GCM,data:Xr1a+odp1uVNhy9c+w==,iv:nXXulW4ir6+wbUYJJNOUU1hoitiGCdGfrwI93lPk3p4=,tag:dECFHLq72AcBnsyxl1pDsg==,type:str] + - ENC[AES256_GCM,data:Qrka9GfZlY3Dgh7c0hsC,iv:p96uokKq2qWDM2Gos+cs8I+4EdKFwX9P0Nfdm66LaCM=,tag:+d5cj9uUUfAZEUtJPyon+A==,type:str] + - ENC[AES256_GCM,data:twLL2A0VvvpNGVzSf0DQ,iv:W5AX9Xgpvt3zdNK7KPnThLaIiVFxH0oUys+7aV/GQUs=,tag:29c3TggWSjQOMyneMnJYTA==,type:str] + - ENC[AES256_GCM,data:owsHTrKOm/hlQdxxtIrAZdQC7v6XbVXj,iv:jjpIkGTp1PCerwf9Uz5wvjwgtDcQV2BuupBl4Rjqd5E=,tag:dN6OuW/BE+PQJo4+ZbqdgQ==,type:str] + - ENC[AES256_GCM,data:D9KzCYv+0KUano12KA==,iv:+AdvdweCqXaObxaWc5laXXa7we8vN/AlwVuD2IoVl6c=,tag:GfTfV8eIvMTXY44ObF/MOA==,type:str] + - ENC[AES256_GCM,data:Bo5ekY//NQJStC26eg==,iv:ijjjrTJCJQ9UkvUwZTqcKjLMXLz3kq1TvR9Z39FsWIg=,tag:LalVYg5HjYmptq/ctKEmeA==,type:str] + - ENC[AES256_GCM,data:pzYaaXjEz8SHSae+F0cu,iv:8EdZMfAq0IUzbxOXbtP0X951vE/hm8SXiK+Osc6iWbM=,tag:6YApP02PicDqGFbRvkjlbg==,type:str] + - ENC[AES256_GCM,data:nXmIPw/Lc+eQ5A==,iv:2DkhBTqj7QZejqcr1/tfhVBdzgwOSshOmxMOa725KAo=,tag:d8ZhBWSeSGRKiyjrwM6s0g==,type:str] + - ENC[AES256_GCM,data:4U9AyB0zX05u+GPV2Q==,iv:3ofFB1Dff1z3vEv89628NcX2l/Q/tXWwnDC21uoI0XI=,tag:0D4oS3VZbI/1Mp8CloCy8Q==,type:str] + - ENC[AES256_GCM,data:w4FW6DmCVE3uDpe7Y+j2,iv:kre3zzFYRVh3CWAp6AY/Uts9pgYpl+BUaV1087YxQgc=,tag:9/xJ0uo8QremFMjNZX4Ijw==,type:str] + - ENC[AES256_GCM,data:yYWhqYxAbgbS17sr3DVhGA==,iv:g7aplaq0Mdzpp9F1olybD6PgH/oipWcxLepU0m0wG7I=,tag:aH+JJEwsJjA+ifRwXQY/nA==,type:str] + - ENC[AES256_GCM,data:4oU3V0b1QsPrHw==,iv:y8bZbE0H0NCvaZeCV/VPXCOAqtQ5QRMHSWnvtdZfRxo=,tag:lZCBLfWcfxXSgkSrBkhxsg==,type:str] + - ENC[AES256_GCM,data:QdeD/0p/61D2HoZHXw==,iv:M8mMCN+JYU6q0tQDAL3MlJVoprN5A9nVgynJXHguWhk=,tag:H6h3VzIhNLdS+XNS8CgHDA==,type:str] + - ENC[AES256_GCM,data:YKJ9pptAbq4SWDxn+NQ=,iv:jvsNzOtV4QzIOIn58Ij0/gCiYK/JAIuBTf+oa1v1Pkc=,tag:GD30EFzKMGZqWCsMLOFCKA==,type:str] + - ENC[AES256_GCM,data:YRuixb4L0oAOsuvX,iv:ig+6K3Ps9MoP5ZBB4cvBv5tDnPsHjaV0S7D7APRrpEo=,tag:OoEK0AYoZ9yQHx1QcIVQig==,type:str] + - ENC[AES256_GCM,data:tZUrBwrqTaWiZiU=,iv:jPt30Wba+4MvBodxqJQCWRr8ZDxRxtHAav1FpDM7Z1o=,tag:kbvFGIv/IFoQ1sfjo3WJdw==,type:str] + - ENC[AES256_GCM,data:FwldTlmofGMVK0qVtzYE,iv:wn4WzbrNyTEH3gsG4a6ITox5a6rfm8d7Wgot+aLcKHo=,tag:bmvAHQZHvMEcj9bbX6O0JA==,type:str] + - ENC[AES256_GCM,data:HIP02vhcx/XY,iv:EgszOYHTI7TEDZ6Z1nVeO2fBg1VGjM5JEpeCZr63CHk=,tag:YU9a50g09Q5xJOlKBNWuCA==,type:str] + - ENC[AES256_GCM,data:TtW77/uerHjA,iv:DHhjh6t6rP9Gf15Ml2RSJbCtDzRB3MM/1t+oJG+Szvk=,tag:KJrh+9Cm5YM4ye3DJz6RAA==,type:str] + - ENC[AES256_GCM,data:PV/dkfBoePkg,iv:W7SNt+veyYqqOzQ0xDf4WWnLe8afGUJHjHecWYv8Tbo=,tag:LXpvHMZVwl5Fmgvz8QUGEw==,type:str] + - ENC[AES256_GCM,data:WTHGZFqiAb3G,iv:2cYfwqLQ02R6Xbzzhg8DRzh5Y4ST4n5S9sQzCbVdxlI=,tag:zICei4fO+Vw9F2Motn2SUQ==,type:str] + - ENC[AES256_GCM,data:N+MDA/D7+MzYhrUd,iv:IB1DBeVo5gbFtuLEJ0oKBPMmUhnwX3k9PSsKuvRxdH4=,tag:4YfBIBdOAmX0r/NwqtLplw==,type:str] + - ENC[AES256_GCM,data:0pwsapkFroJ0WnY=,iv:4uRzhWXQOpyMyPIvF4/FSDdphCFeI27Ahmrftv9bqyU=,tag:6bP2wyvZwx8572Y+xXvdbQ==,type:str] + - ENC[AES256_GCM,data:RrKNEwTM5lt+MoBiUpLkzgbb,iv:OUbM2/RoPUYwJvn71rRDbspUbL8pwAQTzW+iTA5UZt8=,tag:HoQIR1NL4Cs3qvJ44388uQ==,type:str] + - ENC[AES256_GCM,data:GunXujw+b2KoPZM=,iv:v3+THGmI0FihFOniGgINlDk3lX/yk/ZtLY51ipLc3Ss=,tag:HI0T3PmoAZpCUMMbn9w70A==,type:str] + - ENC[AES256_GCM,data:XRXYlMhp,iv:5/X9bnz6htkJbto5OchIHJ389nUBqbdBmfH0BJAvySg=,tag:gUrPrx27aiLFqjW0VkUpVA==,type:str] + - ENC[AES256_GCM,data:NuP9tqZLD1Xe,iv:N+nrhzftetY4T0oWO/0PlQ0kSyntjl70Cr+ElYQMgm4=,tag:4myqo9ZpjazVrqiARRPrUg==,type:str] + - ENC[AES256_GCM,data:tEJJ2smEIA==,iv:L/UdA01n9dwrApV3yted++9XYIDjBpHYU02AQ5CwZdg=,tag:ARW3g3taPoGNllgu8SnvdA==,type:str] + - ENC[AES256_GCM,data:pKdudqUKYEZ4xRY=,iv:Op1YcNLGLT+H7bkdimNEcTanFFlJDSn7GQUdnKPBCXY=,tag:oxjdCz4elB4aLvRQStCvCw==,type:str] + - ENC[AES256_GCM,data:1/QrSxRXIKv9pK32pw==,iv:/C41ZGvs6DqPrGhKM40+oUnlojlfqVKDo9D/fWmG5s8=,tag:88OLZI7x+FDDZsuoOT0DjQ==,type:str] + - ENC[AES256_GCM,data:/34G15d3y4sKVjwA6A==,iv:MHgxAA6fet8yZm6YPwOurvk1zP1tMS/u98Yfv6qq3cw=,tag:vFc6ctLa6xusyvef3ZB5+g==,type:str] + - ENC[AES256_GCM,data:mnMu3aDfk599DsQU,iv:ZHuedFr1fGug78ST7xIBIw8cZBSsGDMOMj7gE+R9a5s=,tag:fZrlyCaHa4yPMe0gxOnKDg==,type:str] + - ENC[AES256_GCM,data:OW2Pvk7XZA==,iv:3ZcHoKgtIA0LBI29og2uCKOiOG7U+ASpEKjGQgP5JdQ=,tag:vgwJLXOAp2ll7CEaMO4PWQ==,type:str] + - ENC[AES256_GCM,data:mjopa4nxwD+Q2rNbjIs=,iv:bCS5aYgyvvGeaVLfjexahAArC14/hSuL95c22Tqb5AE=,tag:AfRgfGG1sMYUy+xu71JeoQ==,type:str] + - ENC[AES256_GCM,data:62ODtpQiPvOO6W6k,iv:A9ZzEsEADor/A0F8ZrJaR6S6DhHYMnkIZ6+vBvX0Kz8=,tag:dgw0/yAJ2zMVKj9bRaDXbQ==,type:str] + - ENC[AES256_GCM,data:8h0/Ay9/iie6rjhb,iv:pMbNlQaIVZosAT8B+Gt3D3IZNqwDGUkiCEJtY0PP/Nk=,tag:hKwZZZ+YaV9xyBuCNaRHiw==,type:str] + - ENC[AES256_GCM,data:zMSf7blTueQpjowGrg==,iv:0uFSAa4cPju/OK6Ry4SdEjag2+Dm8aPjX+87ZdjsUdI=,tag:9cnOxoI6oe9kLWdDPDgiEw==,type:str] + - ENC[AES256_GCM,data:0d/j9Gwv3VWByhtfTw==,iv:KKnGpSKAHE19VjXZaKcg2TjAQyH1CynFGEdA0peplPM=,tag:3kizKDQhRhv6I46j6EC/9w==,type:str] + - ENC[AES256_GCM,data:nGqTj2KoXVW8CTBXspg=,iv:jIDrWwwqM5ACzuvRwd+Hf57SoP8vwUz+aKEzVYwgbbM=,tag:ZqKjLYtq51A5NYImo8g2CA==,type:str] + - ENC[AES256_GCM,data:vsZvPlVqqMJKwok=,iv:tUD6eyEcc4mQSFL/JlZwNGdegY6m+5fw/OXq1Aapk4k=,tag:ojaWGM/Ay4w5tOTs0GNGLw==,type:str] + - ENC[AES256_GCM,data:0IfAOmGk56d2TSgi,iv:2JVL8Zagwmah5ESFOF6BE4SWse6koB6OtzID1Ye0GWw=,tag:mpnjwmj3Lv7SGPFlf/iTLg==,type:str] + - ENC[AES256_GCM,data:uBhNWivJbKNsNw==,iv:oJ/PPD/W3nJjDkXkztsMyjmX57K/KRdFdndTj3cg+yQ=,tag:oUmWNHQc7a/8cxWy33k0rA==,type:str] + - ENC[AES256_GCM,data:CT61QNKcAMcWFG4=,iv:j2DqWYFFn7Te+6WjE68RIQJG70GkwJQDQfmoWfbZf5c=,tag:QECGkaLxHnlULIy75SOB0Q==,type:str] + - ENC[AES256_GCM,data:oFOYFOtxkqijnm0=,iv:Wo+Tfd7mbUpMw0olVKhoEWATGbA2ObERclJxhGiSrnI=,tag:omUcTs5sriZjgUsAdzfUiA==,type:str] + - ENC[AES256_GCM,data:yBZNUmD0R88=,iv:slHE9yHIBDcgSlp/Nbqc5mZo55qXZrIJVRh8+/QkZgU=,tag:M7Il+3xqwm/oTyckC43/LQ==,type:str] + - ENC[AES256_GCM,data:PBJt9wKowil7dX01,iv:4WUEVQPfq1X7DKcLAqxKcex9XO6JdrvCTL4NAxbrt+o=,tag:sQxPSRFde7aIMFJc/1A55w==,type:str] + - ENC[AES256_GCM,data:9X67TfPea+Qcre99gGyw2WM=,iv:MJes6rttzRORkfIhGOr3uCG5EClXTCz1K/Sk6Z6U9v0=,tag:LT+qU0Mcsr+3kEGl4MMtCQ==,type:str] + - ENC[AES256_GCM,data:ozdzlDHTow==,iv:ARezPPGcU10OJ5DKUyKzMRB5LTnK4rAba2cbreUc0x8=,tag:vBI/rTRjFeYaiA0sWzgbKg==,type:str] + - ENC[AES256_GCM,data:LUa4PNTAGZm8K0I=,iv:b2KLebftw1PdRdTqfVlydcy7M3L3TxbMiblTBhx+9yM=,tag:e7eaSeiGtiNmkcIQPUWItA==,type:str] + - ENC[AES256_GCM,data:Jxxc2T/pXVYbRP9rFw7a,iv:pDJ6q+cp9dckVEPm4yrRiNvzCZgTYXyp1fv/CgrICqU=,tag:jk5tY1YDy8DCr+tebriAug==,type:str] + - ENC[AES256_GCM,data:qJ7TSw2DpPk=,iv:F+LHAZIwnjHYLbliKUG26VooE4tNH017QIHjNrz0A5o=,tag:27Mah23s3/a0MznsEpUfqw==,type:str] + - ENC[AES256_GCM,data:UjDqocJ+Y7wq5L4uiAw=,iv:i9lUgJh6j235wrlvPhJmuDPAkSNu7jSZpokwSaplf6o=,tag:/82q0Ipk7MEa3dyMxZ79BA==,type:str] + - ENC[AES256_GCM,data:EFj2B2HZqkJ54EE=,iv:xvJ25xwZfVOZCvPyx6F+Z7aEz4Y8m0LOcmsGtYeYulU=,tag:0Z+psv/H80fQ9FbLpYT1ig==,type:str] + - ENC[AES256_GCM,data:Yg7pl27/aACG1MVl19TsvwuUhg==,iv:fVYicm+uWkn9jAwztGO5OX3VXdRBPUiM3uNGzynVIXs=,tag:IXFaad1+ETPXVT+j22ggxA==,type:str] + - ENC[AES256_GCM,data:EC/1/E4qlDQ/h7jkiHIeXg==,iv:yIc+RTt36j1zATKiYtRNeJUk8yDglQtAcpJwWIGd5B4=,tag:cBjPdVs4q0/pXwvPokPR8w==,type:str] + - ENC[AES256_GCM,data:Bvm/TzKr8mnxi/mhYpJuRw==,iv:hqBFsDJ/6Ac6u29GU/2ajNdoLafda6aLxkdvpzFKVo4=,tag:q61IPv1/mAM1m2lGb/3gkg==,type:str] + - ENC[AES256_GCM,data:Vb/zpBbTtCxMWay96pQVDA==,iv:4m05GqwL/b+3wEFUo4yOePKdEidkwHF3/OgQh9mpVj4=,tag:FbsZgl0le/GDaWmTRBsEqQ==,type:str] + - ENC[AES256_GCM,data:fhkSaV3kybIUOLCH2EQAKw==,iv:ozX1nZpT20UrELsGMO3lKlnRpF17tv0c5z/71fyIqmU=,tag:a9PSpIg6VxtuuzlJ79jc3w==,type:str] + - ENC[AES256_GCM,data:Wr24w765zb+5nuWrT9vTUQ==,iv:idPC+hh0PS0lf6cm62hhKWxxaZnVx4RMjXyfm9uat7M=,tag:/upRpHj6CAqb/v9bmIBJgg==,type:str] + - ENC[AES256_GCM,data:LTt7osrbra4NMnm/tmM94A==,iv:KlqWiKSxl4TKKiNfShx3BAG3QfBrO5J9hQTPr2iuRYw=,tag:p7gg/5jLY849h/JW3VTnzg==,type:str] + - ENC[AES256_GCM,data:ooUgH5Ag23kDCw==,iv:cJdlVEdItbz3NzbR8c/DKtfHS+ce7vhHW43DUNy9P+4=,tag:hUWvct/arE3UCSsej8fXfQ==,type:str] + - ENC[AES256_GCM,data:l5eU1N1kx/eHq9+gaw==,iv:WcjfKmvbPzoHWm/iK5c106WSg8VhMT03n+tXTC/HMv4=,tag:mWg3eBNkhHKfrvHLGsCbkA==,type:str] + - ENC[AES256_GCM,data:DfZ9ldkdRx8=,iv:gLks7dszBAg7ZFHGpoGfCefckKSQuG5E+wGO6+lQlcs=,tag:UF8mVWg3T/UC4SuqTYjFBg==,type:str] + - ENC[AES256_GCM,data:hyjiv46NOig=,iv:lpst8mRZ9ECdPUk9xP9thuohGrfiH8M3w7fTY3mzgsQ=,tag:b4O4bLwP7iQobejbeeFgXg==,type:str] + - ENC[AES256_GCM,data:w8XZ1Vf+lp8b,iv:ZC2WqI1KxCWOvCFPcbBkgXjFHbVNXPaf+DP/jtMMyX8=,tag:6P6COSA/U95hKwCygKD6ug==,type:str] + - ENC[AES256_GCM,data:fOhhIanc/TZetZpo,iv:ioIfoYWv4sxeWDmI4KhUfPzxj6NF1OmS32acXU4FCuA=,tag:Me6vpXDZd3DhT8GtMBa6OA==,type:str] + - ENC[AES256_GCM,data:G1VIcRg+jA==,iv:VssSCbNZa6UQE7ZYLoafC0X1JZFpd+nF/lMCE5/sYVg=,tag:NH587Qyt+dZt0CknQL0l2g==,type:str] + - ENC[AES256_GCM,data:WmFfAzPkL8VJh2Hzu5c=,iv:62I84VeyBgK/k7F9qTd2Hjawie7IkIaZds3T28cL0f4=,tag:Sy9K1Ut2/7U2L244znxdkw==,type:str] + - ENC[AES256_GCM,data:fVUx59xFaFeFR4vwKTrq5g==,iv:eZyxotS7BivoT0zLTzFw/+U9HeBFC3Uf58DWUkyrJ+8=,tag:Cni6I1GmpI/wY+/s6IBurg==,type:str] + - ENC[AES256_GCM,data:b0rzbUvda/O7W+I=,iv:V9g71504Ujn8ieLt8AMlzyXVzEnbuHKr+aF+wuczZmk=,tag:2scVjXd5er6OSKv/+76uCA==,type:str] + - ENC[AES256_GCM,data:sR+cet9734M7TOabdCyGkUbH,iv:HVpww8Es7ClI6Cyq8FJdQpUawx9pVLyub3GPuVc0IvE=,tag:jI3n3GHq0AQQgIlHo4fh0w==,type:str] + - ENC[AES256_GCM,data:XTRPwvUGDRxLVWwZO3GvpmCcj0Aamw==,iv:cfX/AYmOv6yK7U/NIxe3hpxuhyXDthAX6lox5d0EokY=,tag:fNa8H1RqgeJB4AoRZ057jA==,type:str] + - ENC[AES256_GCM,data:Kv55itVQX8Ivyh4=,iv:zF/g9b6ZxEOC+BjLJotdshNQvek4Geoj8zi6a5gpNbc=,tag:v+nDKt6erjh5CkYCEkhHLA==,type:str] + - ENC[AES256_GCM,data:gHhNNuNY7J6xacY=,iv:39/jVxrKGgChAviRmPoZUE5WwZ0qmCMaYm2oHCXu01w=,tag:GPUuBSpueqIQxxOtALIr6Q==,type:str] + - ENC[AES256_GCM,data:WIPalonu+qG6,iv:sqjVadZdJXQnBwpkbTKO1XNlkUvBNkmGqZThgAA33Bw=,tag:oWyrK563NvVnuJIFgT/YMA==,type:str] + - ENC[AES256_GCM,data:Be0paNOyh6x+OCSTHEJi0A==,iv:t8RAKCFyNuwH/z+cdvkHnwYiOYcaZPaDIsm7Kuk2WzE=,tag:so87lfzaQP4XWEZoC3ol/A==,type:str] + - ENC[AES256_GCM,data:K3dnJTaHebwcXypcxR4=,iv:BbU769BJk6/DPwTOba1tkL2yobcDvesHIlhndDjno6Y=,tag:NZcbaY8ENE0R8wmX0W1GKQ==,type:str] + - ENC[AES256_GCM,data:2yIqfKGM+D6wwN4AlusUmQ==,iv:yW4NvyRDj049yAMEeACbMSjqQltZclFfMQ+rO392EbA=,tag:EjMN2lC0WFxBLpXkyyEDhw==,type:str] + - ENC[AES256_GCM,data:xirVyP0/J7/Efc9++g==,iv:ibNmRkQPKvaFUZAFVLx0breH2nIH+1QNfrICY62+qw4=,tag:SnookpfkFFspVm8kiwbUEA==,type:str] + - ENC[AES256_GCM,data:lvF1hll/exWg,iv:cnQ/ycF1c5HM7o2nwYUc8/ufxhv1t88DdfnVvScMe6M=,tag:YcRbNV5n3A3e1joQAUApAQ==,type:str] + - ENC[AES256_GCM,data:eolKo2bpSol+XFE=,iv:RoUSJN5L6dKe8NwlipoSb7RC2YPLYywPO4PwN3syRV8=,tag:jNZxF26bHaXOJ54wxLij1w==,type:str] + - ENC[AES256_GCM,data:ivWkgeguhJPOq5s=,iv:KKG3JRNHQm3LjX86KZL/JdgvOk2Eq9Tve1WAPnu9V6M=,tag:HHU4S9YbGVwnsN7yhAfK8Q==,type:str] + - ENC[AES256_GCM,data:G0LY/Ec3h4Rx5dL68w==,iv:2j0R7xj9b1LaVi66uPz+mhfw6BlmsyCnkOdPzrBtClE=,tag:Y+Fl50JlPiJwuslUY+bEzA==,type:str] + - ENC[AES256_GCM,data:JM+bwNqJnkYRRISjSX0=,iv:Anp/wK4iouBNqwnCPfrtFHfSvS43K0oBfkGmP34/C1g=,tag:XFM+yuG2x8SsKS/YAv8KQw==,type:str] + - ENC[AES256_GCM,data:J/O8AgasDabHm/g=,iv:Sumd0psI1MuczCaBhae/fxsCuekabo7nJJEHs0+hPs8=,tag:I4/TAA6NFo2gwdp7xNszpg==,type:str] + - ENC[AES256_GCM,data:nPv6QXw2Y3Ug6rU/53M=,iv:ZEWuhl6gLfWOkGmuqctZgi+kw9gd5JJn2HcKOi5G6rI=,tag:RuvC5qyS+T7hIVtH82ai+w==,type:str] + - ENC[AES256_GCM,data:GpeEXafhlWQwGSSQtg==,iv:PqNuHb8UjT5LLSWi8dMlMMj75MV5Em0gWrq7OLFWjNs=,tag:q6Al8sJxlJA5slhTi+0aUA==,type:str] + - ENC[AES256_GCM,data:RvOQAvVZgdGtbC3zxuc=,iv:c+3Op51NDYTZIXuNxuj4SrTnPibmxmay2temOenSHak=,tag:XG/QurA9Lj0ptnoHIbT2nA==,type:str] + - ENC[AES256_GCM,data:A2WCp7eRjoikg6s=,iv:Nz36tQSWmbcrUMbhZtFVt0+rNfJ/b6VZdiPCG1aEgDI=,tag:8bo+5z8QYfO0HZQLmkJgJw==,type:str] + - ENC[AES256_GCM,data:SmS26/OyCp8JGuVOZw==,iv:E/lSVWmgliHkvwWEQEgNEmS3eY8+ik42HjgmAnVWGlA=,tag:+PLcF1HRScqMZ/oWmBcQTg==,type:str] + - ENC[AES256_GCM,data:hzH7+b2n6OL9X9kl,iv:fLG7JLZ/dMAQusYWfzOAgFTkp8XTZ659mZ9Pds0WrHk=,tag:gdKaRgN0LyzbbbRph0EEnw==,type:str] + - ENC[AES256_GCM,data:E+L8Lx68h7Vs+KDWH2R4BXI=,iv:hUHDUHonMmX8mGnN3ZUWZ7BzZHj3Pa9rmfWXT5a+Di8=,tag:BZ1gRBAekxDIj0GC3TIEpA==,type:str] + - ENC[AES256_GCM,data:imyeLKNc6l38mg==,iv:eqyWK3Yb8e6E2Iz0aJF2DEuUG043882cAVoFaF4KZ5g=,tag:dzGNVzPgcKEUyrZTE+x+lQ==,type:str] + - ENC[AES256_GCM,data:/rc4Mbp0osEqgg==,iv:MwsxaqCOQIswzuw2Xfo/EbRIl4sus9bS0/XmaMz+v1M=,tag:VEhPvYnEOb6hl8bBY23x4g==,type:str] + - ENC[AES256_GCM,data:MHIiQBemJiHT641v,iv:PANmCeF4g5+1b7TpkC8/YhEtZDXsDsHWJ2Ydbt295nM=,tag:U6t9i+dMQXwLwwsKGUebFA==,type:str] + - ENC[AES256_GCM,data:ghPGSLWouyliAWYelntU,iv:UGNPMWJHlwxUBVtVrtSg8m4TF9DwKHg0Nb99FhlSG5s=,tag:CFLothZ3HjvsXGSnwNcMyw==,type:str] + - ENC[AES256_GCM,data:BdoBvAN7kmdUIQ==,iv:rswJ30iGhV3Ex+3xq00CgwBq0bQeXi7s3rmTt9W9rIs=,tag:ruOXi9cVaR8KP2I/RKQDuw==,type:str] + - ENC[AES256_GCM,data:zZUyNqWCNZ0=,iv:z5M+lsUqzgzpha0k/2knhJIXzUz2184czMmf61W2yrE=,tag:AZxAsPgpatJeDN1EweMvwA==,type:str] + - ENC[AES256_GCM,data:2FrTEZyMbQ0ZUQ==,iv:3YUAit0XEtb2b02PTzJlaDb0jLYWkGjluaVqQ5MpVGE=,tag:WWT9nhbDxrI+MVVt4Ujr0g==,type:str] + - ENC[AES256_GCM,data:p6+MQcOysy4tD3+7Q7d7FJq85sTN,iv:7Lug0M6IzbaMz0oI2uFHTBMLVcA46nXF4CPsgfz6N/4=,tag:r8IPaKqaBED6pJ7BA386Lw==,type:str] + - ENC[AES256_GCM,data:OtNRqeM2wwR8Wg==,iv:v26JD5to1Q771cRO7cFVoUE/N/CMxTuD0UumW7sQKDU=,tag:qTbf+ozkmqvjQh0pJxVNTA==,type:str] + - ENC[AES256_GCM,data:eF3yJTATwMkyzg==,iv:PtY8+oMc7agULo+Ib4sTlsT9kFtmKsznMFxQpg7ZSRI=,tag:5ItsJAa3AnEdIu47GMTBIw==,type:str] + - ENC[AES256_GCM,data:6JY4qY9q68xal1hmpiM=,iv:85g6JKJOQEHVMFw64GmschXzhgfXGuBgHayhqy5rKt0=,tag:eK0sitRwo2oPyjCxa9uXtg==,type:str] + - ENC[AES256_GCM,data:ZyUOi/xPZlDmfYVrowj8,iv:Y90MnOOMc46ntUQ3ptOZKiF4KO+dK0NIOA+HpjPmkOw=,tag:kEVm5BEP5q4I1YLXBQhj+Q==,type:str] + - ENC[AES256_GCM,data:eFuljF62rNB1XQ==,iv:/wstFr7K50qw63kIWkt4FtJySoB2juFUdmCcM10r5bw=,tag:xgwAAXv5x0DVNol8o+mC1w==,type:str] + - ENC[AES256_GCM,data:MOyXOYkv3Ll5tmwnfH4j,iv:nrgPlNxUK0LWlV1elTvbrfci5dWuglEHHYYdD2iTqg8=,tag:KloNBjBJhoFTRMmbxIZKPQ==,type:str] + - ENC[AES256_GCM,data:z+QwBFuIrFyqeqACvw==,iv:oFnvMWdhF9o0VnuG5X2tGmkzqGBQ5qtXketvqhBam38=,tag:EdxheDj+cvkMKibLA+q08Q==,type:str] + - ENC[AES256_GCM,data:rJ2pQoRii+Sd3L2XNk4=,iv:LdHJIucalBuh2gh526wcDR46B8V8NWMGCiPKP8hLPUw=,tag:WGt5mM19h945QSG8P1Sj1g==,type:str] + - ENC[AES256_GCM,data:bWeS89k5xPZ0R+Y1/wHJsw==,iv:qlnsyfhV2A8nVMYp5vjWPj+W/arxybhnK/87DHrLUXw=,tag:Thsw8RJDAjB8/G7G3TrOVw==,type:str] + - ENC[AES256_GCM,data:EiVC6dMlFs6Im9ct,iv:RhkgsLOhcRodYeYD47qJPIYd8g1ctvcg296cdpKphVw=,tag:Vn7/TA7sYQ8r6V/i5R7S9Q==,type:str] + - ENC[AES256_GCM,data:Rq7eP9d5YFKQFVW16g==,iv:k/HREIwmqiCRFfUDwt16c4Sl33+yL/a7fRbzBZtv8+Y=,tag:JBcpMBtqlFRbeLxKSL4KTw==,type:str] + - ENC[AES256_GCM,data:cj2mZNnf7rcT5lgwBmqJiDU=,iv:pmAK/Sir3xdx03HkWm2Iy0lQReYZC/xrBtAys54Rvqc=,tag:AiZ8q/VwYN4x8IkPGRGiaQ==,type:str] + - ENC[AES256_GCM,data:fNsKU40T8cMD5CLMGw==,iv:BF1cnLt0wDnkewWifIH3WNd97f8tQKHZAl1XP4rM11I=,tag:1sncqR/XEXXnxq6oefOgPw==,type:str] + - ENC[AES256_GCM,data:7hg+6NTuRHwYM+T4rkcSZw==,iv:JVhuH1OkuHv84pV+GJEIRx1ZNlDfoIY7DzIU1XL1JcU=,tag:OYX90SMDfDT6w5X4dCEBmA==,type:str] + - ENC[AES256_GCM,data:9KGE7gYXgcmGqaI=,iv:yac9ke2S9zt6C5dISItSNolknsldLQZYPqd8UC7kT8M=,tag:AOuZOd09GHcxFkgb29ipyA==,type:str] + - ENC[AES256_GCM,data:CxiWDCCvbfuZpK8=,iv:jB8yTgYG20UQfy3F60Jyx6I2RqZgQyon9ewaR/Hskhg=,tag:U6V2G0ZDT8pInk4K7b5k+w==,type:str] + - ENC[AES256_GCM,data:5dJzXfhujgnlUhKE,iv:CNMt4esOtX4nt417Vl9jwUlp1OUfkJlNgnjRbQrDNvY=,tag:dklQ0/ANAIQ0UQcXTTKnPw==,type:str] + - ENC[AES256_GCM,data:QTdHAwJrrRFWyDuLwQ==,iv:N/0jRjabWvWqMdWxIwU3VNodVDXpCv3JWg8bD+h0ITQ=,tag:LqSEmpTdcAEQajQUCxjtjQ==,type:str] + - ENC[AES256_GCM,data:+n2BpdqH8vknWZfD,iv:ea+6AJdqIf6trvvlNx7/khbz7YfcJC+6g+n2954lJto=,tag:aDF66XZJ9kGPktl1L2S7Lw==,type:str] + - ENC[AES256_GCM,data:M2+8sJiurhg=,iv:kyAxjDmd5C+C6Y8gMyACe4ULNAgWaZ2WxGpY9hjPxF0=,tag:Bv4N/D3BRzV22TWJVYxynQ==,type:str] + - ENC[AES256_GCM,data:l3O28iHUIZEZ2iPw,iv:xvkt98/O+gxJZoOvsYdL/MUPV1jsAv89+nErpf/yS1w=,tag:vJBW/riP6xNbcN3YiqEPAw==,type:str] + - ENC[AES256_GCM,data:x/XnhfrpDCgSpack,iv:vHYZO0d2PgQcX3hgCN9aNlmNPrljnJXjLe3XcnnP0DA=,tag:b/TVj3kM6H+x8KJcQBofjA==,type:str] + - ENC[AES256_GCM,data:N5HGJD+6Ig==,iv:WHo1GUvdyT2WeL2SDjbCXQmpWBidKZ+cP4QRUytESeQ=,tag:TF80lLaPRvIHcn8beUjmxw==,type:str] + - ENC[AES256_GCM,data:jzigsi/BwE4=,iv:dGaSHG+sxEz2YEO1x2+ELk9lgb6nP+UirMta7yAXQVA=,tag:gK+dHjIBunMEOd/QES+TYQ==,type:str] + - ENC[AES256_GCM,data:DmGZzLkkBi9s6fke8/ARunk=,iv:lsLjQfMo0O90eddvrum1j5QNt83GUM75q1lM0hu/mfQ=,tag:UpGEm19wHg5NcgGdBHfZUA==,type:str] + - ENC[AES256_GCM,data:x/1f3Oo0ACrBdMAn4+C3WFg=,iv:JJv6F5JkUxWXMQhdZ9k99JuzAf59XHf8VxY02vpsGtY=,tag:eur66UEWaUWZ3mgEKEwa3Q==,type:str] + - ENC[AES256_GCM,data:6kyDGDx6aahOLv33Kg==,iv:7oZSd20H1SZOmbTZaaC6bRYMCbR3Gl6Dwyp5SKetuNY=,tag:nSlqD59XiS0m3EIfCH/KMQ==,type:str] + - ENC[AES256_GCM,data:YngNFPjVtO40Kw==,iv:bTh6NrYOWtzaGIz1hvVhEM9bu8TRDBVBP+6H5ntKhZM=,tag:m9YjIcHCY5iPbxNzpsK2qA==,type:str] + - ENC[AES256_GCM,data:+Vv+6nIC5o6KYyE=,iv:54amHLMbmOqH9oUZohq5EUMtKsp22RSq7L8qiQn1ces=,tag:lYo4y3HSpYA0ndf2iGNDeA==,type:str] + - ENC[AES256_GCM,data:wCm8yeu7yZCjOrnW,iv:CMH9IL83EbJUF8oLjdyiAnuyBDBRJPtcdtFO7I6iAVI=,tag:jOQLPKxD/9nG8SNnaUDpYw==,type:str] + - ENC[AES256_GCM,data:7u+d9HokQ+NecPC2fg==,iv:FugYK6w/2YkBuchxbSE6Vk9iNeyOLWndP+oW0yBCRPI=,tag:sRXRF5IIr2mHcf41JNwJWQ==,type:str] + - ENC[AES256_GCM,data:HELtoov1efpV,iv:MoBz22HN9RMBXUaETTGqCQcqvH8843R+PEhDq0qsgJk=,tag:bJMt0XHZj87fhlNnW8gj2w==,type:str] + - ENC[AES256_GCM,data:2XJ/xmfvM9qhpYI=,iv:rg9EgX0u8NJNQZ989VBSLoBhpSOfSdOOkDi6Ngre9s8=,tag:kh+TmoxL3HJID+c2ZKrTdw==,type:str] + - ENC[AES256_GCM,data:lqOVe8Ea4+LEMbx93Q==,iv:9Rg5nBe68pXNICI2WV27fF+dITf84/N9CtFqdHoyL/4=,tag:ycnuCifiqld3Ho152Fcsrw==,type:str] + - ENC[AES256_GCM,data:qaLJBRLhE1Fq,iv:C4wsNXwDlHMzVwsuaYoKQuNK46PAwvWzfE7BDSgJjQk=,tag:3GrauCH5KSnfxAR97yz3iw==,type:str] + - ENC[AES256_GCM,data:nOTIByzal5X6,iv:M/aHLno4INUqp/uEZEowp9WFFu/sUsLW2H4gD5X11eI=,tag:lZ3nLbksytayXjnGk+xbbQ==,type:str] + - ENC[AES256_GCM,data:HaBYMwh5SHP26zv8,iv:n8FXj4PswTW3c6RXQePVYJdD66gt5p7/EqQveEmts88=,tag:t4GGVzIB3IgHcxMeItyPkw==,type:str] + - ENC[AES256_GCM,data:OiQo9BpHeGw3irpg,iv:m/XTl/nMCJi+f0X/XMJlUV5QYCrfKOrOXjpfBRHDFMc=,tag:2pEXIBF0UalYgA8VLI03Dw==,type:str] + - ENC[AES256_GCM,data:XPqbo42hSBdB,iv:QbSwErjjXCDq7ZghI8Tanj54FaaSMPX+u5jNPVfz9nc=,tag:gvK3hBatFwqIulLohzG9Tg==,type:str] + - ENC[AES256_GCM,data:IWKCNr7UPX+7i0BNDlU=,iv:LRU0HJln7S9T1j56hXIVBfdA9qrTsCJATGRN+6OhjvI=,tag:mrJhrkafg0s2Fd633aRWRw==,type:str] + - ENC[AES256_GCM,data:9sQ6nTqhb476+Y0=,iv:rNXOt+tFd4Xi4qwaquxz4CJ8pXi3K2tDU6n1eYwRQEo=,tag:qPhaiCTtDvS5jWxBa6+wZw==,type:str] + - ENC[AES256_GCM,data:pb4O3Bc9hWbJNA==,iv:o7M/w9zK9PVA+VEIzPtDwkGShIEc8j7ogc80+//G+1k=,tag:lwfl9byE6bcHpRQAiTf1uA==,type:str] + - ENC[AES256_GCM,data:vJ0Aax62G2e6KI4=,iv:fwSwj7QkF/wRno857QikrT7qXyL4Os9tB9B6mVm+4po=,tag:Y5yXIBVR0ouOWEiX07PCxA==,type:str] + - ENC[AES256_GCM,data:c0Ntc9SK6Utu+ec=,iv:1G8/CbId9Ge7aUFYQ5rrQmt7ygw4xFp5lU/5iUEJbqk=,tag:dKbOT4b4ck2WGdEd0ahcOg==,type:str] + - ENC[AES256_GCM,data:Ioe0JRekF4AWKw8=,iv:oUM3MeNg4txWiSSM6zkXKZZjvT0IMiRcguX2dbAGtk0=,tag:NnoGngtFdeGqaJFomItg5g==,type:str] + - ENC[AES256_GCM,data:Eq4lkOgpO9o71G/x,iv:qniNbCRoLy5rckMkdl3X/Bn9RRNjd5IfRYcBlW9b74Q=,tag:42NhQhxEmEX8BkuCSI683A==,type:str] + - ENC[AES256_GCM,data:cmNrj8UiGXIsyDvMGg==,iv:/UiNhd5ElV4prsKzzI2Y0WZjre5FQgn+joU4FrPvn9c=,tag:7GAKcav6T+qpBgrGmzcZtQ==,type:str] + - ENC[AES256_GCM,data:jx8A3Onojg==,iv:rfMXv2vbbGnl0+iF/8hRRnFeSsZ25lIwwRd139LbegI=,tag:qTZigCECXZWyUJ0GRl8cLg==,type:str] + - ENC[AES256_GCM,data:7IWVGJWp1TFWqjE=,iv:tuzZ7lDz+7xHheD3vGV8GUypO5jqTMjG/tHwhBjgI5Y=,tag:Pm41qt6TdM/bPAGM1W5rKw==,type:str] + - ENC[AES256_GCM,data:AW6UNGeL3IswsCwqZA==,iv:SZl/jmBan/LYbUDhncqiUpEwE1tu99psYs0VUZ9vR4g=,tag:7lt8eq88D7iGoggNfXlxJw==,type:str] + - ENC[AES256_GCM,data:IA3t9EcCrNg5BIudew==,iv:Y1m8PGo7xgJgTF70TIJSMx4r9s3eSPXntvSrui4LFK0=,tag:B1dPDpL2trHeHx5oiF3P5Q==,type:str] + - ENC[AES256_GCM,data:OARTyN/iZe0z7syurcU=,iv:41WacdPd8u78KKfWPg9KIvREpTARQ7/khsHAVqBFJdo=,tag:OO3xki7AuQrfh2m7QPWR2w==,type:str] + - ENC[AES256_GCM,data:oytKu6eHpXk83C3Loja5,iv:3Yz+SG2ChxfNDtYjYbYJ7bk1Y4gadwOAT1mQBRb7ZwU=,tag:l5L1wAXfM2m3yW/Y8YmRpg==,type:str] + - ENC[AES256_GCM,data:Y3q/WjorMupP/Ls=,iv:8UgRVQaFBxZtHUGW+8egrwBgPTrBiAyCVX5vLx3Xa2Y=,tag:6iAuIykLxVCJk/nEyV76tg==,type:str] + - ENC[AES256_GCM,data:f1pJGiPPqam5sGy6gw==,iv:M2ppY+sDl1Hhn4CQNGAogOikZw9PLt+qUKDyYRvYE7k=,tag:Bl6hJHR0FvoKIDW3awh1rA==,type:str] + - ENC[AES256_GCM,data:3nO+/VWMWIYJvCc=,iv:Gy9F/bopIVU2Z09tP464DaW47COqvAbf3EeKca53/Tg=,tag:1DBcjCRlLh1wRYZTJzkdBQ==,type:str] + - ENC[AES256_GCM,data:rcYwQZrLnW9BTkfFyCdo,iv:LBq2SzGjE/gpS8UxWEV1DTAqK0PHc1ECCB1L5wNixGQ=,tag:FOvrr05SXPA34MwKFEu/+g==,type:str] + - ENC[AES256_GCM,data:Qq7naKBIdxKCuFPg9g==,iv:s2YIoC2Np/dvTQPDU8iqLVZKgeRC47A2lXAQ0d1wxzY=,tag:4qWEXssaLWmhsNxJcgIx3g==,type:str] + - ENC[AES256_GCM,data:cDzSkVxiFvt74yKF,iv:AEUyB86ulLiOFsoktADYlurGeqR2WOM0ZcwFT+y2qSE=,tag:SSIyZUenDQI+YTISJ32b3Q==,type:str] + - ENC[AES256_GCM,data:RxcId1Q036M7LIG4ec36,iv:OSJr1RUJy0aTOwaOdvTLP5E8vec8dp44FrL71+a4I7s=,tag:LkcZ7U+n98/uebqbwdSPbw==,type:str] + - ENC[AES256_GCM,data:U6iBcx7r0DN95p58t6JCNuwD,iv:fYCOI0fsMocRxE//TXSSODLVTt1C5oe9lFECfKxfYXk=,tag:4yMd1K0xFBlkKmoIjc/JuA==,type:str] + - ENC[AES256_GCM,data:OwoNMpW9F4Zix0akBM5Kfcg=,iv:TR7JnbDxfkXpPYifxJFj7G8UMrIdRnZvASaBhbCzu5k=,tag:qu2V4d+0KUDSXCUTLeMqIw==,type:str] + - ENC[AES256_GCM,data:HODO1x/EEZcIaio=,iv:FKxWji8Vb8qZkos8Z9XROxNQpfXuv+t0lzEQZ2UYcnA=,tag:sL3w8jUipggbK89O3S/6Jw==,type:str] + - ENC[AES256_GCM,data:2Mu8wD/+bK4K+pwFaodP,iv:cc0+KntB2DNQPg5Sm0eJqHPvyX2gD9AC/Z2rv1sLAlw=,tag:Ne1nE64T9kExCJ7FUtiybQ==,type:str] + - ENC[AES256_GCM,data:C+A+pAbNycwnngPa,iv:wGlkoC/flW5W5h2cTvAG0EaZawsSKhhLcLbddOLXFEw=,tag:A4+65tCXp6nHZ/wmVSqCjQ==,type:str] + - ENC[AES256_GCM,data:ow8kIlUjWt7QS0ukdFEiB28kEw==,iv:ZNEBOGBcYgHSyZOVACRhJ9Z2x+kopZlrQwm29QbkPp4=,tag:7sHcGcveilxRoGvZ7NZ15Q==,type:str] + - ENC[AES256_GCM,data:a1ee2ZwNxXjivBrTQ3fo,iv:nsdqQ45ymX7fiqli7FXIZb1rW2a4c8iPa+Hmbl5geB8=,tag:V1ti1ksS5YKcbJi2dIuxdw==,type:str] + - ENC[AES256_GCM,data:NUq+JJSJBWBT06A=,iv:4iCydwzdrJZMEzS15AoktXqg/8KIGEABfVHitd+Tb9I=,tag:VdX9J1Dt3VQv3mZMZfv/+Q==,type:str] + - ENC[AES256_GCM,data:1oyINwK4TR/QQg==,iv:QfqGdqWa0SKU9rmH4B3sd46dqVSFLD40rpsfEcEwcuY=,tag:CJmM6jBwX7rz2+pxxTkQHQ==,type:str] + - ENC[AES256_GCM,data:KqH3T4Yob3hquNpzgw==,iv:qrTHHLm5moY6X/5eBZBoke25MthJWFSzV70Z8megh1M=,tag:fXRwvZVujGjdF03ukQigug==,type:str] + - ENC[AES256_GCM,data:40BrvufcP1wf6os=,iv:/tijmmT5KtlFkHNKopwfIPTkp14SPLezuIBFyLKL4bI=,tag:GzEbpffGff2NpuQnljrtCw==,type:str] + - ENC[AES256_GCM,data:huEUVKYzqK60Mg==,iv:HJDH4rQFboNonZkITRFtQbF4G/xtgBFi2stmdSGktf8=,tag:IUVCHhiIs4wgM0SVAiUxCw==,type:str] + - ENC[AES256_GCM,data:L/5JQ6U+XZIZRYQ=,iv:wgC5gU4wMHZwbMBKZVZxG+1eW2JVzOcG2W22R5ovnnQ=,tag:/0axEuwCpX5K+69u7nwYDA==,type:str] + - ENC[AES256_GCM,data:9twYsQu85QzOYqdiPumM,iv:ppVSDP0ii/YB4a5nUG3D/BcwJ6REnCjg53zUXNBJvR8=,tag:NQ6J0+92ge2xhg485xb10Q==,type:str] + - ENC[AES256_GCM,data:DwwIO0mdKDxqiDhfF8D/,iv:EsCzI1A7AVcyhSuWc9RKpJWRpBXArYjqvN2bkxLW8N8=,tag:TsysHLBNwu3P5MDW5fZm7Q==,type:str] + - ENC[AES256_GCM,data:1AunA4d7bGmtEdjF9g==,iv:4tyPkaQqZjXPGaQUUUZ5hoQfIyZtg8o+KXNm2c1D0UA=,tag:J0msRndMZGpNRpv1a8QA/w==,type:str] + - ENC[AES256_GCM,data:CLA7xh3rtgzcDgNKHiSk,iv:pyu1m/WwT39hvSShHoxti+/lEE6U7JPoReiVx3XKUJc=,tag:1QQ6dRLkH4hd58IiQLBmKQ==,type:str] + - ENC[AES256_GCM,data:94oAHgXnTGZeGt7rI4f/,iv:9f+ULykv19mDtVI88QBl6nzcHNyXFYjLrbxZgqfVAW4=,tag:wrEPKiGW91X9kaaudofPkQ==,type:str] + - ENC[AES256_GCM,data:VksgFRI8gw==,iv:OnSRVMhTfGhWleqbac9mJhoFQgfGhhXBOXx90psNfUU=,tag:mc+V6lkFc00dbtjwCel5iA==,type:str] + - ENC[AES256_GCM,data:h8WfavpNvaOrtZWfblIwRw==,iv:/A9a3HEJtOGzJWpqrUQqUZMViVmy2DgHKSkauVJroAI=,tag:LzJS4oZi7Dab3rppn4QRQw==,type:str] + - ENC[AES256_GCM,data:nnnm6S1aWsVhIoma,iv:QGMmr6UgzKfLccNyX0JilWlYlE3rhKwPTsI88v29KcI=,tag:B8P/oslkNMV+Mga2Qt05Uw==,type:str] + - ENC[AES256_GCM,data:zzIhVGsNGYMhDOnj,iv:DwoY7675XpO8Y8FHpwTYJeRzy46p/UKClut8ng09z/8=,tag:tZLrtoeX6QlvfP2nv2i9gw==,type:str] + - ENC[AES256_GCM,data:FcwIyjB9Htsk3nzL,iv:avgVpobeo6TbBKEEtKWPCt1++zbh5nW8ynfpo+oGPHc=,tag:zku/XNJx/X+ESiUdrgrUkQ==,type:str] + - ENC[AES256_GCM,data:2VZI7y2vXw+Mfw==,iv:WjOXAbQNHjxSO7EKSZT6ZORhxDDrgehs/xQv7YMpUWE=,tag:nK0GVIvek3n6yBiB+ZzAEw==,type:str] + - ENC[AES256_GCM,data:VChsYnA4ttvY,iv:+PqWUoGNnW2inPhsn46vqEiM46qT+qvrK8WsLJQImok=,tag:q+besRMzTHa9Fo7/Tcj4TQ==,type:str] + - ENC[AES256_GCM,data:HLWxuYIARtZShLqf,iv:3xE/MgkqUSH/cUfgdhNqxJ4HOvAbmwlwpLtNHvUz+Pc=,tag:k06MgiJfHvPNe2x9PCSaHw==,type:str] + - ENC[AES256_GCM,data:hJVwDoQt0FEtffpUrl0=,iv:QXv9tqAwsdk8Ca63Jp2dHOBx1MsE2mLsA0n/0+S6YVg=,tag:2g++Ny+xEDVyJ/Z0ogUb6Q==,type:str] + - ENC[AES256_GCM,data:69txdUyywewqv2AFXHkHygleVQ4=,iv:+DTrDMSm64rWVDOQuA90MKPZskTXfh9vHJ/V5ZuNL+s=,tag:zmH+JRuFgNtZMp2wffbcUQ==,type:str] + - ENC[AES256_GCM,data:JtHBdfiZxmyK2qpWeds=,iv:kXpgDR0/uW45hbZ9QN/lwq+n6F7TKsq7vdtIenMD9PI=,tag:UHTJ7r3n/u/ztxeA64vyeg==,type:str] + - ENC[AES256_GCM,data:dD2EGIFyc8fgCQjmQQ==,iv:CEl3ZRSd6YDAiM4sS97WaDZHZiaSgrEafMUbmaszQhs=,tag:syFRvC+1UcHJe/KGnW82ww==,type:str] + - ENC[AES256_GCM,data:lWHE3eeahm96,iv:g4Uuf0mypvHxwsHdE1vdSv8I5FvcJLCSGaMebyJCOMM=,tag:ZCApFBMdXnFYzUM+pRUe8w==,type:str] + - ENC[AES256_GCM,data:PDDsgfknqCJ8SBqCA9iEVA4JYA==,iv:b/boU2r8dC9npMNGc7J1Y73NA8h8uxuzpnPgxQxtVJY=,tag:gO4Iuq+/hNNm8hlIj2DfgQ==,type:str] + - ENC[AES256_GCM,data:w6usFv9t28VFiCY=,iv:D61Ilx47bJSnE5o0/xW809yPr4EM50E9EWxHytosrpU=,tag:ZImzJVahlYqpBppYW8StiA==,type:str] + - ENC[AES256_GCM,data:UxUT3eJK,iv:oP5IiANOyPBwSXL+lkDv2iL36Cz913wQORdPNM5b1Ew=,tag:rv4FJq3vhCxbumxRK+CGNg==,type:str] + - ENC[AES256_GCM,data:7wuQG3U6,iv:SJ5QXI6G6N+J5xlDDT+pE47aeg4qDPiKb3abbUd5sqI=,tag:OZT3vcNtl3aUb1Rd7n30fg==,type:str] + - ENC[AES256_GCM,data:dcV9jKlJT8A=,iv:yqF2Mz7Tzk1zcvwigwFBE7HyetsBbO6c3A5oAuIULF4=,tag:+vS+TVj371fbd5iUIDOvgg==,type:str] + - ENC[AES256_GCM,data:pwX6pQuIGl1fTxxKNTS69A==,iv:NBFW+JCLBaxGYCCzp8omieWxtyBMNe/ms5p77nIf0i0=,tag:y3hI1Dm/K5IQzBo9YjMXcA==,type:str] + - ENC[AES256_GCM,data:EZ/w636S09Sz2dc3CQ==,iv:N/f9ENbNJ9KY5rPgVe5KF7pIrxn192XCt6sJ3DaPaKY=,tag:sEFxXk1QrD5ezUWEqvQePg==,type:str] + - ENC[AES256_GCM,data:6Nt6BtU8ZmwR49SOTtlI,iv:2CD61uywH6vzl895ESyusAkmdAesl5uL+bLqC9TZCRM=,tag:V4+w4N6p3iS3A6kNgJVMiA==,type:str] + - ENC[AES256_GCM,data:SeaYq7VjiXbVFdcU9xo56w==,iv:huzRm01YkoLJfnPFOp34a9qjYFZXUlpFMdE/ugy7DCs=,tag:XsETQIJnNn4a0K9RZ0Tfhg==,type:str] + - ENC[AES256_GCM,data:/CYQbwnHWDxgcQ==,iv:qyXw4udqiDScASkD+bz74u/P2VPQOy7SK1iw6EY0R88=,tag:QZVL14mNLDMOHPzoMZPKSA==,type:str] + - ENC[AES256_GCM,data:8jBx+0oOI0EcXwk=,iv:TcFWE56WIK/koUK5bv3E4+SqTvISqMiutsUupshGGVo=,tag:tZoUrcQTsBI33vlbMHQdow==,type:str] + - ENC[AES256_GCM,data:2YXjTIB7Wfx3ZzXg,iv:+SRw3lkKUqtUy0/CeOxR8qMlRHnKFb275Q+KWePXqLE=,tag:gMkAldKTkIhGPt3q7xlCAA==,type:str] + - ENC[AES256_GCM,data:HawqXBjQ+cSeGuUk6s3Kmg==,iv:rUnqdr80dTLqctDjL0XvMzLhjm+T93MS0uThopWLVuY=,tag:BUgpmy+dmauoHGZ+Ne6DKQ==,type:str] + - ENC[AES256_GCM,data:g0D1fGhPoQkXST4c2Di3Ew==,iv:0zKNY4Gvsq4oC3pGzIasM8YCuL0F0emVEzDNC5aK0+w=,tag:A7bGEll1ZYDKDETWZnEaWg==,type:str] + - ENC[AES256_GCM,data:aVGzW2PTFDnZIBwv3g==,iv:M68IH8XIC2r/hsjz83JK4EyI6yJ3mhtC/7D4fdv417Q=,tag:D6kVcNK+DeO48I8wo5DNCA==,type:str] + - ENC[AES256_GCM,data:h9TNFyBc1smO4lZ7uQ==,iv:4hPEfv9mI/5tISAxs5qUI1gZKncC7xQZfGTzyP+DRSE=,tag:lVRSQXVaK1BFCt+aq6746A==,type:str] + - ENC[AES256_GCM,data:lP9rAW0qo4uBzTiK,iv:dvzzrosfuTyV5HSNKj8G07gKZ/dYBYAFrSGKLV057vA=,tag:zFoRyJwtKMqBWVh4Plz66Q==,type:str] + - ENC[AES256_GCM,data:iHR/crm4KN74t2SUtSmAqQ==,iv:m+6Xi4X8/7oWgiV4bAsaHNTkYZ+4MgT8RMvEzQl3XFE=,tag:nGEdRT5dfBa5AO+5lmBoNQ==,type:str] + - ENC[AES256_GCM,data:Zmr5L4gWBtwRTWYKdN8=,iv:nQrEX1eQvXMhcOhN9RgcuahmKIz8c/UAMBRfBvd9/pM=,tag:F+qVahFcG52dg3M6+Xbt7A==,type:str] + - ENC[AES256_GCM,data:P6DySwQEKr3V29TBAw==,iv:T19LsXmpy9EFtU3H+xHfacMTIbj5rnXyf9FZulEKRxY=,tag:W4eQrumUyOzGxONtlcwVMw==,type:str] + - ENC[AES256_GCM,data:NTa74GB2CFK8,iv:jidkWkaATpsp7lgCRIwSRyEmU8jkDDaL64Omsn6cIjc=,tag:yn4/0QYhlyjSCjEtgA0lzA==,type:str] + - ENC[AES256_GCM,data:J20Z8HzH3L7F+8EYqA==,iv:s2VG1ncEGf/lwZho9CBFWOndrZw8oXAyOtB87c8LkT8=,tag:qzYyDfn2Z5xqrQhazxq06w==,type:str] + - ENC[AES256_GCM,data:PP8K0XDeDsgbpuuV,iv:JY0eDp9wPmshMnkKruvdEnUujVd4afWxsyCrn7sMnAs=,tag:Yx3Db4uqvuO8cLjnht57Cw==,type:str] + - ENC[AES256_GCM,data:CU2siwzpvzKrLEI1tx62rw==,iv:UXgiQVJtngwFGLiyw/7H1v/IH0XtR8X5fH1XgonFgRQ=,tag:3WPFtsNRss7wzlmOayvnTQ==,type:str] + - ENC[AES256_GCM,data:hfN+pA1NG5Ck0Q==,iv:FA+1LoaEHoGMMjA3RP4/a7zgMv+Qzwo4mXGc5Lt4CHA=,tag:vJ7KB5M9lsmrURiNWuKndA==,type:str] + - ENC[AES256_GCM,data:xmeWMnYiFjePVCwuR2E=,iv:/l187PCjINjGAQs4ibtCJs975+joCO4q4SvEc1oWHHo=,tag:RkX5o1s1k8d8nxdB6yODAg==,type:str] + - ENC[AES256_GCM,data:mSh680q2AQ5UgMhv,iv:wAxSoyCcL+AtSnZxKVjPsyfD3+uk6+zTvhtESL6jdJ4=,tag:OODy+cSvXMwHoqnSZN1zlw==,type:str] + - ENC[AES256_GCM,data:DxwGZN8VgBI57Q==,iv:dOd6W9m/0JVMZxqNdiH7yEVn7RVSY53gr4Lj/HiPF+s=,tag:f4duq3mji89MZnE95trJtA==,type:str] + - ENC[AES256_GCM,data:/HJ8yquFkjVVDZuSaw==,iv:mEcIJyeacfNCU0OWTDYboHkOkcn80KS47hp8t0TD+SA=,tag:3/B0Eri+iZGAwLMZjuM8QQ==,type:str] + - ENC[AES256_GCM,data:Pt6JKaSDVALH+iY=,iv:B4QWUFCXULF01mFTG+PkJl8UOQQVmVlTMkGkEzDfRTU=,tag:YsRnQb/wxi4d+Z/YLxAAtg==,type:str] + - ENC[AES256_GCM,data:YutBQ1ldpUuE2Ebu,iv:ukBgV2+ti9mnAZqhlVB/fUxuLbEb6DN2+z8LaVjKbx8=,tag:kYeEH82qptn1ZJV3ZEXYKw==,type:str] + - ENC[AES256_GCM,data:5gu/RatbpBrQDBIH,iv:B/lv7yJvMPTeL2FPs0EdnSQWpqvOTGKp0HCB4xRJitI=,tag:Xzh48GO7NnlqQc/8gLZJ5g==,type:str] + - ENC[AES256_GCM,data:RsPQFJweSHSgYdUJ7/o=,iv:POHo2i7Y8zrycet3Buz8Aso+9xgARGlkaComqVj9V+4=,tag:N1NVs7YAZRYgtHz4whfx9A==,type:str] + - ENC[AES256_GCM,data:UjZPRDvI6ZjwFWM=,iv:bdvy27FV1kakmDq6MHgPKKNaGDhj+De7drGUyx5KDRU=,tag:ysbksRC9sfzSQL36S355EQ==,type:str] + - ENC[AES256_GCM,data:SY2VhjNU1WUYm4BG8A==,iv:fvQ32P+SIXrR3U/kcMhfKmq5OESOFkLLVQ+YRJGY5b8=,tag:duVC65IMxezg485uv/4RDA==,type:str] + - ENC[AES256_GCM,data:sqGHiCOEbFQNfejPh1X6Gg==,iv:9BG3F1ZXAC8PW+goMdNQjkapClRuA7r0UeolzwAjdcg=,tag:2CRt/0XkcZ8Amlw5NK09zA==,type:str] + - ENC[AES256_GCM,data:sGYseowoiGyRwiY=,iv:tjMgqJoXeug3PtBJ7U4gQjGTQQcwiDeE2bjRoX0cWO0=,tag:eBE1z2lzvCsMT6pzHhfRmA==,type:str] + - ENC[AES256_GCM,data:ky29CnR36xk=,iv:HGjSgvzkh/W7lXTma+FEmL/Jmce6tXxGPyxWhsCDWlc=,tag:BIyXnsRsn72Um5NxVceGJA==,type:str] + - ENC[AES256_GCM,data:1dLi0orXPfE=,iv:BeUJwEQZSxWy1I5PDXOeF+QtZ99sJt5TKWzSXSQnRHU=,tag:EiLqkUa6f0+al54AIwHf7w==,type:str] + - ENC[AES256_GCM,data:L8v/BVDOkvU=,iv:Pl3RNvh8LA665JH/Mkzse20rwUjGerQYiss+aY+G+9A=,tag:8AjaiKZ5IX4rTRDJyo8j1w==,type:str] + - ENC[AES256_GCM,data:5eLrv/Qrtpb/,iv:6exT7ZdleBUr2PlyJvzfGdzLXhBWi6DuPwDTLsiUS6c=,tag:0+zhPskg116gKc1z4mcKyQ==,type:str] + - ENC[AES256_GCM,data:kwiM3CDrUNjPv4b9Jw==,iv:6k9EOEgYa3sXTN1H9vg/l9GIq+5iVLTfBPW2c8xad/o=,tag:953sWXdjSj4OP5WdgMSbCg==,type:str] + - ENC[AES256_GCM,data:KkemzbBAzJI2K8b3,iv:nn1fG+Tpkl4LNMLFcfTA9B46wOa1b01chqV1t3gxaoA=,tag:/geXG07Xca7v8LZRe84ydw==,type:str] + - ENC[AES256_GCM,data:n6IAJ0jNSCDfcS8=,iv:jU6g5DutnIUHddrb3q2tWN6VuXOzKAKzYw9m4h9mO9c=,tag:oG7AHgCYE0ShA1lL6ujgRw==,type:str] + - ENC[AES256_GCM,data:idcWp4mH7LGzYg==,iv:RK0KEJaIq7QJitlHzzcSq828hmNrO8flC1ZoqBoDEVU=,tag:CRXUEC2QBadZwM2Gi+atag==,type:str] + - ENC[AES256_GCM,data:ZjIXCfgvZ6pSc0w=,iv:uhUACRqAii5jWOBHhWOnOylrcLBvNGCS15hA24FikTA=,tag:Ncgnz8KSA1UUkUOnfpVIug==,type:str] + - ENC[AES256_GCM,data:H+PFY2c9Uw==,iv:X/UtY0p7e/5g03ete00r6GLng6RkFb6wZm6uyQzZ7Uw=,tag:uSR5HXTu9WCPoqq6DXaSnQ==,type:str] + - ENC[AES256_GCM,data:n7+lsRXmYhDsWTS+uQ==,iv:ldlrGU+2d8Ryj5PUe8NKK63pn9bSaL49Y8n9oLhoLQQ=,tag:8sXDNIb1VLOOAucIjMtjyA==,type:str] + - ENC[AES256_GCM,data:arrfIiIFkb49E3UYQA==,iv:wPRn9y6NW9Bw5Bceb+uSKoZ+n8t6eB2r1Q+xVw4EEIM=,tag:xaysQkjkQdnmZ8DyzQivkQ==,type:str] + - ENC[AES256_GCM,data:6PcLCEE7Ee3PBl7iKQ==,iv:ixL2Smnlh4UZV5W9yJuBA3shm93cvivBu4FqDL4S6qM=,tag:XHVNnS/XYsw9ENNk/4rr1Q==,type:str] + - ENC[AES256_GCM,data:dwhzvVpPd+9P/Q==,iv:5542FHfhMz4+6ebL9ULvOjULMFG4SSenI6oA+C0tb4o=,tag:3DGH3eWEThf1W1xN866q2w==,type:str] + - ENC[AES256_GCM,data:IX0x9bHkwuBbKpNScw==,iv:+xGPEw/ItzWARiCN6qIsmiR9GkU9Ix/kY6yln3ZYfrI=,tag:2yhybZv/ebNt5T9sErih7w==,type:str] + - ENC[AES256_GCM,data:ZHaAG+0M6TagMPUb,iv:L++9NleeZCFh+eJEOzofLO34zmREtHEWPcwDDyg06Ho=,tag:hDYSFcT3zzrFkm491Uw0ew==,type:str] + - ENC[AES256_GCM,data:2NIV8E/rjaP9vf0sIHH+,iv:FPAnk3Rkc6qkep6mXJswpPykOwc0VHrj6+aflZ6KMJQ=,tag:zGfmsk+UrxXZ8qoWWY+jrQ==,type:str] + - ENC[AES256_GCM,data:KkzQriCM9r1FM+A=,iv:V+qmfhik0XT4o5IxrkOHLs0eBh1PRpFYOM94ZvFUpxA=,tag:okppMaQDHbyjPe82lv9gKQ==,type:str] + - ENC[AES256_GCM,data:yyJwBx/K0sFxCzuV,iv:4nhDSKj9sZV2luKBbTneT5W7zLyhn62kNUv4np8PZ8A=,tag:ur/pOCMS9qPp/nWFO6XhYg==,type:str] + - ENC[AES256_GCM,data:WaaFUIlk020+,iv:X4VOTk3zwe8xWo1/Qgo3RpMXc7rSovU3wLOQ8UAka3A=,tag:lKXnFXO1MY0/D46rwX6WxQ==,type:str] + - ENC[AES256_GCM,data:DXHhyQE4KLwTfJrDNxTl,iv:yEta9WRx4YOfAV9IvpdxRfI3EM+g+CwrthP5xJ4cbuk=,tag:XJ5bEL61zPVGHNH2P16CCg==,type:str] + - ENC[AES256_GCM,data:p9SYjOJwBN/+,iv:5M2BLrLXmJKSzxG50mr2R+cmO0WhTiT69jKjsPbYkCg=,tag:iFT71IPExLB6UNX9jz1iRQ==,type:str] + - ENC[AES256_GCM,data:QwQeiNiYTZKK1DQ=,iv:lvXallgBn7/OzI7L2OxvnMsCAbtCi6EfHerd6JRkyyw=,tag:5HvKdiy8xe6y/qlu5ctlDw==,type:str] + - ENC[AES256_GCM,data:Y1W6BCQ6lqYa/hY=,iv:n5LTcAd3syoFm7lDRtySafLA4bptfNL94imenGi7eg4=,tag:cMzWN2t5YYIPWcPKf2EfRQ==,type:str] + - ENC[AES256_GCM,data:/X3NPL/g3iUd,iv:wpp+4+3VyVIq1teSQ5/z7Dw3bZU2kcfL+ecarHEhk1U=,tag:yDgwickuNPaawTqzXpm5eQ==,type:str] + - ENC[AES256_GCM,data:6+dXUDK6YUB29uCz,iv:zoAezRMZHHfjGQULxg0CNcrXSPhIdrAD/mBhWhK54Bg=,tag:p4woe3TP9CfVZW3VH1GnPA==,type:str] + - ENC[AES256_GCM,data:1KIhQtiaQlZYhVWuEw==,iv:TYRSlRRbjV/zwzkqIFd44sZixYpeGM9cAIBhhcb4q0E=,tag:bqzefi8DW1NZkEgXym1MrA==,type:str] + - ENC[AES256_GCM,data:A9vVG8EDSOYKEMiA,iv:ryMfYOm9uXejMb4Ms1QFrMb3dwEaQ2ykHx7J3h3xwAs=,tag:50E/WODuV0aXDCNS4AqbNA==,type:str] + - ENC[AES256_GCM,data:vdua3pL0gEaMOCi/c/0=,iv:2hwmVO55OnTCRb9Lz2iVRNzAQn1Vs7lmdW3OVbp8ZO0=,tag:vu0zPUSgAb21t7DbR8BpRg==,type:str] + - ENC[AES256_GCM,data:mnv/a1QH31Kpkw==,iv:2ntPDiOjwxcN976MX7+Zsk9AjnxfcqaZhFy+Uw2Ht+o=,tag:FQKRWfJDXRDP9+iXsPQRGQ==,type:str] + - ENC[AES256_GCM,data:47HEaZzbYtX6NpxM,iv:KdbsLUbwMrk6VcRWOIAl5x/8dLJEjtQcY8gPdpxXNDM=,tag:klgb9YA613yEDQ+AcrspyQ==,type:str] + - ENC[AES256_GCM,data:0OvTHyXKiMRNbQw=,iv:+inBhUvSYCk0gM6aFcO/rQXB55hSbmMr5viVQJLlyUE=,tag:xGuGU+vmp4PWca1Ff5L84g==,type:str] + - ENC[AES256_GCM,data:566otb4TBhY=,iv:h23NsFqYxPSPf+2xfJ1vLHDIN65t1kJBbwYAbcYht60=,tag:bEZyKzCfbAQ7Crt2tNTPYQ==,type:str] + - ENC[AES256_GCM,data:vON77GDwM/LbF0xxtw==,iv:NmdKqd2UuEvjlliKl+R5FoQGglXc8pR/DLHlB7IKMIg=,tag:P3TSdjIBtWkSKFRlHKsf7Q==,type:str] + - ENC[AES256_GCM,data:c0f/IrnueHH9,iv:erdteFIjDj4ztRCW/xaPf/N0G6h+A9XBzRzX7ioVcKw=,tag:eu7eL0+BoYI9Qg6uSf3oOQ==,type:str] + - ENC[AES256_GCM,data:lov/EQpb6YkJ,iv:3/OSkCI1gedvrHvcbDfHYjJdo0Ev4y8IksqzqrOBYC8=,tag:paqThVTwIAkQ7TwlkrMlng==,type:str] + - ENC[AES256_GCM,data:Z3HSq0zB2hXsUHZwlXGS,iv:N/ov1F6vnL39zAnpn5OAyiA34+GfAYJn4/XfXKQq7M8=,tag:UTr+BIU1XCVwoBTfzpW0IQ==,type:str] + - ENC[AES256_GCM,data:c7ls/1TI98sfZs0=,iv:Ocb9cpVp6n4ymNjXV8PhwbdIhN64ERZnHnEqFYdd/ZI=,tag:kUGGotu1wI9zZf/agPHQfQ==,type:str] + - ENC[AES256_GCM,data:RECC0cZ3orzsFw==,iv:i1FJTPgEdY0EIQtygtLx1BTpaZVoUiS3+QVbDpXJlc4=,tag:HbcXjOLk09OVNaUmQoTuWQ==,type:str] + - ENC[AES256_GCM,data:NI8VLtv3nCbEEUk=,iv:C1L3MJlQS1YG3NduWxM52lm95PLBT3Zo2OQz2TReI9s=,tag:G0nM1A6Q7gdEJL89Ts49EA==,type:str] + - ENC[AES256_GCM,data:Qr7pFl73ravFRQ==,iv:krPFdQhhThi+klaHavYbo24xNsDwW1zAz50PvpMCLnQ=,tag:4xe1snqFkVGxPQO8IvxDNA==,type:str] + - ENC[AES256_GCM,data:igtJoXZv5yIS7DSn50s=,iv:VS5f3HktBBZkr9A7sPRhfjQGWgB1enGeHzOdrpKNxuc=,tag:dlZnzHwQpOb2qBv6dOEzTg==,type:str] + - ENC[AES256_GCM,data:qaeAll4JmbA=,iv:f/f/aOvLwMUx4AeP/tjD79BqMzR8FfW7eKLhUGzamNM=,tag:XwLVPYOL3jHTPKXWDGKnaQ==,type:str] + - ENC[AES256_GCM,data:J2WmGT3hEGNzDund,iv:uNud4PhM4V2XAtUidLClgFujMY5k4YSlt4SlC7Ghp2Q=,tag:cIuz/uBWJ56+5uuewzLqDA==,type:str] + - ENC[AES256_GCM,data:uNQrZfjs7n5m1+Hr,iv:mgY7iNW4jCtNp0XwHTcApyMWoC5gLgggQHCsgjhNNQg=,tag:DzAUS0yaCykaHp19GI897A==,type:str] + - ENC[AES256_GCM,data:ALhNL6M/mTDZbG66,iv:rw28x7ANbDN8+ueaUx/DPnebdvBY+xAHgxPQagkURQA=,tag:KCrNy4irP0tsgeL6rrP03Q==,type:str] + - ENC[AES256_GCM,data:LiQmNxioT80=,iv:yteP6otFq774IcJwhwVPHxr+F8lmyRLGKeXKN798ViM=,tag:goKJ9RlUEKyI9F0z4DANxQ==,type:str] + - ENC[AES256_GCM,data:obg+uQhrY1M=,iv:nl5MKMzsYjHiXkj6bnSCgcoQSKlwUTXjl6UZ585wgY4=,tag:ckfdTOwxa91lI28ODS7tiw==,type:str] + - ENC[AES256_GCM,data:CqeSK9F7VVkAHb4=,iv:VjUzB3uxH69UOKv6FXtMOBAtyMqcolVkr7PkIc8mlsQ=,tag:Onj6Mop8RS9+vhT4FO378w==,type:str] + - ENC[AES256_GCM,data:lAHXgkGIsDP/sWIW,iv:fpWcD1ayHx+z856i9QkahpbGGgnOr08F2Dhcv6axrX4=,tag:Ma5cUW2sq9UwsHWUb3vnXg==,type:str] + - ENC[AES256_GCM,data:PeZ9AEEgoVVLRmo/2omx4g==,iv:rd6rXroL5lH30+VjU6TDtNJUUI5cmpSNpwDBV4K4coY=,tag:2p08ogC6gEm2TPzSHBwMQg==,type:str] + - ENC[AES256_GCM,data:vJPjs+p80sbkOg0n,iv:blat2P9buBcEmygM4j7dJWlxoynDxB4HPRJxtktOv8I=,tag:rF27Wwr0V/yB9Yjz2nsMew==,type:str] + - ENC[AES256_GCM,data:aoin8LDumMjuRBwoFQ5cLeux,iv:9OkS9xBnda2ipbC6Gq00FZYlZclCmaxyJnRg5yOKdcA=,tag:hPw3jmljOm05iTBqOCI65A==,type:str] + - ENC[AES256_GCM,data:zKfFKHu1gfljvo0=,iv:16tHfAFwu8/XvF7muflHi5NPokNJINk7ciUDFF2NRKE=,tag:X3p4yHXXH+L54KIVnrA3Og==,type:str] + - ENC[AES256_GCM,data:0nePECVlSnk2dHyqcw==,iv:+Fbhpsbp9FJwrzOJfke8TOFlhlSjwbPSDYjf7xKerFs=,tag:iukHROwGnDAYjiKo73CePw==,type:str] + - ENC[AES256_GCM,data:KVpBhw857GFwxtU3zTyPdQ==,iv:XAyvBWSTQr6hkfKP8jbgY+tQ986M0NGummqqwQNZJ28=,tag:rrFDublPWkaEm0FGF8+Vmw==,type:str] + - ENC[AES256_GCM,data:9T3uhe8GXYUwkzw=,iv:vIaQCkIaEZN+9Qi87ac2iLAs5uzBvtSlaLO5Y2y2aPc=,tag:BMjKp4FuzHS6K2PurFF/hw==,type:str] + - ENC[AES256_GCM,data:Lqm3ZZDXhd62wW8=,iv:sUfuCM104/MPP+/SWYX4lXkamV1j5ju3y9qnewyQ6vY=,tag:46Z2EWhGkFu3nWEH1jrfrg==,type:str] + - ENC[AES256_GCM,data:iXb0N2Ygby7N3Jmyem8yTw==,iv:2BT6UXkMZvSlHwAHqKyxrJvRV3dj4QbVMpwW7f7nRcg=,tag:oqq4g4zJCjeiJnQd5RLxVA==,type:str] + - ENC[AES256_GCM,data:aPqECjNdOh5Ew/PX,iv:hLgI+IvVNwY0NOKBd06dCQc/fp9DeuAHxXOq3AW6U+Q=,tag:W08jwCX95kMaedhL+48MrQ==,type:str] + - ENC[AES256_GCM,data:9VbWfjnchtdWn2+X,iv:oJykBlGZJR9Zb+q59V7r+Rrs2H3eORv5hobLfpR8GQE=,tag:Y+stMxonYYVwdsqjrst7ag==,type:str] + - ENC[AES256_GCM,data:NRH63GhCjSsr,iv:3o7z3nlBjibZv3XZ1kQwFmhhb3wlPVy7ulnfy4lzj+Q=,tag:wE9cZtEI8z0nD7gSyuzBfQ==,type:str] + - ENC[AES256_GCM,data:4F8ySbUx2ubN,iv:DoglmmcYizZsLL+imKyr4ixf0bqf16CSqquZw9JnZCQ=,tag:N3gG+XpLG4MycUshRzguOQ==,type:str] + - ENC[AES256_GCM,data:75ponJXsEueBjvE=,iv:++AkOT7Nell44PojnqhlyAiLbAZHbDtf8QBDhpxkSHM=,tag:o/Eh1FE8dDGksxpVHhI3eQ==,type:str] + - ENC[AES256_GCM,data:/W/cb/ehIC3gSG2sTe7x,iv:IDZ4JRVZxcqCS+WVMPtJuygGOVeCNYLYF/YyySacbo8=,tag:1svEYekFkDi3iMjmt/L28g==,type:str] + - ENC[AES256_GCM,data:SUOhQKA73mdmeg==,iv:+mRZgHYc5bgbUbUiTcekCNPP16POZd32wn6J5N4gkmc=,tag:qTRka3Xh1d6MqfB6Gr3Q8Q==,type:str] + - ENC[AES256_GCM,data:4xV7DVyGNR7PWw==,iv:XAYeJLb6iqiHrHeRLdcB9DuhfhiOp1PR4HiNVw5Ju7U=,tag:NJ3i3Yl1iomIUasMI/wfEg==,type:str] + - ENC[AES256_GCM,data:Zl4SJqVoXZL5kiQ=,iv:PaBofFk2fZ2H12pV8xzlBGxn1uUNZVqM+15AV8DgBuQ=,tag:JGm/Uy7zZ7WuWYb2UeutrA==,type:str] + - ENC[AES256_GCM,data:k5+bSAAm+quaeP66bzA=,iv:tbMXRECsKGRht8jIZIx4+/6rjSLFiRJAX+hEpoIeQxg=,tag:k804JtUpwE0vMGvdbh2d9A==,type:str] + - ENC[AES256_GCM,data:8JKPYNhlJ9uRbQ==,iv:ipvptElVKtkpo30uhjdCnln6mwIAePt9fT4PJxBeOAw=,tag:yu50nzZHVn0cRH8neHazbA==,type:str] + - ENC[AES256_GCM,data:/5Uah8RmyZl5jv01Ll4=,iv:6Qzu+xyIQZm87mCSe3O3oLpp2TQR2cqumE0UH3uJMWY=,tag:xAsuCr77XaBHdMrT5t1X8Q==,type:str] + - ENC[AES256_GCM,data:6wr6um6vXEwdXNqP,iv:guDXBzRWqHxgLOBLFN0dRetGCUa33pZXhvmX3ixPak8=,tag:MRX/LGZl9cuuyCRdiTPDvQ==,type:str] + - ENC[AES256_GCM,data:4nBHUXG5cfBUbXqohEOuhP64,iv:7lvxmAih/xzFoqkLQQzsKEnVH6moJr/1YR64pQ3JIsE=,tag:StgRX6V4RCpOjiLRppTgcA==,type:str] + - ENC[AES256_GCM,data:a8lx42EkabozD4BR,iv:hvlfht1+fRx3MaETj84SxPAHkyRYow4vCMTZMVyQWf0=,tag:3IebW1xNS1PwEEdBO/THMw==,type:str] + - ENC[AES256_GCM,data:F1J+RS085eE6LW8=,iv:VYSsSmqTP+qIZrdiwf15JSbqzrDyZaLGGQzmweVEzBk=,tag:xEiZLhrrAIlpLHiZrw11lg==,type:str] + - ENC[AES256_GCM,data:DKg84g2QvtVQ3w==,iv:4jBRmJLvbjEAMrHwYbQbQnu2l4dVFoRlx4zhcTNPnF4=,tag:p2nyHOU4/bejVYwefoqFVQ==,type:str] + - ENC[AES256_GCM,data:xW+9mQ8iA+plj9DPNhXItA==,iv:d5A5xD3fOpLAkAHzyphdM72+Ld/CyhNOt0vH0ccFS2M=,tag:2h+xmysq0TqbXfirtRl4rA==,type:str] + - ENC[AES256_GCM,data:84p97OsWomypfR8=,iv:1wK72NQE5lAahvzYN9DTBB5gQRjz4uJuoPsmXj4rMJ4=,tag:PF4xcOy/bkwGcZ9mAqJLow==,type:str] + - ENC[AES256_GCM,data:3KX9ryqqR2lvQA4=,iv:yX3qICH8vmlt6fhW7Gv6zZ8/v5wAn56H2a0FiG3N9eg=,tag:YGHU+BiMSKoaODpmrSiiQA==,type:str] + - ENC[AES256_GCM,data:JQq1vnyybC8GxchaLBM=,iv:2rVs4Pttgs5s2dBHce6UlxDlqx28wJD5y7BqMYxwQb0=,tag:1rIUegi1Iajg63pgHZ5LFw==,type:str] + - ENC[AES256_GCM,data:6R/pRxZ6fWxzJlSBuX4=,iv:Zc2gAHu5AiyKzNb8o1DKb9cdPXCu4oV7JlSXDpOFQYg=,tag:FbqJwyVtM0pjUCQtUQwO8Q==,type:str] + - ENC[AES256_GCM,data:dkZVBLGhLNVQLQ==,iv:uyBLjVGpyNeDMRxMrMSPlU6rfIyI+XUHAznm6fX9Bgc=,tag:clfN3k6Mn7NvKUM1q8KeLQ==,type:str] + - ENC[AES256_GCM,data:DicsFxGYhrs4ww==,iv:8XAYleZCnynj6StPxCfe5It6n3dHqcxSn8oYJEdpHWI=,tag:dmeBgBOy0PO45P+DBHztPg==,type:str] + - ENC[AES256_GCM,data:R7oIgrlpoR9f2Q==,iv:lh0xkjCMPh5m8G4rvnWpPGZyS89OUVkpDGOICEs5Ejw=,tag:9OoVK7rSpacRd2udxuFNmw==,type:str] + - ENC[AES256_GCM,data:xMsXjRax7x6AvWs=,iv:OxrlIYvj6S0BOjnPwZy6W0YlN9cs0335lsmxPo0z/Ng=,tag:qHDcGkmsWCt5jgwZwzs0Gg==,type:str] + - ENC[AES256_GCM,data:bqSjueGq2kg=,iv:l1LW47A76olPWC7jD+d7gGiJD1NnytYNQDrxIQrAy8g=,tag:Suf31nXWKJmu/ZmCgbGokQ==,type:str] + - ENC[AES256_GCM,data:Cf5Kpemh8FPIKVJChk4=,iv:ukHjesTt7ZzzsnEukSmHONeHncg4zwsfUy5iWbaRt1I=,tag:IuW2tpTaTXMj/02uxCgidQ==,type:str] + - ENC[AES256_GCM,data:4EKuq9y8pLr6oHk1DQ==,iv:Qv1AqhTIYxJUFUYSTkLTC6gQc1Nl8jiMHgLw+T7JJqs=,tag:o66HeMjIA9AlGQYLv+idjA==,type:str] + - ENC[AES256_GCM,data:VriseseJ1fvBKjeUlA==,iv:G5HYRpVDeLj0khNArReNakFOcOPB2oeBG7/Y15hInLI=,tag:mDF+FzllRDFYWibKJiFSpw==,type:str] + - ENC[AES256_GCM,data:e+qNB1EZms8qhg==,iv:8bl0X4RXkrEhgqxIMx5AZEqXK9+4yqK5wUUMir4+HJY=,tag:9fODbeWcwxgOvyf6BGt+rw==,type:str] + - ENC[AES256_GCM,data:asX5/FHkMvIx,iv:a93HKRj+QsvDreqHtj0O/Cq7QgVDMITm5m/57DtKwWo=,tag:xut9rRd/k3UBHUPBxUnQrw==,type:str] + - ENC[AES256_GCM,data:52q2ffIu2darH9I=,iv:mwQRlez0xmhrr2OLgxxrAcUitb3ocqQ9V4NKAX73WaM=,tag:77FennZSFDWX3zseXJNrUw==,type:str] + - ENC[AES256_GCM,data:w7RvBDrAwurJXA==,iv:oVLg6O5DTrMO6IQyfqnCDmUjsvnO5UyuISrkTQxS8Bs=,tag:EDkXVUkBmhYz1wSZlL1QnA==,type:str] + - ENC[AES256_GCM,data:ee+PYvDCzo958o1cn5sj,iv:ySP+XU1MuEuEHJkHObsfoIqCi42bPmNZz6x+Ri4K1Jc=,tag:BLUH9FDvIy3LRVgxyzb6gg==,type:str] + - ENC[AES256_GCM,data:BIBLY4F9FLzB2z+GvAE=,iv:29txrbVSDBg+SSrwtY16kBYTNUt1MMYJoxgtKBwWIJo=,tag:6g0TaxbarfJBOYc6Eq8P1w==,type:str] + - ENC[AES256_GCM,data:sew1sY86kvFkzYE1U7jyLw==,iv:/T8c9BWvUlRXBfSA1T2FMo2HyVQo8aG4+1QCX+XVptI=,tag:+a8XTQsPkARjLKNg0J4bcQ==,type:str] + - ENC[AES256_GCM,data:+DySKU5JWBuOqw==,iv:ShTuhphTdZqYmx4DvRyMavsC2AWkVFktDg7gkIkM7Qo=,tag:eCK7OJTgqq91SXvoS1oEsw==,type:str] + - ENC[AES256_GCM,data:Se/a1YX3zvxfojNE,iv:djcd6V6SRcx3lnUqmt1b9fcT7TnYFfdyTxEz5OmpZRA=,tag:PnnTfSHf9tHJWze+Q51iZA==,type:str] + - ENC[AES256_GCM,data:mFrTlLtTsAYETg==,iv:2sYI83mokUt7/SD9RM4D3SeIShJJPLCuZSVgr4yFdZY=,tag:IiMih280UPioXztN032ssg==,type:str] + - ENC[AES256_GCM,data:w3swvwqqsltzIg==,iv:B53dl4VSmtYR7WJsytKkWeQUhfa9pOtLQHZEqhsZS8s=,tag:i8Ygj7shXc1OhOxaT8b7zQ==,type:str] + - ENC[AES256_GCM,data:2Y31b/ermJ74q0RQeBo=,iv:KOTS64CQ0z3lhF+cLkkvu1YQkZLW8TzgKkc9usKGQfM=,tag:rBZF8KPsmA7Dq21U4QS5yA==,type:str] + - ENC[AES256_GCM,data:WIkm8jCEXlBM7vxa,iv:mCGjAWQljmBJ4Z+aZid5dziTuyCUB9vmXH5+t6sHb7g=,tag:LDLgsiVWqJyY23xFbexqTg==,type:str] + - ENC[AES256_GCM,data:aEtlnpRmawkiuiVX0qI=,iv:FktSxJvYnPOAZdlRR9Mfv5p8jlaf1wGNtD/df0be3DU=,tag:4TbgYwKaoFisfO8MZIoBsg==,type:str] + - ENC[AES256_GCM,data:fJ3crJPvVsJjhdSQKLoW6A==,iv:2PWRweRXOW1etpDirmXHYP1izskP+PD+YOZscqTFwsU=,tag:1gd1kZBDA1DgvBJyTSBFEA==,type:str] + - ENC[AES256_GCM,data:DQVtLnkgzxChMztPKwqasji+,iv:7+myuekuX1XgIuGGBaxDKFGybnXcwafuK5eVD9A/MHA=,tag:JlDMWbjEH96jDhWSOTulNA==,type:str] + - ENC[AES256_GCM,data:x+6XePaWHqEYq88ont04,iv:9WfnTbeOr6nRQw9LV88tgxzluyVQWkFdj4YFdiF2ZS0=,tag:s0MeQDimMJxDoi4EUXH0Jw==,type:str] + - ENC[AES256_GCM,data:KchX3UxzgO8tPi4e28gA,iv:GpOgcM4xSYGgrmMZVQh8mTiWTEBoQkL2xKg9lx9WlrA=,tag:B2RS2UGaKYfDMYQ2KLtGsw==,type:str] + - ENC[AES256_GCM,data:cyWOOo/nUBoXm348,iv:sY8M0VDO8g2wpUospZuvc5lchu1nsWkZSeikrogl/Fg=,tag:cx4KiRshnMVvLq4fbUucZA==,type:str] + - ENC[AES256_GCM,data:PJ6SSnN/DLOk4QQ=,iv:jkgNlwoGS598975u747MyUQyQ+QnnIxHEPluaXEkTwc=,tag:plEupEa21pvxGhc71+D99Q==,type:str] + - ENC[AES256_GCM,data:meVDEkNfz5j3UTwXoqTnBROljuGn,iv:STc6QGXyBClLFbbF1JfzkO2oFdUElEmId1sewICmozc=,tag:1teLjF3mvaoxXzULYkwxVw==,type:str] + - ENC[AES256_GCM,data:mp2JRdyADxbXbzLPppvh6IOwBXU=,iv:119oHbEieltFTJMnZ0Q2+Gl6Y07UAeFNVi/Z1YtZROk=,tag:yqCPhzDPiE5eXl8Z6F6TAQ==,type:str] + - ENC[AES256_GCM,data:DEGGkLgx28bHN5oJcRcA0v8uBZQ=,iv:W3B04idnMVD3fNpNSRY372i9Gs6Ni06fChX9UDeLrlk=,tag:AF1kp4+wK59m1azOAOXBCw==,type:str] + - ENC[AES256_GCM,data:WFF5K3HUTcHov1A5g2ultlKRcA==,iv:nlfBO30woglAnjzrExOLhupNeVRJYceQqbUnSOeNB6U=,tag:NLyCjIsvdO5g+z8NPYHsrw==,type:str] + - ENC[AES256_GCM,data:QcsfLxzeAS34YaWM4Ib9aEwn,iv:Ck4c9+5mgyIACQZad4kSRfTITRIStht4q+JxcbzsafY=,tag:o4vnM6AAA8/f3M3h/6E4jQ==,type:str] + - ENC[AES256_GCM,data:tuw1hhcGKZujt+PlgVTrXkam,iv:CEBHtDYwDHHQj9fJBng/gNzsqAFXiDxOIOGjgx1BeaE=,tag:S3Ao6GRMKAv0yUnMFCFSIw==,type:str] + - ENC[AES256_GCM,data:b4b96SEH3Ch5LusFU4OJY2I=,iv:IMdxIqFL9dlRYh7ghtqo57GJJt3AWOTsOS7yP+ekW0s=,tag:ZmAn9dPV5qhum2xZGAmSfA==,type:str] + - ENC[AES256_GCM,data:O4+eUVf2E8ppPZm/JO2b,iv:4+YrWTa5PRs2Ec4ZhMHQf3IQ6HGJ8VEF0s7XQA2fLZI=,tag:7S6e2klgEU8hGhAY8vxsQA==,type:str] + - ENC[AES256_GCM,data:se5Hm/W1O+AsN5nI,iv:lxVZp2mEKsDh8glqGXMZzqcuXfaW7gVao1VmxJCxxgQ=,tag:Fu25594+1mmEQfC3jrc6Ng==,type:str] + - ENC[AES256_GCM,data:wC2aOCtjFiNsWHrhiQ==,iv:Urdncp14KnbwpI9sKsu7XQbOkXuzHgDuKRv6oBS90+c=,tag:k94CYVoi/+7jkxuzSwO5FA==,type:str] + - ENC[AES256_GCM,data:FkIW7b9tfif4ifR6,iv:aJTwtPPAhhuHgsxsf+58H+1leA9UnjNC+WKIIEHiynU=,tag:keIviHZKYkfIgEDXz13ygg==,type:str] + - ENC[AES256_GCM,data:/ZKfVMw8SRZHDrast+xz9UHEfg==,iv:IqdD6wooQBx8dv586Xtphb0WaGLW8W5RE05vV/r0VhU=,tag:dGc0XsA/G3tWE7qWqS9RBw==,type:str] + - ENC[AES256_GCM,data:OHmbXORiBWeybg9AXQ1O,iv:8I8MjVlDId1pX5C6goYoOHOAzsy0W37qoA7iBmnpINE=,tag:q34sOrkFKSamLZ/SdlxBbg==,type:str] + - ENC[AES256_GCM,data:JYvLw77D/BFsIcN4Pg==,iv:5FmntB2XbnfmEKIWZSrtlU9cTxzBbiRFi151lbPcU08=,tag:A8av0psUjYBIrteglo2rVQ==,type:str] + - ENC[AES256_GCM,data:XrimpcqtNy6HUe0=,iv:4rAOIwedTFQg2EwgV/J2iVt3Jr2XD4kFX10SELBWsSc=,tag:kHcfyMaS+/HThEx7PDpu3A==,type:str] + - ENC[AES256_GCM,data:Sdukofiy1LinRZzYKm69aw==,iv:PZ8VMt1ZgBvu8d9OQ0lpjw6jl5BviiFz7klV1Ym+mow=,tag:1chp10bQL2wO3eKHYTSKeA==,type:str] + - ENC[AES256_GCM,data:a+eRcCfAFU2SiDw=,iv:AsMd9/Y9tr/84DaCsHzmy3N1+AEryXFZIpfURK1+IuY=,tag:Y/ladRyjx2U5daQ6+iPZqA==,type:str] + - ENC[AES256_GCM,data:gHWpQehG9T16ThIHTRc=,iv:HYDzo7ukDPslExPkX37XgLNFq+rT5AEtR+rUiIrY0o8=,tag:QYQuILsiGKfGAHwDb2jKkw==,type:str] + - ENC[AES256_GCM,data:b8/2fjNhKHPZyLeSHg==,iv:9k59Tjm32c1fKK5vrItPLwlKTNm8mx/CWr2/xsosWJo=,tag:RZEKFhqSkijIdBFh0Bxx6w==,type:str] + - ENC[AES256_GCM,data:ZVGmI5juK1hX,iv:yx9zoBRXbsg0HUW0a8KAqI6wC3u9cew0UgN7E9JCH+E=,tag:zIZe7XAurU5TlsCTsKLFAw==,type:str] + - ENC[AES256_GCM,data:PrrS1V9oO+f5Ezr5W6I=,iv:FWqwHUijqjWhZ2LfMj3xoPGg5FEwcW6RGR9EjSZ0+GU=,tag:i2sCwOFFergJPhozz7oUsg==,type:str] + - ENC[AES256_GCM,data:9cNbg6ikrZufD9Dk,iv:bMV6HowOjMFAZ4CEx8YjHMfT15HdqAlCBqsTAXPyx0c=,tag:na3sZrsiLBemDccOog4LIQ==,type:str] + - ENC[AES256_GCM,data:nhlgPaXd0YWjc/Xcw/Px,iv:iKLoN2MGdo2ov93V8W5T2UrmO0wALb3tp/JVHESSSbo=,tag:vcQNI53B+UpcVsj7zD4dUQ==,type:str] + - ENC[AES256_GCM,data:f/fz+68KUCjv66rMTQ==,iv:gAp+5va095t9+nFzZvIkX9flEg113aJXymOg5FTJDfI=,tag:uSl8VpYM917FAhaPF9NOkw==,type:str] + - ENC[AES256_GCM,data:4zh8Uf6twdLWTKY=,iv:deusymeyaEFPSCoIdKek2yD0vMM4qWbTcDNKcVVhl2c=,tag:mVrZZr+w4qDOL+btb5833w==,type:str] + - ENC[AES256_GCM,data:eXFsJlY5OrQtRWo=,iv:E5qD7UL+IT6icb+CMcgwyKh2n79YA9L3k/0eM53CXQY=,tag:A/eD7m4mBZ7GGA7VNZHfMg==,type:str] + - ENC[AES256_GCM,data:Y0MXrQlk8ayIaqk=,iv:tPlEUrKjw4GzUVEJgN9U/qhM4r0MTVNXrvzM3E4xlik=,tag:qZdidsykKHUmRdnzEs1NEg==,type:str] + - ENC[AES256_GCM,data:WHxhAUUd9E2eiw==,iv:A4ikHXOgbA8vfhhlrIaeYhMI8xncLAEMzL6Hf/3Vpmc=,tag:UFwd4xMgvlg7wYtYrKVvUg==,type:str] + - ENC[AES256_GCM,data:YTt+NIJe3TL9ItL1,iv:xMEm3FnZ0CKTqQaCf2XgIszIt/aUj9HzZsiJVJUKq8U=,tag:4IDtaxpbNMF51bfBYZpKNw==,type:str] + - ENC[AES256_GCM,data:dLdZ/EUDNOum0J59,iv:g/NdqkPMIrw8KIuPZU98WnkKQuiFOiSpii60UHoqhKQ=,tag:lPEVM895oaCpyFFn0BmXvg==,type:str] + - ENC[AES256_GCM,data:/FYKj81nMBK682k4Jg==,iv:cgACezYeeFsG1tAknTisB7JQZDBb+lUYuA0hFblDEDc=,tag:MsKO51z2lSH0lykHd9HewQ==,type:str] + - ENC[AES256_GCM,data:QV3Faln//vo4DFZdIA==,iv:yQKIm/yvk6kOeqkkKqQPHG+iK3nrnXzlXEGXXGtKbps=,tag:stEl4mjFKyQi2MxbltOLCg==,type:str] + - ENC[AES256_GCM,data:cKU3VYJova3SeyL25Q==,iv:8xcqa+P3oAsyQmgkcYyB6D4h31KsR9r8+ViH6NUCrLw=,tag:LOPmhK9L8CfOB+zbZOHehg==,type:str] + - ENC[AES256_GCM,data:qEFe3iXGWoaS,iv:wcnsizpeiQR6beI/woXxnTP6wLeu5CqdN243D+3YEr8=,tag:PqxpJZOz4wTZvM90M+ETxg==,type:str] + - ENC[AES256_GCM,data:nOqS1P5ttrOfNws=,iv:os1qQSRtrV0A+srLzqVCosHKYoPpPMJ4nJkFpG7Ddfk=,tag:GXHHXwQJFrp3yYeWr21cSw==,type:str] + - ENC[AES256_GCM,data:vyuk7DF/85Hrxe9YEaA=,iv:RpQsEWVAqxSJFZF8WT2N72iXjQkySj1I8iaPZBmXOEI=,tag:2kUGqAJRgpFOF3IrtYVWjA==,type:str] + - ENC[AES256_GCM,data:OqeghP8mn15ervS+54yUm2c=,iv:mzz66aD3YmoxTnn1XX8Bs57wBs6rZXXshe3zv7zmN0s=,tag:t9RJR8HJsx0vDzXU1yH4Ug==,type:str] + - ENC[AES256_GCM,data:SUsUvdw=,iv:MpphIjgfHmyAbzHdnr3GUAHXIY+JHeSQ9DlOyxRidcU=,tag:+1Lira2Yfhsxtz/d0pmwAw==,type:str] + - ENC[AES256_GCM,data:Fnc8VzOf,iv:sx1dHuuemgjJXmX0CyRW3wVL26iiUitNsb3CE8nUWko=,tag:XFZRZBwb0Z5JVs0ilwfp0Q==,type:str] + - ENC[AES256_GCM,data:JQWK8aUf/fkKtAI=,iv:Yvlp494wNYqP40wy3wNRGEaNZ7Nc0rpo72QSBzthcNM=,tag:Dz+c1xJ/ZbWmOdq/pj05ug==,type:str] + - ENC[AES256_GCM,data:9XgozKnQboyLYb0=,iv:janxEf7VqrAZc4/7CfzJVMUa8EusocjFauOGRO6IIpU=,tag:UmACfv8uO00HeBPNGy9uVA==,type:str] + - ENC[AES256_GCM,data:8U7AL89xdfhKs3Y=,iv:lGPNRyzN/HRPnFSOdMvVF6VoS9rFftuoHkzWxelzlQg=,tag:WrcZxOXeZCAZWuK5+8G0NQ==,type:str] + - ENC[AES256_GCM,data:URjiSlaBU1CxhYR9,iv:tgmwu/1YtUkMEje+yZFrcFxri44pU/osSM6lkLTfsD8=,tag:acHkC7XUhlTuMlISLqp6PA==,type:str] + - ENC[AES256_GCM,data:IHOcRkyfHXohAOd50WjxOw==,iv:rHTK+0/0ncqXTw7IyI/zEWJDQq5JeSB9iBeskXznWQA=,tag:0Mjej4oGXfBVew19Fqk7Ng==,type:str] + - ENC[AES256_GCM,data:5/PeHJI68PQPoT5fJg==,iv:U+zQ7pCIuZVIwb/ua/um8eBszGj01U9WaoEp2I55vOY=,tag:LoEEq38lvmFBLVTP1+xeRQ==,type:str] + - ENC[AES256_GCM,data:kodHOqGwkymJu6o=,iv:v+9igKGOiQ8FEcA7muP2iOmzhwJc7OmiiBbAxRWI4qk=,tag:T/f1LCLrNtSor5XxfvsKsg==,type:str] + - ENC[AES256_GCM,data:HBSVZ92NGAw3ygU4GNk=,iv:f4pt/Hnifnceyye7znTVgKp7uVDsyLuLAsl1X7UvS+M=,tag:f5Nmx3+CeEmDDqo+p3uEZg==,type:str] + - ENC[AES256_GCM,data:kfxBln14bV1u8A==,iv:cQJCQQ09BC6oLZ1MxUams9RFavrQxfKkE91+htGjAlQ=,tag:GGvitsedgpGojuISAbt/pA==,type:str] + - ENC[AES256_GCM,data:gUUFvQ4so5ouFsu7aw==,iv:EDovsXrf43oprwb4d1dTbhFxcYmpWqbQo5zA+FWhXdE=,tag:g940dd/J+zPgd1sr2Spu5Q==,type:str] + - ENC[AES256_GCM,data:edLpgPvkyJwxkzM+QUAw,iv:j6mmp0wZgC9jQUPUxB/ueb2UMJy0nYHCXyqwIvKCaU8=,tag:6zzUVGtXMF8+pX36kO78DA==,type:str] + - ENC[AES256_GCM,data:EA4u1dXysPOvA6WM3Ng=,iv:hU3zdBjuN/7ny+PjFF41fVVpFhUYtYDma/WZ6K8GS9s=,tag:bjxWe8esFw33eiLITGrnYA==,type:str] + - ENC[AES256_GCM,data:TEdt+9m2Y3S5ysExvkLaQTQheDCeBQ==,iv:bst0n/F83A3OzplmxSlmaxGBi17+Tm3oZk9SkTyQceI=,tag:3UXLcTx3vdZvHmnqLztWQw==,type:str] + - ENC[AES256_GCM,data:WjQ3SrnXHJjCbAk=,iv:ieFGG4oKzTWx0X0YFFfscZrJNP/KhU/aNeW9S5sd+mE=,tag:IvIa3Pt9+8QSW0Ym0LkfKQ==,type:str] + - ENC[AES256_GCM,data:AgQgfhgDdzWggwlDaf23,iv:d0Ohi0MDUwxGAFudWSmOG47LCVKrQpGxe+WrLCkeaeI=,tag:jPq6uH/zHH7PD/uhvV9B6g==,type:str] + - ENC[AES256_GCM,data:xspcSAe3P7EPc3Z6UQ==,iv:zXpBwQf0cG6lr+aozEtaqSvZclhrPVUhisES5qTMe2I=,tag:RfO+1gun1A9/xA4xCo4soQ==,type:str] + - ENC[AES256_GCM,data:NiDe1ForeXlC4ea7EXUB,iv:aZDZu3jZYEOS+Kjt5KJ6Xpz8luh48FUoZxECmgOv4e8=,tag:FGNYe/gI6GFZk9+N2EvD7g==,type:str] + - ENC[AES256_GCM,data:0p26chsPFA==,iv:ZjL1LaqA11OHw2Wpf3LIg/g/0Q/oCoVq8w09e/9niX4=,tag:OL38MaRovRIN9B1SSclcHw==,type:str] + - ENC[AES256_GCM,data:oQfqmdaAitH4UHFg,iv:lAd9SGAJ+9ieNfqeqo3w988Mc7kvmABCBca5ZyrB3fo=,tag:T4R9emny6qYgZg6tM5itEg==,type:str] + - ENC[AES256_GCM,data:oLk4M1N9EEXC,iv:I/qVg1i5mRtPeTNALhwulDXBWPYHPl2dFqTGtU5TH6U=,tag:vIjWo+CJCseAgeqqK4JX5g==,type:str] + - ENC[AES256_GCM,data:+tLLxHNCNsI=,iv:+2Zf/z06nIGSdCDjR2/el+wcMuKysvaqLhNZ6ecN65w=,tag:BPQccSxx+mlIgnTn8HtBYw==,type:str] + - ENC[AES256_GCM,data:9G/4NWCtFIob,iv:vrCCCxlWhX10JQubeaRr5xMcWVsH7SnLgdxxUBI1RDs=,tag:/GQA5G442alQibsQkIJpZQ==,type:str] + - ENC[AES256_GCM,data:2bD0u6jrpEM=,iv:TWqgsvNU2voWUJcnNdr/8V0Dr6AGKsPVF9e58V6WMks=,tag:qAXHdoVW56/nhfvACXVKrw==,type:str] + - ENC[AES256_GCM,data:tT8ZSq9CK9gZ,iv:Clqg4URJLpO8fya7Js/Ic7oOIlLxQhzMG9GKpmTjeu0=,tag:q5aZzmz0j7Puc4pCYqgbXQ==,type:str] + - ENC[AES256_GCM,data:1sSelBD4DsHVZnO4,iv:Kj4J12fF31E4GOpsBqNeliMoE0A3/KwaN56+5yq2IMI=,tag:ZCS4zf3VP+jCnXsrqtT5mw==,type:str] + - ENC[AES256_GCM,data:2Qgj1oJs9hx5S20LlsY=,iv:Iw712KjlCec8SH0MmurCibOs0ScZgtIr08Jn9wuwFZQ=,tag:/p6kUA10WTU5dI1P0VBzMw==,type:str] + - ENC[AES256_GCM,data:Nl/pC2i92J7uJeG6PkjXXjBhkW1tRXzy42Ph5w==,iv:kqVSP5K7JqzSEyJjMQ7wj1bADeUHwXMsvJQtrTm0OBM=,tag:gMTlwYMbOULN14WKy//N3w==,type:str] + - ENC[AES256_GCM,data:qzy5aSvZHWUg0pU=,iv:+P8ilgLqNM7lBWI8FrP79Zpu0voMB70jE2aZSj/M2sE=,tag:GxV/17ONqDJtjQ8TWtc2Tw==,type:str] + - ENC[AES256_GCM,data:KT8KKhfbF6Wd,iv:f3wVuBb8MzcIVAo8o5wYLPKbF3io8w7GvVq1X9NkI70=,tag:TB2VrBloGaAFV3YWIu9+rA==,type:str] + - ENC[AES256_GCM,data:U5hxe1AT0j10,iv:PkQrF9W1875mDTUNkY4D4HrlBxjy551uK5NCsi29ra4=,tag:wiiT2REYbs/QKVbCcxrKfw==,type:str] + - ENC[AES256_GCM,data:x03X9jR4rlZN,iv:39P6sz6Nw1XR3KL4IFe2d2atushRmyno+jKHz7aG7jw=,tag:iXz7bn4leQqa9fbW7C5acQ==,type:str] + - ENC[AES256_GCM,data:mLsyypXJ48pktVVqqBwlW2VR6UUw4Jj82aw=,iv:OfL2+U+bfO903seFQvAxO9FHqN5uwEUu3PurrWehEG0=,tag:bOTWUKFiPGsWqy2sNlM4HQ==,type:str] + - ENC[AES256_GCM,data:MS/vY5QnB31Zzcqm/EZ/,iv:Rb7hXTTUSFcPr2vDxaB4WPm6pDsEXcdNpMeva+X4fcA=,tag:Af4AXNYSe6z5g0E6lFbJWA==,type:str] + - ENC[AES256_GCM,data:RdwSlB7clw9hKXJpSto=,iv:uCl3R4DoDjuKtJFKxQjP6KUvW8D/oYx4DZXw6FzhTBs=,tag:3RxrLWnakZSWtvBQ+fZwzw==,type:str] + - ENC[AES256_GCM,data:oA09PaTckFzmUM99FbKd,iv:Ke5a/WuXeO8WNmXEl7dZ2a17ntnpNVgn6j0xvtA8vVI=,tag:93Ak5VHX+PQ0N0EQQtQiOw==,type:str] + - ENC[AES256_GCM,data:KL1Kx98R/49eed4ne68=,iv:STC2Efs7QBRQt9d+1V0TAq/sJ/o7z1Rw+TKqDr8G2e0=,tag:0p5Vm+E0rSpw/bEpTkl75g==,type:str] + - ENC[AES256_GCM,data:rw2RgUtVjkiVW7QrjF0k,iv:uHbIlGkWaAPOKHfWbB5StMFr7MSSJT/y/HoVNwQTUcU=,tag:ehjPLDwUmjsvIijJJgdC+w==,type:str] + - ENC[AES256_GCM,data:J8CEXkSpjShV9y/WpfY=,iv:EzqwvUcy2hV8Dw9bttrEruifmMzBVQ/uvsF1RTruFbY=,tag:7JukrEWK6RXfufBu9nkFPg==,type:str] + - ENC[AES256_GCM,data:yMa8m08u6A==,iv:4eLSNxq9P5F1/3GRVV/nQjL3xw8d8ikKEtCLpTZFx34=,tag:eAGLZ9ABK953AJtpENHPEw==,type:str] + - ENC[AES256_GCM,data:ixKU+M7QRA==,iv:20PV5/P+6pv3o8KcbvCVJ7+XwgBGEZoPOGYHAJWmcS4=,tag:6H4toMtYmjX2BMBgNSF5BA==,type:str] + - ENC[AES256_GCM,data:SJNPn9dJq7GvU0lE,iv:AIe0jRTQxb+RUytnG1eSv6JbT3FNJHkFDw12iBbL3D0=,tag:DORxFcaaQ9mJRd3fOsqxeA==,type:str] + - ENC[AES256_GCM,data:un97HB7B89mSjLo=,iv:6GrQv3D6vOGgYiTB84J9SGDshPUS3TlTYdgb/SMO9ps=,tag:OlqJimtiFhByKMSrNoYGSw==,type:str] + - ENC[AES256_GCM,data:IC36iN3e3150TQ==,iv:Ny9gMeTE3pOo+GwDdtExTtik21gZP61E5yKqwVvMHRc=,tag:oX6wveNPtWqhhzeFEYuTHQ==,type:str] + - ENC[AES256_GCM,data:O4gQfmMLWFp/qA==,iv:Qo7GZcxQZzxddQYJGRlf23DiiFx/RRxc7AICCmr0HCw=,tag:SjeUol52M1/hI/Z+LVf3TA==,type:str] + - ENC[AES256_GCM,data:3WgYIwGtqrpLRwYG,iv:xOFWN1EyF4Qro+m5hWgjlEpec1kjuQcFhcTdl+qe5yw=,tag:1NL4ofw83kFFFBWxFPiSig==,type:str] + - ENC[AES256_GCM,data:KqqQB44Pgu/g,iv:YAfUtbVNPdkxMgKOCUBzTSgjNYL0TshBuEbkMjKpTAM=,tag:+/E/379twwUmhnftzftynA==,type:str] + - ENC[AES256_GCM,data:BO6F9mbdI7EcmJocm1xIK6U=,iv:DANF4aPTZuvQ15T7b3f0CEkSO/Z5DNa2FoNuzDW9/OE=,tag:PpSynJi42FAWCscLtxynqg==,type:str] + - ENC[AES256_GCM,data:lolRQ1hjujZnmHRfNAVPU5I=,iv:8eb20s5UgsmRllvYHoqTnZ601iSEgNHOiHf0l6OHXSM=,tag:2B3xOpXoxAxokO0b3C3kIw==,type:str] + - ENC[AES256_GCM,data:inHhnl95KfLwgsWF,iv:1lJUKcKq2s5evZeRgpIqTSOeTGhF8kTgkmXgskKtzRY=,tag:nRHVgMFk4nCC5QFrz+TWLA==,type:str] + - ENC[AES256_GCM,data:c4D952PsxtlJXhJh,iv:c+Mf25g65EiP9qp1U4410Msz2JDcrwJSu2PXE0vD4zQ=,tag:5JAVXrer/zY4GZ8F/HJ5Mw==,type:str] + - ENC[AES256_GCM,data:Mxv+M02OHuJ6q5zcvh0=,iv:HuAPF6etQJKFhH++izqtOczgThWFIcUiRQDL28rvm6g=,tag:5+VGOQy8u52Csh36s8HAvw==,type:str] + - ENC[AES256_GCM,data:U3kqm6xSZxJZ25Jf,iv:/irIxBuNY+WlFC4/we041p8YdxMZx8IKMu/6eQGe7Hw=,tag:F44Nwpe9nlYMEiLSUeAlDw==,type:str] + - ENC[AES256_GCM,data:q5V/SFQ4clu069Id,iv:9jvwsqJ0TgUbyVTzTAmGhJc8D2LNNzlaqTSflb6RK+U=,tag:HdgEJouTKj1GveJ8Juqh0g==,type:str] + - ENC[AES256_GCM,data:3Srae2KXyof45K0=,iv:i0HnB1wn//a/38Hc9VihH5UccYOUITqFXaLoUPd8ggo=,tag:QlqzsOMN/UWRnL/NvAMCJA==,type:str] + - ENC[AES256_GCM,data:DcoYAzYXNQ0chzCO,iv:qBmlCLXGJY9fXKlDzVeBv50gp5XmENSL55RbHlQE63U=,tag:C/pEadvDmU0pWM8P/d54yQ==,type:str] + - ENC[AES256_GCM,data:bK+1suM3ZhjUvfqxARU=,iv:jeTLARwAkZ2sws9HCSA9wh77jKCsup8KhtnUOLX9vOE=,tag:ubNPwXnh/ZLJTxm43vo4Ew==,type:str] + - ENC[AES256_GCM,data:0a5brv8sPOAgql4=,iv:Y+3BLit4dpDMKZr9KH31I63FH7hAX9ZauGLruBFOgQY=,tag:+p8Yd8D9G0QX4Nwk018dFA==,type:str] + - ENC[AES256_GCM,data:pz2PGD0ck2WK8LjtVJI=,iv:QDf8GfX3yQqqAwHkjCLNAZJCTQRDEECciy+98yEOWbg=,tag:8U/X//2om99zTdrHFlBGyg==,type:str] + - ENC[AES256_GCM,data:WAJctbpFOX1T30BoTiY=,iv:oLtGgBA6jolx5HQd/I8ypLw9qTyMzP4PuFuvUclHV+o=,tag:8Ymjnxxv+Uxape9X26MHTg==,type:str] + - ENC[AES256_GCM,data:SaqdBtiCPoDh0Eo=,iv:sk0AVKr33sR6MJ9ykSG/ZPGRhe4ZUd119GDv5R3XEQY=,tag:0tbUtpA+F9EpQZZJUgw8Kw==,type:str] + - ENC[AES256_GCM,data:ANtFSAtMVcPd5SZWu9AbM3ir,iv:GSoZ2YM9BoEe6rLlud0KQ594npiH8jozmfMHiRO3q28=,tag:xW0OsuNiDGnxa4AVAL/BYQ==,type:str] + - ENC[AES256_GCM,data:0jwE9GxKIuKm5S8AuBA=,iv:rZH0mxaTYbMKwh/7i6aQ4sBJ3kWxKJFa+67M4qcCKE8=,tag:neEKZ1nSmuH1dSmUuH4ctg==,type:str] + - ENC[AES256_GCM,data:dcKPyM5IUXyIam4=,iv:tGr1m4MhKfWav4bu095RogfCR6EFnj0v09vhKy4TCus=,tag:LqMLbV2SVf0tiEA/y2/SuQ==,type:str] + - ENC[AES256_GCM,data:7wLHpEzM+erGywn0K6E=,iv:xBc6Yn5dt2vFMEg+oF++XwWMmBaelbhR7i0/W87ag20=,tag:SYEtAw826S8Hl6xoY6n8bA==,type:str] + - ENC[AES256_GCM,data:FM7H80fiA1tQEGk=,iv:2JvmheeXmD4T8hNWsi6TG6nP3AhTksT8PznrPgfR+Cs=,tag:NFs5MTQOzYhibj/5dToJkQ==,type:str] + - ENC[AES256_GCM,data:ZUCunjDsciX9TdA=,iv:fD7O3cVzmvXYqW98kWjyiFGXuDwGLsc3MM4JKTgM+dY=,tag:TR+f5bSFuftsO8zIAmyJ+Q==,type:str] + - ENC[AES256_GCM,data:9kZyWKEeq05SpY+E,iv:GpzOM5LqAuRmKL6xy7uX5o/G2KyYCIqbHi454+A6z3s=,tag:9DhL6OOlvBgRDjCjynPImw==,type:str] + - ENC[AES256_GCM,data:hi8p9Jkz9h9YKiIF,iv:vwzylrzDhgrKTiJodJDs5CFtCAnn5/GqvBGAcYh37fQ=,tag:MC235HlFtt6pCQRXoVtYJQ==,type:str] + - ENC[AES256_GCM,data:xcboPEBNb1Gx3L8=,iv:FT/KYIVayk6iAWVCM9wrtM75rim0PcgAmWF7C/u0PDY=,tag:56CXjhGW64kJ6L5mDHOP/A==,type:str] + - ENC[AES256_GCM,data:bxfRI1k4pRYzLQ==,iv:m4JH0dkogfqJZxcvoQERG0uU80U3cIaqOSv2wakHmlU=,tag:P0UWIGS+p3fb1zlH3THcBQ==,type:str] + - ENC[AES256_GCM,data:+4lEDOfO88R3IztB,iv:vH07tMaSKyk8SlAe7bhlBnUr+ZR3w8RK1eVEeqhZx5k=,tag:4ukSSGcj5Vu6Ii8U+9YvKA==,type:str] + - ENC[AES256_GCM,data:udYP5hmWowzk6Aub,iv:4JnQS6LC/BC6UC7geY69MabOCeaz3ONe/iSQ9vmykgM=,tag:nBbwFxrAI460jh+i/JJZHw==,type:str] + - ENC[AES256_GCM,data:+n4fbFUFSW8Ie2yzXzJN2WpR,iv:74OGhPTeM9Tl3WTXrqhSSZFnDzy3SeVTdPMicUp4auc=,tag:airLC4G4TlQvALEbE/j0UQ==,type:str] + - ENC[AES256_GCM,data:H4jfPP6imbGMGQ8QkC0=,iv:ZiLucPTUYhJu8vqUYzQk5D2cyy3exQV8usf/HwtD72k=,tag:Qbn7QhYd0UFKd58/bj8kJA==,type:str] + - ENC[AES256_GCM,data:XitRywsWIo3iL5KJ,iv:I7+XMAHE4nutGeJfkBQGZ1FiB0lC7yrfdsIhzCZmgbI=,tag:PaKnc04XO6LtZL6mEPcshA==,type:str] + - ENC[AES256_GCM,data:/CPL00qmGg==,iv:2hc/Y4tZPsaFVafZR30+DUX2kwvh4icEp1FjxmpJL6Y=,tag:jhJf5rxHU+ZFs4a7pUfsfg==,type:str] + - ENC[AES256_GCM,data:uU66Hue7vD3hRg==,iv:2nRN8VAOD2nur5EybL8iRfUevNxtde/VRZw+b3AaC9U=,tag:1XEj55fJlXnQmvEcHH28ZQ==,type:str] + - ENC[AES256_GCM,data:dZfZYw9XTZcdmwa4bIVU4BCiwvkQsSFifQ==,iv:9Oc8hcEVeFu5PEfRuaGRkFkRbNn5WeoaAOdkDY3WbgM=,tag:v0D/9VuukEmB30sV7dTwjg==,type:str] + - ENC[AES256_GCM,data:Rfuxr79PGEAOJG8c6eQPew==,iv:EzDchsjDkm1uOoKoLGpsRX1P9WMmfbK4mOFiVTbISeU=,tag:u2glIcMT0RQlH+TzD77DLQ==,type:str] + - ENC[AES256_GCM,data:ZNK/QS3+i/iJ9Islzx+g,iv:UpSHxgfNqVWfGefHJiNd80WjEyAB/15WkMwBQmZQDvk=,tag:8kBYV928651bAOr6UNPHSw==,type:str] + - ENC[AES256_GCM,data:JPczMRCWiIfrK0UIGYo=,iv:JGL8MBlFVKglH1mmfUePhsNMsChGITUoVm4i9YNBJdI=,tag:mSkgg8j4RQe0pIoNf1orVg==,type:str] + - ENC[AES256_GCM,data:MafTpSDf2YkH2Og=,iv:VURLEzmPQgds5KacaFHHQKPHHDUi4Zh8HyAdGotCzAI=,tag:1bredDUSxGBHrQO+ahiCyA==,type:str] + - ENC[AES256_GCM,data:h7W6baG7NAaxEh+QbA==,iv:JXfWHK8p8BOwyc9LIJlEV8Z33eWK6h0B/Yoqj1t5A5w=,tag:juluHOF7Stlzhfwb317vUg==,type:str] + - ENC[AES256_GCM,data:qrKvYTSXZ9yhgsf3j5C0XTxf32I=,iv:MyE/m1j9UNsAR4V+m9sk0iguazU62vq1SF8Ub8a9+sE=,tag:TCOo9iobu4rgHGu8cGr3BA==,type:str] + - ENC[AES256_GCM,data:AfWJQQd0+evuZw==,iv:RIKvJxn8EQWRd/NuMgjiexWhFfK1TyOlY1pcxLEx1/M=,tag:aguS4w57lvN+21ihX+cYIA==,type:str] + - ENC[AES256_GCM,data:GSV4lx2ooed3AcShOy4G,iv:ha5NruSwCruW0RZsMQxt86EmBtK8pnNCUPsNmLZjvuM=,tag:H+dImcIYEFO1z5ioSBWkDw==,type:str] + - ENC[AES256_GCM,data:lAQiy+LB84YIyAnreQ==,iv:wnnGpLEvIMArjuBuGQrdRpXgtZ9NKPm7oCnCr7F6kYo=,tag:vSYErXt7qA29icoqPyHDJg==,type:str] + - ENC[AES256_GCM,data:AbH83orAqjNIaCTojQ==,iv:+wLJqdjdfflsqiybWSoBZYyhFGmsjeAufqBB+G7qF40=,tag:HNwvizZGrbP54t/NvM1uBw==,type:str] + - ENC[AES256_GCM,data:BWw0NwwHAjjbSw==,iv:iGZ9TY7W4f8CKqsQuPAIAFYZ7qRWCaSQQ8thlpMDx4U=,tag:62W0SxCX5htUZgXMT0fqew==,type:str] + - ENC[AES256_GCM,data:xBdFSmNicljiIoc=,iv:4R4q96S/tj0mlyLskVZ4PpRDYBWSG/zHnWn6GiUqjiQ=,tag:ui7oapJGXrx2ajiEtOjRpA==,type:str] + - ENC[AES256_GCM,data:oWsHWC07yJuBNaR/ij8=,iv:U9WWv7rl6DzRMxyZpC3sAutn3Q2mVgksJ55HFFK1e9w=,tag:A7T/CjeiX/FV5KXsSUp3SQ==,type:str] + - ENC[AES256_GCM,data:zkBOwJqvZ92MNQ==,iv:IvtwSdp0KMFuneksiJd7Tra/jPzit1OOMz/GKHyiRpE=,tag:ZH5zo3+YR9p+zeNKZynL7Q==,type:str] + - ENC[AES256_GCM,data:ooLdvF9ewuI9Xg==,iv:uE4NcJZv33dGwigZcH4k2rVvf2YSTJCJj26SFhF3CQE=,tag:5929X95Hrktt7Muj5HcfDA==,type:str] + - ENC[AES256_GCM,data:pR4dJpVMiw==,iv:EKAuwkVhMKa7D3Oe9sMdtg9BdqCZG+Y4RB6GB70U+JM=,tag:54p/+6cDgBMImBl/0Kt/CQ==,type:str] + - ENC[AES256_GCM,data:005eW9a59w==,iv:YPc3p7OqAAndbtbGxKGqQai48tziwssGFgsBuIaJO84=,tag:33e5pWCZk6SfiKQtzRx5NQ==,type:str] + - ENC[AES256_GCM,data:bj1yxRkIGZIfyCc=,iv:yA0cmWx5nMsyHZKEFNL+JoJKj5jM0i7+p09R1dHy9V4=,tag:Z/Ec7p4irGqfLRFp4WzMiw==,type:str] + - ENC[AES256_GCM,data:K22ISq/rHfi8nEKb2ivCpQ==,iv:fw5PCF8OpqaoOEueJJceY2qRofSAwKXbK3io4JAXUo8=,tag:7Cf9BE41pK2sfmJXgZHOGA==,type:str] + - ENC[AES256_GCM,data:/HFDmQXAE+XDlfWSrmk=,iv:Kc9/C6NBAYXXwZ/4RTOWt6X2GFKCdMLxLG406SqF2t0=,tag:bw5JWgBpq/WsM7Aq/SPQ8g==,type:str] + - ENC[AES256_GCM,data:ZfoDY5BLJuoU953b2R4=,iv:d0zSNeYORg7/vvSQvBshr6G4Efr+GuO801ASOLe2/40=,tag:3wSTTK/qR0e6yrxs4Npn/A==,type:str] + - ENC[AES256_GCM,data:LMC49BneHBy8TF9s,iv:PNLM/ixDBoBbyzrz8Nxr5UKOXsjgSqbu3d4jtDqWASw=,tag:UscWOPWHs8VO0wSoaUvy8Q==,type:str] + - ENC[AES256_GCM,data:nIbiorjBv8tPC9m+4gSN,iv:5YUXaYU5SdxP2kYqvdiRa+vBAEeq4eKtusiEkBRGq9A=,tag:AHzxB97ZXne78Y3AxTOTXA==,type:str] + - ENC[AES256_GCM,data:czWOx/MGaJiYv0YuQfbG,iv:fnD7NwD1B6L2F/Ve1+OU+R5G9Z7rDjvtMlL04C1llC8=,tag:RGj/Hy7eW414WJ1a3v6zbA==,type:str] + - ENC[AES256_GCM,data:QSKtjEJp74Vc18vA,iv:xRKHv2EppZZeSSV7F2AOH5qWJ3xwqs508efIFlAtb0M=,tag:OcKJ3ZZ4ejkO4/WOBwrc+A==,type:str] + - ENC[AES256_GCM,data:/guTwZObn7z4pQYB,iv:JQKocvIW8B1rJCshO23mkDnjZNZSi0clwFAq1FqeGwE=,tag:ZlXX1BRDPqs/wI8Qo8cSUg==,type:str] + - ENC[AES256_GCM,data:/CeP+Ku+s/npLmK3qjAvip1oWFE=,iv:ePGOEuqAEWxGk8iwNi8xCpC5obpUsr0TlUJi/NwmlC8=,tag:BgWAVS9GuUZLA87t4TmVAg==,type:str] + - ENC[AES256_GCM,data:w7HObjgBNxInUGtu72KNKqmT0g==,iv:M00+zNxfP/9QQw9bbaY22+6yrEYoGC3mTWzwSaEVhRM=,tag:LQrs55iQBr7aQnY/Sji5Sg==,type:str] + - ENC[AES256_GCM,data:pG4mnZgis1CPgo3Cw25L,iv:NnY9z5ZSG9IHEwfN91ujxKqvyFnGd7vEBzDWjNjn/uo=,tag:zUQEhHfucM+2ZnhYY7a60A==,type:str] + - ENC[AES256_GCM,data:JYmtWhaF1RJtKVqpzKY=,iv:v0x6BuqOoWLa8fe3eEL3MnaBSfg5SRWT9E0HycwtV88=,tag:wWQyUJZmVl1/6F1/dlyF0g==,type:str] + - ENC[AES256_GCM,data:HpB8dnkmK1ZgYsiWK3Nzsra7MSaYrSUQ+pE=,iv:q2nL3Osrw+Y3EDHou43zi1igZjL59W7WoRKOLlVivGY=,tag:zvd0mRQrTZtIA7bQhq+f9Q==,type:str] + - ENC[AES256_GCM,data:IB3GycVu4vzB7b+8,iv:LlgKYYNHAWS22BlPaBNW0RKQOaIQ41rjFLDNj/y57CE=,tag:n18YQPd4Vw5fdN/66ax8nw==,type:str] + - ENC[AES256_GCM,data:pqOjs4A3mJjYDnnEM6/c/g==,iv:CQKE58+Fkxn7hUGTjG58hJ2mEsozdAodG54d0jJnegA=,tag:Zl+rhbK2GDNteQ6IPFBJIg==,type:str] + - ENC[AES256_GCM,data:J15nKO/jX28=,iv:mL9RZXeJqct3CKJNMjBPhQMhVVxrioUKyvkpBligF9I=,tag:hFpmt6yCVV3+G6c2EznhQg==,type:str] + - ENC[AES256_GCM,data:GHmsmk155LRTSA==,iv:cvJnx/YRZCPffDW1qskqhP5XxEGl/Ca2AKAz5dT/TqY=,tag:+VMSKwGoaiNv5nOqFkOpAQ==,type:str] + - ENC[AES256_GCM,data:1QDufpsWxMjw3vliNuRw3pJ7,iv:6QL5w7fyhMONryDAgek0nNcUSt1gaeip34/fmK/zRcc=,tag:jRZEKeyTyVOZrR8UlgyZ9w==,type:str] + - ENC[AES256_GCM,data:O7A4ERJezmk2nYLv,iv:LKR7w29mWjQJc8bffELui8s02MW1cRxl1quII0GLoFw=,tag:OemKGeFg87MdvtuRdx8+vA==,type:str] + - ENC[AES256_GCM,data:mtzHkU8dKr35Sg==,iv:Zq+P5in+aVT5kjNf4D7haRmUvbSRHGRQZ5Nm3Bqk6A4=,tag:igU4skHYFPhDXCK3oQrXzQ==,type:str] + - ENC[AES256_GCM,data:UOC+Rp5Octif,iv:qsy8lNzEWOBqaotXMqQjV5qIrEXopJm3a1WRLv2K4XU=,tag:RdvaMCRC8QmC+e4+lCtBrw==,type:str] + - ENC[AES256_GCM,data:bFU3KcF/nkJlrPM=,iv:HyvkyPDo3EuRJRPRY/q4JX6oGEgtc1MXDiQ0RnHc2pM=,tag:MWK6mZCAvm+iqFXwStKfow==,type:str] + - ENC[AES256_GCM,data:mTyep4rLIJJRXVbPUvxjCQUvlQ==,iv:yF4RCB2woDfRJ/tTfnURHLisUKz6KJCnGei9SzvMXXo=,tag:7miC/srYQtQ77cWIQGUhPg==,type:str] + - ENC[AES256_GCM,data:F06+PUR0EIdifeNIUUc=,iv:VO4tnw7vemOwb/3GeArwvI3DTk/SWX9TrnRjXutt1lI=,tag:dTxT10LKV0N7Z1eT26S/Ig==,type:str] + - ENC[AES256_GCM,data:SNzMjiPRHsoPMI6Rz5yoaQ==,iv:IzZTjzlPZvzsSdKYSV8GgiMjf/c41tUYuTXUNwBLlIw=,tag:rpSxCvZAnaFK5MmCu3182w==,type:str] + - ENC[AES256_GCM,data:ydnauef0A4QThezQhv5/KHGSZqvFFDw=,iv:5KJZc5XaIZMY3pXdkKTdbKHzwPJ36xtOMZbukOsDDfA=,tag:s8Jz9IjMM9huuaD/K3I1Fw==,type:str] + - ENC[AES256_GCM,data:GpXRFsPYLuk8mcjy+cuHmxHJ/KL+,iv:awBubauSSqn0cr3I4j3suIyXs1KPQUBUALGQ6cQ6kOw=,tag:H0n+qRdnLtvv6HH3dBl8Ug==,type:str] + - ENC[AES256_GCM,data:k0VBooos6wLv3Ey4JyUsBw==,iv:EWeKuQVnST5sVX0/AXGf5MkFM4ADggYJMlOf7ZjoNF0=,tag:HjCrCOw17FtisYBOOriaEA==,type:str] + - ENC[AES256_GCM,data:pLCGO33reUNPVfNtpg8Bz9kh,iv:BajQHTRNm6U+A8kU8ZRdeNKmArHNUDx2hEpZsnYvTq0=,tag:aBXk4LaI/wWcnIwzlLTjEQ==,type:str] + - ENC[AES256_GCM,data:S3OBvQNAgynlG9YgdC7qm7IFAurJdjmRHpU=,iv:iPZ+pjtv+hzKbtFPhMAUVIk7dHZVacwjSVoZIMur+FI=,tag:9KI6/0WF3r6nw82BwbIrKA==,type:str] + - ENC[AES256_GCM,data:60RoxfpRjX9skAu9AIDazQ==,iv:0RurljTU6QtE7m5Yzsaw/9TcQzfLo86XGwYFzC1OVNU=,tag:KteA4XRVniOfTfyluWSC5g==,type:str] + - ENC[AES256_GCM,data:rLuE4f6Z+XWSpgaudBVpsg==,iv:M+QhT2Sov4/1Vai9eh/c7zMUG7T9NiOBZZlUWHJClGA=,tag:ywMI7IT1vMons3QQOb32xA==,type:str] + - ENC[AES256_GCM,data:rqxqpZ4n4ZA5v2VljoxjPSJ2/A==,iv:FEPBma+I/IN1OrOPcWeEBpJm3tupyrpVIZkvbC6Nw7A=,tag:YHfHasi4CN54JEnBulFHuQ==,type:str] + - ENC[AES256_GCM,data:PBs2GEIBwW3V85Ff,iv:gzq7D/gcIjLhWXKUtkSLDYI2TZOZXDhZfhtIfmALl8E=,tag:3eNcXpEA+BGxAd2AQfsMsQ==,type:str] + - ENC[AES256_GCM,data:qEgZDxXCN+UOl7XyO90=,iv:2uwgNOr1Nmk6Q3rIFbzeVGVW5Y3x0/q2P2KqjvJOX5M=,tag:vnkCnp6nFsXMMAvKctxpUQ==,type:str] + - ENC[AES256_GCM,data:NtzZ0nYquZuM,iv:9DG938bfJzYrKpOYC4i1Ck8tIedZ9QHhRo4AkFfPQaw=,tag:3S9Y5fL65fhXh4/xYZT3Gg==,type:str] + - ENC[AES256_GCM,data:YUvX4WhrP3p5,iv:JGGpc2DZ6MgX61WnHh4axvRqJ3D3FbSi0SXHsIM8te0=,tag:Iy5fFGWJ35h/6P0OXN+0bg==,type:str] + - ENC[AES256_GCM,data:JPH85eKkNeeH,iv:mg7hUYP3bFMO2KjLIZCxo6z7rWrW0jhAd9Njgqe8umk=,tag:5cdBqguHLrc2w5lErIi60g==,type:str] + - ENC[AES256_GCM,data:m7TyQ9zFwYPZABU=,iv:qAwbg4Jo7g42l3Qp6CgljNHYjQl0eRXYVcoicHkwRKI=,tag:a8sYwjSQ2y9FZ6l8W9fdaQ==,type:str] + - ENC[AES256_GCM,data:uNpMfvdyV8crQrc=,iv:Shi4LVYi5X9Fb4kSdJ4dgXdVM2McOO2gxqz6Z5nyFxI=,tag:42w0J0D1SBSJsgnBP2mkQQ==,type:str] + - ENC[AES256_GCM,data:1rLva3siM6byJYrI,iv:Zau/ZqQph0qLpAvpVb8+FWx1Kna2dHaaKAEg6ldkOp4=,tag:PW6yQ0PRyP/DywWQtqiXtw==,type:str] + - ENC[AES256_GCM,data:rC4DLVa0a9N9FNn1tA==,iv:hWJtKMR9mhurEq6stwHMP+KTw3fBsKm0az0ccMYrIYY=,tag:iK6rvEgGj36kvIdQovzvXA==,type:str] + - ENC[AES256_GCM,data:CPSpGbNHGTmJVtQv,iv:swITrzoTQOPSAKwJNQ9pzW78dhUv8iN/DnbKihuGctk=,tag:6Cu70HXWP6u6JFwqQPTHrw==,type:str] + - ENC[AES256_GCM,data:qAmDYQCV/Q//X0I=,iv:s/Fe3Pu5lt71uNiVtNRPy3s7R2WIgJP3QZbS0goTSC0=,tag:8r1acCYTqumyTNOGDwvU0w==,type:str] + - ENC[AES256_GCM,data:630qvZWGZQoI/TE=,iv:9pY6WGh5MBjZ8zDnI3ArWWmFZkmkVE5JcP795OUwBWA=,tag:t+IXhq959IDQYaZya9Mg6Q==,type:str] + - ENC[AES256_GCM,data:Te8xMMcZpzwjgmXB,iv:DVREpm+6h8TeYk6G+gJmxVewAGmfA8ZckSnjX6QIqgs=,tag:mCZkCJqqEhL5dw/L/aQDmA==,type:str] + - ENC[AES256_GCM,data:VX30U0s4KCvEROSdog==,iv:c+z4iYutusTLCwkZeeewSA3K6mHDYZjFfnkLe1JkOY8=,tag:CnqW065qD3VFw85Qsc2Zow==,type:str] + - ENC[AES256_GCM,data:KNRoLgsVw7s2IPS/,iv:4w0XNU8kVYBvsPbaIc0ls53PviYHDFPCR84GxRvB+Iw=,tag:ib9nVyQr+1+vjY3YJ8vcvg==,type:str] + - ENC[AES256_GCM,data:6EeUGzZTiQX0cg==,iv:5ZxeAdcuBo9/kh06iWeA3HYeSC5D1cSlimMoOM3t20U=,tag:236m1w5iAEVHcup3HWP+Eg==,type:str] + - ENC[AES256_GCM,data:BDK8AOqrrNl9iPY=,iv:AQGaCKLhyvWSeUiO3jYkDBDV/b+rpBZeUot3uxZjt1o=,tag:q07WsMpy35Ocs2LlY5ZayA==,type:str] + - ENC[AES256_GCM,data:b3d1W6d+LLkuu+UAlA==,iv:QMp4TySzU7rrhN12aw3X/GmYSIfFf11mOWWMLh4FBh0=,tag:x1qQiyX89Nb60F0lCbvrdg==,type:str] + - ENC[AES256_GCM,data:2QJsp3z4G/ua+d0=,iv:v726B1rVF8LzQuOH2zyswtqeXkcdM2FKqpSWWca0T+0=,tag:du0ktNxehL/N2qiEdkOf3g==,type:str] + - ENC[AES256_GCM,data:a656Y1GDBVmGllQ=,iv:6WT9CyQ7eGLEEBboyXagpGR/hKk1WYKeqiGJoRYS+r8=,tag:Wa0YfH4WbTHvYVUOweXkyQ==,type:str] + - ENC[AES256_GCM,data:xyQLP+guavBpV1GYV8Mb,iv:k1Bm64pxBSqUqew1pxWMzbOnc3aYUvwhURsI7lJ87qM=,tag:9cBKny41UrY2GrXNideaBQ==,type:str] + - ENC[AES256_GCM,data:kWY79A0hUZRcu7CVeB8+vw==,iv:aBIQaM6qiULFhdViBywfKVgA/F0KlHB21poY2I5b8T4=,tag:FLoJ/R5c6LXV+/t7Jp6JrQ==,type:str] + - ENC[AES256_GCM,data:+Oc8uSJB,iv:JvlHZqUx70pZqZd5S8K3tQjlJOoHejRohYELbyKuAD4=,tag:WqOgMYATRCwhz0RKcxsyiw==,type:str] + - ENC[AES256_GCM,data:XwUi9YcVh0b3zjG7rw==,iv:f25Kd/NECTnCTczJdy2kejXtHjq/s6FVjTIlpl5e0YA=,tag:oV/hv+1JZT4IyJp4BZGHFQ==,type:str] + - ENC[AES256_GCM,data:9sYwyj1i4u0YBoFLrw==,iv:pePt+Kun6LEfDl9EnCqKkTMDKvHAEfdWHRfpZd9LzyI=,tag:tHCtrltZMEWjfAPwJNSreA==,type:str] + - ENC[AES256_GCM,data:UyvYnLcx1Jn+KQ==,iv:KVn9EVP09KvC6MvE929ecZmNSLvJ8iGC3j0gsapHzes=,tag:MOeSX9ds6UgRktfFuP5EnA==,type:str] + - ENC[AES256_GCM,data:gHrqpY0+dJgwjWo=,iv:YQdv2UsT7GOUbwIx2pJMl7Y/KJoGIPCfVKXqo+A98N8=,tag:aFKVt8uO6vMUr3L/f+YBmg==,type:str] + - ENC[AES256_GCM,data:1VhLLD4233VF7lW9,iv:GsfCyIO8VPrB5NDG809wbIDtHMVh4HivInMa9wXBceo=,tag:xmtbTtH/FOpT2M0x9UDZLQ==,type:str] + - ENC[AES256_GCM,data:k1HRCMGX4TeFvhDq0WS7,iv:YCr4Cgg/sImeNisdd5Wm9m8jqzm3Q70cKO/oFX+IhCs=,tag:lt96te24i24iLr5jb25WXw==,type:str] + - ENC[AES256_GCM,data:0UL4sglT0WGkDV0f,iv:EIAqNv9OBegsJAeDhjOsRe+LJJ9e7HmEFPL7xKOWyHg=,tag:JR3n4kx7mlEGOnTiVWzwEw==,type:str] + - ENC[AES256_GCM,data:2N4gbwmcAb60ReE=,iv:chpV7RaEpBBuixftvD23MzYhWwBJjTIllTUpMXmrnnA=,tag:a2Vidt5BFUDXbMBu0R0YHg==,type:str] + - ENC[AES256_GCM,data:LrGFOIKNJOXfbaM=,iv:d4l1/55nXSX/yWIiOu0VznJ+fKJHFJ4+6qd3JdQtemQ=,tag:6vaRW872MM11yOJU3XhjMw==,type:str] + - ENC[AES256_GCM,data:WfYzIwLns/CPZs8=,iv:Vd6vKGgbDIWCui1q0vGaqRx7PqijrlBwocX4OwQpn20=,tag:lfxDlIA38hWkvs30hMsvqg==,type:str] + - ENC[AES256_GCM,data:IfegpchidZ3QuQ==,iv:8bA5Rk6fPwpkRhSpWiK55z3+nC/DSkBIk3ls7drQEXQ=,tag:35vt8sDc2HHS8F1HVisi6g==,type:str] + - ENC[AES256_GCM,data:kwK0MgD9mGwbNcwRt80=,iv:SjJ3T5ds/PYFYfV748OMSy63VNj1mHxy0iseWpdaNjg=,tag:siS58pjkEzO2V5CNlhfxsw==,type:str] + - ENC[AES256_GCM,data:yiumXw05/uQP9JQkZAM=,iv:I7756rhymsA7lHT5Tf4F+uPgsDQ6bldhKbvRb6SY0tc=,tag:jP9zvsp3bK8Y0dTqq0f8Yg==,type:str] + - ENC[AES256_GCM,data:dVh48zQtbXkqT04mJm0=,iv:rW0k752K8JTHFvSXlyT/mSdB79YxgzpO5D4rBqybPEM=,tag:33cw7voChwhpko4ZsDA1ww==,type:str] + - ENC[AES256_GCM,data:rOkf6YuOI1NjmrK/,iv:VDca3x7HsigFmbjX0VGnvjgMawP/srFHtZ9WZxIG5J8=,tag:G8Jwfw6bavTJKpAKcRNr3w==,type:str] + - ENC[AES256_GCM,data:h18DUsBHg5Tqt1TdAwMw,iv:OAbqtwJJnhgRMRwA3sHZ9eJf7wOxePf89ZPe8xab678=,tag:8xyrDKkt+o+ux9kqR2gRTg==,type:str] + - ENC[AES256_GCM,data:Ugo2Qo9xk+3mKxir,iv:Iy2SKYkeYXKE/k2YtXDNuMFuaosUKXFpUiHDBp1vRr8=,tag:BEKi5nj+Gs7WEPvy56Gvhg==,type:str] + - ENC[AES256_GCM,data:QvQnd7j5GwQbF6xRKF+L,iv:9VJao9IvkYolmH9mzg8lwJXBHaAAHVOcuN+F1Z+BorY=,tag:Qdi7hMqe67OVwdO3mx6pYA==,type:str] + - ENC[AES256_GCM,data:3HVoFMd8N2A=,iv:38keqMW9WSFbg/s4Mh+xWaRlriWJvFi1uEXGqTEtu+g=,tag:aGc0DbN8WOIiH7KxsSbv1A==,type:str] + - ENC[AES256_GCM,data:3SjU8yyWeBzydKjEUMZype43oD1a,iv:dEUncmIvVi1efPo0/hqWD33cf3EL8S9YzIywnKP/he8=,tag:RToyHf/dmRwKrXrI9VW0lg==,type:str] + - ENC[AES256_GCM,data:6xkwAnvUVVE+bLec,iv:bujikX4IPWezQW/ScBdu5fjJyxnymIMBX+WPHgBzehQ=,tag:2Dpx9JaqDPaxCzFX1RMKEA==,type:str] + - ENC[AES256_GCM,data:1RMVHg+hGzo2TOqh,iv:F9tGoToWKikQ7ZBfv+kvbMHZ11d4MqwKlai05mCIcos=,tag:erJye/IkEleOPIllybQzMQ==,type:str] + - ENC[AES256_GCM,data:FBqB4WB3Y8aJkKUzVFTO,iv:9h0c88kTVugnvh7MXo40VItcvj7/8AxkhRfuRPepfh0=,tag:z8DD/51JDj3HghPQnpUZ6g==,type:str] + - ENC[AES256_GCM,data:3UxKpdMY48F32lNHByOD,iv:xsL315PI0lCySq1LGLfmcgMr+xJn34Uaxq97a+Zu3Kc=,tag:XFytApr3cfSmQNhUTpUS1g==,type:str] + - ENC[AES256_GCM,data:2G8b3t6MdhpVjxwVwrrM/Lj9,iv:RZm8ejD/+ZISAKPBrRkcoDTqmL3qDhbyf2UHb4eCjsE=,tag:N/1xAxQYppkTKiLceARBHA==,type:str] + - ENC[AES256_GCM,data:iPh5mCDSU1KN64S28ktuLxIa,iv:FxWyjrLoexSxXm5vVSE8ii+rKDN/FCRNVvQHZlaQuQk=,tag:x+4D7XRxojzvusfl6kOq+g==,type:str] + - ENC[AES256_GCM,data:XumiDEFGqVTdapNy,iv:LrHkN4LhUsa9Jco/yNITHCwfpPmX8Q/ZZoR7XK6p3f8=,tag:+bkZcnRfMx+8ya+EM77ttQ==,type:str] + - ENC[AES256_GCM,data:lHXZdAHLuQcXuQ==,iv:Bppo9T2YnuCXNCW1jn66VUIvYoN5iHOplkl2I0ltnmk=,tag:K0OnlEBcOND8XSd2/aP7Bg==,type:str] + - ENC[AES256_GCM,data:9JnxMlmigQ==,iv:Yj38kRXiVRpUPB1ejtdvcEp6H9rKYCNcM1531pcncOM=,tag:noM4kl4Hpby8ltoQXXvJ4A==,type:str] + - ENC[AES256_GCM,data:dMjcU1BTChEFl5g=,iv:XoNHfnHrw5C0h+lAZwEJygaPUA+hD8ikfBEIJyHQC/o=,tag:DenMpusZrVTH6N6aoCW/qA==,type:str] + - ENC[AES256_GCM,data:qhx4DiUkS6eNHUA=,iv:e2fm/GvwnBeeZZJ6uoVMQqkWYaVRUjexvHZfWyhWGHI=,tag:wtAPzDYmQRnJwcQ0UtURIg==,type:str] + - ENC[AES256_GCM,data:StXiBK7Qpgs=,iv:6h0WvTUa+37Mn0gyKjvADCsHF2wHkZMz5UuO7F6D7h8=,tag:MJK+BbYpDzisJhaEffsyVg==,type:str] + - ENC[AES256_GCM,data:mrreEeUsSdU8Z8E=,iv:pmILvQuW0AOp1eGyOTLTO1QO5IJ2uQI844isG4CgW7Q=,tag:kSnBJoy73B4lkrdAFcaeTw==,type:str] + - ENC[AES256_GCM,data:+CBU5Y//uJHTb/0SLS4VA2M=,iv:ELYq2mussksnX9yJF5P2BbokvMegzB9+YJpeUyEQoWM=,tag:d4wopP9t49fBRfScAz2YHw==,type:str] + - ENC[AES256_GCM,data:FJKFqFGo8JxBqA595USobQ==,iv:4e+5BRABtbJ6Me88NREuv57hbJbkPEjYpSCqo/vd32A=,tag:zcahs3FEDjMkXCzPFj912w==,type:str] + - ENC[AES256_GCM,data:8oEJzpiVVkBiqdY=,iv:4mPp343AkFcLg9fCnJ/0moVN2DDUpcL953XiwiiRSS8=,tag:ZN3IqaxaOYjaf9uQMAQvhg==,type:str] + - ENC[AES256_GCM,data:9B2rN2kb+RwJ5g3Qe1A=,iv:/dNg4mDaVlolCNlY/plZl2BgbLLwCnHgjldLEBflHwc=,tag:SZKN446QY4B+bZGUQbi1Pw==,type:str] + - ENC[AES256_GCM,data:2wobDaGvJ3kkZWGzYA==,iv:UsprsXOXsVRqcLXfQSNPHO4LAiFetVuwQQjVDTD3ENo=,tag:pgHPYVAmmOYXawAGTDP5XA==,type:str] + - ENC[AES256_GCM,data:W479GAJJ46lvRPNguzVFGQ==,iv:NEOpHjMvXXvnT9QPp3iPafS3iy21Sc/+pHjS6Frp4+w=,tag:XnbOmWIsN4x0IZmPcpAolg==,type:str] + - ENC[AES256_GCM,data:QPQne4Gmid33Qj1JS4g=,iv:XFXHQmVGo442ttWehVOtixBAgI1oIKdu2lh/BG1AvPw=,tag:wPnCdNAtclohEwyELbAevw==,type:str] + - ENC[AES256_GCM,data:6xQgDsoD5w==,iv:AWh7xx29enFy6YlkZtwjjLEAwUKaOff4z5kvDG5oQUM=,tag:kjciygiLXZYCxx3FBWuQ/Q==,type:str] + - ENC[AES256_GCM,data:W4HgG94/E+Gt+Vh2,iv:1u91RYbce/bjv/NJMeJVSICS53KqXr1i8NGu7fcRcdY=,tag:cCe/tYQiXqAI0+ppPkhpeA==,type:str] + - ENC[AES256_GCM,data:Y6aEXnRV+F+yCc3D,iv:v4Y4w8Utnyhx0NXyXQYFxM0RM7eX/VWrcFjovSHyEx8=,tag:31JZLrTvft6db12YIP+2Zw==,type:str] + - ENC[AES256_GCM,data:nnln2pW8/yuzEec3,iv:nCUfpuDuOnrBoSSZ00TLYlN3d3tT1BHQSdykz4r4EnI=,tag:Af/7AT5aV5sy9gGXTbJc8A==,type:str] + - ENC[AES256_GCM,data:O/+UqTIJjrpVMjKV9F/B,iv:c9BHhQM7TrawZFK+/Ot2WV7eDVSsyt6m5Clxw3HRWSo=,tag:j4W7S4QwRQHBadA7/sNkUQ==,type:str] + - ENC[AES256_GCM,data:xbGSLhwi486IT80YMUOVMg==,iv:XABowxcGq+t0YcokVeptekTX2PNeu6OWyzbl032vJ6I=,tag:PCjlhGfbNccHnlhpQaQ8Gw==,type:str] + - ENC[AES256_GCM,data:vLZfzve3X5/PpxkL,iv:9SiS1hgmBT2cb4MrTcDxklShjaotP+IAoEBamnoe+3U=,tag:/XPBqrJja/UKWDldKvi+hQ==,type:str] + - ENC[AES256_GCM,data:t0KdpLOIXJFRbG6j5KY=,iv:dD/nC9UN5DZ8i+NJ+lnUTrCQm6/GwAF/KektlfCrgAE=,tag:y9WJGbRTeGwbFo0yHMopBQ==,type:str] + - ENC[AES256_GCM,data:/pwHcRC6BQYR49kF8Tss,iv:dckxOK4HY1pFX5kO6o2HcJPVS373k4yoHOFSt2VCW/c=,tag:TCcOIZePSLC84vqh6IIjAA==,type:str] + - ENC[AES256_GCM,data:bYnF0EUaunXoAUHKmOkQ,iv:Hn7vJYWBk2OGbLbeOGw4lTcCT6oI9F5ARXlLOovSl+w=,tag:Vu772kz3PE5/p3+aaofIRg==,type:str] + - ENC[AES256_GCM,data:qhQWYJTAUr+S/vRqZif6xA==,iv:jpyY++Jqzh2orCzFDmTZhIAX8E4DuetCXGVeuuvjh6c=,tag:AilqjsYfBcF1YafFwXKG0w==,type:str] + - ENC[AES256_GCM,data:HY9ieKwunGqgsB5EGrs=,iv:Sq3I1NulANa28HzeycTVP/6Q4LOTRbUPJG2NBk4N+gI=,tag:DWKdCtavwbE7txxJkWRnhg==,type:str] + - ENC[AES256_GCM,data:bhIQqQ0R5nBFY/quKpGX2ZAGCAU=,iv:KfD5ZBbI1DWYbWYJlrzuNPPWc9rn47LpBJhRImD8RUk=,tag:6sW+ONP4BWMVVAt4Scvybw==,type:str] + - ENC[AES256_GCM,data:1yALfSHz5Fg8y1Osv2+XG5U=,iv:BsLrRgyVRyNsxPtXZM0hanHgYqHTtCwgPr8jdL9hRX4=,tag:OWNY+GtD/POH78eZdMt/5A==,type:str] + - ENC[AES256_GCM,data:QCvanie8i45xB+aa942BHQ==,iv:3YQz3JkTQerIuPXyXQdUBeeQLQrXfJGX3E01TOtA20s=,tag:1jvT1D/CYzOT7rZTDevGQw==,type:str] + - ENC[AES256_GCM,data:AstiaxqSUr7mCyR+tN+/8g==,iv:TOEIDoynneOk4dm+3xPa2mLt4QHWDcBPfXtrIRCGs5w=,tag:7VU/VSwFmf/Tb79Wc+x2lg==,type:str] + - ENC[AES256_GCM,data:Ckc4/4m8k/IZQRnt8Iix,iv:4OTf8VruYksubPeHNYZrQ/E16a4c26Q18qSXfvVDXaA=,tag:Jg9opSFzoYgyDPh8gDuapg==,type:str] + - ENC[AES256_GCM,data:uCqnkQ5/G2R9bHrqQLg=,iv:JgV42eidkrhFPHc1NCFNQ4gBPRfEVhS5nWMsTN+7CpY=,tag:4o0vhZzBWNBiLkwWdQfBEw==,type:str] + - ENC[AES256_GCM,data:bzDjLMW2T8ToMF83568R/N0=,iv:95mlLeE3avUP9vlg03PSNKDCxAbkwCyC4aJh4FAxe1Y=,tag:dkWm9rxp6E4Iuj051VZKgg==,type:str] + - ENC[AES256_GCM,data:vIUziic5BOANrrsiaJghUOVZ,iv:WIMo3WRBDfxMdb1kzsYoqDg0wwdMj/Xx90FAjo2ZqUc=,tag:ffd6lzCMKgSXp3D8V/v+vA==,type:str] + - ENC[AES256_GCM,data:4pRvLVEegHbTjkKZPAE=,iv:EcX5PGjddOmW7IE4jvd3RC6kUC4LcSI2Y3W0WLeH7wE=,tag:jN1M+uA3ef5C06fpDei01g==,type:str] + - ENC[AES256_GCM,data:N+f8aJX3z2Rn+DbThWL9CaD4,iv:Kzc0UMbHJIARDW0qVg3tw7chDL1I0HeHbtWonffKU8U=,tag:RBK3AU+1m1v1g/6J9+6LWA==,type:str] + - ENC[AES256_GCM,data:LNV+PoZbhQlqdAPh9ME=,iv:h9UlMZQygceot34zOR4zpsyvbgQvGoC8nar9fiVkhFw=,tag:j8kh7mpoHhCN4iEhoUB6+g==,type:str] + - ENC[AES256_GCM,data:pXN4v2UJZIGr4kurmpCrXzA3Bw==,iv:4UG0469mtZGl18Nt1iP2K8Wu5jGDOph0e4xh9nu+iXs=,tag:cUDAZ+//utkEeX+1TQ9ZvA==,type:str] + - ENC[AES256_GCM,data:LwqDBTkTRGW9ZlDqWX0=,iv:VL3xbW+Mn1GpG76TImFxQu+PP/F41gY4rlJj4Pvdbkk=,tag:t9rLeBYNybgl1CC7ykdKEw==,type:str] + - ENC[AES256_GCM,data:jXjbyaT9jPVCzqJ4hsbuMnMe,iv:Zp17GfT0w7NbbV14GuyDe3OFJUjR/O2S7BoCdncAssM=,tag:uyrTPXxgJ/3iL0oeS+HtrA==,type:str] + - ENC[AES256_GCM,data:Rnqa4RMDmY4pDklJJo0=,iv:7jhcAsA0ZdjYsjXkYewTn4ChFvup+NQYFn5aFH3/HEE=,tag:g5cvQTqBvSEKpdaF4mnk6g==,type:str] + - ENC[AES256_GCM,data:zsEH+pfyR1ngMQuZSBjB6Fw=,iv:AOhqwmYFXjYWQziK3+Xug6S1T4AnxDJy+JTfhBfiWxc=,tag:g36c6ag7XUDJ16idbWj1SQ==,type:str] + - ENC[AES256_GCM,data:QLz2CBAMBXi3SRmaENSm,iv:anF6QQue3GMFEFDM3FQZmJClF0kC9e9bm49nqJsLSd0=,tag:Xo5V4rNAqlMSZaEMu99/ww==,type:str] + - ENC[AES256_GCM,data:Wun+x2vaKvhQk5k=,iv:mo4ipvIagmQ0bRrpB1mukTwpdLUcGggM2T+TY3b+z6U=,tag:DG4hdzxdmqfcM4CoeXLsaA==,type:str] + - ENC[AES256_GCM,data:9SFs6+j6sOW+NFHm2W/m,iv:+GzEMGNDhqr1TEntougRskcY3EcPuD2lH8zHzExSsmA=,tag:dj82fML6rPi2xd5NcC5DxA==,type:str] + - ENC[AES256_GCM,data:ggJV1RzjoaOB,iv:hO5NTaI/xxJGxsrj32z5ZFJaZaWQSRXpOCxuKaG+WO0=,tag:P6xiIbGouQdBwBu2Ol+oiA==,type:str] + - ENC[AES256_GCM,data:YaemviNCkRcaMbvVJ9IR,iv:kxJKg7F8DJ7H63WNdHqJXXRzAaIn+FZWEYt9gOLSJbI=,tag:2DJc7bQ8HCQkJS+lAJKYFg==,type:str] + - ENC[AES256_GCM,data:EQl6tfDXD0zIirMkWcl4qQ==,iv:hLLbSd8Eu5CmYhaoK/lRWco+Sh4l4jXtx9St3Vra6ak=,tag:vPqH1Kfo8ouc1K4WYEf4Qw==,type:str] + - ENC[AES256_GCM,data:/7QkXfncotl0VpjY,iv:MMKBmmvln0y342UtV+3S79vpxU+mI0GVBOSyJtJU8CQ=,tag:XcSVPDl6a0ryzmg0HW8vlg==,type:str] + - ENC[AES256_GCM,data:VQmCP8qydtrU,iv:8n8Pq9vKVFJ5RZ3JZvfHrpmTMHbouXYPhj6/duRyMz0=,tag:XlptUgbJ9tkUTt3vPmguPQ==,type:str] + - ENC[AES256_GCM,data:IlAaPWp8YzKK,iv:BhaPDAykl6+U13ZGnrmuNtXeBfXmcRXE226UjirGIAQ=,tag:5MYntBbEOQ0iqCQ9a6jIMQ==,type:str] + - ENC[AES256_GCM,data:cvKmjSxeAb9l8B8OAL16MnQ=,iv:0AJ1jqSi9ntdxXitBQ2Kjcs7SsOYGLlQcXTO18w+DrI=,tag:BC5VamF2Td1BUubmzR1hPw==,type:str] + - ENC[AES256_GCM,data:uaXlGBjJE33Qj6PK,iv:FzMbXmOCZxj5HagnfRPnQA1Co7X98e5N1dzeXhDHyMo=,tag:JuB5ASKcFmnBme/zb1ao8Q==,type:str] + - ENC[AES256_GCM,data:dXV5JHLiw8cupveJ/p8=,iv:GnlyU03IOPg4RQe4+Dnu6tqIrnIGut2eIueIGHBiQsM=,tag:GNP/EQOcSQMVFOnw0FgCqw==,type:str] + - ENC[AES256_GCM,data:a2CwDHJjdVirsDcyEg==,iv:yI3arEcakUwYHB/pEErGN8SPpLh0SRk0LXPp4A5j8Pg=,tag:TUhcufdIUNk/UWc6ty4EPw==,type:str] + - ENC[AES256_GCM,data:uMdblT66LwIRTA0K5A==,iv:wGi4vShR9Cn2tv8jsz2NZ5Hu2G8PDzifhpeQnF2YmP4=,tag:qyFdS5+KPAs5+1T7UugfCw==,type:str] + - ENC[AES256_GCM,data:QsDdB22ltXi5rZXkj5fR1QAN,iv:tfPbL9CAth0gyu+HWLIf2xmCo6ur7NFd/4aRmyZJTyE=,tag:kOK0ac5+cybnHjVybCzVCA==,type:str] + - ENC[AES256_GCM,data:8wKEem+bQGNVc06Sfi8qwBRh1P0ntXvWjA==,iv:40hoeP2sE3JvvdICx/UVFbI6bLj/z3Nh88ut24b1XT8=,tag:kkhbevXrb1OvUS2fEUSz4w==,type:str] + - ENC[AES256_GCM,data:/yPXpt0/oV3liaWHa1pSKMn7CtXSqhQ0/MZm,iv:32wknT1HZyp+bvGWliMy3YqUX3brJk6UyECJcqDCXm8=,tag:j7JYcOwMRMLr+vQ3IawTgA==,type:str] + - ENC[AES256_GCM,data:CRpyITmCp3RuKg==,iv:b35YKhC/1AZ/CjnTf79cTv9cM53mddYR/b4yDsPsxJg=,tag:y374m0eG05XOydTBW/lHIA==,type:str] + - ENC[AES256_GCM,data:HbA3MBwi1NFcVbHPhrGFBvHx,iv:0Mx1kLhHPb7sByQzSatRSNDYEHxWy7iNhK0Vpj6vn5k=,tag:Zywj5fjnFGue7r3z+r16mQ==,type:str] + - ENC[AES256_GCM,data:xtuuM9dqWiHnGT6pNIrC,iv:8/uD3jsrPjxzu6K8AVTuFOQQLjus+rkbpbwbWwSdxDk=,tag:10kswyjB48OKPh1kpITkWQ==,type:str] + - ENC[AES256_GCM,data:QLRbt0JJGIuw9iE=,iv:TEv9UedZqGdzmb25e2/Tv7Mku7GSLg6bQW9hDyZCi/U=,tag:dHWPQzvtF7ehhXEqOL8AAQ==,type:str] + - ENC[AES256_GCM,data:ZonmgCwht5+Ttl3HIOKb8OU=,iv:o41Up7sPurq9T5FvRigrER3/SeirR4TUehlpZZ8rwFI=,tag:HuRtEl72FHfvVV1mGbKROg==,type:str] + - ENC[AES256_GCM,data:tp/bt2vbyhgcEryU2pD+pR4=,iv:waIGUIEoTAG0OTzpq6TfqnKucAbX0uAHplgbQbFOASM=,tag:4Craanhmg0N198RAlLEg3w==,type:str] + - ENC[AES256_GCM,data:1HJ2pvGt2lteJ72O1uY=,iv:OTSCdUwL9aZtrq2JcxLWhBsW77lFOCqsxCF3IugUpog=,tag:V/QO2uTuufa9UxSBadYe1w==,type:str] + - ENC[AES256_GCM,data:arAPSvumlduZ1RHju6g=,iv:xN+8QmtmMOyTwb+Oy5azvVltkR36WDpQmW2n7MeLWYk=,tag:4693w9oDhNFsDMDGr3u4xA==,type:str] + - ENC[AES256_GCM,data:OqMrlM1Evw==,iv:nfTh5Fj5nNeIdj3oJyHm7TfnVqgljKBHMIgRIAdg2a0=,tag:hJCk+cTyXo0yOaQBe5Wqrg==,type:str] + - ENC[AES256_GCM,data:WR0TlBuNwjkhJeqCarGoGro=,iv:G7UYkdxJswU4n30lC+3Ez98agnCg/chfq3CZpjo6WJM=,tag:uyBJGFOdzm8SPru2fOvRqw==,type:str] + - ENC[AES256_GCM,data:F4VJlU4fH0m6,iv:eHS/OHwYaXYZRG+R870mKQloHIJODlDrvouG1q0c7LQ=,tag:27v+AxIezI6GZJrCYoaSGg==,type:str] + - ENC[AES256_GCM,data:0EOxBn9GLR8/Q5w=,iv:m1GCJ1Ih65LnxvdVR4QJhYbnnD7Ee8G29fcpTzWKzdY=,tag:/tfdKfNH8fdzi6gqYGjEow==,type:str] + - ENC[AES256_GCM,data:6qi1qH4t,iv:+eScbWKyHtmO90q5JLrO7rMvto6ePyaGlyJXIIVcEuA=,tag:F10VBgNbtnMKfXKatjBmxA==,type:str] + - ENC[AES256_GCM,data:VxMntY3N4cV9IRkr,iv:Daqd+DhIc1VOrmKeVrL2jf/rmrtUCqf68OWVjTMV6xU=,tag:NEdKniU+giTJCupMMEIiBg==,type:str] + - ENC[AES256_GCM,data:M0lTuqFB0isFI0egSSrJSyg=,iv:wVJqyY3Lp9lSzqRrU3FrPVI2zlrSqCi/iRzxhxBIuNs=,tag:40w3TLETwiCYzc+qIzqYDA==,type:str] + - ENC[AES256_GCM,data:tOsFxBpsB5NSu1GI9/CLJA==,iv:SbXM5tXhBrdXRN8E9buRGKZJpN7XgYvhgseqU3lssuA=,tag:PtsYImDC1Z0IwFnIdigeaA==,type:str] + - ENC[AES256_GCM,data:iWO4GCuFb3B9re52,iv:NLAMe83lkArw3EPPU1rWgXxeJj3hB0U5g5VI0UORdzE=,tag:8iwnOFDl080mSPWuPOx3sQ==,type:str] + - ENC[AES256_GCM,data:TycT5M51oPmWrA0TMJJv,iv:UcOqcQoEJA7CMpLd3e6JsfiE4Wz7EbgymmyZxZhoeMU=,tag:A2bWrQZsA+l9EkjXM62ihQ==,type:str] + - ENC[AES256_GCM,data:wb77YA3NeU6a0EW+jKYiolX0,iv:XCI2k/sD67lUEorvJVHcDbgof1y5QPr1Ag6PF98KFyc=,tag:rnnxl2gUpuc21IKoEgmyZA==,type:str] + - ENC[AES256_GCM,data:xoCjYKCBm0U5+z95qlXeEA==,iv:0KQ8aA9X+zpIVLqxiQ7tmUOSkUZ2N34PnmRDqH6Dth0=,tag:sryJGPXx9OoFL5hxj0OLeg==,type:str] + - ENC[AES256_GCM,data:ExtgZx7g9md01bUuRw==,iv:F6d+tdjE2HsZbC/N6a8mVqgpIhOW+K93rCRs8CB/DQI=,tag:BUzNPHhP15+LFsO0Sab7fg==,type:str] + - ENC[AES256_GCM,data:o4pLQqOjJRCSxse/aXeAww==,iv:LK739dhi0Jj1cOmsAxXRmv0esdVSfwklMwyhgV//wLM=,tag:t15pj+TVlPYCmfXfraJYDw==,type:str] + - ENC[AES256_GCM,data:UKpeIw7+1ihMCZ/obA==,iv:zhyhwHo5X2tsBBiCUVmBVmJJEhK+Nd4UO8u/MoRS8JE=,tag:dGa8CADUISnauMKFpklxfw==,type:str] + - ENC[AES256_GCM,data:FYNQAGexmDpHVK2tfwILFHil,iv:p/f7w/JjU9L9dMyzmngSLiq7hwAwDaeuTls/izo3d1Y=,tag:IC3jjPoIOP8D1j5d3i18NA==,type:str] + - ENC[AES256_GCM,data:VJ4K2L47tUM=,iv:ri9el//sm1EAWUo2OH3VNMv+G5QASPAHiHP2Jr6AjWU=,tag:0sBVDyLr6buPz9WtbQSDxw==,type:str] + - ENC[AES256_GCM,data:HDIRLfsDrRSiaF6l,iv:qZNvbHLs7rSuIy4kGy8jGumtZNeMfgz0lDIKY7ld82w=,tag:9RA4sZdLMr4QIOxHyOvDzA==,type:str] + - ENC[AES256_GCM,data:KZSI4UXLE1vbIq9iMw==,iv:Y/H/3qoDgZ8Ubh/6nxJqnd3RzSWh2OcLZv/RNKN0CRI=,tag:BSJ+f31hT+nx/r2MdhvPuQ==,type:str] + - ENC[AES256_GCM,data:eAwMZVzeKeNYoQ==,iv:Op1buwHUiDy+2y9SI9e0+XwPC9CIP8HqaGF8UOCCrVw=,tag:05niAh5tmS04e9HtSEijag==,type:str] + - ENC[AES256_GCM,data:dHy1O+7dWnHs0US7BQ==,iv:iEBaXejHdwOolHSiGcMB5Wkw/FO2YgsJmMRl5BHRibw=,tag:EXcYJDEAfKd3wsekl2DuWg==,type:str] + - ENC[AES256_GCM,data:yUpBs5OG/dTJbnfRnp8=,iv:7uowrKuO8rdGwgk1Rf/oaFRJB2m6xPRFf5sW4WD1Iv4=,tag:Z6n2U0mT5Xpx63evl08IXw==,type:str] + - ENC[AES256_GCM,data:1PbJ2syaf/D7mP8D,iv:/GsJ8nxX65OR7QYeqoYHzjuTO7RwdETFgFz2laCDPV8=,tag:4GC3bnx1vSsM/YKzmI3zWQ==,type:str] + - ENC[AES256_GCM,data:OxB0DZqir3lS/fRV+BiC,iv:CBYZo8RX4PnogejVaixTkbS0oRTsgveZ3yoIZ9wkGZQ=,tag:XT5Sm0p/KoOz4eRkUZZgSA==,type:str] + - ENC[AES256_GCM,data:1UHGVBiSLNkXGV9L,iv:ed0QASQ5gLamSRYVTE2HpveolkAEhs8IuOU2vjGqvxU=,tag:6aDzBffBOdoEqRGIsmZgSA==,type:str] + - ENC[AES256_GCM,data:achvYTJMFvdMjZXAftPq4w==,iv:Pva6ZTEYg9d1fEjnbecydpg2s4mdfvPYHBbZuUg+YHE=,tag:vfmlsCidIZea26N3US8Rdg==,type:str] + - ENC[AES256_GCM,data:N4tFXivrr8yJRW9PJDk=,iv:sUmroz2hO2wvw44325w+U5NIYvj1rHE7v+iPnbtueWA=,tag:yBc2U6MqMJim9pXvV4TWmQ==,type:str] + - ENC[AES256_GCM,data:lAYpbXBvdj6RS7ZM1R3Hxg==,iv:LOoIe2Y/k4Ro4WGAwqASD/ghlgiRt8lIkZ8jLkG57bY=,tag:738WdZWDXPJIjZvmGB7bhQ==,type:str] + - ENC[AES256_GCM,data:B0t3suKpP2c7h+hS,iv:aHdT4zQaD/vJTqZZh28RDgfjDzD+AB6JZQl6Slj5jUQ=,tag:h4AQccJy8mIZhF3BlnFOcw==,type:str] + - ENC[AES256_GCM,data:xcz6QlYNgJQ+04zThSMgYQ==,iv:L+MUw10/jbiZE6J2zt5yQpmvk+XhCDwUe5F3XttAhkg=,tag:thT7Qh6oxFjE//FKcm2LGw==,type:str] + - ENC[AES256_GCM,data:c95hwboJUHojK/gqlL5lmg==,iv:54w90McoAupb1rEOROm6Rq227Hc9q8Dpxu6xnlDFzZM=,tag:VDvdWpltfKZI+N2td45O0g==,type:str] + - ENC[AES256_GCM,data:BBhcNKhZ5NL1weqmLLk=,iv:FQO2RBerLohiTme2Wl0478lbjcwB1V+jZ7boU+9SCNc=,tag:u47UJHpRQttLZCzu1+y0PQ==,type:str] + - ENC[AES256_GCM,data:GL2lBuILdRGGCyXO87cLMg==,iv:QdXC7fS7+6AFGmLJWdnAgG4Qt1MRUzW/U9N8rQQWoi8=,tag:71VPJGFBlnMw6pqi3WjjoQ==,type:str] + - ENC[AES256_GCM,data:+dQXZp+8tauG3YlZWqBf2y8d4ILz0DKO82I=,iv:oBUW/6ysdUxKlsxDbEMRwlAgLOAQk6HZa82ZEvZD0GE=,tag:vQcI6qNEd3XbDCZbAN+LZA==,type:str] + - ENC[AES256_GCM,data:wBOrlILLydMTl/M=,iv:A/l2Og1JGtXMP/KoY9omTufXQT51IE9Oc4EL6jrIkh4=,tag:Cm61wZrXCvsm16lq6JZyKA==,type:str] + - ENC[AES256_GCM,data:5umm6mToEtHaq8cOsAWhhQ==,iv:Kzyq0fsX3KRJ6Z2ZYHyyaxD5dMt+rn/ppg9BvzBdg7o=,tag:saJzVGLcSZnMwnawFSVVjg==,type:str] + - ENC[AES256_GCM,data:pIeK+EvtdTteZ1d597+kt/gx+NxY/Aga3lcRiSaEP+PKkwBK+A==,iv:0e6lPnQ//HN0W262WLh8543VH3I1TkrPZoR8thH+Yyo=,tag:bYUegYfDkLjlS1lbrV/T8Q==,type:str] + - ENC[AES256_GCM,data:f63d2+VqyABJqw==,iv:fenhlVXXBJLOdtKbP7NDxULnnc9dtPOR2g+V5LYpfBQ=,tag:X/G5huGFMlliNgXe70ENeA==,type:str] + - ENC[AES256_GCM,data:7x0717qvZwDPbUJtmg8=,iv:fApskbPOqx74YCTV+/h8AZ31Sdu1Q3ccvJX6qgN2P4c=,tag:LEpUogyaGu3mQfxoC975wA==,type:str] + - ENC[AES256_GCM,data:ng6EwnXks6F6WR4=,iv:c5IIL45Z/0QtzugzWqslwJMwPG3mdWHbsj9eudV5xYo=,tag:u1c1KWCDclNi8BRqC/h7+A==,type:str] + - ENC[AES256_GCM,data:2m424P5UcbV7lZfLGq/aSg==,iv:stoTt7ocbdSUL2wGJCUas8yXQS/75iiBzcH8XFSAfLE=,tag:gd8CjTxmX+nPfVsBClD5cg==,type:str] + - ENC[AES256_GCM,data:VKKueahEsT8Zt06FqRbL,iv:Q63oQGXMrfu5vAL61pJSXqK4grPQD0HCLoDrm7Ydg/A=,tag:S6mMfkQUEgmfzU00pry45A==,type:str] + - ENC[AES256_GCM,data:cCXaX2ZDamdyj5nI+J0D,iv:EeS9FtUmods0/odXQFhDIYl92heyQwcLZOFixarVjKI=,tag:x/huE7+8Czi4jAivlwu13A==,type:str] + - ENC[AES256_GCM,data:cg4XaUkfGbZCayA=,iv:5QiwKpuLZtMFyHB87YT+XzW4vtN6GHVMDJP0vOXvBSc=,tag:Zawp8F8J+5LN5smY6WgLMQ==,type:str] + - ENC[AES256_GCM,data:cQwtTfYd5/LDAcQb,iv:YkSCCxeUoPr9cTuPkVU+kAt8aYqyKAYVSiOou7LmNow=,tag:lriGC5neFThVlDXs4yhvXw==,type:str] + - ENC[AES256_GCM,data:wI+YFzzMt7sk,iv:IKY7LzdwDj/BBaR/MGKqjcOSGd+WVZunEa2Ky1EAwbY=,tag:wabfZw9cLx6NuBzZLOWL0w==,type:str] + - ENC[AES256_GCM,data:/9pSri2a5ipk+FRe0HGr5w==,iv:dUmPqJW6RzPSgykDwv2SFhMJ+X4V2ANgtfS9XavAvYU=,tag:IGrR4FibWvoPNFxK8xgFLg==,type:str] + - ENC[AES256_GCM,data:xvRhu7O0J4l6DA==,iv:x6B4QcaiycLo2pOOemRSHa+sEfvZkMGmL4G0D0yBBzo=,tag:Jm8aaA2GqN9h58fuEOqpfw==,type:str] + - ENC[AES256_GCM,data:Tgh2C8DT2hmnZg==,iv:x0HYNf/1wdltXNhF8/2wb1wO6jY0a61jhapx2huEI2w=,tag:0iXW6XtGNQnUNhd77zwxgA==,type:str] + - ENC[AES256_GCM,data:LRHD7YNKtI2F,iv:HmQjSrzd76dwVVs1H29g/M/qW9jLClgLiurI0e5Rujk=,tag:gGPUHh8PTP+cGzjobD56Vg==,type:str] + - ENC[AES256_GCM,data:8ptRvaQGC0Xg,iv:9BVajGIjmy8qYgr0D0KV7lfPBwnwZgoI0vwfaL9+I1c=,tag:ycI0s7F89hN+RVzJt6Eqjw==,type:str] + - ENC[AES256_GCM,data:J6b0/Pt/qN3Fv+8=,iv:I+DbEqwr0n/kyTvMZ7pkSk+5HKlCAraNlgJW5oOHDF8=,tag:FV1J4zvLI0yf82jBXVxJpA==,type:str] + - ENC[AES256_GCM,data:bQItiRtdEg+SdDND,iv:Cb4B9f3k4cDTqGMN0zXgq22qpwrpT3IATMbJTrhYEME=,tag:UfCLmHch70da8TI9QSyspg==,type:str] + - ENC[AES256_GCM,data:7jqUQXbxKDwPLS80,iv:FUZBe/XomuQj3LL55Pvy8osT1EtciKc9H+lbWP+gaaE=,tag:+sADJVL4vxZ0fdRKuOdNZg==,type:str] + - ENC[AES256_GCM,data:351Y3rsizuiczZ/llYo=,iv:6qOeZaY0N5obQyHEoKoFWh5y0gaJm72lzXsddomSXL8=,tag:HBUdlikOwnnrqOGAxt11lA==,type:str] + - ENC[AES256_GCM,data:SDjmvrRtiaJ1UqQ=,iv:x3FY5uDhQovgfxdSYNLdfcENT0PFKHhyLeE5kY7N7Z4=,tag:M71C6ZQcLYk+jtpAlkxbSg==,type:str] + - ENC[AES256_GCM,data:BAZLK88sLvtRpH9UwA==,iv:FQATGiQQdh8YMKwbgCKjpgpy6bG+xhWhRi0wFESd3OM=,tag:WkLrxU5jPVO8yo/o25EtiQ==,type:str] + - ENC[AES256_GCM,data:BLgEaA+nzMUYmCAd,iv:eMGQjl0SaPa+8MhWPUD+cAV1is/tjGkfEY6Z4F5CjiE=,tag:9WS1NcUPX+u8FGmq27QjJw==,type:str] + - ENC[AES256_GCM,data:7b7RkDELlKiJSf8hBGE=,iv:r75HLy9GZh41/ltZAnZa+GR8sliLj/9gROP1vtEkfoM=,tag:s/0nrktlz6fs/SP2/20jEw==,type:str] + - ENC[AES256_GCM,data:3EAHKcFsHLuyfbAfFgYIJR0=,iv:eULn8T7MZhy/RWUm0SVXyCyBAYSQQft5AJJRP4DiLe0=,tag:lbK+Qwluu8m7weAp2usf8A==,type:str] + - ENC[AES256_GCM,data:6zsMvWW/Q49XT9cLqA==,iv:xVHmoRGCJhefeKUu1cn+VE/NngmVdJvKY+37itXqMqA=,tag:VMEbTXHdlYMFj5XL/ex8XA==,type:str] + - ENC[AES256_GCM,data:eBJUo7FPq+hc34I=,iv:nRt6lREihPL825QXicLvGTJ1M5G2SNRkGFSlxq0MY8Q=,tag:P7Oc5DGhqzqTn+Wil6YfVg==,type:str] + - ENC[AES256_GCM,data:BRYpZKJ4azV5dj4=,iv:mix6ypK0hpvKyrvelKJLrWjc42jWNyS1K89DeSt72ww=,tag:o42+NtvHVjmHJyagRMZ5kQ==,type:str] + - ENC[AES256_GCM,data:Ajq6uQJAf/p3I5E=,iv:nSYO3zvJDU9K2xfjCbBSqxjAXUEMyFhCWMNDPRMTwlk=,tag:9QyPVgmdjRY5bnE+T+QPeg==,type:str] + - ENC[AES256_GCM,data:RTrqL7v/Ws3noA==,iv:sS2nOkMJ3dh9Pst9h+RSBVLqk8anHt4Txm2qeMt26NI=,tag:R7HXupkIBh1/kArVdF/oKQ==,type:str] + - ENC[AES256_GCM,data:fowlmiKAK5g58ro=,iv:XmYjcxZEbka3kX1SuRmuEU+wC9R97xekSJ9bUJZV3bU=,tag:td1hUbWSTXHgehM+Z29rrg==,type:str] + - ENC[AES256_GCM,data:a9H++M6T1mtslOiDMUHQP2fm,iv:sq5WUgebVJWaa7bH0AAQKr5+7mYIr1kjMlr7Rh1FcYg=,tag:M92PN/WOXC6xkONrgGjOBw==,type:str] + - ENC[AES256_GCM,data:m0120GDqCJ6TXw==,iv:noJ4u9xcRnHb1VKWQWdtpdqRBjm5rN/IbvRlY89z5PA=,tag:AoHJjr4/V1P7H5U4+A45cg==,type:str] + - ENC[AES256_GCM,data:PGVlsjEq8XIS2JuFy2mm7lLnN8J5,iv:QxNLtaW0YR9QRJ6jIiZWOBMsfmePVDBH71+SGxWk71E=,tag:H+QdBR2KsO6BdGS6RRGLPw==,type:str] + - ENC[AES256_GCM,data:PYdI3HHwDrdOZqiD,iv:YJx402pm/zfY28SPpFNwMiJ8bvR3Lq317JLwlSrKb5k=,tag:2MnzavljtiCvIzNnmeEyjQ==,type:str] + - ENC[AES256_GCM,data:fw9CJ5n7nHgawA==,iv:HZdk+qvDhd/MiXpCKrzWFIRX/Uu73Tl3smHCFRlbhm4=,tag:jjmapubBy3m/Knw7fSPTig==,type:str] + - ENC[AES256_GCM,data:Una5vStD7zipr0y2ILSPuQ==,iv:0xfoYKbOQ3/4NkgvgpLxIzd2p1qEOFkqZUPHpbdeSkY=,tag:Iy7llKtP0b0PlNp/cRWleA==,type:str] + - ENC[AES256_GCM,data:1W33rPE9/jyc,iv:rqT4yRVlXcestXtZIg7v3VJvXGphszMIjCJCatfvsqM=,tag:BGwW6GFgYk2TMUqe9iBk1A==,type:str] + - ENC[AES256_GCM,data:T9KMAP9LNl0UIA==,iv:3KgrbmCm+yHr1Tq7mm+HQ++5jAp6rr02NzaWYQpZz84=,tag:IKxqcTwsXqOT25stfN4mPA==,type:str] + - ENC[AES256_GCM,data:kIey5nOnQbYLvcR67w==,iv:Vp9s2MLiMl99FkXKD/JM5EkV5T+PBvemNz7Y2i556BM=,tag:6+WuCPnRuESPFv5pPcettQ==,type:str] + - ENC[AES256_GCM,data:JcLIDKygBIV3fgE=,iv:e31dm1UnQsjR8jPKZ59Xa6UQe8J+3cJwaVTGHuXhTcc=,tag:3uaF/Oo7bU37cnPydY5O1Q==,type:str] + - ENC[AES256_GCM,data:He9icHRLLflXfTAAFJae,iv:kucfnTgPmWDTfCMFDKh6bLp4TmoWu/8q2G3VIac0k5c=,tag:04VMznvbfafs1MdXTRKWrg==,type:str] + - ENC[AES256_GCM,data:ef11AtoAltmnmvk=,iv:gOAJ3DW97dmMoAGiRl24xhdJyPlZhF6sqW/xX4xN3Zo=,tag:L8XL1XGknj4Ap5fwxOFQcA==,type:str] + - ENC[AES256_GCM,data:6g+fr9kVETenJBbD,iv:omcDw+87TZYgM/tF5kWfh/aurvxmNN22bN3g+MKFnOk=,tag:uUMh3fDWP+DbkLF86zfycw==,type:str] + - ENC[AES256_GCM,data:nZXgdChjgrkI946Cag==,iv:Z+mbsEpDYVSz++LCgBOOGBOgPtFWshGYqtaESwBJnpg=,tag:r4QYSSC4z9Jv183NloHWyg==,type:str] + - ENC[AES256_GCM,data:xwrb2xrdgV+vOS1DreY=,iv:Kq4yEpgqR6ioICEwt3RSG/R3FFWKBNHh8zO26kNE8WE=,tag:E6Z/63pH1BLuKZfrogK7Fg==,type:str] + - ENC[AES256_GCM,data:+tQw4Mgtes7g+A==,iv:tP++cjp5ZV0uo3xh4VneNvevHUK3J2L/VfLTBT8dgD0=,tag:VyBsLF7K8D1TTK1RhBxBRQ==,type:str] + - ENC[AES256_GCM,data:2PO0neEpvBk=,iv:lhjD0HE9fPsqX4lrBX86pRiGB+5zh2FmCS5+/MgnXlE=,tag:J1tF9RPxIeb8Gh+ui+/qLA==,type:str] + - ENC[AES256_GCM,data:Q2VYp8oP3vsi2yz31W9BrVd7,iv:Wmh8GBxhRCLL4G2ZzIaPg3jGJF+ZP4wcRqF0k4/r8Ks=,tag:nRj1EFkvWakXMwr4Mdm1EA==,type:str] + - ENC[AES256_GCM,data:xbHQL9PGh8hfzVZSSJdrKVg=,iv:nWEZTq6sT/8uQE1s7zsd1EgUE2iTpNdK1yNSwOJxSWQ=,tag:gM2gJhWELZZSNeYQGpPe4g==,type:str] + - ENC[AES256_GCM,data:I92QvIAuHYnldhFg9A==,iv:N4C4p5Q/T01546sxhH6w5e1oA6wuGRaEMsITBcLuE1U=,tag:GTJjvtmJ7wBxk4uwXCn4tg==,type:str] + - ENC[AES256_GCM,data:kYNH/FuOvfStuCSm,iv:kpxefJFqhZ1ou9z2lGnD2gaemfjBw8tyDwZlVDgj8rg=,tag:GOPPnOAygtO7g5HVBIdo3g==,type:str] + - ENC[AES256_GCM,data:iS5xqnydTNKMPHs5/UY6cQ==,iv:gcQwYfHuZ36J8s+Z7qj7bQG7hfNnOCn7ff1qWSeFy9g=,tag:bzLBAm4fOnqkJYyqASq1Bw==,type:str] + - ENC[AES256_GCM,data:L3eOuuNpqW0Zako=,iv:A62eI2uqEdZfiqb9HtZcYDo0khfxHD3kd3tFj+18vgg=,tag:K4qwZK6YgFfR5fntlz+EYQ==,type:str] + - ENC[AES256_GCM,data:LDedqDzWmI4org==,iv:SSvWqw8iidwGVv8/4Ty8ZsuNt4SGVirtK1Tly8U73w0=,tag:dnBogdGRmLbZMzIA0xLaQA==,type:str] + - ENC[AES256_GCM,data:4LXYOpJcmfdN,iv:5r/8/TA6hvjyqrIUx/r1B1P3kXesN0RmD3NgipQ7Lm4=,tag:LgS4+6Ieg/qqne+xrVOMYg==,type:str] + - ENC[AES256_GCM,data:Q7an3y5qTO5huKjisEqo7Bc=,iv:rUNXna8gPd8wxzk7wId2x9C5ILaSyzoOzNDYuJtgws8=,tag:n1NdutIG9ElcUk2rsfAHlQ==,type:str] + - ENC[AES256_GCM,data:qWdiNRNDKBKrVr4=,iv:9RblOlOAxX4BV+nZX3dxxX2CAJLyoOs0xTMWbNcQi/E=,tag:3W4XCJw9Mdvg75dXRsTCpQ==,type:str] + - ENC[AES256_GCM,data:RAb7CbqxJ5c=,iv:xZaZOmBGmHq2O7slCFECBR/XDB5VnJuf19Vg5CTJheM=,tag:hcJ+IcgYqqxVvnC63D1z1A==,type:str] + - ENC[AES256_GCM,data:Hydw+XboMf1xURg=,iv:TpCRCdE4EcU4plkYrsqr2//7Y+c0eKNUZcKgPd/aHr8=,tag:Yt2ZLxvBloSQSeplZGXWMg==,type:str] + - ENC[AES256_GCM,data:+Wmczv8taEx5LzGRGDzMGmE=,iv:oaIZ1WQgQbq1yAkiZfFwJUIic/JVEZQ/eewwHU9fv9M=,tag:gPXtfqtfkw/+33uzDyA/mw==,type:str] + - ENC[AES256_GCM,data:5+e/dgsQ9/0w0r+Onbb3,iv:rUgZTf8KbnqzfLBCs9ZuytSC2oFdazl5XZrL1bPldR8=,tag:FVl0eEOCVM10IH9l7DUFow==,type:str] + - ENC[AES256_GCM,data:ZtvDr/xwPQn+1c5NNA==,iv:0zUq1FLpbaQgV3XlOGtzux9DZuLpswdS5onHSm4n3jM=,tag:VZs3PJnHBsxVrn640eSUlg==,type:str] + - ENC[AES256_GCM,data:fhGZ+PJE6aM8NJv0unQ=,iv:2qraMCOHj4QW7zFOsbGhiBcWZ6vUxwYfbUp5KTV+23U=,tag:vTIRfvFI2hYSRz10ngNdLg==,type:str] + - ENC[AES256_GCM,data:16yZDb5WFOZJrr3GBddvAirDTy0=,iv:XCao6VgYsP1ckq7TtmVuTOeFFXkNjUTYvxt8yKbBd00=,tag:HHj63ZdFT9E+cjGh8FbuIA==,type:str] + - ENC[AES256_GCM,data:UlNpwwdGgQRcE7XvTDul1YGbiKjbTQZ5,iv:ATOZn2zFyFMMIp5zzTkdSXFkDZ8LBCC0yvyLZiw/yrA=,tag:Yr4izHWFIfps4W2fc8Qpzw==,type:str] + - ENC[AES256_GCM,data:ht76BV8XJxB02zLcRA==,iv:lKz1eleIwNlzt5sZGuE1Zoov201LiKbyu7KkBZPLeiU=,tag:kVi2dqcUcJbMgZqP49NPFA==,type:str] + - ENC[AES256_GCM,data:iqmATiQ8Dbw2UJ2b,iv:FR99tobeo5kjQbc18WrtLV69/tjxQyHWEs3XypG6dls=,tag:RRrRoIJau1K0dFKJfr/kKw==,type:str] + - ENC[AES256_GCM,data:oICBr0O2c7M4SV0wIeF7DQ==,iv:8ikzS90IP6NQKF6f73WJs4MdF0W/RhdfbeewL6e3SdM=,tag:rjG8whV90l8SvaZMjXx8hg==,type:str] + - ENC[AES256_GCM,data:LLr837t2aakrTc801JHuhCaXpc2oyrAd,iv:NJWU7UkWGT53AfW3CNFIFBhChPDvEKhBmFeSCXOTo4Q=,tag:urki1BX9cWgPw3eyrnYclA==,type:str] + - ENC[AES256_GCM,data:u6x26MORJKtzRA==,iv:GVMLuzHktywvrEkhF5Q7oEGJAy7i+EhJMa2JPrNnG0g=,tag:c3GwuZAxwoiyeaHlVPg5sQ==,type:str] + - ENC[AES256_GCM,data:lnjtxq55yt6uGA==,iv:RL/GZPd66xmXzZlAfIYDsPtosd4AU6nQkI744TVOM5s=,tag:26nEYzxxtFqTrN6Qdyuo9w==,type:str] + - ENC[AES256_GCM,data:TsARrNo=,iv:qmBktCvw9905W3LLwHSgw850jIRIbdhzU7TA/46NPdY=,tag:mVs2NXnUYjbM0cYE8HJ5uw==,type:str] + - ENC[AES256_GCM,data:7PlSsoPEtFdu,iv:dmMWa19bgGl8QCFwFWF9tpd488h16BKdW/wIBVlwaAA=,tag:td9dRJcPLQ0X8fUkaVEcjA==,type:str] + - ENC[AES256_GCM,data:ct5DDLtuK2mJo/7PXtSv,iv:+UfItS42hucOx/9o5SexFwFXuM928pvaukqiMhE4JjE=,tag:zVzOnjLGpNAU+1Ue4QlU7Q==,type:str] + - ENC[AES256_GCM,data:o/plTfzdCO4G9A==,iv:U9bsRzkTgBVioYoq6ACrYeIQiORPKt5yCgqsbYdq0DY=,tag:HwsNYOMnV9cxTPYCLWo5uw==,type:str] + - ENC[AES256_GCM,data:xAi408nrXzJw8GwH1Y0+,iv:0odGula56hBjQV0tE5wEmthefzjfVrdxEKLyo1/zpIM=,tag:UWXhrkG16GNdHvgPNHmslg==,type:str] + - ENC[AES256_GCM,data:UQIAs3RAQuZYwpuR,iv:+u8mJ5ALyz+qNmkAqVf7ilgIpCe4zOSB0wy+Y6QnP9k=,tag:e/PHe/UfX2nkmRaHFR9WiQ==,type:str] + - ENC[AES256_GCM,data:C510qqpieUfW+1X2r/hU6Q==,iv:suLfzrelcXwJ5Zx8RbYsFY2rwWT0+rr2fSAjqgfWka0=,tag:geDpcM6k1f/GW8Mm+177pA==,type:str] + - ENC[AES256_GCM,data:rt9KUhmY/HzJOPCGJLMBDdU=,iv:eVZYvj1ClGXOpwzI4XVN3MnnW58bojVyqYaJWIFcXA4=,tag:nI+QJ+wnPjLUNvBk1qOpnQ==,type:str] + - ENC[AES256_GCM,data:eA/xg2IEbs/v0siyLEeiHxMyog==,iv:fWoMoJVhLq9y5XRdteYNni0aJu0uoLUjaxPWaDG2cu4=,tag:8sjwkdYXXDtVVjj2gQGrQw==,type:str] + - ENC[AES256_GCM,data:LI9608xv2Zemz5cLkA==,iv:v2JvIDSrmLHQyM1XIGebc+zAnV1LPIVy2oQhPnNGVqg=,tag:dJeRqtc79BLKxc8xqKhD0A==,type:str] + - ENC[AES256_GCM,data:X0rEG46ZwKnBhUM=,iv:ibgugbzKiPTuONKNg3vsWswIwAySpQy5bUvW/ptJVlw=,tag:A0iFtHZlE5YMiRQBJH9oWQ==,type:str] + - ENC[AES256_GCM,data:a0BJ/ihIQx62izuo+j6eTQ==,iv:HKd0TISnToLJnkR9bGbaX22l5eKlNGZUGDnz+GnnFPI=,tag:rzwSyIAb5blhTdRtEv8N9g==,type:str] + - ENC[AES256_GCM,data:qdZAkN1AH7gpMorXPgJkxw==,iv:h8xIFljQCc3u3jIOvi51M5mXVbeTZlgelo2LxqYQORw=,tag:3Nv/74qf+GpPJXqecQInzg==,type:str] + - ENC[AES256_GCM,data:g3N2q7ZSBloD,iv:QNnjwPwFgC0n8F9rjO8gKFlkoqweUGw87Bdo5yBkTCA=,tag:1P+mK1pdGZS93vkHR73MCQ==,type:str] + - ENC[AES256_GCM,data:x1q76KBevSJ5aZ4=,iv:bYJyYJEyc+r3zZhJaM3wzQLcJwCZmWlEi9ocPpDGDY0=,tag:N+NFvP9PnHmfi1ATc/fvtQ==,type:str] + - ENC[AES256_GCM,data:OIY9ZOCDHBZM1w==,iv:hCi74+CDTuyaKaNlFPGI3QaKGHkH7AKYFPe1CF+IS4E=,tag:gNgIQYiH/LpItRuY2zJnQw==,type:str] + - ENC[AES256_GCM,data:O3moDxGz996NUGHE,iv:1i4sB067YYicdBxb5QUKK2RQwbE1DPruH11v3j72ACw=,tag:Aqc4csdI15Q/joNhiyfqTQ==,type:str] + - ENC[AES256_GCM,data:v4BJbibkaalnmGI=,iv:y+JIDmitGibrLGpZlkLNWpEx0kD9DqmOM0PxYZoWVzU=,tag:yZAts2erRqb16uADV/purg==,type:str] + - ENC[AES256_GCM,data:f5GYTtLloBvQ9Dqu,iv:jmVa295kiJFdOhl+JtjaP9Mmy1Yzkwqemc+9wsALswA=,tag:ExZidO7Elb7kNOl9mclFRg==,type:str] + - ENC[AES256_GCM,data:wIHtlc5R9hJvOXDF,iv:/XQxQ5pGRzk53ovs40XAxyLmq0JhVL+T9HL4dphpfu4=,tag:vRr0q66kyhsdNjWR9Gk0/Q==,type:str] + - ENC[AES256_GCM,data:RrVQTFouKbJTf++P,iv:Kn7gWOUow/vSMJLcfqrgnlScDEROPNrgs1wOKMtq498=,tag:lPkQJeiQ28/ANoHUyNu0dw==,type:str] + - ENC[AES256_GCM,data:9aRf5bNyyzGdttpUfSCpAw==,iv:CImKcUtPoLSeVViobqhHM1DmH+yuC3g+XHV6i4R1stk=,tag:MXlJRjEGqQa92++RuzhKKw==,type:str] + - ENC[AES256_GCM,data:MgOPGgm3eRYFDrm9iA==,iv:KpVC4Aetb3NnlfQqnvQXWP8OFeMDsvVrKR64iHvsm+U=,tag:OxeP2eaYuBK1VCf3FULPkQ==,type:str] + - ENC[AES256_GCM,data:8HV4BP1paBERNX2p1XSiuPZf,iv:Ads+1lPRGXLi1xRbVTPt0/+8aAcggjfFbZqh75TJw78=,tag:sPxjcYUAB/Rx0KgIi4bhSA==,type:str] + - ENC[AES256_GCM,data:OPY6FKLksRUnoRT/sx7S,iv:9bSyN19uTqG7M88CHEJkbjWC/Dy2nKnB5bkM3DrM4iI=,tag:NsBdYB4BNcl83x1MbeH/8g==,type:str] + - ENC[AES256_GCM,data:5KkcFUO4+nJUC44=,iv:RfJAU155Tf4dr738Jg8ihderLJ0zV21wOB3jvQLNd0Y=,tag:Gdc2G1AFeMPH0ywKnGyfSQ==,type:str] + - ENC[AES256_GCM,data:iGt3jWJC8m4Eobk=,iv:hBJ+1fa0Zz6+smlF42709qtPflD31jcnAbUHy1edkNE=,tag:1CauwkfrBNQsPc1TnytIIw==,type:str] + - ENC[AES256_GCM,data:O4V/Qo5AGOczI+3Uooq/hQ==,iv:P5xmEHbVOJGsFXVsKhCIB2TKt8fC6OM3RrJ8NjRhW80=,tag:J/UHI7VrOCJZ1uv03p0GxQ==,type:str] + - ENC[AES256_GCM,data:GZeQWcFqhneTBN7yRg+j,iv:dXdduAYFhgr65CPDowCOJl6Qhc45P4Zxpag+FTXP+iw=,tag:Qx8d1j5czHahimBeiPzBww==,type:str] + - ENC[AES256_GCM,data:dZPOsNEH,iv:FQMWTFlauucN200PpywlrXt3q69JruP8dVdwadjC2Lc=,tag:Dn2m7dqaQFRZtZnM3GrjyA==,type:str] + - ENC[AES256_GCM,data:WakXrR07nvfxYau+2pw=,iv:KnBwuQSIzQ/p8tH0sYf7fRKKKjEaQNvqyTLUw/hIulQ=,tag:Cs58zb1ipgO+KChsNP8kiw==,type:str] + - ENC[AES256_GCM,data:ayrxybLoCE2ryFrSbQYe,iv:3Ko5CHYcT3swV5l7ye8OBsO4wif6mNFJve6RBQk9n9M=,tag:KU1AU2GQBy5NBbbTIRLuEw==,type:str] + - ENC[AES256_GCM,data:qwz1nWT9gw==,iv:g4JT/n+CPt1pfX23cp9Gdy6LBJX73SPO1Rm5Lpsvrn8=,tag:DA8HeQaa46IKRKo8zH3NGQ==,type:str] + - ENC[AES256_GCM,data:LQljs+UrNVgcykSapUI=,iv:VnzDZ+L6r3B1gcup9XVuebDszRHLWzSpfrppNnj6ON8=,tag:CQrpzHxAPjEi+7eQXQoU1Q==,type:str] + - ENC[AES256_GCM,data:ulkkEsgG65D7RA==,iv:vJnkcLRknZ7CXAZjyaXupxXb12Lxncq4RdZPmCIvzAg=,tag:/SooYZAHnGoeXdzgPfIwjA==,type:str] + - ENC[AES256_GCM,data:uTqRb8H6ASszOco=,iv:UL6jFpn+7VzTKPVoxgYkrgxwSnKfwvvW+NWGXdO5O2c=,tag:wsBq6ZgvRHal9hOJlgTslg==,type:str] + - ENC[AES256_GCM,data:VtIrBqfLdaAseG8=,iv:z9/T1BstlnxWGPUyOVUQuGcgqFh/YefYhk4+TmUJPHY=,tag:rAzlt1VmH6a0YlfAim9aNg==,type:str] + - ENC[AES256_GCM,data:1qjND9CIkWYY1lk=,iv:Q3CdOLb/L7kFwYrOmyk1L6basnE9oynkjY3LB9ze330=,tag:5akbh+HHvL5EcBBNMYLwnQ==,type:str] + - ENC[AES256_GCM,data:SgNM/BizecC0LA==,iv:QPJOaEC0jbzKFpXDeeDB/BapuemGpvtbYJYw0ETxgcA=,tag:jIuK7y02RewITKPHDzDn9Q==,type:str] + - ENC[AES256_GCM,data:hd4hteH/ILCE1R8=,iv:cLA6DuM6L0hC2oUMJosZ/NHZWosGwpuQICPaZ5m4QA4=,tag:naNKIpycnJKBkziztUCf/Q==,type:str] + - ENC[AES256_GCM,data:HACfz29uWJ5VE5HH,iv:luxwUWN1ige0D5cpsNUzzqU7oQaUwxKnZ4ESpFgpY6Y=,tag:sIr+cY0kFd94yclY6VQpRw==,type:str] + - ENC[AES256_GCM,data:ccnmT535+/W9wBjh,iv:Jh6jQWjH4snDebQ0IA7yPLf/mHqDy6hkcESjbpV5JQg=,tag:BiB8oXdCNmSLCnJ0J5Tm9A==,type:str] + - ENC[AES256_GCM,data:sIpNnXd+yQZ5J9Cm,iv:QKDLxgEPqvCSx7pTRciCHJOQDAUuoCmYiH+zOjYBYTo=,tag:xx5T2F+cyA1P7VfQo6Ij6A==,type:str] + - ENC[AES256_GCM,data:sPJY14icEZY=,iv:8dBa877gc030imE3rK+zzXiXl82T6/zDbGRL0zkARE0=,tag:z4S1SdVvupLFZd92srHuBg==,type:str] + - ENC[AES256_GCM,data:X723vSxfrNwn4/Zw8Wwa,iv:8/e+kbNEni0x/qZdQhySN5c6iwFbDSSQdNk5DtwVK5w=,tag:v2Aq1qPUKSp1i/VfhR0zmg==,type:str] + - ENC[AES256_GCM,data:0UbqZuPhcGhzZgQlfA==,iv:oEt+5ERfrq9yBcTSSbMRQE1C07B0vTv4w/tSllY1p+I=,tag:NEtmQ4nSd9F5eXvjHsrdcA==,type:str] + - ENC[AES256_GCM,data:xsNl6m0xmrKOh18NQXWHd5c7,iv:Q+F5J9tm3/rtOa/NrWl5WvMymdNkLsskG636LzzQrvA=,tag:VkYv3CGukXqVi4HhD5oPzg==,type:str] + - ENC[AES256_GCM,data:dGLFZXJVAY7mhEhBgw==,iv:Yoq1t9L5+szXRKspm6L2Jz78y2uiDwYfI9kUzFQPOv8=,tag:QD5KFqisGBJTx22/cK5RMA==,type:str] + - ENC[AES256_GCM,data:NpMvjeMQrAAuds9g7A==,iv:3u2uaByjFyGDSI5WeqNJON0AtMDNEX5rXFf+vfU00/I=,tag:jjW78o93WQEjePbzUly/oQ==,type:str] + - ENC[AES256_GCM,data:a1jm3JckFjU32dATHxY=,iv:HlJhcXgcjk6gawY3bktqkA+NoxkCm/dHJy7eCRUvk3o=,tag:x8Mw1GoFwzCHTZdoUCV4cw==,type:str] + - ENC[AES256_GCM,data:SOc4HkSI39jGF1rZ87Q=,iv:yXyVLCC0vJG/7G3/F8lzzAqyhmtyMRgzvSeZ1kvNRfA=,tag:gCm1gyFe3DxQHybtGecItw==,type:str] + - ENC[AES256_GCM,data:x5vazigUjXQZuXe/,iv:lKNSQDpiJc1lebfb7xQ94ZTD9z4hoRQ0EeJ9FE6Pyvg=,tag:J6oAUYYNkn7EC70z19e3eA==,type:str] + - ENC[AES256_GCM,data:85+ouRgNlwKJXFpcskg=,iv:Ybnx26AeGRJauWsGCKxQgLiS52FavL2lL+2fsh1ZO90=,tag:HA2LayqHib6exVOs38dfTA==,type:str] + - ENC[AES256_GCM,data:Go8OaetAbYB6Eko=,iv:BAiCnkhsuD4e9XyZM9GdKHaa8uddbNxkmyZ49m5TWhw=,tag:iMRILN7EH5EDtwmzH4ThlQ==,type:str] + - ENC[AES256_GCM,data:ow9jeDXqNffjGbGF,iv:DIMRkoqNJWdow5L9IRv9O5LHDnHeSbiiDouOkZBRFFk=,tag:rp94iuG+NILunJ6lHJtcpA==,type:str] + - ENC[AES256_GCM,data:v/Y/Q8wYQhMnVEUKTtaCQOo=,iv:gV0TZ7G8o4Rag58/vgUQ/yy5AUOFBId0Kj2AbGpoahc=,tag:m+kC/Fr28w/j1BwL/DnD+Q==,type:str] + - ENC[AES256_GCM,data:tQlhWA+iI+TJMdL+RcYuML5izQ==,iv:fm+VtC28wJYs7N5rIzO2WhCJpYM7Koor3WN5BlLXmSs=,tag:CzbiV2Oq/Em5wUkeIO13tQ==,type:str] + - ENC[AES256_GCM,data:ElnMY3d0a2l0utKFsPc=,iv:0lmthkiqKDOMyKISFQajE8XoZ4leG8kKp6w6Y+Bt/UM=,tag:dtCkTXjt4pF+8aA8re9FrQ==,type:str] + - ENC[AES256_GCM,data:p1FYHH1eXMftz7rd1A==,iv:Z287BrYy4b1fPe3iO4dBxrK6/hpGlnORpEk4MoFf6ZQ=,tag:09dN+MuLc+vOoH27V+p3lQ==,type:str] + - ENC[AES256_GCM,data:s+nvO3atl9g8lj+zr3I=,iv:desNg4qGl61bXetseOrdJAHt3QIQnAvzl9n0QyAtc3c=,tag:YF6Q+EgsDQVgUnzZrYR5jA==,type:str] + - ENC[AES256_GCM,data:0Lf5QQ08Lt4p6FYorjt3,iv:59epTwAio3bAwhCIJiydSa/wCMQN1b1+ffYKOzH4ubY=,tag:TE3miQ+K3F8vwPezdsVf5g==,type:str] + - ENC[AES256_GCM,data:E4vPopepYbUSrIoashmO8Q==,iv:/aS7nNSRyaDDsLU4sIqvrlzpu5NGkUWo91a9nJmHvA0=,tag:ktFr8ns6Kg+OpTcKgxzyJg==,type:str] + - ENC[AES256_GCM,data:6/s695dXpAkmbn+L,iv:aEkvePxoaRR16vQxRxnnLmmSElMPCrsoC3o+YJ1Ch6g=,tag:YYSX4DNyOPA5fbulrMiGRw==,type:str] + - ENC[AES256_GCM,data:O5+Er/EeWGkHCspqwOFJvtM=,iv:xLAA2Sn7UsNV33FQ0vGWxUInnR3sCHsi61eMp27Z+hc=,tag:XD034ZWAsHX84PK8qdgvoA==,type:str] + - ENC[AES256_GCM,data:cQgUEQ/6CnBYmS1beKte,iv:1GuT6LRZurR1GNbOF+LChCqwNGlPtV4ztPmOB9IwPlA=,tag:h67hoxeLeagSb1o4Np+jiA==,type:str] + - ENC[AES256_GCM,data:ZfsvzXOqWmS4ovY=,iv:dqdtmGPcUCkED1egTJHf5Xsgw7aO/N2N5oYbCKez9vs=,tag:ZZbE6MsCU3sUqU41iZaQlQ==,type:str] + - ENC[AES256_GCM,data:+ZVHm3gzNY6LFReJvvQ=,iv:Rcx5vD+91j/4mgNF2BAIvbyPXG34yAn2f5gu0vThelQ=,tag:7YCVQZ5Hh8MYCPWcBGn+ig==,type:str] + - ENC[AES256_GCM,data:oYVi/djPsFKT4RBk,iv:7i+QU8xNWMOUsKRcoLA+Vfj87ALgc/0OK2K81m2LAnY=,tag:B1fYpHBjULyHxWrBBS2kjQ==,type:str] + - ENC[AES256_GCM,data:jHnX5EP0jV2jDZkW,iv:ZmzGThST5LQZl4DPQ26YnXVmfuv5m+0yffUEnS5womI=,tag:bjfsPBac7uW/iKVdENHvQQ==,type:str] + - ENC[AES256_GCM,data:zJYi4EvQMHlMtM6kkWQ=,iv:PefVhwrXUR1JU9w6Y36dfhUmh940CnRDmbgF4gkoZHc=,tag:W4B14UPMj5n1lDU262VJeA==,type:str] + - ENC[AES256_GCM,data:sA9uKGLgnAvPwPz6,iv:RT9lmQWC9iBb1wpyAsyPOsZ8T+ZWFZDGohZdGatu1TQ=,tag:caE2O72Yin0Fe4J5bzVvLg==,type:str] + - ENC[AES256_GCM,data:4WcuN7ZPN0EJTlRMuAA=,iv:E64vSDX88SAGWDT9Up+e3FPQC5IxR1zPwYRx7lbpj2Y=,tag:VEYYR4+6biLU0LcGV6Cjsw==,type:str] + - ENC[AES256_GCM,data:DNEKwtzXb4tPFjH9i5w=,iv:/HjSXouws0+9wIJwQ9x71L94/FWXYM6s4SgRP+OAHC8=,tag:by/RjfoXGsUHc9SAU7KrIw==,type:str] + - ENC[AES256_GCM,data:3lRKBn5pXtKfFxYq,iv:8zibwg+jMnOFWBvdDTvXDU2uJRmpFHu/NXqpViS61Ew=,tag:bf0o/I32xJxmKn3ZPjEY7g==,type:str] + - ENC[AES256_GCM,data:SU6qC4ROwCl6ylCH,iv:26rHHpK3ufxCWanhMuD8AmdHD1+xTLOKXwfO90m3+7g=,tag:SAVqdlR8T1BptPHjNN+bYw==,type:str] + - ENC[AES256_GCM,data:Yo+SeSGM51gBs6UN,iv:doX2AZSCqDMilR2eyY0GoIOjQIbSoy7lgRLzehf2wUc=,tag:Fqd6fO/k6G074yKVWFhu5g==,type:str] + - ENC[AES256_GCM,data:AoYYfzSMiTekRIs=,iv:i/eYu9n1/ofyV079msw5Px3gjjjvdiB23ZXwmwwkfEU=,tag:WxG9AVjbOhTygF5avQz1yA==,type:str] + - ENC[AES256_GCM,data:p8+35naaLZtq6qU=,iv:N0BZFyfcCbv1bNKSAPSrn8ZG1pUm3ri4zM3+OS1utV4=,tag:S3cJpXvt4mqhD7uJnjk4Uw==,type:str] + - ENC[AES256_GCM,data:LdvmzC2f63Vf3pPzzv8=,iv:gsE41ppYAJoCvnDUSkU4126/5Htd6YZkf1d9mGGYn2o=,tag:AXYA6BLI1mEnhOub27Z34A==,type:str] + - ENC[AES256_GCM,data:zzueelufzK6NjkVEVQ==,iv:wUz+n/daBGRxcvh9bkWzaTpJs+t7cBgqCVIbrcuQ9DI=,tag:+pmmjIyGXJcmgkRUFnS6mg==,type:str] + - ENC[AES256_GCM,data:bfdo62k1kWrysd5k,iv:bszp5EAuHp3Zo5Ov9lXHoNOPzB21iS7VwlYndWNBfXg=,tag:IXJh4bMfnIYWqOn5TI10Zg==,type:str] + - ENC[AES256_GCM,data:MLiXh2qdwvgEfQ==,iv:JLNvCPU5c1MoNO6rWtilZnFKAq/AmnWXw9gsdz0m3/Y=,tag:kq7oZi3VpuBf9+5VwzL1Mw==,type:str] + - ENC[AES256_GCM,data:7MI/ORlEi2r8fCOw,iv:pBF/v/kGMhgSJH5ucAPs/9n2FGJ5EUSo5GY8dWW9kig=,tag:5tKqcidolFVRj9L/y3s+nA==,type:str] + - ENC[AES256_GCM,data:z9DrXfFMmEjnC+jSH+/h,iv:VfhHOIA26WUF343gvpsW9rEAIP4jON90f8CKQ6UK3yk=,tag:Lf2fUHgRfcfAVX07rJcc0w==,type:str] + - ENC[AES256_GCM,data:nYA+C6TlBJHgfT545E6H,iv:ZsGgXhIa3MrnrTn8X6BKpS8vC9MO27f+OccwrD9e1EE=,tag:jOl8H7dwVTUFkePYX80C/w==,type:str] + - ENC[AES256_GCM,data:8+yfLhxPses=,iv:INYj4WRvYEuO05lU/fyFshk7N6Mj2t8Bbfhn3VA/Dj4=,tag:gwkb4kqAQhZu9No+wEsn+A==,type:str] + - ENC[AES256_GCM,data:1NtCjJMtsB0hwA==,iv:72IbCoOLOaFra15vBUqV0y4/Z4vbbBO43t5M2pLDl+A=,tag:FSiMLkVBVI/t6wNKlCyAng==,type:str] + - ENC[AES256_GCM,data:BUrUt3N2S34Oj2URpyFm,iv:9AEyDlgTI/FXZtt6SYRIqUl7PLqXDDnlo1LAALyLKg0=,tag:5oEndYIlvKS08DGdCu1LuA==,type:str] + - ENC[AES256_GCM,data:i/zD7W5G/aWt/GUSxKk=,iv:OPPZE6I4Xs2l+UGCxH8y+R4uvDP+1fud+arD520Rf5M=,tag:Erqch/n9S+mPZfSFzz527A==,type:str] + - ENC[AES256_GCM,data:twBA6OsHiMAvowRZoA==,iv:5CsUGayi/N/LC64ghi6oVLK2ET9FY7jbK5MYq/DAjlY=,tag:4Tv+gcK1LxmEvgnHoRVsng==,type:str] + - ENC[AES256_GCM,data:Pim+jkri006QLU9ERyinokZtog==,iv:M+Sk6aswcIWM4g7sObBvT+5cz9pzCR2Jq5b4HZsp39g=,tag:eQIxDw5KbBjXHzmLSZGqlg==,type:str] + - ENC[AES256_GCM,data:rvMliXi6awBv2hNo/Dc=,iv:Lud0qFok/a3nvYExy6bScrJeZ5mcmazJ0uJTG2Hn9zY=,tag:+u/SIVEX3HJBI7SuUXhbSw==,type:str] + - ENC[AES256_GCM,data:TpfM99xtdtWU,iv:eRrZdagXJelsinlMWtVDWN5U4sWgJv/g+y0EAV+CP4o=,tag:2M+ky/3vdv5sI/rupWABmQ==,type:str] + - ENC[AES256_GCM,data:n91tWtXEEOmtqoDOGw==,iv:31g4QgYS6jwR0nvCvZv2j+vyTTujCKKN0EYuOpOgmtI=,tag:O41pw4QEa0Gppr3PQbNBJA==,type:str] + - ENC[AES256_GCM,data:paUK+zfAd9OK6SHfET1Z8es4,iv:nEQPSE04u0z3SX5uy9/QwOhZ2W2bxVHZP5JA8R5+fwk=,tag:bVlSCZKfDhoUuoJGA2zBPA==,type:str] + - ENC[AES256_GCM,data:eyLUR0+9,iv:G8mBA996mqSMbwq7ysQn2PiAg5D0Xe0Kq0K1EkOGzJI=,tag:JoVjd10Fg0mE8J/VIeGYKQ==,type:str] + - ENC[AES256_GCM,data:xfObig8M9A==,iv:k8CS27p+C+EQAAc2U2DLsQh36Oj3IXKxsq5Y//BCGRQ=,tag:oS3HslWO2WfAATTIE6uR2A==,type:str] + - ENC[AES256_GCM,data:l46Vl+k01Q==,iv:vJsoUFSDTqvkOWvq5ASrclscvZDDJMMWqAWU5fgNTOs=,tag:Xq3mQPKzONjbGSnEQcf/nA==,type:str] + - ENC[AES256_GCM,data:nbXFRZws6sED4w==,iv:nB++hm1Vv7PM/q8W5+9na76Lk1G6JNYBtvlzyJfVCCk=,tag:Q8J+fs+t5ElyNI3fmefTkw==,type:str] + - ENC[AES256_GCM,data:iW67aKUIntbZofkbM/Q=,iv:mnx/7eGxPMuznnj6aNdz3/Pi6t6Z7xP4aTvckd9zVdk=,tag:CVnAq+DejZYbTnZYkQGCPw==,type:str] + - ENC[AES256_GCM,data:5DM2Iaj4phLEbo0el2Y=,iv:wfgityzIV4tkhw0BcQlDkvqtn9uJIJ61F27lw8heuYo=,tag:FlPi4z2n7tw7PfnN97Zt9w==,type:str] + - ENC[AES256_GCM,data:8nRhjje53d49TTV5OnaBetBP,iv:bSgRM7FeyCJoLhRnLBshKp/I9Xf6Cr8cOpvcTEK2bhM=,tag:9pTpzOODDbsugcIhoLScnw==,type:str] + - ENC[AES256_GCM,data:HNX5d0gbAxle31U=,iv:JNOSPWMoFQq54H+OVPHDAkfkOWLhCPpLxV6KXyJIAQg=,tag:ZRr/FBGAKB7mcbbbKioDnA==,type:str] + - ENC[AES256_GCM,data:UuCs5cFn,iv:c2hAuFT68llma9nf7+0X3hc4YiMXNXcs1egNuaJv9fM=,tag:sqK8zuRFj8PqdryMpJVBLw==,type:str] + - ENC[AES256_GCM,data:335wQefCX1jvM8FR7tZk,iv:e1WMKRws5S9D42P60x/WFT5AkRJB/04xNo9jB+65uPw=,tag:xfjhZhiyR9SS8CtoL10EhQ==,type:str] + - ENC[AES256_GCM,data:UxFuzgFDgRUymo8BiqjO,iv:mAU8ZUf+ip/Ym8G2VJ8ETFNCmXzA8iFbILpJFrjsnHY=,tag:HF8mIyQBk9Rf3spsWS7W3Q==,type:str] + - ENC[AES256_GCM,data:sS78yJaegCsY2g==,iv:TABRcFmMkYBeMChDUMZNw3A7yRc0msfPpKbrZVH4d8M=,tag:4In6PlZqlV2s4PuKpHIblw==,type:str] + - ENC[AES256_GCM,data:WOJtoa0mOWZV4ctN,iv:jFZa68//RNyw6Cpcu1VNU5R+xLlEZ85rcyXT6wh/R3w=,tag:k+IyAt3ewsKfZB0c3lLGBg==,type:str] + - ENC[AES256_GCM,data:VjH2U6Tx3bIcdM8=,iv:L0ZR52S3NpeAXoL+/YK2recp9s0+bw799GCin8jt0qA=,tag:0Mn9aouScHTbmwI16wnIzQ==,type:str] + - ENC[AES256_GCM,data:2HennsBl1XyAsprE3q4=,iv:cej7tTGLzPDCB8VCrwGN1F29jmVIW0QKU+weYXnzX2k=,tag:CoMyDD+jQrdqY2eBdxXDOA==,type:str] + - ENC[AES256_GCM,data:NBeU+qA5sY+AgsOOiw==,iv:HZsYnTLJFZM+FTnaptU0kyj7Z1Ad7XlBGR734PDY/7o=,tag:jpz+pAR53Crp2UuYnN1yJw==,type:str] + - ENC[AES256_GCM,data:vKk7oB6398l/HWLQM0w=,iv:pIAG6iJpDBfT/p+TxMD7b5S9nWJTS+AiDHer1aHmnss=,tag:Q9niqDXQmdasQw3rwnVF4g==,type:str] + - ENC[AES256_GCM,data:dcildQPGHzMacr59Hys=,iv:rk604svSVRKWR7SDt1QcUz5AbbBcB2rvtQ3yMx/kWhg=,tag:lqjad9HFerVdkSG5o5qXow==,type:str] + - ENC[AES256_GCM,data:Qc5x9gSLMyLkLkSK,iv:HzfKcxs+Z0R/I80EGVF/kqMVZbdQUrXIvdmM0nWq8ws=,tag:2vP/tklWyevEX2ljimDZlg==,type:str] + - ENC[AES256_GCM,data:x8F6+ynJsFtglQasV9445g==,iv:zeUrrUPoUezreJLrjWR4UBhUzS79FezJB3//5mh18UM=,tag:bfn7u2Gh/zv2Jylwgz7zTA==,type:str] + - ENC[AES256_GCM,data:RJu1cEOfiJwohcnr2QFX,iv:AdIkdmggyXeYJmjauSw1TV5D8RYjgwlxEqz6TLidh7w=,tag:TppJh6r6yzN9ZBagQS3XoQ==,type:str] + - ENC[AES256_GCM,data:HNuVIlew1sI=,iv:2342rX0/g3Nz/apH5mro8wy1SJ40Xn+oTcDcYRd6wpY=,tag:VdfmeulgUXPkDaCl7+jasA==,type:str] + - ENC[AES256_GCM,data:8nfvtuoYz1rJK562dA==,iv:iXRQC690ISpJPr83S5QxELZmTcIRPE5JV/gIXmgivno=,tag:eQBtbxqmXbObHib2KEeZPQ==,type:str] + - ENC[AES256_GCM,data:BGSr2VdUVTTrIwXG,iv:prv4K0y1P150vn+AWBcyBF/HJTtX/U1etj0b0fsTcIE=,tag:jlNb4t9G37JW1zRuJw6XdQ==,type:str] + - ENC[AES256_GCM,data:MNrC1dMgR8C1dKY=,iv:GIaFvYKOwi3K68iVvIyZ9Jmg0CIzSA+dnVF/DGVahSM=,tag:SWOi73xrUjpwoZVZut2t4A==,type:str] + - ENC[AES256_GCM,data:q5HlAykXg7ml62NqCA==,iv:SwwyEH2zisbEeJl9qB8mFG2KUsI8lHm5OUp361VWx+s=,tag:l5/kcnLiN5rp33E3B4qPOQ==,type:str] + - ENC[AES256_GCM,data:awcTsR6bgSNlT3TpZDSc,iv:82qxg+4C9X3bYGKtX93ythKL5o1PJ49e8B0JBg5I3/8=,tag:743HyA92ksS5j8f+CDd0Nw==,type:str] + - ENC[AES256_GCM,data:92k3Oj47wbLPhTIe5Xrj+I4C,iv:3YUJ7BqN2j2KNqLZ+Eamckipmh1Iks0Kk+KjUZgdfnM=,tag:7v0+zQNo2UWRyIlec68Dng==,type:str] + - ENC[AES256_GCM,data:G+o7HbHXl3F/2nijHZKOatk=,iv:+uz37qtpOKghEPlNRaIw8RJj0aaQqvFFWIEH6O75XXU=,tag:SX7BcIDG3ACXiot1gsGrjg==,type:str] + - ENC[AES256_GCM,data:ueSviecCEALF,iv:XuYR1TycjAunwXuvXVSriQ2a46IVlgh47fEVjES6qTc=,tag:+1PfQbUyGGT8D+l+40FabQ==,type:str] + - ENC[AES256_GCM,data:AbkTzfe6LuFdjDev,iv:/n2rsqKdFBav7YjHj0xkL4aTvNsXumsyQHLuL8opT58=,tag:Sm46t2xapFhsCicxZz6aEw==,type:str] + - ENC[AES256_GCM,data:GH4kU9d2Htqmpg==,iv:hZQiFZGpH/aJg9IcYPfn3muEpZgDR53NpkMupBJOxUo=,tag:O1bK6Q4BCrkuzMyG3vFoww==,type:str] + - ENC[AES256_GCM,data:IeQcXmFO8clZLyVP5w==,iv:8RQrkAtea3TnRYQy5laC2L9YTWdbNnHoxcGz49gAFvE=,tag:JxbexSngzBBXDKEqDPsMVQ==,type:str] + - ENC[AES256_GCM,data:gZ/98GLrY6NQ3w==,iv:76HLUkW7eVjnB5RzOY8pMHKkZOrueaYVGfcO0LTCQsM=,tag:9ZRqCnMhHMLBx/q9upcW3w==,type:str] + - ENC[AES256_GCM,data:motvKGZlLcW+GscH,iv:L4JcUfsSYJvOmygfc8JY58t+KH8h0x4TC7wl+AXb/t4=,tag:ae5xJF4iFKO1RUIOM/MZ1Q==,type:str] + - ENC[AES256_GCM,data:Ih7dDpLKTmj2Egn0t7HgDQ==,iv:bLk3O4/jhnUlnytedTxwSvXpy4eHLfVTPhrZ3oL1QP4=,tag:7d//6KQNRYUuqJNv1o8Emg==,type:str] + - ENC[AES256_GCM,data:BllV58UF7O5FMw==,iv:05NkR/o9XQXttO4UVq6nvZafE1rIqrZqt7RYyKjxuPE=,tag:g+05S18t2EecZeNHdjMcWQ==,type:str] + - ENC[AES256_GCM,data:T7kCE/r0WDjFAKKYAA==,iv:LpWTi9tcAORaBNLTleSCeryvKzo2IbxUS3oCFmgAzWo=,tag:iTdcTTzY+j/EhZLNNs0CAA==,type:str] + - ENC[AES256_GCM,data:Auy7q1Wr1aGvd5tr,iv:RSUs58aEuusJYfqoOjJmmo6Z9N3JdA0wHjxS53WkDfo=,tag:BMxtVH2sPDY/2pDeafWWVg==,type:str] + - ENC[AES256_GCM,data:9X2sXygLojyx,iv:wF9MyXd+3wy6bGf0zqR9UmvoQ7X27o91rL7wPW44VEM=,tag:LRloE0G2dkS5ZJ5StniZ6Q==,type:str] + - ENC[AES256_GCM,data:mcH2LtWviI+K3tlc,iv:EZ4cMivMLQUrFP9eekprZsJDn4cS8FEAb3yy3YD+Zvs=,tag:Y063hVQC5GE68T5OXdadug==,type:str] + - ENC[AES256_GCM,data:MDi/NXS4tvsj,iv:K3QcI14Llc3mAzPHnXDCxTkDbS5QxCOLmL3mZqLGQPo=,tag:Kx2uwIqlMbV0HbjyEhpFYw==,type:str] + - ENC[AES256_GCM,data:UxI1mGUjQFFK1E0=,iv:bxJThkVQqqglzLawytpn965AXD6NETZoPtUTNPyZR48=,tag:wWXT3rr4bZrdHKcIMk0ymg==,type:str] + - ENC[AES256_GCM,data:iR8qKjMmSAJ2ZEw=,iv:GqiWGOPYFq35LZA5OKL2arqJY+YJE3AwLjrVmC3Tknw=,tag:LV4RYSOr1/aLAnkU93D0BQ==,type:str] + - ENC[AES256_GCM,data:FSXeynuybWfHRGnD2w==,iv:59SQpEnHUgfXUWGp2kN/VxQq0zjoQ8lu9r7zaklUyyE=,tag:hfLR9ns8PcusFybVPNBFuw==,type:str] + - ENC[AES256_GCM,data:wv4PMRJ3t2B3UVpk,iv:9Y+HgMr4bPjWA38WS2JgUIjSMfFjnE3cWNDIfvv5T3A=,tag:bwMH9Mz4A16cAxgQS+iKTg==,type:str] + - ENC[AES256_GCM,data:0XRgd/UMVR2ZrItz,iv:FEPONF2o8/0AZDTxmUP/rqqZNvL3a+jiM8PqUCZoBNY=,tag:uk8ePnFwdkdyMHJma2A52g==,type:str] + - ENC[AES256_GCM,data:qrZ5b4raQWglt/J8VLYi,iv:E5c0Gm0+fsJ5g+/0ja//m4V2QPsG2mgMKPmxwRaI2Uc=,tag:i3NeU8TKlqrMpAXr78BvqQ==,type:str] + - ENC[AES256_GCM,data:8nMP76Bh0NmIVRw=,iv:7PVoY+/8xt8/qpkOAEPJFL0l8n5xIv+cnW+Zw4HbLBc=,tag:ek2eloK2POrtbG2kPow1mw==,type:str] + - ENC[AES256_GCM,data:coeQjttrX79Q3Og=,iv:7Frg12i+LSM4aB9IXJOS2++wOQ/tC+7vKXXaf6TH2KQ=,tag:8PLm+LXCdK6tkhFmwS4plw==,type:str] + - ENC[AES256_GCM,data:CGDFg8eteMEkz9fUEEA=,iv:DZluGOaASKAlQUTui8FsioU0zOZfGXYAKeR/cT50V3w=,tag:rexY3/mmfn/6xQZN3SQB0Q==,type:str] + - ENC[AES256_GCM,data:AeusjW+vW5RGYyk=,iv:b4uFIEdE4z+OXl3ejOXpNC/ppvs43C1BU2ZwG/gE1y4=,tag:WwiqAOzkvFlyLtR2x0aDUA==,type:str] + - ENC[AES256_GCM,data:btC4h1BF/qUfxg/B,iv:6DKOISMkVmZ7TxxfUfiwwZfrpapag6Vhx+qyiYmDA/M=,tag:Gyju+xo0lKtdxNSTYJ8z1Q==,type:str] + - ENC[AES256_GCM,data:aHMpuVmZ1mpzGUf8,iv:iPR9zTdG/UYWBkkWZ7i/60C8ZvD8iRojYK7uhIj4Gj0=,tag:CWp8TBh3VZszbp28mq2FCQ==,type:str] + - ENC[AES256_GCM,data:TneuQT5do6XQCG3eFUE=,iv:/0vrM964dWAbbh5BQLQ1alpeVN4rtSV8pkaM+9b7t/w=,tag:RMll+K2AqazK/4RkSpmlXQ==,type:str] + - ENC[AES256_GCM,data:BVOnKS+Tqd41SBo=,iv:YT5ZqJZaeiegzC3x6JcO1Vu36JUjPwYRUGzk7z216F0=,tag:tbJNuL+6Fg3XSR7SegCPiA==,type:str] + - ENC[AES256_GCM,data:vERAmfTNfcQCoKs=,iv:aoC7N7+BV/0N1vhghMHltE0nwmKjVkYwPFGhGyttEPc=,tag:qv3rextDr2oCLY53h9owBw==,type:str] + - ENC[AES256_GCM,data:D9PUOxNYkla4,iv:cfEiwYUwGUZvroWYCiiTdNB3sXZ3y7Ev1Xb17NXtwdQ=,tag:zaFtdA19QqRqUon9LnxZEQ==,type:str] + - ENC[AES256_GCM,data:8UNYuS7QY3gPVEOplg==,iv:Hx66J4FEpwBWA7qPWSLjNzRTFnEe9Wiu2beO2pTH35g=,tag:59hCJN2Z/zKmwOzkTH/EFQ==,type:str] + - ENC[AES256_GCM,data:4Unp8RYosj+f9AQ=,iv:kKp+wAUpSVj1evtc919J3/Pp9+gZJcFmTtL81iQZ0QE=,tag:wJmdOFq/svH9WDaYOk48BQ==,type:str] + - ENC[AES256_GCM,data:ajdkzKW5jLPSEoSOWC8=,iv:yFCqK6XVrXjjG80XvyfXdbO5bl/WRj2zwvizi7B/T7M=,tag:Z9YhDh4Lz8uvFs1tV5VRRA==,type:str] + - ENC[AES256_GCM,data:tL4NOIqCQLu1XSk=,iv:Ajn7wX9+PBcV7ufijX7mAneVm3F9UrutilV6UiREGIM=,tag:Zy2epOfvT4zUMClqgkU9Cg==,type:str] + - ENC[AES256_GCM,data:bUCNaZUFnCqCVNJ0NV1O,iv:Fc3bKyCMLVChYejZZ1gbpvkSMpEYiYeBEpBfPMNZKb4=,tag:nJqw5LgaF1hbdBouqGFe8w==,type:str] + - ENC[AES256_GCM,data:zJNlwQV6rTwK3UHjYg==,iv:qNFC3PjwhNWy6TZwFZPLpdf4npOVUcY+l77HHmyV3qw=,tag:mBGYHZyccXgRWktVTs1H7w==,type:str] + - ENC[AES256_GCM,data:ox1Q3Qa7DOXekdA=,iv:k8k7tUVyF9a9BR6l7viqaYHDkgWWrisnsxYJol+8T8M=,tag:Du32YlljHADevkXsmXX2CQ==,type:str] + - ENC[AES256_GCM,data:INN8qTWh4Xj2v6HcvgcBMmc=,iv:jn6RHT50tEjcJFE4FccjjePAh0A/dXdK2urTOYh3pII=,tag:8nAALNmG88Z7JuHKGtQt9g==,type:str] + - ENC[AES256_GCM,data:zuLIsD4MIZJQKk60QDvBSPQJ,iv:U5RYZpSHTntyqI7PnjCs7ZqWkhIERP7oamx9IPP1OD8=,tag:rc9bQPQiTAUka3KvGuKvdg==,type:str] + - ENC[AES256_GCM,data:jQQncmcoreqCvLbqQoc=,iv:Dd7+dhpQzB57d2CuFxsv9eYKWOpJCWfE3amQbz0Wqto=,tag:/zFXHpIe5gA9w+Z21aHFPg==,type:str] + - ENC[AES256_GCM,data:HjK8JxqVAfIxawns2A==,iv:LeHDBKZolfLXVLJIAJrjiIwWljyHoWxfL9LoshmcTuM=,tag:R06lOBlDO8MZY720qeVtOQ==,type:str] + - ENC[AES256_GCM,data:LKyXaO6ZJzFFFdZWO3yHPw==,iv:/cbIBp5I4O+8jLHXPfIggGZ9hqokRkPEiJvWRWQ07a8=,tag:TlahSOfA7rs6l8fyW14P+g==,type:str] + - ENC[AES256_GCM,data:XNbtW8qtbAFYuEw=,iv:2L8+85rNU/Edj3XC5uy9Bcx3JTWtqy4OCZ6ovkEFrKo=,tag:XvfOMpucHSrHMEyUEZXNzg==,type:str] + - ENC[AES256_GCM,data:2Yw0tvv7fx4Af2w=,iv:sCHJFwiAEV995b8h9hO0GDa4AHxppA4Sb8FIzilp4XE=,tag:mjVtWzfp/diQ9ci5DnjqPw==,type:str] + - ENC[AES256_GCM,data:jCM9nq4N62oY41ru,iv:ym1wyQSthEWWEE/DCWCPARSL8jetMdRE8SKd93Pr54M=,tag:i6XGhtAoZi+d+JgtEp3KfQ==,type:str] + - ENC[AES256_GCM,data:N3mLWR73AixHxTdseYBUnG8=,iv:boExJFfXgCW+MN8gTV4fKEMmrtqU+G+JFyEGq7htiQs=,tag:dJUvn2ZTXpR8urN9RKd9Hw==,type:str] + - ENC[AES256_GCM,data:rLWqoTebQTWHzqp+Kg==,iv:9wSS02RvMpebNdjw7hWkXLqDxQm3+OplYtvd4vfnXFs=,tag:bJgWf0uX9qVAOI6LoZFSoA==,type:str] + - ENC[AES256_GCM,data:tHyoGTkEm5QUE1S1,iv:tgq2ujeaymj43rxlYTsRCuu1ElehNJLOUN1c8msHbes=,tag:CpbeDJWU983XYPnIDDsutA==,type:str] + - ENC[AES256_GCM,data:e+plQmw7vXbCy70hvyTn,iv:ctp1sRtblDTh7grkohpiEtqSWc3GgCRB3BVGOyBTH14=,tag:SroGdmJwWwus/uknrwFkZQ==,type:str] + - ENC[AES256_GCM,data:ThPKeo8q0cTf,iv:oSWodK8jz+3h0IGme+dSuPbgOb581YWslO/WkfOFfW8=,tag:bE0benWfEPiNLJNTHeyo2Q==,type:str] + - ENC[AES256_GCM,data:ZsLMqxlbe/m2GxtV,iv:TgPgg16VKJsa97viwuPFJ1z2n7IeS3vq2mK2L7K4NWo=,tag:oKxz5IqU4yAZ0falqzcmdw==,type:str] + - ENC[AES256_GCM,data:Fu36DCDD8OfSjZ5P8g==,iv:FW8F88rgkP5jhrtyVPDqSj7Wnj+NJ9NWwNDhiwl1Ryo=,tag:F5rNnSPamo1/KOywrsH83w==,type:str] + - ENC[AES256_GCM,data:meSDVLDT0QdhFc4=,iv:QA1JU/UDgs+5bbw2g9ePUe7E07Xr5DLWBrmB9oz/n5U=,tag:lCOA1XpN1loMhBOOt8+36w==,type:str] + - ENC[AES256_GCM,data:tynWamF4nMyadpI=,iv:GP3NPTDmgQuObkK0bJk2rwNvp09e6U85KuQ28Y/3xWU=,tag:CCyQj9Q5BJ/xyE/8HicN4g==,type:str] + - ENC[AES256_GCM,data:oE5VoadI3u8FNDoj,iv:Og1iyqzXHXRN0kwda1CCyEpOV7/7K3QTp1WxlRogzGM=,tag:JnqBTfBRAiQetfnOsbkYcQ==,type:str] + - ENC[AES256_GCM,data:ab/66XjhvERuo1Y=,iv:vw36R284IvOvruP+efAqbAYepO6twP7wmjTuGwMq/7c=,tag:tSUq0G+kYYTqrGmCCWX+lw==,type:str] + - ENC[AES256_GCM,data:bI19dyrelsZlMj7LGg==,iv:ePh2IqKkRVupeqKH7jU9jgPAl0FBv85BypPF30Te/Pk=,tag:bhLYEHGx/YInbtVaWxKTYQ==,type:str] + - ENC[AES256_GCM,data:1hKu1Y9G34phkucz,iv:0IXGE8grqRf338nbLN/4187cKDWDhTu0ClIqQ+WJ7/A=,tag:6SmRo/zvCwCcYM/sEfdpaw==,type:str] + - ENC[AES256_GCM,data:gvVZ+Zyyge6a36Ti,iv:Q4WaBo3lxELjq8ATNay+Hue+D6ycJKw+RrZHHkCrmRo=,tag:IiVb5Em8rQBagIoBhIQLeQ==,type:str] + - ENC[AES256_GCM,data:rpPac1ok7T/mkEI=,iv:q+eoRR/57DRAvNQOkuBXutdBzgcYsQ4jO3liBprblfE=,tag:rJlIuO/LPusZDiGujCNS5Q==,type:str] + - ENC[AES256_GCM,data:xdv9TxWdI/6IYxo=,iv:ipjInEKGIOYQCKhy55PgUS+X0GZ4JBxjgDoq1SCFb/4=,tag:dyn+ArFqpYFXPGN/QcQVJw==,type:str] + - ENC[AES256_GCM,data:4dkRSOfmgDH1LosbhlxRRA==,iv:zZI2rw/7ZhdQMHQ0JS1B+8YNBC38IRS7QzYY0rfs4tY=,tag:DXNi0M7hI1rncmSBEoMvpA==,type:str] + - ENC[AES256_GCM,data:Q+NTSdb7f3HoyCg=,iv:gCNjBzRPP/Y9koQIrJj6i+K8TNLKd0lNS1hyO9liVlY=,tag:qqEgbO58QveeGmVByQnfqw==,type:str] + - ENC[AES256_GCM,data:xpnQ8TUu26mnUOSk9dY=,iv:rm1UdQGGRRW0nUaQSEEDBkTJWTC5nOfpjgYCOja/dig=,tag:Rt4TmmriGFR9E7BzLpKk7g==,type:str] + - ENC[AES256_GCM,data:gp6rU8Vu4nfGANB03w==,iv:w/lRsHj33lTmNRwwB/RoHL2qm3cTJgAKwivp1/zY3PY=,tag:7MUX30+62aNrcNWzdHJQCA==,type:str] + - ENC[AES256_GCM,data:pZTMyKHQcOtKySg=,iv:2S0YhX21zuDYGgJyJ/oO2dfGcFgWEp9A2iCadTKysYg=,tag:wNfdZmzNM+Yz69KMDitZrw==,type:str] + - ENC[AES256_GCM,data:JHLo+PT2+s/e7Q==,iv:S5EaTh3T0knYP75NjTsof4cyyFqRncrUfjZK/Z+uR8U=,tag:87RExlicc2M+WkNuHvObrg==,type:str] + - ENC[AES256_GCM,data:EUHSYIg9iAMKiUk=,iv:/0yahcoNJBERp0xEjXELvp4dzCuDDgzHujwTXEjsLo0=,tag:giEWFLmvPBA1gIy9zwGaeA==,type:str] + - ENC[AES256_GCM,data:A6TqlMF4QvRerQ==,iv:TaRMyu+cPrvEku+/UAbcKlTzrA8dUvtZ3WOfd2Mt+Ao=,tag:UZiPK8xgwkOFMK/gpiBA3g==,type:str] + - ENC[AES256_GCM,data:ZLibm/8x8BDOv5MorQ==,iv:zNIrTt1/jEYrXsOSZcZGL0KaExWvE19aIRghg78/Cfo=,tag:YfJLeuA5eKnDx8hms1fUXQ==,type:str] + - ENC[AES256_GCM,data:tkakK+oDOKKtbxt8Aw==,iv:q9jIwbCWWEVluBfHEYkaW9yH77TDb1QyLS+O0ppV6lk=,tag:TbMK5wBeLIlV+WyupycAFg==,type:str] + - ENC[AES256_GCM,data:f+i94cBDt6E=,iv:kqqoH3YxXeUwHpszZE/+uyT2LoMy9TfBSaMkAQW/5NM=,tag:8kwlyTXp5BvXTkgfU52qgQ==,type:str] + - ENC[AES256_GCM,data:5Vm5k+JnItkvLcU=,iv:zy6ITxT7FqyOrjyt5IJ165ZQigSIzCc6488BOU84n40=,tag:rubnaSSQX4lv+yU0GkHg3Q==,type:str] + - ENC[AES256_GCM,data:GGHhoSszINiKA8w=,iv:qtYZgEr3OCV3MjAA21OAQrAfkYfrIDDNJv5cdMrWyCM=,tag:dzd1jI+nL855gq4aprgl2w==,type:str] + - ENC[AES256_GCM,data:0AMU6XHDSkk=,iv:tevL3d9Zguz6n7IZt5PIWe/Us6NkC0XnfasqzVz/4Ig=,tag:d/aKXMUFkIwtAz3YnKg1+Q==,type:str] + - ENC[AES256_GCM,data:0s2Srz8NdId/wyC5SoBkHQ==,iv:3I1a3gVhCZBGnOppi/5DQuIP1KSWgoV7LaPPyOeGE14=,tag:B+m2TIR1PQjxi4E9tXy7Bw==,type:str] + - ENC[AES256_GCM,data:QySJTs/i4tvwUQ==,iv:L8aChP8FAilxPigxqyirKbi6uhksrm4T7mRnXGvL8vs=,tag:+FBATC2DFuqoC8DnnR6Qgw==,type:str] + - ENC[AES256_GCM,data:02urz05ghk7ndQ==,iv:fuUeFppcELj26xVc0h+hR8nI1dnRii1jLWsXcGM4FF0=,tag:IO6DSssjMtLo8wPQkdIbUg==,type:str] + - ENC[AES256_GCM,data:6kFr6OPiOym/jpPSYA==,iv:t6tjH0YqkGTQHgEKuLX5Xpy3I1zUD7dx497vVcG824o=,tag:uULXvwSml55j0n0/eIZnUg==,type:str] + - ENC[AES256_GCM,data:1R39trbWK414U5lMdw==,iv:Lv2Sql0neMbAIBqpgfxjutDzGAO/xs9kQBRwvKx39Gk=,tag:NFy5eJL9u7lFD0GKDHx/tw==,type:str] + - ENC[AES256_GCM,data:UEzSNTZ9MZnP,iv:T9f1FteYVxU6nOqe4pOrlQs2Oc1lJXL7kLXcpMfwPZ0=,tag:b3ltHVHogjE58A6QlVYZIQ==,type:str] + - ENC[AES256_GCM,data:DKysTW6/MiRV/pFw7cGtIMfRDA==,iv:Zn6SufjYXMrlqKPqFiROQz88GCAfz52YSmICNl4+fs8=,tag:WVgTOKSQsRPmO/swISsUqg==,type:str] + - ENC[AES256_GCM,data:rQmjSnngaqOahEw=,iv:s8PUbKAektQ1LHcolgbmkLob50evtQVKuQKITXboxqU=,tag:RvSH6/hH4xyxEL7nWzCshw==,type:str] + - ENC[AES256_GCM,data:7jyhsBbWPAwbeM/ebfgr,iv:4xayeQ90Nd1RfcYqiIB+Ymiah86Bh/pRKwGGlwTN6s8=,tag:q6w+DkooJ1WreHuT37LfZg==,type:str] + - ENC[AES256_GCM,data:vyRm6/+5l4auotl4tLk=,iv:JSWjufFa2TSt69tBWghxbwiDTSFZISiNVetoTOKj/k0=,tag:VqcpWYpmpyupb9HI863uLg==,type:str] + - ENC[AES256_GCM,data:BmuatHgy7KYkOW+aWduV/5VsEeyQ62k=,iv:8qTzEy/zF/yiw8ZHees6AtO60GgVqhN9o6pgc3SCXu8=,tag:hxjbHqIcK60LCAtI2z9Agg==,type:str] + - ENC[AES256_GCM,data:wTACRk4Cu7LUz2q6FQot0ATaDZZqGw==,iv:a0rC7KMwtem/rqV3qmNulasV6S2izV9oHwiM0bTlPqo=,tag:lBjZ/S5LykeKusqea84g1Q==,type:str] + - ENC[AES256_GCM,data:lds/19mTlXk7mV+X,iv:0fIx1BR9ZD/04rcEwgJmXPv4KLrJpu7q0zRFn2D3Kxw=,tag:Y31OPawoy7Mu0oxSad11ug==,type:str] + - ENC[AES256_GCM,data:85JrzL5pzXmElw==,iv:p6yOd/Nuajq6ZOqqmPGxJbIm8Gz+3NK927TpBPF+bLc=,tag:H4VSQ+436GHrIlrip4nnbA==,type:str] + - ENC[AES256_GCM,data:HreOdqlRtD2T+9MRc16i,iv:PRQx3MsWfCjo98pRKGAGapwJnXWRULFkBbP0MX4+nNU=,tag:3bqjbI6fqsBesZ8zdquPvg==,type:str] + - ENC[AES256_GCM,data:5lN3xXg+RUHARnFvEw==,iv:iQDs43+MqenXPOahf302idrNCEtsQSJvEAmo1wErUyQ=,tag:6meWOAZqswpbF2t+uk+J0g==,type:str] + - ENC[AES256_GCM,data:ypjh0UuP02ONwVcxHZyi0u8=,iv:m7b7Me6dfSGEXb7SudArRjUtQcst6/UHsl51/loiZEQ=,tag:Ckou+yFJZ3PWW4i+2akgCw==,type:str] + - ENC[AES256_GCM,data:a7G9PNrK137vjQN8HQ==,iv:G221HXxmZX6vT/NDEPl5+7wpyYHn2en2/x4z7Z+/B9A=,tag:ipUDrp6uqgaxjIEolGqDBw==,type:str] + - ENC[AES256_GCM,data:N5pwl4fDS0Nm1zBrlw==,iv:LwjXk32WRwKv1FSBcFPlZuq/yO5+gbDugZ3ZtVb4f/I=,tag:eVbGuYdnOmWUm8qzXG3MjA==,type:str] + - ENC[AES256_GCM,data:DFiDfeh3bCgMwd1xgh0=,iv:TcQRlz7G+mTlN/ZRQ3T9y9gG4zyBmKuKGVXaRZTxYM0=,tag:yV/82p8mZrgLZyU5pW3p1A==,type:str] + - ENC[AES256_GCM,data:uZNMuariZcH8DWv4NKvR,iv:lrZCmum3Mpn+xX+V3JTc/PBj7EsOxaUvbI/NeIF9Na0=,tag:HUEQ5Bu5X/FSC2eJz1ILbg==,type:str] + - ENC[AES256_GCM,data:IGrR1XnxUnGd,iv:+oa56ELL29z7O/gH354keygzn9T0p4nusA8LoDLjM8w=,tag:4uh/pMnjpdnH6NyEpBh7og==,type:str] + - ENC[AES256_GCM,data:1w7KXYfHlCAW3I13iQ==,iv:lzNNwNQsnNbADSMDCsWJ5+cGnkxFZxiyMsjdJN/My6c=,tag:frlyW0SBaN8d0luylHy2Pg==,type:str] + - ENC[AES256_GCM,data:v4+CeeIO0RUYAwE=,iv:cxaP40/NZuYQ88wQPBFrI2ErGINcTTzHN+e201W0+uw=,tag:kNWigmdEawviTD4M0fa2iQ==,type:str] + - ENC[AES256_GCM,data:K/ZO61lY1JnM,iv:wC08YORdYvomlxTlwbROQTSOySPStMk+cv9t3snjGJ8=,tag:5/UPoXLsGS33e7nzXUuoFg==,type:str] + - ENC[AES256_GCM,data:emo1OtBs5rT6,iv:WHurKCamBm6nIsWjqHG0TCJRwlG3gHnAQ+rUPoROeAk=,tag:0+ksLxNPPsFMTwOxZMuAzw==,type:str] + - ENC[AES256_GCM,data:dPFlnWao6iLh+2yxkcvtf8Kq4w==,iv:HC0AfpC98208NmwE6Th+cbPrLg7MhMBb1fVd8w9Odsc=,tag:hsYW4s2axAcCPtvdXG0hmA==,type:str] + - ENC[AES256_GCM,data:aEM/Tj1AtAdTA7Txr+cs,iv:8fdzFJAHTni37Jdgfae87C9AdxItf4rzvxdvE0B+cuI=,tag:P8Q25tC+BIskflVpBrCQ6w==,type:str] + - ENC[AES256_GCM,data:XodBonDgR4Y=,iv:9Xp/5lXB/1lrKP2vUPBzP/XbhSNXQgSUVNhp5fPF7lc=,tag:GaTvh699PrJ78BPzcvjtEA==,type:str] + - ENC[AES256_GCM,data:uJAvTNyqx3NetTx9hmFXmDt44b0=,iv:SeW3hkXYZQAH8MJBCoX4WjHFprZcXmBD1IVuxSYTxzA=,tag:cEIevCSDA99vn6QmTnI7yw==,type:str] + - ENC[AES256_GCM,data:6yZYD54l/QbHlg==,iv:RWZFtnSweiiehFnQC1MYa8r9FLMyIgBBBd1UHSME+Zw=,tag:Bw+R2jrQvWxfO53qqaS8GQ==,type:str] + - ENC[AES256_GCM,data:AA6L2S7LukFp28LznyDkTw==,iv:CyGEQCotM5BYEPRtGaeKtPmAZVeCjqv0t2HRvo07ak8=,tag:Uw1NUDsrpywZGb18RPrcNA==,type:str] + - ENC[AES256_GCM,data:S3/Vf20IGdp22oI=,iv:dOTALnwO7Ti7W32rDNHPOw5Pjwbk0gcfBpjzaSs6mYA=,tag:GCglUjcOWR38DeTW++l/Rw==,type:str] + - ENC[AES256_GCM,data:q0nhNVQeWPA=,iv:p5tMN1Lo0oAyBiPRGtI82I12vs9IXwcIGqI+J1pu4ZI=,tag:Rn9lWhaFBZUZ6OEtjts2bA==,type:str] + - ENC[AES256_GCM,data:n4J7ch9UMizCmn1wCCjDvA==,iv:hyuw+sFuYP+UTmwSyZ3iehRfK+qd3Rml3WXpIcpDtO8=,tag:JrL0kjBPkdUtzZPwX1kPVg==,type:str] + - ENC[AES256_GCM,data:a00BuM4DKPWJO+tHaA==,iv:Fjy86M743mF7CbN5AG2g9ZY3E0XYe6Ydc8sdWCgsgjk=,tag:utavf3AGhaRBH9JsM1R6pw==,type:str] + - ENC[AES256_GCM,data:VdYnk4mBrxHNJQ==,iv:m4tUpYtjSwFOGaHcNMjRMIjOZYw61UtmPDvEEC3cbNg=,tag:KiUKPVRyGJUpH9msDdMsbQ==,type:str] + - ENC[AES256_GCM,data:DqKwUPJKvyQXk0U=,iv:cKUbvSbcqXZDSG3b1MiX/wtcpvJxoil9C37q70uJBcA=,tag:x2kGygfgRBNn357X2GKsbg==,type:str] + - ENC[AES256_GCM,data:fbsYYqSgyqmo,iv:miAKJ/6bwYxZ7dWVo22zOjyko03Czky+iCXUfOXvBgg=,tag:F5t/rB6VyOCDzx9t8MpbCg==,type:str] + - ENC[AES256_GCM,data:mMVYbRA=,iv:5ZPhgnRVDpVHucldG8r8g8qytiR7EG2EP1caM7tYcks=,tag:YMExG9i6735fzr/QOZ/3qA==,type:str] + - ENC[AES256_GCM,data:Kq3wxxuPnMwa,iv:l9H8j+f6Q+aBmIDo+NjfkMONuTm1ArOn1DrlW+5Ux7c=,tag:QIo5OCI7nspUb+h224fbGA==,type:str] + - ENC[AES256_GCM,data:pTAt5L0wWtvRDQCy7ys=,iv:/KvwdOLwezFbFZ76vkSGI0ckaHo4M3+UUiIVoyTQTys=,tag:4oJppTKt6l5abBy6S/JvUw==,type:str] + - ENC[AES256_GCM,data:MDAiIvaP1WLjOQ==,iv:0GyZcN30KD+PitTABLiwRuuj0lBKYBAVnLhxIbqUoHI=,tag:OligGzFpa5sQqI/4Ruicyg==,type:str] + - ENC[AES256_GCM,data:iz0beYpG+tPM+Q==,iv:aDDwEmR9hAw1/Z1PL7roxuoGyXhOi2xRtGpbpLoQIKc=,tag:FFkUd7M6ldMEdegN0u+IrA==,type:str] + - ENC[AES256_GCM,data:AIf9S/NFYWF3DTw=,iv:O1fcD91phcr+509hPmi9lhNDNxzJVEhBOqpByI0ZPq0=,tag:qi/XjTXRDs0zYCy4zSIA+w==,type:str] + - ENC[AES256_GCM,data:9l6KQu/MS9h1Cw==,iv:i/ejwex54wucl1YWqXkd9tmXCU5VEDXh3CAI007Roa4=,tag:eSFTwlNPBfLsOmctb7K9bA==,type:str] + - ENC[AES256_GCM,data:zIUUjYoss654VYrCWg==,iv:Hjp+FvsdzI+CMTXfb8fjSF+jjjnCZeULkzwn6Pu1S4I=,tag:GMoSnvGiimhxYphTffIVPA==,type:str] + - ENC[AES256_GCM,data:tg8gjN1gqrnIDgmHDQ==,iv:OXfUAPotS8HbHwRQGJ9NNcRI4MysQR/OhL7YM4BBdmk=,tag:HY2sgU0toqQTI3HoSSgRWQ==,type:str] + - ENC[AES256_GCM,data:y7qjSbEwQzYNyWec,iv:yFVt9apJ72RZW/9luGQOkGdHNLnaW4mP9dc01UleMkY=,tag:8YkrsbRVU18CnW6fCsXRzA==,type:str] + - ENC[AES256_GCM,data:QKVVsJnelfwS5gZKoms=,iv:PyZVZEy/5X68d9f6mCb0WgHueZX6gHjsX3tWAeoozLQ=,tag:gfqAEZ+YTQfwd36JpTJ3qQ==,type:str] + - ENC[AES256_GCM,data:xcwcbmn60pTBk2ss,iv:4QHUm1T1Ev9mtzeEyA94QoQ9uDiJR5Mf1fq/2uvZodg=,tag:OLPuC842yDRngg7sSDm3/g==,type:str] + - ENC[AES256_GCM,data:R2qPtkirPhKiMZmcIQ==,iv:u5AX8eHBjTn9C4Id85JpBQFT+42kTCL43p8QL2PiOfw=,tag:YyEBhp2a+qWe7oKkVDHwtg==,type:str] + - ENC[AES256_GCM,data:qqaiFNA2J6pr5ShG,iv:HVDroLcYgE9TpbOKwq/YLmz5VGA4Fzz0DsCrkNhTqfg=,tag:t3luTTNSz9JpE4cpLno1ZA==,type:str] + - ENC[AES256_GCM,data:3dal1mMI8uiL,iv:d6j6i/h9VlI2JEmEdrpta12ZIbarkbgJhrA5vGpo/nA=,tag:qhmzfcYoRlzBb95h/0CtBA==,type:str] + - ENC[AES256_GCM,data:AwmiqilVDdDdOgu+y591Bg==,iv:BgPxB1JEkXmTUxwykMun4DZfU0ZYiVXpdSHd3T+JqMk=,tag:63UilIkgK4j0AxGHHdhJ+Q==,type:str] + - ENC[AES256_GCM,data:pCVoHLbb6v5gi6Nw/u+inQ==,iv:hzySYRVG20QC8zT8fXy45e6NRSI7Xfj/Bkr1Axv6OY8=,tag:qwF4beoSj2fsSEeFNSNXYA==,type:str] + - ENC[AES256_GCM,data:6wN5bdgcCE3Me3Xmpw0=,iv:r6nHYyQ9rkl5AxiVWI5PfdxWu4/OQ2ViAo1XkbboPKk=,tag:Lx2qUDxduUavBrbG5GR38g==,type:str] + - ENC[AES256_GCM,data:ln5M0o2iTOJCVtNnoVfN4A==,iv:pzHxCa5PtOvPQ+OG2hk+zR0wFe4GgWu0EXjpM1t96Os=,tag:+x0UCmkTi9pu1xP8pLKYpg==,type:str] + - ENC[AES256_GCM,data:0gdfjwcDEYm5OWPLMgb+gZw8sgN3gnU=,iv:R/11lu0TOR0psEdPtPgM45TMuJiSq3sq4Iw2FnZeFWI=,tag:tam+mPLxgVm6sFFstWhi6A==,type:str] + - ENC[AES256_GCM,data:4NViCisGCmRVjcAXxXsgQw==,iv:QGM8dpgM0rUlaUn/M9pNjuQZON+b2BR1Fm8D5vOlrQY=,tag:YiiInWaimlYfDwRMxd3OLg==,type:str] + - ENC[AES256_GCM,data:JNHw6e1XEUPiSUuZiCH2mwE=,iv:Jx52njyT3A1HMVcuDMyHHLa9rq5Vbbx/ofVbrJa0nC4=,tag:knWWTNS/agmRm0xbWb1j2g==,type:str] + - ENC[AES256_GCM,data:MartNSZYiYXWxFA7Pl5I,iv:ofwwfi3bjH6FwKl9h5OkfLJCOKTV5zF0mJfQEDxItFg=,tag:Jvim4x6rLLmKcHS+CX3yRA==,type:str] + - ENC[AES256_GCM,data:rAbm9gYAlsSzA6YoypDXNte5PuSj,iv:P679+bbOsFjsX9sJK/DvyhPmAhDxEX+uVPxRKk8QMXA=,tag:TTBs6yAIWM0HQg9qbX6p/w==,type:str] + - ENC[AES256_GCM,data:H5BcLB7+2A5SI7mWXMpOsXph,iv:j02NA6EEsX+QHhGw2zXKuQ4Qp9UhlDUc/F2kwQmZkVI=,tag:ya0eG8TGOqTI8DiiJMm2qQ==,type:str] + - ENC[AES256_GCM,data:7vOaEs8dL9uFxjN8pbSiMCQ=,iv:D9OB5rDbRflCOj/euRAahL44TSWF4BcasXKGzS+VNrA=,tag:So97aXmTvxC/NWhovt2Meg==,type:str] + - ENC[AES256_GCM,data:8tH9y43DxyVCjVv8H8esluw=,iv:PS+Q/Guxr70sgiPeiBjwS3C7v60qMLUbHlG8ussUa2Y=,tag:jui+brZvHCMscA5u9H++2A==,type:str] + - ENC[AES256_GCM,data:w84KvVMkbR/s9HCAfiHDCgSl,iv:/zjAToJo0tgNngT7mV5ku7/K9+DKOthr7zv3cb8jeHc=,tag:Yw9vS+GMUfehTp5Y5Ox8hg==,type:str] + - ENC[AES256_GCM,data:KVv+U80lRrVZYWiuJJNaaQVj1g==,iv:A2+hJSr98VHSAy+icPVSVBInp4uPMSfD28JiA6w3u/w=,tag:LtO6d7jrBkOHcJo6DpR2jg==,type:str] + - ENC[AES256_GCM,data:JfsZQNsTlBTieTOkiiLXPbIkNQ==,iv:XcfJRNCincsKaDw2S3QbzUk4Fgi5l041lqTjLpA59x0=,tag:1xy/c0vk4CHL20hPOnIurw==,type:str] + - ENC[AES256_GCM,data:dk9iyqRwyzkceZp6+JJaI3nnvCk=,iv:O1DUeELjd+XDUC6VKMdal/BaVEUG2AfyEjfenanj3TA=,tag:lF6wk8KyBRWpjbpVWAg8mg==,type:str] + - ENC[AES256_GCM,data:m445FffxtDhIc5hXM3ARxplHwg==,iv:7WYGroDpJDX0bgBnVD14Ryf7elj4oPEdVBTZwNdQOSg=,tag:E7IunfQoK+AiG6uqueFfUA==,type:str] + - ENC[AES256_GCM,data:f+c67BhfGoeaFzIw2ilr3kcq,iv:w44Wn0QfgGGRMIy1uwVUhzj5fHqOchAVrTKn6lHE3Z4=,tag:iHEwiry9HKS/lEIeNujAvA==,type:str] + - ENC[AES256_GCM,data:uqyRDjKgyAIpRsjAH4/pSQ==,iv:HVabXPkPTNo99J810MdimSI+isMj1sdy/DVRUi3Lqdo=,tag:w9zZVk6iLh/Snd1BM7ke/w==,type:str] + - ENC[AES256_GCM,data:WSmNDaXOUzC8DJBC,iv:AiRD9ARo3WqGWs/hfE4f025mlHWaSUyeiuEwb8aeKic=,tag:1uTEy6x/QNUEtMApfx62LA==,type:str] + - ENC[AES256_GCM,data:izGD96YbFUp5XPcOj7j2djY=,iv:xmHnPFjKejXROGFPI2yjS1on5oTNZO24ARbYd1IJE5k=,tag:2FT3hB0j2ZTt+sd9IWBK3g==,type:str] + - ENC[AES256_GCM,data:dOCATSi2cdY=,iv:H43jMDfunZkQvJOjCwhNSByMBxxFNKaPyg3+Z7ZHOsc=,tag:fXxVsbS++tmJgAGsMQFR3Q==,type:str] + - ENC[AES256_GCM,data:wWcs7x29BDXAMbg=,iv:bnoi0lM0CQ3cT18mmSkDbr2KWoODaNNo3Q2T6vyFzpQ=,tag:bkr2FLoAdZv7pFs7xpAXVw==,type:str] + - ENC[AES256_GCM,data:Ykk8DwtuZvisXg==,iv:229mSo7tIh+8CvvsxEmW73AJUWPAwRKvTCtlkHKIDu4=,tag:XPMVB1nEREeGCFDRf6lVRg==,type:str] + - ENC[AES256_GCM,data:bwku0c6nkoRMJ0k=,iv:Xj6S1unyoelKzsZLLWvv6Vx15Jd/NJI63f+VXNJCFvQ=,tag:PO/aU6FeYw6eBww7zr7NWg==,type:str] + - ENC[AES256_GCM,data:r1BQkwGaNUk=,iv:w8/BR5UkG2z2U504TpE3vrOIVTGYGXKq8Zdoo2e91o4=,tag:clycZuN2/pWN849MAISK9Q==,type:str] + - ENC[AES256_GCM,data:XQysQJxwCVHL,iv:Fyikb7R3k+EdLY3ep4jVdrXvmr8aC2tNL4P92meH1bk=,tag:y46aaXMJiHbOZTke6ZMWgA==,type:str] + - ENC[AES256_GCM,data:naj26j0AKIU=,iv:2TQsDEputeMiTQzGwUC5SNzpsgb1wu4cyYdxhFebCro=,tag:N9X/hTvVb8HU4G/5tgsORw==,type:str] + - ENC[AES256_GCM,data:SpuiHbiKNsmc,iv:fZBVVUBjUOoJUQGgkgNGITU9krmMHs95A4eTgMMPBxY=,tag:z8WuixFWzTdtjSFU5uya/g==,type:str] + - ENC[AES256_GCM,data:1feVNj5/,iv:E7yGHemuqPg84h3/6CkZOxS4+vAYVCZF/iUv08PA7iw=,tag:CSsTVSvtGLpbl6AXDI2sDg==,type:str] + - ENC[AES256_GCM,data:iE06uWttSQBbrBLbhw==,iv:jdpevnxtAPa9f8bEGwAdlYnp2FiS5Csl9EVLXi1oftM=,tag:3t96vRmAmSUueSms4a5SjA==,type:str] + - ENC[AES256_GCM,data:p6ZDCkBzkpajVORg,iv:RRqDdz0cBy4c3HBFObjqvBF+VlBNyxJ/lK/zoI4rRys=,tag:tMqw2fahQqClar95q8r0Xg==,type:str] + - ENC[AES256_GCM,data:KktOnqp/o202buYH8A==,iv:thSuTA5T1znBA7T4jR8x7XkUSpHRPMu/CF1D9xtbBhI=,tag:nsQM9Tmigs1ycaTsSTeQqw==,type:str] + - ENC[AES256_GCM,data:2Y93B33K6LcP,iv:YeTjlNcGGJQ0w0edgK3Cr8ifk8FMd8khlIi5StwETts=,tag:deDTxrUbcesvQuwa1/55dg==,type:str] + - ENC[AES256_GCM,data:x66N1U4xaA2liyu1f6lh,iv:SNwMu+a9Kh1Q4rAKl9Ff6e9Umtypeyv6WXwVhGeybfg=,tag:ceWpLtXSgQ3qDL6HdQpzPw==,type:str] + - ENC[AES256_GCM,data:jOKEPFap,iv:zkRCL9IjN8CTNcL3HVlr+kxfkZ/6C26pKCB7da9D1WU=,tag:fVrs9w/GQQSdrmW0Y64gLg==,type:str] + - ENC[AES256_GCM,data:qFMdLT0yU50wLQ==,iv:Dh2E6lbe+oj/YXslWhU3n6yHbVZfF0ZcOQ47ZDaeNdk=,tag:oFrNdGidbkXD28ftkQPByw==,type:str] + - ENC[AES256_GCM,data:IDveAgs626FhlOp9is4=,iv:X0SEMJmnfFhwBiADyIRTzYnC2+s77ZfOurhQev0Vn4o=,tag:j1KM9GnorrMfRCsB0/OKmg==,type:str] + - ENC[AES256_GCM,data:Iqv32QA+o4m7vt8=,iv:pdb2qDmRpF2a0EoKFwuCh9d3GbWTxz2nSBVdm8G9ljw=,tag:tB9GUgkabtjtTY0dLo9Kaw==,type:str] + - ENC[AES256_GCM,data:pS29LOcdDHfDX3BaBQ==,iv:iILfrXsCeZ1rCkp2+J0inlk4r1lM3w3Jacc7sKeSm54=,tag:YP0Ha//2ApuLNJlh5YuZzQ==,type:str] + - ENC[AES256_GCM,data:otKdX5k6TQpxeuo=,iv:8KfI31xdqUWfPYDz6XEuKSUYoBiDwK/A2w3MztLp98M=,tag:9ZFHXWlbyc+nn3PKqRNGEw==,type:str] + - ENC[AES256_GCM,data:3sKjzICzJDVdWmFk,iv:BiUZGRL3KAU0xFtE23eXawmINVgzSU6GRzLs1p/RkwU=,tag:xLdBRKhV6d9JzoFKvdn9/A==,type:str] + - ENC[AES256_GCM,data:pdyoRNwSiGf4GTJAC1w=,iv:olhFAx/O9dE2dtwPpoWn/lDh6CJjGLE/nF7rtNK/QzE=,tag:dQsW2YDyMpI60zLm6AgHLA==,type:str] + - ENC[AES256_GCM,data:eFyUfkmYE4gE9Imvwg==,iv:mu9zikrLiUUKG//YRHaTTogAp5pJ85JP7q9ANywbIQQ=,tag:HYEh3y8EaQqibuPYh9BQhA==,type:str] + - ENC[AES256_GCM,data:rE8nyPwgm+wv,iv:WwEvZsF65A5dwWoz1hg4IoCksEKk0z9vjGhF+Zk1EF4=,tag:HpktVyO/ySCCBNclYuzFyg==,type:str] + - ENC[AES256_GCM,data:1xEZkAWD,iv:JJk6iDx9TAjLpL3YMgS3pO1TKyMCUb1FD5nEfryebQA=,tag:SsAZigQtmrElRhwcVdidAg==,type:str] + - ENC[AES256_GCM,data:85V4nMK0yiXDJ/RjhQV9,iv:G8B3SmnNUZdDas2EScoGimbK5Ih5mZ4aTggnfit5Q6Y=,tag:ZkzHQzGwic3G/vi3SAg9Cw==,type:str] + - ENC[AES256_GCM,data:Giw2d8RbU1Ng9dZa,iv:7ky7aQOTEvr9LFAdE2ck3FgwzPy5mTj57YK6pEU/75o=,tag:FO8JkKD8k646fIjfBYs2kQ==,type:str] + - ENC[AES256_GCM,data:oXb1aR0JDv58qOrF,iv:64Cl0BBiccMlkjARjT9JKi2z+iREjge7N1mR05DS4D0=,tag:Hd/SoczaCePrAbysWtGkiw==,type:str] + - ENC[AES256_GCM,data:8BOzgpQxIUmf2343GKE=,iv:nXWBGVMYP/KP2eIQJgmOyNKPYaqqXxaPKApvBAaHcfE=,tag:J3j4PRecAy104XS58IwYRQ==,type:str] + - ENC[AES256_GCM,data:s38/FoEG/s4tVHvTrw==,iv:IrbfSxEig6dNOgKdIDW4hPFxwna7YaFBPOi5s1HyKaw=,tag:rSoznIrXlsM5y78IoV7q8g==,type:str] + - ENC[AES256_GCM,data:vQkaDJyq60MZi68oB/Ir,iv:lstOMYhccMe6ttZAcpcyMq3telBzUZQejaaBZSUdTtA=,tag:qY3oxEkYuiOd9ziPVdnhnQ==,type:str] + - ENC[AES256_GCM,data:rmwEKC/pFvtj4S0y6g==,iv:DzfKMgAvr9eHivfrVa6ID1fAZa5ScKAY4pzpBhuh/qs=,tag:EkmfQ3gWP0Fn2rH41g1/Xg==,type:str] + - ENC[AES256_GCM,data:z1AMK5GUn1lWgTRtz6aiFV0=,iv:+r/wY3gZZhFtpeqz2wjwK84+gjV25KBLE3pZwkIvpYQ=,tag:l1rtG31BepDsB7pnOoYoKA==,type:str] + - ENC[AES256_GCM,data:yHsRd6tfETVRHMCE9Q==,iv:lkmkabiqSUzo4LZ2y34Lpr/n4QphxOpCEx+/KoxqRn4=,tag:Q/VoLHuH5JD7Wzm9JZmYDg==,type:str] + - ENC[AES256_GCM,data:xeqj3RUBK43+Fyw+,iv:T8fskkJCxfgTCU03FKJi6/XOGJBHY+qtaUHaUt4OkVo=,tag:N6GUusNZnxFOvfScN7bX2g==,type:str] + - ENC[AES256_GCM,data:OCv24GgtxJkfkwo3,iv:DWrqReZ6Q1OmB9SVfmSnpHk2N6gYOI+N8Xir/mBEGnk=,tag:OJUJ+7Vb+B85CjyVAJSNOA==,type:str] + - ENC[AES256_GCM,data:utdkAJNNu1Ix+Q==,iv:H0+ydwLMOhWqCKM2NSYe78qg9XOh4cpz7rvKkFFBbUE=,tag:A+fcWQsCvfQzp9r4y6b+zA==,type:str] + - ENC[AES256_GCM,data:iqDm5xbIoNmiPqVI,iv:ZBbgj2mCxYXvoeceEmSfz18n64eqF4EMVUnIl0pcaxE=,tag:qc7cTr65/hGN+JLQ1v1Ncw==,type:str] + - ENC[AES256_GCM,data:fmnUYwofgVoV,iv:6vC256qTyLoi5p9lbt9Gu+29iWOCA+vAYyxLOOW+cDw=,tag:zSy87r5i64r3RXZypbDuaA==,type:str] + - ENC[AES256_GCM,data:O/oFZKWOvUh3Aw==,iv:o02CJbAX0O8hszM1GXcRJVbUGbOZbPSHWvdBw92s0vE=,tag:sIkeMlg1lSJQfzVt8qCCAg==,type:str] + - ENC[AES256_GCM,data:U1eFTg9z3oV0StA=,iv:18TU3OZ56VJ6/tmrzFDHiFCfknJxm7sniAYOg+/bE8Y=,tag:I1mKNs//MrIhwWuTT9Rm5Q==,type:str] + - ENC[AES256_GCM,data:hTHFhUU/XZYK1g==,iv:CJ4bnzIxbCIb0IiM+f03mm1WwBiaS0q0Us/cUrZ5GFI=,tag:EReLVegsv9qCuwF+6VBj3A==,type:str] + - ENC[AES256_GCM,data:DqXxAotDBX4o,iv:Qj5G5cReTPfJfRbyvGVtC+Fo33tdsFI+SufFITbw6KA=,tag:mCRBD0OaUfePqeMOYw9DxA==,type:str] + - ENC[AES256_GCM,data:4sgvwb8oXMVghkhJGw==,iv:oEzH5FKtYc12gj+hFmYbIGKe5HMU2c7gle819gq5WN8=,tag:fSOZtEnaKYizgkh/aLYKQw==,type:str] + - ENC[AES256_GCM,data:K2HvfI/8Bf9uOeLgmg==,iv:alNm0NIV3eYpm/afiSa2tFE6fla7Fe/6fwD3tS/FgJc=,tag:XBvGtCTmkaWutxLpy4D6cg==,type:str] + - ENC[AES256_GCM,data:xDq+YWD2Sw==,iv:4Tgc76Hh4cKMjYFy5GZNhjE0Os8PmFlsUv/lIpA6nRs=,tag:5tUWQBWikExp/uu0iQpRLw==,type:str] + - ENC[AES256_GCM,data:WrU2QyGHLgdlWZfMtMg=,iv:VzLCfDqr4CQf+wl1KEyAN/nV+lIjAPqaI89x/w9cU00=,tag:yse9Su0dMgcYoXUq5pVEHw==,type:str] + - ENC[AES256_GCM,data:2DKdX/rw87H6cm9Ru74+,iv:TfGuIX2+5tF80ncDXmbmDeUzki6jBq9DvrJ7GSCznes=,tag:6oR6Z0+FlV0xPOxs21dmJQ==,type:str] + - ENC[AES256_GCM,data:veIA8JlRsZ1apA==,iv:9PxpzbfGT7Awd5srtbQnxpCG6MXuzliz+MOOcOI5T/Q=,tag:0ZPPMEcvdHnTUY8FUQ1RzQ==,type:str] + - ENC[AES256_GCM,data:nCtMVdhTwwx6QjixQeatiA==,iv:sWwegafL1I6UKko5UGnXPdHFgmfdMi56JNolX0lABiU=,tag:qt3vd5hbU1gCUIfb455uog==,type:str] + - ENC[AES256_GCM,data:/YkCy50N0O2B+W8=,iv:HZxCsORpXPGas7a3zFx701WLSJTjMd0uyktUbql0opk=,tag:vW+pVynY3P1MqhnMgijkNA==,type:str] + - ENC[AES256_GCM,data:oN9R43k1hOej,iv:7yn1O+XTGp/fefPN4aHLMOYFhpNB1mYHe23dWsRLLqk=,tag:qjttNzr9c8epTnbN4qGHHA==,type:str] + - ENC[AES256_GCM,data:gnIqCripzj2th+D0t1/wGX/y,iv:kiFxDxSwTcdMLrFsMiEGLlRadQ6S3ETxpWk+XmcYOY0=,tag:uI/0OcbxI/9I3EXCZVED6A==,type:str] + - ENC[AES256_GCM,data:0juTlYjydGUGjg==,iv:KkI4QxM7aAi+kPEwAzdQWizaEOH4c69Rt/+4d9rGw/4=,tag:QbpIf7TeIY78k7HgCwBBug==,type:str] + - ENC[AES256_GCM,data:3WWALH9BZ4Z4c3k=,iv:qyuFKNTniOQLuC2K46Ci8EDKPzTM+Mh0LlEnklyVWoo=,tag:5vh+lDTOWVndoWxmgsvDhg==,type:str] + - ENC[AES256_GCM,data:SYsJude6SXCwvg==,iv:cr/VUs7vemw9rqvbsjCjlML1Ebq2gSxvAi5v7PH5QJc=,tag:k0sDfsZ5CuWB8K0Gd7G+Qw==,type:str] + - ENC[AES256_GCM,data:SdrngKNKpX+izbYR,iv:9F0/gIIcOx3UdKcNQLaZ1Jc71oLPKO3wsGtmfEtu7LI=,tag:gr6a0oFsMyC5X0cvEr+7qA==,type:str] + - ENC[AES256_GCM,data:yNoxlxkZ/UHdSBc=,iv:hXmM9U/3TI2Ca7TqvLvk8ohywOPykPp3g2lzx4GWM10=,tag:ljlZMR1j9e7BlZw9QaGguA==,type:str] + - ENC[AES256_GCM,data:X6Vxn9uD6leizzS/nG3HzoQ=,iv:A71m7qTXYL1UpGwuSskF/7RAikb7mKwzc2vIF03OTO8=,tag:pQ9xfdbXD8iHXD1s/lbXBA==,type:str] + - ENC[AES256_GCM,data:fq2vJVg3Ry/sCb4=,iv:6B76AIVKUiev2lgELPSnbRhdyKFoobT2mleJRul939g=,tag:LO1SNab0CdrF1FZoubogAQ==,type:str] + - ENC[AES256_GCM,data:OyMg2mMq3vKAB6nf,iv:dA4DtonGM90oqB+5O0pn4N5eM71sV6uznBMskAJNrC0=,tag:mguFe5zmv98XVtYIREtKbQ==,type:str] + - ENC[AES256_GCM,data:gYmOp9xpV+38,iv:MPWdMTXXM4Us5SXPYQchEyALaX0yE3sVd8IrD+fAy5A=,tag:WozcVwmmNsWeI+1Eig6saQ==,type:str] + - ENC[AES256_GCM,data:JK+cL5ch,iv:nZjYJ0iSbO8aXx37Un0yahGffVpOtwM0tjg76IjHqI4=,tag:gTWAu+hW25TDhhOAhMS0DQ==,type:str] + - ENC[AES256_GCM,data:MWjCRoldpew=,iv:v2aJ5JDE33hodvVwTWMEqYQM0qZNX7lIkHYQJxYr+BM=,tag:IDVBMX2jW+bjVOqIGYwfMA==,type:str] + - ENC[AES256_GCM,data:vRi3CVYSJDl+oGEW5n4=,iv:Abt9B7wLcq26foC+d2XKe5fLJkvRO9hAp7eYeFhqiBA=,tag:RdwmtP9jihgxYwrqhjPXyg==,type:str] + - ENC[AES256_GCM,data:2WnSPgZjjibLBc7AkX6Prw==,iv:oUl+OdNAvBM6rTn0Wo896sbwoaHV88sxZaEz7xsja6s=,tag:TatGSBgxJ5kVZxE6LSUh9A==,type:str] + - ENC[AES256_GCM,data:/BgVAKEgedYqa8nQ,iv:Z3cgzkK5G9FHhRY3ZgZ4RLQlbtSwWtQLip8DHJgVRqU=,tag:sQHeHH7b4ZZr8ssPYQCZvw==,type:str] + - ENC[AES256_GCM,data:JPwsBGr1PcjufAcHEA==,iv:GIDkvWsqpFtibB6Q2Vp3ayphLQgIfDpNx4XVPIeZ95I=,tag:HDaS15LohKfticE3cv7a+w==,type:str] + - ENC[AES256_GCM,data:LxwIUbriS2ecHSuhstkk,iv:cqJsWpJ+7WoVYTGxhH46SOtFGyavixWgvby/qfdJQxI=,tag:fJQWnG7NNqQ2psJ+SU1+SA==,type:str] + - ENC[AES256_GCM,data:TVwPNKrtQtmzTG4SkS+xDA==,iv:VX2q/rwtOdmaXMbpmSRiW1AYW9DFaLe9sZ4bMPOhdjE=,tag:XsHSbPoQ7C8d67bHvxcaOA==,type:str] + - ENC[AES256_GCM,data:OYUZoLGzyZrSNsgMuV3J,iv:x9Z+OlKSwmqkp7hGv7NT17AIDafShuUoisEny90k1Ig=,tag:XfjsmH9VmKsR4g641zB0nw==,type:str] + - ENC[AES256_GCM,data:vFXuC7sgRBLlvlrV/Co=,iv:KDM+5mCBXsv29qRs9AI+AUV68xRRNC2iK1jXcf1QRt8=,tag:rGqRB/iaRs8vENuzBEztvg==,type:str] + - ENC[AES256_GCM,data:Plg6uoA/tG7hYuJAYKcjOeKn,iv:L0WDFS49WNvTtRup52xxeuFGG88hgHk+ivZkeANveWA=,tag:YBM3/bfIbgxEXeGTWWdjSA==,type:str] + - ENC[AES256_GCM,data:a19RxP/bx0mP,iv:T+KU06GUSKUvOLe6AgrQ+rR8iMosLTxNX3hupNxgwQ8=,tag:A2vWTWwhBj4bCfFpQ2u/KQ==,type:str] + - ENC[AES256_GCM,data:1iEVrPPMUjjT8asTgbk=,iv:GEschc74dNkFgoNZDnvSLYI3Mcj8GZVF6wHiSeuMFDY=,tag:hwDvfHjWSgxp1+Z0a7HVeQ==,type:str] + - ENC[AES256_GCM,data:JjV6PaEjIwghY9c=,iv:VrFOWzTBvQr/2fLdK61oQCnXDHNB3HJJpN69ih+JjAU=,tag:sRicXKfdUriLeN0JSsPcjQ==,type:str] + - ENC[AES256_GCM,data:cthhOZqg7a9HKA==,iv:Uv08nSDJcZDOjzEVYqV6DszMa9aFFtRTaTcNSW47yH0=,tag:6EzdSNI+sfrWhM2XJhecKA==,type:str] + - ENC[AES256_GCM,data:u7zyA6fM9h2KMOKbBIdD,iv:JLoBDmmwJoJcty2Ln9Ok1pTK9rlRgm0NsjPfVVTeu1I=,tag:Y2D+dgNK6t33v6DjZTS8Ag==,type:str] + - ENC[AES256_GCM,data:MZfp8HauehE46rMXuA==,iv:K2KRll5oV3+hUTY3ftQW78q1HnrBVEMlq+Qq0jBMYbE=,tag:1RA3x8jkZbtJglfPvVPQSA==,type:str] + - ENC[AES256_GCM,data:elptgTORuv+1,iv:tHKVh5POEyWcDy5HxRX+tKQtKEBvRP03A1yvz29GQPo=,tag:osi6MuWYLjlxZQnpBF6G2g==,type:str] + - ENC[AES256_GCM,data:GVU7aWmQOpcYU5hO,iv:Ebdcrz+ahFEBqESMWVAmRac9xVULv5MRhU7/xVN/W10=,tag:yq09edkOlLH7gMyzJEE+Mw==,type:str] + - ENC[AES256_GCM,data:PvjUgYD8vHBTDVs0t2Y=,iv:LUIj2slVz7FcY14ej/6a2lpnOHNz92CoQiZcbCrCrNg=,tag:B8+jpX8TP97QVkNTPP4JfQ==,type:str] + - ENC[AES256_GCM,data:lNSZAYmc2KFoMYIwmQ==,iv:N25hlddey/QiBY7QJHU4Rd86ckFyyEH2Qk6j24Hpf8Y=,tag:oVyTsuz4HcnTKk36iRmqeA==,type:str] + - ENC[AES256_GCM,data:Hh6/wHlvb8YrzRKOyXZZ,iv:uCv35rJji4fZHpgD2oe2O4FxOh3CdBqh0njl/SL4uVE=,tag:/tfEL/MFQXFkBq2U/HUG5g==,type:str] + - ENC[AES256_GCM,data:Rg6aYqldce6xpRnmkrJorPo=,iv:h8QIQI++OBGGOAAxjL7P6LtEnwcW5Z6/nfiNtMuuPAE=,tag:L+66Tmjo7LlxipAmrKqxUw==,type:str] + - ENC[AES256_GCM,data:wEDfAj+UOc0ELwgGrijd/Lu8MJ0=,iv:BP0LXpf7tr9hL4AbilZnrhKEoBqUfU38FhVZY+vU1SU=,tag:PWVJvaAP4hszNj+zC8aQIg==,type:str] + - ENC[AES256_GCM,data:wJYlIpC8sXQyjcCB2PuIheseU8+4fw==,iv:N78ivf/3Y60E5z/BDfcCiEPSr4Oq3sg1mdf4WEn9nr8=,tag:WljbAlfs2rYDJWiNRdJ33Q==,type:str] + - ENC[AES256_GCM,data:GNwK9SseNiWdlSb+yPxy,iv:8mviPPNmBcCweu8UnXxhNGSXJDaL/PzPdWStNdYlOBM=,tag:LHY/qSi2Q5K7b3Sw7pb+oQ==,type:str] + - ENC[AES256_GCM,data:Ur9WJYSA7eHdDqZulgKK,iv:wOXgT4HJsQ4g6yXS8ZjnYzMhaQ+ICC+yj4+tb3u/fhI=,tag:Wl74SHpT1E5UcENdc/TrZQ==,type:str] + - ENC[AES256_GCM,data:FvOb0qUK0e2rxoz/,iv:R7tByky9+x5jvrwNdpCkWKrkkky99AP6YxqFusurm5o=,tag:wKQxyZL1saOJ/IqAnFVwjA==,type:str] + - ENC[AES256_GCM,data:2CsMSqT7oZjf0mVf09MV,iv:y86XUgs0YQNMnXLPZtH8aa+7lmHSRx15ckEmcUHDXVk=,tag:nkKrJi/IQihtWeKVpMnLbg==,type:str] + - ENC[AES256_GCM,data:/NMJYyz1rQ+9PzJvJ8HH,iv:z+oNHJ8FhZzT0T1sZh8UTmN8ilBbHNHDKFRBVQFZ5CM=,tag:OrM4qOpzuwwU61NzV6lCIg==,type:str] + - ENC[AES256_GCM,data:u4kBcKmBTTKH9sEX/GGxII4gRg==,iv:4tNQwakcNPsL4Ek/mCiwEYkUivPxtqu6R8ZqVON/Ntk=,tag:N2+AIOURwAITD49WvWXI2A==,type:str] + - ENC[AES256_GCM,data:HzoTX5v0HiGpvgT3M7iC,iv:qohgHQnG2ePrCwsRYL/KM9DrYudox0c+NKOJw58PWT0=,tag:t6YNON/w2K3eZJbuBGW0zg==,type:str] + - ENC[AES256_GCM,data:CYGcsxOc1vxNGw==,iv:xdCWJeDTbW8yDjabdKFMQeJ79XMjW3jwuT4Ztng2Teg=,tag:HOuiri635a+Dcuh6uvQr2g==,type:str] + - ENC[AES256_GCM,data:0Scpu3psjNmMUqG8aogK9Q==,iv:NQeh2sAK7kDyGvKSz8mzrHtKNbhsS7x/ErSjGoDEm+A=,tag:MLtKe0Im5KR6Q9h3vP+TEw==,type:str] + - ENC[AES256_GCM,data:dYHp1wvdg742/AKA2qN9dfNN2QM=,iv:ee7eciHwvdrINeWYZdJgkxsXXwjLUdc6mzamFMgaWXc=,tag:6XcavFTe23L+rQd7sp9MOw==,type:str] + - ENC[AES256_GCM,data:/4A3UzXwgXyS/p729Zw=,iv:gwIex97OwcrRo0MWe2r6vtvmpb8aarYzQNF3O4kKUtM=,tag:VMX+B39VQ0z1KNt+8lkKnA==,type:str] + - ENC[AES256_GCM,data:B2pcKcX8a9hjyg==,iv:W+rOxyGwV0VwxYbJMRrr5cbZqFgsHyWSVG5ryMz9xfs=,tag:pwotzaNhzv/DoHtmtGjQAQ==,type:str] + - ENC[AES256_GCM,data:5/fCcs7WleVUWO31L3Oo,iv:9Mx+NADTZjNKb/9WB4XJG0WLNO+FC3FUxR9bo9LxytE=,tag:g7m1PIIL6fFQfUP6e5uGZQ==,type:str] + - ENC[AES256_GCM,data:CgA4otuQcTY=,iv:MCcgE/5PfDQZuVD1mmqcvMRiQn2TSJw9rzwzp/k3pm4=,tag:h52M1T/pe8Vc8NnB5XycCg==,type:str] + - ENC[AES256_GCM,data:0bQS73QmG03HRA==,iv:qFG8VrvOaV9dmI6Rr0jJgizw10QtQq7NHCRDKywB5ZU=,tag:ShCSpKX5AtSJYAcCo7TC/w==,type:str] + - ENC[AES256_GCM,data:nFr+hxSaJ6Artjo=,iv:QvAB6+I5pzl46QSINSdwoZ7cnfvWl1G/hLEd4BK1Uaw=,tag:AT+Gwphcq54cDnLaJt1W1w==,type:str] + - ENC[AES256_GCM,data:Y+57soTNVNHHTlOS36BJ7Q==,iv:6JlpCC5xIzHKQqHPWCsY4gocf9xoimdhIwVtfui5Fx8=,tag:QVCJSfMaZmtyT9m6cWjtnw==,type:str] + - ENC[AES256_GCM,data:sRXXUoehqqk=,iv:Wp2/TkYcHcXPuRqJL78ZxErxZdYWyv+YtWol009bsOg=,tag:faFiOrcp0TZLfcZu62THiQ==,type:str] + - ENC[AES256_GCM,data:ZXguS0YxT0XK,iv:9Y3lqGfLun5ZgNfsbwp6Zrqtj/1UKOQv5M0ilJLftO0=,tag:lXTuQ86mNkaIM3bDTNsQuA==,type:str] + - ENC[AES256_GCM,data:9Nes7RwRyg==,iv:2bTK7oRHzDg1Z+l7oqVpTLY8bDAjSb+f2S9O9zW5Iao=,tag:DpWdqawqakX0EgNLx+ekKA==,type:str] + - ENC[AES256_GCM,data:82K80sw9hNJbwiLjQA==,iv:kCfk+h3hlwKW5X/s+v5g44FfPcLDR0TAcP2cLMtPpSk=,tag:8MPGhmvdf8dOcl0Z2Df/pA==,type:str] + - ENC[AES256_GCM,data:tFJIgcYQxCuTaD7w,iv:ep2mMAUW9ss4nlOKRV8y45Ism1AtqZqL4SbGgABRFkM=,tag:o3XauZ1FkBH8Ug7QoDhNtg==,type:str] + - ENC[AES256_GCM,data:SLAzVj5V5X+gOF0=,iv:sOu5Oj9VAwLXAOs12e4YOUl3KDQs2kLR3hY79WAcKBM=,tag:C/NTYCVgb2DvIGRWMheqOg==,type:str] + - ENC[AES256_GCM,data:nyMWtAwmwWXlJg==,iv:v1EtLQ7Yyb8jUTyu/gTD5Hd/aIqAU6LAV6EU5kf4kog=,tag:2zZKTzUj7vEVhTiTM/d71w==,type:str] + - ENC[AES256_GCM,data:k7EiHyNBdIJ/lWNR,iv:f1T6rDog7Bh/JFdct758GNP+PMKcDN8FGgGGgZk+BgE=,tag:NPHh2WaKh9AebeQu+r/nfw==,type:str] + - ENC[AES256_GCM,data:PAw5Sr3OYX7y4A==,iv:FF9T4fDd+AeqThRkva3K6PD2DyG+NHFVO1nsLOmByNc=,tag:qLh5pA/L5P8s0IYFHA+EOg==,type:str] + - ENC[AES256_GCM,data:k40pjPLVRnuD,iv:/6UMsPSbczrCrVZHo+nmfaZyGtJi4HJc4afv03V+cqw=,tag:JlqJWwIBqfR+mNTfe0j7Eg==,type:str] + - ENC[AES256_GCM,data:4xNvS59wAqW/3FgAlHU0ug==,iv:MZ8vCZuHGrJOsTnqzkH8t7Udm1gC90FDQc29Ct/zJIY=,tag:fmzBKnhlCQXJ6HVsnbauZg==,type:str] + - ENC[AES256_GCM,data:Bn3pq5TrECU5l7qE43eA,iv:rAmrk0dhPqwOyVrdWTHyZUKKmXOJD/cgKYLwXoOfwEY=,tag:dXvfyzxbkuFN3deXJFfbqQ==,type:str] + - ENC[AES256_GCM,data:n7h41It2zgU=,iv:2+TwaSTx8h3jIYFBRFMOPlqGWFt+FNxptoYjT6M4TT8=,tag:kFUTQkr7jZV/BaHARLh6fw==,type:str] + - ENC[AES256_GCM,data:AMqDaKGEFWgYDHKI,iv:aJaNBCMlVmXxH8X0jbAJBC7nLASbP+sVIYQz0rbffMw=,tag:2iz1v/6kolJagyVoR9dF1w==,type:str] + - ENC[AES256_GCM,data:HpjfdmP6ItEphzDn,iv:I7LJHS8rQYBo9QJR+UfpZP7pL0ZNLeaW5CQAoKapNBU=,tag:8OMEIJsKa9CHwf9lvlcVJg==,type:str] + - ENC[AES256_GCM,data:yL0yNbEozvr1XJlR/092tQ==,iv:nXdWm4eidOqbTIaE95OwmZkMZAHLzf1gMjtM0tHz+DM=,tag:W1BlYWZaULro5vAZLUY//A==,type:str] + - ENC[AES256_GCM,data:7CNmB9/gWS2Sc43u4iQ=,iv:3bOoysAtmHMOTnB07mCrMOVzlPZTC2I2tSbcpI00hbU=,tag:dcw6cj0u3+zU1EcV7qvbOw==,type:str] + - ENC[AES256_GCM,data:zInktPW6aqqrggPH,iv:hhS64FcawtnhXlsc63Rrx+61trcMS3fV9NEpeD12HPM=,tag:z3ZsrViOL3Xpwhv6w/Ucbw==,type:str] + - ENC[AES256_GCM,data:xgABy2b4Msc/E+tjgw==,iv:eqlAkC4U4S590uIs74fWmJa0lIkOoTRukhwXIhBUmxc=,tag:X/TM6t2Vjk8dHJ/sYvEUJw==,type:str] + - ENC[AES256_GCM,data:17c0S+zMxnAYQPFuEA==,iv:i9jAlHUW9DZIvCUY8cGTnSdCwTHf5FFxicjWtQ934GI=,tag:Xw2W4QSIOxGHbGVL5EhTtw==,type:str] + - ENC[AES256_GCM,data:RoO4uPv0XysIsDpcOA==,iv:HthH9LbOMwCvEtsOfSjGAswYgKNgxRGBAmUnYrNQzZ4=,tag:tzH+A+yziKjbhBOFWpUxxg==,type:str] + - ENC[AES256_GCM,data:GOp54ONqNx43aQ==,iv:KhTvizu6Dyu7VNtf+9k7dmD74LO3oS7r+RceNhntDR4=,tag:EZJ/O/VOi8Y2nkD6lSqLMQ==,type:str] + - ENC[AES256_GCM,data:4/1RnV/o,iv:kwPX7ef5QF3G38BYvXasS2cbl9OYMzPtTXjt/Zkij/U=,tag:tBsOzKj2H7LfRK11mlVrgg==,type:str] + - ENC[AES256_GCM,data:ufVf5EYcBlJ4,iv:XTRaOhXxW0l3cE8KadYZs/vP01JanhxppQQoVYmAkiU=,tag:WTDEWIyQI70Gyr1+w9OYDg==,type:str] + - ENC[AES256_GCM,data:bXILc3jQ5teRWr8=,iv:ow55AWieSoMlBsxT/vvnZuOQsQPzCKcXD6wAMWCFkbw=,tag:+ziX9MBsWkiWM2y/r7amMg==,type:str] + - ENC[AES256_GCM,data:aiA2wVv45Vg=,iv:uO1hPK0aLJRhM79jjbSq2uBlRDEX+DchhE5FxCvCS94=,tag:glkc9kccWRydxxTyOh8PMw==,type:str] + - ENC[AES256_GCM,data:hm6+navxZUE=,iv:ufrMKmcRbNctNFvRNuKnxFzcX60wzWqZgKLEgkVketQ=,tag:dXuVDkcpkAd+0x/e9BfDzg==,type:str] + - ENC[AES256_GCM,data:PPIshUMtypM=,iv:0GxD9/jv7R84nJ/09SE6KUJ4GNSo+npWgqU/sl0efs0=,tag:Dem/zMxZjZEymIZlcE00Ug==,type:str] + - ENC[AES256_GCM,data:mgeKWDdS+D9sIkw=,iv:c4dymOBVj+y7V7sCIMS7owoRsxazRQ00pvoQBLvyYuQ=,tag:VmuKnYbtZMrHxkoaJeVE4w==,type:str] + - ENC[AES256_GCM,data:mepFxjJ2C0vQcSVEoipCqFo=,iv:NiFECGwiz/8bWyw8Fj8HpT+K1OPl5KUxXFcoX0gtKcY=,tag:9/QuKYVkj0AP+tIhm562TQ==,type:str] + - ENC[AES256_GCM,data:DQn27WVv/wretZ9fXGE=,iv:jdu7hLlapdCEO/Bt3vKDw7FX/OnFSIGCac6PWl3NXmo=,tag:5k0W+nDavqHsmGK5HR3ZOQ==,type:str] + - ENC[AES256_GCM,data:YHAhQT7UiFXckg==,iv:BcaaM8IW+Q5AoPfUsKihSLztstZtzzj9uO3gj8z92+w=,tag:ZiSd+uEaUZ8qFyH8+tgtKA==,type:str] + - ENC[AES256_GCM,data:X/HVWu39KsbDBMPy,iv:seejiG7vheTaqF1yvEtX40IVTzD6YrOj+S1e3LNsAWs=,tag:a6z3PStY5BFsShLHsw9fzQ==,type:str] + - ENC[AES256_GCM,data:i0lZIxzujQ==,iv:eozN4oqKA0rCzhWTyeQmqV4S92pIyslWO2lWrbm2Qr0=,tag:WWKxPYi9o6cn01Pj74hz+g==,type:str] + - ENC[AES256_GCM,data:5sp9OX1QiLlX,iv:1JjusrWMQRvN3y/R4u7A0mmpGNT4Mv5z5G4o9ahNKFc=,tag:Gc21sDumxXsTpqK5glbxNw==,type:str] + - ENC[AES256_GCM,data:ijZMZr+P0A8lew==,iv:mdsUUB6z4TwR7Uxl5M47DuNeHsypqkz8w5Vot3tdyCk=,tag:eBFGo/mxdZklZgzurHQmqQ==,type:str] + - ENC[AES256_GCM,data:0I95CD3N1EJ7/TVb,iv:e1ah5b2dDMiwhcfFsc94U3jI1NaecoI0sd5YzTxMIPE=,tag:dPgYnsY9G8VdtyzAohiyZg==,type:str] + - ENC[AES256_GCM,data:rfT6TZZ7lKhkriy9sg==,iv:Fdo//mk5z9kvLNysuK3H4JwforkW5MhwG4mJv0vNkt8=,tag:t8q+tmljbXgcSbqp9YkXQA==,type:str] + - ENC[AES256_GCM,data:hAQA84PH3CLpDPI0zzQC,iv:9JriZofBLv5bFZmTpzzNgpjIyN6tFkrsNTa4LSL8EtI=,tag:qJ5kK5a0wmC5kxtXz72waQ==,type:str] + - ENC[AES256_GCM,data:9fG60SDHvX7xsw==,iv:Onz65IIlKtX2Ktmm3Nm9UPZkBtsq8xsPiy0Rw10gU34=,tag:lK/nZCUvu+pMYGPo/CZeUQ==,type:str] + - ENC[AES256_GCM,data:x/5tZEIqGLqDWXs=,iv:IRNF3m2gT/kjVUrRXfI0/Z0ZK6ENQrIkhDOXcRC9URQ=,tag:YeMXEnnvYRYt+c26puVzjg==,type:str] + - ENC[AES256_GCM,data:+xQakCujmsAVYTO4UjF3,iv:mFi7c9xbIEO26lMMnuFaNZgcHU5ZvBCXwO7lmLIRqvA=,tag:zrYGMazyw4mWc2gGHcFFBw==,type:str] + - ENC[AES256_GCM,data:1jq1gxRNy8Tq,iv:wB1yFor85PVeVC5MjGTjzUKi/v62mkfQbpHiMcG8jGM=,tag:CcpvmOuNlhBe/mKSJlSHzQ==,type:str] + - ENC[AES256_GCM,data:9RiT8/mVlGmi,iv:NQriVNxuelIqTct71nGeAbb5Ne0SIb04hVGFpbxgk3s=,tag:UINGMtSQlCUCZyD0XDsuGw==,type:str] + - ENC[AES256_GCM,data:227eAM6mRpSsdVALk2uH,iv:olMjodad9f989A58qbzFug2oDdE4KIFx2DXQJct8Jd0=,tag:OIEGkRtDJspyWNN7Uyp/xw==,type:str] + - ENC[AES256_GCM,data:x0MY8SrY,iv:xRx3oOqnUzZHWGLfpyiWPFyUZv2ypcJnEQOYeDtQ4KE=,tag:/806N6895mbLsf6ZNApimA==,type:str] + - ENC[AES256_GCM,data:xHZI5kX2Kyd6,iv:a6YmwtGIwpP9MRgXCIGpj5MPDfWKoK2btfSvODZBejE=,tag:UPgK4ja0071hVE1dn1rGrg==,type:str] + - ENC[AES256_GCM,data:JFtCaLAV/4T0d0hw9f93,iv:D6i3CqrEZiNZcbkQAFygPxA8aLDVL5Lh4rtHPy1xxgc=,tag:4mYwfF7qZyUQMhXNe2HAVQ==,type:str] + - ENC[AES256_GCM,data:SJ7vUj+cU00L,iv:sRgSf4Lv8tOgMwTiSrKgu+/g6Kj9ehXWpTaB/eEviMM=,tag:uZHQolo4i5AMXYyGZ8MugQ==,type:str] + - ENC[AES256_GCM,data:LRYwaPgSWHOI,iv:ZaY6SNeRt26YYAE6QD1UI11nerAJGYqFZKxuCWIew1A=,tag:Q08cPw8vQpNrCbLtlXKIGg==,type:str] + - ENC[AES256_GCM,data:3aZSw8CjCWGpEXiqk4Xu,iv:TL+qxJeHxc1/zRpoSuAWdCsXgpOgRdBaeYyQWuAmW0o=,tag:EwBuPht9WmYeHu8N9fPOnw==,type:str] + - ENC[AES256_GCM,data:n6kiArgpfbstupPG,iv:WS2uOTP6jTUTigotmlNxsbcFdo/tYBXbOVC3CzF67OU=,tag:if1eb0Aqa23RJWUC/PO75g==,type:str] + - ENC[AES256_GCM,data:vR/brPumaTvlR3g=,iv:3cRR00OZAaKuCHMiPeersm/mYTUwc7Yu1wSq1xbajFM=,tag:MD7dGmYcXjRw/jUB/eKmnA==,type:str] + - ENC[AES256_GCM,data:5D0b795mvSxvgFKhnw==,iv:WnW7O5UkIQp+l5nwSIPWtCEYkZv3BxSOusWsn/14dD8=,tag:52fDly39scu7bPRWEdQraQ==,type:str] + - ENC[AES256_GCM,data:8TClkoI3jAqm9CV/mLgptA==,iv:NH+3fmblpu4hjdBiqKd82BqAWWdA18mnEWrm/6Gu4WE=,tag:AzZqEeG+Q0b2q8eSAedz1A==,type:str] + - ENC[AES256_GCM,data:vaeqr/4DTA+HpQ==,iv:VbrKPt3gWLNHDaUIN6t/hPXv9xfA7IP1GPE3OfS+YBo=,tag:M6XQ+nr58+IjKoZpl3AJIQ==,type:str] + - ENC[AES256_GCM,data:2o6CirXgYDWWZPfa,iv:NEFCBveCSE8dVtHqDP+OtsJn2H0u6+5hW/wA8sYG4As=,tag:GJrcCVd20KtRIZNbQWMwHg==,type:str] + - ENC[AES256_GCM,data:jjOOvXhLA03q6Ok=,iv:fSHg+8d03aefq/NxZ6bZT2orSAbsasb/IIJY5YG+STQ=,tag:MnTPSlC0HKleBsMlQwCDjA==,type:str] + - ENC[AES256_GCM,data:NmRnqxp1MxqMlBlrEqW784s=,iv:EhQ2cBvPQv8ZBss115eXQrFpuFIHLST0etPtmfZna5w=,tag:9mt1Fat9pa1mRW5Z3cNJRw==,type:str] + - ENC[AES256_GCM,data:vGO6SvjAcmY=,iv:WZnCFYPigzXBFXCfNQn0Xvjp44NQN8XofPIkMYkHk3I=,tag:Sb3vtM+e0QNSjR78gusTvQ==,type:str] + - ENC[AES256_GCM,data:w1VIhDZT2ysmxJId8U0=,iv:e5fFKtJVozNq3iNLlSMf4IPkNXEir2V5wEtBq0XYd2M=,tag:S7MsKPVDk0oP620E1yRaug==,type:str] + - ENC[AES256_GCM,data:lG9DU9yAc6a1ypXYS3Q=,iv:DBz0WSAXHYFhaYUWdueTc5D/Ms8MBEpB5Pozl3xKuk8=,tag:x4sf4BNmG0WUJFFhwXJLMA==,type:str] + - ENC[AES256_GCM,data:C09ddSIbnvdYrMqFCMuWSg==,iv:EHt/vURNJvpEeVPdHyJ0dKrGyNeF6Be/WRiC8DnU/ps=,tag:DLKrSEs4CCue3Y8hNpQ7XQ==,type:str] + - ENC[AES256_GCM,data:nuP3USsRPJA5,iv:virvSL8pLOdjk1xiaI8m4Z7AUKfJEpfQeoVf3J1qY5c=,tag:6ftUC7zJ1/6qdCEQHBKTjA==,type:str] + - ENC[AES256_GCM,data:ASVEynA/APgCUh4DcqlQ,iv:2UjDp3nm8XyCis+AAKhUTs/23U/elVgpYWe9SAKF5lI=,tag:542iGd2CUP1DavydSt1Sqw==,type:str] + - ENC[AES256_GCM,data:+OCn/x9JFxasGzHg1w==,iv:8vwZTtZLk4c0z2TUeXEr+TelZ/dIqvW88hQoCJ+yU1k=,tag:1+6zV0VAYU/wHuY9QV7Ihg==,type:str] + - ENC[AES256_GCM,data:3W4Hf4XBv4NIrCCewVB3T1891w==,iv:z1FwJcONOux+XYS+cGzdILlqt3jZwmQ3nUPyhSsLjXc=,tag:mymfCECUCvYybMjijAF40w==,type:str] + - ENC[AES256_GCM,data:LxGLiyYTEiCN+iWY/A==,iv:YvpnRTV+qUX+Iz/JZu5T7cDiFdrQlKoDbhaUVrv1I5Y=,tag:l929jxi/lUsMFbKEhgqDkg==,type:str] + - ENC[AES256_GCM,data:SFlmaMFnNkuxtysWuM5bok/5nQ==,iv:03NY8WYL29O7JRgh9CLzV5We6OaU3o3ZYkZv9o68d0s=,tag:VPVpRnrBvOj/opTcq6Ee+w==,type:str] + - ENC[AES256_GCM,data:FHJx/7knEKsOvsK+bw==,iv:ROnnuu6zIGiI61pLnqb8t62OhEIhQXZBflNTGa0OEqI=,tag:yeQ8b0Gsxn3u9vpU5e1BSw==,type:str] + - ENC[AES256_GCM,data:yqZzJDdon5kXuQ416Q==,iv:YPPRGo9jWruTTpA3XH5HaOMKp/ToWIsDSmiCB7/+BUo=,tag:53GzguYGoq5q8yof2dEyIg==,type:str] + - ENC[AES256_GCM,data:SvAtBK39SVF3Nk9TDr5QQjYpJw==,iv:/oOT1xeYTpT9HuqfJ1xXrCJYFDMfIDOJlrVp8WJwvcQ=,tag:HE39ubxFdBU8POVQkw6FPQ==,type:str] + - ENC[AES256_GCM,data:padZtlJkOTzBwocZar49M9Zq9i0=,iv:k/ptGwlBaj3o3nVH97eFaIdrfGbMsY0pe0zmmviQGGo=,tag:AyH9OFsEXIPSA3wVox4bFA==,type:str] + - ENC[AES256_GCM,data:Q47bruVv1gM=,iv:qNbI0Tqd2hnd7DUyEOJ+s5x2qTB5jiCsBBP6oFizASs=,tag:r9BReiuYlM8VT3+i301Z2g==,type:str] + - ENC[AES256_GCM,data:tCWk27GB4sWokCZMRb8=,iv:WdEZUTGbXAZWrGL8AYgkouN+cTPiXjD6pyM5YXPuOO0=,tag:FA6sfdRgSKZs69EDbD3vaA==,type:str] + - ENC[AES256_GCM,data:YGtA2ILCPgEO3n6gHpTE,iv:4W03as+azX3/i481TttdfNuY+r5KvG1mu5/RuGZufZ8=,tag:pmhzLO0kwm45oDGdVVWaDw==,type:str] + - ENC[AES256_GCM,data:ltyPp3nNvBUZqlBeUg==,iv:pEG6jBY5R2qYQP9brKPvdac8sodzN23aNE/lwgCSdOE=,tag:VbreRQ0xSX6np2HiDQXdGg==,type:str] + - ENC[AES256_GCM,data:uxVEkJkVqNE/TA==,iv:ItPKE97tyPXTghbJ77aNt4Nn/RO9NONFMVcgjMvG9Lo=,tag:7BHVbSAph57RTHgpIlB1OA==,type:str] + - ENC[AES256_GCM,data:S32f6IcbcsFMK9g1,iv:AtYlSu/01ieHhoGpGhcM1YplGWJuDTLWtHLo0EHFXO8=,tag:LrjEMpxBi+JQyVXM3SQ/Fg==,type:str] + - ENC[AES256_GCM,data:b7fPd6lkdRnQ3C4aH4PL,iv:UxoitgE2RJAAGWZvCUBEr4MJMzg2+BzN3UzlM1hGea4=,tag:jBHNWCthpgaLStLRth1u5g==,type:str] + - ENC[AES256_GCM,data:qXM2e3M1ajkihF0=,iv:P3Zv8T6/s6ORLyY1cuPTrZqY4s0QXrMC4X6ziXblkMc=,tag:vq5792DLcLJFb0mJr2j2Nw==,type:str] + - ENC[AES256_GCM,data:k46BCM0+c9o+uq4l,iv:0G4eien2NszYPgxXzMb9ukglU5cqwQOFHkK/SSfg+Ac=,tag:KL9AvTjA00Fym8+3HkFE0g==,type:str] + - ENC[AES256_GCM,data:PZBJd0wqA3zNrYd0dQ==,iv:ueA/AlQUZRB1/zkU4+Xqv86uImaoupZnclAfXpkKJjo=,tag:eUsa3omky0b+hgg8hRdAoA==,type:str] + - ENC[AES256_GCM,data:bQlbFBZlrb477PiqB7M=,iv:RivpoJX1aPbd5FowK/TDa946ewfgfuVeqP3l+mQeKH0=,tag:lgGlqQZGSNEd5Sg4jOjoZA==,type:str] + - ENC[AES256_GCM,data:g8Ki+PGrCtqAr6is,iv:CIYITDZnoIt8jNBzA4tprbLFVD6gQFtYSabVYtb+4bI=,tag:EKudk+tGLxbkoL/5Vmn5cw==,type:str] + - ENC[AES256_GCM,data:LZN1UxTN4qTPl06cg/kvTXfq,iv:ybQDAaXAZCM7t1EPBMHNf+YtNma8yEAI8ilkDKSnfvE=,tag:y7wxzzxrvU87fyuO/vyuWg==,type:str] + - ENC[AES256_GCM,data:Zyk1IeO3gNWgNFIzS4v8,iv:RLDpwsACYZWrnlJ0G2EEKOG6uCd7TE0SAdiIgpoSUJg=,tag:Fe2ifbhC7PcRdJWxrknAcA==,type:str] + - ENC[AES256_GCM,data:XoX7FZ2T8IuoH0hTNa4=,iv:zzWf/DjwgGTHSMrDEOpz206JkGqvqBAPTZlUVHmECJg=,tag:GcwYA5zcImGFU/xPp5KxWA==,type:str] + - ENC[AES256_GCM,data:7+bg0sN0iof1OnwS,iv:ozov5IwonE6GGsOGkDmfVNcWOVd4ppC2UUrMT8eHB9w=,tag:BXInl8epnDquYrYdyZK0Zg==,type:str] + - ENC[AES256_GCM,data:dSTTeAq+ot6M9I/k+A00,iv:4IQtjY43FwrMc9QJWONbCOT5oZe7VHB+UuTo9KuTkuo=,tag:ChinKkLS7uN2R/8fpc/VZA==,type:str] + - ENC[AES256_GCM,data:/r7TfEoOLAyQ02t1hKXxgw==,iv:+aUPH9TShFbWdK0mtrn97b6auVf7RJSQlnB7NbODMFw=,tag:AdeYgRiR/SHfHy9z9BFWKw==,type:str] + - ENC[AES256_GCM,data:5kNLwQttdyrAm/Jw,iv:Zdd0mr35qnICyw66c/BBU63HvFROl627flvtqr3mh+U=,tag:LmLXCgXzDNwv/N+FaTQEfQ==,type:str] + - ENC[AES256_GCM,data:TdrxiSfiExI5CZ+wAZ9wgA==,iv:wnClbVd4nm5RxMjNwyC0WgfnJOEwBgvTWBO/cgoPbvM=,tag:T4Y1b8R3MEuKvY99KpyjvQ==,type:str] + - ENC[AES256_GCM,data:qHbdjfZGAj4qosiM,iv:rk3QummESt+kSvWtuELOjO799l7bThr1Fyor/07Psb4=,tag:JcqCS9Xnfdh2uWc4JjXHng==,type:str] + - ENC[AES256_GCM,data:X+Yub1IIcD/DwRJeREEy+Rk=,iv:rwLBujl5DdqaGwvI7YEej0lMxXAS0/neHCKEVjaYmQo=,tag:BS1u8xyUy4DM68Xs1RaK1w==,type:str] + - ENC[AES256_GCM,data:/zQd5YgwLBy+BEss,iv:KxGsbvtL25utVshFDgHQ1TIJZRCjo17azjFqQYmXnR4=,tag:gLLBQvKQZTUn5WyHdQRuTA==,type:str] + - ENC[AES256_GCM,data:d0wJo+gCv6Pw5lf2WNhwZQ==,iv:wkPwqrdgYkPpVx/m35SR7M5CW7RMA5a9JrzeRS0n2s4=,tag:FL8xaDgMxtS2ipcGCOJ2gA==,type:str] + - ENC[AES256_GCM,data:jNws836VC7a76reQ,iv:F2peVmZFaH/JuwP4109nGqIEzh3gVhvnntEoWBxOw/w=,tag:r8WDcIWAFEyTDDv6/F3nUQ==,type:str] + - ENC[AES256_GCM,data:0ERbZC4yjQ+k6luNqXbQ,iv:scXJlDyqqeK/h7bsFuSjIbRy9zdPcyJz3XUZhSG6/ww=,tag:zI2eH/Dgo8OcQHNH/3m9Nw==,type:str] + - ENC[AES256_GCM,data:DaFtkxoavfgVa+iQ3Q==,iv:PuKfuIqEOUHEfT9FN8zY0Vq7PPVFGJODSyVmCw9ouJs=,tag:LAg5//KqpjgeJ4PiBEcT8A==,type:str] + - ENC[AES256_GCM,data:ZYe3KeWtg14wrRVUDVHlZQ==,iv:mwjd4AOr5P50KEip/rJZomitaMBKYn8omgDJftpNb1A=,tag:7KtvVp4FhY0jajNDwDAxzA==,type:str] + - ENC[AES256_GCM,data:40EMFAQC3zs=,iv:D8ps0CTqHE39hUHjCNxk527RN9JJGLs3hx3VxPynR4I=,tag:S1g1sq+iBgiLVRPevLyzLw==,type:str] + - ENC[AES256_GCM,data:2nWQYQDEt6KN,iv:GW0tUARvKygPYM/ny2GNHbiCeXnU3TlUsalECeCAswU=,tag:JTgN3oJEy3FY55XQzTj0Jw==,type:str] + - ENC[AES256_GCM,data:1TW9Bdd/Ity7JThAqOt0,iv:pTUFlrFJhuKE+TMWGFXd5FtKOTYtkSIO0OcTgrt//fY=,tag:8so0zpf/QGmx+nkCgSbB5Q==,type:str] + - ENC[AES256_GCM,data:SyM/9ThHoj5tl3QFDcaIXTtD,iv:uOKiH/WwTqLHKfcA0GI+1e/GOgxVq4S4hwL8XTx0Se0=,tag:6T2ya4KgSy2CyLHk/kI75w==,type:str] + - ENC[AES256_GCM,data:ZBMsUfWXBFy26E8=,iv:UqzPFiY6OTbceqPv5eqc+E9w8NAa12kjwaGMzoPlvXc=,tag:XhVBXfmwqtitA7dwfx9OMw==,type:str] + - ENC[AES256_GCM,data:bWdJFS/y7Fm5kebUs8M=,iv:ofW3IddpSw/cz/sd3mDmZKOelNBPFHvSULb1l9rRBdQ=,tag:w1AxviSAXy/W+cSTDyRLfQ==,type:str] + - ENC[AES256_GCM,data:0rs9ITG5kQ0yKg198G1t,iv:XsCBwqKHartsh7JkdDm//grMQPNDEdt6u64aRTI38S8=,tag:Oq6KKtibbvfiTBJUq4sR+w==,type:str] + - ENC[AES256_GCM,data:f1bPStbDcYaxEjAHUw==,iv:YMXZAQTuw4nqye67ajS26yFMnfej3r0ro48LI54XYCg=,tag:QuDSX4KHevEL/yNwOlHsMw==,type:str] + - ENC[AES256_GCM,data:QVtE6PIvlRDFEA==,iv:Xu0OJvmmxbQ7OnVCY/qiOWLHG72DEjUa141CHtCoIXg=,tag:TPxJo7QyOfjI47xg51GXig==,type:str] + - ENC[AES256_GCM,data:9CWBdja9DA4LiRT2iQ==,iv:us1IelhxJ4bkGSFo5GAhUYsqCDUt+L9nb9r/jnLFDdM=,tag:mcL35sJFDVMZPJJyWhEpCg==,type:str] + - ENC[AES256_GCM,data:MvB5mwMeICUvzbFU,iv:7KUNf3hqVbJlqwhHt5roQKqHKUYVZzhy+RRIXA5+mug=,tag:BCpxBdDcef7CoOUGXk25Dg==,type:str] + - ENC[AES256_GCM,data:iXYMTjSTCQQ=,iv:IP/xUqlk+s9glQ+k/OuQumx2ztlIcFKxZ4IzJJy0f3k=,tag:v3ISG8AxfqLzisoVyFX3kQ==,type:str] + - ENC[AES256_GCM,data:gqzbKhVWni8ywA==,iv:gYlDObFN+PhDaVTXvVOTn+jyJIddE42oXp3Ea2F3MxU=,tag:RQ4yVhdx+M6FVmHKOZ7rKw==,type:str] + - ENC[AES256_GCM,data:72VTDx0Pcg==,iv:FQIYboFti609TlgEiqSEdrNAjRLQ66G9nyq8Za4Xq/E=,tag:+6bYZumK5mBJYO/cnygWWA==,type:str] + - ENC[AES256_GCM,data:41pSxNOhafDsaWdEWHPKFyb1jw==,iv:/a0JlJK4pElRrwFD1oGvuMT/gKBSzavJvwQnuG3mieg=,tag:Mljd6cXa4ZOuw8PbO3CZ7w==,type:str] + - ENC[AES256_GCM,data:iopt+2DEaA==,iv:x7rcplXavc0CcTYbb1Ckh+AehXY+ZEeQEUPsJt629yk=,tag:SPA968cDT+9kZf0bZ1zlNw==,type:str] + - ENC[AES256_GCM,data:WOk1CWyxdG6ojw==,iv:/rrot5+SNW6sSf8+eFW8vNRnA9uSHVrF1U+1mZj2OFw=,tag:QVTkteEi9SkYv1Z9Yt1Ylw==,type:str] + - ENC[AES256_GCM,data:NFQoRPawRSsL7ZY=,iv:i2QiBUOVPY/seekRtQ1K+ABGQ8m5WkU4LdeAz3iD7Fc=,tag:UqXRGjg15vbDB41AUdS+Qw==,type:str] + - ENC[AES256_GCM,data:LGZ8Yb+7IdFyzzfNhQ==,iv:K+wq3v3ekdgHhpN2pQDztUtFoQ+4RJ4DdrfFUkeCSHA=,tag:GfMgIM6ze0M1gqmR2EPbHg==,type:str] + - ENC[AES256_GCM,data:jRGz7g+KVFPLkg==,iv:lUM3UbsbSNQzqGDzWB+iEdZSmNavwiUjfQdyOdpCkZo=,tag:v9cjvY0p2H4UkkYzwrqSxw==,type:str] + - ENC[AES256_GCM,data:7MZE8CmogBGAJsBJwgc=,iv:pChUYZMVq0bWPQykgyEmNo24E9isKaEtdASthqdKvEE=,tag:jJYnKvBk0fV2bY67jYb3qw==,type:str] + - ENC[AES256_GCM,data:RIuRPLB56y835WtDlWM=,iv:6npFvH2+kHGJ1LFzJhBVu6sHv4ioXEiY08AbZErjMQg=,tag:X+KhItl7/s4bSh39pSAjXQ==,type:str] + - ENC[AES256_GCM,data:wDcPT1xU053EmeU=,iv:h2wEAbkUQAWGML03Jx0+qbLPlW1LXmxDDFWVtWxrCNI=,tag:KuZoXFq7IWqbwrudWFriGg==,type:str] + - ENC[AES256_GCM,data:irw3ERpU9MIgbE5o,iv:TwYgDAqouA7nE7C6SRyyJjA6fEgYUxEoHBgNEf+m5K4=,tag:spc2okvZcBTg0LEREEk4Ag==,type:str] + - ENC[AES256_GCM,data:NczryiylB3P6QKh8Fnsnog==,iv:BkFg0wTVAdRrqDgm2qPpLYqwL9AaKh7IYiK4ccXOKG8=,tag:KuHe1/GTDq/x+8VQd7pFYA==,type:str] + - ENC[AES256_GCM,data:GlC48wAvVgkvDg==,iv:nDYczqru5htrHQ8HlY2PSdYB0j2l+Z7rsFkODL1+c5w=,tag:BQ3/8m5rcPFWagaNUq+DnA==,type:str] + - ENC[AES256_GCM,data:fZKPNr39v4pAgv11nG4=,iv:3m65m23X1fI5IZbBvYcPuBPQgNoNbNIX2xdEaOQiBfU=,tag:ulYxOOrierqFaxbunLnpwQ==,type:str] + - ENC[AES256_GCM,data:+0ViuF5kuE6KQN0KDxg=,iv:eqYrSOB5/hIb1XX2BiE+Zvzk4lZS1T6Y30ItYKdIIjI=,tag:Z7azmGgV9KX847OyPbp7/A==,type:str] + - ENC[AES256_GCM,data:1I6y3lJ7FQ==,iv:hkXgjfh5CpvprO8gy6lZt7zoNrzwbkGAsY6ctg2FTsk=,tag:anRGiD/nicmA5N4LIoCFVg==,type:str] + - ENC[AES256_GCM,data:qixFC0q52sfluHZoE4N40Ubb,iv:1EMoBaL/eL33W11to4Wxqw2/tKvBRo43kwEllh0+oSA=,tag:GN1LnmQQLWNKVVlFO6t+Wg==,type:str] + - ENC[AES256_GCM,data:luxQmn39BzsS51IoKA==,iv:+y8EThxylNM7vcYCqef6rUKmh/PMmq6IUjHS5TKyfQ0=,tag:Ik4gq2fk1x3T7exhktWZLQ==,type:str] + - ENC[AES256_GCM,data:y0mcFfVxtwk7uY8bs78=,iv:smNnhJcmrcfgx6XTeNM5eVbgK5DP9dDqzFGlt9o0bPw=,tag:OwNnDX3hbbpQTR2aCFqW2g==,type:str] + - ENC[AES256_GCM,data:ej8f6WlPbvBVaTs=,iv:Q1avT7siOvyufL3JHTIRC8dh18XfwCXjm4VLWPsa3OQ=,tag:2UFXha2FKyITm/PjBJh1ww==,type:str] + - ENC[AES256_GCM,data:ARCR2VJOfaH4cb4=,iv:BqNVqInr6bURy7spO40ZoWTI9CfVponRUbyj1S0+ywg=,tag:++ptU3u2Jx2cip0fYEXSsA==,type:str] + - ENC[AES256_GCM,data:OjsOvson2EI+wtw=,iv:OV8AqBv6C1mS1Taq7AHV0Rtms4s6qPy1g31o70yMR+E=,tag:1UrnYKAV0ee0QZ27VwwPCw==,type:str] + - ENC[AES256_GCM,data:LWH5TMtN,iv:wfTbmsWE1JGd03Ka/85m/KunCxtcLVPTRTmqmu4lC4g=,tag:qLmCdB3MU6Wd7Y1oITLBhQ==,type:str] + - ENC[AES256_GCM,data:tUCl02nBiTEE0b2E,iv:agmwUw3fG4g5Jk5JJWPi3mu6iAOTeD6EIBcPN9AAA70=,tag:sd5cl0dWuDa4238wGN1azw==,type:str] + - ENC[AES256_GCM,data:SMdsttEgghtG/Yfi/Kw=,iv:h6+SbAuhqZGI7VkvF1NWGxVOCIreSqs7n674+8wXqoY=,tag:mxstlVsg4cnX4ASd3k0pNQ==,type:str] + - ENC[AES256_GCM,data:SOAh/Z6GOd6pzyWg,iv:4QStgXV5wVY3B5RVielvdHF5MBg9zcKhoZFLvpoxGQk=,tag:rEgqMvEMWoQSxzDoucs2pQ==,type:str] + - ENC[AES256_GCM,data:k0pmVKH8Hdy65Fc=,iv:45I1Y6AR+LlWUqYANQcl0albqcH2+9Td1fLvOY8/dYs=,tag:hZO/COMs78I8aEsf0mr30g==,type:str] + - ENC[AES256_GCM,data:T9Oh++8VKg2JJVkNTXQxew==,iv:kduk0gLM+g7AC2vcNrtWlbgKNYmWklkox7hI2JxkzlY=,tag:nDBuPJ3NEQY8g5FbSupzjw==,type:str] + - ENC[AES256_GCM,data:SEwYM8y1rMampFxFEQ==,iv:zUyuAwSTFmW3UytbmwlW78KFHrk4275HCsRZSC53ABc=,tag:TgkdbftO7Xhfnn6oksmoHg==,type:str] + - ENC[AES256_GCM,data:KpTKftfCG/JU,iv:UohotzWeyc8Mvmy8B/NnGTmkfiCnMEq3UL4g/mj4dgg=,tag:y7ZbmwX8BRmHSovmSX5jyA==,type:str] + - ENC[AES256_GCM,data:jWAyBPTTj+0=,iv:Hwq/pQFPofQrA4SPvWIPXVeRJN/h5skCkcgVDq0kvbQ=,tag:eeICqzJik/Y7aCi8ARCMSw==,type:str] + - ENC[AES256_GCM,data:UcV71+Yhfg==,iv:f60OogoVu760rt5ywmXkN+LCa6buXRd9OEIbPxPabVA=,tag:TqPJaNMSk4VSIlcrYzp5SQ==,type:str] + - ENC[AES256_GCM,data:4L0Y30FFc0CCwA==,iv:TrynE+0j30jkHGY0175ksMvVgxQQ0JGjWw57pu9N8oE=,tag:P0/OeKTP3nicwjm+0gNUZg==,type:str] + - ENC[AES256_GCM,data:+UUxvAU+yO7aTg==,iv:+7hIVWNtukcD/wruuCW/T1AZUN85GCi2/boVbDnrcSo=,tag:Uoyhfnct7CwixU1ZwYl5Xg==,type:str] + - ENC[AES256_GCM,data:N4xnKzQ6y4hyemstbrw=,iv:0VAvBZFckYSBqpRM3ao3Snl2r9Phk+A/8gh/7EwhxK4=,tag:ehItodQhna/1YYPWG/72+g==,type:str] + - ENC[AES256_GCM,data:1r8MmdCUrTJvtZSxCQ==,iv:41DWRi7rYigjGh/ZeFAT5D7AqXee0ohKu3TBb86Q2bw=,tag:ni1po6J804kom/bzO16pBA==,type:str] + - ENC[AES256_GCM,data:+I4AmiF629BMkTJE,iv:HgRq7IGQV+v0baBqjGrlGW9ECb/NUygrzAAxbv9Pq0o=,tag:uvUj3uJyGclIHWJJw3ibCQ==,type:str] + - ENC[AES256_GCM,data:0uTncAWyVI2uv3hZvA==,iv:Nvx72Wl/BYYRsqGamEU8BpSMINH9ryd63JBKa5TQBZU=,tag:vjeRR0lECs7Rgk6vz1pS6w==,type:str] + - ENC[AES256_GCM,data:ll7js1F5qBZjNu0=,iv:PRMxpuiG1fAXCm2+wv7qUpRwRGHiBIi2SuoBvfGkubo=,tag:ihBfMJ0KIkSyRYDPXP2K4A==,type:str] + - ENC[AES256_GCM,data:zjALrkM8hiEr7Rg=,iv:iDR4shLHQ6qUhewi2ZKG7/n8ocKqkkyYaOWACBKf30g=,tag:jzSk2XlSjwIBVMs6eFdtBg==,type:str] + - ENC[AES256_GCM,data:PumBCVPRbBsYUA==,iv:l9DdACTySuCB3dwEG8oWXqjAFf9rPqsfuxaTQjXqD5Q=,tag:9elNSRQXnBnyTPb8w0TFQg==,type:str] + - ENC[AES256_GCM,data:NuS1kaGC100iTI8B,iv:qb3jEEAzyD3AMbGr7lee0YdgXF13wjXGyybNKkjcHS0=,tag:zCSdmZe1uCZ3Iu24KgVPeQ==,type:str] + - ENC[AES256_GCM,data:ZfmhvaJTN7890ata,iv:bSKyu4nVwFNW7vSQmRY7MHqUmBoYg4qNB/NfxYEJcJ8=,tag:N0hGcniVTX4M/Hk8c7YSQw==,type:str] + - ENC[AES256_GCM,data:f/GbDzLg+LzJ+XmRgg==,iv:0hOudK5cCtigKO9bSp97qJcj1n34/SLQgI8NXfp15Ec=,tag:BZ+s2GuDhbij7rCCc0poAw==,type:str] + - ENC[AES256_GCM,data:Nq1lBV3wkTxP,iv:Mkhzmd3OX766yr9yZAN/VOk4oU/dhC9GRh80vdPKakw=,tag:JvX4uXwfdey9x3JKLeVvzw==,type:str] + - ENC[AES256_GCM,data:gxpE/kmF3TpaD7E=,iv:HgUG3/L+vtHHZfs93FbAasp78QFcArd0FxPZd/IzJYo=,tag:cRGLqy/aO+Fd/XsDhFXZmg==,type:str] + - ENC[AES256_GCM,data:tR5aASpgNzSx77M=,iv:YGGDbOXdUn4XFCu9nG5cqeI82nom5OGe7rxIPLEfNM4=,tag:c4BuXZrI/PHtiO0BYQtEDA==,type:str] + - ENC[AES256_GCM,data:wP6kfujBQ18=,iv:KzkTVe3TQ42jQhV8ZeYlae5t4GfARsCIU8NJYQQIdmI=,tag:INGAxpZw0Z4Cs84jh8DxOw==,type:str] + - ENC[AES256_GCM,data:WcA2ixhtQcSilm0x,iv:RqfBgloasUXKpvsd0BtsQmxVGm3Od0/y5XoAHaHgFMk=,tag:8NYsVWPwJN2OUdcCj9DGQA==,type:str] + - ENC[AES256_GCM,data:mbon2oOTw2eInRwS4g==,iv:jjfr6Miuy4JZPi3QvyL4+V96cZmB/yVyM8rnSaKryrs=,tag:VxxMJkLXao1y5QbY2vGDvw==,type:str] + - ENC[AES256_GCM,data:QaB/BsdKfRTXtGOny+g=,iv:3wWJiheRfy/aCUR/XXwUQvhwVW0GqZVqRkWCMY1+zxI=,tag:zs/tXQkar74mkyXau5R/rw==,type:str] + - ENC[AES256_GCM,data:UfImvWBRLTpLC2q9jFA=,iv:LIpkp8swqEwMqH54/lrny3McrSn5SnEs+Jdepm+6oyY=,tag:6imGiZ9JzE6mztH3TJhzfg==,type:str] + - ENC[AES256_GCM,data:/PUaE2s1Ehruug8S6EQ=,iv:45mUVN8sdvL/dY8Vbvec+DPNGnWqc3STjYRK2fAWe3o=,tag:+vx0JkX5yaWq/vh2ca1jWw==,type:str] + - ENC[AES256_GCM,data:2ktz4IZKBsCOX5iia20=,iv:oXv2L09gMa6fqLE9E4GvzlRezi6RqkihCzGm+lgDD34=,tag:l/8+EYRCcVLtSQzvJl7AcQ==,type:str] + - ENC[AES256_GCM,data:9W32Vp7s4Q==,iv:RWjPXGGxT2V5IKd8TlFp4WTFOKw4IbUiG4qjzFt1BYk=,tag:wgOrmzdCV0ZFk36BWN4f2g==,type:str] + - ENC[AES256_GCM,data:iMewpn5dj4jd,iv:3a11fDXgaREg4MGSEXGzOpoDOI/7I5i0d02MFCHxUIc=,tag:muj8YJP4xDzExBM6gz+WWg==,type:str] + - ENC[AES256_GCM,data:h5IVDiSZiVIZ,iv:AQyCHnGKYwHOJlwMTG7Aab2kXsKsLpEUnrkSWMHFeNg=,tag:/G7DPd1gbWsXzJQ6sPJOew==,type:str] + - ENC[AES256_GCM,data:omZH6wF6FqBccALFp1b6Jg==,iv:grDgOKiNf2ksOx1gdM8EB0WoS34a7ljULy3MBjVemVo=,tag:g1UEilvXLxXC3wd2DqYcxQ==,type:str] + - ENC[AES256_GCM,data:7IgAMyrXxg==,iv:/AC0sYKcXdMz3tCI7c3UYhXN7IBZg2hHlwAbtG+bZF8=,tag:f+Ji9+xNe4Cu2zIIGXoE8g==,type:str] + - ENC[AES256_GCM,data:A97MToIaH8ppWE/YAVU=,iv:bPFWLTz9sXFuqS9D3x2GGqm7PwGZ946hsp13m4gCu6Y=,tag:VtWIFtYSTWZA7GaDRriQ9A==,type:str] + - ENC[AES256_GCM,data:6MENXYFnKVQKPE5+,iv:x4lh8KZQxvTn8rRcKLNlPNf1A3AIjEEXfpSXit1Ku5o=,tag:z7ghyHZg6/Wt93D439P2sA==,type:str] + - ENC[AES256_GCM,data:r8JulVFFtJpTD5Wp5+8=,iv:Ngjzj24aZywcWSHiUJVAQhCoUCuWLfF3JtM1/ZnV/5Y=,tag:zAXdkBGIDQZIEe5+sQQVhA==,type:str] + - ENC[AES256_GCM,data:2iHB4D5g9BuNAzq1,iv:IlzMFlATMJCJNs2c+oIQV9OrT6PLzkl2QRYqbfKzVYw=,tag:GRD2ryh3UXDZjacT8qrJ5Q==,type:str] + - ENC[AES256_GCM,data:A2uNLVBKLNypCAAU,iv:1XntrVEon64jXVFn7rsHS7CfmnqTjMiAF+ogoYUYXb4=,tag:fXwz8k/gN5GJ6VQgKa91sw==,type:str] + - ENC[AES256_GCM,data:lIDf0rtO1HWCz/Zu,iv:jlWaWXBLCpHR7DheaETxLrNMpzPQkD1D/V9Mj+yOF2E=,tag:tGpO+vnt06mRclW2kG2ltA==,type:str] + - ENC[AES256_GCM,data:9eY8FRN2ebuRMww=,iv:QAHK1b5yL0OUvZui7DsJwiAI60kYq/GHsBcf10jHt6U=,tag:/fy5u38bbYJqyW7bdskJIQ==,type:str] + - ENC[AES256_GCM,data:YDCsxqGqWsVwgof7WKk=,iv:fuVzIDSAfJQM+M+e0BOI+K0Id2QVvq5TLgIuhIcYe4I=,tag:T1RFrJUfKDg0GJUmFBbEDA==,type:str] + - ENC[AES256_GCM,data:2HFfnZsTJsBwZQ==,iv:kM5t8ytAhOvON2Bya8TJBFsANBNlQyzgjzqji/5W/oY=,tag:Hysu7QoFWRURBGsGg2M2fA==,type:str] + - ENC[AES256_GCM,data:u/djPh+l++zrp8DW,iv:ruScySmTHa4zsdPkeo++mEXgzN/9JGrT8Wu32dNXENU=,tag:Owzq5iVom3McdXy7wo367g==,type:str] + - ENC[AES256_GCM,data:aGrnuqhWFbmFsvgXgM4=,iv:2b0iCOHfujTyuxrh3iWGsv4kwcIo+U00hwlYCrJEhEs=,tag:emMBgAMlcoTJk6VysJFAmg==,type:str] + - ENC[AES256_GCM,data:NuRnshBKCZzjvA==,iv:AkGWnFR+TZtyg8IYza93KMV4qZuE5+mk6K+7Ssb7SnI=,tag:bODa0RUo8qtXWX7dtfKXPw==,type:str] + - ENC[AES256_GCM,data:v4pAD6hCHNWPmUo=,iv:y1u+GwPRTZ7tjMs2JtQ9THNLto6uClwUbdv517g34so=,tag:8fbWPy7jCXebAnmMgcRq8g==,type:str] + - ENC[AES256_GCM,data:/khPTCie69wzQg==,iv:1918uVWoLo45pKf9KUVqFvthnXXNwPGu085ea9U4Pqs=,tag:s2hbnWSokNrKGPeaw356Cw==,type:str] + - ENC[AES256_GCM,data:pysigvdMSUGbRGXJExxH,iv:9Q4GjdUEu/PZBWUHWm7QLFeoEKVhIejhWYG1ra9Zogo=,tag:kWwQ+agqu7ij+Ps93A7ywQ==,type:str] + - ENC[AES256_GCM,data:4Ud5cKi4cK4GkA==,iv:os3pTNdy/XOAignERJA6p1+ma0DmZwbcscAUGqIvUww=,tag:h0ftQ4hxkHvAQ4FRAHTxJQ==,type:str] + - ENC[AES256_GCM,data:FClGP+JO40OQqzKZGok=,iv:5jI5zZ53DfZcSzSTpKmo6u/jKPpzT/M20/fql1YA3VI=,tag:aHTiBbbZyC2UTLUZEGTDag==,type:str] + - ENC[AES256_GCM,data:WRiv34uQOtJEvg==,iv:R4R/jpWMS3Dbu8wMy32Gevf+jOlJ5rXBSz2HSGWLl6E=,tag:3SRbY8+0tezIbHb8iUfOHg==,type:str] + - ENC[AES256_GCM,data:/9SdXsi1nK/WdVRwmEEmwBBTcQ==,iv:76J7WF0sSeHPpDLHWz2JRQDd0t8T0rOTg/RMom8qhCE=,tag:+k3D8nGLGNyQ4WIty+R6og==,type:str] + - ENC[AES256_GCM,data:p+N6eK/vEWtH4KA9ba4ykPg=,iv:2yN8tUcsodqBqEKAQJMetGBPi9/wgW2Kz50xZgZ7wUg=,tag:Om+3L08VZ1N9AwKjlSIk5w==,type:str] + - ENC[AES256_GCM,data:OkBLCw3MJPAUvgE8xaI=,iv:5J4beoY9sLv1NsW0vDDlV75iPfV9iQNt6JFehwYvP+k=,tag:1FQYhA2M0eGiKFLTOkAmvw==,type:str] + - ENC[AES256_GCM,data:UtEuoh8Af4y4aCU4+5A=,iv:G1eSCxVDMowwjb0rBqwftsSYC4Fz3T71MUZdzxBKWaQ=,tag:+BCH+kN2RSL/qgvOgfacZA==,type:str] + - ENC[AES256_GCM,data:VwP5cYuJHsEEzG8hmA==,iv:hzYEvtfcWm9QeI0cVOHwq8fKPMie6+0QgTkXiXPeo44=,tag:PlyQ+dqrrXuj2PUuQanP/g==,type:str] + - ENC[AES256_GCM,data:DonZy1snmcIx,iv:U6cjfkuqnmpvP/T9NOfQmz4fzke5v7c7u0YLDoQfX1s=,tag:8Vc8qTlX/aPMa5P8c1PDpA==,type:str] + - ENC[AES256_GCM,data:e0AY02sLGwMCFtaPHg==,iv:UMMshl3q85eXzIPWwiOQKb9jnzgHQ5i7bbK5WuoWRZU=,tag:UIfdmoPXaLSt/sw1bUebHg==,type:str] + - ENC[AES256_GCM,data:SHitOyoWOzMAQFsB,iv:8YO0NQVuuVpWNMPDbkeEQQRSyMJAViyS++JXjuZHRs8=,tag:8iSOb8zIjNSIRwyf12kVhg==,type:str] + - ENC[AES256_GCM,data:3FeTWHRfXpD+uQ==,iv:ItDJpU9zrwfmunwSTgHDthlOoT2vOw1gTTVMmwsSukQ=,tag:4wORDhJ56tOYQi8lYs8jUA==,type:str] + - ENC[AES256_GCM,data:HH+rNIgY7dOQ/n8=,iv:CIkTRLequVXGDaLZ33hWF7ZsPLW3N2WtPxs49tRLMNU=,tag:+mhy0N6PbB64WDgT2swEqg==,type:str] + - ENC[AES256_GCM,data:6buqwOL66hxDV9LF,iv:RQp9O+HfXs+GAEdaeVs6giCVh19nTTny2LUOnorcuHo=,tag:Mdm8kecv1/alC3MrtSDUTQ==,type:str] + - ENC[AES256_GCM,data:TRAV2Ydrk91ZO8UHm0Tj,iv:y/FPaGqLA1sW7yrG+PW4gq1EYzuxVgxY9ajcbfBis/0=,tag:2RVEigAVRxxBimU9xDaAhw==,type:str] + - ENC[AES256_GCM,data:m7sl5s1+XwZpCCA=,iv:fr69qrhD3IdZngi+XBV3yHKSylBPFnZrL5TNef//4fc=,tag:Hn489vlNt+2u41PE36Yjiw==,type:str] + - ENC[AES256_GCM,data:xNVBQpPBXbsV0QGCHBT7,iv:hO0m0MkKTHnlHASzEMt2onqm2GIhHNHW+JxNDRGE6eo=,tag:9yFuiyzPtxEcW7l27B97iA==,type:str] + - ENC[AES256_GCM,data:i86V78132DUKarzJIY8=,iv:U4FBYJUtHtW54OncSncfDDllnUHuWXuCVBJ3rGBU5Eo=,tag:FD9yQrjMM7BIX8jVS+ooxA==,type:str] + - ENC[AES256_GCM,data:rg+p0WNB9F67EtRSYyrMhw==,iv:bXnWZC53UQ8ieBoGuAEm00A6JYHneXNpTCiKbkObYoY=,tag:djgy0ieR3fT3t0Uy8huZKg==,type:str] + - ENC[AES256_GCM,data:ncXEyHnr04+joEoB,iv:pHpMr1kjb2ka334LBibmtpAVGBNU+TJH2ILB8Cj/lbc=,tag:z5gEWuIECsXT7U3768gbGw==,type:str] + - ENC[AES256_GCM,data:J8O4+QtyoS03,iv:ak8H8hVkgKfrfuvAF0IROkN+nNoUx4tu9jL4B5bmSOo=,tag:tKsPtozUGqgufvaz0iI8dg==,type:str] + - ENC[AES256_GCM,data:NUfoUbUDlA0=,iv:W0KezMkJmBDchJ7UzpCRN68QAT0oikk6KjWQmUpnNhM=,tag:uQuzCuI0xs7n4ndVjfOlkA==,type:str] + - ENC[AES256_GCM,data:EQPjiqZPRWURXA==,iv:MQhQ4jTq7UNTU5CHpE3KW6Pf/pA8yzIv/UovfJPCcq8=,tag:MmhgnN+GR/rtCVxsf4t2cw==,type:str] + - ENC[AES256_GCM,data:EN3Xci8T6g==,iv:VY17XdeQIiOaLVrMd0ozKMW5DS1Cp+pHLjWMhqg/XKU=,tag:uX9aoojXmPTxOL9zTVfAjA==,type:str] + - ENC[AES256_GCM,data:WZvJFHQ+Aun0B/Im,iv:t0BnenXyk+UfNS9tiLaqPVufTIangzGo7YP8GUlS2NA=,tag:OsPYCR/PoksDvFdvt53pqg==,type:str] + - ENC[AES256_GCM,data:rjnltln+pi9Y+5laHwc=,iv:Uv+OpHyqqwbRh2+6tQ+TlKrGftlv5TBK2kxcMcxtrNM=,tag:avS8WwiEVf7utq7REGURBQ==,type:str] + - ENC[AES256_GCM,data:Ozxeosmn5U2uxA==,iv:75LjPJVe1+Y1tN6hpnrOQVz73+3o3r9fqFc/zgkkI2U=,tag:6f5mRjHrzwdgF+7OIhhTrg==,type:str] + - ENC[AES256_GCM,data:v2xLtMdrT6eG1nNSBg==,iv:09SlPD2UDlQs0FeGRuhQ6w1OhD9E6H4OxxvX8cnxyrk=,tag:vqZmt8aEjHCPOIBbKbk/Pg==,type:str] + - ENC[AES256_GCM,data:X1bm4232JU2n,iv:+UMZnf0DvX52kuJwdL/wF+iQuqz1aBOGR0r/CmTbHOY=,tag:8IQ2Z6we2zgHx40239lp0w==,type:str] + - ENC[AES256_GCM,data:tXBD39561buQ0vxPrg==,iv:RRmZr6ncS9MpkAFMoiymKKMfuVmqooE/FJrYybfpFYs=,tag:kKnBFkMT7uCFWy9BSE1Piw==,type:str] + - ENC[AES256_GCM,data:5iUWOpSKj6xXkQ==,iv:xRW3fzH0cF5mk8L8FkL9lE4LAgbzIkuhD0EKFK/7euY=,tag:Zf4OfLu1+QmIxJ5CaaI29Q==,type:str] + - ENC[AES256_GCM,data:a+nUd1ROUEpB,iv:Nzb4lR0GBdWkh6tvbwzPnXGi9jBOdaEgwkHtIT6WOtY=,tag:RKS5vn7kWoNilTQs8+s56A==,type:str] + - ENC[AES256_GCM,data:ZhDsjr6YwoB4tQwtLa9sQIk=,iv:s3QGafWvhyzilV+VEUxGyvDNerlmzyseQbvnFGQ/QdI=,tag:Ob8F9bkRaoO0G1xcRdylBA==,type:str] + - ENC[AES256_GCM,data:21PCwJ4wvrS0E+t3,iv:JNCKwIYfHzFI46wYuCvgSmP8Pq9oIUSNWihWTP6qnV0=,tag:5isZJkupneFGF2GjRsNzkA==,type:str] + - ENC[AES256_GCM,data:InfQ/A86gJJIX+j8lpoMrnqxPA==,iv:9GOIwhnFtc2Qxw1gOIq4ayzwow+N2S8TAFWjLsWaEx0=,tag:P2wxIi+vW8uDdLfaXost4g==,type:str] + - ENC[AES256_GCM,data:raTrpu7qkrW2sw==,iv:u/kxKZbpWT9jIqqr86sUlwO3Fz1MBWzPB6w1wO0wwbw=,tag:sXcKmZqI/vYWde17nJo16A==,type:str] + - ENC[AES256_GCM,data:Wt+87J9hcr49wkS/deqTIReJ,iv:i+TFO8NxDCGdogyFIKcLiKw/2frwUiFX+k++elgPmm4=,tag:Mc9hUR+5m8HcFqEGm87rNw==,type:str] + - ENC[AES256_GCM,data:x6feNj7CxKiQ6Kq4b9SL,iv:ozwUi6NPv0ulYBCYGmcjOhUhJqgY4cTuC8ghBT4AlGg=,tag:8nDt3f8ql4lTCkl99xYsGQ==,type:str] + - ENC[AES256_GCM,data:c9/hmsVssvsTtC1KqA==,iv:Hxj0Fi/k20AuqD9pzwU0D7gNHNBQtAUWPV/5398erPI=,tag:IYAgoH6xVf4sshjm0n3yZw==,type:str] + - ENC[AES256_GCM,data:BwC+KFx3xgI=,iv:gBM+Di7RixwVup1m7EEqNDh8XwEfpo7BQAEy+rm4F34=,tag:eyhUTVjb0r+VKrUXsvhkYQ==,type:str] + - ENC[AES256_GCM,data:WGwOuO19yuQY,iv:dAOilkvscTn8d3iVR+cpEFo+24cZV4Uab+5ZTKlFq90=,tag:AI71kNEI53v0AMY0f/2SPg==,type:str] + - ENC[AES256_GCM,data:zLzRlWlfzMfl,iv:Vo4KsRvt0IJ4yDq3Ejrmcbak7IfLFNSeikU0YTNaX0E=,tag:jPXj8FLcqE0rNLMwGfhSAA==,type:str] + - ENC[AES256_GCM,data:z+zP8nWnbFD+aImHeDCD,iv:M+G0a4oggBwS/GYkpELZ1eZ8tSCdCznkYh1ozZyh0Mk=,tag:pcepCmUlsOBGtvtBcye3tg==,type:str] + - ENC[AES256_GCM,data:jpI+3nu5M+K/WMtPK41pmw==,iv:YDI+tFOCqaGhaL566whiIDqDKdgxFdVX5ubB7PF7XKg=,tag:h09ruBLvNV82IBXDZPbecQ==,type:str] + - ENC[AES256_GCM,data:A+i2yKxSeiwVe39pB1g=,iv:IRta/VPlQCaqHwpxe+ErXdulttbMHDyMy2BCoaC9ujQ=,tag:xT7X88eVE6GNVm+ihqvdoA==,type:str] + - ENC[AES256_GCM,data:0FgbhYhW1meHsc7DE+FhHA==,iv:teobGd65QLa9/ICBMVE2LqKkp7+LYm6btD9mJM+BTdk=,tag:ax/UKhAPj4jVGY5FU3D4HA==,type:str] + - ENC[AES256_GCM,data:cG4oJCfH494=,iv:CRonuJgbHYl669gHviQ3xO6EFy6NKhFQHM/X+IQsDfo=,tag:m2tCoIGgUr6YJWf2aAAjqQ==,type:str] + - ENC[AES256_GCM,data:bW/kGLmC1c9OaymB,iv:+6V3uoV8/spDUvQ4NKlO8If0gxyY/Nvn3F1i+JWj9UI=,tag:wRGAtD4OSZrOX1/yPun88Q==,type:str] + - ENC[AES256_GCM,data:DvzkKrdKn8tS,iv:czMMAxBnWvQB4vKT77M+Q1Y/t+7e0r1wzWh8iAVsaPA=,tag:cds02Cfwi3nq2lQ4HfA84Q==,type:str] + - ENC[AES256_GCM,data:qQomvQ8OKs3tWYIaWJw2a0gCNJcDSg==,iv:2Pj31qOPi7g4T4YaSQQa59Wxc7WyYMyCOUC675glc9M=,tag:IG4bneT4NjAoiEWoooRjww==,type:str] + - ENC[AES256_GCM,data:gon79VBe5m3w2ApNjBp9oy3nlhwy,iv:SpiLF/kC8iwUjxUlYCsplH1McSG/ZT2rfbizbBXWdQ8=,tag:Qb7HX9lB8S8/7PAaNxj77w==,type:str] + - ENC[AES256_GCM,data:QvbsinlT0s3meoGfnjiZ,iv:QtTVRR6h0VEpe7MBhBrWP6spm0e2IBX1RGOyI10L3TE=,tag:cHFnshlDXjLataQYy/r+2Q==,type:str] + - ENC[AES256_GCM,data:LMAG/LvxLIwIvJEVn1F9MFc=,iv:+koxE8THNA4OPNrNBP25L4gdluEQ+zuuCzK0pQcNlCs=,tag:ZiGK+3IMRatCXqRKRKoXPQ==,type:str] + - ENC[AES256_GCM,data:OgSJk5itpQaE2QI=,iv:m4Q9yjz4W3KBiKC0u+Pl0Bm9yw6yT9DOpqFHg70GdU4=,tag:GJpBPXds6M1uU2ZjznnqLg==,type:str] + - ENC[AES256_GCM,data:94xbdVax23ibP2Q=,iv:2EU06bco87Ed616zsvqQONld94Zg1GGLGS92EL55f8o=,tag:UHBeUzF2h8INNrOsUuRPKA==,type:str] + - ENC[AES256_GCM,data:aqXCQpRK6wV+9AtW,iv:XZmFGAL26Te75IUBc18ZCydQ8wtZedDAFsQpzGs6Jo0=,tag:3g/OHbub2uRPSSSo3vacrA==,type:str] + - ENC[AES256_GCM,data:RnBpOn7Ze5yjTeU=,iv:VoamTfRo8OfT9iri3K6uykUlERRrmA5Jwkpa0kl6cvo=,tag:z4eVceRImNRnIs+86CmDCQ==,type:str] + - ENC[AES256_GCM,data:45Ub4FVd0+MU,iv:agRKaavQZ0+b2syl8eO66vU4GP/UZpO7GMBa/24Tiag=,tag:+pHjbcCO644cphWed72H9g==,type:str] + - ENC[AES256_GCM,data:ZQ4cZA8ig0l/f14=,iv:cSj/infCjMU4OCSyFyGKHR/Yp2Hj7YCmOSDx9PpWhmQ=,tag:QNQxP6t5ujStCho9K1L4FQ==,type:str] + - ENC[AES256_GCM,data:96fBVPvQOdQ0/kWG,iv:50hdNnHOvnAYsscS8CVHEWCDP5Afm4tvTfEWlFEQT+Q=,tag:nchGsVq5JbIvaUPapcoF+g==,type:str] + - ENC[AES256_GCM,data:R+O6eRFaGSmAHuA=,iv:clwGvLNzp1/ySN2Urgyq1WGqKqXv97Hzndpb/wkom5s=,tag:2jP4Q5IcehxkP9cYNBTFsg==,type:str] + - ENC[AES256_GCM,data:r00secu7u0+EY24f,iv:df29/boEEvIbe+mSSJ2AZVZ691ILWbMrG676hvD3k7U=,tag:dWWr7EIa6/Cl1wGO/8X63A==,type:str] + - ENC[AES256_GCM,data:fn4HcgCCerod4qjnEJbco3zjhg==,iv:V97ub8tkfahrQ8Cnh5Ti6XcunGKfeKuheLzKImWTJL8=,tag:gurWdQzQyZ+teMSv3Qf1NQ==,type:str] + - ENC[AES256_GCM,data:L30dSylFqvPQ5ijP3A==,iv:RvACHifTRmsz+we3w+e1Xae5c4RR483l2IyxKJva1HU=,tag:LYUlGx7Z1VHKn4Q+kwbRkA==,type:str] + - ENC[AES256_GCM,data:X1WnRwWxWjpAnw/k,iv:aPqLrteqxFcUyspqdkjOiq/ATSYtuQGeTS5rAxsXSRk=,tag:mQXuwMH5TX90aHCfmrttFw==,type:str] + - ENC[AES256_GCM,data:GM1Xdmr0LwgUPi0wuw==,iv:kvvT/gbgno0ayoWgKFHWCQiXNc76NCOtGfmpeT1ZusU=,tag:tWG6IfEa+sHd0RJQNOOIUw==,type:str] + - ENC[AES256_GCM,data:7C+/ogYg9L3kew==,iv:iXyhZxGe3nv7IU8D6b/aZQhcXA6uTot+fznsapJC85A=,tag:wAZaUY+zC6qQw0tmCyJB/Q==,type:str] + - ENC[AES256_GCM,data:Ut3EVCVs4hQ2V1Dl,iv:CWxH4K3dIgCGZNpnYVbayoP+mfp0JGAFy60Y5c9GZGA=,tag:ftBNTZHFN3E+YWbkM/bCag==,type:str] + - ENC[AES256_GCM,data:pnbrTZ3RGTihLtHEcA==,iv:pGq4+EM3rgZTRTUCx5qTe8qR1tcpBg7GeFHcBozg31c=,tag:5QaRhCE0LVc5SSZM9hh8mA==,type:str] + - ENC[AES256_GCM,data:zUOc2H6jNeZVNZ0=,iv:80f1Oyba6HozsLuKRmNh3PXYDBLbBHXz5BB5Ko9D8+Y=,tag:iMof2UxMDh3fWfw9qo2WVg==,type:str] + - ENC[AES256_GCM,data:KbXUEo7Uu3OlxYM=,iv:3knZTPn9NfVKC68yKjBjlG8lYYvsnB535kyQfLy10kI=,tag:eCwy0+HfA3cy0Nf+uRG3Ew==,type:str] + - ENC[AES256_GCM,data:1eqFyux2sAYBkV1xAaOR,iv:S1zVNQiF7dDnG9hXn5v5YxiILFQeqjiWRRJQicL8VWc=,tag:z57McPp23pzGKyyKOjrgmg==,type:str] + - ENC[AES256_GCM,data:6oXka/TYonYmj84=,iv:lYDNhZbFCHNhLl5W//7tpoX96NdsautKd9mEztEw6XA=,tag:0EkFvveKWuvgl7MYwN7B/g==,type:str] + - ENC[AES256_GCM,data:R6+sFmscjwrQ6/1QfQ==,iv:h1J0jFM+IVyQx9ZBHj3OgyCzjoR6/YgbcDCRYYYa9kE=,tag:DLTqAk6RoYhXQaxPtVc+zw==,type:str] + - ENC[AES256_GCM,data:8zZ1m1Y7/qpWTDk=,iv:od1x0quey0YywdEe54Jj7KuNy6oR9hJ78wj/urUexDg=,tag:VUODeO+gm/2ISE5SlDqIMQ==,type:str] + - ENC[AES256_GCM,data:j6OWepFubMdz,iv:3zZuDQSr2tqtbpHMhbRxX3mVo+pXguP4nV2qoFMEHDo=,tag:ajHbiEvKCPQv8yJgEHsHCQ==,type:str] + - ENC[AES256_GCM,data:f+MrzKGdIfc+Hw==,iv:8plItNLyi+i+eyAHK+zMDsWvJGflsLS+4q1TQl/mEHw=,tag:SpXRGvRjl5OjYDHrICTKbA==,type:str] + - ENC[AES256_GCM,data:V3qvTDrXtqLevH4OTA==,iv:XCowR9JpbgvSpp66Pkhs+im9xk9AHSD0E+g4FteovqU=,tag:xcIaNrA5Lw95SdT8rLtv+Q==,type:str] + - ENC[AES256_GCM,data:78u0vzeP642lBA==,iv:pW0Ah2RRhibfvbJqLPNvvQyfJyZaLZbU7/4OoHVf6fc=,tag:ADWnwa+EXyQjUeMC0KiucQ==,type:str] + - ENC[AES256_GCM,data:DxtE902epOf0Dtiba2PX/w==,iv:+doFTocTowsiNLdyMZwD2XkbbiFgMVac/cqBqD0ld9A=,tag:VZDRP3a89QC6mCxic3diQA==,type:str] + - ENC[AES256_GCM,data:TsY8d6DG6XG/YaWV2sFf,iv:X1wR9ZXbrhUd6D7/xixHOIrDGSo5KNd1m8AnhkV9TSc=,tag:6c4F9fYcWur6Ec1PTNJBmQ==,type:str] + - ENC[AES256_GCM,data:2dFvqvwhhNTwfwk=,iv:wC3fjuzL80I/KSOJtrH/92gs9pAx0VebNTPVBWC1ARo=,tag:oyHJOUoaHAEfH1pfnMrEVg==,type:str] + - ENC[AES256_GCM,data:xP94y+O2QgYmodz9Hji6,iv:OUk8Xt8TcgmqcZet+1Bkm+wYLJhS092qCoVugmJzhJI=,tag:vMthweqP/4a9cECb1QQ1iQ==,type:str] + - ENC[AES256_GCM,data:+RWe7q/bKNNHFQtlXQ==,iv:cfowkIgOlf0XTzMefk5V142TuAS35065kxZIZLFhoWw=,tag:gI8XdLgtyb8cDgpm4vEcVg==,type:str] + - ENC[AES256_GCM,data:9SsQnUzsYBEI7MXEkDNR9fZ8,iv:VXH4mM4OiiDKWQNXkAQdH8riOGmnUlT+aDhwbiA5Ib0=,tag:t4x6RoElkf2HCRJrKJ6wBg==,type:str] + - ENC[AES256_GCM,data:DP/bs3gWpJaR3b3CpbmdF8gZ,iv:ZlWMj9sbKTYX8VfThmgZCLoOhRO1HkLgK2+ak4XHr/A=,tag:65649Gf+pljaIWRFdAQ22w==,type:str] + - ENC[AES256_GCM,data:KxSQA0kld5uRbOeghF0xXVc=,iv:y0zSr49QSHgQGzSvGC8hHfulI0QLYoGwiiCEwP6wMyw=,tag:XvB0omW51OgROr50uW+R8Q==,type:str] + - ENC[AES256_GCM,data:Vjxq0gA6nFXI6U6dHYkppb1UfPI=,iv:hv6Ala/6ncBe8opcM3V5uVA5pWXJhQDVkrkc684moF4=,tag:lBFTGCaQUfB0Fzeb74/UTA==,type:str] + - ENC[AES256_GCM,data:90zEtZYMr0TikEjVjg==,iv:h/g0R0zjWnmMWVAc5kgboChzV2qtx0qdmOgZxlMJ4l0=,tag:5wF8tYOtYSfWADp6P33biw==,type:str] + - ENC[AES256_GCM,data:RfcCNlXWOtKd,iv:M3dX15QrwY6qXrUfBxssWsxYum1oPGUFMYwszqfF1Fc=,tag:m0ir7vMBwLbxsbXVaGLpLQ==,type:str] + - ENC[AES256_GCM,data:WBEe6FymCl5xd76s,iv:wuem0kKMhpGAHqOIVUb8r928E6Z1tTQSYSVQv7KZQiY=,tag:bQkevBp3reZHX2R+8rbUjw==,type:str] + - ENC[AES256_GCM,data:P7V7TrchgmKQ9vo=,iv:VYtV6WNwsh30HtdkY6mxZPgVU1AyHfPBP3Oo6RHNdgk=,tag:PB0MDHadMmBoroOTrHISYQ==,type:str] + - ENC[AES256_GCM,data:KpWZlKCKy59rDQ==,iv:c7xAMeB8pCtnamkdENHIq3l9HVzehQKNOzikn+FWwLA=,tag:9AJS0jgTwA7YEf2b5lYxiQ==,type:str] + - ENC[AES256_GCM,data:dloNPxKJQ8GimdXRLYHG,iv:GN0t2kZpslYGn4kQlCCphDkmbxTNXwMO3rxRANWTCzI=,tag:hp/TUKYgElBJnZeOD2NzmQ==,type:str] + - ENC[AES256_GCM,data:Yi2u1tP04QYDR8zqrA4i,iv:tYyBqj3xqIcNoZ384HoD/t2zd0l6KszVpDuLZ87O3oE=,tag:ePXl6t5U71UfGVeMWOzT6Q==,type:str] + - ENC[AES256_GCM,data:ir5eKHzNyK4xl8qW,iv:XsTtOTaghcAcmtm5X3kCuxHOZByM3kJQXj7DEM7VRt0=,tag:4yv0Y67FcbK4RwPiOD9S1g==,type:str] + - ENC[AES256_GCM,data:a+zUWRMi6BEF20TWv9vY+XEqSjhiwczBLgcRjQ==,iv:UkVAAQVQ52ddI/IYc7RPnoJQtuaLwG/u+FC0gfjTB44=,tag:2Y51EnVi1VLFqxdknsSCNQ==,type:str] + - ENC[AES256_GCM,data:P1418gkJ1aJ3qClAAtc=,iv:ylBQYR/PLYXkrCOQfoNz8wEIMjumKKNCGVcynDUS5xQ=,tag:lsrLpXmtL7wgO+cRRyyO5w==,type:str] + - ENC[AES256_GCM,data:OqDRrvYXKfD6PPnU,iv:orYcRtMOiHdaccLHvgFIt4kQn11RktdaXlhi8szvhIY=,tag:bpzIHos81FSV+6dBryvBHg==,type:str] + - ENC[AES256_GCM,data:HE99+J9BvztYXTc=,iv:J1yyLMq6mv3PVyeomNPl14KPq0FhHMMdgGS3GHnpLn0=,tag:iZqiE9w7seVI7hBgF+RnlQ==,type:str] + - ENC[AES256_GCM,data:ZtW+Zz5yIW2xaOrUFI79,iv:qTjKMfFF1P9rR+yRsNwzubZhje9pB2uKrLoJp4Pf4iU=,tag:zKDpmpS/UB40lbD378YDjQ==,type:str] + - ENC[AES256_GCM,data:A6pRXCZlmUHqHvJKMQ==,iv:7hENqV8N1NelfXkMnwRbf8Xmr8BgNoYnvMeJYXjPjlE=,tag:Tc5EcxBO+rjIy1phdrWJZQ==,type:str] + - ENC[AES256_GCM,data:FnTZbAmNGf2h,iv:4cpPH+8AYekzREFcFVc5XPw2nD2sPYp4Fdmfu1jJSz8=,tag:3lT+FkLmG2Q3ci6cdOsJeg==,type:str] + - ENC[AES256_GCM,data:HArNlQkU5k0AQQ==,iv:m2BAqIRpmW9cJB2aXQ9Uy5fguOu45STkvFZieh+mo2M=,tag:rGfgFTS2kZ1LfL+UajBZ7A==,type:str] + - ENC[AES256_GCM,data:YtEQYAJE6ueF3/0doQ==,iv:7+c0j1qLthuU+i1hbt3wo/Sfksf+Y8Qw0R+xCQWqUJE=,tag:pep7wFsLGKXftu6mWYIDDw==,type:str] + - ENC[AES256_GCM,data:ED4+Tc+jenylvNMs,iv:o+GNrcfWhTmciOs/KRWvKHA2A0fSLdSkFzqZnaRTqq8=,tag:rLEdH55JxAX9VTCd1+OFvg==,type:str] + - ENC[AES256_GCM,data:+jdsnxVQlfkN2PVC,iv:IKV3QBXJ+oIS4GNVbfomFVJmO1y6ADy2TA7MvcYYY1A=,tag:zGO11cbc9Auq3rQtlWr7Kw==,type:str] + - ENC[AES256_GCM,data:RHkae2efNZ8bl4ENxyTcZs6ObQ==,iv:u2d0kl8hQlZtDNWa319Unp/141kcEnwuc735PYGqEF0=,tag:MzHdjVcivcVMO7oSZNHUUA==,type:str] + - ENC[AES256_GCM,data:zGzd2WD6MA8ip3Wz,iv:zFqks3+fZ9INCbfL9mbqRg9ctYvx1/JfsjUob7oHJws=,tag:GNDw0M5BHOVQYnS3SE8hsw==,type:str] + - ENC[AES256_GCM,data:BaZ4p+BUow8YwrDYlQ==,iv:0MAXsjC5qEhtAzlQL2fnweC0HCyCtBy98QShtgg7p4E=,tag:Cikj+/RzIA/SBoqUCq6zVQ==,type:str] + - ENC[AES256_GCM,data:cGv2PIGyVZB2FWR5,iv:rIsBHuAfNYqwxeHi+V2DLCsMwzi/sFP5fRyYBUM7kaU=,tag:hcmg9FLtj0hKafZjNv7f0A==,type:str] + - ENC[AES256_GCM,data:nqP1cNI2rfrrbqNkdK/2Ow==,iv:M2tVvQuh9yHfhx96QLnOF73GbN8KUDKyux8Z7XN207I=,tag:JDB5lNuSa2GWvqGg2MysTQ==,type:str] + - ENC[AES256_GCM,data:MvO5tcNTvTq4oXcfNW5c6Dmy,iv:BaeQERoSVHKa1hwgNwRzmQJA5eOXYdFiprZfdBPdCVE=,tag:yVeYViBHONsPUxiO4Q09Dw==,type:str] + - ENC[AES256_GCM,data:9m1OgMRDDC8L7j/x44cs5g==,iv:ZvQoM2MfO64cKTwobkUMfwovPyVCfYkQpo8UPd9LyVs=,tag:QCX5WH7ECsU4gycUi5pjRQ==,type:str] + - ENC[AES256_GCM,data:w8jIU7tCeX+FTYnUzjRZiA==,iv:tVniZw0RvLnyT0lcH5Flg5DZurlSv77Uky73RkZX7Yo=,tag:1ihgXCnY2YVBNM4xMyVJAw==,type:str] + - ENC[AES256_GCM,data:zGXlrG+jPaN42u08XWCrGg==,iv:bFqPQENHJF8+qbdB7kMwjZ+Yb9d4YvHAZWrFkZF0Os8=,tag:+JNHslLNhVwOo3rL4NJ3UA==,type:str] + - ENC[AES256_GCM,data:un+4mf86iuwP6dHCV/tlbao=,iv:8Pb+f9SqVT2uoG3P90SvY/yLheELB1TZFt9YUhRDyCs=,tag:+Zhc4XywyobTAO72fiYr4A==,type:str] + - ENC[AES256_GCM,data:m1hvAdNJPhESybeaSidMVQ==,iv:PzDtRJ2SJTMfCN3S8q4KCHl+stHPvTLeBfu2IoRQPyM=,tag:aDFsC6RkrY3axhmShmbgWQ==,type:str] + - ENC[AES256_GCM,data:Fyevkq6K9/NtAYY=,iv:PWHuVn4tp62fiZK0km8uCvdhjAmZlySuh3XoNUC9W2Y=,tag:1FUIKQ3ZTY7ScL+IhCahGw==,type:str] + - ENC[AES256_GCM,data:bMoDVCHEH5p8qjyrsmHk,iv:95cdVQfOk9BwsT6Usjgy8TuKGuQoDzBMaxctv5Mp0ls=,tag:eADJKNjc6aOIaF2Mh9vg9A==,type:str] + - ENC[AES256_GCM,data:IFyDjoebR+D8j9+QF1eXl+s=,iv:bovBRG7yC/0LPca6OsEytDbzUmxOWu5XC6DN1b8IrTU=,tag:j8ko29RYZBlRplQT0LvsSQ==,type:str] + - ENC[AES256_GCM,data:2IKb/6PThNUwCU6bgIa/O4AEJoYF,iv:ImC/I7j5V7Zq1BCOKQLS5aFeaXHhyKIddpAaKVGKQ+4=,tag:hTNYFgsj0W6jxkKy444J6g==,type:str] + - ENC[AES256_GCM,data:tC3pBPLXbUydSQ==,iv:1jDQ4egAOAYUg4wF9SDFsvm0HI/yHSuVCwDR4VrnTAw=,tag:B3RSNAAj+YUOAFVYNyycCQ==,type:str] + - ENC[AES256_GCM,data:22rmvFMQKM0Fnr0=,iv:MHVXUXheUnNK671uthgEPyZPXYwH5UAYWieev8/a1sM=,tag:o8rcR+T6lPw479ChfUIVjQ==,type:str] + - ENC[AES256_GCM,data:POm6Ex929osM1R3gVtk2,iv:BzBu5i7CHQLlFdNBArIf5N1RtdauKwKHAcOGkN+W2Pk=,tag:h1xQXcMJdCAa4nGd5bjFzQ==,type:str] + - ENC[AES256_GCM,data:XpMq+9r487Vh,iv:AmCQqF0w6ZYNMckgFG3DzKv/gVtMWHaobG5CLbneGvc=,tag:9cDB9TfWO8CQuMG5kxZTkA==,type:str] + - ENC[AES256_GCM,data:KzBo0XUa9dPtclM=,iv:+rWi9ieiB1qgDdknNOfsQzCW/yHtKM9j8e9ZzpaIH5Y=,tag:T5ExCmg4soYw/hu4Rk8kCQ==,type:str] + - ENC[AES256_GCM,data:4BtftQQjRxs+XKxoNFbb2A==,iv:MJ44x48C7HomtGAAHTLiEc/koKmwtkOCcl+fee65BLc=,tag:HtWPPcPWjNNyCDD0zd5WWw==,type:str] + - ENC[AES256_GCM,data:hLaEZ6KHbpV7bvdy7buHqMrTFz/F,iv:eZw9jwNjcKU6Bmhkb7KaZnpy8ElUGmnB55KisZLqSxk=,tag:kYAG8G9/eXT3m+JjIqaZsQ==,type:str] + - ENC[AES256_GCM,data:MLYJebiRbnfP1ew=,iv:MvgmvOL9ILTwgN23a16fYhOGIbRp49RwpIGHXZDaFHc=,tag:q8rMQBiK1N16R1ZNYsdUIA==,type:str] + - ENC[AES256_GCM,data:LMBcBKz+fTwhttU=,iv:RNXqSC+ouTIio9OLkekfGZQuqPrpNr6Se+Gv+KbTdA8=,tag:WzoIBMjMmDH/t5sxeRieYg==,type:str] + - ENC[AES256_GCM,data:mC2L36RZ6kCZWVc=,iv:xCyQBHHdSRiNTOwTs6Wdx57n4Pr/C/wpgEG5U2NyB3c=,tag:+YjNMsoN29F60PTWezPUwg==,type:str] + - ENC[AES256_GCM,data:NFmKMJxBoOiWCnA=,iv:JGTTk2fFcFwE+037IJ39hzCs5eTljvenqROMmoIt7DY=,tag:PgedO6Jgpv0IDqJaNcMe7A==,type:str] + - ENC[AES256_GCM,data:/Gyv+mpRsiw9cXY=,iv:BxTXRZW8iy+rCTfyxlvnO/c/STHu3zgyjjspVHMolGA=,tag:59h07nMyNAooVpVd05f9mw==,type:str] + - ENC[AES256_GCM,data:p3/DWlGYenQm720=,iv:Tz3OS4UUFg9LxgDgnV8z5+ZPdKMpun5s9vO5jxO1Mcs=,tag:8oFN2ml0rk3zbFVXFNPbtA==,type:str] + - ENC[AES256_GCM,data:3jlh9v3hxf/8Nti0xQ==,iv:lfWpBIoB6h+cJ2qg3y+bHWapnQWJ4+YNcEXFkAUJc+A=,tag:Hwcf/Fc8KXf36tmDdUi12Q==,type:str] + - ENC[AES256_GCM,data:HphEBmbUpBopQsI1,iv:jffH42KqlnLfw46V+kERxe1+AG6KzOofqBUMqHIfIiQ=,tag:uOBVPtkIHJEuz9qrg6uRzQ==,type:str] + - ENC[AES256_GCM,data:Q5rRyWpQgWDmeU6zV2o=,iv:WDh5t+1dRBCzukB57x8S6G/19pD6hPoRLEHXxJeXDhU=,tag:M8gfGizjA/dexX+ZjwhB+g==,type:str] + - ENC[AES256_GCM,data:DzOtJr1lKhwHxAnf,iv:K0BWw39GZNyJsJAo7JGy7KJjM57ZhlyNYkY/8P7nw6A=,tag:C+HIrE495MW5i6vPRzbCNg==,type:str] + - ENC[AES256_GCM,data:0Jw/SuGG/8icUGI=,iv:ssYKvEEdhBsjqN63b0Yxajrxcy224JzvEA4ozaIXwKc=,tag:mbVDBXMBl62RdJfDN1dDhw==,type:str] + - ENC[AES256_GCM,data:GM54yRG/NWoGXBtN,iv:BufIANti2uebxjEc24QTRQWaZRPOshB1mWDTWVkHqOc=,tag:cEYzyoSPckkJxrBopv3cgQ==,type:str] + - ENC[AES256_GCM,data:w/YRAWkcwoP6UaYHKw==,iv:ZbFnmMQZr0fSOuekVu8WwQAVgwo+fsWgxF+WQuFIZgk=,tag:RRmd8VTbwo3Cwi1a/cVKIw==,type:str] + - ENC[AES256_GCM,data:RMXBt7mAoGyZhUWe3rHV,iv:cRQ+toez5MqiPk7mR/6KTTSGk5fuBl252Imk98TxHo0=,tag:rzrP3KM1inqgeUruhuGUmQ==,type:str] + - ENC[AES256_GCM,data:aGQl/tpRbT3y4g==,iv:J20UPAjtZnR8UoJ/GeJFcs7bKpyJJAHfwSFtYrsjuFo=,tag:F5MOeqaSgV11KeUoDo6kNg==,type:str] + - ENC[AES256_GCM,data:ZJ29/0wLbAYG4Zu4/YRJiuK6Y+SS,iv:b5VJ5WY6tfj59+1ojBu8HyHfz4fiAinaQbCwQ1fpgb8=,tag:QzbrIU3VgMvjFWbXmNZrBg==,type:str] + - ENC[AES256_GCM,data:xH0MtTw9f18YisSZ5pH4QXo=,iv:mrW3nqE9ALhl9IHh3rHm3/N76n8AOe2kZguxkOQ59FA=,tag:wIpb5ApZMiR7naHuxehkrQ==,type:str] + - ENC[AES256_GCM,data:AIMN+5uHXsQ1sLUD59s=,iv:JZM1yCypGYUVBC0b3U0pqsh/ZbxSWZmKVXZ+9MZ2pDo=,tag:EYVp+hkEJESvIPBBMA8Ung==,type:str] + - ENC[AES256_GCM,data:8knDjeFM/jBZEMcn,iv:GzY4qwpukyQnJy5ktxMrl5/OoUmoYtpGJOzAmGf/U9M=,tag:gZT5hZc+HFVI7G2QLz+UHw==,type:str] + - ENC[AES256_GCM,data:X5I3TVPIn5Cw214=,iv:0pbcZyUWByPq31nYbfMNp92trwCZ4d5BBfF0u7FjV3A=,tag:iEGaFsnd8qZ+Ja/vP+8sZQ==,type:str] + - ENC[AES256_GCM,data:a354afKLv/npsi8LrC5YClw=,iv:V03yb0sMFLLx9kM/k7QAY70q17JKvlMQLG8viwU4BXo=,tag:+5Spx7CN4IN81u0AxjXohg==,type:str] + - ENC[AES256_GCM,data:VcWMKaB2UKjVp5ERlxM=,iv:sx44uQwcQHETpY4HRxjgOSsdJpUN77EFfdJN0H6n434=,tag:kdlEb+QqbFo/dQktCWmB/A==,type:str] + - ENC[AES256_GCM,data:cmuhkEzRdvvpC0jzdR9SMyLwzQ==,iv:66yg9ktMu4KPaC9dQO5ZuFQjGyJ7/jvTZTtD3CpYUuw=,tag:E6oLdbDoiGzNuMgrElwCvA==,type:str] + - ENC[AES256_GCM,data:yefL539208BvtA==,iv:jTTWcVoXahQIakyKbi7SWkug+fPwM1EkPGH5NdzXdKM=,tag:tvzbScANoG/KDKUumS9ZtA==,type:str] + - ENC[AES256_GCM,data:sc0wEd8csr5Q6g==,iv:7nx6BJ6IkxOu11BkoK+3+2A0oMPpGeVuv8YlpX7P5i4=,tag:Ob2o0iP+GlXp/E0Uvc8b2Q==,type:str] + - ENC[AES256_GCM,data:iMfFbQiLyhYN9ZL4bXJEpw==,iv:gZFAIG1j1jLo8CohQHnyQrnDc3BkS4qKUFIDQad5UJk=,tag:HAgMTi+GAsELY/pD0g5FtA==,type:str] + - ENC[AES256_GCM,data:4op4TId1iP3c3wnPXg==,iv:e2fGepxYyP8kmsEuhcdMzEpOjXjGwGDKINDxscTLYYY=,tag:87nbMHSxFfh+7v0pAxy7cQ==,type:str] + - ENC[AES256_GCM,data:RB/fddTIceh1jw==,iv:eX4aw54iywPWmjHxXIjNuqpWRCKzRhzrmzxVc+X6WwU=,tag:EZDt9JLQb2ErDRx53twk/Q==,type:str] + - ENC[AES256_GCM,data:XVi0ZhtMMw==,iv:m20isHZI7wk5WP9pnZIbAMA97Fy1HZohczmVF8ovpDs=,tag:Mjf1isuPO3uG/qEom3okVA==,type:str] + - ENC[AES256_GCM,data:OJWM8SgjRZazIFUfsCU=,iv:0URSuiT4iFyNKl/e+RR65ndixHA1z9tQDgIIzyzTrew=,tag:Fe5xLdzRaoMfKCOrneAA+A==,type:str] + - ENC[AES256_GCM,data:2CtugsLFUAbyLtm8bw==,iv:c/BSf7SPZEwst7ezLiUVa3+1AfwveJN1Tksu/c8b9q4=,tag:xQa/tsoxokrG9fHeg8PorA==,type:str] + - ENC[AES256_GCM,data:VH5iUzcnPAFuwA==,iv:5+waxJFkVSeB0VKmku5lQipi2qIe7PfSF3VxEAeT/Sk=,tag:zyu2Va7vi6GMaHPr7tDUBg==,type:str] + - ENC[AES256_GCM,data:KgPDsf5bTH7CqER6,iv:EeEWuEcrWHOhuMn6TEnUQt5Dmf+Bi+HPOzAzgwEWyxU=,tag:/ZhNBdW0LLgqvaNdj540jg==,type:str] + - ENC[AES256_GCM,data:ECbejncfko8vn6w=,iv:1ZqP1GyoEZL0J53toK/fdcImFkGDlC9mW2RcXgYZ73Q=,tag:WPrb8rPw1ChZ9l1nGX45Zw==,type:str] + - ENC[AES256_GCM,data:gSdN8thN35uVofBRKA==,iv:TjEQNVHcDtLRTEh512+EuAS3DeunVLPKU+g9VxJQ7Iw=,tag:VsvxLngBHMzKhRHqZHRGyQ==,type:str] + - ENC[AES256_GCM,data:3lcSq9xQ7yyi0tv+,iv:rQHYo128L7S1eNDpDtAplu5+V0qH7u4B+U9gpDG7vIM=,tag:bPMHZWnVMv0/6jhJsMA4+g==,type:str] + - ENC[AES256_GCM,data:/3M9AxS8EGbIKxzX,iv:ML8qhOW6MjaB+egyvQJAP9F05mfXThJwmVwF92pYAGg=,tag:8LSCeLvpIcy5dSFYKOdByg==,type:str] + - ENC[AES256_GCM,data:qoP44tlhzi0=,iv:t/xb1XnXRjjnKvDLnrVg0AKP71WJ2766yjcZ26YVh74=,tag:fEiyQLD+YbP43MFdZg1SOg==,type:str] + - ENC[AES256_GCM,data:mfpXLy72+vXBOg==,iv:s/IKhXHMHuh6ElKAKrVMBaALGp2aIKT8vxDIznvnSvE=,tag:Q5GwVEWLUOPp5ZZ+vRVXuw==,type:str] + - ENC[AES256_GCM,data:lhH2QfqNEI8SEA==,iv:eZb87pecyA7081HZjfWUkxBGCm5Zt+I4Kei6bedVhsE=,tag:haujjUA2iwWrySaBs1DXxQ==,type:str] + - ENC[AES256_GCM,data:V+LepeN+po6nwALL,iv:Nk34rlGJyMSKwkZT5iTm3r3SgLHQKN21mxujIEbd8NM=,tag:mT64D4WxP1niJFVBnhVQog==,type:str] + - ENC[AES256_GCM,data:/jbZfPx4sX9OemJP,iv:OLg+d8PpMhzcbq3Bdv89sXD5M8ObdhetROAC3Pu6074=,tag:wuHdPD3Fes2mML28cGRm8g==,type:str] + - ENC[AES256_GCM,data:/W1epkhgi09hCNwpC6iIhUu1mQ==,iv:mcZL8Rog3l60Ge4arnMCJe5R/zciH9+8k9wnAobz8YY=,tag:sHNXg/V5hMjKRaSlJcqFAw==,type:str] + - ENC[AES256_GCM,data:Wuzd4xSKrgXXUSnRVY6XqA==,iv:xeX+4WpRyJS5CDWql+QJOEQiSU11iSvjnNj+YrYIkzo=,tag:izDWc3npDXzPOu/00iGCoA==,type:str] + - ENC[AES256_GCM,data:7Tnqv0UOexnlA28395LNuVI=,iv:BE8H+lryFYtb1mA7CP5WUizReeHKzwDzolMuxOc1JYo=,tag:TNF5ZLDXHz8afJX++qqpwQ==,type:str] + - ENC[AES256_GCM,data:jW8lSG91hQsCOOMKA2JfoA==,iv:Xo5xSXGaZraTqX+ZF/F2waY1/x0AJ5oXaxRLS5I+Wn0=,tag:hxZXQvPIbluXi3Dgzt8WxQ==,type:str] + - ENC[AES256_GCM,data:NFms/3DJv2gNTxCP0CDaIGo=,iv:sDkAFOABtGadZCCLKWZmIkXnILNcnvngug9c3fwe5Sg=,tag:1vEO9hjtU/C2v2G/vlc9ww==,type:str] + - ENC[AES256_GCM,data:qCnxdx0Lov12KJnv7Q==,iv:Dp0t6Y/8WHmF9GGE64Ur7ljptfqvY8OWw90zHC6TcBA=,tag:ej8IkSlCcjBdkDCkknjLjw==,type:str] + - ENC[AES256_GCM,data:UrYZiObm75Pf7Th7L06YQA==,iv:2BGMgYhMJV1f4nd/GpljZYhEMsizspkhgp5+KsMMoA8=,tag:o0FATzY6ZGIr+1G8fbuiTA==,type:str] + - ENC[AES256_GCM,data:vzQzst/0ZUgQv/24N5qtn1o08A==,iv:R+wS2B51jg0pkrWQMvoR/N6h/EtG1Z5tBrKiDobje3g=,tag:rNlfns5iAB1F+2n7BPxwEA==,type:str] + - ENC[AES256_GCM,data:B5KWkEUKQwtsl7ONOn6T,iv:YacfKmBlZHrkSuMx8EjPJq4yuUhTWbxDlbiTqDaTJNY=,tag:sleiJAY23/yUy5RyObl13g==,type:str] + - ENC[AES256_GCM,data:9kaH29M3wU5doycaJNyIyA==,iv:vJrMVcIMOhrC7Fc2DClagaUl9B19rN7LP4UobSSyOX8=,tag:P6c3hqRZ9+hit53XhQ3y2Q==,type:str] + - ENC[AES256_GCM,data:CX32LEM8bBRqBvGi,iv:+1w1opzWN/QwDvyXdXWesXerCOzDdOGogmawTz5EOCQ=,tag:wG7WV8EEIoLdFNtNS2jFrQ==,type:str] + - ENC[AES256_GCM,data:/IpbllGAb+UYnA8f,iv:yuvGG9wJtw+U8+gxCfjVXTPg+ZSD9j9Dwcd9dtsTC+k=,tag:1PFYl63rptWj75lCIO6vRQ==,type:str] + - ENC[AES256_GCM,data:nJpEmTz/uaH4WBSnMA==,iv:+Sr1bX+sr5xetlFXKP3zP5O42NCTR1hNIR/Lk246VoI=,tag:XXeDjLbCzGcMI4bpKcijFw==,type:str] + - ENC[AES256_GCM,data:ssy4C/S6a0RseftCNbJrgBlR,iv:o4PsqAGVoAfEr7HWRBsPt5BC90MV6hpaOZLPR2zgVJ0=,tag:WLHQvYsi6bsGJt/JMEGPUw==,type:str] + - ENC[AES256_GCM,data:95T6VD/hNwjAX/UtMTw=,iv:Supv80JOGeXJy0xvlSFMO/N4R2WXh09LAR/DTqsgGBg=,tag:poU7MSwIg74PLilNsPFnbg==,type:str] + - ENC[AES256_GCM,data:eFwCJPepW0iqZolM,iv:/LPhGXlzBMSlMQxn1qhN7tUWbiVh4Up10vTI0kNJ4To=,tag:/Nm0dCfFW7z2LcZGm14YFw==,type:str] + - ENC[AES256_GCM,data:9PRD9PLuQqTCkg==,iv:0huV/2MSjTLn1gUJ9pwgwtE6CcKpJFctWqXHh+wlPq4=,tag:PhoMfpAJPmU3p3zBuLO7Rw==,type:str] + - ENC[AES256_GCM,data:562/mAyx9OmggXkZ,iv:+3GYC/F10buCM6grjHpz/SilK4OcZzr4uWXCU56jbmU=,tag:sHs2YGPho/SF6uJYoWswcg==,type:str] + - ENC[AES256_GCM,data:3v3J344UWB6YBTaSAQ==,iv:hq1Fi+iKXL4O8ROs+kGuMG3/ma3WEqO7NbydiN3OF5A=,tag:ir+SvZIUoZ5ioimV54zWBg==,type:str] + - ENC[AES256_GCM,data:MApyMasK00NT,iv:IaLKzYNBvxrIlQGRAC+Zh7kcsdgfOLZNYsET55i5CiQ=,tag:DNHfvxIznCjPaavWmxFTXQ==,type:str] + - ENC[AES256_GCM,data:+uP1QO+Pcpso,iv:YTOMf8A9RFvMZsJnJwrsXiQbI4//iwfIZOImBgVjAeI=,tag:Il5QRHkKP48rmLHOK6RQog==,type:str] + - ENC[AES256_GCM,data:fzapVTjKrhAFeo0=,iv:hStEmapoiTOzJtnP5glI5sgiwG9kuTh7oF5x2W8o4iI=,tag:arzaNPkwiMUPyCjVJsz4VA==,type:str] + - ENC[AES256_GCM,data:+7uBpNyuS1u7VYs=,iv:6nORp3JSRGA1E5Yqxh4GnE5lbPVU+SSBla41sDgctW4=,tag:zaJ6+/NVFHmGfijqz6Hcsw==,type:str] + - ENC[AES256_GCM,data:AEpWfZRVWGBo2Q==,iv:b90s7YydiSaAWxCQC1H7LnEWh670yzeKGC6OlkS/3aU=,tag:05xJLIMh1RM7EZy3zmZ1tQ==,type:str] + - ENC[AES256_GCM,data:yMbOt53HhOLQxA==,iv:w6wBLGfGs/x9Q1gqLVKQDPyKTd52dToGx1bSFvph3ZM=,tag:b6aI2tgwwriUA9E5pxjeeg==,type:str] + - ENC[AES256_GCM,data:zN/Ies3a6g==,iv:u+h7Xmv0JC2Q1Rn5hIAuyJ2e4oJnZNpXN75QZ++Z0es=,tag:bKv7b7s+uW9ezYS7AaVmYQ==,type:str] + - ENC[AES256_GCM,data:d8PPxT8iZWk=,iv:5bxVCcj9SHenJFGDA9fLGQgx7FkT9oXYQahVMMuUYcs=,tag:whm2obSBp3EccgG+yyCukA==,type:str] + - ENC[AES256_GCM,data:Os+yaymRHzaFoxYu1g==,iv:BiyoOfQvYZdOZDGY0vEpuKIac7gtBsT0cNKuTtdf9po=,tag:hRwfvJibIEYguoZbqxRiUg==,type:str] + - ENC[AES256_GCM,data:swtbysyPvG+j,iv:/ohNT/2zIm55T6nwhMc01mKqzDjD2IB9BZ1GQXWse9g=,tag:SO0OFbX+cVyvv9Q2biSttA==,type:str] + - ENC[AES256_GCM,data:s1yz9LU=,iv:LFAG8JSWj1a3TyfJjiMng5NEvGgaqvNcMm8EOr1p2Rs=,tag:R5Aj/06aGydB6TzHu3R5rA==,type:str] + - ENC[AES256_GCM,data:Pv440ksuFD/Qgg==,iv:4cKFveUXDitx/kkj2yQT7wMj08AIg2th1FMcCGx2ddE=,tag:WfNfYSHNvkitNX3/wM2K7g==,type:str] + - ENC[AES256_GCM,data:Qr+O6DMgcMSpUMgyugvs,iv:gCOtBAKqQ2KlvodU47NC4Rk1VspjTrHI/xY2rNvsavI=,tag:LMWey46zQGy/2RiFh2Wm0A==,type:str] + - ENC[AES256_GCM,data:sZblQBdObJNf5glYyg==,iv:Ooy2SzIi1NSC8qhD/dKV8+c5gDkWvuniwE5x7pQARLU=,tag:ybIJ+ErUIDK3RNz2VO1gaQ==,type:str] + - ENC[AES256_GCM,data:J+KGYJV0z75J0GfDYgw=,iv:AMXxoPN+aLH1rZLlcCEjAz9KLEgAZy+q1WeC1wYfvaU=,tag:pK+JcrIZNvuXNTG3VKIEnA==,type:str] + - ENC[AES256_GCM,data:APkJw+W2xBdqUQ==,iv:fCizSK8RckS13W+P2HnwwmQmZV856wYEjSu290ipVSk=,tag:9Vwtt7tx0lv0DwoVDzrMrQ==,type:str] + - ENC[AES256_GCM,data:g4pdvocLCOQ4xdWF0wo=,iv:hJu2sNIuZVV5kv9SEyaAZulH6nmHA2wkCLvgfQTOap8=,tag:JcmRLyDU0o1BcUUZe7J3qg==,type:str] + - ENC[AES256_GCM,data:rQ/8xhyYGm3kmPfMOTE=,iv:8alebGqeL/xKnGmVAQTChAtB4/Ym+PIav7VGtFihmlQ=,tag:C+zRqXoBFxsMUmY66Gs11Q==,type:str] + - ENC[AES256_GCM,data:qZQfOU1gL4qSuZ6x1w==,iv:HrB2yNn0ifWnKlTk+SelQyDwAZxIygV1XVcX+kdVn3E=,tag:AcQvK5PjxRGIpI1oeVQoVA==,type:str] + - ENC[AES256_GCM,data:584piFmMjjOvEkry,iv:S1jlNdhw4FvuZjKN07hbIk0Osq66cB5K2cWWvU1LReo=,tag:LDmpRIWUO4WMBQOpJ2465g==,type:str] + - ENC[AES256_GCM,data:V46Kc4l+wQKFYP2e,iv:Yd90E8KWH62o4FYi/Js1e0SzejkkgCsyphUfE4RnBEM=,tag:x/E6dgUdKmS7eR8Dr4wOOg==,type:str] + - ENC[AES256_GCM,data:AsMIM5hqGX4EFABbEd/qEBi5DQ==,iv:0S4yGUGcc/EHbrgqW0khPIjhtPPT2wvu9CLGvRXNQZk=,tag:bAmDsdvLc2vGVVlt0jc66Q==,type:str] + - ENC[AES256_GCM,data:oKzMZ+clhghw5T8=,iv:nlQxCkoIp8BOuze1Et0dxFJxvB0QEU4+/uO9kslSccE=,tag:toxS9X8RwG87wZqL9F5XlQ==,type:str] + - ENC[AES256_GCM,data:o+3lHJ7Lc0JQnydrqrj8,iv:djIU8kQ/FTX60GigtojVoxZJA9ijf3D/HbEodluFv40=,tag:uYUGxrq7uAU0pvaKBXUlrQ==,type:str] + - ENC[AES256_GCM,data:v6BptGXYLDGEjhRIlkj9,iv:/AxvJt/1WSB4pwR0XtRUsgWT2E1sjOfbUWC3od0C10g=,tag:kX1AuFIwWqjZqDL6hjo/OA==,type:str] + - ENC[AES256_GCM,data:hjoU0w3/EIuUakKo,iv:uy9qf4J38Voe4UVR8jJqaRTIgCX21iY8NWHqd4LM/TI=,tag:9NYMnyTkO83/l2iK1m+dDw==,type:str] + - ENC[AES256_GCM,data:69+v9MMJNcUKzKTYCVo=,iv:ZL3ErtQfreC7Jp+X2CygYp9EwgPjEg5UevIvGyEfobM=,tag:uu5Lts6F5N2Dryf5WP8V+w==,type:str] + - ENC[AES256_GCM,data:MO0cA9lnyTPukf/hW1g=,iv:SLESuGN0F4UxmLdOROxPZHO+B1Biq3fLKt0myw7fqO8=,tag:wZfDxEEPP05SsnkUjKYU1Q==,type:str] + - ENC[AES256_GCM,data:YshXnCTiqJkZfr0clDE=,iv:qFTIsFvrjDVySUEykiTD4QSGfvKr3T3Bm7lsQrQsSh8=,tag:zhK4jR9zPT4pItwfERaeFQ==,type:str] + - ENC[AES256_GCM,data:Z7of3XKtl0lz3ZErOtXIRA==,iv:g00E3zQW6Ou48rhHWhMQbwgiMpOX5DrB1lHNrAbt9EY=,tag:IX/Z4Isjcykv/qqSjwmEFQ==,type:str] + - ENC[AES256_GCM,data:Ka97SyalfVDpto96,iv:NXCocMPAPbQX5BUYvV2GAo1WFQIg/PmDduhjJkKqhac=,tag:0HDxjpk0/epFOVPR6qNXLQ==,type:str] + - ENC[AES256_GCM,data:8pGPBoaMBpw=,iv:gsZESug7t9nai3+dLb+JUtLLClVHvQOgZ3clfbNV0X0=,tag:CjtFYSAduN3asQphpvRugw==,type:str] + - ENC[AES256_GCM,data:urJUzeSRUadjKuLk,iv:aRhrSLtGVRHfIYSI6MMfab7OfecVFQJMANqCeMWZprM=,tag:9cACeZ+dnwQFzLi3HxVMxA==,type:str] + - ENC[AES256_GCM,data:c6mFHvgKBl16PcldYAY=,iv:rWh59khJhO1/D9smcvGHjFcvniQQA3bMfllOpYkAsZ0=,tag:Qvq0bDIYRK9jW5cl5g9smg==,type:str] + - ENC[AES256_GCM,data:mIR7tg0ha8OE+GGXrQ==,iv:LTlvOGpD6PnKps9aVvnOAQeoG+y1CmBEvNZtRDJ0Mpw=,tag:EXEQTtPl1cZy1GDdtrYVMw==,type:str] + - ENC[AES256_GCM,data:flz1PLkpbpupc+Qkjk2d,iv:JwZwUI//8ohHya4ClK2MeF7BA2unOgQUQPvy/asTfO0=,tag:Xfm5K/M3S8aTAC/PGYZq2w==,type:str] + - ENC[AES256_GCM,data:mpnobbiLbTpwrdHe4maf,iv:Zqa+qn+Z2MP6HrqG4TEC5Uuc4QSCt1eBXB9hEPGXGYE=,tag:U2o9EEWJH5lmRuPKl14UVA==,type:str] + - ENC[AES256_GCM,data:NcxIP5cXFr8ue/SPqvla,iv:bfIWGFlYjoEY6HeKbo7Nda43sQ0LqcUt7v9kXCpgCxE=,tag:mx2IIKgn+2FgOVXVuCjL8Q==,type:str] + - ENC[AES256_GCM,data:Kr+drEU2qYu0gA5oAN9eabU=,iv:tBJpUJgXMbwJuQnzXyYYsriwqMMV7N4pokmJPkYXulA=,tag:BPrLN/167C1VI7px4jOdGw==,type:str] + - ENC[AES256_GCM,data:qOrVJVlRHfAPUz74Uw==,iv:NuK4q275f+3w/iFKLtF1D4+sb0mNTO4VpeR4qxzhJSQ=,tag:07a5qHGMgVjMvk9eK+6K5w==,type:str] + - ENC[AES256_GCM,data:faas0cBlPNBcx9h+/HGVbQ==,iv:3TvQNfHweN4iGFievbmoLIo528sZ9ZbS/a46K26oWPA=,tag:Shffg/72vuBWv27NPRxb7A==,type:str] + - ENC[AES256_GCM,data:93miJ3ulSAW6cJe63g3NoahfIcc=,iv:l2WEQhr+kt2NDD2NWy3cqYyf+MJgLZ/HujWsyU49h94=,tag:rlbvJrOR+pMmPrg4Yv+AMg==,type:str] + - ENC[AES256_GCM,data:7vdN1G4B4adYEg==,iv:FMG4pWjMz7ZnB9t9Fe8H4YwAIouwYI7xU5IAuHUX9rA=,tag:mMDZ5MVQcyMpclrTUBaFpA==,type:str] + - ENC[AES256_GCM,data:nfTguT2iOjuqp8VZWsg=,iv:Y5LSTNpi467kcn8jd/5Ba711tjQeEPqeBh1GqOFDVKw=,tag:e9VRWATPIdZa6rx/5UsnnA==,type:str] + - ENC[AES256_GCM,data:YPLpzke89b6pvtYYzvE=,iv:e4WEhcd92jEC/YtRUD6Oae2/RY4K7Wil/oEjjmO7jgM=,tag:LNzxa+474N/+dxCmGNf8Tw==,type:str] + - ENC[AES256_GCM,data:eEbgnL+sO4Xokw==,iv:gWn5lVYwNbNpHAVidX+G4Cq6hFMmKO4XD20A2HBgLuc=,tag:RYAvZ5JKYc6LNyKgGvlNAQ==,type:str] + - ENC[AES256_GCM,data:PmeUq5FgvBS9,iv:4SUHlNPwSZM6P+YJyj5SWZ7PLar+q99SCrzBSX08M7g=,tag:j/JwVU+JpPsveXS0v6YBYw==,type:str] + - ENC[AES256_GCM,data:nqIoRC5vgcWxBGJ9cg==,iv:cGuVFiZieIBQPD93usEJ8okHPA9rR70JnZ97OFavwzE=,tag:H8xTgMQIROs8co5dGwjPOA==,type:str] + - ENC[AES256_GCM,data:70MMBfHUJrYi7BzP3CPSnA==,iv:aT+K5ezYh4R/WtAhOkZunAyrXopzoFxOau7WnFyyStY=,tag:gHWoWWb/lj1ADKHZo7SfNA==,type:str] + - ENC[AES256_GCM,data:VgMVjQos2NxZm1MZ0A==,iv:ZLXFo1OXz8+rENv2N8u1kTMPG5v6HtXo3eDSVir+CUs=,tag:6DqCrfXpTOd+S93Xl247iQ==,type:str] + - ENC[AES256_GCM,data:JJMEMi7fQNN83fgleg4=,iv:0XmiHCn8OVtxp8cSnGh3L8DmY8O3lf0IsiClhwUMhtM=,tag:1+FA8dYwgIV5iKHq8SSlrQ==,type:str] + - ENC[AES256_GCM,data:q7BT/vrMdYvrZYoAZe0=,iv:bFuYchiz2RZ/9uivXp35/9ujjDFQeNyXu4+BRjELQkg=,tag:fGyQ9VsHnedN5M4T6/Y4Xg==,type:str] + - ENC[AES256_GCM,data:YWA87aaREiXII1N2CEZB/w==,iv:pfMp9HSjqLcdc2DLFxlBxDNq0cdYDke7Rt/1uzI8TmA=,tag:b8XNhZTU+fM4Fs1hjFNaPw==,type:str] + - ENC[AES256_GCM,data:hd4gYOh1uwgGEJhZ,iv:dOy6HJsDwy/Yr9f56fPGKYbx0Loahd1U4iOMCUHdCIg=,tag:/QAXGyF5o9dnH5gRao2gPw==,type:str] + - ENC[AES256_GCM,data:diDYQaQL99GJKw==,iv:jGBGC/QUGgjDNsof0sw5/P5RLtMODcmkplb3AUJMseI=,tag:D2WRFBbUPaUCkHRLhfoOww==,type:str] + - ENC[AES256_GCM,data:ET9s05ZDdonSC0TmZmDQJg==,iv:RBzoAv09DHjoXpedUBxGFuAdWJpLoG7V5Ok3e1gHy3I=,tag:VmkEzZhw8hbDyyM2K1nUfQ==,type:str] + - ENC[AES256_GCM,data:MFXxfK1E9eltQSs=,iv:QfnNbB49i92Lsvc7qKMJRwX9sjOAQQbWMqCW5sAreB4=,tag:lml4R2tpjYWYQij4ZyeNJg==,type:str] + - ENC[AES256_GCM,data:IRaqwHUgpma5gQ==,iv:Vn7e+Mc4HeGSq8uOX2rjGa/YhoEtx7572XT2do2Ftt4=,tag:klte8kMa23dLqtRO8oosBw==,type:str] + - ENC[AES256_GCM,data:OVcGJUh+wQzmQNE=,iv:tGpskkotuFmpMI7zCnyCH3xC0aFyqC1SJYHY6DvFoZQ=,tag:qkqT4DvYn46Z62ickgIKnw==,type:str] + - ENC[AES256_GCM,data:vdARBcQQvhAvC1on,iv:S3AZg5PwALWtJWHCCRyD25yqME3xJgPqBpgWNyiJ4tA=,tag:tr8qB7fsrrAyQF2WOPrfgw==,type:str] + - ENC[AES256_GCM,data:KeWXdkyhhVOHk1pi,iv:cjeIwaDo1tMMqB85reE0CBmGhFkstPZHnXyamdMAySw=,tag:RgD/KSzwuoj6pOCOCBBvEQ==,type:str] + - ENC[AES256_GCM,data:isVY78BJ/LgTE3iH3w==,iv:eBSvYSKDkqCc5UNM2mWbe6SN1WcDq22Jz7Ao0jTPJHw=,tag:5B5+gca68dcabwyegGHP/Q==,type:str] + - ENC[AES256_GCM,data:s5vxEs36GH+uMHxdPA==,iv:ituw4iIp4oK5FMNBPECXsqIm5cY56/MoUCjBCYr4VPI=,tag:gJz1mxvOallPSndyr0IbcQ==,type:str] + - ENC[AES256_GCM,data:/Tap1mYVnY9OjHBU,iv:R3gGSoBmtJPfXxF6DNI11GfPP6EXpH44gUSeS+R0DjE=,tag:h4q9pjOR4+SrhotKz+u3Lw==,type:str] + - ENC[AES256_GCM,data:8ZTzqWu2EA==,iv:wNpUf4f7Acc9u+a47mb1lKqmWdpzIlk6LcLzVRkGers=,tag:oUM6KU0DjF9GpaRkixGf7g==,type:str] + - ENC[AES256_GCM,data:MG/B1oNx34g=,iv:LgOGNUzXDsdMc4U6fnZ+QPi2M4a56j7hA/XXizVqx3c=,tag:pKzFm+Ym7Gunw2mqV811Kg==,type:str] + - ENC[AES256_GCM,data:Zd7r0ZXqe7wOvQ==,iv:nIp9p1SOerzZaxWpdQI6L18N5O1izau+VNpVWDVEMbs=,tag:V+eeKWyCXej04w0Uzh87ug==,type:str] + - ENC[AES256_GCM,data:DuZONzIIbgQX,iv:YpHUbaS/MgdTVct6N4ai7t0Mt2K2dm8a29ig7Fnb/oI=,tag:z0VS8Vr7Qe5fme+/URQywA==,type:str] + - ENC[AES256_GCM,data:I8I2tjUbwuoQ+A==,iv:9fFI1io3NA3WbtSzUN7l6Fv8K0LfpkR87ZFEK/VWNNk=,tag:zM4EXiLj6AbtG+i+hgYkew==,type:str] + - ENC[AES256_GCM,data:V90ltDzv99AvcA==,iv:0bwrym6xJdNU8j9f4lrwJJlZVa5VcWFz8JsPj689QWU=,tag:PRHrU/yKkKtnGmAzK26Zog==,type:str] + - ENC[AES256_GCM,data:jcvCQchCHl0eHhUEQAc=,iv:4bF4JXeDSdA3EBJvxB3Ok7db2mECWwGLX7/UdaZqXSs=,tag:f5vq3DOtWq+tl+K9F0xeOA==,type:str] + - ENC[AES256_GCM,data:XRdGKJkAd5Tl,iv:seYW3OUt9ziHl2pZPm2aQNuVEbt1IApnmbL/YnsNQ/o=,tag:aaw7S8FWKDeNSGCZ80HcIw==,type:str] + - ENC[AES256_GCM,data:C6TCQ1LSura8pFA=,iv:jJEBtbcVuezq89VIf4WnYYMqM1RE0WLHWSVhyadmBT0=,tag:vFIGyjPKKCOgad4gIVojNA==,type:str] + - ENC[AES256_GCM,data:BQV98bOjE/QowbikTaJSkWxpwER/7CP3bj2nf9k=,iv:1cYtGFUpDMO52q92dNbJ0iu2m134fU8AlAB86jU2Z1Y=,tag:vGhNnYq9eJ7IQUnOJqPStg==,type:str] + - ENC[AES256_GCM,data:Txgq9mJzhn92Fr4=,iv:86LoHb4H3Ql2XBycEtDtIeH66Xx4V3DMvyT8/OcfFcE=,tag:0Cx5DFddCUm2D4kx5bVGoQ==,type:str] + - ENC[AES256_GCM,data:MLCya8+cjOYHH7zw0Q==,iv:Fx3ZnMIA5uQ+MSTVa2qaqK8aaA0N9BwlNSk7wN6tRTw=,tag:FxfPpGqK22js6omIwg/Wog==,type:str] + - ENC[AES256_GCM,data:5I0qGYL2kUTNzCnGZb35yxU=,iv:3qAwACgeXNp8s6JF9M+CCyTJ57usXNSk6KrDbdnW2r0=,tag:/Ocgwl+URUrXCkTQ9gdSXw==,type:str] + - ENC[AES256_GCM,data:T5b8e7/yobboIc0nG5repT0r97c=,iv:01cIIxu2XsO05lG5S24AIie3LuT8G2RuyVl0FYPtjeY=,tag:kJNDlMjFKs1nJRT0OMBd3A==,type:str] + - ENC[AES256_GCM,data:VjoXD6HuZH7LYxLlYIc=,iv:t38yvPiPke4PM+QLqHAYhpr84Tw0/PffA69UKIQPZTU=,tag:Q3DOBl/M6ATfntWFX6PcYw==,type:str] + - ENC[AES256_GCM,data:BIexsnjbcjXFbWnv,iv:RqJsc81TxnCfKEIUVQTUn1xOIcGkb9xmDdVlm//Sjgo=,tag:vcg1M8kPqbrguPzIiLqLjw==,type:str] + - ENC[AES256_GCM,data:gK1V3ugbqBiOOQ4Gjss=,iv:LPunxOwZZ0eA1r3q9SUkVJQAdgUJK7p57sEUypp8SF4=,tag:D+63ADPWTlpYxGjIFs/hRQ==,type:str] + - ENC[AES256_GCM,data:ZTIS/qaEyKsoYZQebwjtzA==,iv:hBgUyPfC9Hf0p8PR5+JqtzW+Gwxfk+As1eaOV59bip4=,tag:FZTcInv0AUUyoyPzY3Ig5g==,type:str] + - ENC[AES256_GCM,data:517Rgzw1534tr7HhsrA=,iv:7tnpG9S6hs08qEMVLW5zaYyB4qzEkxEm44ZZc7+eVIk=,tag:PdluW3hOaCDswXkLhVf0Ag==,type:str] + - ENC[AES256_GCM,data:YJ7QvdxrPUZwrodRbozgkrokQg==,iv:DzdMwUEbZkQTXkjy90U7PhPljRBG0H6Wj/G3BmnCuBg=,tag:37GH64uy/NPZMMjtlafYOw==,type:str] + - ENC[AES256_GCM,data:zYQmZ/LVAPA4Hv8=,iv:dobY0AncdRYFoWmIAA2OOdLH2VvnGkY1HgJNNT1m60Y=,tag:twX6bskyU6HazOPUFvNquQ==,type:str] + - ENC[AES256_GCM,data:/y30AzqeejbI2hM=,iv:oyyrO2nHxQPm/nZ+fbuQSlP10mT/N8dgkBmW70bVPlg=,tag:IGyYiC4Rl3fnxnD/zzWR7w==,type:str] + - ENC[AES256_GCM,data:5O41WbbyRRf2/rw=,iv:BnoUpVtG//OafpwlaGGdzfYsWYPQKQffXwulCKgSpn0=,tag:Z+lAwB7WovCCeqC7ZXMgzQ==,type:str] + - ENC[AES256_GCM,data:TEnLfJ2Utw3WmOY=,iv:BlFGiZcbtEbaikj1AOoDx6IYTwaR3mN/Acvl5JeBqPw=,tag:NGcHqMqPlBmwsJXFw6rZkQ==,type:str] + - ENC[AES256_GCM,data:H9Sr0+5SiZCT9WfD33Q=,iv:HVv6SR9Sy++7zBaGnp1GY1U5yu4DKBY7nAtqJnhznTo=,tag:d70ai8nOov8xJ6WaXzt5iw==,type:str] + - ENC[AES256_GCM,data:5xb1bukwYpTZjbiO,iv:IexHHbYpMzBN3ZpNIHwO2wowF8DgSfClZhcYCXZq1E0=,tag:kgXPTKwwsDAly6t/AMwCmg==,type:str] + - ENC[AES256_GCM,data:CmoW8GlNPiGtnzaMshs=,iv:epYBcYqK2mH75WkfiLLfoKDactpoRtIW7wI13n2c+8s=,tag:yi+j5RqRRF5hfveJnlY/bA==,type:str] + - ENC[AES256_GCM,data:ken4j5gLXiC5HaJ63y0=,iv:Q9JZz7MTZ+TA1gn3Lsf/P7M/dN9xZRzn2k41lMTYKmA=,tag:fdTlHEwqJnxeDCLk2e/M5Q==,type:str] + - ENC[AES256_GCM,data:f+a7wrB+lb4B,iv:WJG2/xan9+VG9Ud5WdWqxkekr7KWO4oBu0mBr2cwziA=,tag:JtZAjBa4rOCFfGA+1/9BxQ==,type:str] + - ENC[AES256_GCM,data:y8L5pBSarGk=,iv:8QIRg24d2uP/50RsGtsQWgxEU+0piF2KjNqNEsRFqiE=,tag:y2VRb8W1L27Y1QgkH0134g==,type:str] + - ENC[AES256_GCM,data:74bL7dYUgy1+7Xc/7oxF,iv:yEB4tMIZ1MPNnjgi7WsQakmyJExuB2agGYUmmJ99dC0=,tag:KblZlAwFgQtqu3ZPViwkDg==,type:str] + - ENC[AES256_GCM,data:anKFJnmbZZ4=,iv:2CXjazFPBDCo2074ahNFAlnxVboxA4DZnsL6dQQjXGE=,tag:GJKh2dHk3sqnMG4UJUaCCw==,type:str] + - ENC[AES256_GCM,data:P/QP7MqEqK4+,iv:pkzAvfz3DeaOn/yJqD2DFXsXdXt3TjDkKorvIh7aFAo=,tag:eCnGFYnMLNUn3Pzr5TVH6A==,type:str] + - ENC[AES256_GCM,data:ZR4W1rVuSyBchMt2njZemg==,iv:OyEU/NEB0dn0HJxdvF97wxbsuNYIySum41XLGal+UDg=,tag:xiMeYGhFMFwCmi+wyMI/0w==,type:str] + - ENC[AES256_GCM,data:bKo3athLOQ==,iv:rBOE2bO9j7bf3ur2IqNM2zmT0QseDNdyVrOinxkf27M=,tag:EE0QKlj/N6y/iLNL7hvmdQ==,type:str] + - ENC[AES256_GCM,data:t3ELQ4YRtFfRtYLIVw==,iv:mH6l9deJw5jFDddFhDwzAhhwu497S7RVf5PwivugYi4=,tag:bJ380lBufc2S9S1VI33cxg==,type:str] + - ENC[AES256_GCM,data:Rg0OMxExE4G85MB0ZbJeHLr8PA==,iv:8glMM+XXVvDZfHJIBqSMP4djt/XP59exUz+s+1mmEiE=,tag:n4h7KqzKWKLSkDTRplwfaQ==,type:str] + - ENC[AES256_GCM,data:oUl8/Nd+7VaF5Q==,iv:Q6Ui02mdbwSz1/3wBkME+tt6l4tcV0Zq41s67n1v3Rc=,tag:uO8ThVGPomZ5bNjDU7jITQ==,type:str] + - ENC[AES256_GCM,data:vjs4WZuUWiKq,iv:YX5mPh7mdNinwZyrtEC2+lUp1hPwuJVAfoZDnkrR7zE=,tag:MrhKhXnmmMHnIowHl+CXtA==,type:str] + - ENC[AES256_GCM,data:sQvx96f6WKJRnSo=,iv:zQ0nQ3O4BMWhtGUKBpxZe4Lyqh7RiL8RhdLmR/SXStM=,tag:wnpvdjiXp+GB1rQcJFCNdQ==,type:str] + - ENC[AES256_GCM,data:cpKAon9CBhzb8sai,iv:S49PccinuQbZsK+HKqF3jbWbVt2G/zB9taqPl8UJRYc=,tag:+nmbJWU54XuddAJh78R2qw==,type:str] + - ENC[AES256_GCM,data:Zmp7GxptikSIc5CkV2KOFPT4btU=,iv:qcEMfM0abcGpq8YaERBXqusTNmIDkFIB1syx5OT8po0=,tag:JxBCNTsC9hU00sIO0Vlr4g==,type:str] + - ENC[AES256_GCM,data:fbqJH3eensdTA5G5,iv:KwPy1LKUGry080wRJqNPbPuLPf8zbwYGeNPDcT23PWo=,tag:O8OEHRWzkrvOg3ITWWhwXQ==,type:str] + - ENC[AES256_GCM,data:B1CjakWQCKhqG4pL1zM7HEip82E=,iv:mFdRUhDRRlMtRCc2Vs9SF7z4SZtoPvwZYQyKo/M5lyk=,tag:SkZUE3diSIfzMRdrrKeFUQ==,type:str] + - ENC[AES256_GCM,data:DKykgqW3tmozlnC2RA==,iv:HtvS7DJ0wfUEnTlg4H8e4IOaxeWsFg7WhTv3NPIQT6M=,tag:TOCEFctMolAj8YPZ+JoqvQ==,type:str] + - ENC[AES256_GCM,data:x4N2q/bNXAmoeVVHWik=,iv:oOfKa4gsC0GwYx+s0WA8QvrFASa5W5NMm/Y6/vXCVYA=,tag:1AfOD1hz53c5B7PQjMPo/Q==,type:str] + - ENC[AES256_GCM,data:LTsNH+QHG41xkv8FAw==,iv:CKyBX+XyDkoS/hYX84ITd4xs3tYrxA/iMv2c2IriHwU=,tag:mE7IPIaB5ihvLOUnA4WLJw==,type:str] + - ENC[AES256_GCM,data:UZV1JQAA+DXVpH4=,iv:zVg2Z0T2xv+qoGDROj35AqyoRzz0VD+DlSWdhkbkATY=,tag:UdNBMeN8kNw/eztQlZtFcQ==,type:str] + - ENC[AES256_GCM,data:Mju+JdKnktSr+Aw=,iv:CGx82hKnavo+ioAA8WWnFBUZ5Hj5Vw7MqrDuIaZGtoI=,tag:FHxPyQiPvmrmZ6Ts0+G+8A==,type:str] + - ENC[AES256_GCM,data:MzZSxX2Z0gMiE2Rv/w==,iv:5nZ9L7Pj+80LCazuleUCviZOwEinfkQvN5nprn2il2Q=,tag:vkaNRl7vbvynu5sQyheMow==,type:str] + - ENC[AES256_GCM,data:j3BnGSsmkVSvMSI=,iv:RhtsAuPo7srouwg9DWtNCGLbExthTRUD8I0oGnDR3co=,tag:5qEo5K4uRL/N6i8xJlHPdw==,type:str] + - ENC[AES256_GCM,data:xa9Duhx3Bll3BLFDx9St,iv:xf4PcI0T6j6SMvwd59J00hYtLqjOnCh5A0wbcdbcAyA=,tag:lKdQVuTmeXeL+LdASlXp5A==,type:str] + - ENC[AES256_GCM,data:r1BX3jI3KwEDVeO+o0iF,iv:ehwr3Bwl2ywtTPY1HjfqSjSY0KnYyPYL+hU7IFi0F7Y=,tag:7CSBvADP6Vke+/ru2Wkp5Q==,type:str] + - ENC[AES256_GCM,data:NR4HHn5d2ajbSzwfFgKS8g==,iv:HIVegNxfsItdj0wD1CPCWGp11hS8OziSgE632h0awlg=,tag:TXySw2rGBSczhA08mHR+Eg==,type:str] + - ENC[AES256_GCM,data:NkJN5PLo6+EQmi3p9g==,iv:TKX+TzHXMxobZxIr9X5ElCZhQPxrwRtkhUdqFjNgBAk=,tag:jcOMQG5C3E8t+ZppLApOlQ==,type:str] + - ENC[AES256_GCM,data:hGni9bLIC6ATKgJDBlBu,iv:WWD5gFiI6SHuUbjoQb+rsolcqav97HH4CG0VYvpbP4k=,tag:I5NsBVIr720kzDsRg7Glnw==,type:str] + - ENC[AES256_GCM,data:5E0FrO/Qz0Lpco9HLmGS,iv:Ntv6TBe7al0xFDf5cxh17szGufSsS65WXf80uwRVMPc=,tag:cmvWCFKqPHcNJ09I9lNXLw==,type:str] + - ENC[AES256_GCM,data:5XLBpmLC25bvAcBUp+U=,iv:MPe2egT4HMBtFiLxKMNcfMWLvpfxXrCbOY8+onBtKiI=,tag:DUk0FDbrdi3KUMjLy/BTgA==,type:str] + - ENC[AES256_GCM,data:iqFGMc4owYE=,iv:KisA1w9fZvR18kmqYGr//r9lwu7O/bXT1ZTEAesOodM=,tag:qq89H1uxNt8u2lbWwAP6hg==,type:str] + - ENC[AES256_GCM,data:dzZLB9gszB80I9Q=,iv:7WJVWyru4QCTH6ecGChJNrw76DmMUyiyUdbnuPTqiI8=,tag:vbFmTOpWpVmgpuXjxAuNZg==,type:str] + - ENC[AES256_GCM,data:SexB8oMumO1yJFDSWg==,iv:IvYX6/uBOokBnqB3413543bZOKJBAjCZTF6sjW2OKd8=,tag:n7gmRe+RU80ogBGfx6tDQw==,type:str] + - ENC[AES256_GCM,data:PVaTtfZLauewAeQ=,iv:YsRTbaISAokhLij2P6ZBdqvRGbQh7LDRDGJZ8cwxUXk=,tag:czWzvKSsIRIei+hmDrCPgw==,type:str] + - ENC[AES256_GCM,data:ScHfUPu/Ww==,iv:fQ/FmIv7vIXAg6wWfnlT/tb1e6f2vzG9JpWxplBMQ/s=,tag:l9IL19itqMMw14UlUIxXDg==,type:str] + - ENC[AES256_GCM,data:zAISyq6PFw==,iv:GzLqO5dtpfQKsuMAuyOyLUJZYIJJCuvDzeB2j1oKqI4=,tag:ecAy8N8V5+ziAHaB0mPsZA==,type:str] + - ENC[AES256_GCM,data:8LvWo9VvihiG1Q==,iv:fo525+4WiwDoZ9ErMPZLSXQV2DCvMLkP94KHXDjl6qU=,tag:/817nvM5Epi/01OWHlEmmw==,type:str] + - ENC[AES256_GCM,data:rYmGBaUPg1tboCemQ+gS,iv:fCr0aCHlYwMOR7Fl+xBJUbZQYMflCtxonpUpP6S/dOk=,tag:GQsC2dG8LQwIsHd7zNVsig==,type:str] + - ENC[AES256_GCM,data:esj+VE8up71oRuvEzA==,iv:HOccvUS0l94nvccmL2+yNK1n8kH0tYKeXt2z/zts/Lo=,tag:342jh+aT10y4VgYRX4R58g==,type:str] + - ENC[AES256_GCM,data:q1PstRV/LIfsnIlGi0B9moI=,iv:cmCOSd32w5vs3Hid6N1X82t9wox3/K5446kyEnKOy1c=,tag:tRVBXZAc8R8rQJ/j4wxwKg==,type:str] + - ENC[AES256_GCM,data:Y8HMBgGomIvP9gth,iv:2aUcR7riLi1GXuzsZ1qIXGERX1LGaG7nfLcvQOcNOuc=,tag:8AZ1VMNPRt/M4FHdmDvrYQ==,type:str] + - ENC[AES256_GCM,data:vtb29C50B1AmUweYyQ==,iv:u5JvpEut8xrAwbY3ydytafwmlDB1v49oxvnFa794evQ=,tag:HnK87DeQOcKE3lZAndKaUA==,type:str] + - ENC[AES256_GCM,data:CnewZfDjH0CfxozSeGPBTA==,iv:TtSjWZMzNiAGzkOm0U4p5jVoOYMoh0nH/lB9WredTLY=,tag:/HAp/BUCuwFd4KGAOkfIew==,type:str] + - ENC[AES256_GCM,data:OW3aFL0yEVJg7uN18w==,iv:hVakt1ysG2E5qip88ZgAuyDEEIdpXYfpqkLFlYyssK0=,tag:P6al8lWebiPONSeDkaKcwg==,type:str] + - ENC[AES256_GCM,data:B4td9o67U0TTRINSAQ==,iv:6FLBzxDAIOmFaisgPra+vOeEcBbF9sfyI62LXtU/63k=,tag:NMlvfeEIbr75J1Sj+sTJeg==,type:str] + - ENC[AES256_GCM,data:b7mRegRJ63wxzxE=,iv:NFjzodNaAP8ISVccMenhf/PeToOkS33PVeXESmt1Qe0=,tag:RZkh2PMze18pAdaiSN61Tg==,type:str] + - ENC[AES256_GCM,data:zwoyWjVQg/Ff0gD9HXE=,iv:UlQAIP4464+pig6AMYqX8OxeVa0Ppk3ADdBXs5s9BJ8=,tag:hhpGAbksJvr7NfwB85+9Ig==,type:str] + - ENC[AES256_GCM,data:PtR8dpQwJLGexTDioqfjVEc=,iv:gFjgDYpYITaIXr5WMSRvEzKMX36elRgjhQgnUEgGWxs=,tag:Wu/8Au+AL6UV3at2Fv7abg==,type:str] + - ENC[AES256_GCM,data:uKzeBytjehf3nsHF+T5Ja5s=,iv:yNlgVlNmRza6Y6heCQpzukK3+tOyBu4fTnFVPkoea+0=,tag:N9/PnlKfkmMWwjfV2QNryg==,type:str] + - ENC[AES256_GCM,data:ZjM5xduD8c7jr7cRiw==,iv:jESFC1n2qMbma8SbUC/OhxxqnMJG8QobhjkOQotdVlY=,tag:yd5AEUitJQIS+PYrCQAliQ==,type:str] + - ENC[AES256_GCM,data:lfSUcMP83IdWtka3CWk=,iv:16rurGmeztq+MqXqhon5zMxDaVpSMmYC/qWKt/0aVcE=,tag:lhIUBZ2SsI4j1/mr+1l7rg==,type:str] + - ENC[AES256_GCM,data:7GDHJj8INlxRLCIzVbc=,iv:Pchj3wvqVG0/r1ul6KQCZBI+eF5aovs1WCO0crJS3Ic=,tag:KS+ZLdHIYkNLvy9W8idZlQ==,type:str] + - ENC[AES256_GCM,data:pc19jZDGP2BLNqA=,iv:ifqjV69ofQeTUX6bIHNp4lvB40ZlpY/4kbETEbWLzb4=,tag:XvBpIqWnmmI75wLAXBnzlA==,type:str] + - ENC[AES256_GCM,data:GODW7lCjFlT1jtaRABuc,iv:GVL5+b7qfFWt7kgRuCo2X3q/5GNM8pHjoKmgf2unZU4=,tag:JFJafJP00QwRYP4Up5CAEw==,type:str] + - ENC[AES256_GCM,data:3RVckh3DaqDMhStanA==,iv:oz29P49726zKrufjiP46JYm+P+ew7BbX9cK0c/RNIu4=,tag:OWvirATEjBMB4IviDaJrAA==,type:str] + - ENC[AES256_GCM,data:3n+nehcR6o/R3OGG,iv:vQLes3lJwkzBpDnMcCQUSX7dfTNiXkRkYOkWoa/VsYw=,tag:Yz2g4BP7ziyo2FsWDvvd9Q==,type:str] + - ENC[AES256_GCM,data:B5c12XCxomN+,iv:ltOuqjbQWM17qVDNR3mBVeQwOi9e+0EtaCdgJLkLovU=,tag:QAmA36urO/MMMKD1ZnSY1A==,type:str] + - ENC[AES256_GCM,data:g5xSN/J/xXmQbGx8fQ==,iv:ykfVVadVH0aKK/DZiMcImpys3/237grQaCGea2tvB2U=,tag:bg5QSQvuNS+eScEKar+jlg==,type:str] + - ENC[AES256_GCM,data:Cv/Csgr0mu4VYo/N3fs=,iv:6/EL1gL6TlOAZ5DXhWvLwIEEriIhd1qIKTpr7Bb7ZdI=,tag:dQYoZzA+bWTsBSjOMgaa7A==,type:str] + - ENC[AES256_GCM,data:R7lNuETpQ1rIEA82Q+Q=,iv:PFk4LBSOfUUHhBvkL3VYWWP/lRTXP+gWVt/j3bL1/po=,tag:AK86rYPUnkOmgJgPkzc/Mg==,type:str] + - ENC[AES256_GCM,data:DV5C4byOYCQiKRcqGYQ=,iv:ggPREFvIUHpaO1Gz3tN2thJ16Fh9nMjgYnfKwn2o0a8=,tag:EfYbmp8L31faVqJqxb3PWQ==,type:str] + - ENC[AES256_GCM,data:/Rf6Cbp89wVRks9QDpA=,iv:Pad5YAsLZuXGWIm/eDlrvr7DUc4lPbi9olcHskahNeo=,tag:BvO67LHBlOlQrb88NxzZyA==,type:str] + - ENC[AES256_GCM,data:Fi6UwSw1iQOVeTgy5A==,iv:9hGOwPKaknda4s0+J7O9HfWb3og+cNKXhJAgzZB0f+E=,tag:YtomthYceaToiKRHSiGfcw==,type:str] + - ENC[AES256_GCM,data:+2WCZZoC6OE/X6iydFUn,iv:HaTgEeDONs+/d3Ufs+E7zwpUH7HQ6GXNT9Vzr3OdKSk=,tag:NqTs+4AEJR+IrSuo18mJeg==,type:str] + - ENC[AES256_GCM,data:tCmlOyrApoUeUG8iu2E=,iv:twtJmyEiLFEMxznD7N1VD8hmuIBvjwgkmagAF3zPqN8=,tag:tSEa7QZ29M5mZLegKJaIkw==,type:str] + - ENC[AES256_GCM,data:mEj/V+RyKf/euVRW,iv:5VSBByZJ4ZE57o7amxHc6WP2yEssFsKxuGzA8ctSgpA=,tag:6bE8FSlhbiaIfG3tUHFzNA==,type:str] + - ENC[AES256_GCM,data:PWvAGRwiCEiqws36,iv:KzVTo9veMLmyFR3FAtefeopNERLDn1buRdl++y8YoGU=,tag:GsTHlEDiumwTcuvoiDvEQQ==,type:str] + - ENC[AES256_GCM,data:d+ZzKTYMGKByYbv8diLJRTc=,iv:vN7v3SzmXvBJGDPTwlhIX74XOrKaFRv5u90etQAo+WA=,tag:tMrsWoq0BwaRPl8R7wcdAw==,type:str] + - ENC[AES256_GCM,data:rSc6Ro3Z3Kmn4w==,iv:tUH+A0k6ViC12q3pLQ7UwqP9xydCOvQdNmZ5X4rdfdU=,tag:o+5GJJ2B8/ts1VmQ/TiDEA==,type:str] + - ENC[AES256_GCM,data:EEtQ1+cx0USP1w==,iv:/xD+JWuc61SXDms85k05c/6L6eJ3wUa9TCT9lSOPxTY=,tag:5a/2GNfeRQQQLYlQ1lZp0A==,type:str] + - ENC[AES256_GCM,data:Jp/Y6Upp9Do=,iv:CNxKAZxcjuq4HzgL72td0cdAw+UlSJShAmN/BhCFUJg=,tag:v0ZHEj70GI93zao3dRhkQA==,type:str] + - ENC[AES256_GCM,data:1YKBybi/IPA=,iv:hVd6kXI85vfGENtCg+WsbUnOmIx2Q6bnkPhMG5tchP4=,tag:eglFI5EVNnQe5/IkPTYofw==,type:str] + - ENC[AES256_GCM,data:PzdQxHS5Fb0hk1YQ,iv:0NvZBzebNhPsyIIv6lbOSw/uj4F8176/UPK/KJhNuHs=,tag:fVGNntBH7uBKyXAAlBCG3g==,type:str] + - ENC[AES256_GCM,data:a5nxPLHfd9iQdNM=,iv:bBhAhIulRXNDCKgOiRqgw4OKGtZqwhE8KnUqzGzMWXc=,tag:XebGmoO66A97suJb8jYDIQ==,type:str] + - ENC[AES256_GCM,data:9rToCcFk6NJtJjI0,iv:MBNMHyqG6c7EokKO/4NVhduIdJ7jAyYH2qB8sGwTBCM=,tag:JwXsokPUjTQjnDZ/0KAtVA==,type:str] + - ENC[AES256_GCM,data:dO2BiCEF7RB3J3A=,iv:ERht6Xq2l0R8dOukDbDDVSuLz1dXoVZCy6B229wIXjs=,tag:cwmjQamQbhnTORQaPvLk3g==,type:str] + - ENC[AES256_GCM,data:L0oXNn1GsGppeSF4pg==,iv:aBaWHpZbAKzktxBogn3MOAiob/zQv8dVgxNoAKybqqo=,tag:/7hrSG8Ug+sysgWHvt27nA==,type:str] + - ENC[AES256_GCM,data:LATv7ZJulDsZ9txp,iv:ffgUP3YnWxEnBlGBb2hDxn+cHGwIOoUjcQjL8LS2uVg=,tag:hJlREViwNvwnitDIBfcS0A==,type:str] + - ENC[AES256_GCM,data:FAAOV1ap97/R73ovELAE,iv:zOXoD56+5lTv0S4PXsnsqkIOcYZYHDWbSIvFhyVkteA=,tag:sgORCgnAVOzQaWcxLD78RQ==,type:str] + - ENC[AES256_GCM,data:q1l+hpCc+eufZWw=,iv:i57yNrj0gVJvNTK8Mwf1UOmLxz6ghM+BPSi4HMnXJn8=,tag:rQ6psPatH2eG41p8IQUJyw==,type:str] + - ENC[AES256_GCM,data:kRa8IcBG9/cRtou+TQ==,iv:dUtosw781JvDL6pPFrtEL30gkkeFvkHwq9F4SLsSA2o=,tag:HEUWXomQmyC5ZpHKH+EVBQ==,type:str] + - ENC[AES256_GCM,data:cuIU2HxsfyMHgc+sHI1XnA==,iv:PGjWfe44C9ZTmstjY7Ndohq7K4lfqensi/95MftO4J4=,tag:u4Q88VG9824gZAHkvbawKg==,type:str] + - ENC[AES256_GCM,data:vg1TQwFEtyfbAt0bebs=,iv:wmhHk04KgTyeVB8OtaSycDwMx/HHy6269bHdjrWLCbU=,tag:t5B2pgQEGr2ic30iK4IUQQ==,type:str] + - ENC[AES256_GCM,data:vuevb9ZeF7mIjx2bmFWy,iv:O1CiFHQIkeHHSUxI6QspEEPz0J0pFrELJeoxldhSC2s=,tag:WJK3GyRNOvI4xGvxjFhpyw==,type:str] + - ENC[AES256_GCM,data:cFSiRiair2EeYrcIKseZ,iv:91P/jl6ucMY8hEYjLYV1V6z7Ihh9E4eRE+SnlbTjGeE=,tag:2xLWs1//FVE4Q0j+Gee0Bg==,type:str] + - ENC[AES256_GCM,data:vOmhlPpUwkg=,iv:6HmqG1t26P9E2mrlXcj7VBiKOgJGzfXe+RMX5qSyjPg=,tag:XisyZQhpIoOJynV2YvExBQ==,type:str] + - ENC[AES256_GCM,data:Dl5ic18qpaPvEQ==,iv:QAZWGWK7Y8Zug9aHNM7YpDk8suPyEPfGfdEHDVkZbOM=,tag:7QyrCU/2GOBFv8eIkVXuLQ==,type:str] + - ENC[AES256_GCM,data:TOjwhkuFhqCYjwBd,iv:e0HU8lQ5mFxImE7o2i0YKQlEPzk1RkNQ5jEe+y+lasc=,tag:KsFoFM5VfI9nriqDBeGxyw==,type:str] + - ENC[AES256_GCM,data:Qm8p9xPpVfBFsQ==,iv:z4jsHbrzVEuQXjlspYWIXe/hQcxM+565dbvN4GEINvI=,tag:167OCrW6HtELYq1jqSDGog==,type:str] + - ENC[AES256_GCM,data:A4MAoohsGG5zTe2Veg==,iv:LwfFM+nKZgBZg9VOvFBnt1+zqS5+LSHmlDazadxOPCk=,tag:L7z0STyabsiY7mLRk/vavQ==,type:str] + - ENC[AES256_GCM,data:zPr/WEMu2Tk=,iv:1MT9H+AhR0YwrqZ056pbJdfHgD59w8zT18H590xr8OI=,tag:WWrQjmjgE43D6qbxS6GCVw==,type:str] + - ENC[AES256_GCM,data:LU3evHVt7Dk7S44=,iv:jggy3+8LZmt5RK5pLUc/YW/4v3sJKnMbvvEp+FUcyhk=,tag:s/wgvDBMlVxqA5kLyawLdg==,type:str] + - ENC[AES256_GCM,data:PQtCmOpW67A=,iv:i1zhy4uc7L6l5C/wmpXISRU01Qoa+aIRcdGxZFwAG2I=,tag:XM/DKK+tLZPO/x3EnESOrQ==,type:str] + - ENC[AES256_GCM,data:m0K9LayE49QepMc=,iv:qU+E4BYBwxdHStPZ1clRXljVye5dSGa8q37Eu7LwooY=,tag:N96xmAXj5JxiNNIPuW8DNw==,type:str] + - ENC[AES256_GCM,data:PDIDP3U4Wg3dPUw=,iv:dTU8QT+MAW0RYcU6NsTiqQKa5ANoiGp9bZFdYQl/G1g=,tag:yvPz1y6hzC6EapERGackKg==,type:str] + - ENC[AES256_GCM,data:hNd+u/0giRzMptH2,iv:isM9sIeG4eJ5Z5MlQyCnuJOEVhb+vKWeYRNxJHfaZdQ=,tag:/3IQ+6W9RCaC4k2SIEBS6Q==,type:str] + - ENC[AES256_GCM,data:AkwUyN5o0MZgmq4=,iv:Tu7cEPMJI3xEbWK+e0jThBYf/ZO0k6x8Ii1vxA0doZQ=,tag:1XUdt3xgT4/zM52a01h03w==,type:str] + - ENC[AES256_GCM,data:tDP2WWmHZ4TF5NujLpiwPw==,iv:+Qoz+5f2fFOeULk56QAnlnNzNDpImYawjB6+lcN6C10=,tag:1/jKFLbs2jzk1Gaz24JFqw==,type:str] + - ENC[AES256_GCM,data:NKeESBl/PwixKC0=,iv:dSobtOyNJBepPdEs+GxFbi/o2yTU3eg3px9V4p4lilM=,tag:kuu/zKhXXdEptYh7yWiPXA==,type:str] + - ENC[AES256_GCM,data:H6nxbvBIUnTFCmxlUTcFQzvOYHq/,iv:teQuupyVRmL+naNZWoc8cONDv7uAQYGzD4w1Ppfxigo=,tag:LFKoNXRwQ3hWHRCLM9Mh3Q==,type:str] + - ENC[AES256_GCM,data:HCz1tfJDXwlZuKE9OQ==,iv:0HpmpjUZzrrykyh+vxiMVqNivEBIdX1yq6L0BHccDtA=,tag:SWMUWaLESdwvJJpYL3Natg==,type:str] + - ENC[AES256_GCM,data:O14kMcQGGUCIUdx+ibHL,iv:2NS8vZOASZ8TRyezpc8kZmkpWYRSdAY/b1/OQk2B0/c=,tag:XwPzUH5L1BXn/NM+x4wX1Q==,type:str] + - ENC[AES256_GCM,data:SO3CRW+PrlNsBBZYBItr,iv:a4llqG/hooIG8xZILEVqys6YtdB2ykWQGXld0kBDTsI=,tag:yf/VEafe1TL1C6uddxz62g==,type:str] + - ENC[AES256_GCM,data:uAxPVtLQjBYy0AF4+00=,iv:ISVhbJTDI5J6sobYc7nV/laxZoukyBMTN5TLkLzvkko=,tag:U0cmbz+7IgKXdZEfBAQGpw==,type:str] + - ENC[AES256_GCM,data:iAuG5AxtOj7Eg2tT+3z67g==,iv:00ky6Xm9TrSUtvSRgMaPOF3qANznRqjZ0EhMF7Ei4mc=,tag:8UyZxYW8/PyzOrbPHQzAbA==,type:str] + - ENC[AES256_GCM,data:Fd8FpcDU4v+8zLk=,iv:mDx+WDtoC7LEv2yJPwTkRI1Mdb/Ez+M9fcvvAHgNwS4=,tag:2yqsVHxecBrSGDzhSidVjw==,type:str] + - ENC[AES256_GCM,data:OtQJZ0WT1pYti9Y19w==,iv:cilRmF6fW7gPrpHEaYGezwTq1y6+vGyScXbM7g4svTY=,tag:rOCYaD9ULpCCc5XH1eWbIQ==,type:str] + - ENC[AES256_GCM,data:cy040su/Fpc2OdvTj16u,iv:CYjk+Z0cK/pXnBlIbXQjkk7RqR+OFnhdtVUi1R4MbWo=,tag:dmdr5TIScthzu0ipfYJiPg==,type:str] + - ENC[AES256_GCM,data:6haWOD9+jXBWfNxbyQ==,iv:DBF2/Ole2w17L7CU104hm6sSh6Wr1W9Z+Um8JaTC+kQ=,tag:WvTxPP+VA3zvtcqPeFdgHg==,type:str] + - ENC[AES256_GCM,data:TLnRGiZGDO6qYOrshPE=,iv:7p0oNXUpwhmAtpyHv9gGfJsxlV30TtGENbzM7uEhuJc=,tag:gfS942wy2cd0NM5MkWB93A==,type:str] + - ENC[AES256_GCM,data:31lxflSoWo0jKkFZ,iv:aS6Aie81wEllWbQDdXS+JKiZX2wvYsGmlwR4USp4ZGQ=,tag:a+STosMZdCo4V/VOMvTUyw==,type:str] + - ENC[AES256_GCM,data:2QZ337wMyQu/7wH0,iv:AeK6rHUN1cGT1M5JzqfARjjhZWWYNDSD/iZ1Tczy+FI=,tag:8KQYYsRNI91qM/uLhQO6RQ==,type:str] + - ENC[AES256_GCM,data:p68uBjt7MNsEmOQP3n0U1qk=,iv:M9cwdDekUnV9jqx3U9ww+co3Dh5AiTnCgsHL96CRLyQ=,tag:HfZ8yLJ2d507JLfYi9E3XA==,type:str] + - ENC[AES256_GCM,data:Co80r4C45zvDxwpmKyg5,iv:NOB3eQnoS+Rkx+8gd/dlVOFnAKD9nZki9YEBA/O0u5M=,tag:+psxHjpoBrVyzx5qzMnFiw==,type:str] + - ENC[AES256_GCM,data:5jBEYM4G7lafAaDf5w==,iv:WUELDehkurD170G7KLZDlgjDgtGMkkQ+uIj2liaRG/s=,tag:7QQMMnMZIQzl5G0OUBtbsQ==,type:str] + - ENC[AES256_GCM,data:xJIfOX4d4dgQ,iv:dPHuR9nP6Gohw3PvdCO/SRdiJfSpSzOdYskIOmGk4jg=,tag:13hrVsng/ZUiOEJFy70mEA==,type:str] + - ENC[AES256_GCM,data:ThI7Dk8k4vMI,iv:W9ZSN3p99qfyw7xSCRxJOXmEgLjkIsOLTyYZ1SIPqEk=,tag:eIkwcknAnWLzYQegaexFbw==,type:str] + - ENC[AES256_GCM,data:n5h0KlvzyTEt,iv:PvEzT4Pl1RfXWX4lmfChXuIxXUi5BdVtPo1y+6jiIFU=,tag:HzvFwU3dcVQXHZHV69BuFA==,type:str] + - ENC[AES256_GCM,data:9ji+ifiV6sbB7JUrD5nZ4ldS1/k=,iv:c2UWSDHvsVsGG7TW71eWCz/RJuDGynggYqpAQbhrcz4=,tag:1SeGdbZD7M09gD4MnFrnSQ==,type:str] + - ENC[AES256_GCM,data:NBmfQoSeHFVWldaY,iv:8/cyI8B8ok8quNNPjzA7a1sK4gdfwpzS9xOTf4F3jgY=,tag:ljlw/CoZCFMUW9SUEJtj4A==,type:str] + - ENC[AES256_GCM,data:udBhPwLDTuQZouPImA==,iv:H0qwbSpziqjlULrxx+WZt7sy5MwIXgjpH2EDeARrwDc=,tag:Aj9aOetLGcjLLXgqhuhqog==,type:str] + - ENC[AES256_GCM,data:R5FeaKDIcoPAYwUsnw==,iv:xciqDUcVfZC3QqliP2nSxu55GWxKAm7Nbu6hHwVWvAQ=,tag:5RIT7e7XP0G1Tg7N4FsNyw==,type:str] + - ENC[AES256_GCM,data:Nvm5dJU06WCzLjGJ,iv:FLe/wMnDlkOY1XpaRUPA5PE/C58DLfGQ4WJDSelSU20=,tag:hnld6OC2qWr6NP8K3qPdXA==,type:str] + - ENC[AES256_GCM,data:aluX7lN86ZLqNV2Rww==,iv:Lwv2BqpMtdrE/UzePUDnHmXbmWxaxBkeTsXXuKPAJJE=,tag:tq1TumTHmMhbluUXiR6xew==,type:str] + - ENC[AES256_GCM,data:Z2bFiGBEo1eGDMrWMsY=,iv:gEQqieJ9rb7vbCTA83m0IxSc5sJ9PhXqSfI9iVu5RCI=,tag:bYKQkzs9ZV1yWopWqbg39w==,type:str] + - ENC[AES256_GCM,data:AIZq5LNq+RbDKTVLMPU=,iv:1QFnlD4JGCS+ZHCgI8VWUmi2mx+lB/6XTA4lPo3hg8w=,tag:8wxrsx63e6ZnTswAzY4s4A==,type:str] + - ENC[AES256_GCM,data:U0WGPRKPLsCf,iv:06+5SXnhDb7eVrI+Q+xgKYAqvD80D7mbxJwAwlB1KCI=,tag:bX+/ddb9/DHgxs2EocT68g==,type:str] + - ENC[AES256_GCM,data:QK/A27EnIQTw8Q==,iv:9RugTVgqQdbbOeidJi+apyrqqqcJHIXpBMX5Y1Q0k5A=,tag:0BHNseFHYlgQGB2OcJQ3kA==,type:str] + - ENC[AES256_GCM,data:O0HbRkjIUqrOYQlu,iv:BzKiIAIq5ObBHBHaVDU6TO4phLsEAbwEX9pK2h/s/kg=,tag:BL2yqpaWMqI4TtcEqtJyzg==,type:str] + - ENC[AES256_GCM,data:kmdTljkZZMGt/kFw9uk=,iv:+21+mIjjf5lUa639SEx6x1Pbyobf+a7mPPYv+rRA/5w=,tag:J+8aO+HbUlrtPZCNCHxi3A==,type:str] + - ENC[AES256_GCM,data:ghdOPz8MIMLJKW/2L0I=,iv:A95KuD/iae8xGsZghINI45td0QdB34VZmTV6oXDPxY8=,tag:zrFyJnjQSjgZKcKUwAuC9Q==,type:str] + - ENC[AES256_GCM,data:Gwj1NDjJuciZmfPxTQ6L,iv:4zQ/YHCLgQA2JsMuc3Ii+nKfsBY9K7bdp44UZz6d0rg=,tag:Z1RJxP5OVuFAE/Gbj/cgfw==,type:str] + - ENC[AES256_GCM,data:sZLq+YlISKVmLkMrlWIS,iv:cgZoQb6u4fqIstYTlReKOX+TVDXx1pOz5sSfemhFQEY=,tag:/EJWXuiNTZFybdaIToy40g==,type:str] + - ENC[AES256_GCM,data:L3YKQGmvGcEbjNUE,iv:ROy+6xSXflvMS3KRT8bkhLJBZ9f050cIOwzCBjCq8cM=,tag:RVP1FYZTpnpMKyolba05jQ==,type:str] + - ENC[AES256_GCM,data:uIOL1i81WAQf+FST8hLrwg==,iv:5fDQKCp7j13gkYzFSqhnAbDpJ/1tDwmoyzl2aTmudB8=,tag:CkLjTf7bvHF606vqAJ0Rxw==,type:str] + - ENC[AES256_GCM,data:Ohbh4IgYgOMJ654MWUw=,iv:sAOX3rvhfmNwIG7cHE42fIoT6mb1cBggzVNU0tp7xMc=,tag:kjqpCHoWlU0T/phrqiv6GQ==,type:str] + - ENC[AES256_GCM,data:4zXdL6nJIZLcTyLCbA==,iv:/avh71ic8LYR6OdFnUAIlrrsb3HsTEjOqn4vyHz16tA=,tag:w7GkiQGUuvUuYSH8XnqgzA==,type:str] + - ENC[AES256_GCM,data:EBawlDxjHraKeQWsp+8Z6A==,iv:7q09/jJsXFaapQNmdvY2jk92xanqz32YEKf8UQumN80=,tag:uwjDbrj3HpUTYB6/r+wsHA==,type:str] + - ENC[AES256_GCM,data:O+2VJYzn/sTLGjFz4Puu/TsQ,iv:rIN9FJbox7QhBVboyyW2KPBehbe9XN5MjlFSEVWGbR4=,tag:ItcvtX1iArt9ccpR29pADA==,type:str] + - ENC[AES256_GCM,data:/mVXOjycn4zpvE0ibxHrTg==,iv:ZeEEuZ7NRWdL7bbfbVV+EFoFVnbQlV8hb1eHZuqV5ek=,tag:dtHyHBeewcogFDQbklPwKw==,type:str] + - ENC[AES256_GCM,data:7Wjr83l9NKcbX/fCdSQ=,iv:zsy71h3+7sv0iCYTLIoGK7UmGNzX8+cYBRTU1lwV314=,tag:3ZtscoUeOuIS4oAtQrDKGw==,type:str] + - ENC[AES256_GCM,data:i0HAhhPtyOnEoSTtjQ==,iv:evti+kotpu/bAEz9mOAOvpl/jAWCfOZlNR72qpbf3Wg=,tag:3UGly7FtZdVx2dJ+VWQkGA==,type:str] + - ENC[AES256_GCM,data:jWzIqZAr+BsspMHO3TmESjvvbw==,iv:Ksev8OYRgShAvF0TPanOU+wufgKzP1bf9jjRG39IMFs=,tag:J1ERBlkxCLKXcyLjau7CPw==,type:str] + - ENC[AES256_GCM,data:k7So3pzqQNNbeub3,iv:tno9GshlGtVhyHPXQnG1aa7nChSuRVznMgkBpwCsJ9Y=,tag:N12ix3YoJbqd4QF17xdvXw==,type:str] + - ENC[AES256_GCM,data:5yMoDCBZGKeKQT0=,iv:CtD+rR9QwvLSEkFAA/Vvyr9j3e6H5vZQaBtYPFtsenk=,tag:Y5jJP1PbWqKAwpeluMI/Fw==,type:str] + - ENC[AES256_GCM,data:Gvx3CqNk4zsCeoCvb7wbsg==,iv:FFV2PkcislZL4I7HNjVD8qSHtq/PJ0TgJ3kijM3FDWQ=,tag:DSG4VKsLJUjKX2h14/YXWg==,type:str] + - ENC[AES256_GCM,data:Acoow2etHcM9897R,iv:Rbz8SvShN8VSLzdCv9SeiqwNk7hVWChgovKHMV2AOoU=,tag:ELGQs4xLiCXfyHHHEoFQFA==,type:str] + - ENC[AES256_GCM,data:HeHoWqnpQdIQLTs=,iv:tSR/pCVLaqypPiGNnK63FF0nKowbvTmC3wf8HrcviPU=,tag:1QxbjpDyvGee+AZxj2UdhA==,type:str] + - ENC[AES256_GCM,data:ISEsBGKu+5EbhgIQ8XdaT5I=,iv:BTB0fXCbnCXA/NOsMWAjLSa+MLhseSmLtlqQYosg66w=,tag:MlvkuwpzibPMKCwe9omp1g==,type:str] + - ENC[AES256_GCM,data:lyhzX2X1VpwTu78=,iv:0nCoy6jzRzEy2N9LSIpDt8pSszKtnPam3psQrBl4+Aw=,tag:xjbg/IGPq3VJWcmJ5P4OVw==,type:str] + - ENC[AES256_GCM,data:u71KkEEWjlRRaZ8=,iv:KwpH1MQamuq0++6Kg50R+Wplb1KsGTHLdpo7Dp1zkn4=,tag:nrt3sE/aedeZW7JYs5VZEQ==,type:str] + - ENC[AES256_GCM,data:jPhxjExMae/sYFk9,iv:TJmo1uNsOTy5NUipetdH/S6b8aR61zmeXrJ/biN2agE=,tag:+/m5isIpUM3DBadcLtYW2w==,type:str] + - ENC[AES256_GCM,data:yfL2KmRxn0iY48Y=,iv:AofKa0dEPeHwsALQGVzxGTTcZGICuRCL8+G5MGxuy+o=,tag:lkLhHukbpdCK2eEJgKBCow==,type:str] + - ENC[AES256_GCM,data:zaCKser9JPzglQMoHg==,iv:on3LM19ZvL05Zo6+CBbjLo2uB3BXBJ2TdZ2NSp7FiVg=,tag:yJOyfnrPheNW4Vc/itLQnQ==,type:str] + - ENC[AES256_GCM,data:kbaokI7ItoEMFuQ=,iv:+zFkV1+uuESGtj0dNkUjbX6ZM/JbQP3rEkJ3F5CW3eo=,tag:T06bKEK5CNzb5/nq0AHwcQ==,type:str] + - ENC[AES256_GCM,data:45/jEkxHwEtaCg==,iv:uK+POf5PZb7qrd8RG+B2JxUED99ceLpo65YGgMfNXHY=,tag:QfgLddDvC8Kcn3IQlyV8MA==,type:str] + - ENC[AES256_GCM,data:kHSZNqqST+tEmIs=,iv:lUWsBtV195QBtbmULCWCQ5R5fJTwL1VSevRiCwjoAEg=,tag:gnGAmoaI53UvYG2WCgkdYQ==,type:str] + - ENC[AES256_GCM,data:44SN06Vyf8k4VA==,iv:AugSYRACl2KEAX8qIO+ktw4mnHYrOIl84Bzk8IkQZWY=,tag:aCmPmdWAcai8cr0FKc5BXA==,type:str] + - ENC[AES256_GCM,data:OmA9CXMhf7Dgnf0=,iv:c1MJ0XxF3cjrjbHcYE7V+1CAW1iM5WRF9HzjVXCsxyY=,tag:k7DVVk87aT/10Bp6IUes7g==,type:str] + - ENC[AES256_GCM,data:5IJEp3QGuE7BcA==,iv:19hQlngJgQ6xCbFdEUPIL0KUN+vYeckQO87Zeh46sLQ=,tag:s6nCYHBtzsTEJV3TXmbEeg==,type:str] + - ENC[AES256_GCM,data:JgkUm6oIbNviotnLi70=,iv:IgfQ3bTVFX4h0r+WCarGqF9HsreNEge3xauvF3SpG9s=,tag:jecki6C6Lx7K/a/qNkl9Qw==,type:str] + - ENC[AES256_GCM,data:2D1MvjW9CRvhcQ==,iv:H20M7Jjj2EA9BhDM/bs4JFRVnL7jrIzchzGKj6qanHU=,tag:pyjQDclTwHE7/M7rcLD6bg==,type:str] + - ENC[AES256_GCM,data:79GS9BNsvDDAUXdI,iv:uuona3xYOU4hKRJ+hbRAxFs5TlUOdSdp8QH3S06KjsE=,tag:P/QKuqAcauWQCOnYnOvXOw==,type:str] + - ENC[AES256_GCM,data:+Pix/SeJVcl3nLs=,iv:/mvAwYWsU6E3j+FRLf8+LQxyN6igR0SEpN4VW6nKN+c=,tag:q9XNJ7Vz5/mH55qxKEYw3w==,type:str] + - ENC[AES256_GCM,data:gu4zngrdZ34Cgrlb,iv:Prs186C07Szsy0Oh8U0pcRU9IRKtZBz7cl0XD2Vn1q4=,tag:FJj2M0seYJgyyC2BwyY40w==,type:str] + - ENC[AES256_GCM,data:tZk3NJ3p1+hswqhJiw==,iv:O6YogwdR3Phbr5ctndXRETPrlb1pP/st1V+xUyRCB/U=,tag:4uAUB5gGuP+/hiyEsXzJIQ==,type:str] + - ENC[AES256_GCM,data:OTbE93gAgQo=,iv:dh1OZ70wtDhTIO3UO5Pw4zIUrfMsmt+Ny0M6EIuH8dM=,tag:Yg6qXrxD4oRyz8umpNMfkQ==,type:str] + - ENC[AES256_GCM,data:1WzrS7fY/oxJ8Q==,iv:9fWsITf3mzwWsB/ZgGN26Eg5SJ6neCvZLD4RF58ZuJg=,tag:XyTPRou/Fp0F4p05WZ3gLw==,type:str] + - ENC[AES256_GCM,data:sGMvFVTOAundS8Q=,iv:avJOjnwBIT4SQ5aN3S0IUrmiurR6ljrlgcXOnm7jPtw=,tag:GDeQZX/QVo3MQ36mTOQaJw==,type:str] + - ENC[AES256_GCM,data:bcD49aiCPX96s4XMBlw=,iv:O7khHJWkTvAHgp2+cE+s0KnVhNXwET0paFt8aJwoO5A=,tag:RvLpSnncq5zTni+oG8l6eA==,type:str] + - ENC[AES256_GCM,data:1O7Ju5JvTJRSyB3ojaKlZg==,iv:pf1XSzQNqJKZGI0tEm3HSBoMBdFgx2SFojur+ejsEpU=,tag:GmgumDJrFq7SYLnxAV/lHg==,type:str] + - ENC[AES256_GCM,data:n9AvEGNtamZ2KZhLV6OU,iv:GL+ybAxtj6HVcaa1GhOdAPpS3IsP3Q8VvFuS2WMjtk0=,tag:DDMcVw+mQQkUa+FWaNNw5w==,type:str] + - ENC[AES256_GCM,data:05xUMoxB6TzAZ2bFwds=,iv:ZHCVMFRTV93BaOAvVDx/FJtu74O8fnhMzyH3Qm3hemU=,tag:xBupjWI3kXXfHCsBonSSLQ==,type:str] + - ENC[AES256_GCM,data:HfCBmzWD20u9pa1IGU+zBB9p,iv:ES/pdihNx3FBcb9N2SqTZkIzdi/im7pPmmskmwevblc=,tag:Z0b3ImOgZGTOtPzTWKnAxw==,type:str] + - ENC[AES256_GCM,data:rN58VCo71iJwEEpzzoo=,iv:bnWgkACd5rSQbhhJOlaMQKicgZRQ937pKDQdTfG/SQ0=,tag:sIS5XbeMPX3kQVHlw9SHdQ==,type:str] + - ENC[AES256_GCM,data:JfDa1pD0YLVvnAbcJWg=,iv:uafg5sN9iLV9UHUzZtfPxE0qb7qtI1+IDHo2LuSGnTA=,tag:OC+eW3ErNrxF9Raj3nN7Ww==,type:str] + - ENC[AES256_GCM,data:ky4pDM3SAW5B5u1YmNY=,iv:WFYnoYGMSqsgRCsneQEmbNINylySzSv5VGme7BqfFTw=,tag:1WBowU7+6hmEHth54RAZsw==,type:str] + - ENC[AES256_GCM,data:+iwRpLwPtmI1yUk9tDM=,iv:UI8T7C304+N72v4HARHy4fkf0DCf/fNKPOPdmkRrx3M=,tag:QSM4DJZdaase9ZyfxOv1ag==,type:str] + - ENC[AES256_GCM,data:Kzk+tZxHOsy62bWlhC57Qw==,iv:WbcdCFvaOvJ0HilaCZ3ZczmKXd0WrIHr1LN2jCc2h7c=,tag:v/olMQJVc8CZgu7SCFr48w==,type:str] + - ENC[AES256_GCM,data:f9tQxEOChx2sB11VqcGf,iv:Nr/QYzbW/55SjyxxAqmoBW150eB4NGp++jyd2A/1TbE=,tag:vQZ12XfA+KZ2wtyaoRnBJg==,type:str] + - ENC[AES256_GCM,data:3LT2m20s5AWg,iv:MU52+Ls2bWVJd7I1f4ugaoBmz1yCOfkp2ygK5TXorz0=,tag:DQcvbQHFJ9sue6D9epPQ3A==,type:str] + - ENC[AES256_GCM,data:HFfxQ/JN4Ni8Lf4=,iv:0dN3dwU4ntB8yk52oSM6fR6b8zgw6okOuCfhSPDWZZs=,tag:jhoPBojGuK4zHLQVIQdvmQ==,type:str] + - ENC[AES256_GCM,data:s9NXk9TkeqUxDkc=,iv:ryfZY8RmaKjHgMeo3lh2Uom03YHpQZNxk8OmFGRS8kc=,tag:r00gPqFe+SyNMM3cDqNwOQ==,type:str] + - ENC[AES256_GCM,data:IWauozqgNPvl,iv:d1ZIavgISqtm0F4ogBAaA/yE5OyLkirCzOjaD/L96mw=,tag:ft1+F3oC56fXxEdEtUgh8g==,type:str] + - ENC[AES256_GCM,data:0518XJpUxOZApQIlBQ==,iv:UBNRIvPypFc63kKGJTFeFki+1hVIL0bgWWLRhRPjx0E=,tag:iszA1DFcbrqxU+WQk3uKJg==,type:str] + - ENC[AES256_GCM,data:0ZC0gRUQ9s0Z,iv:d70TZ9fYa81mfSR1PWrP2dmwp0uCfmN+QfgH5VZMha0=,tag:NookID8bBQhVd3J+J9q6Ig==,type:str] + - ENC[AES256_GCM,data:KrEuFLMl1NnDv8HJ+w==,iv:th7SXYDJvD5Q/yyZkXliL9TELvU/4SJL9jtn8mqUdgY=,tag:MuxhwJHzFtmymUGuZvCAjQ==,type:str] + - ENC[AES256_GCM,data:DtBJpUp3kGYmf2uxZQsI,iv:Q6PZ2NjZW3Ah3OVLUqUv9BK0Lr7wr3DL63I+bPY5ZUA=,tag:6U7roLsau3RNZCEOeAG7Ig==,type:str] + - ENC[AES256_GCM,data:99O/pME7XwhDBDjIrfOCjg+J,iv:+9t+2zFFz4KMOr5MDUfauBNq7xXx6ufZoobBJBdoops=,tag:86b5cAu3VK2q1LpfVOGnIQ==,type:str] + - ENC[AES256_GCM,data:4OYb0hi0Zmkbxobccl/wEKA=,iv:E2Nz+xSzXWKJerKtsYlkw3kMD21hNKLARiDSvPalcAg=,tag:m7Q2c7hLqx0BrUf3lHKcbw==,type:str] + - ENC[AES256_GCM,data:4LjKKEMLEYqoVHxZyADL,iv:a5VP+pWXO1Tlo+mskb0cZzrMyjj04nBQdfQIo2gIBxg=,tag:s2Dic4G+m4P2cd8HGMhs5g==,type:str] + - ENC[AES256_GCM,data:KwmLcZp0KR4CGIY/6g==,iv:RXH17eb3noQ2AG9522dIcAjxSjeE1FK0YxJKzxzPBYM=,tag:/apDlcrUZEjDHWsyvknScA==,type:str] + - ENC[AES256_GCM,data:9hGF5Eg+DdCZdd7OLw==,iv:pft9/uqKa0qBcaGu3SXTcsobUiaC0JIsqldCR6IPhnA=,tag:v+wDmcHOihtGHTaJ0fMezQ==,type:str] + - ENC[AES256_GCM,data:qifJTRO9TTPN/RlrmzLf,iv:/YNg0nUAHuiRiKhBq1lIqx2B1u9ER/MQ8MQAII4qzs0=,tag:ZLWwwGZalYrvsJhztNzjRA==,type:str] + - ENC[AES256_GCM,data:81bHpeiR3Qq56cgjNg==,iv:0+15KPDNgFm188NUuexgJOBv1nmyDdu+73rvFvTOVTA=,tag:wk70lcV5Qur276eGWxehFw==,type:str] + - ENC[AES256_GCM,data:sde2AIQtkFtHSddq2AOE,iv:bXR/WhoNAI7Vo4ETJ7nrgiaZxAjQsXsLCl9yrk9z3O8=,tag:Rw5eX49nw0cP8w2Y5adJhw==,type:str] + - ENC[AES256_GCM,data:YFTxH+OUiU8zEWVWpQxS,iv:vJDJp6EXJxvlEtRi6Ypy9CzGueFizjVoBtavRBRVacU=,tag:T6SQgA+vVp4LUznhl/9+rg==,type:str] + - ENC[AES256_GCM,data:xXZf0oWzL4LdU0kEvzI=,iv:BvWsMCPCwk6MAOQCysUXmpOLpOdGb1qfJK3y+JbfZxU=,tag:xSISfqyobBRQylx56MMXqg==,type:str] + - ENC[AES256_GCM,data:wN//SILUe6svfgYUBQ==,iv:Iapwv8ixTz3n57mmw4V1yuUmYyQ1XzzHrzFokDN5/k4=,tag:pIAuZDe4Nn/SugC7PZgV5g==,type:str] + - ENC[AES256_GCM,data:PIc8mAVUV+5uLR5w9BXn,iv:rPug4bj/BSEvyfC5J4TEPXRqRKdNfUMgOCRq1wgSJm8=,tag:TirqElg5Zcji5P+zI6RVbw==,type:str] + - ENC[AES256_GCM,data:CJupXO1k7H/mPp81,iv:3tXVHr09x18V/on9I+Pc3/lkwQn1bfhuyTP7piBa7cs=,tag:FF9sCxoJhYLzlCMlHLo7JQ==,type:str] + - ENC[AES256_GCM,data:yXxXRcDwc7Ie5CmV6A==,iv:XtysMQz+NKdrVzvguIx1g89HIUw1N3CzPI1aOFMjx1Q=,tag:Db8yLqhHxmuQVt17x0Z8xw==,type:str] + - ENC[AES256_GCM,data:Nasv3x4e4P6J2TB7dJOV,iv:jg0s8kwrJLUwx5uyc5POEtQAWsMW+404RDYN6sNFd/Q=,tag:MLi7wrsYjhkPM2OxOPtbiw==,type:str] + - ENC[AES256_GCM,data:0HKTFW70NY2YXiMZfhM=,iv:dMO7T27ESmsYADo0T2P3BvRBCQJs1e1BwoaJCAA2K+I=,tag:UkOdfm749BJQzX2NxjYM0A==,type:str] + - ENC[AES256_GCM,data:BYsf2UfXId7A32WPTYA=,iv:ImQW0iGuscDUZtxn1dX7yo6bdtj1hYP+tqtCydLS5lc=,tag:C7mj3tldvgiwNjMUQr8ihg==,type:str] + - ENC[AES256_GCM,data:9Kz/bCOKZcgV1UHPPfbW,iv:uxyaZsA9DRh3o4TvwnkH8tkcJvB+N+vlup4Y943jX2A=,tag:lHY0RNhILAYhza78fliH1A==,type:str] + - ENC[AES256_GCM,data:oGu7d8E+K8YuKwa13j0BO9M=,iv:kaZ1KH1KcAIPWFr0MDT8Vykp2n9Q2FG2S147djnqloY=,tag:niGptM8Z0HlqYImMOxjcNg==,type:str] + - ENC[AES256_GCM,data:JWFD2edV84JWcohHOqgj66M=,iv:HSo0uceOcSQcFTuH5o5xDOjuQqgXVVraaT3JsBx2QdY=,tag:44Sdxa4kaxB7qEiupIBuYA==,type:str] + - ENC[AES256_GCM,data:ARhWv6mDHausBeXdX9ZG88Si/w==,iv:DhggjM8GeBttouhUIwH9hwFj6EbrmnKOXk2eOziGzF4=,tag:BHLe01rsIiYgkg0bM3XDsg==,type:str] + - ENC[AES256_GCM,data:vauqzbWtcLk9fk6c,iv:2cn0food6NMqbhWWYK7IIj+4EVpJ/XCVfnGYDhVrIsQ=,tag:QHXIfRUoVD+jLSrP+Jb/+g==,type:str] + - ENC[AES256_GCM,data:wsFTRJbhHpJsxlGV7hDv4uA=,iv:PsO9cRMmDVe+UYFqacoaW2igUVv69ERsw11l5q0LkoY=,tag:lp4HoAIg69abostCsNRgjg==,type:str] + - ENC[AES256_GCM,data:+LBrG2eAsvPWyzD36E01,iv:6jxJP34PFP5Q8xf6kbDK0gNBKNzEGwQZCfWuBAu0T1o=,tag:zbNGs7fr12RlISmrDBk7WQ==,type:str] + - ENC[AES256_GCM,data:Z1NsDA7Y53T0eaKEyo4=,iv:LHAd7yh5WJkhC3MtctFaNdai+8a40LFzRDZ3xO/QKkk=,tag:Jn6DrhcdDPQIxDv+KbupXQ==,type:str] + - ENC[AES256_GCM,data:TV49igaFVt/FnL258NEez/oTcHM=,iv:TyG8ewQXK/1ixFJs94IOOtpfwVpkq1dZUzH6Tk2+row=,tag:AuuDjI1WCPxvAouod/aWUQ==,type:str] + - ENC[AES256_GCM,data:ir3R63yxl3Ggq6ng1Hfq,iv:c+1gmmlGymoAYR7t0+ad9uirMz5hdXRlKhKkjU+d+2I=,tag:Ddg2XoSc9puswpk5DKo8aQ==,type:str] + - ENC[AES256_GCM,data:qZ9bGNlmraZB7jjm,iv:a3YrgWlT+C8Zp7o7N+jrFUN6RUvyEjURhNDUQADm/AU=,tag:fskCos0CcQIpWCppSk2PKg==,type:str] + - ENC[AES256_GCM,data:+MQ4hfmPErbX4ZWtOcwg,iv:o6Qc3fMi2sFluISePbuSVmMWrDmFtrpCWnWJp6fV6gA=,tag:5GaRumppYDKvWcstVHbGJg==,type:str] + - ENC[AES256_GCM,data:SY9qERl2jiN/Nt52HV+qig==,iv:OY7dCKBOTkYutlGLZ4m9Bsb4PHNgrP3tWNFO32gVw7k=,tag:C/4VSHnGN4hbwbid3LLnMQ==,type:str] + - ENC[AES256_GCM,data:ea1hu1RANeog+BtIWOchtw==,iv:DerJl7vFqlpvjGDkqK64z0Is/aPChWUzLaoZMYbUDbw=,tag:viOYu+4qzdSI7MrxrGaYog==,type:str] + - ENC[AES256_GCM,data:owBit47qFsdzhnmt1Rr9L20=,iv:Us1Vic7RkXB7sWXL0ecCwhIk5LIF2nmwLKeIs50B29g=,tag:wQv4VvdaDzgV2bqJD6rntw==,type:str] + - ENC[AES256_GCM,data:lpTun4TWqToRzPttpoxl,iv:CNcRjlnxZGOmvnoQKYv2uzYGl/ThLfAnAnOFh8J7iqc=,tag:OGFgdxOlgkVXW41euYRHdQ==,type:str] + - ENC[AES256_GCM,data:4n5VpJu315QlTPz1eVs=,iv:m6zb6Ak6fiXs2ujXDfOtN/ZiCNjQL0zSc3gMh0vBxqo=,tag:If0b1dwgranIiW5U7SOt5A==,type:str] + - ENC[AES256_GCM,data:fnLnrjs3Pl/E3vIVPgsgxA==,iv:6Khs1HHpOjvGlZUsZHObpiNgnibwCmq6U1BgIylvD4Y=,tag:2DoNdnpM/FEO+8BXEQJJpA==,type:str] + - ENC[AES256_GCM,data:c69EN2D7EINVDs0kxT2v,iv:SoIo7oYnvb4TLYMHg4BhvmU/bJAxWJJiKsKyfGmlb5g=,tag:yeVGHvjVdSnBoW08fSvxWA==,type:str] + - ENC[AES256_GCM,data:HXklR8ro9rWvOymt9GA=,iv:vD4IYh27eMa36DvbfmGlqnps5QSfXMoHrv8aiy6XW7M=,tag:CoG/JzhnLxY1Fctc0AJIOQ==,type:str] + - ENC[AES256_GCM,data:GyNpuJ2WfSelz0KVx7KQ5MQ=,iv:pokTA3R1rxNsuYL9lmDtvmsJX0Ylt8fcaZpSVA9hd3M=,tag:u6m11ZIxyah8vAwH/0VvuQ==,type:str] + - ENC[AES256_GCM,data:HKPiNJqKUChPb/HCGQ==,iv:YuKFEmipuZPeF0D6EiZBUMvepXZIMYqTW1v/ZcYwEkc=,tag:5NkCxoxoZ7dWuxUyAjt+xQ==,type:str] + - ENC[AES256_GCM,data:lMYrpBH63ZTV3chR6yg=,iv:V+LBy3jpUthog2dVttmQ4BKnRNqyvGrd5jER+TQDe2I=,tag:pu9aE4sl3WI5dD51ZctUNA==,type:str] + - ENC[AES256_GCM,data:HWFWxRv4nfM/rlDcqw==,iv:irkNablbiGo67RsN/IsjKqFCy3xWmGfkK7DRbnpccnA=,tag:DBvFz1wD7kSa/O+BA0J4Dg==,type:str] + - ENC[AES256_GCM,data:DU7v+4tFioQ/bSs8zA==,iv:2adzO7mxraC63pDUa/F85enzNo/W1oltXihu8D9MLY8=,tag:Edms2icarDcEBkq9uT33Qw==,type:str] + - ENC[AES256_GCM,data:X0GPgwTFhFC+BRYraQ==,iv:gjzslTMK/m4oWA/kKx8Ks+lYGqjop4deS64UB2Bs01s=,tag:D998QtycrFoNOWNpHuksfw==,type:str] + - ENC[AES256_GCM,data:1k8P+mZRQcsy32SZ2TE=,iv:DjUriaVWTZtEZKj5aYs7sEk2fCKviXNNb2y5+ogXeZg=,tag:dREK7rBNKDklAY0HVjjDlw==,type:str] + - ENC[AES256_GCM,data:nqqPSdAgKLP4bvIPzg==,iv:+4szUmwHZvJLXFOBnNJvZyGKxbfii0pTSg/1PqCol4o=,tag:6hH1wHIYYezZcD6CEhW8Mg==,type:str] + - ENC[AES256_GCM,data:QLq28NYj7rLuVasPcpM=,iv:kwGqBnMLJvMEaegTDoGkq+oOjbWq4WPykOZO2K8hDiQ=,tag:BrblBqucIUkpRLQF8ffauw==,type:str] + - ENC[AES256_GCM,data:uuYT7YKRvZ7rnWknAA==,iv:Bw3/pQdsOwgoRgfN5iotl/CjOQAAj8TKUslUEsO6zq4=,tag:qPaZJecEssU//6u1AsqG3w==,type:str] + - ENC[AES256_GCM,data:sXNismH9+gEAnZm4Xw==,iv:z0r1yI2LIJc6O94IZs8848HYxhlfT9ziixo+PBK9OoY=,tag:udLOm5LHnqura9sHY3pLKg==,type:str] + - ENC[AES256_GCM,data:+is+dBMPPF6GOFXeDLbL,iv:AzAuiFtl/v5zEFUo96BFPqAhZN9hjvX94mdtra7VWhM=,tag:qSJq51qLkXTwFKPKHYc/jA==,type:str] + - ENC[AES256_GCM,data:I8bv3T2jS+eqO+zW6A==,iv:rJpHtzGi0minbv2qO7x1W8q9rK7JZhbiIH12PScohak=,tag:pXZY9hjnjxNLA54r/tB1Sw==,type:str] + - ENC[AES256_GCM,data:JWiWQnVtoN52tsx6S9PNKLs=,iv:YZe1joTk2NUTlTJiNZDL5wCBbvBEAfAG3GcdxemYzSI=,tag:/keORt48Xsp52Lwr/wZFVA==,type:str] + - ENC[AES256_GCM,data:PA8WTjiegTj8tx24v40=,iv:aElRQ3JYV+P9lAM1Ai718FakLS/Cvt5fCReE1lYZYmg=,tag:/mS18Rd91/JNWXDmUBDT1Q==,type:str] + - ENC[AES256_GCM,data:HInNOx5tmAfca2TNvbtT,iv:tyoM29pArJ+qrqaIU1nBSxgd0cCNrVFptSBOyMUNcEQ=,tag:VPqlNEDmx+wS/xQ72g+KMw==,type:str] + - ENC[AES256_GCM,data:mHBJQJrVZQB9gceBTVpI,iv:b0jRi8lwQ/0G4clK9IHeJ9p3V6q+TK95Z9OZ2y/PEEc=,tag:P+/cYQtkCNzQUTi5FzGQQg==,type:str] + - ENC[AES256_GCM,data:O0qc+arYb6Jj3csVXg==,iv:PVIbExJHKgJjRIR3esQ308XbHSTlOAagRbxGIq8FlF8=,tag:4urbiNDjFXl4KXw4/n8MrA==,type:str] + - ENC[AES256_GCM,data:incTxN3L7U9/VMPLDBk=,iv:7rDcPZQ/oOKEwSWJ3daCX6LLkm0B/gS40Di1OZP5Fic=,tag:TiiyTvp5AdijF1X8yRYuxg==,type:str] + - ENC[AES256_GCM,data:apXOT83d2vfkmi0nXm1t,iv:ainiaVG4PKtQLuuW8+blHFdAwFqz7ZwXWuuHxJ0A9A4=,tag:/lf+pOls/FER/PD/+1UPdA==,type:str] + - ENC[AES256_GCM,data:Y0BRov07fOCiONI4cTE=,iv:zYeGK9SlOXPHhTi2ZrhNGRrjYRUNC/vLXkbG2cqazMU=,tag:Zhv0wNg18UULNTlPc9M+QA==,type:str] + - ENC[AES256_GCM,data:s2CPYYXVcWNY9h5ZVENBmQ==,iv:Wv/zhvpHn5m/i6ay1Lp4mkciEzGFjLmvWu0cKZk8FXk=,tag:LB51fNg/NdPcksBUDhf2RA==,type:str] + - ENC[AES256_GCM,data:P9B9PADyMKUDRIMaYS3/LjoYd44=,iv:uHeVmGlLpcLK3EpBnPsi+27EUkZmVItcmvltu5n3ffo=,tag:z1+xD3iPAa90HVB6/E+YGw==,type:str] + - ENC[AES256_GCM,data:nsXhQBC++zTrGF5L5nTRzZaFvQ==,iv:K3ZUSkpmMJAiAi4tfs3k5/rWsEXJAEj+eDrMuonPBzw=,tag:v1lhw0C9zCIN1QZJr8REHQ==,type:str] + - ENC[AES256_GCM,data:qEjG8VUJEPAlvFyzkewAFBs=,iv:g7OhIgo6HCApOb5kwW8RPXsJO0e2vCkZ9xOLl1t5udc=,tag:jUYTYBkdiZtj4KOmHWcR3w==,type:str] + - ENC[AES256_GCM,data:Qw5lGGRnMrCbfabHclE3,iv:slgW6P0PYDMJpKTLvfZsVevULc/SodYpbQiREi4kvAw=,tag:yoyke7ko6IfDzIbil6aaow==,type:str] + - ENC[AES256_GCM,data:9/Y7HAW8M8sSboEItop5cKY=,iv:YON2YRVcr2unUNmJhRqSNByM3krrFTmh1WguIt/UKRU=,tag:iMhjFRNI4qiSVDBlOwn1Bw==,type:str] + - ENC[AES256_GCM,data:4StPBf31bTaxpZ0/sqyy,iv:q7FkFPCWhIQX0DUDtz9wZfW5EPcuYYdU8yYyV6urZe4=,tag:RA3vhHAED/RnQV4EkPPBFQ==,type:str] + - ENC[AES256_GCM,data:gLZMI9P2pamOpOIXaN0=,iv:4bUj4/NAsCCyxYWi0oLOjPszuy3NzrsrZFCjOoBhvbA=,tag:CaC354EwREr3mhHP2GkBcQ==,type:str] + - ENC[AES256_GCM,data:ZOEBQkpVV3yUEe8qH6WOSPOC0w==,iv:ju83YWmtn9mZjnsUG81g56c31qaOnxi2ggnwbsxJPnc=,tag:uOkdFuGM+13s7Z7mY0dC0A==,type:str] + - ENC[AES256_GCM,data:jucVObbf/ktWomPiOp8F,iv:nbKhamuL7iSamelUyg/YNfnOT9H7mbjjV9zlhUDYo3o=,tag:Umu09ms5qJ9iQotN3+mOSg==,type:str] + - ENC[AES256_GCM,data:AaNprfBqUSv8mmIhWZQ=,iv:XzUFEwSK9d3Ff7dsQ9O9TZncjxSlLu+V3wqUGyLAVUw=,tag:9H4YNPI8rlYESPcY9O/vHA==,type:str] + - ENC[AES256_GCM,data:SAN7DolH1QQWWCuCG8Q=,iv:ri153NExl9/4v2r5ZzUFzcffi7ixc3lBGVkrZCMyLj8=,tag:/IQICHsaHdw3v6WRZRYnJA==,type:str] + - ENC[AES256_GCM,data:yv4BxK89+K+DpJP4FceUlqOfR50=,iv:f7TtODZSZaFGE20HLzdC9SD7gCIUGUMxr0GB2/hQ7PU=,tag:mvGyazm03uDfsAikYyGBdA==,type:str] + - ENC[AES256_GCM,data:1rRfu6lTIqLvuS7aOuT3,iv:qrno3wbEetIPyLp0uQIsPMJODXlqN1wCpSPi3C5jCrE=,tag:k4+rj+tAH8Q+XPGiRNRc3Q==,type:str] + - ENC[AES256_GCM,data:ISaNHdkgfiXByLV3h9Tk,iv:FIbiYj/NuZl2oNsS3nyjQvGRTQHH/kSqYk2wYAELBPA=,tag:nhrdKD85nNpzKG97TGOqpQ==,type:str] + - ENC[AES256_GCM,data:WiuC9Aj9/EZoLtu+WA==,iv:h65HFKgO11iMMDdTZ0+2I9ErVNkIjLfAlEmVqIMXnsw=,tag:3tzG4FSi4T9dRrIqwEPgpg==,type:str] + - ENC[AES256_GCM,data:t2yCXCFDy7dEPXc=,iv:Y06+wbS2LImyWRs8dZdBsnw9LhO6GsTuR621Gn0rh38=,tag:Vv6R//BMKT4YXOVJnD5CWg==,type:str] + - ENC[AES256_GCM,data:Vw9ixjN1YR+KDrQ=,iv:kvN1g08SvgxuqKZwTAq6Ww71O/wf8zDBIJ6z6LEWtmc=,tag:H5rfDPk+6jv7SXvg9zmfTg==,type:str] + - ENC[AES256_GCM,data:VyoUdAU+QRnaX2Q=,iv:qu5I4pdL4koQq5OeOKdN24QscQWlh09fyxYUDNXhh54=,tag:RJsGSYWKGKAXoJiOc3P4xA==,type:str] + - ENC[AES256_GCM,data:wfjcadJOhl5J8ZU=,iv:hY4SqRAV0CFJ0icRPsD46xA6RDYz7iFeS8zau3ehaD8=,tag:qzpa7wGt7tkilxkFudbaTA==,type:str] + - ENC[AES256_GCM,data:uuRuVTMn7A==,iv:1JZDrl2imejnHPt2NzTHCOt1ViXCziYEQ33Jx5CYaaE=,tag:wUdYVVO3e1xhbRnhi7KenQ==,type:str] + - ENC[AES256_GCM,data:5yg0fJxhqw==,iv:4ISVOFsZ/eiVPIMjKTOgkDn14nrsPw8gTj172xFNqj0=,tag:5gBd8c0BBOctqwPP5D5m0g==,type:str] + - ENC[AES256_GCM,data:rNy5eYhBKA0VgA==,iv:BiEV3ENWTSoROZKLVnQfp476YV5QkNgf/M+Ojb1MAXg=,tag:nhJibc1bA/jKT2EuCbs8VA==,type:str] + - ENC[AES256_GCM,data:+2y6n1ZFY3bw,iv:z5aUJ3BB2dVhuErDVrshI3b3ViB9lkDFXKHrFYkAz0s=,tag:rkNgAUP+XJn+IapuM8vkMA==,type:str] + - ENC[AES256_GCM,data:xMERv9v5vJUTyQ==,iv:acvoUI7sceFuMWDCMG98z6Rckntv4lDQNX2Qs6CxOqc=,tag:yTIpu74nHnGdvqhmHsTOcw==,type:str] + - ENC[AES256_GCM,data:l0OJ7icWbwb7,iv:wLhPJBRc+8SQJ0JkkyaD7PR27wHWtS2MKE6oNE2pAfE=,tag:Qp8OkCrnxWzItXXbvQtmgA==,type:str] + - ENC[AES256_GCM,data:IqHPBjFSSFCW,iv:uFY+geZbG0OlZemTpCKTDlys8xlmg4qIcDhF3Us5+D4=,tag:nh2mxpt0knjURGtLLN6NJQ==,type:str] + - ENC[AES256_GCM,data:8XZmseZcRVw3,iv:jkmT0gppWJ4gyUnxWm4FIo+58FxcMIDPwmVGu0Y1wrU=,tag:WC+w0gebM6IAFWJmnkWKUQ==,type:str] + - ENC[AES256_GCM,data:l+FRrUzes3ryfR+W,iv:Uzr842iIrUhV5yIgV+RpPxXp5Cyoteu/Okh914yPkEY=,tag:UMfWiAig/h/y8RSivDwdkg==,type:str] + - ENC[AES256_GCM,data:yVlMpS2EGBIzxnnYcF+1Bb7zHw==,iv:My82Hwwy/SEpynDrZxSo3v3vExvalGRmxQeWGdSGw/I=,tag:SIoLA5j1mUitc0VRD5HM6g==,type:str] + - ENC[AES256_GCM,data:JZyI9qwnzXqizzI=,iv:Xjf79hrGY4/LN2PphAWR2G6EXNA5R2maQ1Cry38WFag=,tag:hcZDdlvPrDV0sj06JoSYVw==,type:str] + - ENC[AES256_GCM,data:glO/YS9Vpsw5tQ==,iv:EWAvpBgs6PQfnao5wyoH/wr20/H9vysGQySsUYCnMJQ=,tag:aBlC9Ldm4bGXAvwpVu+m2g==,type:str] + - ENC[AES256_GCM,data:aJQuDeprBTQTsF1y3v1KxM4=,iv:UevEyL2gSaBaN50lgC0afHXEBqgRY3QvHp+pQ9qBxu4=,tag:KZ8n9H77mNY9wAkqwJvQYw==,type:str] + - ENC[AES256_GCM,data:wqtc3O/3vQ==,iv:gVWBELTqfWIZcFmSXozP8aNEYCUEQmwhYg8aQT3RGt0=,tag:zmdyCXPyXc527Wlmb52sAQ==,type:str] + - ENC[AES256_GCM,data:PlcrJ3Yytfq4K586,iv:5JMoipjZnms6skki6u7SjNpPST+z+5K9F/IuoUBDJA4=,tag:j65aWdSxhBZQQYnD1baWyg==,type:str] + - ENC[AES256_GCM,data:LFEVIP2IjlHzUOw=,iv:BUie6vBuVRQ/dCUv7DaNPz59IkD/XWo6mIREF2degys=,tag:YGWQ/NbH+LBuU9beZVliNA==,type:str] + - ENC[AES256_GCM,data:vyd8Kj0DeT/riCoV,iv:tXM9TjFONs+2rKymKldnv2+vWYrSbBDQbVg+ujfjC2w=,tag:0eZyoa0kGXbmK0svOTmHpQ==,type:str] + - ENC[AES256_GCM,data:nEW0ycqK1UOLP0Xmwg==,iv:p31XNcKpsg4NOPxhlC8Ot9JgLMEvS3Orq0pHU7mhovk=,tag:s21XMQvPRUovgfcHaouLUA==,type:str] + - ENC[AES256_GCM,data:gSTCZMKzgGDpyeI=,iv:3s1/j9PVB5ANhK+q1bl/gjD41OP22ri5i1SZgLW2/TI=,tag:GjwjdZ79vbGgrDLzTUDNbQ==,type:str] + - ENC[AES256_GCM,data:AgbWxEuoLn8SeQK/,iv:wf+SQzJ5/EjEud1ONMQ/DV85sErrZHElz02meTc+g/A=,tag:LFWhl+ymbSK3XQeSw3ejOQ==,type:str] + - ENC[AES256_GCM,data:ajgj01Sb1l5picyIVFtzgA==,iv:8nUj4x1SFVWZE6be5rei5Hh44a+AytOjeBLhULemg/4=,tag:5h2kktIKsYHx7kf8XsW85g==,type:str] + - ENC[AES256_GCM,data:sX5JEgTn6Z3Bt9A/,iv:KTzW+D1g3maHPHoYg3/Cn6hgE9eGVKZshw++iHjktZs=,tag:DOVT5MV4N45iKJyZP+wFHw==,type:str] + - ENC[AES256_GCM,data:SCtVIUDR3aBIV/U7,iv:NDnarDi+RgIlZoXDbz1IYXJUp6CY8WU2xIjMvSEVhDg=,tag:+Uo7GnhA80JtLDc9Yv+oHA==,type:str] + - ENC[AES256_GCM,data:enZidGg36cWQgbxP,iv:M0HQKqU7alZoxpcOpkwGvfMO+EnAeM3RDuDaOGv1GGI=,tag:ifES33wOc5fr1KNie3Jaqg==,type:str] + - ENC[AES256_GCM,data:ZCPgkmU5JzaVY1Fj,iv:+TNsl3BTNlw1yn59gC+9LkXqBozSYsKTsFCuDNZQLz4=,tag:LhY2b9U2Z/Lr7Ir7QGljPg==,type:str] + - ENC[AES256_GCM,data:jgKZpCHZQf2WzWHE,iv:LIxKLK/ZUp7I9/vXyB+lreTRj03MumiMId/s2/tcNxc=,tag:1TEEc6mOEfDHa7l8wTLH2w==,type:str] + - ENC[AES256_GCM,data:iWYonmtGVkSLcXA9,iv:Sf4oIln1atz1q49PsbJIwkCNS7CVQeLQ2h4g/gcbq7I=,tag:Sn36YdbF6QdUb5skGwwdDQ==,type:str] + - ENC[AES256_GCM,data:XVhpUA7pDZS2D8On,iv:H6iA7fC6ZgkQrZ2EkT9Se7+5M4wn/dMphc1KqVlR71U=,tag:pf7uPPOrdKM+KgL79s6lqA==,type:str] + - ENC[AES256_GCM,data:uQhSjAMwzaT2+A==,iv:7VbaWVwZLsEZoC5pqfkybyw39kk71b4ddyq8hMaYdP0=,tag:jy9rZUSWaTjzw65mBBXm/g==,type:str] + - ENC[AES256_GCM,data:YzFU51Yha40=,iv:CKJVb6ZUZJ7SSrvVWW1TWQ8CVgBspjCkBsEY4SmtBJY=,tag:ZynsOE3SD9UDH9wNemQ7Xw==,type:str] + - ENC[AES256_GCM,data:DGNHcJ74ZZ13cJqw7FHEZg==,iv:LIJDNjCeBI9Yw+qHTiwaQWivAvbSUJ9OUwa4ZpBxjBs=,tag:reGo1AI+ag6TnAs7b+UJeQ==,type:str] + - ENC[AES256_GCM,data:AGLCXIcVze7Q3Q==,iv:dGFg7DDWfZMR2yL2Tdn7qpXMAcOu1u5d8TnQEtcbY5Y=,tag:RwC6JThs/lp2RoOF0VZ+Cw==,type:str] + - ENC[AES256_GCM,data:wjHXUnulAbgEBg==,iv:2rwDHpOTd37qGlcezQttOTW7QaKHzsG83flw+C4a94U=,tag:7IaTcweSVsmTsqV43pvxqA==,type:str] + - ENC[AES256_GCM,data:LIifv66NBuaF/jHmKaA=,iv:APyysxg708UdT2MYDECYBu3KAfWsC/VZNexdSRU/N0Q=,tag:hMVydEwSlTC3fgm1qsdLgw==,type:str] + - ENC[AES256_GCM,data:kZljeMlyApAfMQ==,iv:ZUHnz5iyH0FaL0KRuAC8tZAac/+HTcL7CDHOnEmQTEQ=,tag:OpFuU07NqRMPj1lJGIzPhQ==,type:str] + - ENC[AES256_GCM,data:nOAK7rqAe/c8bn6a,iv:4JmGgJJwwqndwCw3/hVwwgD8IS24oVrwcDloj0J5y44=,tag:abUHzxIlX2JKU9U1eCaCIw==,type:str] + - ENC[AES256_GCM,data:yNru4YO39nR5XgJC,iv:ZZYWoFjGcisre6rmZnDhGXQhNM44scO/fe9EDGxzPv4=,tag:QIxO7mgmmTcBaqQ9U4teuQ==,type:str] + - ENC[AES256_GCM,data:34ZQc1RYJ6JiVwBWWuI7TFA=,iv:4IJAJzNwzQmAxLa0s03u/8pCufA/db2afAlsHcbrZtk=,tag:+vo/MpF0K5jhq/sBZNik0w==,type:str] + - ENC[AES256_GCM,data:pj8uCQXxleayKQQiZykooQ==,iv:dnkKS8on+O+E/r99O0JXH0VbHsyIqnB/aCPgmDq21O4=,tag:AHG1uoE9sZndRHM/g8kYyA==,type:str] + - ENC[AES256_GCM,data:DIuLavjkLOYnB3LzVtykKTNd,iv:hPXwPaD3fC7MZGe7N1MPRKyJL8SZklaRCWNpt1/P7z4=,tag:nkQ6ins1ZSHSiMjkPlTEig==,type:str] + - ENC[AES256_GCM,data:Oy5zDX5qqlVJO76l,iv:hmapJWTSyXnXTe1RP4kXW99re+vl3mD8W1Og937GNek=,tag:zZKSj5LCOtBTbXXhHNDZOw==,type:str] + - ENC[AES256_GCM,data:e+56buCHDr7ENAk=,iv:kJbJeFEpNusoz4od9wjjfKbkJ8+agIbhHBlq1DTuPVY=,tag:I03YX5RmYFbp6o/e7wuC0Q==,type:str] + - ENC[AES256_GCM,data:avMwpt6OWZ8pO7U=,iv:9RP+g3u5CIfFxSAKM28Z6h8qMrVzQuOXgyNZDRS8gdw=,tag:VHJFKtghDkfv5lXe3yok7w==,type:str] + - ENC[AES256_GCM,data:fe6qkdPqdaO/kaipJg==,iv:PW2NlzCUqjJX6GZHSrhjaz1drroUL2qqZ57+9kUKzqc=,tag:YlqNRtmcJl2dJKxo87CvAw==,type:str] + - ENC[AES256_GCM,data:pM9fnfB1rKJVHS97,iv:Lew/US7V5tP3QmV9kLC3o3mh1Vkzm5zfBU8PkYaUKOc=,tag:Smqse3SxkXxUGsLuWsY/og==,type:str] + - ENC[AES256_GCM,data:XKG5yGXGxHOspypz,iv:KoqBaYXtdvtYJXQc8+3Z1skxoqu+Der5ACu/7SiSslM=,tag:b7qUMknNgCwfEcpU8XLjLQ==,type:str] + - ENC[AES256_GCM,data:oHd6Xzm5BmTh5cE=,iv:AbcMqSCqyAWH2up7j/ngQbbQTxSkPvv5D/9Gqvxm2Ms=,tag:JI5OTyj3eXD0iT/dbNyi1Q==,type:str] + - ENC[AES256_GCM,data:SzgiigLfPX1cFDlubXdi,iv:jFjTigUi+WuGVZXn8Ib70MDs5TEEip40Ik3y0XELMRg=,tag:Mn79l6c93/+IamuSFROOTQ==,type:str] + - ENC[AES256_GCM,data:OssvgS5VSXpqcPmVDg==,iv:hT0YtfHypNUflIvUN8giBwjq0UQDmty4iVqvRd3UUes=,tag:2KyFR+r5zycMz6LCZ4IXxw==,type:str] + - ENC[AES256_GCM,data:07iw9qDYfOh7CA==,iv:oWGzBXI0lgvrO5Yl2/jnWSutntZqqSeVOQeeBCk+asw=,tag:uiADIVfmL5AoEjkpZtEo3g==,type:str] + - ENC[AES256_GCM,data:28TXLDOxqOsMatE=,iv:uYSXSuM+4+9yXTRJ/9l4gqR7kdOE65ZRYM+bQKOPbI4=,tag:1n3xTqVghzDHaRq1hwO9hA==,type:str] + - ENC[AES256_GCM,data:JenbnWZJw//XAM6y,iv:sF8H0gbg9vNo95HKkMRybAx0C9cUJIgRux1KjR3IDRk=,tag:GU3edtyAcwGIq2bQzSTaoA==,type:str] + - ENC[AES256_GCM,data:oQtC61OzEmnB4pLd3Drjdw==,iv:pNp7anLvwJGvMaNCi3URUKTyXlACXlFnz0JXyshLE98=,tag:kkR2o+M0E3kzsbv0R4eD3g==,type:str] + - ENC[AES256_GCM,data:1SpGZbrn7q7P3dh5gF5tMg==,iv:p1mbIjQAms1RtvqS4nFncGvECL8gU08Ja+oj+W+Jpdc=,tag:EIBEMpy6fI6Y2B34yPYFCA==,type:str] + - ENC[AES256_GCM,data:ja0ayOv30/TF,iv:b/+iNlzSfCEX/u7n+t4Dm2ITu/L5FW9JlfFgO5lyFAI=,tag:+RRc3yBdQbQwe49t+UDgew==,type:str] + - ENC[AES256_GCM,data:iuMFORTe6IybXMo=,iv:0+gxW4tngHnhefb96zqxCRgGW/hGfK2/t0sdq860UC4=,tag:4wRDLs50YKVBbOlkGC88WQ==,type:str] + - ENC[AES256_GCM,data:3li0wSOqU6iQzg==,iv:eSB5FnGw3ZFkhOMPIqfu8SRWCZdIcfwkw3DoLdutodk=,tag:w+gjfvfnYM+BQnvYGG3tSA==,type:str] + - ENC[AES256_GCM,data:tscDffuxxb94sBnixh47JJ0=,iv:YjBmotLuKlp/DNDebEXv0wHhgXdIs2Od+H+hVL7ggUk=,tag:4HPAgYE4barCZ2+vpW26YA==,type:str] + - ENC[AES256_GCM,data:Dc6kelJQwfs6E/p9,iv:sjyKDHsDtJxcts1UZSQ9R/YtUMCm6ryhFMgF1tdrqfI=,tag:J/iekanqn715E6c0WUyW4A==,type:str] + - ENC[AES256_GCM,data:8WH+ybvMvj4mmEcgn+E=,iv:t15VhM65Z48bXEzPpW9cqy4dCCx6hy+AuQaQDEPA4K8=,tag:IEGAQyoNUa5U94EE4U5I4g==,type:str] + - ENC[AES256_GCM,data:K0JbcD/16ElUGrza/Hg=,iv:jHSVGe9AX49ZaIx2ddCcIf6yF/I7JzZbctbp73mguww=,tag:gIjkOqQq0Fm7rxFXk8Ng2A==,type:str] + - ENC[AES256_GCM,data:Qj0imAylJ16r9s4CiQ==,iv:T7h45dmM2HkkHmOwshuLRf+OiL/gkmCWgiE5/yzvpqk=,tag:SlVNZW6iUe53tkCW9aRCfA==,type:str] + - ENC[AES256_GCM,data:AMRacJ11kTnZT4Frs2qcCw==,iv:HqnJkr7SwZXIhOb61+kk7koqVKWVlgRst7A2uU+vhYE=,tag:GaSf8eoQKHZEu9GNpTqQzQ==,type:str] + - ENC[AES256_GCM,data:jxiXhNbzKWSGO0+YdEQ=,iv:u8xcdfXmJ2bR4SFyLYY6KszFfLOmwwPvVSyrNuLJXr8=,tag:Xx4H/a0PC8CD28Y/fLqFvg==,type:str] + - ENC[AES256_GCM,data:BHTNnotb4SAHtpXHYq+GhDs=,iv:5D+IMgJy7vhajWqXg45chPLt1ALatE6RlJ0IRbyd46k=,tag:QMJ/MbpXgKk+PcDms9kZBQ==,type:str] + - ENC[AES256_GCM,data:65+yzX4ImuXN1IiLbipY5w==,iv:WHj4ym4pUAfmTifmNqEbwF8AzSTCsfpDo9caR3xSaSA=,tag:Q5vVJB43/+UtEEZrcJX45g==,type:str] + - ENC[AES256_GCM,data:9Is+1aYuUG1kvY15IpRUsxPwUAM=,iv:U18moOnjkzxF4ujGfmBJ2MYgtFGe/kcjX+9kMT1/XmY=,tag:cx3IQKe2xZNgRDxJdslB6w==,type:str] + - ENC[AES256_GCM,data:VVrWESlxs3rhiGSSsJY=,iv:32zM/yB+72DfOcmQ5nIKEnpyssX/WKsZ9VraIkysea8=,tag:JNKNwKffv5StnSZtcKYAng==,type:str] + - ENC[AES256_GCM,data:dcFcpfRVuQqnbqgUXoQxTx57,iv:5fwGOUOcJI0hU8VJU4GiAyrqvgYUmnf6dAY78AI6Lcs=,tag:pNPxFHF46v1QjC8Y2Soezw==,type:str] + - ENC[AES256_GCM,data:uX5rPJz8VY0dAjM=,iv:YTV7Ky+VuFk7vho/4WQVF9tB1QXbNu0E71KsubkpCUU=,tag:RAF4yVo1UkxM740WFdgyhQ==,type:str] + - ENC[AES256_GCM,data:9l8D7qFkAB1+oDqlkZM=,iv:qcFRBLZkX5u80irZehfWOaT9/WMvu+muXK02/cnTJPU=,tag:s2FKeLo0paZ3Ad9Uak4ffA==,type:str] + - ENC[AES256_GCM,data:1BaIOR2mH+G0FGzT5+k=,iv:OFP6gJFiqcxHXQWFO9DHYpNPvrHYl4wjln9B9LZyF8E=,tag:H5JVngVSQDZpwWfeAyfdnw==,type:str] + - ENC[AES256_GCM,data:d2nqij+jJ6aEluBzhg==,iv:RqTOG/WBs4fzSVlEKzz+yZQczVCuFQxjtaKBoupQR1I=,tag:dQYmyIwn6nFZwRjT73EOEQ==,type:str] + - ENC[AES256_GCM,data:xYMpFTtltth9tCdxA1w=,iv:jwfPIEIjScNJQN2jBvG5giUES/OSDH/6+PP+kaMgumI=,tag:3QbYz69If3d6jcWAz2KA+g==,type:str] + - ENC[AES256_GCM,data:kvfdYouYmEsqEGLyMQ==,iv:lf1E/pqIAI49nbqbZ0H3rjZwMNH7r7T4VMHd1JiUehY=,tag:re+izFOad5Rh7AUgxfWY9g==,type:str] + - ENC[AES256_GCM,data:Ldc3utn4MvP1M/bCtw==,iv:6tS75clgzyX2KTGaVyCrMW/6Ab1EA91WPDWxXWyDBNI=,tag:F4ZZsjqIRsMT7p2ImyEffw==,type:str] + - ENC[AES256_GCM,data:fMjYes15rqxmtjVW9Q==,iv:cg03z0oFVCEVfd3WRqOFI90/AqwKqe4ld0jx9eSi9wU=,tag:Jmo1AseDgURpleLw/1WLog==,type:str] + - ENC[AES256_GCM,data:FxMtZ8sDgt1MA1Ho,iv:I2F4BG9PHYLNdqNA426uPSckhZrjcGh1NTBnAFyM7G0=,tag:N225cA6yw2fC8v9CUaK/xQ==,type:str] + - ENC[AES256_GCM,data:1c72rLa+yz4D2A20b9g=,iv:NHlANyDMlYxFMIzZkY82p1mirMMAy502k5lCzTJhJ3A=,tag:C2m55EUj2Rm2C/B5bEwZ5w==,type:str] + - ENC[AES256_GCM,data:BCZH+BN39nrN4KRwwaA=,iv:0VMyVh3VEKkfFNlWGMohBk3rE09hWTr/34UCloE1Wb4=,tag:2bYQb6SvmA2S/y7/W14KLw==,type:str] + - ENC[AES256_GCM,data:XXDAN5+QEVcpzvA2TJ0=,iv:rmLaBynAfYMcVbbS//EXQKFxe3QZjHzpCv9QVQXTtyY=,tag:1tgCa14UufZdheE1t6Hz2w==,type:str] + - ENC[AES256_GCM,data:6EaO4Gu/3ne8WRTlR7EV,iv:C6MJy8DWKzuhIdhK6RttzsJ4qJDWKcCX98t/BLOLn4g=,tag:/hnkb7IfgON2IpnluhBJIQ==,type:str] + - ENC[AES256_GCM,data:nJSI01qR9xNrT+0qDYH5SzznWPYoIPCq,iv:946UC09tfPOSAOthBXkRvbdhenDOVQzSaGmzvzd62lE=,tag:OXzFUi/iWA3vzLiqFo4hqA==,type:str] + - ENC[AES256_GCM,data:Iz7SKDZaisIhH1mESstMbowcLPKekLM=,iv:f0tdy5Jm7uIjAuk5uLQAoL/20gEKVGNXkVJcfkBZm74=,tag:DNuXfnZA2wmSSTEiYnJtig==,type:str] + - ENC[AES256_GCM,data:3ift0+zM50fvjV1TLpCQOQI80Fg=,iv:Kc4kfnRHm0B1a1648PFPrBrhushYdY1h0JJjkrCM0/o=,tag:nuBq36ICtd4HREs7Q6CU8A==,type:str] + - ENC[AES256_GCM,data:dWV4/MLAY9ZAINkJIwng,iv:ND/dQ3F5TnibZsxkTZQ5bf1ttwJ57VBZzE27eDYQljU=,tag:AT5YiI8FurFT0lyCoh3AYQ==,type:str] + - ENC[AES256_GCM,data:24k0agIAzSLusTRP,iv:d5H2i0+g1GQXxljvRAJuzNS6fgSYNNJeuxDl3XHzDXY=,tag:xRJx8GoE3+/64BTtE8HZEw==,type:str] + - ENC[AES256_GCM,data:+gNTNaADWwfqcWeT,iv:ahKgr6fY+cxuJ+x07pnQTjPWWLnspQeChbAZdexhxeA=,tag:5SpzmKSS3E2L2+nvJlPqeg==,type:str] + - ENC[AES256_GCM,data:lKCsQmBII0f8ME91Uw==,iv:ZGMRn65K80oiQYud4aOJD55Pote6MMRWd4GPhUZgYhE=,tag:52ciNW18m/zpk25jeJ5GOA==,type:str] + - ENC[AES256_GCM,data:2VcbdSlprPy6rVWu,iv:AHElN7C7S4tJXdeu5o05P+fzNBBLXIsxhC3r7ENLpfc=,tag:A+qThgUH4VkrDySCST/seQ==,type:str] + - ENC[AES256_GCM,data:GlD37f6OAJnjEVe+yrI=,iv:lHZtSNzCkX1/uPyBNynaFoJV1nb/RlahU43/tUZMQ+I=,tag:ZqnSzCFAuXIGgKApfXj3BA==,type:str] + - ENC[AES256_GCM,data:DQAb2vexvnY4fw==,iv:+ImLqEGhlR0JpgRwFZ9N2bzlSJ8SuOzl0iv1rltgUyU=,tag:lmpZHs4xQcUIqY1uSol7UQ==,type:str] + - ENC[AES256_GCM,data:7ly+87R9ME2BxTks8QPOXA==,iv:LnSbZWUs1buMfqD50uJlVLwS5XdtFj/wJzpAYY18j/4=,tag:7ELBFCdgy/0Pv7Kd3905ZA==,type:str] + - ENC[AES256_GCM,data:Grwao0BI2bW6HxSI,iv:R3zVj+FiAz0Uu0c+spVZbSBV27c4q8IgRbbvohadfwg=,tag:8ebzkZvOKcvTfJd750feMA==,type:str] + - ENC[AES256_GCM,data:XqB06rLjsGfrX7uuoC4aaw==,iv:NIIIzD4epAPIueNQKfe/fAwTWmnHzVgm4O+cglb9Vro=,tag:7tsAdV/zNTukxK/w+nheZw==,type:str] + - ENC[AES256_GCM,data:q37J7ikqjvCB4dlgIg==,iv:I8PwTIw0oeHnuF2Hs1zT0Q79o/hLNeim0DxJq8Azl4g=,tag:araTuhmo32MvQXqlrpew1w==,type:str] + - ENC[AES256_GCM,data:Lj1PtpVEQBY=,iv:UVaPOK62EPXNSRR1RVQEy0oNSwLDcE9JaLXiMTQIzaI=,tag:64+zfGyw18ZZ5fjm//Ifnw==,type:str] + - ENC[AES256_GCM,data:ql8swdJYBA==,iv:362uquCbWQjJgsbBK98VpH3s4XhhPMK+yZAoqNFA/qw=,tag:rtbrHffiWTCwRPej/8UbJQ==,type:str] + - ENC[AES256_GCM,data:lEIDJCYYWiHzf3LB,iv:GiE/PpLTjEofXkn5xBg2PgRwb5vHUdTJTZlKzSshcSg=,tag:4WggfKmDUvKIkuTU0rQJcQ==,type:str] + - ENC[AES256_GCM,data:g/gz4WyadmZWqTqj,iv:oZ71KDXePB+ZDes7y2V4TvBoQ8kPdvcbUgtv3AVe+Ac=,tag:kY9NXUiiDLCdJgAVNw1rFg==,type:str] + - ENC[AES256_GCM,data:yraQ/Oekrtyp9eGH,iv:1349NV11rA8hVdAvouW+dyqTVrHN+38oS+57L6J8MlA=,tag:RQ067GxeLtZcVyhnsu0NSQ==,type:str] + - ENC[AES256_GCM,data:L9iT5q/1Qscuv9ChDg==,iv:GZy3+PzRHBiNK//xRe8GZuBSKuJzTxh6DpDh7xP63Kc=,tag:rrWieP6MGu/FcKl/WJ3Tlw==,type:str] + - ENC[AES256_GCM,data:TTKGr++WfrMEFWDed2FpvQ==,iv:U3AzbSyL73I6PoDDuT7vMwCNUsm9TcqmATXMq5vsIFk=,tag:nbAn7r6LFaXJGTuwav9YZQ==,type:str] + - ENC[AES256_GCM,data:rQzxDK8kCfxAO3vhoLsZ7g==,iv:fUJw09DCHim78sKXGji9NW14JY+z1EOgJznc5K3ygBQ=,tag:ixmaAnp41ZHLJhfAjOrl5g==,type:str] + - ENC[AES256_GCM,data:LOMSblewVty9Eg==,iv:eIoNavNgngyWifuHthXe5fyjS8YnqhCrMAk4AQaBc+E=,tag:TCOW/Cey6S4Rd6q2jthmiQ==,type:str] + - ENC[AES256_GCM,data:Nu3/4UbWzxoh,iv:n3n+hD5aaPtKXd5eJv622RGzu7vm4kCp1FTWLjDc9KY=,tag:vM8p7T0MoE8EvonaiPIUNw==,type:str] + - ENC[AES256_GCM,data:R9SEZpxxYeUvOg==,iv:VG00LEIBKtBw0KmS2d+F4O2IgQIpQj8r3PhXLkHFnUM=,tag:iVj6LObWbCX4vRKCGP1XaA==,type:str] + - ENC[AES256_GCM,data:thfQcrZXB434,iv:CAUdOpZWL0z92OQSSH8DOQAekFanERxJMvNnxRIZsTk=,tag:mhmLEi1jPL/YvzZUZuIenQ==,type:str] + - ENC[AES256_GCM,data:81zq5WMGtNkhAJs=,iv:RZKePei79KcQAyYGzQwhEvvgsFjliuPHEo2grMJRGvk=,tag:TprmDfSgDRskgeNVu+FweA==,type:str] + - ENC[AES256_GCM,data:D/0Hdgc2LXU=,iv:N8tVSJ5M07JNSLynSrlGLnsIhSI6rUH3YHT5/f3u/XE=,tag:g/zPcG7KjuCvmxOkh4H6gQ==,type:str] + - ENC[AES256_GCM,data:h+OlQ5fUtclgdmc=,iv:T+xKD2LqYxFM/8ZtAnLCvHWC0biqsjjKJNDjOF+Twl8=,tag:FOsDeJv7ZK3bETd7qvMG1Q==,type:str] + - ENC[AES256_GCM,data:dXiLkpIkm08LM7U=,iv:eEqOot759dBZr+3UJoYG6mMQsdGBdu3TByu2WaDWdsA=,tag:Pz/tZmSJMQHWT5n242N71w==,type:str] + - ENC[AES256_GCM,data:ve7JP+z6ZH0dXB2B,iv:HwqBwtL0rP2J5QkxRgGOhVUctjPgatzS2N3S0PaQdWQ=,tag:9y0QNNud1b2b0uZhDgNGNQ==,type:str] + - ENC[AES256_GCM,data:7AKtb5hB/UqO/6Ib4aoJ,iv:pU+VbgOMvKCy45PaQPG6uwhG85o8p6VEx2hKGf5CyIA=,tag:fC4LWhsML+OeMRiXoH7HxA==,type:str] + - ENC[AES256_GCM,data:NVojsQfnYP+oEJ4u,iv:T9Om+GOnquzL4Oh0D9RVQ7uCaqKeUqmH3MXRxwOnFY4=,tag:tvvLdUf2ii7P6lRHOHDc6A==,type:str] + - ENC[AES256_GCM,data:r97LBr/06MNSgXSdRQ==,iv:Iek9HWI0uS6h5OLVc8GYap/7Celv4cqS7KWKH+Zjx+8=,tag:2pA011gr9XC7zOG6VmyG2A==,type:str] + - ENC[AES256_GCM,data:QmYXqeSU2CYQujB6nDY=,iv:KluyUrRWxu2rb+0F0tkY32TpboKBUtHxAbY5TkhOT/Y=,tag:PV8sxHABbcpesNqqH1YgVQ==,type:str] + - ENC[AES256_GCM,data:hcC99PU4kW9OiVWx,iv:cCiw2BDOObK8rBGJzhCruFC6DxRz9azMMDPJ9USZ1Sk=,tag:d5VbuGchK7hOGrb8Q0lgLA==,type:str] + - ENC[AES256_GCM,data:3dcEBmeN/gQ=,iv:JUzEMA9Yzmmcc1n9UT3SDrus0cyswymwlvuD5UhlXh0=,tag:SPkr/F2Vuxww6nq7sGG2Fw==,type:str] + - ENC[AES256_GCM,data:Kko4GG06mWck,iv:Gemf1veTikOI0m+jI4gjIraHaAgJR2WzilZUg1T4luE=,tag:O7E48dIVO1Cy/DIH7j4xTA==,type:str] + - ENC[AES256_GCM,data:DeLNNI2c44998H8mv32LSEYynGA=,iv:zby1OcFPfDl6CMP9cDRynqL1lGQPOR/dpxz40AshGzw=,tag:cSkhg9bTe5X8vqCHptaIyw==,type:str] + - ENC[AES256_GCM,data:d0ttEgQstW32IdBpKBol,iv:kAEByaGRQ0rUbZmBrapo2RjdDkOF5mrM8M6MQJso3EE=,tag:3Ymrw2tCxwLJ5GTXQtdSzQ==,type:str] + - ENC[AES256_GCM,data:GXSWBTPQ6ykSuVz/rjg=,iv:pab4roJRYCXD6NgvnccvXQyDGs6xFmT+SxjoMyM8lL4=,tag:MDj8UUJxJjMXHl59eMpNgA==,type:str] + - ENC[AES256_GCM,data:CC8TfieEQSJgrLrEkbxm0tpOUKs=,iv:MBOUZCqfmf/hoptb5OW7JS+y8apb+kobmfB/mPim3ak=,tag:YoVx/WNrE7J0ZUeUMEE+cA==,type:str] + - ENC[AES256_GCM,data:iE7Phxk9q6MQupnZ,iv:s5f2UQxyoa5uvysBNLxFLuIGOqMaHfhF4I0GCjSTs8Y=,tag:p2y9DtrYqo/dNAt3JShONA==,type:str] + - ENC[AES256_GCM,data:v3eoIJPRu/TAmZR5,iv:3pv3vTgso+FHTVOIrrYsiS/T51IZeKeDqklbTIFRHts=,tag:jqCeyNb62PxcXrZzzY/PGQ==,type:str] + - ENC[AES256_GCM,data:IfTW9bjDFzEY6w6aFKM=,iv:7WOKtVkS367x7wu3SDaD13TelgeGoXi7dPrWdy9lvVs=,tag:pzx78V5EpGt5spAxvxauUw==,type:str] + - ENC[AES256_GCM,data:WQ5hGWX0SdrKitjbvQU6,iv:snN+t0ASSbnjWs/3VeuSORnsCkwC+exwvBukqT8rLog=,tag:trhY8tmIwBk9jwzHJlycYA==,type:str] + - ENC[AES256_GCM,data:Gd+9jOYiASd3O5cuGQ==,iv:mrbMXZpqzyiHMf5/+b9MLblL8BiN5/vRwIDyR6wCOO4=,tag:CE0804nbGLr+VWHDKyt0Lg==,type:str] + - ENC[AES256_GCM,data:/HP2bKFzABYU0Kie76cb3h8=,iv:/faoDjwfeDRdiLtPKutTWPeCqfhJHc506pNrnuYSMxY=,tag:nF3MXzX7X0F6VeYvxJ0M9Q==,type:str] + - ENC[AES256_GCM,data:L1sqaNntDHDLbpbH5kxi,iv:a3r23lN68BWpgeX3fLI7IlHR6lnCNgTgHzWkvBdhCY4=,tag:LxPsp/q1WdId0mONzKWBNQ==,type:str] + - ENC[AES256_GCM,data:OSZI6921MUg4edGLjg==,iv:ZpzTbFHCepvTTKtRkc6Lym/QDo6Zd9kybtW1OwiyG7w=,tag:dwLx3i+G6mRNvWVv2mR9EA==,type:str] + - ENC[AES256_GCM,data:/F3uXIQKx/Etu8fG,iv:LLc9Vkd//WfRW/+nrLOmpQmRiAx3h/fw1brtG1AUox8=,tag:thycJSmmRGkez5h2Ny0ySA==,type:str] + - ENC[AES256_GCM,data:hF15yQw31j33cbYDSwDh,iv:m+Dxzb0BnR+4h4dXI5M6lCrIy8XAbQjFkB/7+3Pi2b4=,tag:KbiuLCFAuobHG9uh9n3W8g==,type:str] + - ENC[AES256_GCM,data:gplvLe6AXyGmECds,iv:1OtQMrRj7psp+RqPM6LuJwN58VPS7mzsxFdD3FIOG4Q=,tag:mloIfJA8Z+m1BUUpfoJqLQ==,type:str] + - ENC[AES256_GCM,data:61zNXaVAubRKf0vi,iv:E/5lSmJl6qaaKndlXqZWJf7hJ6K9I3pqb3pyvJcNgu0=,tag:i8AY4nF4NVPqy6HXicz++g==,type:str] + - ENC[AES256_GCM,data:H04/j3yd+iWB+rFHgA==,iv:pu3u7Gulq2JdL1sK6GaAbblr54pNzxm2brPk0TSZI/I=,tag:3Gt1ccEbGOw1nM/u2uDHZw==,type:str] + - ENC[AES256_GCM,data:FvFOc2J7UC92DoRmGM/k,iv:mBsNyE8rL6JLIXaQx1O9DQVG1pY/IWhLNz1D/nNq4a0=,tag:5NhfKSSNRhm5U1ntMplj0w==,type:str] + - ENC[AES256_GCM,data:yYEuk8BXq5yH7TbkRA==,iv:nGlysD8vyGJaqpcNnd/H6RStTIWwhCvsXtn5UvMW7Wg=,tag:MIV3f10ou8DpyFjd4k4VSg==,type:str] + - ENC[AES256_GCM,data:WMYnyqhpBnYVuII/V2CG,iv:vFdNe+wuZpTHcsLkQKEVFBdte7W4SlCccUbVgn9WPPc=,tag:uLCqJvwm9vYMh0hXT9iYnQ==,type:str] + - ENC[AES256_GCM,data:4q9bYX7WUV7pfbDoZg==,iv:283m/2MJFjPkRgtMZ0Y83NmX88O0a9DY2SprejFhKm0=,tag:c7UXXOB6e9/i131q94RBCQ==,type:str] + - ENC[AES256_GCM,data:xcd6qIdGg3L8,iv:C5RRD/Fe52FZ7ZGBZBMOoDlzPWmOia87oaXVbGjeRG0=,tag:QEbC0b0oLy6Zys4WnxiQwQ==,type:str] + - ENC[AES256_GCM,data:KpcrToJlV0MPCQ==,iv:L7WpHRHooneK8e4ibBacyTp/DIYrdBufPnZRqUzMsLY=,tag:c+0hr4oIsxNS9WTn9GGRFA==,type:str] + - ENC[AES256_GCM,data:VnShpENymnUYVmZv,iv:Qj4gHjcfXqb9IjL9ZmiLZJ5nYoH20SPGv50n7ZFE16U=,tag:6nz9tqindn1hPl7DgtByuQ==,type:str] + - ENC[AES256_GCM,data:q0qmbgZguSxEoJE=,iv:hv3Ny3/XRGBJ3H3pHunZdJjBE215wK+niBvjQVQjcEo=,tag:PVS9q7DPCArkf0YLBJ/VoA==,type:str] + - ENC[AES256_GCM,data:+N2GGovc8eWPpvo=,iv:NteHJWgTNWmlsMdOj18hJbO4mArbHqOPvT83VKNJIfg=,tag:8g/45kBU1DqV1prBuaLosQ==,type:str] + - ENC[AES256_GCM,data:DIxb6t2EYiYWnQ==,iv:2bvLa3Y9cRj5dISkmAY0zUHC+IyXoaymWUsFoSuUl0A=,tag:Z0OpEEg9SGTYyzCUnuKCpw==,type:str] + - ENC[AES256_GCM,data:jWd53ey/Q+NF/Q==,iv:mBiicUsYh5UhZ6M8SOQO0sv7XK8DtiuS3v/d/Oii7a8=,tag:AtGj/uN1FZqYDYYrb6fWrg==,type:str] + - ENC[AES256_GCM,data:ml7oko98CEw+ssA=,iv:j7YJcXjNwP0IQ5gcR3FBGjHYx7ESQUePv6UvfUzgOps=,tag:dy24r+KHdYg3mMgBX0Db1w==,type:str] + - ENC[AES256_GCM,data:BUvjrOMR31ai9xc=,iv:AUYx7+RT1B6vKqDTS9H8qUBO3LeiFnUEYZ0YO/0B5VA=,tag:6oGdnmFN0inWMsC9YPcmqA==,type:str] + - ENC[AES256_GCM,data:PPTwkYoUHOBN1YbiST8=,iv:tTz5WKZjdbS+Y/MFpXSv8GV3bRXYfJMOgZAFMN8g45s=,tag:Utf0jrYkxdkob8YR/XFDsQ==,type:str] + - ENC[AES256_GCM,data:S3ZLcK3PBQ==,iv:fQ0yMKfo1sTy277FORChjADu8VaCpQBIZQQoY+B1jS8=,tag:5Cj6JtUH4wfWqyDCyXH9kQ==,type:str] + - ENC[AES256_GCM,data:mRuqJl5xnGcLu+QK,iv:ViYzLp2tEc8BD/1EUM9pqTHExJ//zwl9mCMQU02zQvg=,tag:1+h+kHA4Q+cfq3YyYsehrg==,type:str] + - ENC[AES256_GCM,data:NsYkPBtIwOkngmKNZVlT2B0=,iv:/nZbeOP7NRvg1g/yqOA6tHZOg9p8ZLzhBtalujSpJWA=,tag:wf1gDCX/Ugy5KXtYwIJurg==,type:str] + - ENC[AES256_GCM,data:KVZDnY4kT/PoJVA=,iv:jZEYonHR3d/iEARtYTJ8Oy2Zxt68ArM42fPH+WsaJBU=,tag:gbveMiCIb2zbN/6RiSeC6Q==,type:str] + - ENC[AES256_GCM,data:phca0yoesY0l0f8xXw==,iv:o7Gh8msQOzjiFua/jVCKSr6VS/Fcmikt9P5l5LLB9GY=,tag:+LKONMbmWgGD8SfvUsbW/A==,type:str] + - ENC[AES256_GCM,data:xtj+4yzNgYZQ,iv:JbVThsC5rg3IQvM7WF3xuqzOYIWtVbIUTzktiwcDpRM=,tag:U3johGHyRvxq6U5YwdvP6w==,type:str] + - ENC[AES256_GCM,data:pTuURJ9Gs1wtxw==,iv:37uJu6srcV5yUqRnwmfPVToAclOIlRepHuMSlFA83u4=,tag:yJbf8WxyCAGIg3DcwtWs+w==,type:str] + - ENC[AES256_GCM,data:RM2BFNDlBDY3qxGj,iv:Ht9TOsffIv+DxjdyepCWS5XWxd6Xay7tQRclKdewev0=,tag:Hik/9hgxv1ChAdaX2WK5nw==,type:str] + - ENC[AES256_GCM,data:p9JR6rz4tuXRFtXJmg==,iv:FRvfIKIe8dYrfCF2JT2NOpqeyAjE1m15/asPi4D4QfA=,tag:xqdEO8AiJqnka9C+2JT4gg==,type:str] + - ENC[AES256_GCM,data:mJf4IzdRRDpoD0uHt9yctjw=,iv:QRNxZWuDaoKIK2Y81UIsM7/2402UrV50pJrEpvcttAk=,tag:7jEqq1fdmsWqEg9B0xuiKw==,type:str] + - ENC[AES256_GCM,data:kfq08V31gyvyemuq2w==,iv:z8LsJKO/ma4esQkTr5Kky/7Up7/H80cwuA+KFPPapTU=,tag:OJoMdIKS897U6fs2pjCL/g==,type:str] + - ENC[AES256_GCM,data:+OzYpDyKRjJkepoy,iv:QROrHNER6tqNGWtuXhyz8vtUp8kBSl+9fidSB8XZbxM=,tag:1svUZfU+XNPkUwRHcLiveg==,type:str] + - ENC[AES256_GCM,data:PS7rkiYloPOfzo2RGvX3mg==,iv:fWxGhRKTfmlmL0i4S+YgmizOPl1+CSlkHMeLzjfxu5o=,tag:lfs6bDdy6kO6PvnPqxKOtQ==,type:str] + - ENC[AES256_GCM,data:I1y6bRaZ01GphTo=,iv:RQAZoYqWqFdX3PDSjUpJWRCOhghGqxUA1XFdIVJM6C0=,tag:peoHx+9VAdlEaL3PQlBz8g==,type:str] + - ENC[AES256_GCM,data:C1413klcZX3aGbhY,iv:0wx7eX8emHUas2FqQM6103xLWXa1mErRCNUVhOcZOh8=,tag:02Wh2mfhmxD4bopYOOyTVg==,type:str] + - ENC[AES256_GCM,data:31PAZI4FOdPZ5ogjFA==,iv:Y2hNJXePfWtVHxDDaKEiiFtSfGJwEH9rWIx/G+AYZSk=,tag:tbwkL7SCTPbZjNLyI8x52w==,type:str] + - ENC[AES256_GCM,data:MZocgMRy3PigGCwQ8hu4YA==,iv:S+dAC2U7WxjB2HQx+fBAq7iREyL7UUltFGCh1ILHed4=,tag:SBOeDdmim9QdLrHgFQXA3g==,type:str] + - ENC[AES256_GCM,data:2zNraoQr6GOHfCR6OLUVEJI=,iv:RSK35mL3O2mR86S+HPfKeK8tsgUq/ZQcQty1do3KY6w=,tag:N8OQnAXAQrQQ+uiYimPHng==,type:str] + - ENC[AES256_GCM,data:PFw/AHAKXdbryGAI4w==,iv:MQoBCQsZtUwY8RtrpygvjpiYA3NkwYpZloRqzgQg+N8=,tag:vZa9c36wGX89ptilKVbolg==,type:str] + - ENC[AES256_GCM,data:SyIRoiOCqHX33Z/p,iv:QKvzFXduiZ9JjbDR0KjdEET4acNNB9FS89bRUs4Gw7M=,tag:YtXXs8Up5Os9B7jxzlnMqA==,type:str] + - ENC[AES256_GCM,data:pWpAGyIJDaMx5KwVBGJQqN4=,iv:+oGsy9jtynh2JPbxz1eSpEmAr1hdgYxdcKilVoYFQVo=,tag:Z6KauxhLEQm/60C5JvySWA==,type:str] + - ENC[AES256_GCM,data:4z3C3XOJz95d/FV4suMVaKme/0g=,iv:Al65P1ou1u9Pr8MmgxQuLlWcB1HP+bmUGghwcNte1rc=,tag:ssSqwIlgBhtrYYnMNBkdYg==,type:str] + - ENC[AES256_GCM,data:Hj9R4d7E+RryybvgkRk2t8Gm3WhV,iv:E201Wx2RCzbv0R983nhRBW2UXyMn755InT2kEqmKQXE=,tag:nqXNFIUNvkwPy47Rn6zIJA==,type:str] + - ENC[AES256_GCM,data:euzqlA6fVj9bnERULE81rZcM,iv:6GRj+JQ7gXP6ycVzm1us/N5OBMD3ZPFUWJMaRNBa2OE=,tag:PopqiwYRL0rLH/zMPFDg+A==,type:str] + - ENC[AES256_GCM,data:ArguZm7OwePch9YpXeY+wXamzw==,iv:ojULnIwdWnmnGC/EolbCYQevwJ1XtGJGMlrzJcy4yCI=,tag:KjVqA5xjYDVlvhSRH+m5WQ==,type:str] + - ENC[AES256_GCM,data:UjSj11YAlyGpV7RC,iv:Y4PCek46WgRQCjK0vUKpOcpurYAjItAsT4GbHroA0ZM=,tag:+M1p3rthKYQ1Cq8T4fxauw==,type:str] + - ENC[AES256_GCM,data:REl1uFgxFhf4AWnePkomesY=,iv:2tPjHTM90JbwX8oaFo4Ldn4E5ye7jy93X6IopMvEwsE=,tag:BGJEzWcGQolgytwAbKEzsQ==,type:str] + - ENC[AES256_GCM,data:kZVzopHHJlGIkbQsGjkx1H/F,iv:mKvXy3epG6T02RT9YFJhb12olDyvdMmbTT7SGIGqPJ4=,tag:GZdvntf6edymKWlXcWthgg==,type:str] + - ENC[AES256_GCM,data:+yZdMi0CY/5K/yLiWqWcs/yO5Q==,iv:0k/5pc1pU+Vy/fFheX4fL6L8NrM/F0PmE36qnodNMag=,tag:+dE6Szs28XltQtFBigGqsQ==,type:str] + - ENC[AES256_GCM,data:hfhhQew0xDjVMhbneL2gEFAeHHY=,iv:FEiKJVUTG8QUS6mJ74zHGr/LI/OBnKlUIRIgtZwGy/E=,tag:IerQKLZecSZomSE5VjzcNg==,type:str] + - ENC[AES256_GCM,data:q5cousgNIP5ViAO5HxHI1SWjelSk0YU=,iv:ri6HnEG+/MwOWaepzN4weU9FUQbyJ2egd3QdtL8EZwA=,tag:WqLqHtPmrQqW3N2yHp+iKQ==,type:str] + - ENC[AES256_GCM,data:6P1qO1rUgrSmfZV72CPk4fRV1zK7,iv:LZ9JFWIRdyWE2Okxnx++2KjpBU4lUmzNh4/rX0iDk20=,tag:ikN7Lrja4/Ot4Qp4WudOMA==,type:str] + - ENC[AES256_GCM,data:AQBBBT2XVdxp+TD+gPCvHo96I3Pw2MDK,iv:bhg1BarL67R4P/y/E2B9gg1vl3GU8Q/QNqtnaafyhvo=,tag:HJkXTPV4a1VBDyLbcpmD6w==,type:str] + - ENC[AES256_GCM,data:FHDHGAABNXvGM3tZ2FacebxdIEym/7Dn,iv:6WNjyNjHoePmeDobDuUwAFpXSf4H9aYeKPsU2xz+g80=,tag:lytfQ5g1N3pVrKJlthLcDA==,type:str] + - ENC[AES256_GCM,data:rS4YBQ8Oeh1ZXzzDzE381tNwJw==,iv:7QmcGKEjE5XBPCOEjI0TDxgbdnrIO2INvvr9fDiIMv4=,tag:pnJzoGb38tR2eZ13hn4TRA==,type:str] + - ENC[AES256_GCM,data:u5LF5MxoPrzEJbwGwLxgoOM782A=,iv:x/vuVjm54hsE0gjMncgEwm92+C9CrG4pAFaVi2TOuz8=,tag:lXE9r+CQm1m+P6XXCE3i+w==,type:str] + - ENC[AES256_GCM,data:OP7Rjxo18HASvPp4Z1Do80/xaDlq,iv:4oqrEpfwVSeLeUlY+zxf0zVo1rPNg75DUeJIlVEb8Ac=,tag:5rtJx5PalukQdCw6Gm9+Fw==,type:str] + - ENC[AES256_GCM,data:D+rDutda+e4bo5alBZgc0eWtbf4o,iv:omTjA2QE2cM7R5AaVo0aMEdczsWBlqDMLaqhCQlJUqA=,tag:2J6XUOWcjes6rV1QHEchIg==,type:str] + - ENC[AES256_GCM,data:o7U1I1kfeEGZ/h08snkxE10I,iv:wRlcJNxBQ2T0ILgmoMwzhdZYSRhHaHROZzBC4RF+EwE=,tag:dZTvrpYC5V4/Yye2YMlgNQ==,type:str] + - ENC[AES256_GCM,data:WIKihMhv5E+D9Vlm+GscskPwJg==,iv:dha4wfb5pxlALG+t2GRMHGCZsUnkNE0r3g7Fknta9Yg=,tag:Zhpl16yoVnUkEkOMuDmtZg==,type:str] + - ENC[AES256_GCM,data:tIBheA+4NY6DnuF7t0e8GKI=,iv:a/8Nc1CyS7KrjJTfBSPq2Br4Z2W0HlBDnV6SLLXr2A4=,tag:Nr+Jw6kwAHtF/WjwusBL5w==,type:str] + - ENC[AES256_GCM,data:7OnLNndsyCbc6+E4msJh+tE3,iv:vTbGoKLStUfGz1NmlyQfWdOnaXKK1T0VlWR8jvuWb00=,tag:2BHbcufX5MRqo3HPTC4VtA==,type:str] + - ENC[AES256_GCM,data:zls23YiDljIm7JDBuyDCyV92DQ==,iv:e8U0ZEztNMb9R44PYDcc7I96UcnKQN+Kax6T3gpjrMo=,tag:+F/Zvfj6yhycP89qkCIacw==,type:str] + - ENC[AES256_GCM,data:5c2PSqy8t3h51B7wxnlNRcIt,iv:mInCXXllJsf+YIL2LiApC0BojsjEtbbm3Th50kZz120=,tag:tsJCv777pTG7CbcUPOmtJw==,type:str] + - ENC[AES256_GCM,data:vFL3Q6P9HOK6LxRdS8NL48c=,iv:0HEKSOisCzQIOTUCxGcx06yi+tmbFyXFXVWA3L/a104=,tag:2Wd238pRvqqWkJIcQdQT6w==,type:str] + - ENC[AES256_GCM,data:7LEfRxHsltHhVhxhLDplpbCE6g==,iv:7KLdS9Tc9NxxFsZmiXAFDvkWN4LVgkSMG8qXMGriUGM=,tag:Y7CxHxxtQkQndc8vpGjjZQ==,type:str] + - ENC[AES256_GCM,data:ud7GHJjBspEbE64YAVq9wOMl,iv:d4sEPNW0Ybz6KKhjPOFlo5Y3k1yST5VJCsQyC3m8udo=,tag:htJlyWCdeb+sl9Yl9beo7A==,type:str] + - ENC[AES256_GCM,data:VS4Djaw/DGtwzGOfU8JFbWTdzg==,iv:2Sz+L1/t43S6VHMI2hqWn67q1o33n8b19EwvIrWI+iw=,tag:PIcueLARKSOzoKFGL2gW7Q==,type:str] + - ENC[AES256_GCM,data:7JU/F/wTiIQGv1tDOERFXHALzg==,iv:6ri7jv31g1r0M++xBfQgGpQuKK97aHKQJiLZoJkqXF0=,tag:8ENJ4xh6c8bK8js/drWNkg==,type:str] + - ENC[AES256_GCM,data:2Wdh5WdN3pSYzgdjku3YIqEVmw==,iv:/al8SBw/PGKFeJxkttpcjQZvmCONSW4zrzXWBLT+nx8=,tag:Nd/M0gO5cOYLe+ZnwSH79Q==,type:str] + - ENC[AES256_GCM,data:ddCQf838Y00GicBIwfZjcQ==,iv:UHibuA/2Q9WF/W603sytIhXdBT7n2U4B7g5Hwu9PGMk=,tag:zza+fmmEJ6KrYn8uuxE4cg==,type:str] + - ENC[AES256_GCM,data:bG2jSTaL8a5UUlgjS6g=,iv:xobkKYIgMpNSC+0s6ajnLMw8cYGMnrkueOyL7hCZabo=,tag:LiwOT5WUb84PmemggCTtQA==,type:str] + - ENC[AES256_GCM,data:dz95NHZH3lDoLwFZIgyIM6ZVN5U=,iv:xucq9kFbiStZdLDM2eyLdUG3Qjf5cif0zNR8AyTJSh8=,tag:yAZN4dnovEVd7fYlApABgQ==,type:str] + - ENC[AES256_GCM,data:Hi6eYcmbMT9pu1jyBGsKWbhO,iv:yicSXBJ8Z1vF+1OB+k/cp5e5nM111ZRMu7FXzZM8w7A=,tag:X254KtqUxw6/zUCxFJZ7MA==,type:str] + - ENC[AES256_GCM,data:S2YECVyeiSur4X8F8XX/W1Vh4Q==,iv:3cKCLiONuSX50QBA3R9QUjoX1yuFLHJl0qHoRMO5Bzk=,tag:3kUaxE+Hz92mKashpThrQg==,type:str] + - ENC[AES256_GCM,data:zri4a+GQyqpGPuqo,iv:aoGzlmWGIYVPxSOwfD6VFYqmt2y/Pa4hyqEDGxc/y3w=,tag:wdLCRTAKisiLwBcAOcZ4yA==,type:str] + - ENC[AES256_GCM,data:HjdtB9OucBbnX2Z+M60CEu4=,iv:ck+WPZlWdxxoz9Lv/ZH88FJwoaBamYS66M+4j42vcBc=,tag:gs/1WW8bG0E6ZYonxWHQjw==,type:str] + - ENC[AES256_GCM,data:cBfN9M1O8v5u+w==,iv:wUxAacuy/Nc2k8snEIs7pGp+5dyXwe4qPWbf95vVCjg=,tag:GsOifwviYuMLpTHT9R/7aw==,type:str] + - ENC[AES256_GCM,data:jJEe6WfiKgv6,iv:/1JatEv30aSOWBwgKcJ1QM/6nAvPxqV8cfxPDKFaF1Q=,tag:1zgZCt1pqjqA6Hpq5QZrnQ==,type:str] + - ENC[AES256_GCM,data:fuyrOPO1sz1N/Ws=,iv:Voh3im5tSB1MjYsUxPBYunW59coVv/R5sE4xSaaqeaU=,tag:2h5eAc6O6j0MWjX6xDSd4g==,type:str] + - ENC[AES256_GCM,data:GWM95a3/isGy9OQ1BTuaOQ==,iv:Vp97yLzcEzt5/+lrYUcP21RZcp0kcYDz5GsTMqLTE7k=,tag:E3413XQyBrzEsqQDaYeymA==,type:str] + - ENC[AES256_GCM,data:jKRa1jNQQqJEL2DQhPCO,iv:KsZkWoGAEfO7G+lI1LcT+AlirymwgdkoaJvnr5rncro=,tag:LsWPgWgdR1Q1LUVw4JVaEA==,type:str] + - ENC[AES256_GCM,data:HR8Wv6HDwnfbbeNJ,iv:95HBlhfqZakSP7Ptqd9jN/3g6eDeyXN840Qg/+p9RCk=,tag:SqlV4LEdLxW564usBMRONg==,type:str] + - ENC[AES256_GCM,data:ZGb2D0sesNJosNiEv/CL,iv:PHDbNbV9hVl3vnL39d1Ybqios1elimyKPVsS3cH8sxU=,tag:yOsLBzaPmNIEhvUo1G2l1Q==,type:str] + - ENC[AES256_GCM,data:iEQa9ciyaih5LZ575oAk7g==,iv:VJ/Sc9V1WuyybOKDZvVZryPXAr+x/XArw44BAcoW6mQ=,tag:UEC00t3zON5d0A03954RSA==,type:str] + - ENC[AES256_GCM,data:bxNSb3mBdvIZbGc=,iv:Db02J5eMobzrLCLAj2vNg/otYm5Z9ot3fbYVvjuP2Ao=,tag:00aGbU5llEdcYBbvJpFSCQ==,type:str] + - ENC[AES256_GCM,data:eUJ1iMvx8D/Y574NBYk=,iv:ojSzYZ2b6yrbPd4CEPGAYawNWFzIW7FfFkDw4orhWXQ=,tag:hyCY/H+pKayVltDKCzGQrg==,type:str] + - ENC[AES256_GCM,data:QIMUnprThfuRQuDdCPE5,iv:hdaodA2GapEEpQ2ZoMim7CKnZd6rsp40BLPHAQK9zjg=,tag:ulp1jOq0OZd20opzwcaMgw==,type:str] + - ENC[AES256_GCM,data:s3uJ2e2AcJIYqUg=,iv:fLGr2SdBBPyetLrg6swENjRU5N29AfmqDJpdTNbjJUQ=,tag:4SV6Rtr37MFUz+5htqdTew==,type:str] + - ENC[AES256_GCM,data:BBEGEdKzxxTVf5r1,iv:HwTBCLqgC7XrBQn+ln/Gi+hq9V+Ww/Hjq2bX/+ciFac=,tag:Nz5ohPPrM13FsNJiz1g12w==,type:str] + - ENC[AES256_GCM,data:HdLTg79TZUUlhlqcu/0=,iv:EE2efUbg/psAti2iSNoOiq0UUGpGDcTvvwIKllOaKb0=,tag:uYsN5pixvqc3mvKJWFXdYQ==,type:str] + - ENC[AES256_GCM,data:UBCarJtzLdWZamA=,iv:ut1fdtNcBYYItxMuXUlGzmZdLLlLFp2fBaI17xqVPjc=,tag:DS8PsuTwCjgN4s5F2v99TQ==,type:str] + - ENC[AES256_GCM,data:Nte8v8Uf2KOzKFM=,iv:OxxiwcAs0Um3vta+kVETp0S/kmfoysVBMyq6UYT/og8=,tag:d8B9yUHd6BZw9ZMRAin0/g==,type:str] + - ENC[AES256_GCM,data:6FVsSSitdE9VAiGJvg==,iv:ugOtLeRWtP/YvQEjMpGx4elfwyzzv5zvW6Wga9bRQkY=,tag:udjPIjSJ8PCnCATQRyh/rQ==,type:str] + - ENC[AES256_GCM,data:xqD7oT02vV4WgbHQ9rc=,iv:58UOVtA0IearK7hUgStBMa1cv/7E/zlrA+hBTp5aJDI=,tag:P/h4rXqDM0vzajSUfYZi/w==,type:str] + - ENC[AES256_GCM,data:LJmdrm64rs1rkQ==,iv:raHegwmDmlkFDvrVoLIBHq/D6R794kCb+hYO2FX3gxM=,tag:pslBPvuGQSGZw1Z5EuOttQ==,type:str] + - ENC[AES256_GCM,data:EM3FCGxT5niOXw==,iv:AhsaIbaVrp3zOM0JSE9+6Fn8ON1WRqeDJLcVBpWfR8A=,tag:7GMhG/TlHHK7Q5omF1MN2Q==,type:str] + - ENC[AES256_GCM,data:goRDSnoiDTjrbTnq,iv:3r8Td7rvMKentkG2lss8zHc7DkVSYoWmK+LGc6rmYhA=,tag:25276Q1mX3sgwPaRi7SC5A==,type:str] + - ENC[AES256_GCM,data:z4n/qV8U0wkRUJsO1LHaXg==,iv:GOgb7o7ZmKTZ9KraV7Fm90jYKnE04LPWkP7T6QbubW8=,tag:QAaIXnC68ZGFtRz0UpDE9Q==,type:str] + - ENC[AES256_GCM,data:g8tiz5K9HRC7LkEKHCUu,iv:zbUH34cffUO/cdm+eKHgAcOtAvUCehms4xzYMx4v3o8=,tag:QWAive8DFrSpGMj0L/G3cQ==,type:str] + - ENC[AES256_GCM,data:5xHS020EzFQ2AtIlZ9hK2M8oBQ==,iv:VDhD7s2nlMYVy1vURjU7DYsYbGCFMmOT5TgnED4eC8Y=,tag:KgPSYNUON/vOGISbKoWueQ==,type:str] + - ENC[AES256_GCM,data:pVRG01dqPyFHXHztnquOhA==,iv:AVn1fawgFpsElWIZ0D8bWbIO1mOLj8sziHqEqrdrDUk=,tag:qJFUtoyqNqQT180xAKbVMw==,type:str] + - ENC[AES256_GCM,data:0GUS2KcUyZVR,iv:bqEuHEcFFvAm42wceiNsvNTfAcWSjs7qPBoHVwL2OJE=,tag:C7XDF1DWOjSKmdHGNw43VQ==,type:str] + - ENC[AES256_GCM,data:++VkrLElYgc=,iv:rvkoifSUVqsiAVss9zVDQBscBVoM7sSgETLbB3gFBgM=,tag:WWgZ0ssTeSFBFPEvzw2EYA==,type:str] + - ENC[AES256_GCM,data:qg6t1jcI0OiEwQ==,iv:uXnEarC4gEV/2kjkJFTV5he9rZeiM7UUIggdEXSidfA=,tag:Anr6unR9+AUq3VHeKgiYtA==,type:str] + - ENC[AES256_GCM,data:w6ZtUboG1FK9y3pL,iv:xxLZrE2UzTbFiBJvMZUPU+iue/4f4hH7g0e0TgcJ8+Y=,tag:QWpEaRaXgqPQjE5RlJnaXQ==,type:str] + - ENC[AES256_GCM,data:gHBk4qUBpZ1YLGeLNZnn,iv:j3GV+7O3BnBhmfOHDKUuB7jnJQNk+aAv8yKjkz7yqr0=,tag:YfgUCGGdPlgvNqKt6dlwyw==,type:str] + - ENC[AES256_GCM,data:dsapkfSmkpRm1g==,iv:D6gGSjq33/TYnogtRaRineenmJCn860m6IcEl3MvFhg=,tag:aJtlpVpRXcnOr+PtpM5JuQ==,type:str] + - ENC[AES256_GCM,data:RLL/JbjqN6YslbuK7A==,iv:2td2l+KfiNkKLp7sn9oL6jFM8Dgo6mhGoquVP2ArLQk=,tag:5oPSjHDvmD70Vin4AvTRqg==,type:str] + - ENC[AES256_GCM,data:Qvlyowk0cSxEqhIZ,iv:GcrVb4nohEg/9L7g1BhdBaFvpWypIGDOnEEsL2R2UYE=,tag:RMN6bYiToDamWbBzkxMfaQ==,type:str] + - ENC[AES256_GCM,data:K/ZqfyFclFIYJw==,iv:GudYQ6bFjaG6pVAWsJZ5iCDHOFuIA6tyLShfCG4TnP4=,tag:oadpE/yNvInj11ZXfua3tQ==,type:str] + - ENC[AES256_GCM,data:E+jT7PdftMrxD97edd8=,iv:va4/MmEYskClqnuNnNSjmR7qX5IwK1gBc6bQix7RXmQ=,tag:bALONPl5X91ifFYrVAobEA==,type:str] + - ENC[AES256_GCM,data:mGIMT0j6mO6ENpNsUw==,iv:FqmtELQHscjaFasYoGTH4EW7wpu73TlG7fNWimJDaeY=,tag:sNhrqILLGmU9Kgh9yi5Gyg==,type:str] + - ENC[AES256_GCM,data:Vhqyq21wgsm+QmcOGw==,iv:Kz0vNMD/e5kpm2cYB5kaosqokbzKyp6c48QE+AbyFC8=,tag:HbuUy7wVSwLvDhDbj9Xq9g==,type:str] + - ENC[AES256_GCM,data:vmav8UBPIZ7sMWU=,iv:b8tCgJhLHmJdOGhriKwCEzSZsc8ykEnvv5lv5yeVRfQ=,tag:iSplARy8VW689keeJIqTRA==,type:str] + - ENC[AES256_GCM,data:V6RXld17gsMfo1Xa,iv:WWE5fFThmhh9/p7p3VAyqNLgCdHmN4agb4HFwz8BLN8=,tag:6uhloTkrI/AkNW9yeX4ofw==,type:str] + - ENC[AES256_GCM,data:keSmJ/hG307QcnDN3No=,iv:Pd/LsgXkRPihSbnohMWAMnlk5NH+A+q2JSV1wPnRwaI=,tag:O5Y+lC/ES9IUlwO0Eq7nIg==,type:str] + - ENC[AES256_GCM,data:jxhSRTukKWXavfuu,iv:esIn7LAfo8MF4AtOtHf2esfXtaKAavlnm7NpstH/hYc=,tag:ZwLxqgfXOubix6gvu8XSUw==,type:str] + - ENC[AES256_GCM,data:NexxW7xWx/I2mHVuzA==,iv:ORKdwsXqE3fwLhfFoEuOtT+HI3c1kWgap7r8omD7K9c=,tag:v0pmopJDh9qQcQbNB/uCLQ==,type:str] + - ENC[AES256_GCM,data:LxrX1GvdCUHZvuzv1g==,iv:lyhEAiP6vTWVqGRiJlQU0dVPcjHPRe4m4kPN6y1ZQLc=,tag:gh6CoyOoG8kjtxw4smrbOQ==,type:str] + - ENC[AES256_GCM,data:/fUlZpNNdASC42XXhw==,iv:h47ju3jdOaedup0ab5jZ+nJadesOgh0q4y3FuPGk/50=,tag:sveXCT3bn7uWz9NLPuJbDg==,type:str] + - ENC[AES256_GCM,data:sxTs6NgMXU6O4w==,iv:7AySeaupd75yPF+Q7wi6hABaHNcnuVH1tsFLMceV6pA=,tag:8tAbHT+b0cEV7b7+JQGuQw==,type:str] + - ENC[AES256_GCM,data:XWNJkzVXucxca9mIpRxqTbY=,iv:WOGyHlMyw7qNPBljihUUZJDloTxUiT99qHhfjx9Nm7c=,tag:oNdaPqEAJKH1lcv0Fv2w6A==,type:str] + - ENC[AES256_GCM,data:4kEeoxtjgQr/SXgpHDUB,iv:IRQvWxU3Q/Fr1BwkH1SOdOAHpmdmdKhCQ1fKqTA6gbo=,tag:om50tgApRUyWhxcbPMh/mA==,type:str] + - ENC[AES256_GCM,data:WbHS27QCEdD1IBTL,iv:YlKCJBhfveSURR4EFxheI67W/f6fiUUXG0DD32SwNpc=,tag:luPqTCUugZpfR4KX/8tabQ==,type:str] + - ENC[AES256_GCM,data:hxm8EeAL04UDYoCLYA==,iv:cSaNVDd2817702Hcdi9lUUcgtbCYAPZYgHX8NfY2wiw=,tag:fkNtK4U1gWGGIIPcbG1ZPg==,type:str] + - ENC[AES256_GCM,data:rtSMratsAC81bHhz,iv:0qGRZ1l0e0fPAjF83FuYVsHDL7to/Lcthg8R3NUZpEM=,tag:oHVvksCKKb1drLoiPBl+/Q==,type:str] + - ENC[AES256_GCM,data:aV5h8e2UfF6DfUUPf0W6lKU=,iv:cV+iMXtSoz+NHkRNKXekQ7Odv7ZhWwnJ4sthbplla78=,tag:3TFY7XMMfJt73mIlh45cTw==,type:str] + - ENC[AES256_GCM,data:7PkEVLJXUldMKxbc8Ic=,iv:Wu4N66w1+92XDS1w76CtpsbSaNAPXd7afYmcWtRnfdg=,tag:9KkjvkBpEivHp2dOX2mhbQ==,type:str] + - ENC[AES256_GCM,data:s4tQZq+HPoNZ1vaEbQ==,iv:k74vw1tp0xtHmm95U7zjOWHsVopXMvBorjFiX8Uu2Oo=,tag:a/reSdWDayu0AO+8HJKFHA==,type:str] + - ENC[AES256_GCM,data:hToj2ZgbxzaCex8=,iv:8+qOYksQiagX8eZMLPsmGiMR5QbzjvfwtTHsQ2/eUc4=,tag:YyCmdAsRQEmyg19pmuAKhg==,type:str] + - ENC[AES256_GCM,data:aT6w7fCRuc3/6Z3D,iv:yTwjxJYVRWvFKAYY8rxbRXNSBtns+rc9XKLj1F54eAE=,tag:bELNZ9lwwyR0efUGGGshfw==,type:str] + - ENC[AES256_GCM,data:kbyZeffrblMtXvaQQS0=,iv:9ztDMEC8/MfCDXlKdbZJ7uNdjKjT0+BN54kq8xQslaE=,tag:yaOQnriEvxx7ZIFcDh0PLg==,type:str] + - ENC[AES256_GCM,data:viAU+jNPTp6ixJgP0oU=,iv:ALkGKXj4/W6G2E4AGxz/rJFarhnVyAfOjhKmb8O2pYY=,tag:uCOOM1IZ+fWicxWUOyPpZA==,type:str] + - ENC[AES256_GCM,data:QNOk7MmjxZgM,iv:/zsPAUWwXXf6nsd88ROqptw80z0Wt8BwBkZP20XjlOs=,tag:UzMUyM5rxrrm04fvg2YpGw==,type:str] + - ENC[AES256_GCM,data:Y1/LCQAOWSh/xH4=,iv:X6XwUc6505TuPvtAEpehIq+C7/xjS8Dhek+w9IzMl7M=,tag:bijR1QBPycinvH6ryuzmug==,type:str] + - ENC[AES256_GCM,data:2R9NeiQR0uT/q7U9,iv:MfW+hgWzkP1hsANBy22JzzfNLoDW/JTanqkuN0+ggwY=,tag:7WtkjHkRqVkLrmQwzav3lA==,type:str] + - ENC[AES256_GCM,data:br/eSeDin5a4B0jp,iv:ibG2aW6tiNVtBSZcwkhmAXhT21ljz+lx8tDkWYTBV4M=,tag:qDFZl7H5ru/TdNaTiy0aLg==,type:str] + - ENC[AES256_GCM,data:JSLRTBIbczB0cNG6I0nJSoTRW7w=,iv:anlJD0zlHmAq4mXTJagu/7jYntBfQsg1F6yPR3ESX+U=,tag:mXiK4ziQR8XQJX0WcetQUg==,type:str] + - ENC[AES256_GCM,data:XCyokYjpVff8G2tt1A==,iv:PHlDiXY/08c2NsJEPxvFnz2dhDjKRvZIWh3qch5aHXU=,tag:sp1CeMde9MMYxAmdovn72Q==,type:str] + - ENC[AES256_GCM,data:t0nDVQ6OrPkdgXM=,iv:XqhWKo2LCubRgzzt1DMxPAq7Ae20lQw0Hoi+Bo/6VJA=,tag:I4uY/WBfZzDS6l5jULQWpQ==,type:str] + - ENC[AES256_GCM,data:/f8SaLZs,iv:jHITj8UrCLZWChuN1IUQisRVNCuTPUI8sbJLGGihRZk=,tag:iF8SsCx4E7Wi0tWxeOhLiQ==,type:str] + - ENC[AES256_GCM,data:JfIO/To73DpgWA==,iv:YICDHUmHlIcHg1nahNbHGHOBiYsqnfAEa0pwsEsslIE=,tag:F2k2LUstTFmA9sXfQst3Nw==,type:str] + - ENC[AES256_GCM,data:f+oYCJOhu66k3tEZjWVv,iv:/hRivPgUlHEjXRM0AKeSttKbnhJ4/q3HQb8KGZNDwog=,tag:ye2bFjS6oWwM1O9s05Ugzg==,type:str] + - ENC[AES256_GCM,data:f/QU0bqaLdHPzIM=,iv:8fbkfWVrJLvG0Ob1kNzI3UAuP+b6M6yxtQiq9/NAR6U=,tag:KG0xDFr/xN14iEC0Ygdhbw==,type:str] + - ENC[AES256_GCM,data:uh5BRCXdRvvS6RGpgw==,iv:LbfH/GFMMXXxmBmeahOX7gxfYwbwgEufCHyfIFsgYLk=,tag:UcVuhbWqgQItNS4jwWHTLw==,type:str] + - ENC[AES256_GCM,data:kZLpEV5DNXxY2HM=,iv:hl+7p+F38aec43U2PDwnvP0Fli7xvK5hijCD9O+jSiE=,tag:NWVfvhxf3s/H3fCil756wQ==,type:str] + - ENC[AES256_GCM,data:s+8YBnRwcAStkQ==,iv:xYQ+DAbrz5b4lXiNxL8Af70fYZ8Il/Yqf8rNrYsYPfk=,tag:AqwYe8GQP8D7ZkoRpqPs7g==,type:str] + - ENC[AES256_GCM,data:1bfZgiFrFPOpHZe8kU5AwNWP,iv:bO0QYR8eQXcsYhCn1yrDI6Qg98nlnkhq+I+PdD8mqPQ=,tag:LjKSgE1cqFX2Qm8wplveBg==,type:str] + - ENC[AES256_GCM,data:aF9vAeEqoP0CAUwCDXM=,iv:+S/4Jnc5scTtMW8K749wUO/aGXyhdokcV4V+75iGT3M=,tag:FCvj8xxg39Rnf3l+pP70kQ==,type:str] + - ENC[AES256_GCM,data:0JlVRWxh4FvrWg2hIQ==,iv:zsRkoJ9pfnhpteUJ6TKASpovAB/3rKf6Suhvxgi8VyM=,tag:IQkm90yWC+4y9AXOSNNaZA==,type:str] + - ENC[AES256_GCM,data:ai1xkRprUcTFjg==,iv:nsCL8FCPjmnif2Cly7amHKCReFU5Wtds69USHZ3GuoU=,tag:zeZxzqnxFC38BdUohYL2xw==,type:str] + - ENC[AES256_GCM,data:EbHDhw9u58a1,iv:VxMhfpA/qW20zA1dT7a5ZznyjKuS+iUTdkyam0W03aM=,tag:gotHUpIezKp4RnVwTn0awA==,type:str] + - ENC[AES256_GCM,data:VmVPTtHurLgdN1PTVFsmdBrFRQ==,iv:H5nuqEIeTMD0yYnBHT7lqpjRS0kf2VGHanwbhpEW1iU=,tag:1Owtyuigad1vclYsuYBZ6g==,type:str] + - ENC[AES256_GCM,data:ajbr1CRKEeQ1rU5OSQoI,iv:LdOm8GL/XAC4mkpKjXzRsvh9Xqf5I0aSZz03n/7lUas=,tag:Gi94O2TwaGWw8E1PpqKF1g==,type:str] + - ENC[AES256_GCM,data:yMKsbeG6NBOG7nNee1tT4L0Z,iv:A28aFg6W4Wqh/fYo/3ZJA49Q2wYHKEsdUWQ+x2XHRJc=,tag:kY/m2s7ffWHcJGOClXDJSA==,type:str] + - ENC[AES256_GCM,data:Io5eJ6YywBV/Bd4C559d,iv:hcu70/olZFk8CRzjofjs7dIE6+y/R0jzKsoCuyiYCUY=,tag:iZVJBfcjh518LwUkY/a09g==,type:str] + - ENC[AES256_GCM,data:YJMtj7BPGPbqeQPwekxNrg==,iv:gbpR1JnrRM3QfxxlrMBNORSrmx/0o45P3yMPoEuYYio=,tag:WSrKpBD2gBzsHZxmFsHuvA==,type:str] + - ENC[AES256_GCM,data:lOxdID3GDVfr1bRw,iv:05j2eoty1PLN5jNlglcAR52nDk/0mAgrZaev/N+6S9g=,tag:ahgB8OGmEELZPHqK5KnIQQ==,type:str] + - ENC[AES256_GCM,data:Gis1qwB3LeGIOQ==,iv:cCK3ZJNPxegUTTD1o2c7IjeqelFT1X23tI3O7uabHTo=,tag:qlQIC3fRRimvCIkFq5gDkQ==,type:str] + - ENC[AES256_GCM,data:v4pKeSDDuHpp3xY=,iv:CAr/3quyZ1sOe9pG94qQOzIHb184HH5P2305fNvWwSk=,tag:uBndzTN1nEHUlnSIoPhHpA==,type:str] + - ENC[AES256_GCM,data:2AewBIBC0oPoQnf5zhc=,iv:DjatXcvYe082rVxDCDZDb9XmdN4wFgqiusfdGR++o00=,tag:wcZ9ZqTi5/jU3vbc9KXplQ==,type:str] + - ENC[AES256_GCM,data:PFGcKKVYnF2tbkA=,iv:mdB5bJAQQDILNH7STTDOD26jmIbNKV91raRFq42nhF0=,tag:gGfNnfrKh1f+dpZrSkTzbg==,type:str] + - ENC[AES256_GCM,data:/SlQF4xqK6LsGa2AuQ==,iv:nGJCWxRmFqDVIM83qHXiPQ6ukloeEYwMMHcpE9S6tRI=,tag:sH4HhKKhowBStR1atomRyA==,type:str] + - ENC[AES256_GCM,data:cD98dq8EFJpRHpw=,iv:e72uJQ1Xty8HUxIOuyvDhulE8EpKRYgyx6QqsTCtI/M=,tag:KYPnO/GmHg68dFHl6C8aGA==,type:str] + - ENC[AES256_GCM,data:n29Cmh97H4lVk8sb,iv:rugEf+U3OuOACgnt35s/VxDFhxMojAnP4keVHWhL9Mk=,tag:qJkB7y1H2eBqk5ab2yjpNw==,type:str] + - ENC[AES256_GCM,data:YVAgytpvK6QylmIg,iv:Kyp46npJLorR3kLzeTklPDGZn3hvPt99JSrgPkC2c2E=,tag:ow51wb3XaCeTzGNevDrcww==,type:str] + - ENC[AES256_GCM,data:McVHIqQlo9A3Ijs4,iv:9aoYJrKv4eb6T3NMAcreY5WLqbYe4q2LZgJZPq3P3AI=,tag:nqlfqdepk1MYiYLrb/s8eQ==,type:str] + - ENC[AES256_GCM,data:XJxDjdyUSw==,iv:iLnVxpFvSqhDPF68xVcgZp2Es2jebK3WrOuFQZP1fEc=,tag:MGLdzU4GrjAZiC2Oli6k5g==,type:str] + - ENC[AES256_GCM,data:KbIHO/uB0+9pqOWG4js=,iv:FVGpcG8zZa9x0wMwpCY6Xx1dbNf/aVShcvTm6XXc3G8=,tag:GVQ8WNHxS6/b/O10eruZSQ==,type:str] + - ENC[AES256_GCM,data:bbsxFs5f4hiW,iv:LdghgwGcnr0PhsfRWO1gi0pkklOlje/M78wR9xQ8y3o=,tag:Z0LK79cNe/G7nBfoaAI/uw==,type:str] + - ENC[AES256_GCM,data:l3KbkrtBJTA=,iv:/WCc5okxTr6aOraNNR06nyHY6W0reddku2kGBTVNbIk=,tag:FRJYpwU567+TyuT82DX4Uw==,type:str] + - ENC[AES256_GCM,data:fVq8PlqBmNhN9WgOIPw=,iv:2VFN4ZqNYQApFBs54i238bAG5BIZdiuwP4pxnevxkzw=,tag:VhMmjGUSx+3EIZxi31psJQ==,type:str] + - ENC[AES256_GCM,data:Iql/HI7H9zUg3zDF,iv:WPaMLRhJRRQ/MKEEeWCW8n36w5QWY58gnasqc1tOLkc=,tag:kAyOVSFNXJLb11iAR0LbfQ==,type:str] + - ENC[AES256_GCM,data:ZewSiSZSHNi22B9i,iv:QHLfg2YjBbkI7r48Zu6eFL1cPOof/pE5Udd0i98Sxm8=,tag:wLPJyEQmqz6xN030J9c6Xw==,type:str] + - ENC[AES256_GCM,data:LNTdlaOhoe/vllPR,iv:sivRtX6+/z7CaUlNXce9q1YNGUVd+IAnWTi1fg95AHw=,tag:aPpxtn6cxIwdTva/qdKIpQ==,type:str] + - ENC[AES256_GCM,data:n1wzOReqg1ub/Q==,iv:w8FLXXI2YubEAZOFcs3b5lyOuEg1xn63xtlUVB2a5oE=,tag:61JJdUpaSfnFIuPq/E2y8Q==,type:str] + - ENC[AES256_GCM,data:4eqKmxHt3Z8ar8+p,iv:rUv3iYln/gAPa9xgTIrSzFjyvpIo2u1+t2C8d3c7SSQ=,tag:Il8MsYbqepxsbI2UqA7sUQ==,type:str] + - ENC[AES256_GCM,data:/cYPilCFDMQsy4Hxfw==,iv:aiY6eDkC5SH4gcOiaY8xTg8EUoA0CBZDegqunKsH2B8=,tag:1MJDae2/Q7Z1P0jJWlRqYw==,type:str] + - ENC[AES256_GCM,data:q+BUbVVDp0IK,iv:Ssgcm19igxCA+/ogWeU/QoJqTgiLsB3BBqJ8sZYK560=,tag:2/wsnZo2hGYZArcv5wy/eA==,type:str] + - ENC[AES256_GCM,data:31F9FA1fMFkt8kjn,iv:MJ6hHK9qgyQZvrvwuCeDKIDRahnyxD0cIZ9wZ4Tlu5A=,tag:ZksN6ZZdNgcCODkUrJfnWw==,type:str] + - ENC[AES256_GCM,data:5VNMRTDY,iv:B0Zthr0WU9yGYG1aLFcUO+P+4fKEon0r5f2nnNVAFT0=,tag:DFlSSZl4oXn1l5zfQYB77g==,type:str] + - ENC[AES256_GCM,data:+R/FRnksM+oRnkxKxw==,iv:aL4G6+8VaOMm+vwCRhFwIfs/GSdtt9LKGINM4U0mbVk=,tag:I+iUN5mYv5KRD8QAVKuf3Q==,type:str] + - ENC[AES256_GCM,data:IXchhqFz/bUBoJ692IpU214=,iv:BJEdFfMIW7u1I8+eyWnExCL+su1NNY8JVXsrSWVK8LU=,tag:4Lx0FBOwYpwR3+eEhrbEAw==,type:str] + - ENC[AES256_GCM,data:Po+C+BeOwKI=,iv:z7BzwpUy/vK1BO/huJtZHjItihcVCTF3L08Df+Epw9g=,tag:TaWxxyJqY1QGXWpQe30LvQ==,type:str] + - ENC[AES256_GCM,data:12W16zxwIoicxyA1,iv:7jCvFfKhEndRlu6CmcUn8l3kins0ibedaqgZGkqYb+g=,tag:mGjtt7GVxXxF16wPjMSlAw==,type:str] + - ENC[AES256_GCM,data:8QLbgKAXTY8=,iv:38kA5pkdzvKdUfBH5BlJwU1sF4CyaCgchgUX5eYNzuE=,tag:jWXOjXmk6QMzInS+6qVWqQ==,type:str] + - ENC[AES256_GCM,data:TDMeKtJzf5GQ,iv:6cC8Qm0RId6UMaNL9oeMDcECXMNySsHz6BtF1MX1+6A=,tag:/3bOvNUauXmHM2ZzlzK0Uw==,type:str] + - ENC[AES256_GCM,data:5lJhrll+6y0=,iv:TK5Ou6OMKa9nsrYv0RgFvlWUZW5L85svGijU0fkSAS8=,tag:Z76WXAYIqCeKEize4lKmlg==,type:str] + - ENC[AES256_GCM,data:qfcRvuwlDCXi,iv:8JBZPlP2y2IIdHGVOweZeFBRu34+tFoOf7uINjneomA=,tag:IKfQpuxfLHEdIBfBUr3PQw==,type:str] + - ENC[AES256_GCM,data:yDz+vw3eWypraAcpYA==,iv:Ox6sZ01DDWuH0FexC9T5BwpSa7oJ122DP/RpwizYjn8=,tag:wRl4THaRTI+/DgrsIJYKFg==,type:str] + - ENC[AES256_GCM,data:+xzMUkGvSzA3zRM=,iv:oX+U+MwZZ4d8Kp7c6hLM72i8ay2Psvg/jUUXO0dKXjw=,tag:Q7xmYG9/C7hH2AxTk6jwMQ==,type:str] + - ENC[AES256_GCM,data:zznR5fm+uGYIy+qpdRJg,iv:SHwbcNXkRk47wsioo/xip4hEw/39Ja03H6OST+t5fuc=,tag:acELqqefoIh7RQd/Snmr6A==,type:str] + - ENC[AES256_GCM,data:nbwfcQxDuko+qLis9g==,iv:WjEQyR0EExqD1DqzEMwk84S8LhJzUPa0trjLA7fLMOU=,tag:IX8gTfxzXmtNg4LUtoybFA==,type:str] + - ENC[AES256_GCM,data:rTi0DawoXbqKFdr0,iv:baBbxuGfqgQBpEpPmfSUiMuknNN/HAeU7bjdrh/q50I=,tag:pLWtGbGyNj2E8FIaJa3cDQ==,type:str] + - ENC[AES256_GCM,data:7oblqEfN1XKt6flNDg==,iv:1k8W3gXzk8RjCtopFS5NZt2P972E29PrEFjCnj+qgBs=,tag:gCSZnLIKrqY3m1UyYisSNQ==,type:str] + - ENC[AES256_GCM,data:oROT2bCS5goElA==,iv:4qFeKui16DS34tYHAN/nmXJu32NzPGAkeOw2krf9fyY=,tag:cH6jvre4yuzee1JIit3YDA==,type:str] + - ENC[AES256_GCM,data:smxGsZyAtt3D1fGXVvEl,iv:p/8SGWM+Aj13f+PsBbPNTTwfvvT3FdY/iOQ5SMbJL+8=,tag:XB/tfxkcX1IStVHmvwQLaQ==,type:str] + - ENC[AES256_GCM,data:yrn8wk74bpknep49,iv:njl7nZbcKl4U+iWCgs8k1G1ztuPgdP7W1YQujqy2cHI=,tag:pfSV+Dk+Hmmn9RHnJYwu0w==,type:str] + - ENC[AES256_GCM,data:HKihNwBvQ2U1gofdeb0=,iv:hp945zlP1NN4OyNA8fDP+XV+V7JtmNezDdTenM+H9ao=,tag:3DrkYrUF3h7JKb5wqUhnZA==,type:str] + - ENC[AES256_GCM,data:0A8AO9ByzNNo/KTNdA==,iv:oMN2yA+VZObyRKyW2cJjPu7WRi8SSOTOUOdfUnMe7PY=,tag:YUowCUYMMlF3gh4HA6WSeQ==,type:str] + - ENC[AES256_GCM,data:Qz8D6BDx7tDgMnPw,iv:8j/CigXRaBxujVTPGGJzV1qYIVRTr936RhvdHXu355I=,tag:7zJdNxubltP7GnonOn1jeg==,type:str] + - ENC[AES256_GCM,data:yDNvB79QtvIvOmE=,iv:4l4fUpyGnHv4BemIweKBidoqrpPXQ6X/yhyvfFb1sUQ=,tag:PwFeBmaXj0XeOy80Dr0Efg==,type:str] + - ENC[AES256_GCM,data:YrFxTixR2Y/9I0qMZW4=,iv:GvnwOblMI1sq1vEjtNLzUU7RxTpi6gvF4E8P3rJo6Tc=,tag:Do49/Q4LAW4qnckwCmmY7A==,type:str] + - ENC[AES256_GCM,data:T1nEC/ki/G2zvhivjw==,iv:yWBdBg4dSDvIEnj9YK+ZcklyjPxdL+vGHTZ1d9mjnE4=,tag:uBljwhVfYoHRlyxAuKUX8w==,type:str] + - ENC[AES256_GCM,data:foPLeMlYyR+ucREBMPc=,iv:o2MWn9r2ZtGbX6HdnVMq45q2BZz+9YLczh37bFSf1/w=,tag:/My3o55bvg68yRD8v2dZuQ==,type:str] + - ENC[AES256_GCM,data:DNsS0Aw7frUp,iv:icdkVd+dmQfWN3WkjxoA/84QNRXQW78gE0v85a1DfbA=,tag:WnxxoPpR+4BQAyGSIQu/9g==,type:str] + - ENC[AES256_GCM,data:XWrRS6u9S/+Cng==,iv:QD4XGQkNh0BynFgpgI3irJA4aezF7YGd9Gy3eS0VUNM=,tag:suyhWdpToep7/XcaXDaDAg==,type:str] + - ENC[AES256_GCM,data:Cq42miSG5g==,iv:7RcbFcWhhsLzTpx5Di4IB/8niXW1uw4BUe4Pnv/PCwQ=,tag:HJ+BfmLkLVamKiF6LRNYWg==,type:str] + - ENC[AES256_GCM,data:vUC+DP82BFq53EuqhxtuT5Sc1Q==,iv:L9KBzaBIqqwitvqkZ1QPIxYPo0eMYAd7pvhqbiyQU6c=,tag:ZXyOTW2k7WIbo9FBiuoV+Q==,type:str] + - ENC[AES256_GCM,data:P4ZqOy9Pv0cZ,iv:tm4QXPTEQl5u/D+vnERRCHmvc6YEBJJm9Jn0J63/jrQ=,tag:/hEWXVygB0jGOxyn7nmqyQ==,type:str] + - ENC[AES256_GCM,data:EJRUv5cm0vAU,iv:zIUwGXH6tSe4m7YNBpT7rOLj0uqd+IdCHdSrIv8BtM4=,tag:HXJvyerZI9vAkD1DidK6LA==,type:str] + - ENC[AES256_GCM,data:j4O55XUXqRMU,iv:jEYprfnzhjFh67wDyhLclJECcS3DC2s8vuXb2F/5zBg=,tag:Eca4nYokpERgghkcOsfRCw==,type:str] + - ENC[AES256_GCM,data:uKwyw5Pjryq87NA=,iv:uYKU9U1cGZNbuQo60hn/oV6q3dFi3HPVO/QyIUzgENc=,tag:hSI+cLTCR04nUbGolPAmPw==,type:str] + - ENC[AES256_GCM,data:HZ9VCHJpqQBDoKw=,iv:NhwbMUM6ITHCKo+M14M9n5cSTuHlETkNZnV8Oa5niB4=,tag:zd4sbetD80QUGDkqgEUnxQ==,type:str] + - ENC[AES256_GCM,data:+O9vHCHkRJp/NpmmeA==,iv:o7MX9RhALYkVuSpuJnFmMpWj2W4cJcg36ViTscdzUUY=,tag:Rc575QUWxsBL12Dc/qaitw==,type:str] + - ENC[AES256_GCM,data:dm11kwsJasVlXdY=,iv:vKlomRixD8lXkE8XRkCDDLxzCI3uZB575k+AsUu76Zo=,tag:wmyR2cOkxJfiN+kTwqcY5g==,type:str] + - ENC[AES256_GCM,data:JMal487zTTKZXQ==,iv:RUG/H5N7sSsMzBqN7mgvXw02cCoAzPvSS5mlV+kp5Us=,tag:WGYNs1SHBMaybmmxnCym6g==,type:str] + - ENC[AES256_GCM,data:7yo0RsYcF8MgEa4sGFgI,iv:lVRGjV5id86xjwoZcAqONrew6q/cvPctBwyFFQZjCMk=,tag:j4Lx7FIhgFxz3Ex/+mkKZg==,type:str] + - ENC[AES256_GCM,data:kol+2jTjvFR6bOM=,iv:mDy3FgT18CaYZ4z9M+vFvCVlzrpWP6AnqyEFvnjop2I=,tag:gIrZI1//oHN/3Dg5l0A3iA==,type:str] + - ENC[AES256_GCM,data:omhv6/EjbgQrGA0=,iv:A1cPDeN8M6whEfuK4+CHO8WS3uUTyAgXJpyIxVW9qiw=,tag:H3WBypJrdd9uPgG7rXIatg==,type:str] + - ENC[AES256_GCM,data:nfcX+xeXeZtFiuuDbfNeQA==,iv:ps+VCyGwOVicDrIDQCrforphty0j4wgTJqpF/C19LBE=,tag:g3Oe6q0tsLJ8FnBz3Imafg==,type:str] + - ENC[AES256_GCM,data:Y4bk9VYDWgEYxXRpaZJQ,iv:NDegd+rcXnxjeUe4CKCXxa01rg1oYkyyoVFsHtBnuQ8=,tag:NaSrotsEh1mddiz8j+Ujqg==,type:str] + - ENC[AES256_GCM,data:Q6aSesapkJhqekViZ6Q=,iv:bZbfE1b3M69cH9KkXjOePcU0YVAq+CZeVzMJQEPeDe8=,tag:SRxyVT7H8vkynHpxBJNaUQ==,type:str] + - ENC[AES256_GCM,data:jwZvKlZDBD6ljjAUOA==,iv:8m67ps7NdG1eL2fIBr+LQV68mcmCdRJu26+g/06WMkc=,tag:HHcF8Owe9pmx8GN8eo/M9Q==,type:str] + - ENC[AES256_GCM,data:rGoY4+OyQoY=,iv:n3yVB1UlG86pzs22ZwCIhMKeN+fOQTdxWx9OcB8XOwo=,tag:lYBm4Y/LWzZJeTOS2lT5DQ==,type:str] + - ENC[AES256_GCM,data:5zJQoWu/aYsveCA=,iv:8VZxEtSLubV/IeQjL+AKoZxjEDLnHdMAsrd4tkQmLkg=,tag:1lfqakwOVUMwDD/RNSqTVA==,type:str] + - ENC[AES256_GCM,data:TgIQq4CAoQaRmTGE,iv:Z25pgWRiFXVMrIvxAc1nJhk54J0wxPcFaNxv4an5kOc=,tag:O0FJnTRpfXd7H2GayKf9MA==,type:str] + - ENC[AES256_GCM,data:SdgcjbpXJwqGxo8=,iv:MQxITiKHYpGpPfRPbYz18vH65Uq/c7K5WOizBZ8+9Pg=,tag:PycwCJI+jelv/gUmM5NHtA==,type:str] + - ENC[AES256_GCM,data:31014MFqpShJ,iv:Eea7ShtbxcZl6Cp3eStYVukJHBjSS2D1Ed/4NEqqnPc=,tag:RBDRzBQnceCexL1S7FWZfg==,type:str] + - ENC[AES256_GCM,data:JlK8TsQQcJtbiGBOlutnOQ==,iv:cwJgrBJul7OD4qPSCwwR5CuAjqZHIfAG7KntdVHmxxU=,tag:G/H7LdjYEUTT1ODvnRD/Nw==,type:str] + - ENC[AES256_GCM,data:wnhrZS8HDc60wtE=,iv:JDkAMcfmxtt4sLzRDq3F7dN3XTnWdfkvENOxmPfVVeU=,tag:JbeO2Lp5Jw6i9icfdu+WiA==,type:str] + - ENC[AES256_GCM,data:ubBQ3ZvpW9IWZ1iKQaDzPg==,iv:hTkkW1ORlBu8V+0nrzCeSnCFo1rTdIL+xA4uyUqTIXs=,tag:HTaqlxTExWjh3XgGnUa3GA==,type:str] + - ENC[AES256_GCM,data:YzFErSXx5OUg3DuNej79wRWvJw==,iv:OJ5Usgj0xpDKZEZYl0jukknaCsN/zlejUafuGxtotbc=,tag:Qm4moJLrKzv8aG3ve2BASw==,type:str] + - ENC[AES256_GCM,data:NUaMkOVxuEF3jrQC3g==,iv:I65zF5sheWrqgYyHzRYBJ6C3Tc8Iz6A/wluTYhcbQPw=,tag:nYPACzyLpkOdAWk2Vl+bOg==,type:str] + - ENC[AES256_GCM,data:k/3wxS4sYoTPeg==,iv:6q9LTOC/RgwneY6ij7JeouO3Yv5M2T2brAdsh706ckI=,tag:hIjbk3/sdSZ0ZfKZ7RP8vw==,type:str] + - ENC[AES256_GCM,data:3VGFzO8/Shu+bE5KVw==,iv:6puCI/EvDmaHntdMvrtE77YxHxuo4G2BUnbzJLTpfzQ=,tag:+NV2K97YE5W6IugRrbuuOQ==,type:str] + - ENC[AES256_GCM,data:XRZY3RuWydqNOcbRtWOjag==,iv:4N5r8IqbkxgWtMWSuMz1Pakn955pW3qEbAB2Dw0jPKA=,tag:+MlQWGYafcrx9v1tZ0ifoA==,type:str] + - ENC[AES256_GCM,data:oqdnck9Ez5izXMpnw+k=,iv:hoFn1W630zE82xHtub26YLuB9qv56wz3RqiDkikUars=,tag:btdbOnpyZ1YPjVc3ADPwWQ==,type:str] + - ENC[AES256_GCM,data:dzz0oCz3vVJqgA==,iv:iE+qj6Cldj2C9O8cRSHMcvjKOjg1MFDqYiPe8lQ9Pi8=,tag:4ESitdls9OT64EQMaFZuiw==,type:str] + - ENC[AES256_GCM,data:hDIllJaVJBWu,iv:DYSl6CciS3tga6bRFn+FMk+UEg5W0IvcFA7yUh5NaFU=,tag:2X9HSC+MW/tDhpZN1JlJcg==,type:str] + - ENC[AES256_GCM,data:kY/tzNjp5U1qwqqZ,iv:wfTpx/XyCIhOuHgqMJUJYQoPmtWfFZHugWADvH4WGrg=,tag:zxInme/wNq9tA5EBgKTdvQ==,type:str] + - ENC[AES256_GCM,data:5K2fOZpbaLf1Bqr/oA==,iv:vcGn7hf9jqxtkPcPu1NWg3wkTy8TI14pJMq6hIlb8eE=,tag:cwuFKL70Uf1J5/BWLymBoQ==,type:str] + - ENC[AES256_GCM,data:ZvoM7V/Bf2nh5Y1A,iv:jZ2DPHVCtzGZfefyBk7BMFsZvkmbRP91PdpldXY1KaE=,tag:4iqxrrS4PMs1Euaa1P4EHw==,type:str] + - ENC[AES256_GCM,data:zhuRRnmRhLs5AX73rQ==,iv:1M8VrDdabu+zi9tDRR7TeHU7l8llGi+1g50CKatcvBI=,tag:QpXzsk7h83t7AhPlgIZaPQ==,type:str] + - ENC[AES256_GCM,data:OgsZbJJIULCW,iv:p5K9mH0xclYlgoM/2Mjgxb+SSRYexnAuV2hXElDkeEg=,tag:H549vy5NwXJRTUOIC6woAQ==,type:str] + - ENC[AES256_GCM,data:7CKVMT7I57Eqo2Y=,iv:QTYpnutktqeQqIeupVdS0Q3e9UTBU+y1/BvaC1CAvkQ=,tag:Wqc7U8p2BwY4ciGPNkQTIA==,type:str] + - ENC[AES256_GCM,data:2zND8aczpNnCCnDoNoFr9Q==,iv:2sJ3aW7hKp95MsVu1Pu0oASiFf6FkeV5kpkFcFT0hKg=,tag:wgK1DYwHZOng3NTe27w85g==,type:str] + - ENC[AES256_GCM,data:NO/hutTSWfaTo6+j4g==,iv:GJyEFtsWI77b19a1B5RyRPAsADUuq6Ax33NuzANUZOI=,tag:TQRZZ4roBXux3cS9HvSYwA==,type:str] + - ENC[AES256_GCM,data:AsA3xSzwK7xsqdBecw==,iv:6/J21LK4BL66NrNZx2iyTFoIW/24MHHe2M74SfbLhMU=,tag:3+9Gs+4wh8SHF4Rl04HZCA==,type:str] + - ENC[AES256_GCM,data:+eIBGlbgCO3OOVQa75sP,iv:TttnutrOBKdAq3947bO8Y20M8i8stKfG3ogx3QPPHVY=,tag:eoAn7NHkEy2GdSiPfQI0lg==,type:str] + - ENC[AES256_GCM,data:9yRDsEEF4XXbM4k=,iv:oAy11K2BjleceZBRAcgGiSFCTBpCuh2WEno24ik+47s=,tag:elX6o6Bw8YIHYzU3GdbZIg==,type:str] + - ENC[AES256_GCM,data:chkAwbTSAAxKrI/UyNs=,iv:/Ub58fzknbM6sidDXCjg1Tm0q9z145UJ3CVa8pr5Ua0=,tag:ZydAxA61c/11nrUfa4B77Q==,type:str] + - ENC[AES256_GCM,data:7HukwIj++xA2bWYLxw==,iv:jc/HhvoBKnVN0hdqinaWAV4iFWOU8Zz9+eGEetYwabo=,tag:S+Jr5VWVzdr/+QQjFA/k0Q==,type:str] + - ENC[AES256_GCM,data:+66EkdtZXZo=,iv:vxcuNeWFjN7y7PkevZMg+AFUQGO+K3hgRmsXacK57+M=,tag:jkj+GwCubIghjlA1V/bIDw==,type:str] + - ENC[AES256_GCM,data:l+VnUArRZA==,iv:KjTisThEEBsK9qzV3MDoHa0z9M7uZsbfye7BHHDicl0=,tag:ycnGEzYyWKxARRl7xSmXRQ==,type:str] + - ENC[AES256_GCM,data:SVpXtlOAD1NdsM8/oyFL5g==,iv:v5XgUZo0zjaEjIX/R0/Rk4u+KB8Q74JgcluLAYKJi/Q=,tag:qLKF35qQt9qWE4QcTVHJMw==,type:str] + - ENC[AES256_GCM,data:9WjJex2iM3H+tQ==,iv:sUIhqRmo4uFkrp+JUwYtyb4S0PdlSnPzOFhwRKY0wX8=,tag:Cy7GZrsONVkEKxZRtRwRLQ==,type:str] + - ENC[AES256_GCM,data:GF/phVp49HwL8e5NGA==,iv:F4yZMhjZzdQV3cN6gi+0G6g1m0qFyauQS9Iqpoi6WM0=,tag:YCLAlYxHU4j0l+r/lTvPCg==,type:str] + - ENC[AES256_GCM,data:ElnBlFIT,iv:goWNMWQpZLQSgA82Cg42XZL/mXMhq59z5NgSNu2M6tg=,tag:oc2ArelKI5rUYJoA/OLYjA==,type:str] + - ENC[AES256_GCM,data:0j/l6Vt1oV95QBgPIw==,iv:mUvAEn62L3pjrHTpJn4Eg2RZF7sgL6vED/JCrydgm6o=,tag:uY2pQi+dtyXVhzV7qZWKkA==,type:str] + - ENC[AES256_GCM,data:TEvZ1Rzxy8Ln6Q7GYg==,iv:ckBqg1qJ8bCoBNNoaNa99kSizvrMTEKUi+RB31pLiXg=,tag:O3m8hrReIbiCebDnrCdPZQ==,type:str] + - ENC[AES256_GCM,data:sLP53B7Z8rrqAz/BouhFzvKwkA==,iv:GAJbFWWJPHYsY5Vf4TCBdhj63gmOKroYNmiNx8tQ5PU=,tag:R0QrWFZGEUzGZZmwCNsmwQ==,type:str] + - ENC[AES256_GCM,data:AQ/MNMnu3zOmGskPdXOSWA==,iv:pX+TBspU6KbwjfOUHtFrRH4kSgPm4nTR/GmOwV6NaEk=,tag:ktrHpAQBZJ7EkeR/UhtgEQ==,type:str] + - ENC[AES256_GCM,data:bX1gQyVAf54+,iv:MkBucMCQqp9n5DKJqQhjEgDG3FI4g1AJpR1HgTdKGyw=,tag:+5x7zia/GiEkOc3ngcOwaQ==,type:str] + - ENC[AES256_GCM,data:hVvEvXiuiuRVWKyc,iv:S2GQ5mjxCDabC8CpCxSt3CBfXOFUoVLQmi/nA29naKQ=,tag:plMypFRBjcCCClb0XybVng==,type:str] + - ENC[AES256_GCM,data:/fUx1hQrLWvCtLY=,iv:8ExMPEE5bKMfHzBYOu60gtCIHM1TC153MAxcZG7nW54=,tag:ju3yuku0AW4LCplnu4wn5Q==,type:str] + - ENC[AES256_GCM,data:fotCtQ6VETFnoubgsA==,iv:PZRfLY48M9P9JCkBfNj129dUdL6ses140XIUkURS4cA=,tag:COzj5f2II0tdwHza9fHBLw==,type:str] + - ENC[AES256_GCM,data:mV8UH2HwikUR/+RCbt4=,iv:KB1nWJmRM12oFXXUv03hbO9amw+mR3y92q7DeyhkDcQ=,tag:RgFwCeW4+aMzp4QRxGY3Fg==,type:str] + - ENC[AES256_GCM,data:l5WxgYJit3czHpTZuR1h2tPH,iv:LkuMKrOTLlIN9Gtyw+v0BtacrHBy2uleSumQyWgyFug=,tag:10a75HpOUrDlyN6phbxpDg==,type:str] + - ENC[AES256_GCM,data:08HVtuLke1S0IePN,iv:7FdiP0fWupGVYAvSztqxGEwSf0bSxFMfN0LavsDJfAA=,tag:ucYgrMCL8kNRUSZ/kvSY3Q==,type:str] + - ENC[AES256_GCM,data:f9ayJwx6kPY2Zg==,iv:l4mOAleckHFePLqUFhLX9cV+7Q7iaI9Wfl3u6hVwaWs=,tag:m54j7l/TVacXOeQdXm57eg==,type:str] + - ENC[AES256_GCM,data:XETITGfeaw==,iv:0Zn5C6t4t0/HUkL0W0xP8tUakqpSo/qfiqP3DedNmsk=,tag:HoRv3Puewk1FoyWZ/97AIg==,type:str] + - ENC[AES256_GCM,data:eRYh6S/Czfynk98=,iv:lmhxlARHSwQLXJydXfdxLQjjcL1YbBL2aocengThbIQ=,tag:dmMQ5ysvrNbDB/s0PF4Yjw==,type:str] + - ENC[AES256_GCM,data:RX8Y0KX4IXvc4II=,iv:5jRbtstqUykYY3HW80Fq+Y9KlCWp719JQkO+XO4ecEU=,tag:i69Nh1Pt7xQsY8xIqVS3/w==,type:str] + - ENC[AES256_GCM,data:7VdZtiEweE7AMf4=,iv:qq3dy3XJYjh1GP3HZmet1fbbWoynKhn22r3PK0g6OPc=,tag:NIwUD1NRiHnFSFrkOPfpQw==,type:str] + - ENC[AES256_GCM,data:3+rkH0eofKTHuODd9UROtw==,iv:n0i2MBkBGPYssIAisHjBTUkPgIsqvIbtDJ/VEcCqKtc=,tag:IwnMBv62/RaOa1wEPvNvVw==,type:str] + - ENC[AES256_GCM,data:XNSWtQvLNjKXEIPS5TTNeqg=,iv:MLDIUWGieNLUkYGAbSDlK+RTUmV+ve99+SuIR+URj0c=,tag:BVoZ3kCp/wcC7tBCqPA7eQ==,type:str] + - ENC[AES256_GCM,data:RBXo5gxMmkXRK6nM/w==,iv:hkRWC6Cty0WHhZ+StAe2z3HLixPsq/K85C0dwu9O0sM=,tag:nBettdCFvpG1eRAGzBv6lg==,type:str] + - ENC[AES256_GCM,data:dRFs/G2loCQ5wIl4hQLpjg==,iv:dxumLAoMptii7Vg3Tk7WPwBTHl2eKOliymH1eu2IVls=,tag:OniNEdb2daTc7SU195/JXg==,type:str] + - ENC[AES256_GCM,data:WJ1a0sjnoe9X,iv:UW6GRtVXfA0uqhMhDzwqmHWKkJloaVjypDnDVl7YjQo=,tag:7Z8YlGYTvXgSyhOPUzGphw==,type:str] + - ENC[AES256_GCM,data:cd/wWtR62LthxQ==,iv:KL60xiGKLJDgQg6IIkn5VHVlFtCgzPVeF+1Nw2G8XFg=,tag:SmC3uro1LvbHdSeDJpNqDQ==,type:str] + - ENC[AES256_GCM,data:VXALg6sf0Rm0q2g=,iv:FKNkv7LIbgk1mLD2EkGtr9/7w7WVZZ7+1h/oZ3vc5ww=,tag:iqaQKgA8c7lhXnOTBBvzUg==,type:str] + - ENC[AES256_GCM,data:Cks7ua/ji76eQ+W2Fw==,iv:RKru3ZjYDFF1HrBS0PP//z1pD3zRHKGmWb9KbFbWGRo=,tag:sGwaoA9oB2NB449iK6KpIw==,type:str] + - ENC[AES256_GCM,data:saq9pPQ3RSyljpU=,iv:bsRvFypxPr+KGz/w28EIA3I9HpVAdKb9ePJwI7xHxbo=,tag:KZcoNWkW+3FIPd/miI8t5w==,type:str] + - ENC[AES256_GCM,data:x+IHGoIJFfck,iv:RcmTBdOSldhy8HxeP7kPvLauKKyqIX0Z5KAZzqVTO4c=,tag:WHlL2oelooH31LSw0fLE9g==,type:str] + - ENC[AES256_GCM,data:d9SSdyBlr+g=,iv:4xAtuV53KHYxKEQ4iatzb7bnOtSg4DSoJJnausuYvR8=,tag:9I3mtXTA0ujstff5HXtF/Q==,type:str] + - ENC[AES256_GCM,data:klmPIrIbEQ==,iv:zEjDVhkUsbtjj3V9fWkMPTv63+XMbnz/zFNS7aL8X5U=,tag:bp1Hnl4hqG49WOM5HSpNUg==,type:str] + - ENC[AES256_GCM,data:a7zYvZS2sSeVDX5oWJw=,iv:Pp4il+oid3+1d5ZmgQRmbFBnXqMihAPLmPxVt60gl3M=,tag:wtc5mnpdtzaIjIFtxa0AxA==,type:str] + - ENC[AES256_GCM,data:fy+YpIxFEj0g1cvTKA==,iv:izkIz2cj9tze7RHKithMiHbiNRv7ltpSgwyIsO1se5g=,tag:CdOQiyBoPDFv6mSMugJFnA==,type:str] + - ENC[AES256_GCM,data:l3LbDveZq9Bmog==,iv:/4KeJAUVzVnA9gj7EFRvTlfGDygwt+u+cSh/DSiKoKg=,tag:tNBDIapUQKYFCT9k4bqYvQ==,type:str] + - ENC[AES256_GCM,data:cdXM3+opAS8OQw==,iv:2/TCD6J3b+ZrGUi4b88QOx20vq3H57vG/MHoocvLNR0=,tag:tK4FyuX83INy9I+bz/ZeGA==,type:str] + - ENC[AES256_GCM,data:faf31ojgRQ==,iv:ph3zFa1ib4rlk2jyY4tZPn7b/u6nI0h1yTB8K6SNPM4=,tag:Iuviev4n7efWyVHcmsAooA==,type:str] + - ENC[AES256_GCM,data:SBaTqyB8P6h7bIFDuw==,iv:l0/rXtEYHYI8d6ODEQ58cvEziOBfqdwFQ9OGDpnAB88=,tag:4VmxvEs5fESDuqTdlgGZNA==,type:str] + - ENC[AES256_GCM,data:+8e5VnRvdh1WtU5khQ==,iv:0zzjZsvMpNChaW5qTjikbgjPWiaT81yy9HQ0WRSMxwE=,tag:0R1R94NajD6LDBPthIo/jg==,type:str] + - ENC[AES256_GCM,data:JlW30IxbzMiyeFSi,iv:ks1OcmPjqq0TQsz29vqMeS515nS89WLbR4B6zJU2GIY=,tag:Yj4y0Zyp7w8m1XxHtlXR6w==,type:str] + - ENC[AES256_GCM,data:LJoFrS5d3w==,iv:Zyn4lJX4r4mVSrCd3+x7Rs+tM+oxqdoR0yxsu92+uV8=,tag:q0nm+wG10SHx5zXJJKzWyg==,type:str] + - ENC[AES256_GCM,data:sLhfnPtKvISn,iv:0zbRKFie8Npl/QZQoJU4cuWY4aopdCGLfS8830viPc8=,tag:6HX3Cgduo7u8Oj+kvTM7mQ==,type:str] + - ENC[AES256_GCM,data:3OBq0LvUFRlXmuFShiVI,iv:3txqb1Kb2euHYC+5UmNLLC1Lk015I27jZfBowDy+EO8=,tag:c5SopW/9FVTAmwTuPotHAA==,type:str] + - ENC[AES256_GCM,data:BL9JE0/jLqzvTA==,iv:nwLHEaDsmxHwNpgYl1OOpErbQbGX/03SAh4+qIVXWJ0=,tag:tQXCpio7Mqxlow7ESNTaJA==,type:str] + - ENC[AES256_GCM,data:imv2o80pxFntcQ==,iv:usDtBJcOlNoNjtP2MNjvzGA4sdmpX4D/OuQZ6OWkvWU=,tag:7VjkZJbwZRIb/gb43lqB2g==,type:str] + - ENC[AES256_GCM,data:mRc2S6PEPf331w==,iv:STGGQU0iHU6Q/CHBL/Kyy3St4buDWdSupDQxCr6G4zA=,tag:369ZEIk7sswoW/lSKkSFCw==,type:str] + - ENC[AES256_GCM,data:4pTjSMGNIof8LTY=,iv:25j/+gUBqEEDknjQVQHORZ8jkTZ8tpXjTZbXB6jn7sA=,tag:YdoMIuc/b1Aw2uJ4Iry8Kg==,type:str] + - ENC[AES256_GCM,data:Sn2YktfHzq0suA==,iv:AGOX2/NdVR2I9w/DCQvKZ0GX93ZgFbB7CvnAbXb8VGA=,tag:AQKRwNiqMqi/H/RLdMadfw==,type:str] + - ENC[AES256_GCM,data:sfYxjEDr6ct4,iv:+379WOEWGHRqE0tbvZJuQHn/BAZ6gifwMxR+xQcU5vU=,tag:jgD+D4RE/x3rWLLJcVAvXA==,type:str] + - ENC[AES256_GCM,data:tFqqM141wqg84076KQ==,iv:7/gTtWjKHSUmM6qUfX0r6M11Djil5ReHInlkOB6lFyo=,tag:TQ3oHz73hsw2eFdsZdRuQw==,type:str] + - ENC[AES256_GCM,data:TJ5++b5xWIGiui02v+alFcDx,iv:NvqWn796iX3YXPwHQ5aWY6vWMgk72DNEsjGOKa5DiKs=,tag:8Har/9FXERJumijnPSxmMg==,type:str] + - ENC[AES256_GCM,data:+/dv7lgHWpeL+g==,iv:tLYtlrdbLPHWUYCbte42NvVsxQaVvkcxabqShf54+S8=,tag:GVthnOIkEBv0tf8u781e1w==,type:str] + - ENC[AES256_GCM,data:ELsZE5wfdYI460I=,iv:OUs1MWNeSudUAMzxDTb05Iu7WLDtCwnrzOe1saRyNxI=,tag:COnT3e2s82FtCh/ASQo8fA==,type:str] + - ENC[AES256_GCM,data:ZbcKmeoGun5gynBmZnvrYYv8AzJ4sDxqP6jeImdp,iv:1/ZoeMgC2bQ6uL9bKev+35BajROCkJNHfNDLGDRlp9s=,tag:45VYUlT3hSzC7XOFzUs/pg==,type:str] + - ENC[AES256_GCM,data:wNcvWph8/ge+dgpzwLM=,iv:j7XSgC/oX+19BmQSLw7CInXc0A0duQl1gPGCe8RPg1o=,tag:YxlfBOXccRNDxQZh0i6jLQ==,type:str] + - ENC[AES256_GCM,data:Gqqjic7iIsOD54wDCw1KP6hk8fY6gup7cw==,iv:5USHGluDdSxbdr40nwDnwx7ccTvfBq/LVlIoJRWDYLA=,tag:NDFA+WovcYt3M+f8HfNUdA==,type:str] + - ENC[AES256_GCM,data:RjrjLYZ+72GX1h4=,iv:oArXybg3wo6gl4LP78CiRuoRv3PjhwvupLRkP2ubBUc=,tag:XBLgDB2VXiLO93XHS0h4rg==,type:str] + - ENC[AES256_GCM,data:jqZcEu1g,iv:+vYF/SKEfNfYIQxis1PJG3+ma/HX7INUWgzx9DbMQJU=,tag:IZpMDQQl9G8r/od/413gHg==,type:str] + - ENC[AES256_GCM,data:qkMPpjtWi3/VGThh,iv:gW8Bq2wg4BJppFFlDo5NP6CfIg8MTRz+qSyAyjXp6ig=,tag:S2kiSnUW0usz2J8E3IeRpg==,type:str] + - ENC[AES256_GCM,data:9mL9E8zL/38=,iv:5uJF1GTOUx2a2TCGh7Q8VM9RGOTAftsIMPh2P0+V56g=,tag:RNjoEEc9xOVAZ4QI5w3V/Q==,type:str] + - ENC[AES256_GCM,data:mg9Ncc/J73ZPwQ==,iv:HAkORHHEzZrl8/8IRzY2wfd4XEzs3kCtYwm6aRA7000=,tag:Wm7vou9wTV3Fk1w63++0Dg==,type:str] + - ENC[AES256_GCM,data:56GI1GHcZYo=,iv:DJvBPB0g7ybgDertRhcYMKsULXNAtv/doZLCkHH7mfM=,tag:9Sh0esjRFmQuM263b4DSTA==,type:str] + - ENC[AES256_GCM,data:3wxlaAyEwbXRvcpH,iv:Egxl+jtQSUEYDzUsBSi346uxCILjxNZLB2359nuLews=,tag:Uzy07N3cf6MNRJpmTfENjQ==,type:str] + - ENC[AES256_GCM,data:Vk0p8kG0aeA10g==,iv:uT1NAtT/IeZwC+wnCf+kELg3IRecuZhfGpQMQBKd58k=,tag:v767xmesA3/oH+1O5kb1Tg==,type:str] + - ENC[AES256_GCM,data:2r9lloBebY2Grw==,iv:ov51LMtN0Rttt+/zJYztB7zcn6+Y4FOLzVmCfnM/wTA=,tag:eUZCr+0j9NDEVNh1XlxhTg==,type:str] + - ENC[AES256_GCM,data:CDwkWBSZIowfHA==,iv:YjhrNxJjmbQGVX2OH5bujpfV5qIkFxpBHg4E+o+IHVo=,tag:yXSdv11wD5jKgKh9CGu1gw==,type:str] + - ENC[AES256_GCM,data:j4suc9MiJJ7Q,iv:uNdfgWjxpZxYIqhBtdoKeJyxdLI7tbaqMQ74ldDSuOM=,tag:pG0I+DmfPWMoZaEclGR+gA==,type:str] + - ENC[AES256_GCM,data:R1XZ1Fd/Zdl4LeGcrA==,iv:3fzi+fSFXb+3pZZem1FVyNiWv/Ow69ZMQxOESDZZktc=,tag:VWXmcn9o7E1bGy5GBdSIvA==,type:str] + - ENC[AES256_GCM,data:8No9X7zcZLgHLSs=,iv:5+NNzJ2Lnt8ICoWp0Dt0izprHAtc7XMk9vhy3Bjw3yo=,tag:qs1Fb4WjeVQF1CkrWnOFSg==,type:str] + - ENC[AES256_GCM,data:lQyJg87jgjS/jGpYGN99,iv:2U6WgSSAQNh0a1VPC3RZc6h5ijTBJZqfbbMXpjl3EWo=,tag:SzU2SwjBekHdIGkITP8OEA==,type:str] + - ENC[AES256_GCM,data:/iqX3ze+NJm6n0w=,iv:KboxLi4ATR6If3cKiLs+r6Tp2TnNbVvW8bYhSA0+VNQ=,tag:37bZSxIJcj9i4hsQODZH9w==,type:str] + - ENC[AES256_GCM,data:X4zUlpz/8AKGJ77Zw0t7,iv:KxDpx9ch+HptER7HsrgfKjRkyXYn1WFRS0kaVloLlRw=,tag:EET43a4TZuYgiBjPQEV9Og==,type:str] + - ENC[AES256_GCM,data:ynOxrdcgnrM3wQ==,iv:NKO3MIm5PqExBKWygX1ONO2mvaktpinK3V0gJTrZn48=,tag:/JcG0UY3DFQRDnHrIHxIqA==,type:str] + - ENC[AES256_GCM,data:O4A4gGiAqhmxuK1OhjE=,iv:1q0bqMf8eB2GWIEN32QR4H544FNwnkqUGcYSICOsiQs=,tag:KLkY/Ebj1JGN54r5wn4XUQ==,type:str] + - ENC[AES256_GCM,data:mzIjioYUfJq7LQ9JQ8n5lA==,iv:8qHZz551B+cI+O7Rix48q6wBJ9X0KomlKD4DREHfJFY=,tag:6JAOdCVM9lLMllxGXL71Cw==,type:str] + - ENC[AES256_GCM,data:Ht7X4Xz5Nvendlw=,iv:AT8vsDsZAsCOw5bpbFlCBeXRVvXVXzf6DxaIQY8YSEE=,tag:kK9R2+FyQYAHjaCYjfgxVg==,type:str] + - ENC[AES256_GCM,data:T0QXOPDD3Kb3fHQ0TGY=,iv:IFolqZGBzELoPcjVYFp3DuDOhdM4czjiXBJScx5RNrA=,tag:/uhXLrHOmYzoKb6MRn2SuQ==,type:str] + - ENC[AES256_GCM,data:efol9wEd4j/97A==,iv:knLX9A6STFM4OYINtkkuuFTfLZ/5E7dewyFCtrQ7HbE=,tag:6ukB3kYb4Ec+3UWLKLRgLg==,type:str] + - ENC[AES256_GCM,data:iNkf2LwvN0bY,iv:bcRJJm9op/NYXhVW/VnPid6MC8OCgRUyePhR7ymI/L4=,tag:h6pZpOPhRJHgYbdCj/A0ag==,type:str] + - ENC[AES256_GCM,data:M7axfXVw2OI/W9sk,iv:5fqh4ugDpZmt34WEzcFwz8ETjv3Tc294kx+3iFXXWQk=,tag:vk3KKNghghJ0n44HWeMSCQ==,type:str] + - ENC[AES256_GCM,data:6ZufOKLuToPdq3TwKHUZ,iv:wXqc36WoB0n32JJxuSaKxKeAiBGwFNXQDtOjvMEypPI=,tag:BgmSPPKIgHJ7pyBHidfNMQ==,type:str] + - ENC[AES256_GCM,data:rU55Thop0RbB,iv:rxJFFdCgCcDY8K1agdahIlHvd3aVpheEBne8qJZf7o4=,tag:5iVPISTyEQSGgkO+TVTqqQ==,type:str] + - ENC[AES256_GCM,data:Suhryo1IPrzkcBcrYJinnIGn,iv:RBmV/Z384v3874qZuf5U2uZMRl930X8G7Zcoy8EV57s=,tag:2CEeIaK2uvL6gt2ysOGOCg==,type:str] + - ENC[AES256_GCM,data:AfpKLwFDdDA/f6A=,iv:CuvmuJE0Ct73+qNPnC3kqyQIEQne9dODYabCIzUQepE=,tag:4T/s9F+11HvAmKSQqH6Xmg==,type:str] + - ENC[AES256_GCM,data:mWgDk/tN+A==,iv:cXvZ0SN/vS/eAybXbUkOJeEXHrOwaf4ikOtIHrgibeU=,tag:JPgDjDiE6Dcip7augIvLUQ==,type:str] + - ENC[AES256_GCM,data:UwSOceEHpjoCHQ==,iv:fj9GTy3nrf3IhxmbtuuYmEklFcHeZZatmqRVgI3PEHc=,tag:Mj28QN1J5LTfqON0LWtujg==,type:str] + - ENC[AES256_GCM,data:89z/zISUCU8=,iv:wLXw8LnDDyFq6N1+iyqVmmhY0PlV/cAcQvWVGjkcCC8=,tag:PA6cdnoGq+D5GpUNDdxlzg==,type:str] + - ENC[AES256_GCM,data:i9MWutaARS0=,iv:1TMBj8yxX8h0cD/p2I1I8YV1bl7XCFDCl6fSuSoqrPY=,tag:AlkmWwuRmc8FZ9ZXV4TUOQ==,type:str] + - ENC[AES256_GCM,data:uNk4opHBPTHz,iv:MisHGmX38vznCUlhPbno/nUm55gSuGVX6Hn+yDSxHqo=,tag:u3Iv8Hr5NcSF15kvuTq8VA==,type:str] + - ENC[AES256_GCM,data:q0LmK3kETsWz3A==,iv:KFzWtrck6rmOzrEzXJtJj0L3MQxBCixUEuXHYAZI178=,tag:RFvyY4ZwiiWWLN95OVCceg==,type:str] + - ENC[AES256_GCM,data:vFm0x1KtNdQGukg=,iv:3FiqJ0JTb0U+NSr9zoZ3M9Z7yzHGeVo1h4FqIeyYfaM=,tag:5C1PZsXwdqL6GwsrJzy3cQ==,type:str] + - ENC[AES256_GCM,data:l73OmB59nB9kCzY4lFz2HA==,iv:olefCN49075V3JNSRGyc8ag/G+c0a9TDQHQ612MQSUQ=,tag:G+OSbNJKHEwJYWG3/Gcpaw==,type:str] + - ENC[AES256_GCM,data:2r5wzQGjs8LmpoYoUg==,iv:KCQml7uu0MMhUrMj9pFJgvas22XpMoRDusYq4jL/MN4=,tag:e98GU8+by7omNY/lwx8jWQ==,type:str] + - ENC[AES256_GCM,data:I7ZceoosUaB7MrY=,iv:5rVbTSY5xxXz1ja4LCFWxSn6enqjUkIk5vrn2AXoK0U=,tag:Za7Qkrzv/gAZPd1/A7MK8w==,type:str] + - ENC[AES256_GCM,data:HDhDJ0g/+przMAs=,iv:H3yKiA82gNvJ/jBieldJMvYH2+CWfKCO/6AcQ/hK7tQ=,tag:qZCqJhWg5d53qJvN3GaqmQ==,type:str] + - ENC[AES256_GCM,data:UVPwJ6I3,iv:ZCNQvhxH/93Ynbnh0tjfjvsPU61eVf5FakhhEhXrYB8=,tag:U6FJSaHBeoN6EqKICvkuoQ==,type:str] + - ENC[AES256_GCM,data:K8uzN4HZ,iv:Hsth9hDiQd05+h6WcxgYNjAGPZGBbv6qUeH+fK+hvGE=,tag:ly19Z3cdWvsNxGBx8WHBuw==,type:str] + - ENC[AES256_GCM,data:CJMUB8kB,iv:v1H1TOVfKuGT+dLkr+kWm5lg8iiqG4FZWj97I6k3sso=,tag:mhsIehFqV33fuW0UR9GpJw==,type:str] + - ENC[AES256_GCM,data:NCZJj7aF,iv:1mG1iPX6kB5AbMMR7DLEQTySLpg/UDOepCb0f27U2dY=,tag:x1IJ6eJgyqxxdrXwnWjQ2A==,type:str] + - ENC[AES256_GCM,data:epAODpodYRpmk6A=,iv:nfSw7XLppx2bpQibpLyYWXcTpRvqnejjn7LFZJmYE1Q=,tag:fGOW1huiwRKWSNIf7AxVbQ==,type:str] + - ENC[AES256_GCM,data:5ZlP7lG4ELeX5FM3Lg==,iv:ytsqtEKBstFufCGEMCMzgNgLVQEzVD8MiiReMnrt9io=,tag:4XpgOXIoiDN4RrMfsHQ8CQ==,type:str] + - ENC[AES256_GCM,data:n8SrXetbNxEbZrvBrw==,iv:xBISAsRnCRpEAlT8G6Mh6x0Oq7xmZocBuTOpxnhcR10=,tag:FhCd9AFzRBamk0f3wpBF3w==,type:str] + - ENC[AES256_GCM,data:R/nIccLfDjK0mUgg3Q==,iv:xXo7GYa/UD5aLwZ7q02LvfDP8WuYAyQrRtxX+Xn6ylQ=,tag:XXZNwJfAYk3WtDbkqtnD+A==,type:str] + - ENC[AES256_GCM,data:GyYTyqHacdDo,iv:tvtXBZYecVyDlh6I5lI28PZX2E9XXbBV3y+4t4ZSFgg=,tag:/8B6yKVKr0SXD15LVTZ0Sw==,type:str] + - ENC[AES256_GCM,data:8URy7VC2gN0X4s+k,iv:TxYybSBIcg9z1odzkphBJdHabvkLBJaPF1lPyPJK2OE=,tag:kdhBEdruJQ8DxIZW9HrLWw==,type:str] + - ENC[AES256_GCM,data:fNKxV44qqJU46w==,iv:SIxwEmtKOJkABF5cCX1VCuHMkLVVqR2IhuW8SazypNY=,tag:MG7qqy7PwXcFlEleFPGMrQ==,type:str] + - ENC[AES256_GCM,data:7dE3+3Oy+Zmr,iv:x5o5JV/iXOx7ywrfTeFyAX4Cv0axWOfy1pP40WP0Zgc=,tag:NgfToEqVpY7uLNU9SldL4Q==,type:str] + - ENC[AES256_GCM,data:T+xE1BAH7NPx6zg=,iv:Cp7cPBuZDifsj30XdoXuN3bAjGhXSp8CGhgsKkdAEiY=,tag:AXir/QD4N0E+XMuMaGFxoQ==,type:str] + - ENC[AES256_GCM,data:8ln7e5YOhZ3o,iv:h5qp8v1DXH8bL4B6QSlTuiLHSSJsrtCDKh+Hy+ryc9c=,tag:ZljV1muq0PVS3kIdkFjxLQ==,type:str] + - ENC[AES256_GCM,data:laa+/+m8Czz7uQ==,iv:huvMD1Q9A+/7dXhY0bZqQdzXtjj6N5BWqEB+0ZWlU2Y=,tag:4wwCRkOvGtR2htMISBh1IQ==,type:str] + - ENC[AES256_GCM,data:aw0ZVM8hL/Z4,iv:l8fWJhBZKdwLzjizvcf7H9ddaoL2ba9gfVDvCjMyy8E=,tag:9gvg0CUjk9jlJauTQ6r3MQ==,type:str] + - ENC[AES256_GCM,data:h0cvwNVmWbCi,iv:b7ODgKXnubWGYkKX7GV3GJPnsHcKzucmLVWKNSavhUE=,tag:CbpuyiPIuM5Bor48D8nUhg==,type:str] + - ENC[AES256_GCM,data:svIVBXWNCUO7DWU=,iv:WsYl9njas7XCtHmd9kq9p+XXP62aO+SIBiofXaj292Y=,tag:p8SD5Qzy+DlFn16bwvkRdg==,type:str] + - ENC[AES256_GCM,data:4mgZasOZGoKWIA==,iv:KxUxZduF/Ghs3vp3vtU8/wef6lzT/Q4QKtA2kQrA7i8=,tag:JT8rCjlhPIzE2KdEntZlpg==,type:str] + - ENC[AES256_GCM,data:fVcp4BHu4ZeOrXc=,iv:25fzidE6QEiyCzhgtt4x1thjTIMIMUVwRMOPqXMV6Ew=,tag:aRZwUDBuqjCs60HWJhI+7w==,type:str] + - ENC[AES256_GCM,data:uyIDLRfMdB9tmpvPqSP/Jw==,iv:DocYukcmLNxZdLl/dtQ2VqV5J3xct/GMLnvH2aTRQrQ=,tag:UXqkYMJjVjK2bWbE/o42hw==,type:str] + - ENC[AES256_GCM,data:tSq1UgGyObyCnxSNs7cn,iv:kwmMc0T4UTkBOuIQ46GVK2L4VIR+vpcPKd1PFM+BW/g=,tag:k2V47IzIW0M1aW/WIubtbw==,type:str] + - ENC[AES256_GCM,data:HiE8IECSGuOnywu3lpKHww==,iv:2g6NnUWZGLDZ8YXOeMOK0UL5+nk8ap04Gm79dCMQlf4=,tag:5EhzovzIBjdsb8W6gzzD4Q==,type:str] + - ENC[AES256_GCM,data:xnUeO6T1Op0nyipcR/eX,iv:i2ZU4v9pu59irfpdWb++5bfc6Osl3dmrpPFt1Vm9oiQ=,tag:UGaVL2pYCNe1pYaW4yloKQ==,type:str] + - ENC[AES256_GCM,data:92xr6/IJSwnEDg==,iv:B7509RKu/pc4vIDrKSZoHMYUuin+pJW6bYKlHEgbRd4=,tag:pUSlzGeeNlvOhylahQhlFw==,type:str] + - ENC[AES256_GCM,data:Ko2jx83NOPI5lxWji0U=,iv:zypsjU6sGECLOpWhi87zylFPn8IC/UiUSs7heL1RaYA=,tag:c0mzHP4Q5FTIrAKD/ceulg==,type:str] + - ENC[AES256_GCM,data:imwpdw+niw==,iv:+pnXpMCvfDwnwy7GDQ+6OvR0grJTbNNuSYf70U7VazQ=,tag:4oyEF29FEGLyQZopmzgxfg==,type:str] + - ENC[AES256_GCM,data:Wv+Fb1lo7T3vfMqaXLo=,iv:oY0olv37WXsS/D8V0QworFwd93w8uv4Ihdeki6ACVU0=,tag:8hPi2wZdqaP/hZr10rnLQg==,type:str] + - ENC[AES256_GCM,data:NYzNIAhAq/KpNrmpI2A=,iv:PH6KkPT96ykNOg6zziJKZ+roARhqscFXHFV2mfkfxoY=,tag:jHKlHPtMisy6Lj7DBj0oZg==,type:str] + - ENC[AES256_GCM,data:quLA53rUtZlqsNK+Pg==,iv:aTUi/cJO+jAjfdIRPO11GO3oZT+WBMNeCDCwcuXDg68=,tag:lsiPPneH64GKczArzaAybw==,type:str] + - ENC[AES256_GCM,data:oFvblvOssmIm+A0zIP4=,iv:P4H8xxJXMGc/DRhnxqQlQ94yCdWzQGaU85ZnIhHuLTA=,tag:65YSQbtiTVAgrYbCdNcdiA==,type:str] + - ENC[AES256_GCM,data:yIv20YPfUlmrNdueBHk=,iv:ZS+NOxFgBRM67ugETR1+x9ZNOfj3wFi2N+vAQS4r+O8=,tag:Uu4yJtoYMb86fWJCM3LiyQ==,type:str] + - ENC[AES256_GCM,data:i3zV/VqFVTfyNasc,iv:GSIHCEbPt5ONyc5vSzNerVAlPhw1Xl5laU46Gah6+7k=,tag:Y8tFMGiXnsvpIYxaJkBYkA==,type:str] + - ENC[AES256_GCM,data:k6iMBsF3GHA1kEVP,iv:TODEJCewzJfK9RVx/Dcq89AKvwjehW0iUeSYjC/Bg4I=,tag:4WVLA5kUrwyrUu25qKHbzw==,type:str] + - ENC[AES256_GCM,data:QXW4OiuaKxqIU1R3noQ=,iv:vWBUcLhUaINoU9iMLYpwuDvnYX7cFDV+nOgLdWlnOL4=,tag:UAq6GOZED93yhvvP3UHs8w==,type:str] + - ENC[AES256_GCM,data:kCZ354S1aghNPQ==,iv:Te8Fl621URnAinxFI43/jOwd2Bg/AX1Q7LnWbPn8bK0=,tag:3Qoe+cWvI7AGLjcf33IpkA==,type:str] + - ENC[AES256_GCM,data:LaSqGPqLYIfMljObTA==,iv:975pLDuC5rum9PRgJuWKfzc4YZIAlbsGKgSb7J1JS1I=,tag:HuILWzJGJRWDi4l00gVDDg==,type:str] + - ENC[AES256_GCM,data:85wHuFkaV/8iEn6QnbJWQg==,iv:EbGl95YXGFYQp4mX/WJRb3eRb1EarkmHf9WCuQSfAVk=,tag:ueKdTIa/ZaTEvD8P6ZhjIA==,type:str] + - ENC[AES256_GCM,data:wMLzAIPpfSjAOtZdkRpDqp8=,iv:mE42ryKFRzlLdfGBlUFwcfoAOYg9d2IfjFSXT3Ji2q0=,tag:9wkY/7AVgi/mGlkgdeO4tw==,type:str] + - ENC[AES256_GCM,data:lZkNBf6oLFpFxvGGwnqWxQ==,iv:6LTsGXOKgqWclxgqKpwi8d9u/3UUqS0iDbGZ3p9RAAs=,tag:vAnUw/0h/uTkeRWEU+X1Ew==,type:str] + - ENC[AES256_GCM,data:rgh6+SQby2LAPA==,iv:YDPVLWOBCPz4K5H4Jb2KbvsQBOANrZXa+M6gzXOQr9Q=,tag:BuVk4A9SFH2kUZniPbG8Ng==,type:str] + - ENC[AES256_GCM,data:4ElZTw+HZQX7warpBQ==,iv:LlONxMrjNN5WKn/RamtWbs2eql6XNgPN8O/V2pzDAMk=,tag:7IJ48QTBVjT1SGOt7XqEnQ==,type:str] + - ENC[AES256_GCM,data:Lz3/i1mv+OvW90ftXg==,iv:A3HeJ+1pbvx0JOrnTnu18b9D+nIY21pb7PEEj7UtrV4=,tag:36pMvc1vZZRgBh/6ectd/Q==,type:str] + - ENC[AES256_GCM,data:H8jVss49A0NFbJAa3xLbV8AcX+OG,iv:KXS78p2yL8S4DQBd3WnU2P5NdNWcMSlfcwd68pB9kbU=,tag:BIarwQBn6Q+3FOcRAH5sFg==,type:str] + - ENC[AES256_GCM,data:ycnaDGH59rtg,iv:wilZeU4Xydn7ilwe430O7W/tpRRmC7OX5ASe2QIclY8=,tag:NNRExVw8eckCxWyokV1gTg==,type:str] + - ENC[AES256_GCM,data:qwtyjkqG+MD9PoHnCw==,iv:o3j3Gm9g51I9zVrvX5f3DmJyJMxvO9Ysn7eSHP1C07g=,tag:pwlElAgoE8vKiiAlO9dDkg==,type:str] + - ENC[AES256_GCM,data:OgVRq7i0+5arCJRa,iv:6zz5F8LZXURPC01SZ3mgUJBNrzue6TGqRjw9b4dPMaI=,tag:O7adrQhfKrmQ1vpq56L9bA==,type:str] + - ENC[AES256_GCM,data:3PBjGEjUv3+2fQvXYLiTEA==,iv:x3R+8qIYsjJJM84mzlty2Cvq7P6U5hgyq6R56DI1TdM=,tag:FLGc9YCyIfmlsUyjDgJtdw==,type:str] + - ENC[AES256_GCM,data:TyayW7xi7aHes+B6C7zw,iv:AREXnJG7RGTrX7Q8GG1fxfczr9oHUxsNt5+hCRKcDsE=,tag:qlFnLSJ74cyQLr+iuEE0Qg==,type:str] + - ENC[AES256_GCM,data:drOJ7OPEksR+guBGswjw,iv:YziNqxXdOOGqdPol7jCwQ96980deoTNv0vmMs6f9OC0=,tag:Oll6ugNpHhkKFnSmQu92sA==,type:str] + - ENC[AES256_GCM,data:llBuKVZmMTUAWgs=,iv:XfHIA3Nhu1ZqVFQ1t0r3GeeSfW7xVQZCvCIx6A82TNM=,tag:bL/HUYq9C78bXyJSQ+ZFaA==,type:str] + - ENC[AES256_GCM,data:77rp/MsX+B7pVHZNA9y55f0=,iv:QHJvMpOvzXUErQMRbYlAbTbbZ2lgTC7Cxk5ToC/uFio=,tag:tR7JejGFo4558rQ+NzYxmA==,type:str] + - ENC[AES256_GCM,data:iBnwxVeOcdt3PjRN+IygUAQm5/4=,iv:Cl894N5KLtM8X3T1N+ZQeafyBDK41rDLKa2cE5jH2SY=,tag:cTtXl3MTvu4q/8ksD71YDg==,type:str] + - ENC[AES256_GCM,data:sJ92zSf8+vYyZV5zOKM=,iv:wugEA+dgUuDDg+bwrmswXWL8rzHTlrW4N5ibtx9MFGg=,tag:Ne96vtRsBUJM5Zc+RrTvRw==,type:str] + - ENC[AES256_GCM,data:fl0QD1cjmEEithQ9Br0=,iv:qO1Nj2iXjOqHEtPI72qYZdtMlqFln7922WRI7YopDTU=,tag:jbUReq48Pu5ASnC9dKGm5A==,type:str] + - ENC[AES256_GCM,data:6sZkfQwSH1g=,iv:W/q47MmidWYhflzscB3MaOOEIWxNyeGzombAVy61o34=,tag:RsvMHVuPonP5uMxiK09ayQ==,type:str] + - ENC[AES256_GCM,data:O3Q7cwrREZYcUA==,iv:AhGl8cxASvagAY2A4/xrLYTz6vAEsalv6EZKYVQSc7c=,tag:h2vmXoRoPNsnMwZPAMiHfQ==,type:str] + - ENC[AES256_GCM,data:KLgecm+Alml5dvjIDMyt4xaU,iv:aT6J8gJiPCbGcl2f19r7FQIUXOaP2zT/8EmYmHxB46Q=,tag:BtqcFABq9TLZbKX+FlsswQ==,type:str] + - ENC[AES256_GCM,data:MJYuQhIRoZrXgA0g,iv:XEl3GFO5bThOKUQkW3svE5ZqXScVB2ztNi9aOcgHY98=,tag:yUbLvBlSNUu9lMdrSJ9Onw==,type:str] + - ENC[AES256_GCM,data:FOUmOwFpcSmY9Bjv+t7g,iv:lpWAbxBOhKwdLlhC84CaWQpXUovIcVaskaAlRal/wzg=,tag:kIKIu94/+gripRJD/75FyQ==,type:str] + - ENC[AES256_GCM,data:bq++36qfDFjGzTzvEgJP,iv:Yt2BXKZ9tXf0wSHszvKHfpQhqiDPAWvX+5wku4XlMww=,tag:/Ax4tNMI1dQPFJlXlKFJnw==,type:str] + - ENC[AES256_GCM,data:pNPSAzhDVzYmPQ==,iv:aoEhAefjYBph85Gd4IMVuow3vOBy7W7YGa6vu1Nz4hQ=,tag:yaQxjXWtdp5uHwfza17ezw==,type:str] + - ENC[AES256_GCM,data:0T8hWwIy1r5NrXfS,iv:D7oVQIrnfxF5YNA2IUTSFjoih+zr4n2GO1wiGnY7WWw=,tag:JCNDnGpFWpclievXpfB/1A==,type:str] + - ENC[AES256_GCM,data:B5mVFOsuZUGQrfkc,iv:EEBvSLFc/77r5xGxIGXQWBdrl+sBSrVtMhYlGkD39NE=,tag:04bjTFZoccNlQVxWO5+vPg==,type:str] + - ENC[AES256_GCM,data:h6xcHGjKNA==,iv:CpMeCViv2/lbwx6EX6Ql4+5QjZDFsZLRDHuQhc0kBOo=,tag:iHEFFmdtFcWsn/1Pm7557A==,type:str] + - ENC[AES256_GCM,data:5qSUALPUPYvESu0=,iv:kUnOImbFgwKLt/ccJvjMnLty+i51fKC8vF/NxDimG/I=,tag:zjAQHgtcus6TZ2fNmZYlkg==,type:str] + - ENC[AES256_GCM,data:y7fMGq8V+vNJyw==,iv:t1BEYclfM3IzYQCHxTLUBivjqml6t5Ka+H+XQAhyEPg=,tag:GI/XMtyXlqPgJZwc7Nh3CQ==,type:str] + - ENC[AES256_GCM,data:c6HI2Ixx9+IO9iI=,iv:yVveTpp2bbSRkEVHJY0knPO8HN+dXGrR2MvRTz0o9ek=,tag:MfhudOHLsh/IN/YWcoVgCQ==,type:str] + - ENC[AES256_GCM,data:FRqK8WNODF/bVi8=,iv:pEDeDXaTFQjjtX8yZqqDvEcPvHpeDarScXVdi9lojXY=,tag:UugKTkplNUP1AZsvqYC+hA==,type:str] + - ENC[AES256_GCM,data:6pzUI3tqDLb2sdX2,iv:/l+FHtS+1T3Ar+m9har8ggy85/wpmQQyL8IOv7lra5g=,tag:ozRLcXWv1kA2Ad7J83EYRw==,type:str] + - ENC[AES256_GCM,data:nGr12fJRKJvpW8vWNg==,iv:qwNE+a59idIQi1W3eRJaJQ39ntSMzZdsh3030vlw3C4=,tag:v7qdluKoMkI4xswDUXXrIg==,type:str] + - ENC[AES256_GCM,data:GFcfQHXje8cfP3Ws+w==,iv:Yir53qJocoWijrh4LU1GZNVrrViXIRrA9Zh240D2Zek=,tag:Lpr64IgAdtVUvuxUsGDN7A==,type:str] + - ENC[AES256_GCM,data:VmXqB44Egw==,iv:CozN93uLiNJceiVXbM/cm/dUVJ69Dv2ggi2ZVqhc0lw=,tag:o+9DtmfTHz0qolHj3UDSoQ==,type:str] + - ENC[AES256_GCM,data:MxcC+WB+BR14SjvJV2io,iv:93GxoGfJv9MWsZ0HcaqCqdyLlrNO3fRi1zCnfBoXXF8=,tag:N+dlmMxnkFTDCOSziwyNxQ==,type:str] + - ENC[AES256_GCM,data:DJ/g89Y/eB1jtjM2LsSxnw==,iv:/wpQPV8452jfHz0jdeufBzWdaxdseaQLl4ovxsEeUyg=,tag:Vls5bAcEZBrF6e/Q94YCiA==,type:str] + - ENC[AES256_GCM,data:vPEJObXJOQ8=,iv:om6mRNUU2RjeoxoeLvmgHNirkusuGXtPzDFKnM/xPhs=,tag:pNUAjvoEuGB1F41BlHeGPQ==,type:str] + - ENC[AES256_GCM,data:6AW3GxRpDdY1IYguc+g=,iv:6e84jtTh3WfYTiACjqSsSsDeWofk7TqTef0hm+aZPrU=,tag:eGorf9AChdnn8YKxYVq91g==,type:str] + - ENC[AES256_GCM,data:UkLgXVWCK84l29Li,iv:GAZ+0LoYI9DW4Cpj2RfWWbcehO34Tbnns2nx5MzI6no=,tag:6Tm96PFr2zSo/jcP7MBadw==,type:str] + - ENC[AES256_GCM,data:FZgr5ncIFpf6Z3po,iv:uEdyw0JcvjcMntudDAWsNyvFlDMqAuozaAbcupaResc=,tag:+MOH26gMnY/tu+6tneazTQ==,type:str] + - ENC[AES256_GCM,data:YklubkJeFrtrAg==,iv:bNSlUVH0jLzc9V95SkEQOxJm2k3SnNSfTAuBBJ4EAEQ=,tag:FjwjNOSDzgJBpvBG25sM7Q==,type:str] + - ENC[AES256_GCM,data:MgbTj9AU5I8VR1srUWCM,iv:mVTerdqznUnczUB/qxXlNtjuoaLyGh4pnb6KRYnDNaQ=,tag:2L/dAUgwzEbsuCJmZyMGsA==,type:str] + - ENC[AES256_GCM,data:xgLolTLZUCBMnOISww==,iv:F/mv4WaAUCXnueTDdpVUi0asLuduox1W2+zyXVdQ/vk=,tag:5WFB/et6Qqcbak4ElhH/Zw==,type:str] + - ENC[AES256_GCM,data:S2EV4axFer/dDw==,iv:t2UIePf5uGNdG8nP55WOamYqTqmLwTciakDi+k7yQ2s=,tag:GWxEiva8UuPJ+ZzYC/a85A==,type:str] + - ENC[AES256_GCM,data:Y3ZDRaR/9dPcDTpMpI68iQ==,iv:CVqsEG95jo+9CjDocUe2/iHbj3PefQqATGmoyYWRzfk=,tag:anqXUapRc78UTzCCRLRxzg==,type:str] + - ENC[AES256_GCM,data:9903z9GSec56FLY=,iv:u0Cw4w4xRAk+9oFc4cUAF8b05eYrLu+z5sj+Wj6JQU4=,tag:GsC0AiWeID/I0PmcYtsQrg==,type:str] + - ENC[AES256_GCM,data:WX85Fa8IpgqsMg==,iv:9KJi0FxPCmisz6SVt9+ryEraKE+HahzsijFbOgYlv5k=,tag:wRf/3FSji7yU+PyDRZeg0Q==,type:str] + - ENC[AES256_GCM,data:N3NXLPt5BWDj45sX,iv:XNVnd61JDCzDsrWseK3ofyZpgqdNRYoofLSuPL2D75Y=,tag:tik5BP8Mhbzbna68yL7S+w==,type:str] + - ENC[AES256_GCM,data:ht7e8l4y771ZRBIHWJCO,iv:4QU3vF3RWETOfezI34198ayNMpY6j4qj1l+C0NnUH+A=,tag:sz4Nr9SE8/NhAsh5gzKOKg==,type:str] + - ENC[AES256_GCM,data:J81iTk+IJPhRZv24wB2L,iv:9UEYSkpdO3w7R6JkedhpPXNBWnisAbc1+OMWZu4mJOU=,tag:heV6ICBwfXrbkjA85NFc8g==,type:str] + - ENC[AES256_GCM,data:ZLU5I1DOgR573u26sDRcag==,iv:z/7syWLTKH7r59jyTdGOMm/ERSDOZD6bMEtSPKxkc+4=,tag:uiFY/4nHdolGGMPB6apEjQ==,type:str] + - ENC[AES256_GCM,data:96zmAYEu70/1Iht+qFApNg==,iv:YmVB3Hb43KWWnT3d87pN2G/1wH0Asr3s/mPGyh3Ok8o=,tag:/VfxjJN97dT0eS699TunJQ==,type:str] + - ENC[AES256_GCM,data:sHri2RnyCXzz+rO3qQ==,iv:OZPGowISIubShuGYCRBwkJ+N4qRLK2PxbuFqME1CdHQ=,tag:M7V7LXYHf2TqRN3xNhnQcA==,type:str] + - ENC[AES256_GCM,data:TFro/JCS/BJZAQt9,iv:0KMkUc1DUcJGuKRjZc3R28RQ5Adjn/5Yj9plWtaq4xk=,tag:r2VevRHoYMribX4IIGoxpw==,type:str] + - ENC[AES256_GCM,data:vqGv+275FQYQaaw=,iv:2e/W+zogbbrEem8MV+k6naD/yjA0fS5Ra8KDEGWzh+4=,tag:/eggeUmKJjEgsQYhKb812w==,type:str] + - ENC[AES256_GCM,data:eZGFJLx6YzFN2k2MgA==,iv:lpDyzylWb6nM/HXXC6e71fKFU9Fu6fIYUAMrLFmz4Xk=,tag:bB9yOld2yf5/evPahTcLIw==,type:str] + - ENC[AES256_GCM,data:vPbWdkZnlvM5oQ==,iv:S0mKxsM32bMzviZus6fdOAKbAjIBTrNwcHwyHkWrguc=,tag:ysLnpNThRVIHi1d75o/Xzw==,type:str] + - ENC[AES256_GCM,data:P9CAZVerEPNDJMu66g0m,iv:RCJDwvJhDRlmFdL+Y/Wug7vSEszPJgPsmof06h9ciYw=,tag:4iFJYbmprlLdd3PmYCXtZQ==,type:str] + - ENC[AES256_GCM,data:Yc62x0GEF1OaogPAmQfQrg==,iv:kZz2wrRjJGdP9CQv0woO2d6o5yAO1BSS56PxO0hCbEw=,tag:yBt4ANqx4GNkiyyRpZlWKQ==,type:str] + - ENC[AES256_GCM,data:LGJ5E5Aj8omMBj7VJwU=,iv:mAwVInnj7kg4QpaorifgtGRu7r2U4s1paPQzZhBhVTU=,tag:k7Qf4aUexs+oCXRFXJlljg==,type:str] + - ENC[AES256_GCM,data:BkTqoI/ch0Zt/Q==,iv:XNKSWHjY1b8P6I8l7COa4UjIkZOt/bVgFP5eELG+42o=,tag:RwK9f5W1y3yJEE8EfR/iYQ==,type:str] + - ENC[AES256_GCM,data:T83OcB9jB9Ca7aMEQyUZCvWv2Q==,iv:T9qt2zOtrAWaFSFyx/JfPzC8Hk9sxImu1YDQhnLc7mA=,tag:+pgM5xU05deXqmzt101A5A==,type:str] + - ENC[AES256_GCM,data:2Q9t3DnFIuCuBOM=,iv:q5rzvUve3IkEPRoYA05OQpSfY8msjdG/JeUPMKvtb3k=,tag:xDXQE+7/tixkcUSzqll4Yg==,type:str] + - ENC[AES256_GCM,data:tidXVULt9BNIlH9fzDt8,iv:f1kdm5/jo6BjCjA4BCZ3q0NunPAGoOeC+4qchdeN65M=,tag:TCQXIssLt8GDsxN9lKa67g==,type:str] + - ENC[AES256_GCM,data:s4bbsvAfa8x6S/1o,iv:8XXwMyQYS8l7QPpl71XFxpBKts+DaM8N8lgQS9AU5as=,tag:JaZ/M692yd6J3Y/c/1cXQg==,type:str] + - ENC[AES256_GCM,data:gnrB6f7v4qQsElWZHz4=,iv:sqp1g55lHn9m8NgKfLkep5AkEzEXGES93ph+SHgW7ds=,tag:wBYf+2X5+fcqFGfLeKK+cA==,type:str] + - ENC[AES256_GCM,data:rGilCNoq+zMeELM=,iv:l5fvwi0F9cYk3zUFcZjOSypmmZ+IbVANrLUjuTLxTzY=,tag:0Wp5uZrAPHhYq/+oPXhgkg==,type:str] + - ENC[AES256_GCM,data:yaIF+pCLXO5q8N5u,iv:TQp40L6dzNblymXZyorTV6yMkLihbCMckqCTGRKBSzM=,tag:iSsdjMjDr4kDiisYVoKYSQ==,type:str] + - ENC[AES256_GCM,data:KATTSz70Op/V+g==,iv:37+wqFjds8mqIpYxlW7zNuWZKbNvp3ZFWyPWo5aqK0A=,tag:XY7aK3Z4pz7/3NAobpN5/A==,type:str] + - ENC[AES256_GCM,data:RTH1Wtxs5Tg5DS8slEk=,iv:KQU5q3ZHH9qcoSn8Y4OBFGQ/bd9YlkVIAUhbnEWhbOs=,tag:OadlFnyaMe4vmjcJRekX8g==,type:str] + - ENC[AES256_GCM,data:ECA9Xv8+4IhS7MNGWxk=,iv:5a9O66281rBLCf9TPNaj2rGfYqedrjgcZSGp2h+9EGg=,tag:oWgvR1SSSk6eeD8+zFKegg==,type:str] + - ENC[AES256_GCM,data:wYbJlI5c50Vurq18ZoA=,iv:bykg7KfStc+7jyf/P5QxdsV3hGOVw4ZYi8YvFXj6Olg=,tag:lY579jWA8HUsVygXTUC+HA==,type:str] + - ENC[AES256_GCM,data:8x8/+00HvKXRDh8ivw==,iv:W7SVxd60N7wioz83czcid2P4+TMjL+nBVx6B0uIcjic=,tag:4wiSsvJGjCvC3IpFlDzKcw==,type:str] + - ENC[AES256_GCM,data:7jKROhbiP5E+XmnK,iv:mVW9gRsbvi94OtNK0WTVDiBycuRTOEWjCOL/RfEcM3M=,tag:D5frwqyCR43pFMQYYZT6Ng==,type:str] + - ENC[AES256_GCM,data:D1locT5I8B0vHQ==,iv:O5vznVe9w2ONs8YKGXXG/i0MUQ0pqp6csh3YlYvwjYg=,tag:NJ+JD9uW5gR4yqfnECNAtw==,type:str] + - ENC[AES256_GCM,data:qWsih5OsdIbg,iv:OQVO+n2ZzHYGGZEWYZng6TKXXWW36DB7iOQCIHGaGMM=,tag:jfcD1l1uDutDrtgbQnBpkg==,type:str] + - ENC[AES256_GCM,data:cQ7KDlsVWTMG,iv:Ai7FJNueH7ll8CMS1/k6CwJQR11L7JTMFl36UF1VFnw=,tag:nuFctanDbtVy5QPYlLkuZg==,type:str] + - ENC[AES256_GCM,data:L7YhgHpOyTK75dHrlw==,iv:Ay4lw+v/oiKp866W/ItJaMBGunfPGapoDwFGFIUFhuw=,tag:3tIwVL6hoeDa8S19YGcaxw==,type:str] + - ENC[AES256_GCM,data:+XoeviU5xrt/dyahfm9pz/4=,iv:l/6vH/p7caLw3OVl6g6y2WvZA5Fe+86HT02aI9SyNfA=,tag:YSVRB0W+Vodw1G3WhelB1g==,type:str] + - ENC[AES256_GCM,data:2Qg76YO2/Wnt,iv:+81nwYqtoufOSP70JrmPMuqc6eNPoheUwZXlq+CewvI=,tag:Z97efguecGUjT03mL02NPg==,type:str] + - ENC[AES256_GCM,data:mDbPhFVdyFNmRyLTZes=,iv:JV4u0+ZSorxs54zcd78Y2TwaB9fZJBgTa7BHof3ayh0=,tag:7i9laiaavB0xu//3kQj69g==,type:str] + - ENC[AES256_GCM,data:KMiwPiQvmIhRNSIPNw==,iv:azl6GHlyJ5MHSw45sLYExaPiIl9Ur9utgQdcqwXNfsI=,tag:ZekmpZs/q3SUNPQO2BwYcA==,type:str] + - ENC[AES256_GCM,data:rVxtiTy0zlw017x9,iv:hsmsp4kEIoM8GV6SGZYZtvt4PoxCtuFxBgb6+WIWlAo=,tag:qm4T+cPuk+UuExSSPe8O5g==,type:str] + - ENC[AES256_GCM,data:rItbAF5qWr7sCC52rc6N,iv:cTXSmN25dwuYNmx1tJQ/ZZzB62Dg6DhfHGR9/zyFq8E=,tag:RE6Yg6oOR2PW9WrUygNtdw==,type:str] + - ENC[AES256_GCM,data:WDCjBQbZDhm83ayVWajV8w==,iv:zkBPxNRMf7+FMnAWNRT2hOG+40DxqOiRzK+lxvH0nMs=,tag:7d9li+mNbxplx68gOHKdQw==,type:str] + - ENC[AES256_GCM,data:qcnpdYPhHRfVpHsnza809ao/MHk=,iv:3fDH+SV3Zjqz/2atkQKkh5uFmxD2U7yXuV+QrACwpcE=,tag:qTHYepC/8WyDyf19yRLC0Q==,type:str] + - ENC[AES256_GCM,data:DNBkxxAOVMb+YouGI6Ya,iv:2iWEt0T4SAxwnX7rzqptzllPY1RQWqV2fLHHShJANmk=,tag:yyJCGo9rJCfDqjEv8qbPTw==,type:str] + - ENC[AES256_GCM,data:DO2gcNLlCV95+CMJyA==,iv:w9Zq4E5fLKu2eElAJVdGH1Rbr4H2VMZxhx1iwNpXWxE=,tag:j0DBYweqruBI2SS/asS9PA==,type:str] + - ENC[AES256_GCM,data:lv5Ngq96ezH3R910iw==,iv:CQ7iCq+O9xyLchff38WoLv1ultMDprqTTxjRr5RLBpw=,tag:OUALW72XCsq2OBc1ou8woA==,type:str] + - ENC[AES256_GCM,data:N6in8MbZub15hINzLNI=,iv:rxFBYUD7inmqB4dXMPxgzNlN47PD9QZB6V4EsMlUwTo=,tag:CijfMLb84lvr5Lw4YnsXTA==,type:str] + - ENC[AES256_GCM,data:BBYGlS1LAgfm1yEW89Y=,iv:SEoOxP6mN+bQ/FjrxKe8XGUVbcV8SHkEdqLKgreE608=,tag:1UrBqsmNRbukaw8RJs99Bg==,type:str] + - ENC[AES256_GCM,data:8LFocZeYxbnHC1A6LeU=,iv:GzjcfQJ88Enb0tWBpMDxXV84JOkH7r8HcSIswJo8SIM=,tag:8wKiOj7V6OqLUyy6/rmTjQ==,type:str] + - ENC[AES256_GCM,data:LcqsMp6UvhwNR4dmDg==,iv:i4mpe6k7ohcs8RpIMxkkj17S/kXzeWSwvReKdHYgJZc=,tag:8+B30M54CKPfRQAUKigHsw==,type:str] + - ENC[AES256_GCM,data:TL3/iV2IOkwCXcV7,iv:J8qIylTzQZopuf/MTnziCD4uzVueGVTW8/ATic5uT7I=,tag:raHyuoAPxrGlxewfNqyrIA==,type:str] + - ENC[AES256_GCM,data:2LD8p02Y0HWBLA==,iv:srd3FCcEstqPd7emtJngS8iAclmZ6sv0a6BH8QRdTMc=,tag:oU8Uj6yaScgywykKIMkG4g==,type:str] + - ENC[AES256_GCM,data:3vDwZkqgZ4/btQM=,iv:8a079xZ5TTTezAejOTbMRwT5XPC4keEHQOdHO0eu7rk=,tag:fRwvfDa09DoA7KrgqQZRKA==,type:str] + - ENC[AES256_GCM,data:qfkkc7RrEfCvbJd/,iv:dM/kQDM/8oFBP68diaD4QCkDkwMPBlWBICCtZbL9SvI=,tag:v91eLzR58v5ud95aBQGD4w==,type:str] + - ENC[AES256_GCM,data:PWpdDWBySI5twFMfM+QQ,iv:Baw7X9SKHVXECzGkNqreRqwKONd0bdqze4d0zgd9anw=,tag:uzURuPjgaCr66EB0RbzPkw==,type:str] + - ENC[AES256_GCM,data:51ErYBae3Y6R5xxD,iv:nwq5TXMHdw4FPRxp2qiPUKxCfWmaECG9tbW2KpIOgnI=,tag:QHlL8/z8mmhsH84BAFSrQw==,type:str] + - ENC[AES256_GCM,data:KtfBXrAeUFnh,iv:llE+AqXPoWx5nZCYaWL6IFahgeJ329KGlTlGJkfRYmw=,tag:PSdXUf4PrMRflsVKaL7YjA==,type:str] + - ENC[AES256_GCM,data:QO328kNQunzkFhXMWQ==,iv:B8aFuGAlTnSpJtfqdhOHkw29dECGbkmOXeFQkkL284U=,tag:1unevnzXfx9jNhS3tiG0DQ==,type:str] + - ENC[AES256_GCM,data:IZ0uJAffoHnwyZHlqw==,iv:+THmKK8V+zNxSPZ3TiqP1M7b1xaqgTl144x/6R/8trg=,tag:JnzQPTQOZ+eu+ueY4OAQ6g==,type:str] + - ENC[AES256_GCM,data:AAok7JaacQ==,iv:mY+2gDMEPTLWiWdWUzW7T+a9DjdekT90DkbpoXglXqA=,tag:BdqqS6AVWu9Ua1iEREnNvg==,type:str] + - ENC[AES256_GCM,data:MGeQjmpLlASHp9+WNtNnIjI=,iv:aiWOZQqy4Y9pnBLsupmv6vmlIyAgR79gGj87HSfzcyM=,tag:jPuv8EpPGQvXBYHtiruqvA==,type:str] + - ENC[AES256_GCM,data:YK4MArJLOWxC9Q5t0w==,iv:JozrkDZPDKZlgvxIg0hFFb4RgBKQEi95fxrUNgtGlMs=,tag:a/LM/l58SJXhRTI7C5Nw0Q==,type:str] + - ENC[AES256_GCM,data:XXoiav/mKdUf6gJZ,iv:gf5XwFais3n9kv3LcokRF7DWwDxyJGPYiY43RUz8TH4=,tag:MTSS6N/54zPgXtOQT7wUgg==,type:str] + - ENC[AES256_GCM,data:pOPYi6NnqFhilrfdwgKE1F4pKgeg4g==,iv:6K9NxRMiE5GHVW564GqQKpljJA7p6wN+uUXT9TIulqE=,tag:FkmFo7lojIU59RkAosKlOQ==,type:str] + - ENC[AES256_GCM,data:jd88BFTq/D5qaMUHFQ==,iv:FijHvzTSyQTgUM0MFJGdM7LYFF8MaMuX7IWeyetosHE=,tag:WgV3wvRs+tJekjw+h3f8jQ==,type:str] + - ENC[AES256_GCM,data:VxU/UxTprEohGJZP,iv:IUYW7dZRGnBwyUzWZLIMBlQXjExoBF8p7FmQ5GETZCU=,tag:6LJih+WufMiL6qDok+ZEGw==,type:str] + - ENC[AES256_GCM,data:zK7gpk5BeYT7EkrzHA==,iv:Gd9XL6oPUxt3egoBG1dHq45lMQU3HOs7xMy/vZVXzXM=,tag:mxUHNSyWrYGdA07P6IZtMQ==,type:str] + - ENC[AES256_GCM,data:QQKyM7gV16r72mQd,iv:UJA7LXNufUGXIFXrb+n85kIAX8uLltlfmFI3WoYjVi0=,tag:ZwCU0n/RaF+2Djl6QOHjJw==,type:str] + - ENC[AES256_GCM,data:L6YlyXEZkRXiwP0=,iv:wmu5xnMur9GJ2D5XWbsN1ltF9EnzJ97WTj0X8ruCPKE=,tag:sjqe5L+11meAZMLouHSQVw==,type:str] + - ENC[AES256_GCM,data:3p+D0gkMlRVaXXc=,iv:3ufdwUEDdFhrddDUcJTY3/Al+Rnqhmr4mWdl37fEb3M=,tag:/L1XtSTFZFuGlvPBKKuf5A==,type:str] + - ENC[AES256_GCM,data:ZN6isVR8BQfGebqN,iv:NdqpbrM4RBbl4KyHW7fFRfpXQDHD1yEGXxpR1H30lio=,tag:iBPK4/+/BpGuVB/cyfqH0A==,type:str] + - ENC[AES256_GCM,data:mgng1wFBDurviKMAtA==,iv:E0mj/qYcSc5v6Dnv89f8u+OLNqOVxRzKviP3KWlYpnk=,tag:GLr88kfhfUCFkeRb+XW19g==,type:str] + - ENC[AES256_GCM,data:eEmFGsmudSgRZ43f,iv:sLEpjBMoeIZ3sy4sPXONrO2d9JMzM4r2d4sGekgfofY=,tag:pDH3zM6uptU623KMV8FzbQ==,type:str] + - ENC[AES256_GCM,data:+v8tpVVGLRfhNw==,iv:iAzhAWqdzA/GzUbjzFX6kbNMOFmO5viTM4FBKwADP7c=,tag:uFHNB1++ipVU2uf6K7NziA==,type:str] + - ENC[AES256_GCM,data:CR1BH/+1kmnz225N2g==,iv:BxumxJwkeb+xWtvqYywVfjws/1FGLnyoTJVuvwp19Jc=,tag:W7MezmkskgqzadP3yw1CVw==,type:str] + - ENC[AES256_GCM,data:fZHInaYGnJU2YsRHFg==,iv:Za7dubgt/GJ+UvRBMLm7O+l6cosZjKPVMHM3shJ/gu4=,tag:s7yA1hnaCYv0ivgSlftmRg==,type:str] + - ENC[AES256_GCM,data:5tZfxPI4cu/0+ChoiTbU,iv:uS161Vgs266bDQ1jv4364R43c7nD0Nqum4yy3a/izl4=,tag:ipYeQlBfQL+Fi3pyfdl1iQ==,type:str] + - ENC[AES256_GCM,data:6lG0NxejGTJ53am50iY/bnQ=,iv:4ZV2flBOiM4UNl68R0i3wGDGs2EjnUwEFbzPgjw70Eo=,tag:CFYUUeGZ1R0rmbaAJO2+IA==,type:str] + - ENC[AES256_GCM,data:p8JL4/UzTuyEqj1lEgBXoQ==,iv:XIndq6vKDQRqh7msh3SzpWlBJYK6UhwM8Y1YKX0DRZA=,tag:2PeU+zKqANpXriRH4XKc1w==,type:str] + - ENC[AES256_GCM,data:A4bgRO3iT5rBIxdVpg==,iv:0WvpcMOaNGsyYfS3nhEP5/glA6mNd40s0tsR4YhYiAI=,tag:hQg+BzOkdVv4sF5uFmiY5A==,type:str] + - ENC[AES256_GCM,data:hmUadGcADF/p1Hda/32vVhc=,iv:lSLEsbzQrod7clNwaBZc7aiPqaS4EO19zfJP8vOy5Ic=,tag:gF67V1Clze0H11oYigjSJA==,type:str] + - ENC[AES256_GCM,data:17QIXNj+OY8EGQ==,iv:GSQnWd9XwKhZ04IiVwJ2XsE9PxQEgHD3TAtOqk6afms=,tag:UJjegMTdAWLBSSb1vwFmXA==,type:str] + - ENC[AES256_GCM,data:E/UJTnnBO8/r1Q==,iv:w/H17j5ryRTVqP44VEZuZf4JAJu1UsALzMlTdZOQqk8=,tag:yPG+Qwt/uOL0tMtW0L/low==,type:str] + - ENC[AES256_GCM,data:4KhiddkTVhuXdOSTZA==,iv:JWKtIvoe19m8npFpBa8xJPtcqLnVheivZojYD2yVjcw=,tag:txeLETWThYUcadhKrGeNcQ==,type:str] + - ENC[AES256_GCM,data:vJAo0bJZd2gBHj8RL8/H,iv:kdJf4srXd+vr9HgM3+F4Qez0cWdc/dQ5kYwv5jUA70E=,tag:34goZ6YvewqH/P4xgTjsQw==,type:str] + - ENC[AES256_GCM,data:gzHjKALerHg0uxgg9pwx,iv:4h2F92mZAekuvu1n7dyfNrl4LTdUv8Rr1bOLGLBOXZM=,tag:1adQQLNA8m1OHjRrCHqlGQ==,type:str] + - ENC[AES256_GCM,data:Y58bwplKsucs1fWt,iv:8hiYvoZUcrZppOr3fLXc4/6uNlVwPrbz1MKGtbRHdSY=,tag:fEjlYQwd/uPezlVQ/liXug==,type:str] + - ENC[AES256_GCM,data:7kV6J8WoldBZ4mLImUU=,iv:0faQhnxCL+MMtzZNAutOAH4zJspMJyrjIrsSagR/mIc=,tag:aFJVFVq2okNtesTKFeN6Gg==,type:str] + - ENC[AES256_GCM,data:T9NqF8gFXzdD3oF5ASUy,iv:8UR9/0K+XKRzB7kg1pUHgEJNuJ2mILb9VS2Bhd7vCR4=,tag:g7vmn1Ud/pdCYzyjeHLTCw==,type:str] + - ENC[AES256_GCM,data:i7Z190xMdq1lLfVWrBVltQ==,iv:0VoHtUR4vSW0b+dCwRmDvxJfe6ozIV07Y/Rmb71Z2Lw=,tag:sSgkJuPccxsI6lGHsTMUpw==,type:str] + - ENC[AES256_GCM,data:q8C1ownHirXdKzkRbA==,iv:PK/xOcCZDAL+nb6//2ZX5ncBpZiBcNcYAkwb4BZVrMM=,tag:caLv39TqvWqA5DTBO2PoYw==,type:str] + - ENC[AES256_GCM,data:BJ5SGL+kXA1WTNg4SFblJJJa/I9J3w==,iv:qDpNtVwFHwS8qJdHcWbaawdjobP4zbVGc6AlHf64QVU=,tag:jFsC5x9lg3Kt3rgR594B8w==,type:str] + - ENC[AES256_GCM,data:IZ0pUr1NJKLUBzdXqxjnTTWG/rQ=,iv:HopLxgIW1nSOINYB0qqH0P3a59pDksWmKGXGQdLAZn4=,tag:X6v8h9jcw6zAppBqabWTHg==,type:str] + - ENC[AES256_GCM,data:xjbJVe4fRz1CRzSRnys4ig==,iv:Olhw98NoqSW+pbUwsa4DAQLdksH8y6h8Zq25dn1N/X8=,tag:hJfSu6edfzKqhjA/IcuaWg==,type:str] + - ENC[AES256_GCM,data:hOFdLvFGadSnuCU1TQ==,iv:2FuG8LqslY5TVu+rOWWH5hdWiMk5Xv0pgiEChP9bMW0=,tag:KyvGMrtJEnYAZUEqOSLPHw==,type:str] + - ENC[AES256_GCM,data:5AODcQ1apptvlCe+LQ==,iv:Mxs5of1Fv6ec67P5MQ/lyM/tvPv/nGsYta+aHHe0bPc=,tag:thzCvpUCR0v7EgJtwjf8kQ==,type:str] + - ENC[AES256_GCM,data:DuzUrYah30MpbY0VgsDVgAc=,iv:KcevbePhBoCqbQuCHXA5idR8ngU2L+KskPPozDdyo64=,tag:J0J8syKiYYOQtFAfd0f5Nw==,type:str] + - ENC[AES256_GCM,data:dzQ5vJj41auq96vwHYg=,iv:8jboDPbqn2dcdPCdtG9T6R02AneH255Oqgm549/RhaE=,tag:hGfzny5Gun3I3yB8EFV3uQ==,type:str] + - ENC[AES256_GCM,data:vNdwWD0crQWjdtDOq7W72Q==,iv:AYdw4bA8te/3lF76TS3zyfqf2vFZmcA1QfP5d5FnObk=,tag:lVmPLT3M/dBIyNC3N2PsDg==,type:str] + - ENC[AES256_GCM,data:8og573FmSPHksnuCfwA=,iv:xm+ihJ36ejg8rNQfNJ97N0KL4SzNsOVLr4LvOhSFHdI=,tag:HCRehfGQ2HIpEJxbA2fqmQ==,type:str] + - ENC[AES256_GCM,data:7mdR+0sPuHnR192bj5Bz,iv:sRIsgTOvL5SgS1GQa9y5tbloKFU81syOcz+QwK6CJ5k=,tag:mWFOSIuHTZ6xxHgthvmEiQ==,type:str] + - ENC[AES256_GCM,data:r/X7vUiVgw0=,iv:1sp/wtHC3UxTWY9tJE6FSb6OfAzhGcbQY/0kCW9bC7g=,tag:5MTjJTAuEpxPFAdpe0w7rg==,type:str] + - ENC[AES256_GCM,data:W/3QD6w358PCR/E=,iv:O/mQTnCAg5/N/tsb+RGRy8I+U1FwqRrOBmM82gFyQH4=,tag:RcRZz2hdE2wTVplo7J0Tkg==,type:str] + - ENC[AES256_GCM,data:9BPBRlWO5EmWS+1j,iv:jHALtoCuMB43ywcgJrWijwSZSib3W1YdqVP/9yaytYc=,tag:4aDpSVl1JAwnYqNeRgj2Dg==,type:str] + - ENC[AES256_GCM,data:d486cF8JwUVvNZCUaTYCTJfNAdc=,iv:sK4YB93F+aZEgFkfIA7ri4kT2/uuRBeKd4OpyxYflCQ=,tag:XdPT9MO3hZ9fIpq3coenkA==,type:str] + - ENC[AES256_GCM,data:+HUVqOS52kH7glPjLfU=,iv:HC4P/9YWhWbq/TcRvZ/fU4GvbPD+TWIqU0E6ClJqbVA=,tag:4V7NW98/pnLSIoEKhiquvQ==,type:str] + - ENC[AES256_GCM,data:ef51uQJgg/IOmxOJXF8=,iv:AB4AtyuXKT5rozMfYeemyQU1b7GcDf0YjjTazkjI4D8=,tag:U66ZaSL0QWHp1GAnirNjUg==,type:str] + - ENC[AES256_GCM,data:R6Y+FKyNE8pDMjCgdQ==,iv:8pdaOzYcApIClZJMjN6SGnMvdsf5OoKg7bdn6ExizRo=,tag:GdFat8w7df2RUnPeQsl6ag==,type:str] + - ENC[AES256_GCM,data:gTqW3bh8Snh1JVR2,iv:r7ivkkvTDBaDSj09qfibhIQGLtxqmOI9F4m8PnhTBxw=,tag:YWqglL8ISy2SDJxamUbMRg==,type:str] + - ENC[AES256_GCM,data:UT0BQ8Amtl6i4F8gcNU=,iv:2u0zXrW58VCXTSctQU2HFG/B1UX0e8+MlvpcaQyKpwM=,tag:y4kMmuUudIfJ8kL9uRep0w==,type:str] + - ENC[AES256_GCM,data:Oki7eNkfQrBv,iv:ubFZgEAKvxW9Vl2euV1moXbmouMZFbkHu8nYZIw4sQM=,tag:hpv0qgHq48pS46cmqWbJgw==,type:str] + - ENC[AES256_GCM,data:BUzp1Tsg3tOu,iv:mNaikU6puCXB+sksOc+yHw/A1NmI5psViGd7lFAdXZ4=,tag:fk9D2ubwsN+Rq1vVrQ8xQg==,type:str] + - ENC[AES256_GCM,data:10QjNDiaWauXDA==,iv:9B1QOZzpi8UlSyC9Rdenq8c2BYwwH5Zoydp5A5uNq7Q=,tag:+CkKY6emcF0M5syDsZyHvg==,type:str] + - ENC[AES256_GCM,data:T1HbC9qqEeE=,iv:3/DgXBBCSjwRMZ3o4blgqive8eGGWVtcMqlVwl9K22M=,tag:LtHkLJKVI+uozj+Y98fukw==,type:str] + - ENC[AES256_GCM,data:7Otfbt3GDQ==,iv:85PbEH1x3sZnIw8cbILEf9GtpqP1tJ6OotrJ+WHLnQo=,tag:+Irx+fuVqN1OlJ7EfZMD5Q==,type:str] + - ENC[AES256_GCM,data:aFDD+YZdT6qS+vU=,iv:r1vkcqX+KA9Ff685Csp1Qh09hPTpvL88AN7aiSSAIf8=,tag:4O73gQlZz7NQwR8pEsxePw==,type:str] + - ENC[AES256_GCM,data:ygL+Wx3fCw==,iv:LLh5DQw/SmybgvKD0IT2KBb5eKQqQV0r03FjBpbxW1E=,tag:4+B95RLUvr72bGJqnrC2Xg==,type:str] + - ENC[AES256_GCM,data:CfQJ5N5AmHD6gbk=,iv:JGh+F7PJHLwQWDDsxF6pnJe4ILE8FEyGqAALeo06Tio=,tag:tkB8SKn1BS2FupQsCelSwg==,type:str] + - ENC[AES256_GCM,data:dFwIo/Ginr/G,iv:DzHyq0yGTN3nerCs4ALDNvHctTxo5GZOCcMAqOV52rs=,tag:qR3hbHhjA/ISzgLRFKTZXg==,type:str] + - ENC[AES256_GCM,data:0SrM0kVhbA==,iv:pcth1xqXah3aErOjxsuOB/u0BmfDmo4aa8EFCNRT/18=,tag:lAVfOC0eN34hxq2uIMa8UA==,type:str] + - ENC[AES256_GCM,data:/zZxN9NJnQ==,iv:Omv8hnXcnc2MU3lVleEREZMLVPfzq6m8GQROuCiFAJQ=,tag:K0KwNsVUgDBVqMWpSoVMgQ==,type:str] + - ENC[AES256_GCM,data:hu8YHxqFZg==,iv:beAg63CFll1mYJiGlw7pfd/h88j+QMPiy3dwYbwr7JQ=,tag:zO6ZfbCsNVBDKqI3K+60VQ==,type:str] + - ENC[AES256_GCM,data:DfqxJEo8zIMPwQA=,iv:rVAKH/iUQGUO5nS9Phtz/kfKOoLQ4pIucNhtTi5jYWQ=,tag:MBjXXPHc+ghWNj4OQ/O+Fg==,type:str] + - ENC[AES256_GCM,data:8sATuTogJQ==,iv:BGyUiy3w+bT6MVPQ8SBz3B4/L7wkBiDGs+60bQl8FlU=,tag:k2jBFtj6STycXS0rxNI4aQ==,type:str] + - ENC[AES256_GCM,data:SgRcTMmRjtP9,iv:8+swpEL9E8DtHvfhruHYn6hTskSImtgpfmuVNlwbARM=,tag:/6nm+bDRXxFMEKYpbUbDWw==,type:str] + - ENC[AES256_GCM,data:mjSTSo3Dbw==,iv:wZGMMS/ThCBKJzGunFczJMfBWZOshwVsg5m/wrbtql8=,tag:JTAPxVjJJlREMmJjFmwnLQ==,type:str] + - ENC[AES256_GCM,data:zxH0x30mQQ==,iv:5Mvx7c2Dtd2+k0MtLIo4AwqiRLUZh7Z4SC3edrPeGts=,tag:gHaegE/bQj9b1xlezYn78Q==,type:str] + - ENC[AES256_GCM,data:3M0Ofo1LRK7N,iv:b/3cehldY2jUN2s/4G9Kn1ABQ+/pAwkcwHBZP5/AOVE=,tag:db0VXfIaqR20uNuna79vIA==,type:str] + - ENC[AES256_GCM,data:fex3soy3RhE=,iv:PJuAz7EDUXXaZ9gy79Q90VbvM11Rxp/PHpcFgrws8fM=,tag:SsM548TmF2PGEH66EaHwRw==,type:str] + - ENC[AES256_GCM,data:ABTZMLuA1Q==,iv:gb6e2SH1VPvKdvFloAtZaN7gXX2hv4ahleFJdeOax2s=,tag:t/kWVVU42P5vMH8e7mvrzg==,type:str] + - ENC[AES256_GCM,data:OvDon4upulc4Gw==,iv:PFdTHyxHw3H9ovQZm9wjLPPnxcY4ReInYjQl2sbd3ZQ=,tag:TLWrmUtq4ab420omV0Nx+g==,type:str] + - ENC[AES256_GCM,data:Eto31tH8a1I31pmZ,iv:OLwc5qpWt9XoVxQkvPva1weArIOW32qNbUb54vCxMos=,tag:4HMxp1q8sjZR4rABq1IdCQ==,type:str] + - ENC[AES256_GCM,data:zBNYmqNtlzdL,iv:tVkCh9zfXZsQcbhF4fjaIqEESG+K9EMPrp4KjRmMv50=,tag:YM+Nq23++/JTA5zt90XD5w==,type:str] + - ENC[AES256_GCM,data:yCbCaJsYuieR5qs=,iv:8o4qkqrhqKh0yJws8OIrRUc4511VEko8GXOPPFOWYqA=,tag:ZdP6HgXruQbIGcZmMp5rOg==,type:str] + - ENC[AES256_GCM,data:QDIOg54e95Nfaz4akQ==,iv:j5ihOXaQyhLdfjvdeR1sm6G4dmutpb6RbK7D3HrgdYg=,tag:rsqAT9FJgs5FU4cR3WlzSg==,type:str] + - ENC[AES256_GCM,data:vUVeFhf8YB0SAUQ6mw==,iv:jqyN5hLtZbd9/65pzl0Ca7GYmPSdzs0stgjwwx3l1I8=,tag:GH93/KsI5jhlH+gJ/RC4Qw==,type:str] + - ENC[AES256_GCM,data:dD/zV/e45E60PBrpLQ==,iv:geRUrzkOkW1SYUUCznG0W0U5oXTnG4nRUMFh9zt3hHA=,tag:GuinEfLKmJ6dIDkp6yo9/w==,type:str] + - ENC[AES256_GCM,data:yDXNJHScVH8fXLQqsw==,iv:r6AKShAxTvDOkbOLfYTTnDFaiw7BlT0MaNaqKO/kLpY=,tag:piueyDZzrgY0E4GN54hQAQ==,type:str] + - ENC[AES256_GCM,data:X4h2JUXYMRCitw==,iv:4l/9r6nb8NhhMqE6MeWmnxvU6STiVKZCyTcVmzN+I1E=,tag:7C0+zE5ni59qSnn0PZkRtQ==,type:str] + - ENC[AES256_GCM,data:liVOCrqQo6MrKg==,iv:0+7f7HrYi1ygyc0u6JmASz4WFR4IbkQTnM6l3PrFvfk=,tag:mrnhTZkXhpxJpdP7UttKfA==,type:str] + - ENC[AES256_GCM,data:9eDXpnhYyKsarEM=,iv:40K7mOOQ9WCTe9veoXPx5lQu3yPXmMY7Kon0FYItJg8=,tag:momwQ7AGC0xBm4WJSESOjA==,type:str] + - ENC[AES256_GCM,data:cP0JZTgWmnx2,iv:/a2EIYl7oCXrewvF2SsZG6Jog8IKfu5sexYzhEJEB5Y=,tag:Ez9iFsR/NpGsu3oFf4/Jsg==,type:str] + - ENC[AES256_GCM,data:RTMKw56np/mhBg==,iv:ACdkfy+QUJUpUrRnM7ixG2jVef31f/V9+gi5z/9XdGQ=,tag:J3PnJtFkzRTm59Ay6wvNbA==,type:str] + - ENC[AES256_GCM,data:1w06KsbER9750f5fYg==,iv:+f4bG05OyYOyTJ4xi6Df+OMgGvJA8ItdjXKukV8LGAk=,tag:Dlwxb8Y3C8XwkycUPF9YqQ==,type:str] + - ENC[AES256_GCM,data:R2kOBLzicSAL9uoIWIok,iv:J/2t8FVwumhNknYe0omf5ivb8HFwUzQ6cChPL1iA1N4=,tag:9oHXbIQ0qLVap+HyXCzBlw==,type:str] + - ENC[AES256_GCM,data:V4AHwkEaMmzJ,iv:Hn5BKN7QF2uvjjNY1dVCCLTqQsHDuK+KtuYDNwtEO9k=,tag:DCOCDgB58372lrrYITv0ig==,type:str] + - ENC[AES256_GCM,data:PzU8bTVrunZD,iv:EwJIH0LMxDHqfvfHhiwZxNmtOsmt1rD4WbUxgfgtmGg=,tag:xL6UdLpcP8jwcIz+mH8Z4w==,type:str] + - ENC[AES256_GCM,data:XCd7TKKeKTI3CKvbwyeR,iv:ttjS46RlnDC6ZjrlD+jMRbb07yLmuMoXBxL5iXBbY1g=,tag:EqMCxOa33E32x+aAM2IX4w==,type:str] + - ENC[AES256_GCM,data:bTEqk2pTNV4kGw==,iv:Np+jcd2OduIDWZSaBuW2J/x3ye5h0wh95OGQ/yTe4w4=,tag:u/PAXzAtS17uj47jo1bUPQ==,type:str] + - ENC[AES256_GCM,data:jZ6iyssPvIpgOdQ=,iv:cz3dCvTrxksvLz7Y7ssqkBqawTV5gRt5A4N3wuQFx+E=,tag:OrNEgF7tS9dz+jjHjPK1KA==,type:str] + - ENC[AES256_GCM,data:QasbtoZsdjzOfrwk,iv:UIO1PvheZQK8WeYwb7FkL819iiVM8VQsIVsLRkHLSxw=,tag:xoKnzDyy21ZXM/UmDXkGbg==,type:str] + - ENC[AES256_GCM,data:/VTuCBzk7j3gMXZQj1xh,iv:GN7a7Qa1JfWLFuLm+4EMmMAI/BNzDDpka2Onu/OMweA=,tag:bwi+umyZtr+0JMacCWSa9Q==,type:str] + - ENC[AES256_GCM,data:TgL+SsUQaKnRuBDGh4s=,iv:Lv3VKMD9Ryd4jSpWfo6p9k+C6274op0Qe4/hEPDDbco=,tag:NqiubbPeNieDPPnSIlRajg==,type:str] + - ENC[AES256_GCM,data:3MlIci8s1oCgyCsu3w==,iv:ovD5v2YHPIGzeVtjHthgKhGnBAESEsim7I8Kt4yceUY=,tag:i8X29C+K1FjQvzvR6CKlYg==,type:str] + - ENC[AES256_GCM,data:2FPjL4H6L0VlWn6WRw==,iv:VlW8wsBF6wvTBDH44jssbTeiC5lT2DjCXY+QBbPaOP8=,tag:QN+zxTz8tRLPXdAef3qIZw==,type:str] + - ENC[AES256_GCM,data:hhTjikLNTXBl7g==,iv:7RVH7j36sKEt8NdSZU/JvgofJL8jz6vZK3tsxiI2ZRk=,tag:DTKsxaaldFUeQkb4a/3k8Q==,type:str] + - ENC[AES256_GCM,data:F7Q3ujAYk080UQ==,iv:SNuFm8/mTLwM8v7QZg9Bezx3SI9NC0B4ZVH+Trzicnw=,tag:bFxJLgT2aUesuGshN/S/BQ==,type:str] + - ENC[AES256_GCM,data:hTIHOtQ8jAqS,iv:XKHMutXZqZWp+CtrcbuuDZIS4Euj1sCLUI4DLy6VFEk=,tag:iCRyg2jB1CoBxna9+H8WaQ==,type:str] + - ENC[AES256_GCM,data:Y7BlujEIE+NBNCJ4/A==,iv:Zabsi+alAg+RsLs14lIX5IJe01T5gV+yEu2ENdg0OtE=,tag:UDgg6M91h65VFVUSweIJ6g==,type:str] + - ENC[AES256_GCM,data:CsRoL55Sy64IVG1o9A==,iv:wVgHxfZncwWFoPKIQY1Q6fpLXef3pRot+O89hpNX7/g=,tag:B4YI7Gzk7OnSDMIaq/vKjQ==,type:str] + - ENC[AES256_GCM,data:CGPLSc1JJZfPQdsg,iv:z1vCVCQhaUQUMQ09rfVjug17H400nxV7yz7q094EYT8=,tag:YSs02GqETYdv0OhVvRY7wA==,type:str] + - ENC[AES256_GCM,data:tn4dhr23gDDr9nzn5nI1,iv:w+UksUBDQlXJaSxw2GnrgNR6OLlIFroXcksg32QYfTE=,tag:rv8PZbtwkWdb7UEfIeTwpA==,type:str] + - ENC[AES256_GCM,data:HgB8E1jxc7aBcUc=,iv:xT3nlKsQ7T4fYjmhFvzalWsdKVDvrULubJ0T3JA/lTY=,tag:JezfdAPIVlITK8yXUyLFBA==,type:str] + - ENC[AES256_GCM,data:MANzPcsrZfc6HC9RjMQ=,iv:dEGoy51yr3GuoL2eY6TMz2UIx6xh79i7tXZxShqwQVw=,tag:knWiNrciT99Cubgq6NfEqQ==,type:str] + - ENC[AES256_GCM,data:pYmflB9it/RXc3wH,iv:YtD450Nyi4pRNGIzVnBProT+Z4Drw0MnN9Fydqp1bK4=,tag:5DAxYZ2lr9vIBEUDxuQNbw==,type:str] + - ENC[AES256_GCM,data:pgzF3cNG+QlKQg==,iv:sWLW5wHSD4mMDpIr3nI0fjUlqn44b97BPH1oPoaQPJY=,tag:GtfsSlWmkJqckr5tes8ptA==,type:str] + - ENC[AES256_GCM,data:biyUBnsvs+FdsqqN,iv:Adim9oIl/obouRvefrqlPsUIosBUX0l2g0j60RlkCtw=,tag:nVihB2t3x6EwvjYqsZ/Nnw==,type:str] + - ENC[AES256_GCM,data:sVfO0hdJ1bx7n0E=,iv:kLPn8ZgsvpVM+o8avKZKpp8I47Vnm1WTg7/TaJmpCQU=,tag:Xa9o5ySZuFyohxas4yNYWg==,type:str] + - ENC[AES256_GCM,data:bvVWAecnfBchZQ==,iv:Fwnbis9GYBUoMTT6d6dQPHArS7e+/DqHyCDj2XTEq7U=,tag:hJXJHu2tJsDf0vmbWBFNmw==,type:str] + - ENC[AES256_GCM,data:DoeM2cTuHc8+,iv:zIDh77c55rH949QDdEzmjrSP+MgEN478AXXmuD40zU0=,tag:nvyCSdiJG8AAKjLfcHnfLw==,type:str] + - ENC[AES256_GCM,data:IW6HELL05saISFd1Hg0=,iv:qTfkmm/rdPLF4zgVC+XNkqVDrs6Q0iWmvwKBJibx7Mk=,tag:y4NeAnLAWhzL29M5A0y2wA==,type:str] + - ENC[AES256_GCM,data:7U7AWXOboJxryl6CAHI=,iv:Po3fiUXSZJZ6T5EaJDLLkLienAXo1RVK1EPpAzfjxr4=,tag:OhVPWT4A+p2xZgl4uARhzw==,type:str] + - ENC[AES256_GCM,data:rLTWhxWqWygDTA==,iv:Q3swSLWW0qsErNpbr1nN5+86XJY7ftKw5SA8EO/Bc9Q=,tag:F5j3xtXR98SIUb/vWF6jNw==,type:str] + - ENC[AES256_GCM,data:HZYBW4hDAlWv5w8f,iv:o/vsj1NsXsJ5Ucir65znmWCt4mGaZdaCNWWeh5EqWXM=,tag:g54m07vpBJ3GMFwjRfdYbA==,type:str] + - ENC[AES256_GCM,data:l+C10yUsSRSfrr8=,iv:WXp6yoP+N924o208yqg+8rMWXSZH/cy0Jd2/h2U1DUU=,tag:lMNvn5cIJklaPed0rbqsZw==,type:str] + - ENC[AES256_GCM,data:RK1D5VOID8p6Kg==,iv:jprGfM31/YAibhPe8G0wAiuAqauKR7PSXvkbaGMwU3w=,tag:X9/L1QyBb1nyQbHbYS7Ntw==,type:str] + - ENC[AES256_GCM,data:aupSl/p6cFXhKw==,iv:WaWtVIdtwNwaPRcxT2zq5lBM6zAnIYt46egt3t/U+Bs=,tag:sLh2pr8Q7nquPz28HP6Oxw==,type:str] + - ENC[AES256_GCM,data:8FzWnZyOVoE26Q==,iv:1uG/HKqLQumQw7LVFju0mPjJHXR6ltaJg6kdDc4Y3d0=,tag:B+rWXcSEvRpctFgUsnwGow==,type:str] + - ENC[AES256_GCM,data:NFEwC84WVVoVJlfKt1U/,iv:iJF/wf9bb5leSCsICEPTFOKwzSiB3BwuJoMS2Qko+mE=,tag:zcev+OkbHUYXvpWscdhxug==,type:str] + - ENC[AES256_GCM,data:rgFKGzMZ/KiiSfw=,iv:nC8vYgwji+5tg7kka/P3Gh9NqNRdaMvk1LScVgS13C0=,tag:O5eLFsQODTR57eIJ2GKOpQ==,type:str] + - ENC[AES256_GCM,data:9qMYKU8Fe1Wr580=,iv:gXqmmItQRgFtcDcbkawp+6ErLr53MYIOrh+orOBMBOE=,tag:HjKNgPOJ00/nndXJbbHiJw==,type:str] + - ENC[AES256_GCM,data:AZQWryOZBgFWS5tb,iv:rzC2PMOKxh9YoKPpDQqXN4tDbGGCx0I9RsejkgdyPgk=,tag:66bGxBHuUY2orAFJahCi0w==,type:str] + - ENC[AES256_GCM,data:e5ghYJt05Kc7divdaBY=,iv:h9wNp/KjVUnotBAJwFFPs/cuNHPO3auBojBPE42ile8=,tag:u1PjPqQQ1E6csTB0FN/CtA==,type:str] + - ENC[AES256_GCM,data:tiTvcIYdvIgef+y4VQ==,iv:v9YTIX8kY80Dlqyb5+pECH+TsWDxWxpr8jcSi/LMDtc=,tag:m86J/bziUNDlDO2wMK66FQ==,type:str] + - ENC[AES256_GCM,data:ymvTFXMk62tjx17HZ9U=,iv:WYbn97xf63rF7QXnuNpHtN7wFJ1yc0/NhFSTcIL0DGg=,tag:Wgzt8JuJM2jPpVb3fdjd8A==,type:str] + - ENC[AES256_GCM,data:54i3V+RtmqEpF2Lklp0=,iv:JdAC1JOtC/J4YthbO3XZ2y32oQjlykDBlmcvhhKZMvI=,tag:bUdZJzAPG8xMqEtAnp6SGQ==,type:str] + - ENC[AES256_GCM,data:x9/CYO6SZghM0hVBoA==,iv:Df9YhM4EGlWMc2Bhr5XApB+V5A2jUb69Uf9er/LV9cE=,tag:vQEmEl3DWu2BZepwac1wRw==,type:str] + - ENC[AES256_GCM,data:fBn7u0ebih3taXKVLnoNzA==,iv:WuPXULMqw5bz9cx+FLt3G+LLb4SGuRB2S4SGU0PYoog=,tag:yFa+x34IqZ2bWQzHyRX7cg==,type:str] + - ENC[AES256_GCM,data:O5nUSUsQFPQItKHgKQ==,iv:Pi3prrva+7Rz7eaLF2Bcd+RZ8R11Wfh3k85+20NOlV8=,tag:xXBvhk4zCJGGpQdue8phGA==,type:str] + - ENC[AES256_GCM,data:w0O+eFjYLmi+,iv:1VH1+6g7GkD1jWOHPC25Zfo+YN52wf+s76zCDvxkeNM=,tag:SughAsu60cW5b8Vu5XHKjA==,type:str] + - ENC[AES256_GCM,data:zp0uKdbDCVWQ,iv:UAG7fFQkCNYuwtXbwKd3x7cKqDknwKjtQuxbG/6Dqgk=,tag:iIGRTtLmxPMbH/qW+Jn5gg==,type:str] + - ENC[AES256_GCM,data:iMWXxCwCb06c9g==,iv:aNOCnpFeFbJvbspR3eobnnEQJcZtjb8aFgbV3inkC/g=,tag:sQT0hNYyI7tLt+WVEz4Aiw==,type:str] + - ENC[AES256_GCM,data:H06BCbawvZXggxJM,iv:k60kcM6jBGteQoKsyH+bIt0drINurY1hofAd07iUkL8=,tag:D9/OWgFCv75zjjb3L+FNGg==,type:str] + - ENC[AES256_GCM,data:1tQklZO8zJgbkT1C9H0=,iv:xb3hOQzzZ9EcUV5sBc9icOTiZVAaNL7JMxXzwTvQVfY=,tag:zkuIqdGdVW/6FzZxjWldQg==,type:str] + - ENC[AES256_GCM,data:c0+yjAYXltCJqRoE3w==,iv:KEOsU4oYhb13HZ55o7e9n3PF/6C3rMjQceZQ/YoW9dQ=,tag:wuMs5O3zeihPoMG180Z81w==,type:str] + - ENC[AES256_GCM,data:JN6bKgVw+kO6XbIEWcw=,iv:dj0ymbS1L1YPdHGE63YFJZHq9J6m70aj35Vp/d7YP2I=,tag:8+iQQrEOGttcenRIPzwFHw==,type:str] + - ENC[AES256_GCM,data:WmZc/9rYraYk,iv:r16tyErz4AdhWchSK0o+Y9CZoBQK4J9iChfFH5PmblA=,tag:C2ZASSwIlFl2oaAmKxQzLg==,type:str] + - ENC[AES256_GCM,data:W2wmka+Yh6aDRWY=,iv:iuH/06QrTeID3E1s3zwcYrEMuh1O/QKWjjX1hBhUxKk=,tag:tE58uG7EJl8mPMpsdbJ++A==,type:str] + - ENC[AES256_GCM,data:QV5PTZMgLEQx9aK9,iv:gLHE7S4msWKykCj73glAqXVfyuLwnvnx2deTpHQiy7Y=,tag:z+N45McjoBJTs0ZJ1z4DPA==,type:str] + - ENC[AES256_GCM,data:87Fd5VNIs0ll,iv:LbG6AW2J7xK0gHULbmRDZDOqbbH1hDz7RPIMEucJ02M=,tag:22rgg4vbY/uFa34CkeMnqQ==,type:str] + - ENC[AES256_GCM,data:NdVvPVzlUJ6vm1E=,iv:FrV2wzXotvaFxU7KYyszBXRMmJhyob66sSQR1ZU10c4=,tag:e3zZGNzGrsZeT4xzDNe8fQ==,type:str] + - ENC[AES256_GCM,data:7CZFRnkH0UPLiNw=,iv:B6id99k9paSF8gBSHU7msMHtqEPEMH5qmP7IeuRiIk8=,tag:f45hxO6kaWHHszS7/LUq4A==,type:str] + - ENC[AES256_GCM,data:pwOHFp4Vl8f1rnQ=,iv:+XW8YFUPm8RjHmwiYYZDq5nkbAgN7ktMQ+BWDwtGvto=,tag:5wVNqimzHvJuz1+mz9HqjA==,type:str] + - ENC[AES256_GCM,data:9D1O/XeO5W0=,iv:/UcY3mXR9gXCQM3Qg5CQUjdm51X5I8w/JqFSdxT0p2c=,tag:PZXIWGDZQS3iCFiVIu20gg==,type:str] + - ENC[AES256_GCM,data:BRLOtRjMnlkE54Y=,iv:ZJH8qlJs847P/PedhvjoqiqqrVPwXxf4vhfkrff+tb4=,tag:uVI3YtnrAVUstuudiIEGqA==,type:str] + - ENC[AES256_GCM,data:iIPUxt837FLR8JmOyJA=,iv:ejfA7me66+rp7DboYTDieDACl2gG5DyyIguZ1WVnbOc=,tag:CeempLrZjU9pkvaMA96bwQ==,type:str] + - ENC[AES256_GCM,data:4FajDtYFFaH9w/EUCg==,iv:OJEe4CeAKMSx841OCF0AvLdy53zJ/meTMNYvJ/ZoJCE=,tag:n6KqssHYFdIml4tULDre9A==,type:str] + - ENC[AES256_GCM,data:C6MORs6Z9IHqhwiC7Q==,iv:CXn0g/N+xcA9mfIKy0wAL5E7J3E8PXUZwA7cO3jh3lI=,tag:fDzLZqzZ36KrxBL4NsHVUA==,type:str] + - ENC[AES256_GCM,data:eagwECbP4cuC/CKL,iv:1K8x+SCcLIBMZyoN+wy9D8IU8P+TIYiKlxKlQKpxTrQ=,tag:6K1GNqq+l0ycVgniWwKaCg==,type:str] + - ENC[AES256_GCM,data:NGRn06tfKlDS/rz7RGiZ,iv:ctixyrbhqVX7MNW45HMR1X+i8AcyRQSq7/9YSKmnrjY=,tag:OWZ2rIIBjWjhnPOzsHmEbg==,type:str] + - ENC[AES256_GCM,data:YhF8fcM7un4COD6wqaRa,iv:GDBG6YTy0TuNQdKfz6DxMTWvf9QjIohE4idGfgB2p3Q=,tag:/Ir4Qz1t57rhR+FPfJX5gw==,type:str] + - ENC[AES256_GCM,data:axlf8wocO7miVrqf,iv:vQ9OzVhZcUF09l0Bjh2eHQGp1i8vlLCVqw7UFsurl1E=,tag:tLBJFBhQDP7RabdgsPSmGw==,type:str] + - ENC[AES256_GCM,data:On94IGeHYiX79mg=,iv:97gQCvOtMB4fxPAcYCVGty2TxSl49JUBojc/NAbLM5o=,tag:K8AXoS4EUMjZyi2OhAcYRA==,type:str] + - ENC[AES256_GCM,data:fS7g/DoBgRTzdp50,iv:HqIS+sZXFm0VaUlrOGvizmhVL3tMKMkh8P9ckDpFODw=,tag:0BNSz2JlG5I8zuwGu7E7Cg==,type:str] + - ENC[AES256_GCM,data:snIVKZth2skdh1MzDrEZ5g==,iv:YZJ6sFLXKM+l9AxEnTjzNNsCFQOg5SoVmurp/MOp1MQ=,tag:T6DAtK7VFyfuABEtJrc7ZQ==,type:str] + - ENC[AES256_GCM,data:Myl4KnOmy0qfaborj+g=,iv:xjCpv5xq/3qdzf+fij07dCufZICsjLIq495nR7FoybE=,tag:xusgbPQ7GKWi8wG4/egrHA==,type:str] + - ENC[AES256_GCM,data:fU+BaWQl7Xl1lEZibMLy,iv:lb0CB0UvMs6DQAoRbvL7PXlYCzSldPfiuhsX2s5BHiw=,tag:YL6Ahq75WWE/h2FsNDv0Lg==,type:str] + - ENC[AES256_GCM,data:K1mW8wTYpYqzEg==,iv:K2q0woxOyF3hBuphgLc3kQOyBUUODUXzYxJyd3vRvEY=,tag:vq4xARTrwZcHTnokaXk5mw==,type:str] + - ENC[AES256_GCM,data:eXnKpVZ3sNU7r5s=,iv:Nt7jYELDfgsZdCLYuhK+jqnS27TiujnUUsm3xgq+qek=,tag:PGMe8vkV5aPrxjtEDimnxQ==,type:str] + - ENC[AES256_GCM,data:7Up4GU4=,iv:zEh/lYyIfBQxUnRaFXcm9aesn0ZOeMD5tffvzikze7w=,tag:57v+nQsJf39+8cqijZ7fZA==,type:str] + - ENC[AES256_GCM,data:NJKDbK24b6Q=,iv:2fknhnHzwnRO6orl9F5L5Qfki2Lu2GThAEIAHK0TJcA=,tag:Xm3bFhm5fQ3B+zl3wVGK/Q==,type:str] + - ENC[AES256_GCM,data:bE+HGBu7DJs=,iv:B2rzTzRCtS7HEYY4FSEFhFiuqeQNpFcUynrjXYi4i4E=,tag:NNEVIqqR7fD6GGjPDm//2w==,type:str] + - ENC[AES256_GCM,data:ajE9DJsBUnakwQ==,iv:zdjbnK0D76mYc4BRfMYS8/DLhvAFhQJt4LnoWd2ictA=,tag:Eb8FzpgAiwFBpeK578Ftzw==,type:str] + - ENC[AES256_GCM,data:DINi7XYf9VRB8QQ=,iv:bwQgVT1D1nVgax1zV9QnvTIklwqjlqnwZnJIsx9Z0FE=,tag:OhyPScvz0WgyHi9AGef9YQ==,type:str] + - ENC[AES256_GCM,data:zl4bfDTHJku5MCGU,iv:DKPgd2mT0mAEKu2PPBkVzq7G+yxXRgvxtXMWryHCu7E=,tag:o5FAUeME37aKii69Fynozw==,type:str] + - ENC[AES256_GCM,data:zzR/uzBxzt8gRM6oNQ==,iv:DAP/eZo/argAd1PjgQ/3QoKtXjB+zXC2rQ32XpvWNf4=,tag:hRenP/eHPpEH1l7wbsljtg==,type:str] + - ENC[AES256_GCM,data:gVwB+zH8xBL5D0xeuj/8Dw==,iv:V6bzttkAI0N6GfquInvrEsVsQGIYrZASYefYw35v5tY=,tag:3JUQZA+k4XfXD2JFhitzfg==,type:str] + - ENC[AES256_GCM,data:niuEAO025NY/LYeCrLvQpw==,iv:w3MDX8Szz7ixJt3Xr2rsDsQwqMQ4kZ7eHKkydYzkgKw=,tag:4hDJIs1r/gUpP3qbNmj7lw==,type:str] + - ENC[AES256_GCM,data:33+YvQ3DqvQYyyNE,iv:1bXjAMSrmvj1AQ19GhNZGHtQp87n8FtO+xsEcihWMlk=,tag:ybzwvD6T4i5d5W3InTtG5A==,type:str] + - ENC[AES256_GCM,data:yC6fHdAlCzL5OD1z,iv:Jt5QdcPeINr4qNVFXJ53Uzn1lnJHXOF2rDloLcEZNzM=,tag:1gkNEkQb2wuL+uUG+6zc2A==,type:str] + - ENC[AES256_GCM,data:Wc+F8vFqWc7YjEC+Y7US5XUd,iv:Ev3HMq38kOzfwxcP7OKbWyByfGOS0J5IVzAjPb9C0UY=,tag:9EBt8qEsN0ZOoMXLhIQgMg==,type:str] + - ENC[AES256_GCM,data:NqPP/sWoThOuavVw3+9+SNlK,iv:ZAc86yR3Qd9ap6WZFM8K6qVhKCWzFVq38LeOPysXUq8=,tag:ysfXR/eDJIMgIY5sWGci6w==,type:str] + - ENC[AES256_GCM,data:oubCVdKS2jG2,iv:nt8VWr5pBnuhU+g5eb8bE6GLhoc4BFV3p30cAqNuJ/8=,tag:xY+UezZmXDO5OY2S+4nGxg==,type:str] + - ENC[AES256_GCM,data:9i9bF2Iy2Qi3JCcHj7tB,iv:jqXFtkFW/cgynGM9zw4/sYyi5zbgjaFUDPVMCAiMHd8=,tag:539XnDExE7bVgNxV2kmD/Q==,type:str] + - ENC[AES256_GCM,data:8gr8+gpiZ9wPjW4zEdKP,iv:z8GOHIokuLNkzDIws6gt/xpV+Iyeh7KdRsv9hIQjkLg=,tag:VMhmjFh2tbf/A9FFvt8chg==,type:str] + - ENC[AES256_GCM,data:jd+eFhh15kudsJCpTdkBkiw=,iv:waGDxgZgkNNgLM+0RkmFG/2ce/ut5RrdNoRm8IZi0PE=,tag:CuyKTXU1KlTycVwg+5vhJA==,type:str] + - ENC[AES256_GCM,data:dT8RAbfIyJsbov1fBRZ5ZQ==,iv:1gz+zn2j6sJ4xfhou9GpDgkVNvs3Np8e23YVOK84fHM=,tag:IkMmbX4ekkyhnYVOqo4KFg==,type:str] + - ENC[AES256_GCM,data:5bGqioq4mWOWBFZkoC8=,iv:VJiv8wcmd41+EA8C9UbdfzndBX7FPaaZD+IbL4ssAAw=,tag:ZwS/IWROjUJMRibE6F1HDQ==,type:str] + - ENC[AES256_GCM,data:CJP2xONEdmi3jmrBsD8b4DFYaA==,iv:keRYf4kEBuJqeMX1z2bCojtj6DZwClMhFz6wwdjRWAU=,tag:V47ZCB980zhQnBl9QCZOLw==,type:str] + - ENC[AES256_GCM,data:a4uCqDtrTV8RH4l4Nag=,iv:tfBU/wPW+nN5aTS406f05Vz17fCve+DGEJK5KxLPFJU=,tag:yyAjK+c4vaJZ4x6IoF8pPQ==,type:str] + - ENC[AES256_GCM,data:uQh5V8awfa/Smig=,iv:itaMt4ldU/DJvUeeicjMi2tBGC7vQb7XX0JZVHJNnSo=,tag:o+KAD3egDJZa5hCFbqbB6w==,type:str] + - ENC[AES256_GCM,data:Ncf7OBPfg5V/eW4BcPU=,iv:jz1ZXMsdE8CmVPItne1TQPgtl7/YzKXR2mp+qAslflk=,tag:vLQ4woqXeRnPtB9H7MhLdw==,type:str] + - ENC[AES256_GCM,data:WJ8JjEmm8ASvejp9,iv:PDXQNbMX5bqAmP2m15tcZl+JuhzbzktpAuvhUg+TnXA=,tag:vmCWdBGQMmurQvMTPw4uJQ==,type:str] + - ENC[AES256_GCM,data:HzEAowDwuDop2xDaOW0=,iv:70ZMzXKXbBxnFbfH0yw3u8rmht+8VnjGCuClNEViBog=,tag:joMBTHpqOmZZTs7yAXr75g==,type:str] + - ENC[AES256_GCM,data:vuBv8zN5sKfrWSHfzauh/o0=,iv:P5ZnWv+z7IBO4DXde9pGOv+u2LZyPwTO5vkToWZ9BLE=,tag:+KSiVqEVczwKZxsekx5EFQ==,type:str] + - ENC[AES256_GCM,data:SlsF59nA8MvxNPwnVFHLuz4=,iv:Oa0fa3m8GB3HvxO8diSC3xpxdpJIwOsMrYwNfg1U37o=,tag:NeMmBYVpdaGwz+XKWRlMAA==,type:str] + - ENC[AES256_GCM,data:NHYI66GtgWxLOI4=,iv:Kdgk744bUhe0YGV9513LQWuAi+GEoN6tZTviMJTv8iY=,tag:EHxoRIVaJZxqhGddLz6KNA==,type:str] + - ENC[AES256_GCM,data:fHvdMNIQN+mzKsZhPLHCXA==,iv:vESMEjH11areKV42SJn0DCPwXHM3BkaNwA9uY5WbAjc=,tag:jHXHhxNqllt8jzrgDL+TEw==,type:str] + - ENC[AES256_GCM,data:h+/V4sGvL/1aOw==,iv:5VtYwtkg2vu+iZ3CSEjvQhvKhsD7Pp8w21hin4sVZfk=,tag:UT+mVDgrMRAvQvtzjvdhkw==,type:str] + - ENC[AES256_GCM,data:DNfe+QJ/TNSvP3U=,iv:dnJrsLI4dWUDI3H6UZez+oQIps5am6kVEIOAAX6DeFo=,tag:lIbs8Rb3LN16E4gCoOjXhQ==,type:str] + - ENC[AES256_GCM,data:zVXxdmX+WOfpfOhpbak=,iv:VlyidLDpOnNIZvSSDoJKcRWATIXkQgZtwWyu/Wrlanw=,tag:FyE2d62sR2dGnUIq810BDg==,type:str] + - ENC[AES256_GCM,data:QmoP2hfw2ISzp/R5nw==,iv:mGtnGYYQNKwjjNkVA6BJ1qdfLu58nXNSb3SPC4/a5r4=,tag:ykgH/J8u3cijk5ytkZSw8Q==,type:str] + - ENC[AES256_GCM,data:YbFexBlk2lMWoK93Cg==,iv:8gpbITTHN1QNFgjMS7v7g6Wf42IjOqociCe2k2j11yw=,tag:tn0pQVytRcHo1m6Gurpseg==,type:str] + - ENC[AES256_GCM,data:N2Wb//FDgKJmsbUybfYm,iv:vKCJ96D+h6SutmPR3XJIBVvvC5QGXrKEWUUaNyrRuk8=,tag:h9+BDqQaoZxUmrlU1fVN1g==,type:str] + - ENC[AES256_GCM,data:XHCKG9ZTJKLFsKT0,iv:tHDdKMiiUGDw7Q0ouwTjiPfNb0Tx0UgqIw2vryyu3UQ=,tag:Sry5gD9PUTR/4uyppgc7pQ==,type:str] + - ENC[AES256_GCM,data:1R/GrA6Zq2syM2Y=,iv:MnLpVeqDwBO81WBNZztGabEZ95JbRIewuFDGjFyQq4g=,tag:vNIXWdfPB7Dql5vGmAhR7A==,type:str] + - ENC[AES256_GCM,data:Oie9oZHAT/Ycdj114Jk=,iv:KvAvhWO/5FQ/5RUJBNB3HgX0DEQG2MX75KdQ1Xtzo0U=,tag:UcAase7T6HECrCdOJXWhSQ==,type:str] + - ENC[AES256_GCM,data:Q0ErWClGVY2KPkvp,iv:QHZeyTcP5nMKqBH1S4Nt4XxTnFy12d8Z9Ymqxy2/7Gc=,tag:0XdZQhxoaGAnLffrvBw17g==,type:str] + - ENC[AES256_GCM,data:5d6OFIyulN9GHHBDKtA=,iv:MbnJ6PPASYjMVHtOwP5FXtzwFCqf89UDOSoKt8CfsMc=,tag:1dRG4wcPektr3NNFewOh8Q==,type:str] + - ENC[AES256_GCM,data:jLf+lG+l1Xt91+83/cnJDkw=,iv:GB19VsrWkb8nO+MDnl+bozbgABTnWfaNCtl0jd1eP/0=,tag:tSREpp396u65HW8ZesMR+A==,type:str] + - ENC[AES256_GCM,data:RoHY+g1g/yP/nPg=,iv:eA9y6y9ugHFWXEjhwSpYaQglP+wSRoCZg3qsVecbVvU=,tag:X4HEl2XOb9Hd8ZgJkD/IOQ==,type:str] + - ENC[AES256_GCM,data:dD8oJJQg15eCQQ==,iv:g4mWerlTlr+B2OiOER0y6sVWtRWkaBA6Ab5rIW9OQBI=,tag:Q5wAz4ObwVfsgvsLg5/o3A==,type:str] + - ENC[AES256_GCM,data:S/L3oZGcxEw=,iv:HV5CJl9+M9uHUE9v0Gof+rg6aaZwxhpNJTgJH7JCH64=,tag:yZGTJRPkVpvmdjUEWN+njQ==,type:str] + - ENC[AES256_GCM,data:Jn6SN/lcs+j8h5truQ==,iv:mwTwIqlRnWIVZpa/RHdiU9aAq3egsoLCT9bT6gfdFPk=,tag:FUfgGe4pGQo2Z3/UzQ8AVg==,type:str] + - ENC[AES256_GCM,data:lT+lMunteryqbk8Nsg27,iv:9z5eql6oHhd3VrAwlOWafEFvsPkbzTj+FJPTYcBy9yU=,tag:DDWXbryGgAb/rPPFe0M64w==,type:str] + - ENC[AES256_GCM,data:6xtYt7dQ/AlEtu8Cju8iIW8r4qk=,iv:S8e+2Unllf2L6Ct9BMq3CCAxnsADWgpSvuQqMB3KN3s=,tag:5DEnXwrfD2eDloCqUVXbJQ==,type:str] + - ENC[AES256_GCM,data:T8Ibf+kurIvh9JAt,iv:T1QLKcYYctxpAMMhHHLH7N5tytLyjP6Uh7pySFoPEN0=,tag:3vl70p+ZnTq8/hMFHa1ofQ==,type:str] + - ENC[AES256_GCM,data:gvrfkwXoSugxMBtq,iv:rmjOapnH3b84SvhhB/e6WSaK4sswmxCyHv4wE+Jfs6g=,tag:2xMpFsHT8Fd0rrk0uwefRg==,type:str] + - ENC[AES256_GCM,data:88WLG9MO+Sz8qQ==,iv:bLlCHwstu+OXcW1JQecIe/rQlNQIqFuX6iw+cTqfick=,tag:7istPr3Am1n46gGeLJyLUA==,type:str] + - ENC[AES256_GCM,data:KBrT4pH/1mkUsYagWw==,iv:x0WPUqE/ZgXIgEfd4qG6S0N9qolvIgaCU6emwUR7cPI=,tag:r7+ZYHy8n6jkBYsXzkmmsA==,type:str] + - ENC[AES256_GCM,data:nQgTJBwkQ4JXGw9ugg==,iv:CYWSUyAaSUs3JHexDZIgoRew6KQYtSs3gfNwvnNl1os=,tag:3yZEPCSO2pHhWiC5mEz7mw==,type:str] + - ENC[AES256_GCM,data:OjbESCHKmVvTzgdA6+I=,iv:LvGlGRfTuQ+dPF2ThLnFV/AanM6b4OpNunXZ5tj2hZc=,tag:bQcYoYtMuEInEL2LHTSOcQ==,type:str] + - ENC[AES256_GCM,data:85B0VBdBbLtM5wSjFnqW0A==,iv:5aCPQ3N4uSXk9l5z+tieIkzsM0mWJXdCxX2avm7SAlg=,tag:vVWQHJWxVNZRzI/8FCokmw==,type:str] + - ENC[AES256_GCM,data:N6ZZjLUNGNybZQR8,iv:6XbjEny+wp+fwB9fhaqrvTD1q/rxCIsxAvYk7mvobhE=,tag:BnIBEIRILZ8HJULvClVjSw==,type:str] + - ENC[AES256_GCM,data:qdST9R4cNi8=,iv:QBpFQ2vPmvyILL0l60rgmf5SOzDNTS7309CuWQNMsOM=,tag:u3SaU46BJWaZKrmdEWvgkg==,type:str] + - ENC[AES256_GCM,data:ouI4MZX0WQEVSmSA,iv:HOjrfRLxx7N13mYSwyhhGnWNU7cL8l8TZkxZdYwzTHA=,tag:t5tQ2DScJ6smpmHmynlD5A==,type:str] + - ENC[AES256_GCM,data:F4nm5ZtPYKcLcg==,iv:HN4OMEKXugb2TIlX443RPHIUNph3YjONQEIqTbJyKGg=,tag:/WLIicrp5G51DG/fCo6yoA==,type:str] + - ENC[AES256_GCM,data:fh5qX222tzZO,iv:TgMj7up0FMUIs3nAW4ay69bgQZVxpPVUfubSllG26VA=,tag:EfEFRLVWghEpjYLb/4jSIg==,type:str] + - ENC[AES256_GCM,data:8jidwnrGJsA=,iv:81L4uf0tyydvqinOiCNdTkiuZv+R9XrdEMnfK4pbqGY=,tag:SPZ7XSDPGJxA1GDVKeLbXQ==,type:str] + - ENC[AES256_GCM,data:O89b4PXcXwe2mnXb+g==,iv:FXu0uTLEv00StyzZc/8zhC3EVcNS+TLk1a+kbl0IvUI=,tag:0pqjt8BiYgLegLpVgVUbMQ==,type:str] + - ENC[AES256_GCM,data:YOIQ/QzZdm9G8TmiryE=,iv:AJMx1E+IvY0Y00Bj3eoJtpfQ/SUEUdvmTznPJqoTJJU=,tag:LZOENqeLl5MgnmUSx4rBrA==,type:str] + - ENC[AES256_GCM,data:yZKmZb27FqLRAxU=,iv:D3Q7zfLP3ITnULc2qS/Chm5NxuyahGDV/T3OnFlzDCc=,tag:0vNq8magla+9j7eYdSL3/Q==,type:str] + - ENC[AES256_GCM,data:6529UvDCFs5wIa+vZVd+,iv:W1AgJXZbiluDj0XSatnk6Pr+7ZBm+oYf4JIswt0f9kU=,tag:NzFdAUB3Tp+tgV99BjrndA==,type:str] + - ENC[AES256_GCM,data:mhrwODE=,iv:wZj0XXNe8AQRIVOb/MsdSz/8ZVP7sh+/utaWtfABYJo=,tag:t4SrnsloEu7cz1Avkpve3Q==,type:str] + - ENC[AES256_GCM,data:c9sYZfc=,iv:bcRU0BylMw+b4jA+mNZE12V88CVPInXLTekSXO2eW1Y=,tag:z628OckoASeuwRkAOWsq2Q==,type:str] + - ENC[AES256_GCM,data:4lQS3QzQA6UjRSLnd7ai,iv:vdGzfIREcB8tiPcL5OXg5Xog/mK95uozFCtx+SRxVP8=,tag:NZN8sAk60fcGwcZaAB5myQ==,type:str] + - ENC[AES256_GCM,data:sGdiXWSzqrBqxw==,iv:KHMI3aymXd7tK7TDGKHBJbmJeu2NJCvBRX1zoWazDJ4=,tag:rkETbUVhJph0LLXZZrW3VQ==,type:str] + - ENC[AES256_GCM,data:ORdz7GHPlxUY,iv:v01wOSE3YGINGAwTL1lwV4+b9HVN0C7Qn+JhRlsIsrk=,tag:Kgol220KbFIGLDdrt+FwTw==,type:str] + - ENC[AES256_GCM,data:kSJV3kCbXOPiQe14GQ==,iv:m8NEvnIaqhwF3bLlOxrGBicU+I5AVaCBWgdjklIGntQ=,tag:/IahDooWWpz1H5YM4VZUAQ==,type:str] + - ENC[AES256_GCM,data:XhDjVhSPJNS50WNYxT4=,iv:O5PofxdmPXfgjBXz1+QWqFnxg1uG30gOgSK5yLqw2bw=,tag:nlJqA9qnjszsDi88RixJyA==,type:str] + - ENC[AES256_GCM,data:vKvoyhSFadlM9tFFwg==,iv:0s+aXI4AkZXTGbGqBHssU5/qFsB340k32Qpam/cDXqA=,tag:QI+o/b/74tGNkyCx0mFqLw==,type:str] + - ENC[AES256_GCM,data:Pu3jUOet1PE5cg==,iv:2SN+J9/rdKzX34SJaimhwnbc8elVOHL1V94JcpVxZgE=,tag:HIQuxOqqeHXeNA3DE4YP9w==,type:str] + - ENC[AES256_GCM,data:MOPbAZzoXcxCZwk=,iv:XYOodItSi7ueBN7FH0sQu5dRda4ENOSEx4TdEaPDW+U=,tag:/ZLFLZiUnj7JZjlwVYbNfA==,type:str] + - ENC[AES256_GCM,data:G+dnIAelE7K3Krys,iv:31guCFT/fnRKDNfiyZlYlZpgkaIxVrWT40goxQ2sFAA=,tag:OB//xVr+gYBIXxWJLZ4dQA==,type:str] + - ENC[AES256_GCM,data:fAYos/pigjBs7qVozpwsBFwX2Fwo,iv:JJQqly/7CRJonQqdzkQCJBHx6+tcFSqDzeaDaeC48/M=,tag:nUKhMed40zrwkS4qk5z9vg==,type:str] + - ENC[AES256_GCM,data:cJ0AERkYM6EAGDWkug==,iv:/XEItsioCvyXKO28dBGFZW4+Y+9N8Ni5ByNOsCDBl0s=,tag:t3NMmBNwRgWKKMdjS5DCUA==,type:str] + - ENC[AES256_GCM,data:vj1i1AggnvjX,iv:O45W8PKIwcuqrjrY9u32VltOAC+MHh43E418eF0wmA8=,tag:RYnPrUzHGsb86gQVRqBKNA==,type:str] + - ENC[AES256_GCM,data:arZgPQeOSAVkrEkGeNlh,iv:s51tFGGWHYfd5pFKr41nFof+/CqVOFJe/RZ52MBOLTI=,tag:9Wd+YFlwkrhGerKs1Y3V2w==,type:str] + - ENC[AES256_GCM,data:x2DMsEQ4pvOZhsycmxE=,iv:ffcoMU442ezpxGuyI/KbH3G590zf+fKFlnHHbNrhDsA=,tag:CB+AOPfgqjB0qmie+2sOAQ==,type:str] + - ENC[AES256_GCM,data:L3M1FWBCQ+F2Bg==,iv:zh1AWBHt3jxt3eBz6oGg3tenyauFV6wg5f1DNdpSaK0=,tag:jTUEH7lY3Wv+3jYKQLSqaw==,type:str] + - ENC[AES256_GCM,data:BkfjtTCTe8N2G/c=,iv:q0Kxzo/DQl0xABIpkNLsaTlP/b5EdXXjOmfBGzxHZFE=,tag:HVchxozHrarOYCHe9qOPFQ==,type:str] + - ENC[AES256_GCM,data:hEnJsGAJyLEyuqi2ot0=,iv:YxAx7KXAroxd3kIRpcdYVTw0O5Vp+RTY+zvL2I4GHz0=,tag:RAS4NPu4FjyqMYx+sHxvlA==,type:str] + - ENC[AES256_GCM,data:RO8qYQuXvWavAaes,iv:R+d1yI7cgjtOIMq1mthfdJVvVisBbCiBRBGgMMF4BVY=,tag:XBU4AUpgXdXikbMNr+ebwQ==,type:str] + - ENC[AES256_GCM,data:MEmVJdedMmD10jhTwdNB9Q==,iv:5mWA0wCZEKc0E37Fuk5Z1LvQ8JJsDhBDsZjusao108g=,tag:8LdyJyBc1zTlffwNDnUTPw==,type:str] + - ENC[AES256_GCM,data:1Rr9CRHp6YL4XQ==,iv:JUi5w8lLC0SVjRpOx295RX9rZySrd8HO6hdaPvecfmo=,tag:HzxX2jH02P4/M4FQNM7ZkA==,type:str] + - ENC[AES256_GCM,data:7soLdQiOrPEh,iv:Nn3NOiaFteR9Y5Nol50wV/m8zGEUbRqWxMzD4qeG1Wc=,tag:D6hkgt4tN4VcXBiKqJ9QmA==,type:str] + - ENC[AES256_GCM,data:uuS+M9I17X7+7aE=,iv:Rgmx4NZ4r5P/wzM6TUVcoQr8V6F88r1FK2Pkl1i/GaY=,tag:LLP3hE+0z3piI6NbycP1Xw==,type:str] + - ENC[AES256_GCM,data:GyM9Z9z5/xvH,iv:L/V5dDX175L8aAPM+AD/Cjx7ALuUQ8vGeTttOGVISeM=,tag:PU0WU6CGkUaEOs3JnlGagQ==,type:str] + - ENC[AES256_GCM,data:CxBLofxN4R9n6sNmUj0=,iv:sD4iWAMIsNIJZHFhbAaNabwCOfmCXX1JzniYwr8+1TE=,tag:wg8aX0b0kD58GkR/5OvspA==,type:str] + - ENC[AES256_GCM,data:ewTK+0UQj8Pd6ln6lQ==,iv:73vwY8Mcby1oSGgqF5GIvvcdFNcHsoDtqQwOwTiDwc0=,tag:WfAePgRL5h7azrI05vVXmg==,type:str] + - ENC[AES256_GCM,data:xWlhzGnsgbUPQA==,iv:W8Rbn4GwQrJCc69CJ2+QHAmXk0VpAtHlsejdHbCwcXQ=,tag:/cJxb7eQALReCXIhWXXgDw==,type:str] + - ENC[AES256_GCM,data:k2PR/cV30Z9Zc1OLjd8=,iv:MV1svvi6f0K87Okoc9H8d5gRLQgCT0DxWPpIceD/gPU=,tag:6f1h2zpe8w6f8Pmw1RKoPg==,type:str] + - ENC[AES256_GCM,data:IseJjnS5mO/m3m2lcN8=,iv:okA+Wic+A2/DVvuiuL/wNsrOSN23MZ462s6UuBpe1Kw=,tag:WLZjtqD/xJtji8vT15tmGg==,type:str] + - ENC[AES256_GCM,data:hO2Dj56JZAZOPZw=,iv:uWhjHjKZms9JToIc/c+RXHq3W+aQJXyTCrL1fiUXlhw=,tag:BM5l/rdx+pBcSaXfm9uNoQ==,type:str] + - ENC[AES256_GCM,data:wjL3opN4ogXt7AoyNwIJOKlhS7Nx,iv:TnbM7p+piZptlAX8M6N6gf1ojx0Tr0NeUUQeMbgsQ1Y=,tag:kEJYKrqOgNcXTkz7AZ+0nw==,type:str] + - ENC[AES256_GCM,data:tWPUD5W2K098kNo5jZfWt3E=,iv:FGNdpuauoYsRONrOkdhtj8h7E/psCtgV8rfoWY3nvlY=,tag:dne+FGvhJrI4unf4MqENUQ==,type:str] + - ENC[AES256_GCM,data:y5NPBCxTxEsxKl0o1g==,iv:HAcgOczmIk7v4EY3QtQFRz32raHpoAEPhfedc1xHkB8=,tag:p1/5cAxToVt1Fo68jc+xNg==,type:str] + - ENC[AES256_GCM,data:HIwTtYBbRJVdaQiOi3Y=,iv:DuvAw6t9lOqPxwnL/AU4Vc8/vCG+J8cnW3NRITzzW9o=,tag:jN+/ZEMroW396aao3qbqYQ==,type:str] + - ENC[AES256_GCM,data:d/nWIv3WjrPoH9R2ow==,iv:z9NHYQQ5tyizr+sy4j4XdEiTqqauZCm/w3b6J47FOxE=,tag:XFwL38xsBrcQ8oxOUqC9Ww==,type:str] + - ENC[AES256_GCM,data:nAIo+o4Udxx2xEv16GQ=,iv:uxEHEdqJ4ed4W7slUBLsFPfQ7SLt1ax8c3YqdqzVNr0=,tag:5lAOHftEIYGq1Gi6cIn3Ag==,type:str] + - ENC[AES256_GCM,data:LA8rmjwIUSfegLABc4WwT8h/Goo2,iv:JPYd+c76dBf6YYYhcODS3eXrBT3A/TK0D1pMlSxzfXo=,tag:mwCct1lODczPC8/ScGKwtA==,type:str] + - ENC[AES256_GCM,data:4QoW/x57SvakHyXUhAI=,iv:azIKRB3zj9Gc1BLLzAcNjY/pjam/Iuj9zAgkIpdt7GY=,tag:syLYSF36inzSa3AaeLDX8Q==,type:str] + - ENC[AES256_GCM,data:PzcRkfVOPun699Wy5DE=,iv:0WBvMlWnSBUWj/0M1DiuFBOBJrk3L4MWco29F7LAvhA=,tag:q001Co6C5FbgZFeF6tRTew==,type:str] + - ENC[AES256_GCM,data:DS+ohdw8CpD+gM6SU3k=,iv:X8ABlwbDLu8dpXS3LRKPwN6IpokOYPVPSNTdYh/35uY=,tag:IWVv5n39/Cwr1xeRcEeCvA==,type:str] + - ENC[AES256_GCM,data:lAmPZQ9ADHxSZg==,iv:EueA3l/tOtALSXqwVJyNe15yd/yQ4jgwuUHBQLeaQSM=,tag:N3RqU0GENfe8s+i7I6ORCA==,type:str] + - ENC[AES256_GCM,data:lY6pYyJwz4JR/2Q=,iv:eO00LkOZOCqaUiDdVh9uBzCLoFN1BqbpHcLsD8BUEJg=,tag:RBy3v7vlH9Op9llSq3HGVg==,type:str] + - ENC[AES256_GCM,data:POY4+bBKfCSEVg==,iv:krip7J9J4osy7aWuWZMEQ/AmzBZKhtfSNMW32hO0RNw=,tag:P8M8Pnu8mLh7m5fR6oOWgg==,type:str] + - ENC[AES256_GCM,data:uLVhdv+Q9rWNZvkUGqDg,iv:15R3ADRldYPfxLuqmDC/A2gxDYX3Y2tcSR9n3mX+4po=,tag:aYoPcp7/Ts35Zj+hoBjGGw==,type:str] + - ENC[AES256_GCM,data:iFCj9JXLYSTGU1nbvhuH,iv:rfNYND384ToiXlCc/R6UPP0IKzWdMVUT4EEwVXrCudM=,tag:5CfDp26ZRxRQRvsrjFHMNA==,type:str] + - ENC[AES256_GCM,data:fhoeCSdJ4e4089trPztB8s0=,iv:++2KfPbQ/H2Kk+ZEbgSFYGvQEjYsD9iBl7mI6PjXXkw=,tag:Vir/RjjbyWm2tjdPwVso+g==,type:str] + - ENC[AES256_GCM,data:f3gTh7d4IIAIB1lkF2pW9g8=,iv:QvCP4uyuBArZ0tBurzb2VDrBRhdgd2se9JvLc/a7ANQ=,tag:Y4HcvwRqVbHTYVMzU7Fxvg==,type:str] + - ENC[AES256_GCM,data:a+2K4BiZbvTFAw==,iv:5Jy9BtlDxuwINUwdyCSw81BxzDy6dczEcPMWS49kJA4=,tag:WOMrJngQKrUNpLBc3N/Aow==,type:str] + - ENC[AES256_GCM,data:h4TI0W9JDlBZ9tcqbfXdSEuVP5ZogA==,iv:d47HJfVtGwDKXRuudrBNg0Km0ZXLEfHmS81gi/svjK8=,tag:rpwz475WRcwrnReOzIc+MA==,type:str] + - ENC[AES256_GCM,data:5Qlwvds0flgNPtKvltzRLXY=,iv:xCw1poeoGfFQvgIFIdAIly3bhWIVzopyteIeUA/OqRw=,tag:oQGudLiy6evyVAGTvDpBPg==,type:str] + - ENC[AES256_GCM,data:BHC8r+9SegScdT5KEsYT,iv:jUap5TYdV/lRq/7hHxT9wiawSYKdK00R61Or/ipkXwI=,tag:QhRSU2HMAimI9XkASBadMA==,type:str] + - ENC[AES256_GCM,data:B9NYPZxeR0DYFf1u,iv:eNiJJqjetQOXLyy5ThSNxQGqAKBfzdCQp6CEoYU/etg=,tag:poOjuDl/6qHHpzr8wtJMwQ==,type:str] + - ENC[AES256_GCM,data:dLcjL7Pqr36tj1rzGA==,iv:T6N08KHa1Ld2bFpP6qtd2spzuIwF/rxCMpZrwemsKg8=,tag:3Vg7Y/OXzXnr+gje5M3EeA==,type:str] + - ENC[AES256_GCM,data:kDWZkWTEGvClyNExxaY=,iv:BDyDIuZaYtJGJSHuqxMiwpGaBNhIzEcU3BnZBh8MfmQ=,tag:lOFbTqgitAsw8E1AVxfB6g==,type:str] + - ENC[AES256_GCM,data:LmYJvlwxpZgzwgV9Qizg9A==,iv:9R3A2BVvqwa2+Yr6lYvGy2G6vPQ9sTAfVvUXrwQRmg4=,tag:D4yrcSjbJB+KEuxgyHuiQA==,type:str] + - ENC[AES256_GCM,data:+kazv+cvJBNfd3Jd9NOC,iv:SbcK1PvPcakL2Wekw+XbyClCFbx/dmAFM8awYsxWdLo=,tag:DmVBPsTrP+XTm00+j+UF1Q==,type:str] + - ENC[AES256_GCM,data:TjC8A0lgVnVBlEbylKc=,iv:mffh85QyD8wjBzQDqv16gKwjN/RFSubFb2aYDtpXS5c=,tag:kWXUQbjow0TrXQ189ZG+TQ==,type:str] + - ENC[AES256_GCM,data:f00JfVDFNrGJEpbx,iv:GBuca6c/ZNmj2WerklCPwNTGG31TJuF28RZAL5uDRa8=,tag:AvW/NFJY915bDxq/WJQchw==,type:str] + - ENC[AES256_GCM,data:TZmLYtFjSOKY8ho=,iv:OP+9rkhsA/QhmUKq/ewqOpwTf3f2NkIHt3SncJKDBSI=,tag:C5K4/s3NSG6RNbKWDKvP1Q==,type:str] + - ENC[AES256_GCM,data:ZvTCjmm2PYKIccP4,iv:zOUw0Xirlim/6JgvAgrxnbQ6xxciRexe4A/kvmXvO0g=,tag:4cprtDHNW1VeDAoy2NKN9A==,type:str] + - ENC[AES256_GCM,data:WZjEgYpHnEVFFjlUvQ==,iv:gFzfH2+iE16t4ZJ0s9chyIglMeBhQhhs+LajGdpVuFQ=,tag:657upGdRBfhTyfyLh67Suw==,type:str] + - ENC[AES256_GCM,data:KZOxLKWtWhXAG48=,iv:2DOWjMubaSPD5Cnda9sF/P13xnr79I7vOsjmDh++5Tk=,tag:erVabEH3RyGXQ45RG/IVVQ==,type:str] + - ENC[AES256_GCM,data:lceDvCtqGgoSB+j308g=,iv:YK26yTyUu1clf+bt5rovplXK7fHywDLUORqJRfDzILc=,tag:NzPDO947PycOBprZdSXaVA==,type:str] + - ENC[AES256_GCM,data:J6TmjegCHHk7bAjv,iv:uJziq/2UCccAk+ePdU5NhQk75gEBDUwHAU1wHL+1o5k=,tag:ONqMREL9SDpfOK5netXMQw==,type:str] + - ENC[AES256_GCM,data:ngGpjcgCePuJWU7n/XrF,iv:1BYrMfSM5/dxbew+rptiCfB6aKDBZiF3SsOT3R3aDtE=,tag:uXS2zrNyUTpe7bA+j63NZw==,type:str] + - ENC[AES256_GCM,data:VqA+IMwp0GcFsx6YNf6Wdp+j,iv:3DfLRWKxE0cEkMHXaAneiLvW9Uuze+sNeoyU0CSJ+uM=,tag:t8m137hs9rKtExDubR+8YA==,type:str] + - ENC[AES256_GCM,data:7ZwpfMonuCskWA==,iv:7IR5srOps+XhtqdbSKU4n3V5yQpU7lRCQnM2rbYBAmk=,tag:j7yOHb+Wz9F8UjrhRX3kyg==,type:str] + - ENC[AES256_GCM,data:bN61jsa5Gp8wYA==,iv:UxkO3Q2qBy/el90Zo/GfPncm2exenzYM6qJTCK9Crek=,tag:xhPqiD5m59zM2MmfqgwCQg==,type:str] + - ENC[AES256_GCM,data:fDpsJLSH5FzTug==,iv:+jsfygG/wsJ1mTl4iC9ShNX459FaAIp23baZExqog9A=,tag:YR/gPETsJHQ6G1Ol+sHh7g==,type:str] + - ENC[AES256_GCM,data:8BKz2J5WStoSEB/36Tg=,iv:5XSxbjCHd/bRdb9bmXOXl7lkr+SAo/6fsYxunAlylLI=,tag:iugw8JhNEuvw15FbwDiLaQ==,type:str] + - ENC[AES256_GCM,data:Bo9pTYyLLY/53YlRQakT,iv:lqWq/F9I8PTUz022phT39k68rvO/LKzMHlp/5ViIbBU=,tag:vK3EudPxq80fnWc7OXFdrQ==,type:str] + - ENC[AES256_GCM,data:br0oapo9MsCx1nY=,iv:U6SMBToJVulFQKd1ndZaAkyd5UfxMGvX+5809anU/44=,tag:/lvFiXvPZ1rbbNok0aKcKw==,type:str] + - ENC[AES256_GCM,data:HuMHzcIp5oIKdaSy,iv:TC4R4KeooSgbHJbboIcvQ1d3tv/N4SDjJnpYykWUiZI=,tag:5IlCsr4iSskUcm2sLATrDw==,type:str] + - ENC[AES256_GCM,data:TbvVOdf+0w42WKEeqA==,iv:f9EOZB0c7QFyiKKLAPXVE+yOoJkKkQVdKrxO4/l0d4Q=,tag:ZN25Am8w0IVyqimWV4r3GQ==,type:str] + - ENC[AES256_GCM,data:VEEjrHAeV1iUzA3DaS35DyEq6w==,iv:HmVisH7YRPJLKDhW0YRtKxKiWON6kV/MBKQeWrPeK4Y=,tag:s3Hj5UcD7ocjgRQ156JP0g==,type:str] + - ENC[AES256_GCM,data:z4oAIH14htK/rtzE,iv:lDydWfRbWZpwm7eDNpOQqC6E+j79MREEQTQ1hesKFXE=,tag:ADSxxk9noJsWpN09VptLNg==,type:str] + - ENC[AES256_GCM,data:kXwH2dXAV1E3vcj7Rw==,iv:vFDasL7Cw7MEDc2J2HlZVd/cc2pr210eCJVxGXV3pdM=,tag:YcdfjiAKBq8+q+yMSHjlDw==,type:str] + - ENC[AES256_GCM,data:C281MPstfmRX5xq8hhU=,iv:T3orv0xnMp2jva85GoufSPiVZHRDlk9VM9Pmv1QO9v0=,tag:Pfw9BTk1/EoGtIrqgsLS+A==,type:str] + - ENC[AES256_GCM,data:Y2FtrdK2TMmk,iv:4OFU7uV3mnZ7qg4ePg80b1vNV2iXmZo0+X8/6ef60/o=,tag:vums3qjX6HxgbIW+Oz5htw==,type:str] + - ENC[AES256_GCM,data:ycZXIxGof635yg==,iv:UxD6tF+WU+BAGy+g3q3idtFu9T+dAUKni2A0p82s9ZI=,tag:ayQ4S7uRJ1vD8u4UFHS4mA==,type:str] + - ENC[AES256_GCM,data:rIjV/EZgk5Uhq+Q=,iv:Ztay9Kaq8y6xdFpBjCgToRw+e//Gg8vqeITklQNYxwE=,tag:5jpduLhVqWOCWKoVIW3tpw==,type:str] + - ENC[AES256_GCM,data:x2rVl51+mVTjTrw2wQ==,iv:W+jMy6inuAR0jlR45DOqNzQLnIL6vyDWU9oWT/zu/gk=,tag:+YrpciNYshBUmQ1Ux0r63A==,type:str] + - ENC[AES256_GCM,data:iPQXyDeLAY+cjA==,iv:gO8Rru9FonYWFAkRH64EGmCm5EOI0yYThGUtSjCvbUY=,tag:pgGMh9Ik69HAj+K+m6kk/Q==,type:str] + - ENC[AES256_GCM,data:IY38SX/zfR3+,iv:bgvu8FgEwyHyD7CYIX5O/QX3py5MHcyCH6FdrnKInGY=,tag:yXea5H+SFnhsjUn7STl+3w==,type:str] + - ENC[AES256_GCM,data:K5nFk1GMJp1r6Q==,iv:EbadAaQHj/QSGGhOlGYL1EJ7L/Gl6w+L+BH5xyt4RHI=,tag:JhmYpwvNiQVIUhZK++mXHQ==,type:str] + - ENC[AES256_GCM,data:eX+nwLf7WGE/TCQikWqFcbuM8w==,iv:IpeTbygkQQbhYbK/Jr3iHpitfFaNOHTHi+xuFJ8LDt8=,tag:Rz8S47s0nmEF8lxLCe51Lg==,type:str] + - ENC[AES256_GCM,data:CgrPUgYQ/Hi+wOtzR1VKnIZYzxcu,iv:q5qzC/VlOWOUvgQHWFRus+ge52ewbd1RTO3Cb27R7Iw=,tag:qLYVubRktNOyoObrwquUlg==,type:str] + - ENC[AES256_GCM,data:a4Wb7d2fVZSx4wzLfLI=,iv:ZQzIgZoK23P1FlUKJjIdDCsP6l7C7yzsbPlKiaweT+A=,tag:6Hi3QcrtF3DjD4mpvHC+bw==,type:str] + - ENC[AES256_GCM,data:2xx2MOhvenEbWk+3lfS7HA==,iv:LrmobsMRViQ1jwwLgOGre/D2xb5XG/r44unfOZqDsk4=,tag:+XHCaytLh0zsYJtkVHXqiQ==,type:str] + - ENC[AES256_GCM,data:feaSpsVR/toytUbtP5QpD9Pu+bBx2A==,iv:66sDHYKmCn0KrXxUkj898bm9uezhGHng6AGxx86MKgw=,tag:jtfKrHHmyMuECEZkHe8fNg==,type:str] + - ENC[AES256_GCM,data:gBDxVtXIEYq471GvsI0=,iv:mb5MykQyfptvRHdHO1NQMhLUbNNji80qBw1u0sHaSZo=,tag:XjanRGJxIgs6d/9TFap0DQ==,type:str] + - ENC[AES256_GCM,data:hsnT21tc3EaySrnr,iv:w8QDWtbam6jP7nV1zb7yQC+iR0grDZBQV0I4QH5pv94=,tag:pkmQdQsK4bSS9eAYFJCIGw==,type:str] + - ENC[AES256_GCM,data:e37QeUL3BQ6EHSSDcQ==,iv:NBDT4yAnxM1hw71e9C+BFtErndLS/l2RfgRjpmSQ6f0=,tag:aIbKUyFecmmPgn4rjN8zdg==,type:str] + - ENC[AES256_GCM,data:K4QCCKIvQ0pSnMU8yg==,iv:69VpNq5FVkNa6CIktX2CC3OXBGEHARVqMq4r6c+BK2g=,tag:zm/Ci5EQXAB2nOWlLCYqbg==,type:str] + - ENC[AES256_GCM,data:07er6M5YlLw=,iv:vXSR407GBKPo7vJTJUM9FkkLan+ksEWUOBejViPW/XA=,tag:gg/9YV21w5f07OMgjTew3w==,type:str] + - ENC[AES256_GCM,data:I8RbSp3OkpRcX9+l/l9YHf0=,iv:IIzFEHqhqYgSF5jjegD6cdLs5GpODhG0MJTScbdauFg=,tag:+u4NzApTKRlde7fWDiq0JA==,type:str] + - ENC[AES256_GCM,data:6dNSyAuMXTlFPvyV2dXiPaf+gA==,iv:2P8EoSyEY7b4k+H0oAiweO8ciav6RGGFs3F5cm+4m5c=,tag:OUxleT7waIjnh0iiQlxaFg==,type:str] + - ENC[AES256_GCM,data:FwbwaooWoaOakXDe,iv:gxQ06juzyBzQhuueWZhGvwv/2S/r5MG1pbTA9NolqNE=,tag:G62CO8yLpjn2txaO6OEb7Q==,type:str] + - ENC[AES256_GCM,data:in7sjDuQZpRciOeLrg==,iv:6hzGokX46NuUPa/o1NtKxhv9TINxsosI46BbWCWX3cs=,tag:H/lB43Pz4lY4+A22VRPMyQ==,type:str] + - ENC[AES256_GCM,data:PJzVUIMXYcBsVwjHYiYo0p7Dfg==,iv:TGFaoDQ95kiNDNLqdXIWN8Dg3+q2cT/5BuVoDTkGQOU=,tag:eEDsr7EpfaMBW90+xHQ4/g==,type:str] + - ENC[AES256_GCM,data:CQVzaHBdzOdn/KXqAdk61l4=,iv:l3dhntrOC0tN0Vn3jdUTk3ip3Ro2wZFcnC0TTC+8Opw=,tag:oDdw57TaXO4GZdhIYckejA==,type:str] + - ENC[AES256_GCM,data:T5XQ9vhXRlx64B1dfa5CJtv1,iv:6rJXluEhYy9KQw3el3wdu3mMQPybNw4EV5QsRq2L3Y4=,tag:4Tw1MlITWxyJHKKHipCd1A==,type:str] + - ENC[AES256_GCM,data:5lVb0+XB9lQ=,iv:DfA5Dl19A5dCXPqnNWhr9v5lFZ7g9GkddoA9Oh8wXpo=,tag:OlekpnDPdDsRf87uiRS67A==,type:str] + - ENC[AES256_GCM,data:aKU+PEs=,iv:RtOW0Is/DMd5fD/SEjDh0l2eQ/IMqYeUCHyb8ITcZMk=,tag:v0uPm2uWusRjbaAlEioJfg==,type:str] + - ENC[AES256_GCM,data:VS5WXO9cuElTkpQ=,iv:PtfSEbTI5Jy1tYgL+mtoXcDgf5/sqcTCke2txw4mFxA=,tag:N8qLmol9K0pnUDqm+8TzEQ==,type:str] + - ENC[AES256_GCM,data:lBzUo1xPHZ/JAt6p,iv:LF5S+VCtM+C/QRp/NidijQhM5/2n/tqwH1VxMzkusRU=,tag:mbaq3CpUHDhkI0Xi4J3t0Q==,type:str] + - ENC[AES256_GCM,data:a9cmatU3OelRJEVq,iv:7dQW7hnpFgoeI2OBqHLYQqELJNf28+ohxXWf6Go+kyc=,tag:TSGnqxc0YdOiV+JuD3EFhw==,type:str] + - ENC[AES256_GCM,data:OxgqJUGh5BwO,iv:IFasg+YPG8/H5hzp2gda1ju3aKEoV2tmo1L5Um0oKXI=,tag:ovbWFG63s3fZJHwOEWDaVw==,type:str] + - ENC[AES256_GCM,data:kBNkIH2rc/mGv3k=,iv:Tj83Zee2qbN79V58BJ+zh8u9Qt7PhYcjqjwUrpfnJ3U=,tag:Ehh1UBkNNVYZC7pUrEVpbA==,type:str] + - ENC[AES256_GCM,data:qTXeddUjHds2dELzmA==,iv:emUfQ+VY43vYIwGEazQxXWlJSN777ue6aaZe6WtvEp0=,tag:z7hFnf5hY35HiSGvI2SJuQ==,type:str] + - ENC[AES256_GCM,data:W5my4E4t,iv:A1ukwqcjgZKa/8gVaB8Gx9hcB3bLq/fw8dBLQ7Z7ht4=,tag:UduTmxpS1b8vJAN9AjL+wQ==,type:str] + - ENC[AES256_GCM,data:hqBYbmcgUX2+,iv:nj5vL5fXIptR89cRYQOwL9fMDFLXuezKY/5URcf5A2g=,tag:2BAR+qjTwFE8V6WKclpSnA==,type:str] + - ENC[AES256_GCM,data:tSeeSlsyGPg+QPXy/XJwqHM=,iv:V+MYMJGluymzmBfniLfnkT+ZX2OmjKgrlYGATKUeslU=,tag:ROFktWInogfeKGU/+oWCNQ==,type:str] + - ENC[AES256_GCM,data:jP39Xf2htLDS+UM=,iv:GWpUXesvEgPGw3yn2Z8eJK0Npm+X76XV/+FXhcUxyqQ=,tag:AuWKkuaJwoJgStfte9fk4g==,type:str] + - ENC[AES256_GCM,data:xpW1KtauyZmauzMWmVWK,iv:Zqe5yovuwJip4nQTVNkS7OiG8dHFJ3WG/ZiWcVaqQO4=,tag:SGqx2dhxqbjdLGsKZzM0aw==,type:str] + - ENC[AES256_GCM,data:cEx9zMAQWhDXTRpEpN8=,iv:LGpelWJoeu1oQ93/LQLZu2IEBqa6ooz8cU50bUnOauM=,tag:31zoaOTb2gsN8xtZnrmc3A==,type:str] + - ENC[AES256_GCM,data:eZJTceMms495Y863,iv:ZNFUEzoSoCfJaBgqrkB1Po+Z2ty+0T5XUVXzGrydocI=,tag:sclt3aoKbsb8RloEm6u2rg==,type:str] + - ENC[AES256_GCM,data:ExBPzWL81nwCzKM=,iv:ac5vcB7vHmNv0PqxQDH54uhjzqjYhjFJhK+IQf3350g=,tag:dARaU2rkxa0cN2hoXs1QRA==,type:str] + - ENC[AES256_GCM,data:RRgsc1TAuA==,iv:RNnVA04eC0nBF0WLG3PO65cd0wa0gP8Y1ksVyGZv7mM=,tag:47KsIuYIksKjroq4IxVc3g==,type:str] + - ENC[AES256_GCM,data:KQm1Eg3lVsgTUjc=,iv:ExNCA+9eausnft/gewN7qOA9yIFGkCCIsqGmkYC494Q=,tag:4Ixs6SCk5GLtWRsZATVylQ==,type:str] + - ENC[AES256_GCM,data:hfVlbLX8NK4=,iv:6+vMg+DYR5kcqUk7br0kZFK6BVkzyYvlZzFRONKxo0Y=,tag:Cjh3QEz0qlPb9V48FE7IZg==,type:str] + - ENC[AES256_GCM,data:WaZMIjJBzmR7ja38,iv:uke3Esx7rDHitWyhDybohnksNqpnXqEOgSu0QxiPnzA=,tag:XV5A1IBWoqznw4+s8xnn0A==,type:str] + - ENC[AES256_GCM,data:cZmFEaX8rA==,iv:yG9QEuobk7UIMnXbAvSziz8Az7Zud7/xcN4A1fJWusY=,tag:Spb2TUvih65vsbkr/R+vWw==,type:str] + - ENC[AES256_GCM,data:35rVnaS+1QEaAMc=,iv:ZLfT6kzAvNyWmf0zYYo9PoP8RR0ihTwWXING+BRkhcc=,tag:/nu3XgH2g5wlVkLcYddlkQ==,type:str] + - ENC[AES256_GCM,data:ZNTh3LDXr7em,iv:6v8E7fH9kO+orcS4Z9/b9MM62780CLyksrbwWznlhpY=,tag:dnp4jYqGx5A1Ug6/cLpzPw==,type:str] + - ENC[AES256_GCM,data:PL+QFlJfTUmXEgOfXMaC,iv:kVCgk4trzu73ONq/21ktUa6iEsm4tU8oVV9vkSKbT2g=,tag:4QVf2x1ft+6NMkP+k/MPIA==,type:str] + - ENC[AES256_GCM,data:XF5wryvTkPIP8IuGsvcmUXCb,iv:PrQERlEj72BKtRzglOY5JZQUY/xJ65SSWySr9bp65kk=,tag:B8JZWELjw94bI6MadJ3g9w==,type:str] + - ENC[AES256_GCM,data:gqXH52g73vDA40UCCi10hr17,iv:TbXnePNOs5MwDJPnPhPkWoCUZikvq9TYsTurU2kfnco=,tag:CprXUFBKSCPtH72G9Jo5Bg==,type:str] + - ENC[AES256_GCM,data:dfnBupVF+8ZQRQXEdjRQh1yyOg==,iv:Nu/YyMDAZfpDk/Fv7mOVZ8gH8HQj6KV0ttfLhElbbk4=,tag:00gyUGkcOS4Kop4Ry3Rkng==,type:str] + - ENC[AES256_GCM,data:BQzrWR95saWbkSzLGThc,iv:rG9EydOv/t+WwDQgXoAzVhEBgHiy1mWSV+ET5Zrozzw=,tag:2bhpBIB1nAkpPvzoWSU+9Q==,type:str] + - ENC[AES256_GCM,data:PD5uMmJD+RKunw==,iv:Pkj/s9qOmingZm7ev+YzhdCltVgx97gXMe3rRm7DwNg=,tag:YJmGyC1muGK6rThT6Jbqpg==,type:str] + - ENC[AES256_GCM,data:PoowaftpgE1aI2AIG3f6JA==,iv:tP1aYADhKO/lgaTry7YJKH5GTGWTIrueL51Wwbrt0Wg=,tag:cvdbDF7MHGBvWCaMm/rl5Q==,type:str] + - ENC[AES256_GCM,data:OREL74dc1PcR1kZsiCQ=,iv:HHzbL9J1H8Nz2XqFzXi1HR7szWDkvdvIx0mWfWfTAQQ=,tag:0rGR25SaZps3303YeGMldA==,type:str] + - ENC[AES256_GCM,data:FBop9jwyrbg=,iv:gAJOAG06lmRKuCTYuM6dEWS+UEMJ9kpiAz846Pl2x1g=,tag:nUE78SQwNIkbi71HVukcSQ==,type:str] + - ENC[AES256_GCM,data:czN23kc9RhIITFYuJJaprQBuZUs=,iv:w9RwF7k/zIfu/MS3AfofRcohLDPmBxXagv29Jk2AlE8=,tag:ZcvGeIvxYxuEBc64lxfIyg==,type:str] + - ENC[AES256_GCM,data:FvUzltt/OzKZa8I=,iv:AizYHTvFfgnk3HufNoWPkgdYM8/IKHplzViF2wsTMYI=,tag:L8z3vpbyAVTKtaZG2GfNDA==,type:str] + - ENC[AES256_GCM,data:LzqOCOF6yWo2/1o+LLXHaQ==,iv:DN5mZsmu5XCRosWh+pn758vcYhs3mW3QjjSyV3C9Zc0=,tag:lxYJmcXU/y1E7apuCELzzw==,type:str] + - ENC[AES256_GCM,data:rWL2hqhdaqu/fhUP6g==,iv:aKccjSQm8+ZUEa7w3G8dw+oaYYEWmx6UT+mEFQHC7xo=,tag:KWFQ4AYYTLP69Z/e5IpEvw==,type:str] + - ENC[AES256_GCM,data:YrGFmUn7,iv:J8cb7IO07c/2HFsebNFgQjJO9+GisTqh2++t1Svpfcs=,tag:Fh49JmQ9VLJ4RNqASt5BBA==,type:str] + - ENC[AES256_GCM,data:GS0E+ezDMglk,iv:dGSjH4VMrGNKWUJZk5mstosF+dIuw75FSxphF1Q2tlE=,tag:KLmaw44qewqyMb6SskLbAA==,type:str] + - ENC[AES256_GCM,data:e/PhI276rN44KGe8R9Hn9AjW,iv:BODO/6LpmemvbuQDTmB42S8BeheDqBPrNdEkkRZh7+8=,tag:GF2cjXNUsnthwGU2cIRuCQ==,type:str] + - ENC[AES256_GCM,data:Rym1FMFrPA==,iv:LVv8T9uCkPNmliyVOfD5DhDuuQdFH7RJKKt0ghDxBbw=,tag:1SiX2074w6NbCEUdES9Jlw==,type:str] + - ENC[AES256_GCM,data:j76/wCzdovdBwZKbIw==,iv:/8+7jW7Unz+F1ZXdP8DUPOEr8yagdtT3CVacB12EFLk=,tag:Jeegrnih6B+kT03Ds9MUVg==,type:str] + - ENC[AES256_GCM,data:sHAT02YQFmnS2A==,iv:p9gL3R2+AO29/JiEl9ZP3KJ5Geog5xbZTS6PsLUYMCk=,tag:OfwSwNFJQ0wy1bqwtiOmIg==,type:str] + - ENC[AES256_GCM,data:ryvRQCfxHXLtIA==,iv:4qjltiVcvZCYcW2+cdnYmc+WPb5CSuKK0Ai75AwDIpI=,tag:laWdnEZB5LqKuRvKO6uZHA==,type:str] + - ENC[AES256_GCM,data:e/W6bTTg/9TR96a7UkC/H0P+wDs=,iv:fDv/5MF2IhR1qH+FzrXVv52FXCTQuCUOuDhjUdh2cmc=,tag:aPbkygl6/K5M4aeDgF1jCg==,type:str] + - ENC[AES256_GCM,data:A9f5rC/840os,iv:G/JUX/8EFmVgaL9Ei6sFLfF8TNe4i85c9RXjHyZuzkI=,tag:2HGEBJgXgKeijp0HEwP0lg==,type:str] + - ENC[AES256_GCM,data:8rn8acLmquPjjA+v,iv:nChG9v4pAwvA4GUKI+z9SOOZaOYD/2mNjkbLI2fiXDc=,tag:HeXtqK7O3a8gIcnYxzBFSw==,type:str] + - ENC[AES256_GCM,data:7KvPhp9D,iv:JV9ozlz/JD/ndPO7pEK+e63jciieLPyry+ZSAtAULRg=,tag:eVaQP/4DWS/TAmrDz/u/gg==,type:str] + - ENC[AES256_GCM,data:SPIWejPL6i73rEY=,iv:xoRnd7EZPwcZ0Gyh5srxDSSn7IoVZXj8qoEJToFt9Ag=,tag:7/zrPsLfo1nsLAu2NC573g==,type:str] + - ENC[AES256_GCM,data:c4sdggRJ3bToxZlq,iv:i5mkkssbeyDkG43cHTGmcbrMMpFqwybAfvEaPlI1S7k=,tag:37eEiqaxb1mmNecL+wmoGA==,type:str] + - ENC[AES256_GCM,data:XbdR3IpQSGrvX6cE,iv:4T9GRsG5v1WnNFuda/Xuo1cUsgqs583kPOaVXgIwe8U=,tag:Xo5usO5AUZIS2CM6NF2sPg==,type:str] + - ENC[AES256_GCM,data:DxdbhkYQLjrU8IkQA0oZQ0w=,iv:stHVR69uIHcwiX2pFbA9eu1eZEm3Fk0T/gTpbSbZKCQ=,tag:I1QX0fNECIQ9rzI3iP+JPg==,type:str] + - ENC[AES256_GCM,data:JQcMGrm+lbo+WL0=,iv:fI54L4RMwFwhGXrgNas0/h4D/PAkoEn2lkGsfc6Xa9E=,tag:DdtwizDO5PxDtJl3X3q+mA==,type:str] + - ENC[AES256_GCM,data:dY8f1IqCEnXQhA==,iv:nr/IXik9ExhTeaUzJZLeWqiJIJmeff06DxFQigW9rQ4=,tag:dkhL9rkazbLyEK2ORO6SHg==,type:str] + - ENC[AES256_GCM,data:uflFPvAP/5bGgA==,iv:YJqb68wk5fSOPprtDdiOvnA1nPeh/e1YEhxbIZQ2LKM=,tag:gFQaikV4tMxcbfG1tfn4KQ==,type:str] + - ENC[AES256_GCM,data:/j93eOuNriiHQg==,iv:n0FCityOa5ahDPkT7OCKGBozC82IZcJ0I5jo6H7hYCY=,tag:MheyVymcc/poio9HsD9UeA==,type:str] + - ENC[AES256_GCM,data:30Y4Owj0pSOP,iv:Sg3308XhieCdFqZuu7DAhyjg4Z/bu2i9KMNTVwv6VPg=,tag:vhdIHR2CoN/Xcc2DwygAUg==,type:str] + - ENC[AES256_GCM,data:ZkVKxfO7X1bJdNdBACpFe58=,iv:Leg1HYXkVlH6yEUKrtBEGVQvQ1Sy9wPJp5r+vMct1FM=,tag:yODF6ArK4Ik1aCyP62MN5Q==,type:str] + - ENC[AES256_GCM,data:0sSo+leb,iv:oz++Mrtgy8cWspXcQYwQ9c1KLi+KncJOjIZ7tW4jv0c=,tag:ifxLE5eQ2a6ffcd1nBanUg==,type:str] + - ENC[AES256_GCM,data:1DA+T8XPRzSrCGOqfl/k5/QH,iv:n9AhT8mANTKl2fkP4tEXrU7xjLnCxg5Y4T2CJLnmJtg=,tag:DyW2INDJ5o55KXOdL/cwIQ==,type:str] + - ENC[AES256_GCM,data:x2lLmhCM/PiQeBGF,iv:U/bKxS2lFOUcrsnMk6m6n9OqZsdGwZDXYxVQTYge2dA=,tag:Vwq3hzkl6YgEt+UgS0AT3Q==,type:str] + - ENC[AES256_GCM,data:5mb2FikkwN/CjL/O,iv:m6C5z8IKSDMfLmVDklz3YiGvHcXoW8LlNyJA135VBYs=,tag:Boo+yZTS9f54/alhdjl+CA==,type:str] + - ENC[AES256_GCM,data:WJa4Gs9N0moNI8s=,iv:+dTCcdWl9qTv69VjB4ezn8MTTJccIWGFx4RV8voKboE=,tag:+5L/hrJNP5tt3Xl+be7+Ww==,type:str] + - ENC[AES256_GCM,data:Ndvui0J4Fzpqdca+jN0=,iv:yiJ7dCrXJm+0GUzILDSGE3uh4Cl9lVDz93i2KEnFfnA=,tag:lw6I8uAfhQ8OzwY7HO+yyg==,type:str] + - ENC[AES256_GCM,data:kXpqAIX+4mBl,iv:NYbklR4sWdI2KZ3q0AINRZSKCkLxaPqW8kO3zybfBQY=,tag:f29RijAWODzVvGT7O6jk3g==,type:str] + - ENC[AES256_GCM,data:8LZbFggN2EnMaWg=,iv:EHflLYWuLqse34yAPYtwyZwT6+cMGVDNn2234xl5sFQ=,tag:bTBFWuyszhth7wLryn7cSA==,type:str] + - ENC[AES256_GCM,data:SjcvM+95KHYS,iv:fhKR/QLuhXJFDfA9DmTLeU8R3p9ju4SGD2uxaEU1NZI=,tag:DN0sfJF4P9bGOdNNArgNpg==,type:str] + - ENC[AES256_GCM,data:3YIhyg9Zw7Y2aIkK6fJfzQ==,iv:SbXdKij61Mlkt4UPBW4RfDBAw8Bvv0xwz2ya1JZIano=,tag:FA4wN08DtWIMIfnqFOYZXA==,type:str] + - ENC[AES256_GCM,data:xbT8wVaU4sNUh7YxKmJs,iv:nDIoJCV2k+EHzzl4XXubnL/SNxSG9QXmQg869SY5DVw=,tag:WkB9cWPpIuxisoLiVTzjdw==,type:str] + - ENC[AES256_GCM,data:J9nQbSllMeTMWjHI4A==,iv:jQvgMbdYqTDLOBglrQqE9NCIFMMcOVMk6ofWLxOO5WA=,tag:Tlb+YZ7FbmE37A8zv5DPSA==,type:str] + - ENC[AES256_GCM,data:Ebd/JH8go1Nwvg==,iv:dHvgArqN8RQrtnQSEHqMQUWcJeBkWhi4n4rGBh6ob3I=,tag:pcGGtMK5ST/gtfDKzxWtuA==,type:str] + - ENC[AES256_GCM,data:S+cmzjwOSaZwumWcpMtRWQ==,iv:tI//WiNQdF2wLweJ2zQBvUJON4XEjUPO38niAWw2wIs=,tag:U6Jm6qV/TAMMMWRRo8MLzg==,type:str] + - ENC[AES256_GCM,data:f6JnJkHx8tNpQP0=,iv:pd1FmzhTYKTGnanG1aJw2+k+PjBZv1/r1defr/zyMh4=,tag:iHK1OzFkUJOgojjohQ808w==,type:str] + - ENC[AES256_GCM,data:gQUornwKdG4=,iv:lhXvlgX5Yzfveord4EXkwaP0u/dhPyCehQcYwyNxz5A=,tag:1sTdmij055JonMwnlMOq9w==,type:str] + - ENC[AES256_GCM,data:eu00Az5K6MAz,iv:o4ki6aktVFRD1VaiRQKMAyXwD2SDQXWqisVTW9qssM4=,tag:K2PUCKDoaVEt721zBpTYTw==,type:str] + - ENC[AES256_GCM,data:04Wh0tfe/S1jkA==,iv:osf5OQuy5W/A7allBwLGEJpCx11WC5fyCgqhiro3S+A=,tag:KihuWgRsbNcLFGo098001A==,type:str] + - ENC[AES256_GCM,data:ZJ6MDXSll3qOJWqz2a9W,iv:aTJ1TuD0r/nIl0pj2WWtTmxSx47hWlOgBwaTZwUDPFQ=,tag:h4cEQRaBT0Paa/MNKftrDg==,type:str] + - ENC[AES256_GCM,data:EpPFWL50zdAVTZi+An4ts+lju6mi,iv:EkZJk7LocyqJSVbn8OBt+t3sHiRZbCYPEiPG+f3WULA=,tag:B2HnZ6dHmq8y54DTRShq7w==,type:str] + - ENC[AES256_GCM,data:InwzVPViymM=,iv:2QHLgsUI5ktRGdUnSq7JWcE36ZihzgFnR8+k3up/Td4=,tag:Flr9h7h/ieYJwDKDH+LiIQ==,type:str] + - ENC[AES256_GCM,data:S660BYYWGNyD,iv:shkg6N4wbQ90nJOf/Ltek6lOSnxRTPhk2SXXDyqQRP8=,tag:OCVhL/jVsLIKHm44kslkPA==,type:str] + - ENC[AES256_GCM,data:OapZsMrBw0tPpCsJIw==,iv:VUKikQrzkEekRcQH+HpwJlLgEllrABrHJVBUuhCcknI=,tag:S11kknH7tRzYr/w0f0KO7Q==,type:str] + - ENC[AES256_GCM,data:f8df5HatFoj6A0Mg9w==,iv:7k2lKPC12x+Hvw7NzDQttxEhHfUko9A30bGIetvO+Tk=,tag:G5k049a7S/xy21Wn0H/U/g==,type:str] + - ENC[AES256_GCM,data:rzADrtTg78fMNgElqVtX,iv:PcctH6R8hHhKUbsdGbr8DNoF8mGTT8hBR+aasq0cLo0=,tag:L53tQfQHVEfZ55ujeSlB0A==,type:str] + - ENC[AES256_GCM,data:Ajoi24qPu8yUuFiG/0A=,iv:hPWa42MfkHlNg2VLOo/YLugM0MiRi7yY+F1k5tkV1RA=,tag:YNXhm6CpYOlq7n5HqP61lw==,type:str] + - ENC[AES256_GCM,data:DjCqJj1UI50H,iv:34JctmoDcIZ1/bJQnXqsanI7dUBe5rNWpE5V+4ntYh0=,tag:OrKoLxy3kuYf2iFTlyUFbA==,type:str] + - ENC[AES256_GCM,data:4FeT6MwjTuLb+Zdc,iv:tBAsMtDj4ovkDP9VsWo2t1QV7/1w3B/fWOkFRW06EpY=,tag:0DLyhQYEGfdEzi/1Gj+xRg==,type:str] + - ENC[AES256_GCM,data:bPBiUqpgjmXTEoC8,iv:fM9LWye00UZBrieetpVN7wnw2FUHWcN/txNYVzKoXfY=,tag:70OemLS2hgE6vIHp7QsVsg==,type:str] + - ENC[AES256_GCM,data:YEAHuvVGnzaEtm4A,iv:Fy5IpNi8qHkOEcRG//7UnOttRI+9G4EC2fp6yTOfEys=,tag:xz9KwAQnwngSp6e2s7rIOg==,type:str] + - ENC[AES256_GCM,data:MlQrlBlU5T2xq2Rp6WI=,iv:x42Z1ijXtvqMS+lBlL0pvG+kSuMXCm/NVLvQJ+NjAa0=,tag:cpTJ1aG04N6fRD3+kMURmg==,type:str] + - ENC[AES256_GCM,data:6ETLPL828I3CjTAYbgKY,iv:06lwQ1b41IDR2trSr+KrDfWRjoh4SxbKM8v+pbAr2BE=,tag:iUYRmOZjNOmrZm2w0EvmrA==,type:str] + - ENC[AES256_GCM,data:QZr4K5pzaBM6UP1tEk5O,iv:obvDdKhtd5xL1wDD/SQm85E2woshWlwaGn64WUhJGqk=,tag:UFaEWufbsQHZWte9SJSjqg==,type:str] + - ENC[AES256_GCM,data:TlbITvJN6eDKGuE/ACNB,iv:PemGO1u2tKr2rGPRpCjoDRzzNXaJPdABOqqyzK85yYs=,tag:K7cU2dNEcdlDTUKLF/cQcw==,type:str] + - ENC[AES256_GCM,data:yF8N0VQZFSBzI/Qc,iv:Wh5VgAuoe/2nQYaNILS8v0DYa/+QcltmHtziFo3nkTM=,tag:m7y6SK9RsnJlUxiYbqyaLg==,type:str] + - ENC[AES256_GCM,data:KXHjF3gKF6zSOBJrWEwU,iv:Mi7mfsaSNTclRo54DOsSEWUMAz1UzecgCz7hVLqXoyk=,tag:5roEhmgqqZ7vQHe43Hz4nw==,type:str] + - ENC[AES256_GCM,data:LzMI1UuJ3SddsOE90G24sQ==,iv:s6JY5T+G8528uFQ8RsZMsHqpvgNj911bCpTsIGIfjhs=,tag:oG1zroyHNNJBO+d3lDgjGw==,type:str] + - ENC[AES256_GCM,data:QaqbvevYUfy9n5IhJio=,iv:HseNHZZNKOtTPIs7oT0zrDTv2XhA/sxgfauC5MYDwBg=,tag:iS9qCHs8OB5e6acrFsCpqQ==,type:str] + - ENC[AES256_GCM,data:iwAbh1h3Xxv4jDhr+FQ=,iv:nxEQKQ1MtdEsWr/NeYvLZ/9kYv3FN6dkk8hGML7aMJs=,tag:18WA33gtWxjRLSQFNNqjcg==,type:str] + - ENC[AES256_GCM,data:UYhK3xLiTgDyqg==,iv:9Kr8e+gfEpgO7W4BN1x3iezQ1benDFUrCgoeW7ZfEuE=,tag:PTRTGATjpQMyVfX7egDHCw==,type:str] + - ENC[AES256_GCM,data:XT973+o1Ieimzw==,iv:Uvy+aoB2KXxBXEJ1IJdP8TjYvt2feME3OK93io6fFSs=,tag:KtL9b8SJ+dCRXeVjUZHNtw==,type:str] + - ENC[AES256_GCM,data:xY1FNNaAFI5i3vOmYnKV,iv:hDcVeviShsjSp3sscC7jmQEoa+M/gixdrwksZQfW2V0=,tag:Cj3l/lqRxfOPkAhiQ+OxlQ==,type:str] + - ENC[AES256_GCM,data:P875rrPJuP0H2upU3A==,iv:9bOW146bIv53tUFfpIsEgFufQItApUMcesYruRbJpT0=,tag:5pzGzKPLBTG06pTV1xBJIw==,type:str] + - ENC[AES256_GCM,data:nt0HXbeM9UxMM20alofr,iv:jc4qn+n3kyMRr+kxtQtCeDHhTuHhRQnpnCMzGMvfuD0=,tag:mbCfmtjwbECqhCGIbBGBMA==,type:str] + - ENC[AES256_GCM,data:YLNUBb7R1LMYWKhS,iv:IX5QWeExTkVET3zZVdrTqof3mXRXbA6HC3rpmT7dCQE=,tag:PADCDXuCAojW4f5weoqE2g==,type:str] + - ENC[AES256_GCM,data:uK9/5SjBfjOVPuo=,iv:6XuWUUr3o2WQq7WlAvb1CFLiYon97GtPuNnpUaM2Nyg=,tag:nYbWR7hT/JBv47yqJs9KPw==,type:str] + - ENC[AES256_GCM,data:dnW2TWjVQLcn,iv:Rd8nUSJ2/lqUjf7mMoAKZvpVUHXC+s3ErF64wFhQyj8=,tag:C8jRdKqRSnMdXnEJw1ay1Q==,type:str] + - ENC[AES256_GCM,data:nPUXmuZwFd7tqo6M,iv:GMusC19C7UwBS+zVwdgfqgm4lbyKcIu2ufNY8TinCjI=,tag:bCjoa9vW3Ws8Tay3CdVAYw==,type:str] + - ENC[AES256_GCM,data:kztra6AAwJAUJNBaHbo=,iv:A9K43cro90KgHk1x2KF/9ET4SCieDDe/x0rdCp9zBLs=,tag:2O+v8OrYK6vfk6cQRefOXw==,type:str] + - ENC[AES256_GCM,data:x7qBQ9cP8hPgg0DbN/gzEVeDeQ==,iv:n5DLp3EcJ/cXbpZjlfVCBJSYVSsKTvNTeDu7SL0tKKo=,tag:OZl38GADec63Bp4mbzOr0Q==,type:str] + - ENC[AES256_GCM,data:GbVteF0FVUzX/yU=,iv:A6pxEoOnhe9h1tvsfgYz3rQaUwCD1Dz/YDsSAZVau9Q=,tag:aC53IiXSOJbSTj40LPFETw==,type:str] + - ENC[AES256_GCM,data:pC1ijuhs7lyGoA==,iv:jjLONHukUNhMfkGQq4F1wM5pPjfV3fuAgZf0mY5kk/A=,tag:S4SNmcJez4FpI2Z7+1myrg==,type:str] + - ENC[AES256_GCM,data:kXGPEJi22ftoGg==,iv:KHJjno8OU12TLrtJAufC32u2P0ISiYCoOUfQZNdiWSA=,tag:pVaooLadO/zHYNmn3ei6yQ==,type:str] + - ENC[AES256_GCM,data:0rqfv9v51t6vCQYiug4RTw==,iv:VgIyaMWIn0yrfV6OmfjiFobNVL1Z2HmlBQ7cTA2xyvg=,tag:fcWIiLTMAL3A8EInXSwaDA==,type:str] + - ENC[AES256_GCM,data:p192hgPpojmug8lra9Q=,iv:nsseKH81ALjTgI+Uo/9Uo/aKoyQarZDxVhJtA/gaVZQ=,tag:ABajnMH9lvqfpu7MQHXRaA==,type:str] + - ENC[AES256_GCM,data:MVE3//vWLvFp0buS4w==,iv:cRKpBfX82U3XhJJ/8TqmRcAclZjzMCkPUwSDlPuuerY=,tag:VQ6arX3QDq0ZNPJVnBugUw==,type:str] + - ENC[AES256_GCM,data:evMJ2Eyr1xbBqj7QNWY=,iv:XN8xY/jeWQvqmJjlgSgQpEnxx1vLv+49r/lZ6dNHUk8=,tag:+Vq2W5K4/1LPLj3TL/T+XA==,type:str] + - ENC[AES256_GCM,data:paj6FfGjiwK/kVjOAZxb,iv:mhEaCuWPuqytn7YtMnN5hrxA8an70HByDGPQBV5ZxLM=,tag:NzD0LMnnT0FMlsydBeryew==,type:str] + - ENC[AES256_GCM,data:kzokDQvdqIowK7+f29Pnm0Sp,iv:HD7U/66YcekZ858aGIGiThwrVpRFkymfyHWJkO9gT7Y=,tag:H1j5Ra/qUdyyrn48A561xw==,type:str] + - ENC[AES256_GCM,data:L/KFvmGHITiGZSb5ZTT3qWo=,iv:zBmtI5t3jhxnxoOMzm6Da4amtoKWlHCrXgAvyTyqz5s=,tag:I4XJ5WvKcctiacDF9qhzyw==,type:str] + - ENC[AES256_GCM,data:jdL9gjOq3JToVmXE,iv:mUTARKnutwNQWU5FO1hGH3y+dWJg8cqHKb2PlR3wuHE=,tag:0umuH+ZAgWL57pSHTYZ2cA==,type:str] + - ENC[AES256_GCM,data:B7apyz9Mmw==,iv:lyPB+H7713Lftvswm7a+/EDoPbz4ZJX5LDuZ/+yh0xk=,tag:RnMThBnEPG2GmDhaicHuIg==,type:str] + - ENC[AES256_GCM,data:aqVWjhzPDE/ohN9l,iv:stch1cbSqfmlmYG5waBJSWvfLAA5yVIc1moTvKW4Ksw=,tag:Wi1DWWX0e12cRg4NAuk1MQ==,type:str] + - ENC[AES256_GCM,data:L/WqhlaU3psmXes8vOP+nrzSkg==,iv:QMf24h7ejpSyaxbakDJ2mCa2sdU7AQClAhOiqYrK860=,tag:/GE8Sm1AMs1y4phmQFS/bw==,type:str] + - ENC[AES256_GCM,data:WsdrBCdYIwLNU7AfCA==,iv:x2qlOwpFsdKQra9/WA0A/KK5znhdHeLJUhATpR4AfWU=,tag:FrgYPQ8n0G3K7xcr4xiuqA==,type:str] + - ENC[AES256_GCM,data:wjYbKIoyatr6X2mb,iv:NuHbjOV5tHirVwXrgsFtJeoD3FqSg/ebvx8Lcw/PWww=,tag:AWgAJDxSO2L21wakhJnddw==,type:str] + - ENC[AES256_GCM,data:AuAvMAfS7YUcOVtObiGj9A==,iv:MCmOpd/Vg+Fwv+2YyKRsXlvfGNq2fy8BrFtvecmqlso=,tag:eVF9OSJQawhuugz5OpmXNA==,type:str] + - ENC[AES256_GCM,data:q1XPtCxqdA==,iv:MAxZbFMBwMtxuEzZ04iGHZgSUhsgHLwzTKxK93w2heQ=,tag:b+EklZS+0XRnNdfOaaJBTQ==,type:str] + - ENC[AES256_GCM,data:N0ETSAuddaGsIMo=,iv:KQDyEmfy4d1QX/4mqg7aeqvAU6jtFr4/oeoYBP9q8Ok=,tag:UNc9GzPp16uEztuK8LlpzQ==,type:str] + - ENC[AES256_GCM,data:ygA8/zGB/3tLlr84,iv:0gtUrjEjn3PA4EEBW4JkcB0MBkc1msSUyy5IOBXpA+8=,tag:WFcqATtNOA+qVzZ7Zt/DNQ==,type:str] + - ENC[AES256_GCM,data:1H9koCUq0mVsJw==,iv:ALWbNFwn7M+0LPmfD8hBvARboA4RMzxlVFu9LOa1pwQ=,tag:cBwss9yD13RZK4pGHOVP7w==,type:str] + - ENC[AES256_GCM,data:h3/O0F79LpO8Kg==,iv:xqm8H/5mYBmtUDa4gdlA6ZWYtINVVTZuuvIjZtsYrf4=,tag:XsZnavOjQucKc6wW9mFWNQ==,type:str] + - ENC[AES256_GCM,data:KG/Z2kxBxurm4g==,iv:cIgukOWnQwkkqQQaqK2aSdPKNe/rwgiI+y1hn+7WkiI=,tag:r9bao+wn5EEeX5u0r5R6rA==,type:str] + - ENC[AES256_GCM,data:QWhVadAMMfr5jsbh,iv:B9BYFNsGNArO4MtSheIrXd2SHNwvOA+SD6bwuUJOSKk=,tag:uymQ2lO5YVfUtS65KciVQA==,type:str] + - ENC[AES256_GCM,data:pSOFq/5bq0mauAO2TqEJ,iv:blxMVPnmzBqJKO0QGEdj8YQaY1PwLm45Y/nc/xNmTCk=,tag:MTOyMBSWMF0qk3bnhJVbaQ==,type:str] + - ENC[AES256_GCM,data:dACENEJhW9Z1nyn5O26/,iv:paVsNKtBiFIjlvGsmzOW431S/zj8OHCutqZsspkne0I=,tag:kuadme2nSXvd687YBitnlA==,type:str] + - ENC[AES256_GCM,data:dE6bmSytXt/7Ghtb+Yvv,iv:J/FFuTCUII1Fy4lUNyJRJdnDYkzTG9CzWIRlozhPyz4=,tag:mVO4JU+pci5aaC4r1bZuyQ==,type:str] + - ENC[AES256_GCM,data:tmGCUyUlQW+Zek9x7OlM,iv:yP1H7d25nsc74XKwUqD4aWya0Jr/cQYdFZWxcgnuXNI=,tag:xPysy56pvSoPD/9KnZ0Tlg==,type:str] + - ENC[AES256_GCM,data:eYr77LxXpVqBYYSTB3WMUJXAN+YpCe23NRo=,iv:VAMvCk9IchGrQ262y0Ax0Cje7SnBtea1zSw5tkTF8+U=,tag:0mDxdPEn6VaBsMqMTbgv6A==,type:str] + - ENC[AES256_GCM,data:QILF2COBWSJKyTK4,iv:0zzPmChVXV5hBKYAK2hrdFTDF53Pd9zYO6a//Y46JIw=,tag:U/n3snTX+6FD55r8Tn0Vmg==,type:str] + - ENC[AES256_GCM,data:UoXIoa7AiOMArV1LTzFSDQQ=,iv:z3jIobX5UYFZHrpNRZWKlavYNcagZcaSROouiSyzYNY=,tag:CIVVeIk1wzy7HpiWOwhkcw==,type:str] + - ENC[AES256_GCM,data:O882PywNYT30/esSTvyDMOY=,iv:w5viVBru6ECl/SHD71E4ygas2399MPHJBiZ+wZzhQ6U=,tag:P+JCNXe96cdRhgyFT+pkGQ==,type:str] + - ENC[AES256_GCM,data:+Ie38Hi6sFuGc2c=,iv:sSyBJdYsQZo8Ebvnp76OKdu7Xwj5Ks/2Mn3xbeucsBI=,tag:KMM63AhfB0H5z2F3uT/1tA==,type:str] + - ENC[AES256_GCM,data:5eSvmByMxVwe9AvoC3WnAw==,iv:/t4t/LNg3zK60GYuqtliIrwxZz8kBngZALkW1Z9/i3g=,tag:YNsLWD8qWd6o6OHTMRW8vg==,type:str] + - ENC[AES256_GCM,data:mjZ4xJE/AQmVEwU/,iv:HJuXUSuLgfSAJilvOzO+lHTUwXatJslAL0D0TPmJn9s=,tag:vWBeGo3bmFFD3wOsdrJGSw==,type:str] + - ENC[AES256_GCM,data:ehx7yFOdBwJO,iv:x38r+p7FbxCj3Tx3gRJjC0U2X5rq41NKb02Lacs00cw=,tag:p6WrH75l4nNULW9dX+faQw==,type:str] + - ENC[AES256_GCM,data:tCklpXiautljAZE3ngw=,iv:4Ybcuw91stXi1sRI8mkyVT+NlEXtsiYY7eaQv4ZQILI=,tag:FTJ5joPVWovUgvDQamN6zg==,type:str] + - ENC[AES256_GCM,data:98pkCL9qdLFqbfrBGA==,iv:2UFBCUzLmLKhIEpoVOQGdz5wVcmVzJXw8qqMO+3dFvo=,tag:Y5K+IO1mbpvUA8FwdfaoXw==,type:str] + - ENC[AES256_GCM,data:us0jrPpwzkXOt8VOQQ==,iv:6wWJm8vhHv+tzCvxucyLUgDFM5MzPVlN7HzxCf9k0l0=,tag:DCfKOQp1/SyqhhaBo2poBA==,type:str] + - ENC[AES256_GCM,data:mw/xL9IM5poBgxFFQg==,iv:4AZDKBP197qcDK5hysqbk9UGWvP87BO3US1RhZFbrVw=,tag:TZKnZC6vFHPCjoflx3Wfcw==,type:str] + - ENC[AES256_GCM,data:XaaXUFZRyf3yZ7+m+1H2,iv:caMsKyoZbh+eEaIzFhw0lllTnbqzR0d0oeJoidTIqh0=,tag:4K67XAW0b6Nvhjq1vTnRSQ==,type:str] + - ENC[AES256_GCM,data:vwaz4BmM/D4UEn2cZOS2Fo3w1Dc=,iv:f2t+G0Bm36ocUQwQFP24IEfPWcZovbES6ebPRMURloM=,tag:F9rDcSr5KVjN1UiC6kPsnQ==,type:str] + - ENC[AES256_GCM,data:2yM5vAts7dP4PwFFBD9THDRzqG11CVg=,iv:bF5iEZUV5kH55IYTSf1oEfaf54/EnO4D8gN8WLJVl0w=,tag:Mz8ESrpcbtReiZEvlqayUg==,type:str] + - ENC[AES256_GCM,data:BD+utlZcBUNe28cnwqs=,iv:La+Cse8YwGGCOKwX7LooAcCt7VUja1WTUD0TVVszuvk=,tag:3AGRyYkUB7NBCvZZBk8KlA==,type:str] + - ENC[AES256_GCM,data:iwC/OhUOdd/EHM0=,iv:oNI3mUVPoFC5tOf/Uvto9qFwD8thdatsoswQ3VedJgE=,tag:+yLwD4tKuIP9IYjBDmxWSQ==,type:str] + - ENC[AES256_GCM,data:X9kLF5ooQQ==,iv:Qr3SgAFTm/6anSj0B0KaO//fF1KoCzP6A9LuDGEFXyQ=,tag:X6pbEg2stYGC5E98DbeGVA==,type:str] + - ENC[AES256_GCM,data:HDrVIHrs5U1Q,iv:JSbv+M3GWDa/bulusZe1te8MhkcBWjriZYxEdk2NkeA=,tag:1gEHNatazpx5oIK1xMKBFw==,type:str] + - ENC[AES256_GCM,data:hXlkw7N8X5nIezHb/cibsw==,iv:3Zf4Cgwp9kO3p4Suj43veLzrJcb6iH1EXLahNQgAIik=,tag:y917VoJEzUYLnJZiFX/x6g==,type:str] + - ENC[AES256_GCM,data:WVen30LekO6aYTiZ,iv:EfmEd3iNhly7O7wbthHP9RjAZjQbllJvdaCXyvT/Kg0=,tag:Nd+wle1Y0Er1Ch67+6eNYQ==,type:str] + - ENC[AES256_GCM,data:RS3ZpXEtJd0/SrdgLLrN0jXwZ3x2Nw==,iv:RisgYp++96FHBq5oPkhPuTXgqhqMDaBec2K82bJgPCY=,tag:91fKiEjzllzbuYbCmXgTRg==,type:str] + - ENC[AES256_GCM,data:L+WtFIFLhWaUF+57Sw==,iv:AZ4yFK+6Gqn0Bm+fHs5iL76IVfpagqw2omY4A6ishM8=,tag:yrkQEBVA2U1hHc8kHZcrRg==,type:str] + - ENC[AES256_GCM,data:hSxBsJRP9AtMp26e/Q==,iv:E5ndMHU9XV9Swaxr9M0aB5HOSWhYUDbRGYXg/5+b+es=,tag:jiCkAPHInlSXwbi80n2uLg==,type:str] + - ENC[AES256_GCM,data:LFQymEXZnj8rl13iurci,iv:T25wF0A7yz+7wjg0o8vTFyS4TTQYwTSQwd3TRKwcQ28=,tag:qfuzejrZZz/GQdZO5CUc8Q==,type:str] + - ENC[AES256_GCM,data:tx9s1GmiW17S,iv:XvVg7Qqob8z9bFMbeq+MA+R7kEwVNzqYaKA4ycrMu3c=,tag:rNMr7vceqhQ4wMsHcoOCYg==,type:str] + - ENC[AES256_GCM,data:w+cKYh4x/Bze464qlQ==,iv:xp2WE5svdXj+IZRzKIbhAZCTjoR5hewLPSHgnZXO1FM=,tag:bt/r8TFuixXMc4imgQtmLA==,type:str] + - ENC[AES256_GCM,data:11EunEGZRFHvdoVr2NNLnkTf,iv:L6plJwhPMSTizMaYug21zoEKWjcJJ4X9qwhLxDj6ZdU=,tag:Wjzcvz8XWF21gF6AqDyqvA==,type:str] + - ENC[AES256_GCM,data:bYJe4p2Vjn36jKSB3Q==,iv:hvMhy6hTghlmj8lrUH2FfhGrZo2xuv1CcfHldL0GcFA=,tag:Yoxj4BFZKIVznQ4uKKdCDA==,type:str] + - ENC[AES256_GCM,data:aVqjZKSp9a9183QI3dY=,iv:hD6MJUmD0c/wQ/wq8W90lkxxmwBamfhX2F1c+zB+wSo=,tag:QLUPzhhW8u5edD+5nbvK4g==,type:str] + - ENC[AES256_GCM,data:mz+G1tnaT5lUCHUQfw==,iv:PAviYGkJgOYHfuswwZlzHlXaDT/FsSEBUI7J8wUD4Q0=,tag:McdDMJ693l49YogWRm/Ijg==,type:str] + - ENC[AES256_GCM,data:v7HpeYBUhtSNWw==,iv:41aBk99oBniSNoMutpq9vLz07QMzJhoPhSVOGi5lhjY=,tag:rIhRzTqRUUj6zlII6fHFBw==,type:str] + - ENC[AES256_GCM,data:jhzCgEl1+7qU6ma40VUEiPo=,iv:HuHgWVMGtZoREyw+IttACVSyfveTooP+Uw14ZGLaMys=,tag:L7wHd+lxte/Hv0VQV1cp8Q==,type:str] + - ENC[AES256_GCM,data:snVOw8dcdgKR+A==,iv:Cx3tjZAv5tMo7MEBI8RS5EPnmnhLHuuFj7UTxFWF4/Q=,tag:dW7ovuxy7QZCTTEfU7fz4Q==,type:str] + - ENC[AES256_GCM,data:DCRMOz4cyWa90L9R6Q==,iv:i8vi7f0raKMsbvrkfRAKHO4DcJZK+ft5/o13VoUUIQo=,tag:kC08dBogzMACGX6ryMVxRg==,type:str] + - ENC[AES256_GCM,data:AWijGzLv/qs=,iv:8VH9YqhtbUqZOtT8KV99TqXYkBNy79o+uu0zsmtECeQ=,tag:ZTgHsyjCNjYx0e+3/gVasQ==,type:str] + - ENC[AES256_GCM,data:4uFeZD+tDj+wdqrdHg==,iv:1RRBogWiZGYSlizwjwdJGTfd/YIBa4UTGmQ0i+v3MCw=,tag:q4fBpNUAX56LYHizoDA/sg==,type:str] + - ENC[AES256_GCM,data:5BdwRVBHtJ5F0w==,iv:vbmpBmKXxt/N5eA+YfnO4KQIWRWQ091eGXuSTKDRCLo=,tag:GjVwLaLZU9q1Mccu4Ax7DA==,type:str] + - ENC[AES256_GCM,data:tWGhbylRzGT7k42nxNfzrhY=,iv:18b+Q93hCMvH/HRLJHq2WcaFYqavH1Q4qjJguCsdntE=,tag:AENno0OePjUAVX1zAuPI+g==,type:str] + - ENC[AES256_GCM,data:fkyZwbxJ0Jegs8I=,iv:JjPOlgGq4dhBhgOa8wOHg6kDxro1rTf6bowggsLd0uk=,tag:yiMXy2nf6MOnZIYUGP2nTQ==,type:str] + - ENC[AES256_GCM,data:evmsAQc/DR8YN8WT,iv:byhEFjxZcN20LlY1xRwqrUDPTStt9k9fBqgy/otyM3A=,tag:Z+c30ZN3NBE1FANwoCagrQ==,type:str] + - ENC[AES256_GCM,data:f0e0gPUmoVuzfkooZA==,iv:HlO33q88RziFOJZTztpv1DioAimHS5AfcnM+2oYz8n8=,tag:DA5PlDx6S/953aTFp0OP/A==,type:str] + - ENC[AES256_GCM,data:PP/9nyNUCLVErjuM0w==,iv:LzUqjNJWV10UddbY4g9oqCz31Fv+w9GJrSXDFJNECm4=,tag:9mNzoHH5WzTZ54ZXk4xzmA==,type:str] + - ENC[AES256_GCM,data:uDuJO87JALw2Ln3C3ezAxrzwMKW9,iv:hMN4CASBQVtHZOUrGrCdo84yUwGXhO0AwIIogReBo88=,tag:jWfa7YsDjApNnZxCm61huQ==,type:str] + - ENC[AES256_GCM,data:N43kqfGX2WaaVR8=,iv:Edc+gIKqsGwtCNVHfL0i1ZHxYJjLeZ906D7PAoH1yXM=,tag:pxyGDTvYZUet6KLnxwpgZA==,type:str] + - ENC[AES256_GCM,data:74YWmYDvlZTcOSpl,iv:ExhKPdbtBE0eaa1trBR92VW/wp/77m0MhFx60YMtu9Q=,tag:aO3Us5jpvGX86Zw0B3jOwQ==,type:str] + - ENC[AES256_GCM,data:+4a2pf/G+ok2nI+OOw==,iv:tpKsL7nQlE9dEPaZi076dL8ytsvDR2y3uMa4DxDfaJk=,tag:W5AjfSZBu2ivE/VrUWS/mw==,type:str] + - ENC[AES256_GCM,data:sidJbe8reC4+fqj8MoU=,iv:tQafF5fFNe5/0Xf1ISFQri8p204taR98HpsvaHIgk0I=,tag:fEyio4gTcbmO4LgMK7G8JA==,type:str] + - ENC[AES256_GCM,data:NUx6gpinf6Mj5anV6w==,iv:LXHkmOdskmFCAOOEYbhH+iVH9pqMuNz3x17ePwX+tyI=,tag:pQgxm7RHmWkNTaSdftdpGw==,type:str] + - ENC[AES256_GCM,data:bvKhcoG6fQdA3sKvp/WT,iv:MIyG1Gs3xXmOYZYVuVWDUC7j8CZpX4p4F82rdpL57hY=,tag:DwA0xZUIB5qH8wAJoUi5eQ==,type:str] + - ENC[AES256_GCM,data:Sas+JbE0ihE=,iv:WNEMrAiQzNbeT2WbD9OE6x3mfwIvn9fqvcKoF6rKNxs=,tag:ntKkCBYy6I7ffZUIgdORGQ==,type:str] + - ENC[AES256_GCM,data:rPOQlOC9fCw+hS0=,iv:z83OF5td5MgYN5UQ8zuUCYNO5aakPPc2Leh8cilsI8o=,tag:k9L4rFuu9+g38hCzHWgZDg==,type:str] + - ENC[AES256_GCM,data:BguyLLWfN/crGpG5TQ==,iv:kyqG8owN+HJL/TJEsINlVxgL3NRRQTkBpTRbjQQaBMw=,tag:QlwLod582Sky3IX9ZuwAVg==,type:str] + - ENC[AES256_GCM,data:VW1g6oijqRV9+5dtr00=,iv:M2JFECkk4U8A3FFdWeXpviMf3K4Nu8uy7ZGyLOyMcA0=,tag:xhjBcRxt+Wfn0MgPQ/N8Rg==,type:str] + - ENC[AES256_GCM,data:WtawgCjZQku9VFOoqQ==,iv:/K/vdqqgKxQYLj7Oeh4zsu+MopzevCkhf0SOkA6NSL4=,tag:hqCDg/M2TBUvoOfBoBc0qA==,type:str] + - ENC[AES256_GCM,data:scLnt+KlKAiM6QRawDj2,iv:Ng/mh7xYTW3iOoviv3FDQQJoIJ/LH0zx+K5swhlccYA=,tag:saNSBoh8tMo7zmd/iiDf5g==,type:str] + - ENC[AES256_GCM,data:f7RuDumgvfjOxOkKX9hM3w==,iv:iIVjn4bUKOZR48rnvYBP/PgA+IxJQQEA07wmcc3xrsA=,tag:C4lF8H6lUgekxFxVxplLCQ==,type:str] + - ENC[AES256_GCM,data:lyiMosowdCGl9sVkMMSk,iv:817IguMXrLxfpsvuROfyzG3lxvHi8Qq8M1xF2fnE4vM=,tag:0wSq8KUIkNHA5kkMf0yD1w==,type:str] + - ENC[AES256_GCM,data:8FQFqmPnU+6MUdmn3Q==,iv:u8vDMt4+eP3YZZo9eZj05Ka/dwRXa9RZdUtcx7m8foA=,tag:f74De6wDgCKeymEwWtSNbA==,type:str] + - ENC[AES256_GCM,data:J7g9PuPskahTCOClxPew,iv:Ij5EdtRofP47fdScidsX2Kfy1WpVn3A4EPWP4sHL+SA=,tag:I0m6vbi1nLEchqg6OYymgA==,type:str] + - ENC[AES256_GCM,data:wR+iwr5sdszXyLyNE5I=,iv:GjAysYsZ5Cc5gUq+hf9nTKILAR3zSLbNpUYhaenmwYY=,tag:6Js8kpjeRvv3JZ7lvaEErA==,type:str] + - ENC[AES256_GCM,data:0HrhPOZv8lTHY0ueRg==,iv:1Zsjh3bBuTyk8cFx/Xt5/JyZ37nrJADRUtfpzlBhxIg=,tag:CS9vOQpm8IRZe9HY2WoNSg==,type:str] + - ENC[AES256_GCM,data:mbGTMwte7w0qdFXiM0Q=,iv:CJqlMCMcB/b3U4L8cipkMCt7/RGzo63V1MLlBFl1Pt0=,tag:DZbmD5dx4xQBPGB8D3JRRQ==,type:str] + - ENC[AES256_GCM,data:slloDqhLDTSAtH4=,iv:z/hJqg1E8uPRUtJseco02RXokjhYfDv27wDAd0mYJ4Q=,tag:RoW9O4d6x8i/2Igh5Cwsng==,type:str] + - ENC[AES256_GCM,data:AyyuBsPe8Kc0pew=,iv:qRCXmtzwbDKly5qW3901RXyCCDUbAbKIZx8lTYEeI58=,tag:l4wEDQe5INFlzeH+zv/mYw==,type:str] + - ENC[AES256_GCM,data:DcmUMw4fewmBvOC5,iv:yBzAgy3W3EtpWeR/CYeCX3pbiqzVqH8WOjl+NzndXX8=,tag:JvHFfHdjz0XQz7+LmQE6zQ==,type:str] + - ENC[AES256_GCM,data:sjEohH2RtA==,iv:QA7kb5P9AMN81yyplOKo53oShbm+qKO0jRCHaBfmcVQ=,tag:j8ZmeOP7HYcoR2X/fb6gnA==,type:str] + - ENC[AES256_GCM,data:kEzpslsfPy1fwTW2DO4=,iv:MCM+9Q34Ux5/cPpKPH2dM4eaTWXgWD1PACQcObrkIHI=,tag:dWu9TrPdGRAYwRAqMIW0FQ==,type:str] + - ENC[AES256_GCM,data:YJIoyXqM/EbTKNEH,iv:PQgSks4UDJVWwEFvrG6Yv9gGn7mOQ4EbRxE6xoHq588=,tag:AENHj+/kSGItzB2GwieKwg==,type:str] + - ENC[AES256_GCM,data:WZ+0s37zF8AFTUc=,iv:y8iibFWmcPITqwsnO9AJrBd7AuZKql4p7HUHmcSaUyc=,tag:rgTdV44DPK9Ponxctr/lLA==,type:str] + - ENC[AES256_GCM,data:0bmgVFQM37YSfJmCTJ/XqHhaLsC1dT0=,iv:/9+xbGPJqiDbK9Mxr0mxOyxvADZWbynaD9Lv40Vp5/g=,tag:MLzV9kPpqrwMjbHd4vI5hg==,type:str] + - ENC[AES256_GCM,data:gmRj7KjohvH1rjVcq8zz4sGLoqhr,iv:Z3iumygHzg7nRPGMSVQchEUbFh4uhtWox3AYAZ6AJOg=,tag:1w12UonOB4viN+CriBn2tA==,type:str] + - ENC[AES256_GCM,data:3TZspbnihCzK,iv:T+JEAFYGI/jMbMyoNBj37qt+pVu4zzSOnUrWOFAX4Bw=,tag:lw8JUuCEuflJ/rwTRS0tqg==,type:str] + - ENC[AES256_GCM,data:5hWSl/iLLxcSEsJh+XM=,iv:9yZig3jc57O+/MW/5xJX0DW/FkVaF6xKp6QxuEMkpag=,tag:9MC0iohPd7qs7+BYNC+S4A==,type:str] + - ENC[AES256_GCM,data:3gF7xsW0M+bhpA==,iv:90yGWDT0QYXEi+eIcSoSW+yrQ/g2BVVgZ4gpgIQYCLE=,tag:Uo31fV5notdThnfutaMWcw==,type:str] + - ENC[AES256_GCM,data:7d0wFoKarIU=,iv:mvDmuY7V4D5smyyjZKhcwgOv2P2K6L8y4rRwAso0K4c=,tag:atVpi40JnheTUSfh4B/KPw==,type:str] + - ENC[AES256_GCM,data:fiVYcfPitrmCV4z7hfUV,iv:bQr/M3WMw9G7QxykgI9xNBklvYY5H2DrwapiJG4dcC8=,tag:08zxrDzXinb7EYM8psuMgw==,type:str] + - ENC[AES256_GCM,data:o8BUqlMoXZNF,iv:MGYm0MyRcPGzokmbTFqNCFsnmpJO3pJFY5lbMoLFDxY=,tag:cwm4jiVrcB8r6ynrVBZtWQ==,type:str] + - ENC[AES256_GCM,data:abRKATkDpoOdaw==,iv:2hoaKhA6klYDh2+zIfaDeChKSyuUROhdnXJbPetfpdM=,tag:I9uhm723UPs3iXU5pUQNJg==,type:str] + - ENC[AES256_GCM,data:KJM0X13HpmaPCw==,iv:wFoaj16/pglQZJ0oqOlet6EylKAizKOTFPXWByHnuVk=,tag:VqEv6pMScamghVkhcDj5uA==,type:str] + - ENC[AES256_GCM,data:hjOynLCbrBt755o=,iv:0XQ+eLyo90rF5vprBkAWcux7bjHQMqcuAheHV9/BOx4=,tag:XFrUBAX08K0HRI9yTRhFWg==,type:str] + - ENC[AES256_GCM,data:6Yj7pUNvBOpbovERbw==,iv:Z8A4pXjFDInio0NvgVy8dB1ezFuJEMvvvhW60raWKE4=,tag:oDBQTAYELX/YPqJ6yZihnA==,type:str] + - ENC[AES256_GCM,data:YSHwWtIHXUfHKVg=,iv:mIcM9kDRr/0BIrlCw4E4+/1Yk7GqDsq39+BICD7IOU8=,tag:K8vOi1H31l6eziwK+Yz/uQ==,type:str] + - ENC[AES256_GCM,data:UsfQfeCHtOfF8sqc,iv:0kSHeP1C5tC2bkiJdIOsJc9TTbIjwTPpKByMUOVjmvM=,tag:1AwZ5xkVi/mgfEStcEWcKQ==,type:str] + - ENC[AES256_GCM,data:pBF0Hb330P+4+dnqvX7K,iv:zR7OJClYPWwwNHGl1y7p40RIz83rI3l515xlLTop6i8=,tag:rHwN5hZfQXOAAHsuTw9HYg==,type:str] + - ENC[AES256_GCM,data:9NMo8uyqNJtEBVwtuPq/wOg=,iv:BZFBTny23SXmjkMYfMarNxqEY7hS9mR2iRdWGwfymXs=,tag:Cd3x+/x6xsEKohDUG1tJ5w==,type:str] + - ENC[AES256_GCM,data:c3x/sAP/P1Tjp2OaUxoGKzgh,iv:Ulj5YJipSSABuMD/ZqNSbtatwqUpt2WbFaxhycGG7jQ=,tag:oBPyy/7yIkGAtMVdmfr1GQ==,type:str] + - ENC[AES256_GCM,data:FiOdPEFgWVtclS8LQA==,iv:6K3tbOjtM0gpkoG0N4xCxWjOfJCm8nYkpu4jTNKDL/8=,tag:vGri2dpH3EB0+DEzjfNaHA==,type:str] + - ENC[AES256_GCM,data:L4YedKExZDpE,iv:4zu9/6512L/tsisEFGIUqJMPaEcoCTfM7u+wSF4h49w=,tag:29b2cwMrM6jYq7X5zCc04g==,type:str] + - ENC[AES256_GCM,data:sz/i0gS5ZkPX,iv:OeM68t1MCFJZi/56ER457F8cRGPZoqiqRJ0I7UwK0Zw=,tag:Qvv5dbjLdlMFfT52v48fig==,type:str] + - ENC[AES256_GCM,data:yRo4vrdiEZ11qUMMr67Mn0onxg==,iv:rt9eyJhQ3vSQTJDPdwdF0GgWvJcj15XddPQdstYW6dQ=,tag:VfNY0+hdrBPn7QuCVXKEnA==,type:str] + - ENC[AES256_GCM,data:N/GUYG/yeVLEpDpbNWpooejf,iv:dobYj+XNDTjJ7yMLMC1Df+YOw/N18gRSPBC+YAjaD5k=,tag:lz8KPuSUezw49IViiH/SQw==,type:str] + - ENC[AES256_GCM,data:yHMOnyfG/Zv/gJbZ,iv:WT5hYDWQzpO0Cs4DurN8p6ydrPuba57SYz8JAFD6AAc=,tag:C41KG5X3HLoheQS1OZHPvA==,type:str] + - ENC[AES256_GCM,data://J+s0mOdUZaB7/7eYxBs7w=,iv:XsGfyPzXxH2F3Ehf0vCU/4dp5CIeqkM5vdX8k/fZmus=,tag:5Q4ncxX6qdvqbqbwJnsE9Q==,type:str] + - ENC[AES256_GCM,data:uhjKCKViwYEkLO7EOa1KLAk=,iv:FfBPgrQUcoYK3XAov0w0mJSB2bSCSw5WS1lqkFPJags=,tag:9DUWnvsdE0FFyh5OGiduKg==,type:str] + - ENC[AES256_GCM,data:sQroPatKvQ0FeIUOe5+L9q67,iv:FccWrrJbUe8hPVfin1ZfFF3prCM16Fm3asZNFFVzqmk=,tag:VeSrT+s2fDpJlH8TFSwu6Q==,type:str] + - ENC[AES256_GCM,data:LOMO+ZlGCL6n4EPNR6U=,iv:gsmI3Yg8TrDeQbZz8q9COAjPMDrDNIFOoaTSXM01QlY=,tag:Stm603eMCYdtH3Sg7xKiWA==,type:str] + - ENC[AES256_GCM,data:w+/utPQ/lGEc7B0xdVTf,iv:P73POCD6610PkZAPxiOD8hyT8PXm28YgjLAiYGXbf7s=,tag:RlDYugsYPsT64fvfRmVvsA==,type:str] + - ENC[AES256_GCM,data:kC2BcLN6FQ+8NVgh0w==,iv:NCljwKuAUZimyLcyxkD0Gh8udtVYo3MKMZg0HPqRWnY=,tag:z8YtD/MPY1uaBTjW8S9NNQ==,type:str] + - ENC[AES256_GCM,data:HtPCNyuW52/i4qNVk9nh,iv:/2JTmOQWSjvHg5t6LcROPPx3VwWq8iIXUtmiyXj31Xc=,tag:Njy9vpGnvMlEqVnoTNt+vA==,type:str] + - ENC[AES256_GCM,data:Ws3tzGRUI5gehFdL,iv:J6kUD1OW4mkKSuxXfY6JrQmo0Ul3cg8SoQb3jwvDju4=,tag:gWFKXD0uP/kXSS+CVDo35w==,type:str] + - ENC[AES256_GCM,data:+wjVM8WWLmUWwuIx,iv:l/VakkLxv97V26mbgTNVcgwAC7LVDlywdirn+FY7lk8=,tag:p7v/dd05WmCNr/liTmvKWA==,type:str] + - ENC[AES256_GCM,data:V0XPFZ6x7dI2+pI/gSk=,iv:8VbwifvtUxyMxPX2CBISglj4nrxYiqThcumhMTbRTMI=,tag:rMq4C21tEoeq5Dg68wMajQ==,type:str] + - ENC[AES256_GCM,data:finSG5R8ITJNLU/T5BgP9WY=,iv:TitVJk78pTjle26trUIxrKp/vVNGCfoUj6e2SindQGc=,tag:IsXJUnKOq7SGIEQGNsjvug==,type:str] + - ENC[AES256_GCM,data:j+clRngX1JRltDwZ4g==,iv:m3a4kfXQMv3jj9ytx6DGvJfZiDm1Mmq32IsOvCmyUSQ=,tag:RvmUU2zcAg3ccL1o89RnGg==,type:str] + - ENC[AES256_GCM,data:OtX5/lSSHvzvPSYkjc0=,iv:ziB8fjVfI+L1hkYhLG0wGTY+WdLi/38sDTrZc6/KA1g=,tag:0e+kfz/ZACgxEpdA8iAraw==,type:str] + - ENC[AES256_GCM,data:5s1CCkpjd22zeQ==,iv:Bkbe5WmnLaX80vJDTHqfou1+rBGjvk2qNNbMvRWLSzk=,tag:ObN+bZ3ZePKbGaCqXWZU1g==,type:str] + - ENC[AES256_GCM,data:Lsbxj7ovyKerAQ==,iv:WoZvx918kz2SpeVcPzkntvSBoEPyquwFD0fAt9KV0T0=,tag:OXFudSCTlap07pulxALN2g==,type:str] + - ENC[AES256_GCM,data:/zCps4TJeEEWNsY=,iv:uX4Fe3gVoA/i8bgrpdY0naz8fGmNI1BTBXQdNdgVcJw=,tag:SaeQxYDfhCMY1qDh3//urA==,type:str] + - ENC[AES256_GCM,data:NI5x/rN2U26CsiI=,iv:2JzxU9rnTFptS72onMT64p4/8EievwLDMaSORwVh6pM=,tag:0aNKldcEWamIqWxftXhpzQ==,type:str] + - ENC[AES256_GCM,data:xWVPPcmRPiXnPs7iYbovOR1h,iv:7+mM1BCFa/wV5nvtRbqJnD8yP4Iv2e7Nw/wlcINu7E8=,tag:k5YERamqi+v7nuRMC0C1cg==,type:str] + - ENC[AES256_GCM,data:CgjbhJ6yKbaGnfIsLUWJA8I=,iv:iEOGwY5qz61JOp6K2jdWxsXSsaIhGG6h37rgv5IdIrg=,tag:rjrs222LZ6ET36zVFOcCvw==,type:str] + - ENC[AES256_GCM,data:4r04zJJInd7BT7cavM07,iv:goXn3boYSdvcFG2xjF9ec34cP5hHX7nqKrowYrqg8+w=,tag:yM6E997hhhtio0cxlPpVuA==,type:str] + - ENC[AES256_GCM,data:ZfjcgPl5B00E9K38zog=,iv:eXD2PqPGpPVmrKNOI+f3SJGomtA0rHS7ktIxhJ2/bx8=,tag:xA2nihhkosaJUpvpjjVlQw==,type:str] + - ENC[AES256_GCM,data:WGIvlMk=,iv:BogvYvQ5aHrMt4unyYWenR3ocyqlYjKZsHQL0Hm2hkk=,tag:B9D4SW4F9NdGU/J7n8jA/A==,type:str] + - ENC[AES256_GCM,data:tdXXx3DJpxgz0FySSfDZMfxaOck=,iv:HI+OOJZZLOTuJfBEcCRZf5PmyXSoCEW+bS13Qly2E84=,tag:pZd9y/PYi3ZqEZaVWMvHlg==,type:str] + - ENC[AES256_GCM,data:tpMXkPxuluvfU1LORA==,iv:JH+omFg3X/MrkAKePR95L66upmMvDVjlo1jRaRtOt7M=,tag:ttgAKAbPZFgOfxZa2rgaDw==,type:str] + - ENC[AES256_GCM,data:8T/WqnPNwQGxQQ==,iv:HJBx2WNMyF+xD5ummeYt8PxYiKoC1tIK6/3QQ86W1pg=,tag:eSWUJ9xSpWTIXQ3olliEYg==,type:str] + - ENC[AES256_GCM,data:FcKVXaB26r2H6yB+UA==,iv:yUHr6Jk+vU7JD01prIn+Cwg3sarKoYniNgVHFOjVk4A=,tag:6c2552m3pDxNsy+KaKCp0g==,type:str] + - ENC[AES256_GCM,data:vhAZIEs83KXhftBviA==,iv:Xp8ykiELPsUG1bubu5ZRIZ1FvujRj7m0ezL/yGwZcKM=,tag:xuTSJFmfQNNuCpsbWW6y7Q==,type:str] + - ENC[AES256_GCM,data:p/dWJZ5K/hglE18f,iv:0dQ5GPEugp8pda9eonTgLPjNmrsrYn3orKtQN80j97g=,tag:J783u3Sspts9A5c9rYN0NQ==,type:str] + - ENC[AES256_GCM,data:qOhSdw9txQdoImTo,iv:SsK6ASxkXCZm3u7tNJz6Dntr7wtjohSrM/1TeqleNdk=,tag:3eozoODxUDrk+YrmDibRXQ==,type:str] + - ENC[AES256_GCM,data:4+5Yr1btbI6ZQ9xjqw==,iv:v2PTGDaP1t+Y/N0o/CLAqF0vHtLsO9g5zfRsZQfXsbw=,tag:AuD1i4EzPeSxQ4s5x6ryCQ==,type:str] + - ENC[AES256_GCM,data:TLdwtQazLBL0QzPD,iv:/iGgDlAXI974OriwciPhB9hGoZjiTzgwW5mbmOopNcU=,tag:OjT2XbYdzMhRUbpxtmx7tg==,type:str] + - ENC[AES256_GCM,data:Z9xm7jwzkoOiuvVugA==,iv:4YmZ5BSe07ByhUXbrv+/ZKxygFTikxlcsWdbaGNqlj8=,tag:esLkYMtg3qq2BpFw7yCc0Q==,type:str] + - ENC[AES256_GCM,data:twWGSZeeTAPP7Q1uRQ==,iv:QVaMB5jRBa2QIQ6FXQd5RllWGLf0gKKjs8t8QZMqzf8=,tag:tag4EcMoEtbH3aNKFWYCJw==,type:str] + - ENC[AES256_GCM,data:rvlqwW1Y7KY=,iv:xAma5D9fj48Y4YRecCcCTX6C/fWWz4TXkZTMUhnEA9E=,tag:ZJhG2rqKrcxT6T1Chc78ng==,type:str] + - ENC[AES256_GCM,data:15Vp7GX8GCzN/malN20GTA==,iv:Vw6JK1/EKouFnp2E5b9JGti+LdCegL3FCcRdHmoWaSw=,tag:+x5ufgwX/ErgQfWeIydD8w==,type:str] + - ENC[AES256_GCM,data:U9ZX/t61sRnMyKXnAmA=,iv:4p9qpnXX0oqugBth227eNKUYczet/MCol8GkOvhOtv8=,tag:yHdKrVnxs2C3E1BfmRXKtw==,type:str] + - ENC[AES256_GCM,data:aMx5+BJM9KGuAonE,iv:leF7z2wEg7Iy9xqwcHPAS2Yiwl016UqYTK/kpxGr/ug=,tag:d6BMDveAeOndOZbC3Ubcqg==,type:str] + - ENC[AES256_GCM,data:xoahTbs5UljqAM1z8A==,iv:ng+LRJC/H2FPDWeXzzGS7DxICmj4j6rmDtow8DuloUQ=,tag:sZzITiYISLP7bKU5ChvAHQ==,type:str] + - ENC[AES256_GCM,data:pHqC5RST2ORF9dLKfik=,iv:DR2YsErbCPCB3ftTrV4B2ToRfghsCpjKCqvI7E+EESo=,tag:zDbPb6Hnrrtml6GAMCLfmg==,type:str] + - ENC[AES256_GCM,data:XsW6RqBK5Q==,iv:C0moasPRyIggSYjegtvWsfQcCDNCRxMRSzyxD7j5sOg=,tag:Y7Neun/QQxC0jr8a8lAEFg==,type:str] + - ENC[AES256_GCM,data:DsW9iM/O8NHRde27Kw==,iv:pI1ww9rjblDYQZgMYpXORhu+vfYSE8xBvWRk0mb+mhM=,tag:Ct18Kv3BqoxbmvY1tF7K0A==,type:str] + - ENC[AES256_GCM,data:/7ZmUDKkSo/N,iv:2gUHhQ3cqIdiHWnqhJxogjARzDly5uzEsMMMlM4f6ok=,tag:l5zv0bVtwSxkMlh2H0Ch9A==,type:str] + - ENC[AES256_GCM,data:YXSyvh3Mj02xtDIYPA==,iv:doO/mYvkzbhE+q0PU0oy+1GGpxT6ffCv5fMLQveaN2s=,tag:zRBQ7q+0i3chO23XjNkXqA==,type:str] + - ENC[AES256_GCM,data:lZN11GMpCWcIVKXrbp+y,iv:RRV/QELPN1cXw8l2B+sGBhTJiQxeojtBDjPPDRe2WSc=,tag:HSTNowX/GRXdD4/03gFqLQ==,type:str] + - ENC[AES256_GCM,data:M9FKsGSiTek0OwdRWm0=,iv:Vo4/GdBFVx12beFZU8ul1WsVMvxeXna8M2UQkuif3Wo=,tag:NzRf0AOrmtTpJVPrbi4ibA==,type:str] + - ENC[AES256_GCM,data:igTNvw2PumDKUSeDJXb+kMSD962d,iv:JopNyT/po12nLMAqqhfzEU9ocO8ZwILSTqSFZoxebwI=,tag:Yguji+hEdTQsqksUodFhOQ==,type:str] + - ENC[AES256_GCM,data:IqUcQ1FpBKTDIkAN,iv:DZxpVXNTq3lPhYTWMafNLRtoPEJSLCkSYwyC0Dz40nk=,tag:QlSXRGROMgjgG7gvr3ad9w==,type:str] + - ENC[AES256_GCM,data:hx/8hsA8A18hJT13Ig==,iv:SSQAAKGGLWOGahB42s96p4Vx8Cr8AizF9EnASZY5I94=,tag:a2CIjqikgZQ1AbzkwwqyNA==,type:str] + - ENC[AES256_GCM,data:eSUoIQ4ssejgpevyUZE9cxI=,iv:ASpwiBv9BUWIRB7GsvyRRGtRTHNBF1d445PmhIYvT98=,tag:tPNs51+V8w7WDQusxXiOpw==,type:str] + - ENC[AES256_GCM,data:fRmwI+BDUQWPrXHce9GH,iv:pfFb/PCZhcI8uvwvjaqXdi25ByQVG1usgPDs0Oh0Cz8=,tag:RTsPHWDIeD7hIFAtm2k+1g==,type:str] + - ENC[AES256_GCM,data:uxkZMHAJ9kvoQ8kp,iv:X5qx1Qrrndava3sgPspqHHKuout/+Ui7V018zEDX8Dw=,tag:WkF9Iy31gvk7tsNhDaHk/g==,type:str] + - ENC[AES256_GCM,data:KmW9bop5weVCvQTZcB4=,iv:krdts31lLWpmbC1M+cIWXI5s9+FBA+sl5wR+3Y1PFJA=,tag:BmXn/6MWAla3bBNIdrHcuw==,type:str] + - ENC[AES256_GCM,data:VwirW6qw7HnrMA84mM0n+Zw=,iv:pUzNgRtUEfDFJKfqkZenJmmp7dlDW5qxOkBHofxeJW4=,tag:FUxONP8PeysGWoR9qFGrtg==,type:str] + - ENC[AES256_GCM,data:gQqi255U05q6LyPc3w==,iv:i7vJlAPANohvQ6JSDENTTHfDcY74Z05XfNPWvIAHZe8=,tag:55LfErp4codaqzuOVTvuyQ==,type:str] + - ENC[AES256_GCM,data:s/+PkPcgw6lxgZQa,iv:bR/ZIr2MoieDvn7mLNKlpf4fnV3qiwGutDd1j6fuilc=,tag:KmgDFQtfcGf0OYn672AXmw==,type:str] + - ENC[AES256_GCM,data:O5jEa02/bmrn5dVdcPrLGA==,iv:cVbPl3w9lW4aV2MfGaXniJZMNg3v30nQPi3ELeAhrXE=,tag:PkQ4yF4M8t1oM9v7pWUzgg==,type:str] + - ENC[AES256_GCM,data:yILwbKW87abGokZ6dhM=,iv:prHnY82qBLwd324UKXrJSuKMIwRwcaCTfPNXLti4Qrw=,tag:zQIeoGknIspsJrdFcLp2tg==,type:str] + - ENC[AES256_GCM,data:iDeeqQzf8d0D3sJOlg==,iv:epROT6uJ9hxT3f0v15O1d4bqWe4uh50yA4SV2KWrVDU=,tag:QtY3ndEKhiF5vxZ/Co4Hmw==,type:str] + - ENC[AES256_GCM,data:j4bKXSFkFNn/bgfF,iv:M58sKZsdsAlSax7jnuRcDfvq0hPXvOZWX3ZO572AISo=,tag:lBWOB2VQdnlQcpX8wIT0UQ==,type:str] + - ENC[AES256_GCM,data:6a+FXvWwOxd/+dxIB5dvUUhn,iv:1b4BAkqQdcsUIC2FcGUqrmUnpdJiAD119yv9B9Zz6/Y=,tag:VT65nTV6p+sZw0o4qy3gRw==,type:str] + - ENC[AES256_GCM,data:2C1V0G30yNIPeqgp,iv:4x4RKjaqagez1xP7ql8zSw3hdKRbpTh3Vi5sZ3Lt9nI=,tag:1CDm65Fi6u3PoiizuDZVcA==,type:str] + - ENC[AES256_GCM,data:sFW1Jn6l/ZbwBBfamg==,iv:/YMmYCMDamtGqPia1WNGgcM7w1m2TlWKJ1LmCsMkMMk=,tag:IBbIEGJeGW8Pou0z1PeBGA==,type:str] + - ENC[AES256_GCM,data:nrKyyUVIZnlUzUvLTRPwunQj,iv:qmSo6FLngR/+AOMhWF0UxLqSqCIU4cNk7sG1RnmcZiI=,tag:W86QKQjNGjuIdJp+PHktRw==,type:str] + - ENC[AES256_GCM,data:H8hA4NyLNm2XrqluDA==,iv:BeAGLBZDrRz3x3UFSQawz37ZP3fFEeHUSG0UnpuEQDU=,tag:llmQw833PHqdQcjjH8IFKQ==,type:str] + - ENC[AES256_GCM,data:jA7n5KMuH6lWQJcQdg==,iv:Kfr0uf5J/LXtRR92BhMzgrYL6hWPkXwU7vdks+tyFsU=,tag:LilM0toin3w2YiZL2z/UYg==,type:str] + - ENC[AES256_GCM,data:1sJ0e1fmpp3auGW3QyA=,iv:95pdRcz6e/bNpBghomCwYpsjDRAYuBB5ZdZtrfP39iE=,tag:RGHMPQey9XBQzbELdf3B1Q==,type:str] + - ENC[AES256_GCM,data:ix2GBITFO5A7pwhaXQ==,iv:gBWkpi73K//LcxuuOzddiqrVnNGcCdO8Kjyw/W6vus0=,tag:pSCyWGwk7pjwApfhV1Gp6w==,type:str] + - ENC[AES256_GCM,data:AHcH7h3Ig1nsohgF,iv:ppMplbN+U+l+7RyJYqhMBLpauSTRVdGTLZGUalhYAqg=,tag:T4CWHWNQV1+/gZ+cb5OpUQ==,type:str] + - ENC[AES256_GCM,data:t4kL0cj336D3Z6EMIg==,iv:sCsu0GNExowi8lV9oFEUy+NDIrcKHShrXfu+pjeku1w=,tag:qmL85PaR4loj1DdcWyvbCA==,type:str] + - ENC[AES256_GCM,data:0CM5CnUQ34z6qy6wyEXy,iv:u9P4+5Mdfawhxl8CUYWGu/EJNyYGc7M3OyFRxYUhOQo=,tag:EWen4sRwtB6EO8bninT3BA==,type:str] + - ENC[AES256_GCM,data:dT9w2iH4kic7XSCYfQ==,iv:UljLS70O+fOiCZUw12KSTXfsc+Qwkx+e1+1TDtdNIZ8=,tag:vurfL+lJPpe0V4bGUMQzUg==,type:str] + - ENC[AES256_GCM,data:upD0Iz4XBxpBwnHwpg==,iv:Ucz3MkxncrOsZy+KY7EO1TybsQcEEYkRzETnN+Rftc4=,tag:IkDTQAQTnK2UOuS0onnuqg==,type:str] + - ENC[AES256_GCM,data:x2s7TxkJ4K5BQQtv6g==,iv:J6OWimWFchg+9TFp0+qKZHQBDjYPWatfLYSqtBvQsZU=,tag:jLWSoQny1xPHzSjNO1NA0Q==,type:str] + - ENC[AES256_GCM,data:eHxChkQ7gA5q7HW+6YpEgpWh,iv:Myfrpj7YEcUfdmyyXsc4NxFMqTUsilflerZ6kEBk9C4=,tag:monbZmwwXyG09FzRQJfO8A==,type:str] + - ENC[AES256_GCM,data:HBWjGaTRJolAWXnPP/0=,iv:0OeqJMRoEmqCJupK4OeQY/gLWhCh0rHsHJH6goAb4Zk=,tag:wd3jXsLbGKfoVxUprURf5w==,type:str] + - ENC[AES256_GCM,data:8vpaxCWIhISbV4eswA==,iv:GG2yja8XQTeDsSBMjuaZjw5KW+Cr5XqJf+d+K8QrCSI=,tag:X4SIVDnimkrDdmnNU/XWZg==,type:str] + - ENC[AES256_GCM,data:Ua+XJ8TN+LbntCo=,iv:yeXoi8R8SxJ9PVjQCCH/gBXI8PUvcGU5MqJoLSDtymc=,tag:se+oNbCAO8uoHniPRNa6eA==,type:str] + - ENC[AES256_GCM,data:/W9JmIOsUwlZNoBJ3zEBLq4=,iv:y/9rzNLepsePX9LsbImJGLyZ4LduGjwtRABpjiZP9rs=,tag:kTJRZvvOicuhRC60Fp4UgA==,type:str] + - ENC[AES256_GCM,data:Zk0PLJfGvHB3vg==,iv:I0i8/LoFGw2WsaaoIr27O5e+PN5kpuIF3qZHBMVTDXo=,tag:eeimkzTskedXQxhTxeTl6w==,type:str] + - ENC[AES256_GCM,data:nx8X5GN9BCDDPlsVm+Y=,iv:7nHeb/g0oWCvVaWEV3SEDAbZbaDNq83mF06MBerZNBI=,tag:gX8qJebIBvp9Uh+mTGv58Q==,type:str] + - ENC[AES256_GCM,data:d9Wv44UzSDUUvaPbLQ==,iv:LBAi2vxO8FAMh+argrKoQJ/j2XYP+xRyOo7ldhE+R54=,tag:ZHu47/ke0lGlq2ILFOESDQ==,type:str] + - ENC[AES256_GCM,data:gKJDgnDMOni6HqturbE=,iv:WaRCEQFrCfbCuGTqLtPQq4Rq6feV9mtJzl5DKiAhf9Y=,tag:9MhnFqyfPFdqYJYMDhKRJQ==,type:str] + - ENC[AES256_GCM,data:+ONAa7xYmFRSF54U,iv:BM6nHbabnfORWGnI6jrIsMlYsSN87iFI+2g9VYHMIxA=,tag:JkWC7VRGPi4Ue00KY8NGmw==,type:str] + - ENC[AES256_GCM,data:sH94RcECpL0b,iv:7PGWtZnHaX/6nZEF67XJP2JANO1P2TnwCgiHjnugNJ4=,tag:Jp19dCccTCG26P++PqY2JQ==,type:str] + - ENC[AES256_GCM,data:3/9jL27U1QK6RA==,iv:aX+bJg0TP50IM6KoXrTioKq3kJGR66myAod1UBPcHVA=,tag:XfzKFt7MZD4to23Omozhvg==,type:str] + - ENC[AES256_GCM,data:Gp5FFF2+244=,iv:JQs69iIKccY+iFqgGrbPDu1T+aGfVOodCK0HrF3CKd4=,tag:GH/QhateOzAXyZVEWkwujQ==,type:str] + - ENC[AES256_GCM,data:qNwf2kypQg==,iv:J9xILS+wup4OkDX7xvzAklNSK/QRRRzLRxFd+y1/BT4=,tag:zyhQx/VPmH7ydDPq080KcA==,type:str] + - ENC[AES256_GCM,data:yA/zZhV6HzPVXX0=,iv:rns3z0+yoXdo6XJsZgExVtZe5QhEu8e6Z+FVa0xc3u8=,tag:6ZtHCKjEWeUkUJ2HvzaTbg==,type:str] + - ENC[AES256_GCM,data:Jp6I8zK+5kqxJA==,iv:0VW5q8A8bNM9fIcP5e5UqcpBOYNMfArimAGJ3impWIw=,tag:jfnQyIcmiyVLTwo8787lYg==,type:str] + - ENC[AES256_GCM,data:3L6EuZGoc+xYQBQKH0XMiMO2WAg=,iv:ROu81StOzDLy/4PzIvFc3Jv0SJxI4HUTDDJP1Fn09Bg=,tag:usnD5ih92we2dmGQo8mkJw==,type:str] + - ENC[AES256_GCM,data:NWgh8e6pS3HCAOofETiRLw==,iv:+6Emgq9HgUlU8HlzIHQ98faH3vA6Ga6a/Gz3TBTOkbQ=,tag:VSlckTMEyJ8O/0GNEDEucg==,type:str] + - ENC[AES256_GCM,data:OYQRElGcnoqWDeGhig==,iv:6/47qy3Lgtf7870mD9hvQ5aM5AnhbAhyvuenmva393k=,tag:0FozIUwbW28ivxyEEYb6aA==,type:str] + - ENC[AES256_GCM,data:ve42TJkzL4ZGe5Cd,iv:QkSOVc4rmQvtauv3v6t2mSwBbijI/gs/lj9cmU0XNcY=,tag:6vbBTS9Hwa9cJ98T6sAq5A==,type:str] + - ENC[AES256_GCM,data:sJBhcYcXeYM2,iv:7WEAlpR8qWK7ssRBfwKU+kuF8oI5LnJBejvCCqmWMHM=,tag:gl4uFSC0lBtmS+pcFQPwbw==,type:str] + - ENC[AES256_GCM,data:uLz7E3ZfhWMNEdmn6eIA,iv:EvfaTYwrLHtkIFAoGYJdyKWVRepKyZDc+Chk9S3dDss=,tag:Sgms2mCtY+9+7Hj6t8w7lg==,type:str] + - ENC[AES256_GCM,data:MjCvlYMk4xj5WuZdVA==,iv:7K4xJY6aHt165cKBLUPjT0/d+Q7rIjIk0bP2YK9Po8g=,tag:SnwP4gbW2poD78g6v7UtcA==,type:str] + - ENC[AES256_GCM,data:PkzBO4ypFjGzIOueSpZXwPQ=,iv:rw8UKtjCbK21efyGQ1x1XRY/WahXDYLa8uRqmdp/WtI=,tag:4QZoWWEEXe5cW75zXLuecg==,type:str] + - ENC[AES256_GCM,data:YoAKMYuTs4DRGih6,iv:vs95cW98uJTW5LwBR57SFS0XhJVqvZ63xiLT9NtJu8Q=,tag:2Ukm81cctjn1rBvtqqunjw==,type:str] + - ENC[AES256_GCM,data:wjx2C9geVOCy2GQ=,iv:sDMqYL9vpxa2trsfFyzNvz82yPT0d4qrBr/Z9eNvqwQ=,tag:3sDtd1xh3Jz8spu46HODCw==,type:str] + - ENC[AES256_GCM,data:0S3rGVLNHbJamU3vKw==,iv:4t1fvU9Y0b+fSzZCLxa3SKAOM8881yayFylLO02UO3E=,tag:KRIiLJyYG09bdULyrearnQ==,type:str] + - ENC[AES256_GCM,data:AtnxJv0MZ8YaZEo=,iv:xhn7KCbcwa0A5NgymIfXWqV06Wu37n/rZ1kbRrPvJPE=,tag:+rSucJsakIsr3KxV+2rzqw==,type:str] + - ENC[AES256_GCM,data:4LMMP2XiTN/mP/CzBns=,iv:bwwwaKNBtE4VwrYIE0KofKBnkGbVgddI8iH/AI5dYfA=,tag:BqMxu12msEHa/6RwIOGqnA==,type:str] + - ENC[AES256_GCM,data:2qy7j7wU0a15zGYdBAU=,iv:jdfROLUaw2e6frGXKWIk2atAFkjoKvI7Qxy/d2d2fk0=,tag:Pu6NhT+V0a+ytnZzOP5clg==,type:str] + - ENC[AES256_GCM,data:n8B9rpdSNoEvrGiBIRqF7w==,iv:/WWg0/5n6ZzBSWSeBBNkSlDn5HprvkKT7lpjAH4LjE4=,tag:o2lbOavVT61QjYoKQUx77Q==,type:str] + - ENC[AES256_GCM,data:NdINN+hL71wwUd1gHg==,iv:/s0LCtw3Odd+f36zVE+xqYrSpEPBCGeGDdYV573Z/4A=,tag:2x2bJTyYZgcn1IVMYKEsVg==,type:str] + - ENC[AES256_GCM,data:smEdc2b52m0SurPKNdVD,iv:T2XdnFK45iRvzyUqy6RsZhlDzfCSQa7NlQ2CJklXQvo=,tag:wMRQmyaz4ZOWcQt/nLqoGA==,type:str] + - ENC[AES256_GCM,data:AQPRUehFMkr7,iv:ioamSddF59MQp/tB3yVC00qIXvhrH/wappJh4jYNgnE=,tag:FdaFUlqTpf0bQaloKY5WiA==,type:str] + - ENC[AES256_GCM,data:4g4bK21IYI4=,iv:qVGNQqAcm3f0s3a2574MMSjaXdgCZR9Q+pnQl6fIe50=,tag:1hEPWV6dJUQ7ZeZWHddbOw==,type:str] + - ENC[AES256_GCM,data:gvu59yuj/oEdAV3+lw==,iv:jPi3U26fbmfMnGplrSch5BPT/YYl7IBN5iqTh71ksAQ=,tag:5H7u3iE0eEWj/jGdr2S3xg==,type:str] + - ENC[AES256_GCM,data:/wDqCNdLmcwPkLd9/h4=,iv:ufdfWZ850wI2FV7hbUaTYeayVV9M/SruiFKgBbqzc8g=,tag:fPKKPRcf0xdOoTAtqw0ssg==,type:str] + - ENC[AES256_GCM,data:cvVPEYUQtoiY9FsP0Go=,iv:VkNTF71AH4aA0qLBYa5QuyfoO7KJRpYnTph2EhL5omk=,tag:gq4fEu7fDdixG0PwrOfbjQ==,type:str] + - ENC[AES256_GCM,data:WzfLxwUVr+9hVUrc8DM=,iv:j77xlDD0VN47vmfhukaMUlDiLGPeStGOUIxJgkrp9+8=,tag:/F6kO9cIuuOaaY8Iq0aL9g==,type:str] + - ENC[AES256_GCM,data:AB/2pU4Nfyu6aps=,iv:hag6RE81mT0ar8J0s8TI+191JHDagtf848VuUYkDmDk=,tag:3/2ey0OmX2Ro8RPmc2XMpA==,type:str] + - ENC[AES256_GCM,data:tWaLflgvu8QtwxxZDvI=,iv:k/xF9RGkFeyq5skODvn6orWci3LOJv8Hbg7tr/3U4Ww=,tag:1genZNpgyphWV8G0oAQ1bQ==,type:str] + - ENC[AES256_GCM,data:WFqzA1itUTBpdC8E58Y/YG6sag==,iv:zrjmm2rj4FX2ZuoOFr3/gHmW/jXif3IcOwJedRdZpuA=,tag:n6zaOYQ51ui9p81r/XPfAA==,type:str] + - ENC[AES256_GCM,data:ahmHeDDE+Xd8oFsgdA==,iv:RPoFtnrJLgQj0A0Kr0d2TomSbDs/ogsYkXaj+U4TaFM=,tag:Ahutqi9zKPHEYtWPenyEBg==,type:str] + - ENC[AES256_GCM,data:hcUnIch4vB25btHSQw==,iv:6DZnZH7NP4SiLhuOAflaU6tOmV7j8MZe3hPVcAYB96w=,tag:M7yXu+JF4Jk4y4P9XrFLSg==,type:str] + - ENC[AES256_GCM,data:K7oVYgxUPoLx2F72C7ArfNZR,iv:3bPK2aZeXNKY6sf0LytMLv9m0Z5UNOQIDhovwlncVRI=,tag:t1QER0ngnXGlg9I39GXeJQ==,type:str] + - ENC[AES256_GCM,data:lU05eYx2drj0PSM=,iv:vLVn4aBdNyvKXe/gGTaXr9Q/6VxutUzC3ZuIl12+tFg=,tag:JERlhfEIQEmsvO7k47aeaQ==,type:str] + - ENC[AES256_GCM,data:QqnZ/ZFbrjwVFp91XA==,iv:JOI9g5/WZwVrQtS1R7cU0rp9Xh5iPeKhs/Pjnmr3EvQ=,tag:YuWKQmHwGr1AqzTt7xYCRw==,type:str] + - ENC[AES256_GCM,data:nm/nRSsC6L4=,iv:GzOkPQmsDEwpZtI0mue+w2H8JPm8e9ceiHbgnlekPMw=,tag:O55FcnHI5/LdBw9M2FCs2w==,type:str] + - ENC[AES256_GCM,data:8vhyrAMfombOpqEXHg==,iv:FXJcpNch080HK1J2M1mm9lg714QD5u0P79mhypuXzg4=,tag:g6QgrUoRaLH/ZGvjai/hmw==,type:str] + - ENC[AES256_GCM,data:U7R6xBIHGytKb/GwTSS+kQ==,iv:gDU72ATNTTY2fIo5LSG30WdQnknHd4m3GvqSrYct7n0=,tag:2wJWKQzhMAh0xWti3yPzyQ==,type:str] + - ENC[AES256_GCM,data:hlR6cwOxI229e01guQ==,iv:ADEyZzD4Gk4YsUtDHpRg+teHZLxHtBM92aTTG3wi8ns=,tag:g0u4Osn1dMNqgaH4RfadRQ==,type:str] + - ENC[AES256_GCM,data:9D2FrAAa9frB22Q7stIuK10=,iv:6OPeNNbz19a5qchAy5SaBlJ3PoMgDErmHHrM2LcADqw=,tag:45Ny0MXeAfTxvjvmmVhjGw==,type:str] + - ENC[AES256_GCM,data:XkHJ2W+1XVFkt1qiZw==,iv:dswlovB92iN0ptB9z0i9byCbc8iesPtZUAsFQx5MrdU=,tag:UgDahIhtKHFWFkSGzTeXDw==,type:str] + - ENC[AES256_GCM,data:Tm4X8oiHk/BkSR6uHolR,iv:0Nx/RpVJoiCPLsZdI3TxZUkPXC4mQIbvXMa5yEKnKkQ=,tag:tLMda1bHBC7JX3VrnEARDA==,type:str] + - ENC[AES256_GCM,data:Qwoh3IjdR52xNO18lYnn,iv:hH0eUNe1bX+89d5oZpN4dAVhBAkoKsvu3VIBNca1/cA=,tag:bLJFuEa8Z03RGchP7rrNRQ==,type:str] + - ENC[AES256_GCM,data:8N3mg0jPJNJcE5Y=,iv:xUrkbtwmUy3sAcsm6pJWde8GuIWn/kqZoVznG6IWLSM=,tag:ZrR98Vz/4MFNtuYhzYwqkw==,type:str] + - ENC[AES256_GCM,data:FHqM/cIovhGCJHkl0es=,iv:vplA9Qn3pV2aBQriAA4Lw4CARop4TH4MzDF5vLhOMdg=,tag:2vtvF139oLgNRISAs97MHQ==,type:str] + - ENC[AES256_GCM,data:yql6bvVJqRY1ND/Gkfg=,iv:gwTThVGGn+Kn7zJtr9AoY810HXqeoB6LmQNO3O5fv1A=,tag:mGAZcVSA24019aXJntg02w==,type:str] + - ENC[AES256_GCM,data:mcabwIngRwajT90c+Pg=,iv:0B0xvuW6GaSZaKVknMvXhVjfRFug7JUFZnFZTr5gXPA=,tag:Y7xxUR/IACV3Fc7D3QlalA==,type:str] + - ENC[AES256_GCM,data:Gdlqg5/M6cyDzW/N,iv:W9fYCemBQYqFQveUO1RMnG/uCha2LwnhMnuMKrIrOvw=,tag:3l5gVvik48HpuBJE0DZOZA==,type:str] + - ENC[AES256_GCM,data:wRitP+cWN2+oGyDVWw==,iv:vyzGsuybGf5lox9uxMnCdRdDOOIubKYEXbmumVTyhfc=,tag:iEDz2IHNoQ79FZdsq6xHBw==,type:str] + - ENC[AES256_GCM,data:GVRjagD+T7Hy3VShoBo=,iv:IMjhK7ueEawEqvhcJh8mMt7owD80n5IT4F7grjtCZ6Q=,tag:LSzIYJXpSfntQc/F0la7VA==,type:str] + - ENC[AES256_GCM,data:EuovQMvDkzZwZRXDvA==,iv:u9b747R8DFI1sizjCW/yB5bthVQ90CvpHXjsqK34CGQ=,tag:dNKdFHaTSgFsCZUtk5z5IQ==,type:str] + - ENC[AES256_GCM,data:iBj29yMvjLM69FhCrw==,iv:fV7v1XvmwOmNMj4B1JiwcIkzPBII6iFaCGzuMgywNRQ=,tag:K1kYK59P1F2uFJi+ZcKMIA==,type:str] + - ENC[AES256_GCM,data:W/hieifUvzo5ff6BHzXm,iv:BLOsX7j2eHhgWmwlAC8l0Bf4DSh82QyrtpLno+IPEZ0=,tag:ho/zQ2/aVMEf+O/wXoMHPg==,type:str] + - ENC[AES256_GCM,data:R50OBgxWgmX0zDpYQ4C89Mo=,iv:wrQPzw/jFC6zicdnQjQzqMPEZynvvdb1J/iSt5ptCw8=,tag:AzPyHzUjpGF7uzWMOdHv4Q==,type:str] + - ENC[AES256_GCM,data:rdcHlgP8,iv:x61wYUuN/btf3keKHdR0kKJpKPDBH1yOW8UbCIO3eiA=,tag:aZuc+SEsIxe2Dco7y5JiUA==,type:str] + - ENC[AES256_GCM,data:zRqrZFQSmgcBCj4=,iv:RBE87a8DTJS/UeMwt5tRTHmo5bPq9Xslxq4EurhJEnw=,tag:1Kx/hDrGlofqDBtUT2JkUg==,type:str] + - ENC[AES256_GCM,data:AfCMdf8u2JgssZGX0Q==,iv:RFPXBisUyV0TznX3mtyx7nnpwPKFsfO/i1wFmkoGdyo=,tag:IYpLIY2ln06PhM/S4jWj+Q==,type:str] + - ENC[AES256_GCM,data:GgpUpkk12jBrZIfi,iv:tvtzd7OowFFNhDzXKgKHMb2gAORTaoSbXV9/jM3n6Bo=,tag:ag0eoo+Y0NmbeRMZqQY3bw==,type:str] + - ENC[AES256_GCM,data:8yX6VEZeY2TMv8rwSQ==,iv:2/6AO/fHKzvA5bjP1T/f+qnVKx3KL2qCxH3ktV1HloA=,tag:McfxF9zGQO1w30ChhmDomA==,type:str] + - ENC[AES256_GCM,data:GIwKyalSbMmu2PM=,iv:n5aOpkr8INkyGXfOYVb08ZvD5Xm2pmqlAgl+tWiW8Y0=,tag:dxOotlfdsRsEui2gOaX7mw==,type:str] + - ENC[AES256_GCM,data:R28l6Db82kQlYdPFQw==,iv:ReXhZLLLJaUeRDJq6ACiIMqjfarOevxS2YSWsFGGDb0=,tag:2fRArcs0yvs9fJNSpj3B6g==,type:str] + - ENC[AES256_GCM,data:wtqIB61Uxyi+XYJbTg==,iv:1QCsdkOIwXJuc6JN2Rj2Tnb+j2DcQuXiAPVuC8V6hr8=,tag:2ZNju4hJnNNrTRX+lmp0Dg==,type:str] + - ENC[AES256_GCM,data:bz4hz+RkDPdvkHH0QFM=,iv:4LQQQoVdlf7kX785Hmxpmr2Nv9oqZgysvQMKkBpqJgs=,tag:bz9e2bCFM2Tx5jAXuowtrg==,type:str] + - ENC[AES256_GCM,data:nTRXBOEnFoUEg+BxdQ==,iv:U7oEH8zqWjDE8C0Jv3Xa29HZWeDydZfq5IZ64DyxVnY=,tag:RwxVUF1b3I2HSGzoCUf8kw==,type:str] + - ENC[AES256_GCM,data:RfVTDFOQ+qqTG0m8peIRdT4=,iv:k57wmiZ6fl9MNcz06USfqrq7Y7gnZSIAxA19pcj5u7Q=,tag:/Rq7eBH/LWXE7U1Ctsfc/A==,type:str] + - ENC[AES256_GCM,data:tWIvFb3B7eNk2WMcW9G0,iv:4eHMOCfSWPGlXV7CgD9Tz8m/TACVQk7osJNclwnkqsg=,tag:UiLIFaLG13DROzlX+Ce1TQ==,type:str] + - ENC[AES256_GCM,data:aw5BRP1R9erklqDdlIkF,iv:3cP/0a4rjNdA8Np2SWS1Iwk3rwe0A+5/jXMuSTds8yo=,tag:4+9iyplMnnRLD285FBpdqw==,type:str] + - ENC[AES256_GCM,data:BTahITPAZu/kEiDG,iv:5/yzXU3ttjYG5t1DWFDDw37S98QBxAl+rgDxR81ov9c=,tag:SBPX6dximm2ShgtuKtXyTQ==,type:str] + - ENC[AES256_GCM,data:6IhtUgYsub6TzJ5kWkIqhJ4=,iv:r/JDWkOBTHTZ6Yb3HYvuKMaI6emZsNHajcLDR5a+btQ=,tag:1l3lp9/HqSVUSQcX2LE0oA==,type:str] + - ENC[AES256_GCM,data:aSamFJ75dmC1S/w=,iv:/Gt2B9BxkeYrsf0V19tMSkiiTzCBCW6l5RyM80TDDTs=,tag:il3foyVPavAT5RBtg9k+9Q==,type:str] + - ENC[AES256_GCM,data:v0ICecbpAqalGowm,iv:VSWDeJU3Y04NqvyFsE7XnuziIj1cF6yy59lo3OnWIaM=,tag:Q4JT2Z5u2g0LYXt/Fn3MuQ==,type:str] + - ENC[AES256_GCM,data:KYQl3NRGrjTKkvqPFg==,iv:7AnNfKwzIouvF+9irQYwAQon3REwIBqgZLgmwpcwk7M=,tag:dq/qpaMLfhG1ME0VdlclOg==,type:str] + - ENC[AES256_GCM,data:IJLz9pBoVAo7Pw==,iv:iCQb/F5hzNm9nl40Dc2TJj3irIvZdlZVh8knJjn/0QA=,tag:r1m3/6++vKg1GPkH2zy5Tg==,type:str] + - ENC[AES256_GCM,data:bVKcMaObxccTThc=,iv:aaybEIPmk9/M7YwxoPZ6HQbztYps6sCPEYl3kMm//cI=,tag:IpHRjehmOliHtrplnjbK/g==,type:str] + - ENC[AES256_GCM,data:69EHRXThNOOJlGqd,iv:EXbKkg8O2WnTr8cmJzSKQ3jgPRov/jl98mAt9wUIHA0=,tag:gsqZSq04DNYNIXJM1Duifg==,type:str] + - ENC[AES256_GCM,data:NrryY5tIO7dlzSbG,iv:ade2S8C6Z4wnVU7ZYm3ItKJPSx+tCUScepY8S4BhRPQ=,tag:/Tu9caFCgq5J9OmmPI0UpA==,type:str] + - ENC[AES256_GCM,data:Xy7VvfTTvdBYULue,iv:bHblUwlCFNbaPoq2VnZk1DjLpLVaYzcNAPA2klmyNR8=,tag:uDN0NVDdu6ESSGlwh2RW9w==,type:str] + - ENC[AES256_GCM,data:bKyG7TvZvgM8s/F1,iv:+UddozAKMlPwBmBMZuaJM5Eb4h6AZLJ3Cibjri3nyiA=,tag:oonl4KiDZv+tXDtRvn5h6g==,type:str] + - ENC[AES256_GCM,data:yA68iM3dJXqxQTVl,iv:x63zj+ezgZu4Ake+FDg/nmrS463LodYZX2QzK+VPRi4=,tag:sAE4sS5Fv2gI7822lk7WYA==,type:str] + - ENC[AES256_GCM,data:0/Wh7hn+xiGI3kXq,iv:8TF3xhfGeOJKkBjGgeANYco+ekgc+Pm0Y+jmPkQRjGg=,tag:SSt7NplE7p+mImevyJb7bw==,type:str] + - ENC[AES256_GCM,data:AAL+L3V55AMFxUhW,iv:v48CNTAjwU+OIDty7BUAa1sGNOa4HpeFFeKkwzlimv4=,tag:Id4rg8KwYrEFGBtkD799jw==,type:str] + - ENC[AES256_GCM,data:5+9s83o5VeHdTg==,iv:Ja8rQvkA6XarUq0hxzKOVhOas12uvLtsOFL4zlB8VLQ=,tag:f/XCciOkcs2VRMqbcnOy9Q==,type:str] + - ENC[AES256_GCM,data:Coibz40H6CuQjkU=,iv:t6mWrQogIb4foLWaYyhwu5E8TgiqCeETM+D7UKNqaw4=,tag:JRr9RiVA07tosRK6Mpeknw==,type:str] + - ENC[AES256_GCM,data:8vPcI5sePd2PHaE=,iv:XuPTKv3w2htmIu/ytTqQ9UptQ4DAcNflJgNBFiX4HK0=,tag:vzbp1zTirVnXuE0RwrxOSw==,type:str] + - ENC[AES256_GCM,data:LReOCLwCBZMAGlw4,iv:pD+nDzCHSqITUm4ltbBwpvnVQYZGLkrLcuuuoGYI/v4=,tag:0TkdIRBzWkHpVaqzJYXcDA==,type:str] + - ENC[AES256_GCM,data:NOn+wojsHoB9GJDG3Vc=,iv:rX6XlYIeiaQtqKlFwWjDZr7CzT6E2ZVAM9N+XWdnW6k=,tag:W6+Lr+t27GGfvB1/vq1gHA==,type:str] + - ENC[AES256_GCM,data:3YQr71Y/33WttT8=,iv:8z23TisNMLIMvPxzOmzuSbCHroSSHR3zZY39vDJQRhk=,tag:YIL7m4TGrPC2zdTb8byYFg==,type:str] + - ENC[AES256_GCM,data:aholT3rMju2sfJnZrQ==,iv:8RGV2ttw58cO24kPQcqGbMIKQyU3PXo+F6yftzQIFRQ=,tag:Gh7ngi9L2Ev4ZYdtVo1G5Q==,type:str] + - ENC[AES256_GCM,data:35TsPBtB9xfgDAkW22ZxXhE=,iv:W/uF8EBfyMT8jwdUCehp7VdrTgFqevIibTWNlPyeXA0=,tag:GTe9khycfDGW+pvr0lpqkA==,type:str] + - ENC[AES256_GCM,data:3QaSPDTdBFPZI15WEVvA,iv:cFYNRk4vyIE+vpQrw6uOMz050e86mj9i+tmS2W6Gqeg=,tag:m/YgxIKfrw2zeMVQMDLrnA==,type:str] + - ENC[AES256_GCM,data:Wvp46HVUiaFacMt6C5MXsdAkK6JaWg==,iv:i3LYP5P7NNYQhcrRAUFuhf6qhcBQkJf47wAW4AFusCA=,tag:WJrTDvYu9yskWjV1SVf/uQ==,type:str] + - ENC[AES256_GCM,data:Kf/a1gWDkOgT4sTliuyphqM=,iv:2jtbOmZbqdSQCB9FW51lZfQAz7yN05+IpRZ0D2gnWIc=,tag:6w3FTTajnOUlHnyYKTEg0w==,type:str] + - ENC[AES256_GCM,data:gvg0UQXXvqEgqa03PEw=,iv:Bm62ypKnCV0L3gqctYmi4K2R3LrKqPg5A+PS4A5HLkg=,tag:fbWss58qHNKw44PJgjYDRg==,type:str] + - ENC[AES256_GCM,data:keTekzdMe+wc6XqV/g==,iv:x2v0Xbb4hodTzaQreQkhDT412GEXJ2195RJXFbCSWGQ=,tag:3BMsulbTXljZp9tbc3TK/w==,type:str] + - ENC[AES256_GCM,data:ByQZsXmi9tKcQLg=,iv:icPvigt+AvpSsgLHe8NKeGPtrhueqaPUwzMfqL2Kshg=,tag:JYAlAkjQUgo6/eD2UTzkVA==,type:str] + - ENC[AES256_GCM,data:Ly7sikRxD8ac3EGW,iv:8x0gxjY4Vn4FYPLy0Ki+nog+QypeVtBgf6fcaS15xq0=,tag:bTdBgMXGZRzCqbY3kDKXIg==,type:str] + - ENC[AES256_GCM,data:TAa1oa0UDWFIjnVuhFrD,iv:VbqgIXTsxrXPfUXip27Dxveh7qX9BUpOpRl/c2QSN1Y=,tag:/BEj242My2PV0e3jn+20eg==,type:str] + - ENC[AES256_GCM,data:6q/UbGH8S3jKvZDWtG4=,iv:iqjyj7T5Ao3PgnFi0PbMshlaEJ0IaAIXULv7A1UK0FE=,tag:O7gOMnQFzn2xLgDUp9iGUg==,type:str] + - ENC[AES256_GCM,data:ZMuh5uqzovM=,iv:nqWr6F/uKOzEoJW33hmshHkvX+r1g95yqzzr/OrLQBc=,tag:PZxoGsYNjpPAhHQmpAdtNQ==,type:str] + - ENC[AES256_GCM,data:xErkYqce2mAVTR3ShQ==,iv:uy6JqloChVT/64lV3M1lI4V7ZhYIJaHQy3/fv7lLxAQ=,tag:s3/nLlkTbT8gJi52VDLO0A==,type:str] + - ENC[AES256_GCM,data:UMVJdvyy472DZkSf2w==,iv:qq4b7q8PhmFbCjO7NJ59kz6WA9F4ARPczjcysgyWwGg=,tag:51IbqeeJLNIN06bj7npPxA==,type:str] + - ENC[AES256_GCM,data:LszJt6MUtF7rsTKS,iv:dl44COMuWQB7nAZENYUSBMb56hMVlmUJhT9hgTswsZI=,tag:hYzeUDn/0S9QaKGsJ61iRg==,type:str] + - ENC[AES256_GCM,data:hAXsvlyIx6oqAQ==,iv:4dn7uEgHbBrWsPRar/CYlF2dNhZInj8e6ImTk1GEt+8=,tag:3BuCeioTB8w+C7r8yf0pkg==,type:str] + - ENC[AES256_GCM,data:296ZXJ6iRUZ6XGpw,iv:d1iQG6WHfeCXq77dVSHW06gHtfSLCTkTG9OFQato7es=,tag:+fpxt72MUb2o4oQUzo18/A==,type:str] + - ENC[AES256_GCM,data:bVSIL6xHJYdc5w==,iv:PeKX5Ms94o/A+A1S+kgaCjsKbTJPmH8dCIcRg6apIZE=,tag:UB/P1KPdJ7xy13bKgQcrvg==,type:str] + - ENC[AES256_GCM,data:sdTsrroGmklnHaW4+Jo=,iv:RcV79HVkCLa3w5ohIt8PQhKm1U1/SAjEBMuxdXYLuoY=,tag:vICYycdsfYOTws+/r50vxQ==,type:str] + - ENC[AES256_GCM,data:CJB7EwO2eXU=,iv:AciFwHm+1VWTVw0mROo3XNtm2uNjf9csze2FY29qMu4=,tag:A2dg86pNyGslQUfensashQ==,type:str] + - ENC[AES256_GCM,data:hnU1puBy82W0eyetoA==,iv:6y1ORltITQ7qLmfE496Q/vgML+yX8j+Of7t8EVB0pQw=,tag:PEbScI/dlJmaQ897wtx8ag==,type:str] + - ENC[AES256_GCM,data:4s1dmMhcYYMifVPmEA==,iv:2t9U+c/yqwlnJDsLHxjYQCPKhE2MbB+V6kqFHOMXSUk=,tag:I2HrktpwzIHkq7pYlSsvXw==,type:str] + - ENC[AES256_GCM,data:pX1kMH+jeR+aYJk=,iv:mt621QXmX2Zk76yta+tCTU/C/QL+Nt2AAqdx1DNF1bc=,tag:mLx2zHF16P696i5TeGRatw==,type:str] + - ENC[AES256_GCM,data:uWHMOPx9m8lM/gaKvQI+,iv:K/AX0NaPyk5WKLPW0p1aNFsUsYhRGzdZY+jakOZQP6Y=,tag:UIM+nVsOwcPesIz8OMXqCQ==,type:str] + - ENC[AES256_GCM,data:9k4aIC++taHGOzn5hk+I,iv:ky4jCAZMD9CoQMVO04NNNb30FZEzIGqG/2s+QOcUwNs=,tag:R8uWCBTE/RXv7UzV+c6dSQ==,type:str] + - ENC[AES256_GCM,data:wTqeF5IqSH0EYjUaag==,iv:kOB3Xw5Bw26j7N57SYI5STEaUMp3RLqMzNFhVTos7FU=,tag:uaY3pCUGclsUeoTHUpZmag==,type:str] + - ENC[AES256_GCM,data:+MgGXl45eCzkINSS1g==,iv:aDOzOV/FqGoOjJZmb2RonzrZQOosTG3S1eKFBOBzuok=,tag:uCJQIlWpb9I8FmVVRAcI7Q==,type:str] + - ENC[AES256_GCM,data:gHT6Cnkji8EgK3+Wwsk5sw==,iv:dhuWdjubMfOEjdPycSbVWu4VE583nAp4yvTYjgLl4QA=,tag:AieatEMR2Z5YXhjk1O7mcg==,type:str] + - ENC[AES256_GCM,data:AVlZmyx6fPw=,iv:E7GIzruTCIrj7KH9paW+T4mBgrarRXweXedo2sq2FMs=,tag:kCz9HjZ9E3yVswUzLV44vQ==,type:str] + - ENC[AES256_GCM,data:cjVhVwIkWw0/kbzPYKu+7Q==,iv:+mQ7+14ssEU7VI+zdEIWv2paiEHSRIgiSXwihor5INM=,tag:rRZmQg/Wa2Ehag5aSTgpOQ==,type:str] + - ENC[AES256_GCM,data:OBvKerCvPhbVBRrFBFaY,iv:IDvsoPylEvIrwnzSLezuIZlnCHYZyi7HYXvd5Irivoo=,tag:s2SQtbU22tnxMiGcZC1cPQ==,type:str] + - ENC[AES256_GCM,data:uVG0QYIqb9VZjc0MNaIENB8AGfkJ,iv:642fv3QIG69sSSQgkwNB2e+fXQj6YehPiBWMeHbnluE=,tag:7/UJ7CAddhHXp5D8mg+LEA==,type:str] + - ENC[AES256_GCM,data:fK3Ezj9YFLrWkI6hUH7VxFtO,iv:twLSdVTBISaOxWpXV7wBlwnvRnOahvzRvYSF01DjnlU=,tag:LsfRLF+qVKbdTHjsDVyNDw==,type:str] + - ENC[AES256_GCM,data:f45ZwGsAJvexBylhFbXFwg==,iv:KzZBxAaZXXXz0Du7YnNf4GiostQE37z6FnX1Q1ERPqc=,tag:bFkkytcc98x0fbgjvj44cA==,type:str] + - ENC[AES256_GCM,data:NjiXxY7blghNUQIEckE=,iv:E80GS0dxvNxtIj188+UF+AqMXB0tXDd4a8YrHVrTA+U=,tag:BDBKR7PpiJmx/vIKhzOE8Q==,type:str] + - ENC[AES256_GCM,data:G4xB00fFDtkeZbNw2w==,iv:zjbrPeNmmEpwmlFIVIkDjecUdFz9XhxSLf//gpWRiqA=,tag:jJi6TuUDNJ6JfhbdLAKqFA==,type:str] + - ENC[AES256_GCM,data:jqxiiPIGAJoF,iv:OxREuZPdYqZXwzQkTumZKGukGds6dNPAxf58AAwYfB0=,tag:CDHyD6LeApovZ4qeTkj54A==,type:str] + - ENC[AES256_GCM,data:0fd1qM0irr0=,iv:r5Yv/UlDFEjk5iS0LOkKUsnHHyZNIv7Ocx+moXAF42o=,tag:SoVtf0iwMh3KJpV72pqMuA==,type:str] + - ENC[AES256_GCM,data:89FFZIEDu28=,iv:e/Urw40+zIpEphNF9josQGUzmxo4evuzG4LL9w3dQ5E=,tag:S1SSBpMZVjBm671P78hiVQ==,type:str] + - ENC[AES256_GCM,data:hEcHCzkwjTnQPL6Dz9Y=,iv:ad+yd00c/uyce4cTbcVptT2lppCfIb9wCuqSBhlUol8=,tag:lOltJXQJGEZdTi9WkVytEg==,type:str] + - ENC[AES256_GCM,data:rJ5XUbwQeakMUUFrsSgwSA==,iv:SLuo61O6VPuHHd2COCcMW8Vd9glnrF6l2dtd/xnkPWk=,tag:kqoh/7tDxDUtwFTgKG2WYA==,type:str] + - ENC[AES256_GCM,data:PjRNcpaPjKDUuaGG3h3OKQ==,iv:sDcOPdQR99XYGC4/Xfm7O8xJfzuVDEPcCuc32jNGRmg=,tag:LgVCzlxjnsXFcCb81GDpGA==,type:str] + - ENC[AES256_GCM,data:vf8MdMA15+jkOkTgR/SIxDWXEUo=,iv:DiFdI7QWo8+sUGNNkaNpdmxAobvjtAyYSAPSG77bf/w=,tag:PAKKg0eU5epVoArMdeoItg==,type:str] + - ENC[AES256_GCM,data:S1jZZZHrBStt6kGoWnw4kDCB,iv:VweiE7eYCrU7QvAU8Ah4/XYpcnefn5p3dSKARZBS9/s=,tag:XJr5zPtD5lZTgtPaMmXZQQ==,type:str] + - ENC[AES256_GCM,data:cBdQkkT3VmZdGfnLMxNaAWw=,iv:H18VDnWb7+0eyBd0EAFrPDVkwlOGkZasiqvkb6iGYdg=,tag:+Pv+M6FOgbMVtB2Q8Eg/PA==,type:str] + - ENC[AES256_GCM,data:AgktqHUHh6SLm8I4,iv:rC7mKsSNsNxX0f1H0eI4VeMXekAMsE11WLTO59QMYMk=,tag:BnKjWM7FWkjxyWGTO/MnWw==,type:str] + - ENC[AES256_GCM,data:YLKiD3YFMxzC9g==,iv:Jeg7ZD/8KuVhLFz9UJre2kZizr1ZjNkilQFEqFPuwn0=,tag:FN8yC1QpGFYXxkGKvY1uMg==,type:str] + - ENC[AES256_GCM,data:3me4NZZvSxa5Vw==,iv:xIqCJ2r+36EJJLKBs+M0fQ028MUaFuPwU5oaS+aGMyI=,tag:c3vvVmKeOiVOLnN9IDmvZg==,type:str] + - ENC[AES256_GCM,data:UbuhVnu+klAu9I26/g==,iv:FuwXw0iqTSrbrLGDysnIaYGtinhX0kifb7jqBzxUHiA=,tag:Ycko+ma99xEKDA3URNKWPQ==,type:str] + - ENC[AES256_GCM,data:CzsQfIirsvdGAwmS,iv:6zlz2713Uo9ZjYJPNY/086htrQeg3D0xHAM93ciII38=,tag:9oo0pRzViT/ALGZV07elNA==,type:str] + - ENC[AES256_GCM,data:mkGtS2fm2VDiXITmMp48dw==,iv:gVxEipYZinvpt9PesK3LB8GTo+ahGVdHLf+iIEtiakU=,tag:agiYBLe10YIMrNNX/NhbWQ==,type:str] + - ENC[AES256_GCM,data:TrDZpau1U+5zek3w,iv:nCdlSCiX/1PqFdZc/EKtYilD2e0gBm/Wp+sDcz9kWGY=,tag:bP2EBM67/HjDL/eJp+8zrA==,type:str] + - ENC[AES256_GCM,data:y4kYHyxjl2XWnQ==,iv:FkAupGsmlOEmWXhNpVNkdnclCBOhAw/3k3lYbkr970c=,tag:+orVcEZZyo+f93mdd09Xpw==,type:str] + - ENC[AES256_GCM,data:N5J6pjh2q9hzs3c/BA==,iv:GqLhGNSnHSyIw2a+9iiZvXJFnfEFf183iuUkp7SRVrs=,tag:fPQeoXAJJwhlrGp0BVPoaQ==,type:str] + - ENC[AES256_GCM,data:xEm1XGJesDKmJ2rSNjM=,iv:A2Da6Im3XM0Pl4gC+h+b3u4zVagHCea0//TLLl4APX0=,tag:5SErxG2D0pym5vsGYujjkA==,type:str] + - ENC[AES256_GCM,data:PnpWB2G9LjSmmvaxjE4=,iv:NKrcTJ33OjaBaalNsV6dXmLrDvT/utDyV8t0wVv0i6c=,tag:/RH6b8yJXdmOYDk2Yk9jDA==,type:str] + - ENC[AES256_GCM,data:52sAX4QEW0k4eHBh,iv:LJVCUFSoSD+etP8B1KuORrn2UTuq6hjhHpJ8ABlKIRc=,tag:txJmirBW1EyXrvJwPBZn9A==,type:str] + - ENC[AES256_GCM,data:FItRRydLDkoe4x8+Fn9EqmLA,iv:KIsxxZQqZZg06crMYGEl0TLrNzofhVMkYZv+StV2uCQ=,tag:LBOPUw/adOLOOXaZWYPSBg==,type:str] + - ENC[AES256_GCM,data:+KcKErYB1ybyajI=,iv:dc2bKXlyfXbKKTjOTjtuQQacDSBlTvY0s0G2xuhHHqw=,tag:10/lPIrHr5pc9GTgNFX2og==,type:str] + - ENC[AES256_GCM,data:UuEYPo3rdOlILd+bIAkt8Fg=,iv:yvhgtXwzJgqrGd8w+lrwLJWKYgKDZBEx5mEVYXq+gFM=,tag:ahgfD/i02a4fhgZDRP8Dng==,type:str] + - ENC[AES256_GCM,data:CbvPeEb5PtS5vMuayfCZojwSiQ==,iv:VBavBhvkJb6kc9hpvZRpFrBiylY9psXwbVYgO5eUN3k=,tag:lQTyD9XB7RtXVogKh0wubg==,type:str] + - ENC[AES256_GCM,data:AVqadoDFXrf55FxS,iv:jn2EFngBc6AFoSi0dk4OPCs7LkgNuDRMSOw1gDAcTDI=,tag:L1dbwZXala46htrzIG/ccA==,type:str] + - ENC[AES256_GCM,data:LqZXs1MC0YaC70A=,iv:cck58HrcQ+3kNQKmalOvwMQ54oVk7E3WrY4SXXq0HgI=,tag:jprJa5NUM8P5oyMhDXE1ZQ==,type:str] + - ENC[AES256_GCM,data:JnzKMzb6+iDXJX0W,iv:210Ns/6F/ywQmvf0j6FHLlk/jNzCXCza6ojYOmnzaGA=,tag:NNb2WDnToLh1G58zEL8qKg==,type:str] + - ENC[AES256_GCM,data:wUDMzyd1NDeLjg==,iv:uFo+ea8Se2osjzfhc2OsMW9ULlwFWKR+KZOO8/iL4c4=,tag:4k6X9C8u3FW0QtwBaTA7DQ==,type:str] + - ENC[AES256_GCM,data:mJ5D5Lnq+tkRpu529Jmhoq4=,iv:wObFpsOKqMwNQLM4ZmDZ0b9+kbKwNnX5w2LHMCvvcvE=,tag:VkNJa2ULPoCy7WJhWt7YDg==,type:str] + - ENC[AES256_GCM,data:zUheaeRRZiI=,iv:xb4L9/hbDM7IpJYO1LUTHc2CCUgbNqjV5SW+jOGjftg=,tag:DTw/Xn4ptemPNLfEBEnNKA==,type:str] + - ENC[AES256_GCM,data:U72c07w/tpItkF42PkVOquKKFDQ=,iv:/X5JVr+vwdtCGCYij2otRmbS9Yf0g7Oa+ef9r1OojEM=,tag:i+ntM0suW78eNjSaIrX1qA==,type:str] + - ENC[AES256_GCM,data:MwhM8+R57JDrLFZ63V+CzLrxKsX5,iv:UMkoTjhLGuZubicRDAt+ahx2TFxBncHnketRx4yArsQ=,tag:3LGs00x1gpaInEYU/amXCw==,type:str] + - ENC[AES256_GCM,data:GsTsrwq9kC4SQ4w31A==,iv:QmXe7SDQD9a1WoGmgVDZro8yIqYmLJW/CmyOfK8Pm+o=,tag:1kDQYSu9VaSvkt19H3Lszg==,type:str] + - ENC[AES256_GCM,data:d33hlmCMby07ZqVLnPOl,iv:1EvAGtOgphovM0YmuLt4PA4nY+hvvrZsPBhtYsNfrZg=,tag:pA576udtpkpeBLxcdQfxyQ==,type:str] + - ENC[AES256_GCM,data:y3EGWlt/kAnEprxZ,iv:DX8x098l7VrE70XVtH9n5cVNQ0eK2sFyqD39My187Gw=,tag:zpEGLUvfm9GTnGhU6opBZg==,type:str] + - ENC[AES256_GCM,data:bVA2miJd8NjToXZzGNW6,iv:Nl0i2n77DaYvuMaHGzj+RDnkKjeGzS75PBEvOisUT64=,tag:NwRTw2KDwecscbEJepbT4Q==,type:str] + - ENC[AES256_GCM,data:5qhdTCE7fu+p1DQ=,iv:QOAo57dxXOruliGGA0kqp9a0DsOz8tP1yuT9oqh4BdY=,tag:zL6RIdk60YoLpa9wxU+eRA==,type:str] + - ENC[AES256_GCM,data:ulLQFGX2FSH13Uc=,iv:pbqdKZQz/aiC3NPVDKzRG1lTn/Pm2KkQGwGTioM/TZw=,tag:tcSa80w26q7USnbJwRJE8w==,type:str] + - ENC[AES256_GCM,data:q3mk+PRjnjyqhfTRDw==,iv:aLavNIjoj7uAZHqzryJuoq/fZWIqfaf1sKER+vofV5Y=,tag:P0RlR+2RON1qvEbFdDoa6Q==,type:str] + - ENC[AES256_GCM,data:FqNKAx7lJ9+ozutL,iv:cxHb/2lbtU0x5jABZgmQcMjFqzQm4enREd8Ylh7P4hc=,tag:QEyCXohlwYrHPdS1O5zT3Q==,type:str] + - ENC[AES256_GCM,data:RVAvkulRq4Gh+/Vj,iv:10DiXi9/5whHmk8SCaw87fRXR6VGsF3/h5Rvsqx4dj4=,tag:DioCl6URVxN1oAa3TeV/Zw==,type:str] + - ENC[AES256_GCM,data:1z/bQ6tntMnrhXOFxQU=,iv:2uoaXMBWI52BUtfkk0wUcKpwSI8VETOWPUQ0kMYueqE=,tag:yrz0gmmHilKCQN5vJdx0Qw==,type:str] + - ENC[AES256_GCM,data:Qn8GQfzHOHAVqg==,iv:qHvbRxhBIpNzeSN4PK1C0PyVQr0noul54X3RBvJzdZA=,tag:tp2myT1LESYjvGJzLo920Q==,type:str] + - ENC[AES256_GCM,data:dz79Ae2Tb0+banij,iv:1psU4gREQHZdczd9UUooXpc0HJ0j3Dp7hz7TtuQqrPc=,tag:xN7ntL7I6XVrdAWb8k+lUg==,type:str] + - ENC[AES256_GCM,data:BWO5CRuJxqETT1+ho6ey,iv:buVz8tkt4A+l04+fVqfbRO8VnuteBCfwkr7d3dGOaRc=,tag:BcpzXJ5SLjrFw8pULMyVZQ==,type:str] + - ENC[AES256_GCM,data:ylDYZFJJAEvZd6pPLA==,iv:6IgAyLQNsn8odICKOa7MdUloXyYnzYrmybZnIW/MlLQ=,tag:27d6CGWU4BOi+yjYoo8+/g==,type:str] + - ENC[AES256_GCM,data:icLevKeX5BuacUFHpXw/Kw==,iv:GhxS+IBMxeCReeXwjIJi52jRG9ztbPVXHGx+tSBLQBA=,tag:YAvW4gOySUF2P4nfFBn0OA==,type:str] + - ENC[AES256_GCM,data:nlebLBOvE2jpX0IzCA==,iv:Xea/gdz9eoPIdWFM4uOCJienoBYKznJcvFIr3/GXd70=,tag:lkC052J8nfyUUCfJ8kILuw==,type:str] + - ENC[AES256_GCM,data:oigCrAytMdNSz1U=,iv:QGvmOiLfEsEsMDFbF1OXr7S/dSHhAsAo4wh/4dIx698=,tag:VNtTNeNvPggOT7crnTF/SQ==,type:str] + - ENC[AES256_GCM,data:YP6x7BxPgpBX4GyW1FQ=,iv:MmOV7nxDFjrxf+NYNypHZ3BTyDd56f3eqqhENx97N/U=,tag:DCK6F1rSarlx4fkARGDPUQ==,type:str] + - ENC[AES256_GCM,data:4HDmA2sd3bVHHe+kHQ==,iv:x3BXzBjp7TikhQWnrGHEa7Q9ogoiX/bxFNfb/CVfCzo=,tag:WwiJ0eusSNjDHTxzDOsFrA==,type:str] + - ENC[AES256_GCM,data:fS+m2epsVM3PqFLkAg==,iv:YatvDs6gCzoKWbNlzSmpWIH8MHYL0aanKsKu+ytGGto=,tag:adCHe30OT21Ozqa6uDz8Nw==,type:str] + - ENC[AES256_GCM,data:YNCk5qWI3QWnpghahNc0,iv:dDQA5Bi5XL+JaHfglrcdBPNfVNMvjOLGbyuucVoT878=,tag:8S9JRzpvvG1ndw0QqAcc2g==,type:str] + - ENC[AES256_GCM,data:AH+zr1OwvsFcNyujbnE=,iv:2w/tbtU1a6lOj9x5hpme38t2YzzGW4gEMw1UeP8Gg4I=,tag:cscR+pcMBCYEKkbyS4hBjQ==,type:str] + - ENC[AES256_GCM,data:x2lg2++UsOue/nkdkKU2mw==,iv:PcXV74Gg7uU1/m4GjbOzTslfh98yvayzqgbWkHwvJbw=,tag:gdXZXKVsXeJKtYGkUUk/uw==,type:str] + - ENC[AES256_GCM,data:pMBHQS26r1+1R+kaSsiawGRFjCM=,iv:tbX+mUgXeicNdfj2fCE64krjjJhFUhbDMuy6A9Pmkn8=,tag:7fvR70CAU/OLHLNQWCg1kA==,type:str] + - ENC[AES256_GCM,data:ucka4IomvSVEW9crQcA=,iv:Urt88CkV5tLD2c2DTY7sQbvpfUVqOSRhKA6tb20AshM=,tag:d2kgLyqaEhmqKiaH9ir/sw==,type:str] + - ENC[AES256_GCM,data:09hKPtALdz2pEs4xEzQ=,iv:BKCbk1r95MMh+ewjdRyUNGoiqnJznlPI48wYQ5WuAFI=,tag:SGtGGqkOUXar0tQZ/r07Ew==,type:str] + - ENC[AES256_GCM,data:sruT6hppOq6M+1XRkzNEnWSjlcg=,iv:+lVFwI/GFWdoJHFqU7aDA3ONM8+TsiX1jy8NuZ+Jh0g=,tag:A0+DBrZp/SP80mHJUSjCGQ==,type:str] + - ENC[AES256_GCM,data:Ik4eR+GbKWUWdA==,iv:O9oc1Lu0tR6FBpbS2l9er8zegtWpiQ1g4lyGhqTCC/w=,tag:VekuzDQBl/i947nJC0yDBQ==,type:str] + - ENC[AES256_GCM,data:eKqzcSAkujW/RCblRf1L,iv:k7+9Kbj7Sn5WphPPiaMwRHUK15d4YvTv6VXTJ+zhkxs=,tag:0XWS13C/V8JyaGh6r+96SA==,type:str] + - ENC[AES256_GCM,data:naJnYso2ZTfoHrN25KsrQaU4,iv:IDeWH7we/ToCc32/HRHq1Qo2K0kGacC1ik3HDHeiZfE=,tag:Laz6rzKO85K2dTKHtl37mQ==,type:str] + - ENC[AES256_GCM,data:eUdu03ENQW7/nJxWekYFOfS0Lzq3,iv:M1R0bGvtxLqQn7Eg4Cds+ZCrMa1b6j5VHcxcIf1ygo4=,tag:UiHsqFp2UVNAkGP8dSgimQ==,type:str] + - ENC[AES256_GCM,data:Oza3Ttt1r+6Qva9CFHH1sKg=,iv:QEQEQWDgrDcBp95dqTLWDuTYbVOG7r7+gegfqPnJEEs=,tag:uIEGqjnsQnuw982BbNfU6w==,type:str] + - ENC[AES256_GCM,data:ETOB/gBIIgF6wpnZ1J7OQ6iRmtqiMw==,iv:PJNnmS9ka/o9514OJyCI7fXmhmiP5ziCqi06BFytyRE=,tag:SRqgZcvNAoazw14y5W5mfw==,type:str] + - ENC[AES256_GCM,data:zVqpN58drhbdTRAmQNj9Syo=,iv:vIeA3Zo4NCPrToFLmPqe6a3yFUhy6qVoumqMDaVnlpM=,tag:LeqAZWzdJDDFsgfKXoD6cw==,type:str] + - ENC[AES256_GCM,data:h3pn9NU1tiIzcayOvVug4rWJPQ==,iv:Vm0wDuF7G0kn2XIbIXKbmaUdzA+oZdUktOfB8NrIuP8=,tag:MdjOLh7u0NUocaweKDKIAg==,type:str] + - ENC[AES256_GCM,data:krsqMxduT9qUDAX+FUc=,iv:oShIrgQL8hBtxnK9940MQ0jL/q5WJZ3TaAtZdIDmavc=,tag:Exn6OUM+cNQqRUOlTybqRw==,type:str] + - ENC[AES256_GCM,data:23R9l2kjt36Jju8=,iv:Db+Ex1H8hEbQ7x9tF9WuneYiUC/OOX8jSsxKAGf8pXY=,tag:iGV5gBihZAtrkEtwimX25w==,type:str] + - ENC[AES256_GCM,data:/yi7y0/4HT/CDDw1gmHI,iv:IrKg/61oovVgKWzp5vVVg3V1uTNjf17NmCB3HWmKfEc=,tag:r9VsKa9Zkp2POT6fg4tyCQ==,type:str] + - ENC[AES256_GCM,data:MSkddM6S14xVB6k32nGFvFY=,iv:HWw74GxeF4xkmVp7b3jtjgQr7kplchBw6cioGt2iXes=,tag:XHwrjnP/z8TPYpjCVfFEPQ==,type:str] + - ENC[AES256_GCM,data:HP2Np3LSGxv2CfMhq3Jy,iv:SV3lM3v9zXeVyCTX/IfgtJI8dk3YIhzA1rasv44yOU4=,tag:+NH5QQHgwIPFs3flL24cSA==,type:str] + - ENC[AES256_GCM,data:+feuvq23BMe6ZvXdtJ8rOfKe,iv:gHVK1ItFWqo14jxNnFeBU+J0grvYUqYP8CFt+f8A21s=,tag:Jc4x5Wv+mZFV+SbV2ayc/A==,type:str] + - ENC[AES256_GCM,data://K2wxXNzwEP5dCw0S7L0JI=,iv:VQdt1QTU3hbApVKoebFfVxNTWDHTRlE5MN0mfexq3ks=,tag:rQD2NZFE+V6t9si54kS1TA==,type:str] + - ENC[AES256_GCM,data:v/zwNAjUb1uwGpumPVqxR3ey,iv:cQrANLMcZjQ9bLgpkbnUEqhLidswY7MxAiaGv6CMvEY=,tag:8qL12OUX90F92C8z85t+tA==,type:str] + - ENC[AES256_GCM,data:hyOGfdywXE4ztRQwfMwI2WWBmF4=,iv:Dejo5dnGV1c+akZ45JCg6TBkSqwF6jJuBhXmI3RSshU=,tag:YXEh7aNCxWrbdlonMvw8Uw==,type:str] + - ENC[AES256_GCM,data:T6UMWhYVGsiEs0ycTElTcSc2,iv:rdwFC0bE1KpvrP32b1POpVqJF0uMLHD7S3Ifi3lFl8g=,tag:3NnBZquwMbWUAR82eP1n9Q==,type:str] + - ENC[AES256_GCM,data:+elIcEX1/9eYUCSIWonWQQ==,iv:e6eujP2Q6SeWt5y2iUwjd7156fhC5MM0SZXkGlTY0+g=,tag:uIxLP6ltY7iF7LKQV++w9A==,type:str] + - ENC[AES256_GCM,data:mNV5MQoZhwPo1Amcos2G,iv:5oEVoHp1MJEruswam4g7wvVsSPzvtfKiT83Oqph2HxA=,tag:uiodIL6QJ4fq9ms46H9opQ==,type:str] + - ENC[AES256_GCM,data:C8n3dx6U24oM25o=,iv:Wwgy+cWLubCuN6J3d0kXcLiUByIT9Foaz1f8UuyU824=,tag:pIm27iVGFQ7hC3zy9zNYWg==,type:str] + - ENC[AES256_GCM,data:YFpn+nFrsIkcfDhpb/+2C0Q=,iv:lTji/F6RKGVCCjoTeFWllmKqcdwElzn2AWVjuztNljs=,tag:hXxJj5QktToenc2bCwjmTw==,type:str] + - ENC[AES256_GCM,data:VpelCggtjgedUgIaa5A48seG,iv:rvswyyAWt0vWJn+LmXacflGJ7zOfMlfcaFtjBsGY7fg=,tag:S5CdiZhkl17XVLaIUFxKMQ==,type:str] + - ENC[AES256_GCM,data:0AiOe/86KVLtrdvBgZBdIgGPXsm3G8WU/A==,iv:fV9rBtTEDYF+pBt5GU1/RvEZIPOL/atZ6gJ4cgnzZUk=,tag:jpsnx6Iiq85b4L/roO+CSw==,type:str] + - ENC[AES256_GCM,data:rW+zq3n1uyWmNIziiB6Z,iv:ShCt7XTIZ9Eaet13LXhpeA+D6nJ63VDR22tBdS4WL/I=,tag:tzkL6Qcpvb+xwl4JXaLQog==,type:str] + - ENC[AES256_GCM,data:RqTrQjkKUWBQUYhBFWRZ,iv:kylRhd9aNUZJnfmveZKvAozFw84nA1si/mGqDQ2X1Cc=,tag:hyK63y/dYudAX531t8msZw==,type:str] + - ENC[AES256_GCM,data:2JkMUWKFZqyBi0wSGlkB,iv:pUKek9gqd95yF/a5mHhPBemP8wp96fm6SduC0EPkC1E=,tag:MkkmFAdxXDHtFJ8aOZPYLQ==,type:str] + - ENC[AES256_GCM,data:urDUHmvW5qnO6uqddi0T,iv:IxJYHZfKM+/iNWZOhrVPDEG0Nq8QLGEcNjDUOuQ+vNU=,tag:feXui54gNZVmsyIyyh4nCg==,type:str] + - ENC[AES256_GCM,data:UzlpLd/IbYWhnkjAJXNx2A==,iv:4nSvDPgky+MSw9aiEJsq6Yw2KmIMLF9Go1c/egd2ubw=,tag:j737KXluDB6KOUVRp5cl7Q==,type:str] + - ENC[AES256_GCM,data:2SSiEIEqs3pY9rLW4B6bpw==,iv:QZcU5RNv2pLT5wZZDGecBuZvrBNg3WmasP8DG21Pr6A=,tag:Rqo3/n/YPvRue9fX8Xvj1g==,type:str] + - ENC[AES256_GCM,data:MKRJOcP1JwQOwTSU,iv:XgBnAzUCH5fvTkBt2E6AhfS6SKA9iTSgEmzDUlvbmvE=,tag:JRs5ah0JFG3kwHLjMO2uhw==,type:str] + - ENC[AES256_GCM,data:471IjvZRqVqnoUq1Atk=,iv:3SQmRvWjS/WijenjXNAA3eQHzwnfBa+4NeWKp6wi+Ow=,tag:AkAWM8IeGF4wel1fOphMIw==,type:str] + - ENC[AES256_GCM,data:/MXA+SazUXTwgub07brN2w2p,iv:ILx9kkjGkgKvTVCTLpIffVSZCvv7D4a+H/3+/WtfgZs=,tag:zrZ6iw46DSW+f2u0+w5PCQ==,type:str] + - ENC[AES256_GCM,data:pLSHIgq6Zt0Tr2fLtbI+RbwYwD9I,iv:QR9fvAHS3JiMXQs1htuR7et6/eLDlopyBy4LIPk6eng=,tag:0/5kWOkhLPj757aNk5tLvw==,type:str] + - ENC[AES256_GCM,data:W48somjCJXv1Hwpbl9xL62ymHwOo,iv:gs1qJauUQN+IFd49GIkApp0o8UCXkwsmhhAnA/n7hJk=,tag:f2Bp1mbBl0NdZCW+O67rLg==,type:str] + - ENC[AES256_GCM,data:Syfewr9pozokunmAELo5Pm3CKIUS6ys=,iv:+pNQ6kTdvWjzarQvMJ3MO8y88u7BWZOas5eDkMeIdU8=,tag:ECU2EmV9quK14LX35Sdbew==,type:str] + - ENC[AES256_GCM,data:sIH3MI20RiiTMfoEfA==,iv:+v+J9XsqnbgfT5bY/eVDLwIvCp+zmwFjbJ1dg7VmobM=,tag:F8Bymm9KEim6HsKuaOnehA==,type:str] + - ENC[AES256_GCM,data:xtulrkr9UKkKwAyKGu0=,iv:fNi2wgMh48It88AERvT15mAS05IlYVaTx99cXX5T7KI=,tag:Fwt0QMN5LJj2XUun+tVs2Q==,type:str] + - ENC[AES256_GCM,data:qUn+hkskim2Zjl1gtUYjB2am,iv:U6YOo6OP6i3GVFO36BEzF8VvIs7k1D13Lh2cVvF3Qw4=,tag:y1D7fj8Lg5iZnB4TSEUVGw==,type:str] + - ENC[AES256_GCM,data:Vi7KGKtnpGICszdg,iv:KVW8kkYvKdjUQ8sp1uxd64q9eTg/BLGR779ofnxtkCQ=,tag:sag0eOhsWfEoXuOi8BWh1A==,type:str] + - ENC[AES256_GCM,data:ydoERH0CA9AcfNc=,iv:n8mJnpUCDRkmbaV06XMRFKGFoxCERgXBrW8yRyulIvQ=,tag:j7yySn55PwdSxd7WBIkK6w==,type:str] + - ENC[AES256_GCM,data:Oon4oUPgXz47uiQ=,iv:3ZWyW7+KthsSh2o5HTUqzErhBe1tqdzPelGrenQkav8=,tag:GOWbac+WCb+1RIgYsNdjYw==,type:str] + - ENC[AES256_GCM,data:RgfRTTqGMDqyM+s=,iv:LQalZ4ubETTl8ksh+YZ3LotBTbHgQZCRpXTJUzLxAwg=,tag:EZPwo+eAc382QHj33qn3Pw==,type:str] + - ENC[AES256_GCM,data:I8yCuu5WpxFDw4CLgA==,iv:NyUisvWekI4Mwn9zoroi4Zp2Ry4e3urbR3rhhy5TSVA=,tag:6rVV5ADkuD+6VrKhXcVz6g==,type:str] + - ENC[AES256_GCM,data:GESKF+ifKdePj1WJhuztiLQI52pm,iv:ykQ+K1PPMJn8CyAPXCizxZs2AJGhHQKVlEh2jiTcsPc=,tag:PlhXre6HPaHRMnpZ0GafeA==,type:str] + - ENC[AES256_GCM,data:QO23TnZpisMNMnI=,iv:UMW3+iyUweiRKZ8r/fGoQr+osuZbfr6iLGGdrQB+uB0=,tag:TSsnZbsUuTpViPaZ6+BWxA==,type:str] + - ENC[AES256_GCM,data:TW0MUMlFA/7Ra3x+Sv4/lmbgMeY=,iv:2IKA6sNyoId2fGiZBjIPx5rI/b+DGK/rag2Ot3GbOIA=,tag:IfE7sAnxOMnC/wamqVgloQ==,type:str] + - ENC[AES256_GCM,data:XjI+E9xwcCElPjtWSbGB4xG80Q==,iv:hMvG7Ap2zR76169Q/3vdbzmpWxdyMElzHY6KUD4MNKs=,tag:8yeNR9EQ0P8h/GAyZvzgRQ==,type:str] + - ENC[AES256_GCM,data:PI/379XrgP3hVq8=,iv:Nl6gNNSBIQisA3FJhoeclicXwZdqQcrMcZ9ojcEzOiA=,tag:ONeLkAL4UDJZ0lL/gBnOdA==,type:str] + - ENC[AES256_GCM,data:gJtlC2c7CXupdGgMP/SOLYJo,iv:a7tDOdGkdJyHo4g18BAB2VnVcf71TmsoH8cMk6Xfr8I=,tag:W3WQkp5VqvXQcm32rU+VRg==,type:str] + - ENC[AES256_GCM,data:MfkZFDguRI7M5A==,iv:3D6h3CzobWEeIrFvnVF+psLGgjHeKw6WroEVtVhlGXM=,tag:AXvtT/Gk7JfYcxV9rpG7/A==,type:str] + - ENC[AES256_GCM,data:lZrnCK/A378bdDou7g==,iv:2tmdFvXoUbqtyYU7pILroAuPtHvAx5r2mnJb/MHacq4=,tag:htDDCGSd87L4Zyah6QVDkQ==,type:str] + - ENC[AES256_GCM,data:Z2JoVzMpvTSCNxf4,iv:d6MMhWh4C++KXACISBp1tx9GyHuS+jSNJnxbBZp/EKE=,tag:AM97hgao/JbS+6ZzVowU8A==,type:str] + - ENC[AES256_GCM,data:H5+aOYvqb0dd9XWT,iv:8KTPOr1sb5/1BOQTnQq2U8vo0qw1GWeKY0ZIXUAUN6c=,tag:ZPgMnLVPiQGP/++IckjDaQ==,type:str] + - ENC[AES256_GCM,data:/k3+33ePTTI=,iv:h5NsEzrUHMBl+Vnl3vN6X1kpmRkSzU3pu7Cjbb8MOzw=,tag:scZyHrF/PHIRu9i0Fi8c/w==,type:str] + - ENC[AES256_GCM,data:QMWJck1Wz5PQIA==,iv:8KmlcBQWueBmKd+JSPoOlaljQkLzRH1C9WCP9WPW3Mw=,tag:/c8lSHd4Qtzkcmrj+iepzg==,type:str] + - ENC[AES256_GCM,data:rZghB0jqvLFXgNKr,iv:gBttHuWmSbSQJC1kIqt1/Gj3a4VyybBabYdhHVp95tQ=,tag:R9e8mqmnUrWw7W1ySfnmmg==,type:str] + - ENC[AES256_GCM,data:O39IdY4BaQNHrTRoJEZO6A==,iv:ayoqVCDxrBRZy+6Guw6Rc0f5XKkoXacxEGhOk7oWrSc=,tag:ilRfPe9ct3C0slgtl0oYrw==,type:str] + - ENC[AES256_GCM,data:30jdaPSLng7rBdcV,iv:2eV0KQOs7NkCj95hvJzsc5+TTMh02yhndgZz2RSzjDs=,tag:uQwh8A7qju/8DzlinDD0rg==,type:str] + - ENC[AES256_GCM,data:NofFiKShbbu/a7Cs,iv:IgnbVZRxXZRYkyjRmz9L0Jayr6ihL6SqV1i3tT3oyeg=,tag:aeJW/Ne84RJXDH8GTZKKhw==,type:str] + - ENC[AES256_GCM,data:JtAZwpxO+JWsICOOSqj8C6I=,iv:jtnBTTFDVcQ669EA/TcuWMUOhKDaI6wCiKeBqcbOD3E=,tag:4UgGFbeaKAL/Sno5j3MVdQ==,type:str] + - ENC[AES256_GCM,data:n2ME1eVMOdfCYCU=,iv:uFiKYSpJVASFMLHkspYZBXnMTW+DnI3m2H13Ny4rYiE=,tag:gmgfPkbg/UjKtXkzbyH7cA==,type:str] + - ENC[AES256_GCM,data:r/JPTLE2i11XmAY=,iv:yqqrBGuGnuC3aIq0mZdvipVUAMVt5Pifv/ozgb5uDbI=,tag:qKUy+vG+HgE/Ca6+TYaBiA==,type:str] + - ENC[AES256_GCM,data:CqPJsLhbSiZnpCQ3oDM=,iv:2hV/PKTbPwO76VkMnReU24P1n99hua5vzce/dv/p6mI=,tag:qkcblqwHEtvVYfaTB3xLeQ==,type:str] + - ENC[AES256_GCM,data:51Bl28nNDGbY,iv:qngIKMTXsZQyhqNUAH4owYGFI6IZixTv8V3QAalcD4w=,tag:AuP1hRVxM/CU+c8WeYIZxw==,type:str] + - ENC[AES256_GCM,data:Qvlv+Pvr+f31mFQyqw==,iv:KWEwQBTrcrF77PZJ0jkOq8j6coFPNJTbGsZzxgj0x/A=,tag:CjdUbULXgP0yfVuTwGuccA==,type:str] + - ENC[AES256_GCM,data:DYn0KC7neKs=,iv:L9rYXHtZRqmw0nFiiaIUjapVY/1JUs8oL9X9BAcJ+sg=,tag:D9Dz7s1w/pQsHUwJZ/DWAw==,type:str] + - ENC[AES256_GCM,data:BUbczSLgMC22RmOU,iv:rabR6a+240p9hvbdmAyInlkCtEbo4umbvrp3/s0UYx8=,tag:y/Xg25+3Y1+BAW9R37e2dA==,type:str] + - ENC[AES256_GCM,data:YlYzl8vcx0S/vbf6,iv:n32TxlxiIxvQwn9ACayP4pFVO8QfPOkg1XIeImXqnvA=,tag:EZvGAcNfvZMIqyuDflbIOQ==,type:str] + - ENC[AES256_GCM,data:Fi2jXYhTGQI3Gj0=,iv:Bb8hVYEmza5IrsJozoQ2RoDQtd22TlVskJx0ET7lRps=,tag:bK/tEe/9NAl4nQJK/X7SYg==,type:str] + - ENC[AES256_GCM,data:h36jlbQ5ovc=,iv:p9tMbiqjzh6lvID4vOpkDt7qDGIpasKZT83o0TjH+5w=,tag:gIX+oZUEiql0GVF/Xl/7Bw==,type:str] + - ENC[AES256_GCM,data:4SXyjrtj6A+qSRDrTw==,iv:NO66bojSufQGt0ilCzOYf9uiJS+zF74zZeyWbvoKOzg=,tag:b7cU5JCbTmlzNu9P582l3Q==,type:str] + - ENC[AES256_GCM,data:J8rahUoXbaf+Af8bzA==,iv:ZVUg9AhlwCT5y1p/1aueE08kH+hXa9r7odSJyqqiduY=,tag:9I10g7xv+lvRRbGWXjXUnA==,type:str] + - ENC[AES256_GCM,data:VX9uuuIYmjZkUctg/yY=,iv:matn8vL8wk2vRmfm7bJdEcuamXJgxvMP8oMc55wZeM0=,tag:rBKZNlFGzMH48YXb9BZiyg==,type:str] + - ENC[AES256_GCM,data:e5ifIE9zDgClp2N8wQ==,iv:Z+6jW/5RY0uKdvhQG6FR1VpuG6L7qMNMTCIEbXZ3X+U=,tag:iUjffLBXyBPlsYyrYK8LuA==,type:str] + - ENC[AES256_GCM,data:5QO0ITIEwyLhi+Y=,iv:xjnzvi8dttAw1Em5Nm5r/2Dao62CDUFc4/Mhoinctq8=,tag:9dh0wmz+8jYy1VXQfCmUFw==,type:str] + - ENC[AES256_GCM,data:/xfpmzc1NmGuitWmjRo=,iv:D5VqhnZ1kFftR+PzLkZIUSvDSo9446svKvaz68i8Ups=,tag:82sG3G8h2imK9tWxCR0pAw==,type:str] + - ENC[AES256_GCM,data:uhFbEHatkTOK,iv:pLFd4h9mRNujj5D86rjA7FubLIYDw1vRM9SGwJc9I0U=,tag:Pltp4wbd7reXE2+gpbXyYQ==,type:str] + - ENC[AES256_GCM,data:UQXgw7WqPog/NS0h7Q==,iv:9lVO55/sozMMImzHDzBm4Zdl+PUwdz8p/2rFF/RkMCk=,tag:pjcXsOKHweOX7iYbmKfaqw==,type:str] + - ENC[AES256_GCM,data:o5N3n45og9wMxHNZ,iv:hiVHBsR2BTVPELtKG485HmrH1KTR6bEpBU5VckZMsi4=,tag:D8lH78lsL8Lit6VChU87Tg==,type:str] + - ENC[AES256_GCM,data:kwKCo/3KRb8c2uOFpA==,iv:XoV5/rT0zFkJAspl9RD7TT5WBylBxWivEALdXYJKhjQ=,tag:FqGlIMZaCa0KoFt+r13EJA==,type:str] + - ENC[AES256_GCM,data:OO0489b9UCbQ8Vc=,iv:8qs3Wbu1PZh0Hrp1SFLQhdeZgtN2Ko6F0J4WpNiasMU=,tag:fQt57bsZzNWEwmHnYW0Eaw==,type:str] + - ENC[AES256_GCM,data:6bncLx8koE3HOmtZ,iv:QPS0V5YCYQpt0XP25IXNR6e90fQtsjw/J3k0XhoxMUE=,tag:VcWgZyGY6wlwu0DkuaT/0A==,type:str] + - ENC[AES256_GCM,data:SF5KQEXcNo43sNfNowTTy88=,iv:U6qD1rYWXVVXPXx/VifXwzR/YNxZTIUzHZ9pkaDTwVw=,tag:macV40cwmzdjv5hgAAeVbg==,type:str] + - ENC[AES256_GCM,data:Nu0nyPe87tU=,iv:KKaaoTGXOvXbb+60VGgUU/vuzy9+QUf+joHNCslgPMc=,tag:aB/aUakvHTgq3wJdldmDNQ==,type:str] + - ENC[AES256_GCM,data:CgFGkEU+qKCMVcEPbudQ,iv:QKZt7X4ncfGLeOtJVVyfS4jJO5yTwSntEXe8DcYigkI=,tag:Kx2IBQ99W1nBsXjkapqKGQ==,type:str] + - ENC[AES256_GCM,data:fhFSSvPu6w65ozM=,iv:YEnP3mCT32dZzi/Rsiu3eFoLy8GpJ24EVEMTdz0gXIc=,tag:e72gyU6BbkqtOqHgP60FCg==,type:str] + - ENC[AES256_GCM,data:Fhb/tuGN/3lEng==,iv:PcKxqn5sJyjjTS/2tuoAjvBnHQaMg+hYjjn9Aw80Sdo=,tag:fdttFosJUZ9oTrLW+6P/KQ==,type:str] + - ENC[AES256_GCM,data:nN1S36jeKsjbMQ==,iv:mDVKK067duhGxqyIX+EDYOfOF3sayYt/6FalVuLpufY=,tag:3DgpPCSiTpnYQqXUiQcXDw==,type:str] + - ENC[AES256_GCM,data:1/aDzQmLDZ1HO5W3lw==,iv:itc38c7OMSP1o2vx1MRSmNikbZKaqU0AbLXoNrab0As=,tag:b9yZMr7sT96A3/lgh0jHWQ==,type:str] + - ENC[AES256_GCM,data:+bTp95CbJWjJrb8CGQ==,iv:Y9JLg/8FOmYEBBWpligVRuqPIMzGVDM201Iqo4pPlV0=,tag:e8xiDmvjWNQ0MDUgovC+Gg==,type:str] + - ENC[AES256_GCM,data:hpu07S6d,iv:Cc+sbmoMY7sqFRBoezRC3saanzITo05laPlFQhGYTEk=,tag:sFPbXu0UAsAaJkSXOY6juA==,type:str] + - ENC[AES256_GCM,data:KCFhjftf+acf9yhAQ/E=,iv:RYH8lH4stmlQ41tIQOCjS4j/RTc0XvBUjKTfo3QYZLM=,tag:3GXpPjurkJvzhCuU0EZDTg==,type:str] + - ENC[AES256_GCM,data:d/0iPxKdMzp3TsRPv7D1,iv:eBxJg4oD70qABvQ5A2AzqJzdFcM+kIxmke0JgR8jB5A=,tag:iMKa7Zz5l0TTVpWCNsPWTA==,type:str] + - ENC[AES256_GCM,data:8lPIfVMj1R4=,iv:dR3Qxa1z8iKnMmcuaCLZ3+aiRgn/ycjA6+z61TsVBKo=,tag:jCXwEigu1ZPJ/7jHgQUGjg==,type:str] + - ENC[AES256_GCM,data:RNHqgeUhH97ukcLT644Y,iv:KPgwc/ZetSEJ3GgdwlKfp7SpN01+E17FdpV0/YQ2q6E=,tag:2tuYITci2k2rzHpI/Y7l7g==,type:str] + - ENC[AES256_GCM,data:gEj6YvanUm/JlKC5eVYtbpQSAw==,iv:RbbKxx0e0agPE2WBgOTpXlYtLFU3+u7rPy7492mqGyw=,tag:bmKzO7SbL7e+NE/ySrWthA==,type:str] + - ENC[AES256_GCM,data:6DeCGUgiC3Skt4OdvmlzKZ0=,iv:a9gciYiIIDziRn/T2IDO7JXzSD5ttRvBcSK69vXtKUE=,tag:hwBEpB2FgrWGjPRn3NDgEw==,type:str] + - ENC[AES256_GCM,data:0YnlXz7gsv/idVJ9etzCCw==,iv:V6gaFVw13eJMN2hcZvxxlS6ndNXp7e3vhSBfv4kvOW8=,tag:X8VQntBzfqvK+ojSjodL+w==,type:str] + - ENC[AES256_GCM,data:yCGvpqEjvIqzg6UWADa5,iv:aOstlPtsI9Fg0xmJ8QRqwKkM6Vpj+VqoAMUJPz30iCY=,tag:XN3dQnXWF9kJTbE0HvxncA==,type:str] + - ENC[AES256_GCM,data:mW20d6fcLj1Gu0MTquJkvuC99A==,iv:42jMihQ2rT9KGORHGILjg1xSEY9t8As0di7xw066H9Q=,tag:fkGYI8keCjOcn9u+fXLl+w==,type:str] + - ENC[AES256_GCM,data:l7JGPCNfSLcSjHMiAtBbcsPpc6E=,iv:OZbr4dTNELz8crqc+Aq2h0VApSkMg2Uf4zkpe4MUSnc=,tag:7EeEdt9LFlHC+PrlqnjM6g==,type:str] + - ENC[AES256_GCM,data:KEvlGxWJQIvU4RXBVsZgo4MxjQ==,iv:EZm8jXu+Lnohgklb5eCe7qwFbE1jXZwaJXNsS25Z/0I=,tag:2jb6vPO/wxGKVOAqHVE54w==,type:str] + - ENC[AES256_GCM,data:S5Px7xf17FoYtBGehI81eA==,iv:vdY0aOppAc4XOeRokEgYHbUsfZh7skkuWBrBwpkO/oc=,tag:DS5UlYD6nU5BGqFXBgQQNg==,type:str] + - ENC[AES256_GCM,data:WuKrRsc+X9zznfUrnW+8pWZ8,iv:6tpDCW0QxN9Nb2BOXTopXHrUcVQ0nIEvbGi6inUpC2I=,tag:IlXNHosp5/hH/g5jt/XXnQ==,type:str] + - ENC[AES256_GCM,data:9INiPgsT30uUBR7t5c8=,iv:hOaQZ1CGWomusfI1p1vkD4TXcaWmJ3lWERYiagJjKxU=,tag:whuxxPUZN0dtBXE58eQYRQ==,type:str] + - ENC[AES256_GCM,data:xI9vMLxJX7KjA4wqFg+ylUIOoeeoA02UlA==,iv:tIBfzO3DMdI9+8MkdwbOy+oUpyqFYUNbDdwVaO47RfY=,tag:FYxudodh5XARChBlCdakXw==,type:str] + - ENC[AES256_GCM,data:5uuD+VE+be2/VyFF2wlGEYex38roV5gjeA==,iv:hHfO0ivRZhMDC3i5VvCBgLwPsOXAN64kADQ1sZJUUE0=,tag:LyJftsJ9DhD5YALguiOq1w==,type:str] + - ENC[AES256_GCM,data:sLuCPbbFm77le9/vRTk3DYQIzyLr3NdnGGCu0w==,iv:UqO5tUkw8LgJSmrzRqEfAZo0d1KfWD+/2AyLsnVshAc=,tag:m78zYLuz6KNV0tr1+ajTPA==,type:str] + - ENC[AES256_GCM,data:Fzdi8cdAmh7BDsz0cwKxWZ+2eGE=,iv:LRiG9gCFaTkvQoz7BRxYlCs+UewcIgN1JlsE4+MrCz4=,tag:dvDcVxB7rN36dpjJZMiiIQ==,type:str] + - ENC[AES256_GCM,data:ktdMGd9OqkJFHY8Y/KNJD7ooZGU4YB6HNA==,iv:ZqfXfc62wKo261myNjUMb2R2qsL++v+qOaaWB6dQm/o=,tag:Ke502B4zNQaslkYhOiVPZg==,type:str] + - ENC[AES256_GCM,data:bEJvkQwJxXNNUzjOaA==,iv:xGJ7W4HiV83zVB0iLherL5fHdx4A6JsCIokXkTJkKO4=,tag:dgZyApF0MtWPtV7wMy0YMw==,type:str] + - ENC[AES256_GCM,data:jk6CssrFaD0=,iv:wbASbi7XbrJf4FjmOS//aFHd4XD/sKSGQnxuUiUWZF4=,tag:1jJaOoSLYIuNXQUQXp9xGA==,type:str] + - ENC[AES256_GCM,data:z68X6xcWdwnLyLuRqdiNr8vukVfVAM7Gag==,iv:H95xWrCfFWcTPxhyS2/e7+oMxy0wIdalHUBQT2rpI58=,tag:9HmHxAWQcC4jNXPbpvAlSw==,type:str] + - ENC[AES256_GCM,data:D9G4oxxXLu/8YRbcWIsI,iv:/V0VcgLXNF36hfon7pMhyBVh+SPYqefTln+cWJZB7BI=,tag:ZAr3Az6miuaozb9OI9mLyQ==,type:str] + - ENC[AES256_GCM,data:uPvWdOLbCZYgHa8kjJuW8k6LDAU=,iv:bhk4msEvhOvdbBh3bdoTBUWZdLl2ZOxkhARzWtGSFt8=,tag:VlgPE0drwHxKO75SVX7WUQ==,type:str] + - ENC[AES256_GCM,data:M347VSZ27NY7tkfK,iv:POGuWxkiqGxudrS5tfz+fRbTkQdnCPzXV4Tr80h14Uc=,tag:O33NogCjaO3yh5ibAJPonQ==,type:str] + - ENC[AES256_GCM,data:OfJJQK9r7ri5oRbC99/FNqGx,iv:wWZzcy3gYGBlUk95ruUBIDTcT6NiRmybf46vi4kcwyw=,tag:i5HklUZs9EHH7nFk53bxXQ==,type:str] + - ENC[AES256_GCM,data:TPemXtLALrWloTAFlZCt8A==,iv:iLtipRXlD3sZLsGK/3pPJ6oX8HYUap0k72x2QuWD5Qc=,tag:7J31KUX8jZd7Tek+bKmBnQ==,type:str] + - ENC[AES256_GCM,data:9xQsUpy7TvHmwzYoEsQ=,iv:umIzFqKG75AWvR3PM1ZBOY5C1GWPTUxWb9n7HpuTj78=,tag:jUzTfqH4Z2rsgh4a4L3Kww==,type:str] + - ENC[AES256_GCM,data:o56SpfZY/4lfai24dneEtw==,iv:11A/9wD7qpaSDAurNUcAFdU6Hli9YUntGgQgNFNViHM=,tag:/RkZHE1yDe7UZCdw4kYSEw==,type:str] + - ENC[AES256_GCM,data:PQ0St++78x8RJuJQMXwFmIqGvQ==,iv:ahX8NQuV3UtAQ+dH3hCv+JtxzOgAWdKNxOb4TgnJZB0=,tag:uPGPZMkVYg6QAEu8Jl3YaA==,type:str] + - ENC[AES256_GCM,data:gBgt1kqz7vHiB85P00s=,iv:A8Kx1JqyEaMgAWGEalK8Nl4+Ga+8HI8SKC/WdshDj8c=,tag:w9VOu7b7qmx0+2xJjp3LiQ==,type:str] + - ENC[AES256_GCM,data:0Rjq8ctO8UgkNIBWqw==,iv:oy0cX50SOqNq0f0aWLeyqjJQr6WLAAOM8iRfcg8jwy4=,tag:ftOLiFHoaMrz4XQQiSMBJQ==,type:str] + - ENC[AES256_GCM,data:rcsifZQVaW++Bn4CsPg=,iv:9TFH7rio1GW72uM43TRqE/GuXAnZ2K8eUa3D8m68fBc=,tag:AiH6ThRQpBri7MVad5BWIw==,type:str] + - ENC[AES256_GCM,data:WDNx67wjNQr6EQ==,iv:hLIxY+QqAV8R5cA25WW9ZMojjh9HnWl5YN8rELFNbWc=,tag:5iZ1c/JYz807ueGEXu98sQ==,type:str] + - ENC[AES256_GCM,data:AVtknpbN5KpBWAMhvg==,iv:0y0PkcD85IV4cFpRkRsTO6mYcxLj3V9+OERqeLl+A3A=,tag:npLjgnXzyzhM5HgoxV89tQ==,type:str] + - ENC[AES256_GCM,data:UZIrplxMuP9XOT7t27o=,iv:xWo64PMWUex0feVMTTl1Yi9TahOJsruGgqxF+ds/35Y=,tag:J1BMXx4uU6BLKiexs+QXTQ==,type:str] + - ENC[AES256_GCM,data:yt+pTs1Fr0E5gM0=,iv:aIXwWywz4eD0RkwgLdO6ghn9hbjp7cRMHpif1nFMkQQ=,tag:tr0LQkkmcDOuRr8SBGEIQA==,type:str] + - ENC[AES256_GCM,data:1KqSFMlFfwXtNKwJNg==,iv:trV8LCAxvlXIy9dbzK5RmiNQ2+IMY+KGp2Nz3r3sMgU=,tag:N8BOweQrEEweJxlnfDi9hw==,type:str] + - ENC[AES256_GCM,data:5RryYEP2y7Jp2yROdUY+,iv:0aE18GILd2Ma5RYGXPH5wUAnfjaae7AzxSKyNN7yyF8=,tag:1Tg7hwKcSbpDBBpVdOubhw==,type:str] + - ENC[AES256_GCM,data:FRz+Px7jdm4WGJ6Uv/13H9GT,iv:1e2IIQa2LD8f/tSmeohpJpICIbvYd6STxroqm5DIhBU=,tag:uHe+BhReP/qCFVgkDuk46g==,type:str] + - ENC[AES256_GCM,data:oePobxvl/Kp76zWz,iv:Mb1BY/2rviXa3+HOe/3egjxr601en7OHHSrESHUu9Q4=,tag:xN+12SMnClGQg69gxtXCZw==,type:str] + - ENC[AES256_GCM,data:BS8I+LxUSc0tP0FR,iv:7wmQtu9B00C4G6ZzSYSOPV/FQO3MeZVtoFGRY55Ls0g=,tag:/PNCitjaPjGj5YTie9nvyA==,type:str] + - ENC[AES256_GCM,data:U26jai0P4Q3j+ppw5A9h3Q==,iv:AuO3PcOw2uhz5mwr4fpmz0h1K4T+TXMvzyfTsAtLF98=,tag:O+y4HKGH6CCFCcHJrwPfUg==,type:str] + - ENC[AES256_GCM,data:NP5Ngei9sHqJZnUg3w1/,iv:UloOuk0P6pMtz9qjSn4TPfrUxraPsoqcImf/u92EAPM=,tag:Ae3CMpY+w0fc0NXDsS6zzg==,type:str] + - ENC[AES256_GCM,data:uSYV4Ha7DZyoHJcnnjF+nA==,iv:fPW8p09bzvFZ2CzqbqHUxSGe0ACjmYxPpjB0FyzUmuw=,tag:VW4sXgLoxIfQAeqGK94XCg==,type:str] + - ENC[AES256_GCM,data:oXCE6gbDB7I7fho=,iv:kMw9eXM899bXFYy5jwJYJoOBg9FQV6yg/xzoYigQH0o=,tag:nUn3JGBBI6CLJkGoiPVoUQ==,type:str] + - ENC[AES256_GCM,data:QD0dyDaOYoV+nbM=,iv:ICi/VDzAecFxyhNlAWIoRLRMIOyCUFy5IK8XqaGIaw8=,tag:A6X2Wj4geJP/9I8yq6QGfQ==,type:str] + - ENC[AES256_GCM,data:T7S8+Yri+Bli6Q==,iv:oZHnluVlMd/DnKNpB479hKw7YYOmdJ9gN8V3zIqzZzQ=,tag:+gtOjJUhVBy5Fm7l2B/4CA==,type:str] + - ENC[AES256_GCM,data:sRldQ2SfAJOIn2Q=,iv:VBvgwaQe5SdvBrew4JLJhZg71lkPQIy2/avVrncHbQ4=,tag:wyNSQYdkOBAvTahP2/k+7w==,type:str] + - ENC[AES256_GCM,data:KX6kpKlFNdGhiZ1jZLFA,iv:8odirH/7twkYbFGbTi+pZHiRUvkBxbJCeYqNj15hicg=,tag:tqtY+UTgLVOLH/iAiGwVrA==,type:str] + - ENC[AES256_GCM,data:yzjCxNtr3laXHQmepA==,iv:yk8rIP3HIIaB1kv3+aGzkbMJgEjYw3vlwXUFHDL5llQ=,tag:lmxJJGu6JE7nFhYC7RLWDQ==,type:str] + - ENC[AES256_GCM,data:CEHStXhDhD6yzg==,iv:un7wIMe9xgXZEC4QQnp4iy9MUj//axxC4+Q//oKubOM=,tag:gmvDfxrcP5MGBLIAwKOdOg==,type:str] + - ENC[AES256_GCM,data:FTGorX9PL7GLPV8=,iv:9e+NgWGM58ytTssFQvTz6lHV2SJnqdPwT/2DNmsnyLM=,tag:uvi9WZPM4P7ZIavyf54CRg==,type:str] + - ENC[AES256_GCM,data:SSbvqwYVBDlQ,iv:SEWmq3ilZg7URqjt3FV1LUqG/zQoKmS2HYVr62R9V94=,tag:euoFDSEDfaLQ13IfKGOkBQ==,type:str] + - ENC[AES256_GCM,data:7j9HvZp5R9thDxHZ2bUF1w==,iv:kiQRDK1WzCEueDuKiHP/WgM65L2PTs27HCI3wpZQhwE=,tag:DTuY8xE6sJjV5qEUZFAgMg==,type:str] + - ENC[AES256_GCM,data:6z4c7JLrwh4qj+sM,iv:zYCv9/ZIpt0GuTDSt76V6s6emU5j0cq6D5HU6rYprPY=,tag:gefqXxAQke0FgHScZGbLrw==,type:str] + - ENC[AES256_GCM,data:WGc2xEEtJPJCUN2hrlE=,iv:HOhnb/5nl/pullLjxbMv8qBwU5PXCm8EPp/ZkQ+8E7Y=,tag:fho+9KcK9SHUKxaiA5xDiA==,type:str] + - ENC[AES256_GCM,data:eEM40YkdkEONufygSQ==,iv:ubDX8zT5M6MjFh7VQwlnCj57ABngCwuYofjXYpZxqbI=,tag:A/cTtJ2YFnPEYLwgxBfmjQ==,type:str] + - ENC[AES256_GCM,data:wTB4Y/ZfYUzGFvUvU48=,iv:Xf/amKmf1Q+unDSjFVW7yLDz3zjZIq1llAXecGGTNlY=,tag:5Vw+nL+coG5oO7e3gKvWTw==,type:str] + - ENC[AES256_GCM,data:ziSS6n3AxLQxRIN8XHxt,iv:0w7+y3VLhO8rKP8hqg8Vp2vf6/yAqYiDKj1FOClMegE=,tag:VFZXenLgqazBqPHktYwthg==,type:str] + - ENC[AES256_GCM,data:hTh27LHPVHMVWtPXSwtGAyY=,iv:deE0O2m6xM2qWxfxwEIB4UAeLv4J1EB1kwVPB+UAUSo=,tag:EUJORGBej/I4s1SirtMuGA==,type:str] + - ENC[AES256_GCM,data:HES92zEs4IS6ezTqyw==,iv:kaKyzW7Js06/j8ZsnNekZ1AAZNEVFlqKqbEu05/jxEQ=,tag:Oe/r1mQwrSfuHn8Zh9tZhA==,type:str] + - ENC[AES256_GCM,data:zA3E/CDoOPMobNXYMs5DDA==,iv:noe6VKHnYZQmfI2XdnqPm9UNLngbrISNKPvsoPJeOlI=,tag:J88zizb350ba4tAN3bOtjQ==,type:str] + - ENC[AES256_GCM,data:mG0mxypUuXVXfeZA,iv:XwB3H3Sfwj33kdzrufCBtQARZq3H3O2MYG1e4DOJa6E=,tag:2SDDXmsynAu8OKrWxl9A+A==,type:str] + - ENC[AES256_GCM,data:DfHT1vYb07IGnAk=,iv:DEZ4UT9pOxxVVepQkb3R5krpA0Qcmo4hlr6CLSe07/o=,tag:HeypwnDx4JGpS3r3jDjrgg==,type:str] + - ENC[AES256_GCM,data:r2YEdY9tJFg=,iv:M6UwXbQFOo7Ki7gOwkDivTDW4ZvWCA3zVhYLMzXMV5U=,tag:eplT20031pcqvOPCBP2TNg==,type:str] + - ENC[AES256_GCM,data:d0VbhQh1/QtBPwEEIKOL4bGnXWg4joMBmwM0/7E=,iv:FncnPltRffteTwKrbCtk7yukhdksUvEEjBOjHh6Brhc=,tag:W+r+2PHJqhXWT53BXEAfVw==,type:str] + - ENC[AES256_GCM,data:CyuArAQjybw/dfxeWheNI4g=,iv:gnpIVlUM3bytBIfxavXTmBz1m07k485440L/gKUt33A=,tag:u/uLac/qmJk4aQecwhI6lA==,type:str] + - ENC[AES256_GCM,data:n9jAqN/7wTqFhuholILkCtY=,iv:t4KN6DK27Kci9d5XvYcohSbESOhp8PuZIQB2dlR9NJM=,tag:hIFWLRfr+3RcyuXiPGr7PQ==,type:str] + - ENC[AES256_GCM,data:tN3UDb688RDf+FK2y94G,iv:VeeHbAUkw//+B9lLcH1rtQzHsnXQeuQJxmVxcNiKtBE=,tag:If1EqfIBssH9qTRZftN75g==,type:str] + - ENC[AES256_GCM,data:xSOQqB6nUABtBEgF,iv:EQvJZF+cFbZf1p/bv3Ch+rHSxYsUlb/X7PdATClK1cI=,tag:12xELPZPOL2TGMDFzORy5w==,type:str] + - ENC[AES256_GCM,data:BKggdJu4t+ssxjQF,iv:X9pMMmk6dm8O3sxDP9DEGrwnt01DgQMyovaQcPG/BwI=,tag:dufKnm0KJuFN7usIrk0SIw==,type:str] + - ENC[AES256_GCM,data:Z/d8DWZI5SGHAL/aPg==,iv:DxgvnDsFhOLUjcc/r56DXYunkW3gVxCDRNBSnDDNVuU=,tag:HXs0LTkgtHCUrv/noQlBdw==,type:str] + - ENC[AES256_GCM,data:6dXIyc4dPE3bfrRx,iv:MUcWBz6Z5jnZD++cY2IRHt4Ui1E4iGknGhMuiOXVsCQ=,tag:G3uuHIx0erRHt6sMDwWhUQ==,type:str] + - ENC[AES256_GCM,data:oMDMv8g9,iv:QQGK2UrMclCzGEap9A26A6YIzNGeTkXBotNxvC+ekdc=,tag:6k9DE0MZuhWGlQ2fXLllBw==,type:str] + - ENC[AES256_GCM,data:ZS6XMquTVf2C8NeuYg==,iv:T0onLxJWrSbnLBSntyfmSa/BYNJFHn3ahWvBt0r7fok=,tag:UjFbtx078JrL7UPMJ3nXPg==,type:str] + - ENC[AES256_GCM,data:xt4vb16tFau6O7sMJg==,iv:wpz7dN2xem8wTyL5nPCfB+ZI4rsNzZ+0A9hlowkVElE=,tag:DdtWviVamKtnoO09MrNtsw==,type:str] + - ENC[AES256_GCM,data:hwp2ZWyAc2x+mEo=,iv:kF7F6ow0Soq/GRBIC2Kg9nvrLwJ1Z/mLbgJC7x6pfdw=,tag:B8sXBrzMI6xu1YBfy8l3IQ==,type:str] + - ENC[AES256_GCM,data:S2kM5PnmZ0vVDgEy0rvg,iv:WUzGBRi6nYQJCxN88MIcAxPsrYLceaoI+CLsVupW9iw=,tag:pKCVYnczfvx2xMPAKIFdpw==,type:str] + - ENC[AES256_GCM,data:qN47kvUzJtqz,iv:Nm6p2iXKd5qoDxnVe89xjGoxxX3iweD/r2vGD3zBwiE=,tag:foNqb17doFequXw9AgDcXg==,type:str] + - ENC[AES256_GCM,data:zeqCHOFk,iv:sI/oKalkwuPXG5Ot+oRiZEirVStY6e8ATwSYmWAGCpM=,tag:3zBFeBgQdeVNxjF98PpJwA==,type:str] + - ENC[AES256_GCM,data:bdvHmw2NCoEuBmM=,iv:Rhvxc5iyY/5Pj66MQBmRejKh+S42lzLGsDIRxdAro70=,tag:Ll+XcF6DKDQbtADksZaeXA==,type:str] + - ENC[AES256_GCM,data:8AqecisA4pQKGWqkXQ==,iv:WQtJ1bN8YgxRFmNMqu9ZYlcEcRstfhMzKMHfXoXC1S8=,tag:RCvFs/+R7bUCXg3+EaK/YQ==,type:str] + - ENC[AES256_GCM,data:FpZ5stXhiqHf58THnIdcT+8=,iv:9OD6j1P9Xv+pLm3QnKl3aqPqwTEuF654UREO2P6DG84=,tag:4B6dc5RoO4jhGFBtaP6P5A==,type:str] + - ENC[AES256_GCM,data:SnK/C+tBzf9Ehb8=,iv:RzS4XkQ18sJsqMjJS7qO4BA+OacYkpEkTxS96QQNwEc=,tag:FFfwMn+gNBST+m3s33AKzg==,type:str] + - ENC[AES256_GCM,data:lWn9RaDXmjw=,iv:wRZSwVBXLGJW0WKZRgS/ccnvIz3fHv4VREPDmZFPM+k=,tag:UokEHbkPU64dM0DuD9CkPA==,type:str] + - ENC[AES256_GCM,data:aZa+jXoDku/IWA==,iv:Fwlx0UY2z41jUP3XUnBB1tR2eB6upPgnXHfA36T9seA=,tag:okTixeesT6UGgKO2/ulo4A==,type:str] + - ENC[AES256_GCM,data:eht7y3Aj3DFXz2w=,iv:DGFUOBvowzxYC8wwYpEEzwVT6UxbMWsPOpXKkNwkcWM=,tag:dBWqVCn1IWVxHgiKEaEubg==,type:str] + - ENC[AES256_GCM,data:+uJ73QS/OioJMcz7,iv:L7Y2T9zftaUABc/UwOoacjz4KeLwU2Cu1fiNb4XYz4g=,tag:hfdte4XoMbb5whMCniejYA==,type:str] + - ENC[AES256_GCM,data:oReuAZJBaRphotY=,iv:qz+Fdp2zMbB4CDWkkPEiGLlvkkGb+LWOwB9Dy5aNRmE=,tag:WVaE2bWTZjHYGafa6+FiCQ==,type:str] + - ENC[AES256_GCM,data:ACYmHxmeZPu2Xg==,iv:5gwul+csG35+sELM9MaAoSrQm6NGOEb1LK+rQtUCLk0=,tag:UQiVVJJHw9TCrApTcgf9uQ==,type:str] + - ENC[AES256_GCM,data:R/BwBg6BQA==,iv:nwDQmabresml411mz38aWRLdgae5H0PFoJ2UdHkRmz4=,tag:tLcf12gNdN9xxkZqVbfFyw==,type:str] + - ENC[AES256_GCM,data:FzQd9GElXPaGf/+Q,iv:E0eknryGYTl621BjvzWknH7GPeaca6sZHSPbRO4M+qQ=,tag:spsOdfJrcclM7sy77lc19w==,type:str] + - ENC[AES256_GCM,data:6g0qghqxp1++RHs=,iv:z4XQl1OWTJ0N2+qIcixbWRuP6+9laa7KBKg67GD0ikY=,tag:Zyp8B1p3mlfKq85vKOQv5g==,type:str] + - ENC[AES256_GCM,data:TZxS2sp835ioakDwupKljfE=,iv:Y6gjW4hfQei9+ZdctJb2rfI/V5FY+ooE9N3RFXvNeVE=,tag:vzTcJ4nlGznp3rifUKTZGA==,type:str] + - ENC[AES256_GCM,data:WmUiCf7koEgTTUI=,iv:ynL0dKUl3ZLcdIwyvdwTPQaKzhOSI/BQVkLMgjMYFLk=,tag:5v1oOMnEu+HsftMpQ4UBTA==,type:str] + - ENC[AES256_GCM,data:XwU3V3KQX0cyRkQW,iv:HGsTIfUIIL+zIIV60rUAkb9WYM7og8n0dqVZY3nME94=,tag:pzdR8+P+y4A5x2ySaoCjbQ==,type:str] + - ENC[AES256_GCM,data:fyoKOcuH0kn3lw==,iv:MvnNRJXdyBLt98pbaH7y6gkWnzt07KoZOyWhhzjFmeU=,tag:XoYHzjRV8Wwn3nB+FHeYEQ==,type:str] + - ENC[AES256_GCM,data:DfVrLWc3h/FBcTZneMjO,iv:uQ1krMDW+OhZloHViJPwuzQ6yedPU1STH9ddnMAgl0Y=,tag:Tu6D0XEpJBBWKejnRNmXHw==,type:str] + - ENC[AES256_GCM,data:pjyza4liuReSQ307xhGw4g==,iv:/k8wLr84XZqOw2Xr7VOnreMmLiOFFQF9k035ttOlvMQ=,tag:45VuTUNPnp+SSm1cohOhBw==,type:str] + - ENC[AES256_GCM,data:geGO7o9gEnSh,iv:6UYqzHlwxRLwteYIzHFi+/SkV18FKV2dpCaDvy28JV0=,tag:c6RoJN4YmO0tKpDuHp8KOw==,type:str] + - ENC[AES256_GCM,data:a9s0W1b3Ahrd/LeyW3+7HcWydN4=,iv:9ZmbPY7v8eKoik2c6yqWbypgAfhmQ5gXEUdJWcKIMyY=,tag:zRVHE2r61BPslskkYqMDfA==,type:str] + - ENC[AES256_GCM,data:zNjZTQsBfOM4fHbXySn4,iv:KStKnlNQSJ06ky/vn/lZBsOVBCAyMX7wS0iNapQcCIo=,tag:oHPawnkM4s5xCDy6Uaq2Mg==,type:str] + - ENC[AES256_GCM,data:wNKtOl8KIjfcc6Z/RarD,iv:sMtcnYtZ3Eib97QXJg6UIS3k7UrbAn6u/WDqdsh14cg=,tag:3xwAE15x5rHnW7/MdWMjfw==,type:str] + - ENC[AES256_GCM,data:TVyTWDqDncxnwglA,iv:G0wYaqk1libQVOTeKqqfyzXucKnM7Ndtmcv3jbZ0YOo=,tag:iPQ7DqwFrUNYEMQPvwP/5w==,type:str] + - ENC[AES256_GCM,data:d3cTgQZfK0nShdjY7w==,iv:gNRkNEaxJT7et4lshBM++verf1KZT5GfzFcTgwqeP+0=,tag:qQi3B9c5fR7eyGcn+fx+kQ==,type:str] + - ENC[AES256_GCM,data:KQbJHOWTg6M=,iv:Y/qvPLsxOuSja+tR8RNM6x2Mz/ciPpNVORkoPxydKis=,tag:08veTDQNVdeP3rRTWJi5Gg==,type:str] + - ENC[AES256_GCM,data:6vnAXelvwJu7jNk=,iv:2NcMTNj1lihMa3Vb7VTHMoDc8MnEuMK3I6YUVAqPa1Y=,tag:m5373WEE45qdFOky2xLOhg==,type:str] + - ENC[AES256_GCM,data:G5BKu39HKx4I,iv:FcgrImiGgnPkKf5MnI3gOfj/japOf2Y1o5ySH6+MOyU=,tag:t0bDZZV5GqHhpOAqViP5Vw==,type:str] + - ENC[AES256_GCM,data:gg0NBHUzO8nditkv58M=,iv:oVYdqzQrJ5F8HiyB50nNqbX5RWtAjiHFyfK91j6qWro=,tag:t5Ob0cxV6NZGk4UpY7pDmw==,type:str] + - ENC[AES256_GCM,data:NgO76ZhlfS49g+P29Ezh,iv:Gxwn4P3VqCwEe7h7bJfL1C9cu8emPJGTjqFNnK94td8=,tag:s+83PeGk4t9S/B+ErD584A==,type:str] + - ENC[AES256_GCM,data:rTbOkGQxJLr8YzaFWV9hNFUW,iv:Nd6pTYWzLuRgw12bxjUYjziadyf9SY5HPDN0bhkAYtM=,tag:7zP94kIbg9FyAs/ZnjhC0A==,type:str] + - ENC[AES256_GCM,data:cVmu9o2OicOP,iv:lkkbhQPVzDF7ey7K/nEZz9vrgrHMpeJmbPvqxtRvke0=,tag:3v5wDXuZHDKEc2SLLnqc8A==,type:str] + - ENC[AES256_GCM,data:pmWtPb1AFsC9phQ=,iv:v4qKjIDup5PQX0laqwS2WB6N3IWyvNI2VJf9doP3csk=,tag:gH35y+QPtVHu9veiQ8x1Cg==,type:str] + - ENC[AES256_GCM,data:JjcN4igYzHoQ3Hhd/Q==,iv:iNRg0N9u674DCBIOAonFusmQpoN43Ob2ZcVTVAMnjmw=,tag:5/uo3jjmaGFvPhz6n1LEmw==,type:str] + - ENC[AES256_GCM,data:iN/2ppeLPPGt9is=,iv:zEEnSCU71pr9naiW3SigfmZ0rgH5he8b2oEoeJGGSuQ=,tag:OrIbPV+cDYC6wZoDwh3XAg==,type:str] + - ENC[AES256_GCM,data:K1jHt7el6FtrL7rlKKc3uD0=,iv:NaXdN9JhNJv36ZzkSa014gHmGYReYZQet0oO0OIi4qU=,tag:QtVUvpXB1Ja/GzKdIJ9NXQ==,type:str] + - ENC[AES256_GCM,data:1LhhxqONOmsunjLbLOw=,iv:Lho1SNMtuC0oZ06x17ki1LdwW43CnpxZkEk7FBisIqQ=,tag:vQo8N188zGwnpkmi+iN6Uw==,type:str] + - ENC[AES256_GCM,data:fl9e6YrLh1rcn9jsoa9eXZ8=,iv:/CWYbrEeqFypoX5kfx1K+Dol31/JMsktRJ8mP/n3xQc=,tag:oPjpC0yet9akT7T/Y0C/Wg==,type:str] + - ENC[AES256_GCM,data:rKiifDQ9DFW8yi6KAc5wfA==,iv:lnJ1RIPJ40DfAOZXcxeCQOXeaiHL56OZF3PurKWHS7I=,tag:rEEHMFmpf9tChtPr4rtYjQ==,type:str] + - ENC[AES256_GCM,data:tJ6lO4+ARIJSRW31R4E=,iv:q9xy0cz6neJrrFT4bs/TvQQg9UMuyhQH5H6DRC9h5Fw=,tag:NetQavpbVgx1jMMObVDCqA==,type:str] + - ENC[AES256_GCM,data:/0Wibd3Xn5Q=,iv:ETEOZ7cYffoBgF1xBLk6GJPTOGU6SqfdxCdE2vwyj1w=,tag:wbLyaqBDvrRBn+JeMxtTiA==,type:str] + - ENC[AES256_GCM,data:rk0FGCK6g2fs6CDrA2c=,iv:JvQ55b4yYCuB2GDv5KWvpn6p5R92oad24vtvMhZmquw=,tag:BzUHCwAaJJcv0T+l44cc1Q==,type:str] + - ENC[AES256_GCM,data:k9l462JbhZJ5,iv:nPEO0ENEWMs21omQdvfqOw91SkqGQJsHHLPC9+srJ6g=,tag:oO13edTW3F2Bvp0puOxklw==,type:str] + - ENC[AES256_GCM,data:D31IbrUbTMe9A/X6GFZFygxlG/uQSA==,iv:vVGvKCwLsVKssUd9CYzpzJIElR9S/CwD8sj2efYPSkE=,tag:gtx7hO/K3enx1ymdxTJfqg==,type:str] + - ENC[AES256_GCM,data:oYfyDBNhKbChJUkvgvstPsszJw==,iv:8mgntQiKr8wlxXMWQ6kTYeSn2pVsayL6IJ1dUEgMtXM=,tag:XphJW742btVtYXcZDCPmyg==,type:str] + - ENC[AES256_GCM,data:EnaQkJ9ZtJfDGh/obkE+,iv:b/k5k5qg67c1d4ZC0H5PzUfmLOgDoMbtMqzBa3/YVL0=,tag:cXCJNaIlloX8RqNEnDfFCw==,type:str] + - ENC[AES256_GCM,data:w7Qm+iqXmSVzbqgen8wZKcDwaQ==,iv:9iOPPL1QlteeH6k0PFJPMN/hTAIliv67rQD/JuUsQ/A=,tag:KjozKqruQy4RILaB3X9/Ww==,type:str] + - ENC[AES256_GCM,data:/ugIyWDJVNE=,iv:jzjB6pWbUAGtEJq7Ipf6wWs/ai7AH/1l0tNXP+o+vP0=,tag:IKIIgySBo9wxhYjYtg4JHg==,type:str] + - ENC[AES256_GCM,data:IzlE0aPXiII=,iv:DPaD3cvVsR5+Unf/fp7WrI9cxSzTuStln5kV/W+60pw=,tag:bmypJUvJaLaZVJgE8FpuTA==,type:str] + - ENC[AES256_GCM,data:967qS3a3iCqNiN9gcQ==,iv:vNPUZ3/bOzg7TqW50gg90uGrG0fVCDzpto9ElV8eKBY=,tag:ysDC8bFbMI3KIkSBHecJ8Q==,type:str] + - ENC[AES256_GCM,data:6sTcfEc9wLvJT3Y=,iv:Zk/WMCoGLrqsJ8mG3euSdL1ACPBlBaEVFJoNxOijhSc=,tag:zeLLuGcKj2tfQlvXn98/nA==,type:str] + - ENC[AES256_GCM,data:oxLWMnwhrrWmM6UQhl8=,iv:166ZlF4A1O9uUaF1mqmR9EufdP1BX/Mka54moYWRxbk=,tag:LMlUYvSHNl5TTdnouN5qbw==,type:str] + - ENC[AES256_GCM,data:ZrX8HepPEdSxZsc/rg==,iv:Xd+DbuSVy9Kw20L43KIqz5zhpLe9B4LWsm2AEMOgFKY=,tag:NQZn79P3qNiiajraqkOusQ==,type:str] + - ENC[AES256_GCM,data:g7HfY2aapiSez/qzot+O2CGJPQ==,iv:FNPqAMCD84itiAfHh0oYO4oKNMRLykbR9RTcdhu0YCo=,tag:yvZhG2OqXZsS2f72/bfOiA==,type:str] + - ENC[AES256_GCM,data:oddZqF6x9oSlsLiJbtSKuDo=,iv:JeoegxD2wTLM4Qpv4r8SGo7lq/drhGTfCSL8htdgLow=,tag:F5QL+oQaP74CuTRjVzFZJg==,type:str] + - ENC[AES256_GCM,data:XaPpseUkIXfDMqc=,iv:ysEWLmIrTuk+YpeOfUfnDnFK0iF0kmk3LowU9xYwR6U=,tag:NfE0a2qbB6EEBKbGGRngFA==,type:str] + - ENC[AES256_GCM,data:szUfHigPPvc=,iv:5ghX1CDClE1Az1GqYKbUIy2H6Q4VDQD4t5hjd8Q3K1s=,tag:6uD8TwQBa484vZcSVXwiaQ==,type:str] + - ENC[AES256_GCM,data:MChX9CU=,iv:4CXn+dRd80vV86jxUKwuUXQwGE8RJUHP/6WtENK127I=,tag:GZ99ohdHZrZ9voVFDdoBiA==,type:str] + - ENC[AES256_GCM,data:PCpxmXQ=,iv:C9tdox82UEO2dZiy4xGJTkhcHanS79O6H9CqE07rOUk=,tag:5/zF4fhyPeVmGMdFlhA0rQ==,type:str] + - ENC[AES256_GCM,data:nyR8GS86A3aveUCeMUxL4A==,iv:trXs9rm8qyuWZ0p3sp/TGjq2CjTtHWweI3G8s5azAhU=,tag:EcdDe90c714tv/QAktywPA==,type:str] + - ENC[AES256_GCM,data:vOaYLICaHnVsMac=,iv:ymJHrrP1ZbkFVZKwfiHS8BKk7wLMP5S2fy8rGWfNNRc=,tag:3mrue5BvuzCEvA1CHni0Jw==,type:str] + - ENC[AES256_GCM,data:fT7jhzQPSCZo0tI=,iv:Q2+GcoTI36PggqwQo5mMC7B6TLUhmkscuWhN19Pj+MU=,tag:Hpya8VHqDmHMekoANV4f4g==,type:str] + - ENC[AES256_GCM,data:RHlTk2ai8BSpT+nZ,iv:Adsk0Poi7527b+v/DogtTH/vVqX5zXZPvatsyFGSxxs=,tag:pNPe3VhE9OW8x8evbvCIuw==,type:str] + - ENC[AES256_GCM,data:56a6/b77nZo=,iv:9XUPL0Zi+rMZJxe0XMbw/kdOpQdmjQDlB1D+rgmOZLU=,tag:LgIHOYq9d+UqyQBQ0I95pg==,type:str] + - ENC[AES256_GCM,data:XDHIzxn3OEmQ,iv:Fe2UkmKwi+O6UEIOVgYgRhUBLkC2H+B3VZoqqMcOoE0=,tag:ChwsAVWY02gJ82Bj/1nSFw==,type:str] + - ENC[AES256_GCM,data:PDQ/nv06AoiAVHbWyw==,iv:P1rtBR1N0Rb/jID6SwNMC7ZmEYPc+FkjO2nRNih3ezc=,tag:1jlEpqHkguLvYw9xr7U1Sg==,type:str] + - ENC[AES256_GCM,data:CFhn422hH5rrcuDO,iv:s/LJ/23d1UfSXnfV/SUaW/ESt2Z+l4TGH3AHprFUG6k=,tag:G/fEcZOAnaN/nV/HD0B5yw==,type:str] + - ENC[AES256_GCM,data:fYlFlF5RfjaG,iv:Fwc8ofkdU1ViKOahWMByohZNEOEOXAKBWOSzqUKgcQE=,tag:4fz4mkMsneYe7Y2ipw52Dw==,type:str] + - ENC[AES256_GCM,data:HrRNFpXw7UzgNg==,iv:DnzHh8VDnA7ciAeRYb54RNMml5qDsGUNd9gWJTNsY6g=,tag:Cqq1haUJR6yfTCj5iHadhA==,type:str] + - ENC[AES256_GCM,data:OyMjWwnsnJkm,iv:d4CvbW/1noHaykFWNBID0IS7lHTNVO0aKV8/pom8WH4=,tag:dhtLa3r4ovRkfQdgdvNAMQ==,type:str] + - ENC[AES256_GCM,data:lOWonSONvGfUEg==,iv:zQ8490elvCXPX8D/rbPd+zLB8ftuRT5+MJWhfXnQC60=,tag:l4YugMWEqV933O9ldOYwTw==,type:str] + - ENC[AES256_GCM,data:thfQW5BQsXu0SNSqqg==,iv:ilKKjn1/RSXNQGyD6Aem7ScAGk0hP80MfndbSnIM7k4=,tag:+H64M3iJQE08gLzTHNzV9g==,type:str] + - ENC[AES256_GCM,data:jmEr8VzArpU1Mg==,iv:UWSDKBo3CwVhrO3UbVzrADiZUPGRDWs4RUbs870CCBI=,tag:cI5qTXJZYPppSO797P3mxw==,type:str] + - ENC[AES256_GCM,data:9XU3C44cUqTx,iv:e7O6vD/zvCDtfOhvy4/K7dOX0mBTPF2/Jccp6UDoXXk=,tag:Wx2B+LJq6gJfkg6xdrrJCQ==,type:str] + - ENC[AES256_GCM,data:4/jhAvjTYsYk/C4=,iv:qyOlQySaW0Sg6x9AE9QEGMnkaM1pC9qUGWjnfDHPlvc=,tag:66uEhNzN5+bpeoJmj/WOYQ==,type:str] + - ENC[AES256_GCM,data:VWvWgKks+FqF+ghK6ww=,iv:z18jl7xDbyPWm0HysodmjoxIf0UGaZ3BbffcQ54ZX1g=,tag:XRyGySu5txB3u3Jvc/7I9w==,type:str] + - ENC[AES256_GCM,data:0lr0UX7vbk2emWmP,iv:8HNQauSh8hZH/HMNP+j7JiSS3LgxhDhhk8Mepg1fZxM=,tag://jX8DT9xdapsO4woPZZfw==,type:str] + - ENC[AES256_GCM,data:Eg4v42fgOcAXh2xiLbUG4Q==,iv:5crf2FIxqCuC25H0xhgb+W5+qQjrcrhv753UetUtAVU=,tag:jmkSqJwmhZvimu0/yPxhvg==,type:str] + - ENC[AES256_GCM,data:aaTD1Q7LZBhPlGs1hZ3UWQ==,iv:HwtJsVbkNeAG1uEKyTSx282GKyVb4Tjy9d8rnYRl1TM=,tag:B/X0PShZ54ikKtAPi1VRhQ==,type:str] + - ENC[AES256_GCM,data:CU4vJh19NphLFnr2kA==,iv:qbfgMhZs+qlXd3kbM1t7I3jxdKwKA98qz6iBB/z1wIo=,tag:bBAsmf9bHdru36wbsRCo0g==,type:str] + - ENC[AES256_GCM,data:hGriXAYs11dSH3CITYw=,iv:8PjtR/LrZ2CvsHPLdy7RO4lwumBKLDz60EADCzbJJFE=,tag:Dli0HLnkOCIqAxSZn7e24g==,type:str] + - ENC[AES256_GCM,data:na0jD4iBZUQd8Q==,iv:IC4Sy5PlRUqsDBGgaNox7erHTYqgrBQ2Ip//v3ATew4=,tag:TP1KVreB21LFDbXFCKvaOQ==,type:str] + - ENC[AES256_GCM,data:vuD3yNXPc8c=,iv:HsrYWiGRP9vCMvCpcSSB4lBUjCGas3KGZgP3OmJr5K8=,tag:zqmXVQkcPzf4c/vKSICvsA==,type:str] + - ENC[AES256_GCM,data:6SJm0VhMNEskhcQ=,iv:i6w+Q9OVrzQtedJRN5nvi4KKESWr6tIwEzcEGjsTkFc=,tag:+8Y7xPufpl2dCakcUlrDvQ==,type:str] + - ENC[AES256_GCM,data:JNBqpJpmxwceuT5H,iv:K9dBHQnfk45w1MslLt06DefSkXtJFdYLEcbxni3iOPo=,tag:lwANUzI4vB0mczw7Yy2fxA==,type:str] + - ENC[AES256_GCM,data:Vc94CL9nhJzS9fjr,iv:vPtZiewXZOymTeKWvAVhh+NlJTQ56tOc/1vOqVvVb0s=,tag:EnN1ErkFS+yLykCY2opCUw==,type:str] + - ENC[AES256_GCM,data:sQ8hYUreIP0p1Q==,iv:hehQD2Yt1ZuZ+T2fWd3tJJdrbJEdMOz13Ct75jXU4Hk=,tag:UNAqIvhdfLk24mi3pT0GXw==,type:str] + - ENC[AES256_GCM,data:nmm1ZonIE+IR+vJ3+o/6ZJ8=,iv:hAX7hMoOmWyFc/3mn5HtACkHrLEfVcescLnLUqcl3HA=,tag:UYZk5sTNlOD2sXeav74tgg==,type:str] + - ENC[AES256_GCM,data:Lz7aRiMGZeMF01/D1g==,iv:TjbDVluSHKl+R/62AYlNZ4TcMAPEffU/NzMTL4XuE4k=,tag:KuV6i+BPnw1rHNx7SWCVPg==,type:str] + - ENC[AES256_GCM,data:hDESJJBLXN8mZvafr10LI6o=,iv:+nwISmoM3/i/lKMdM2TdkaSa0UyijavZEasuzrLx9PU=,tag:FE54a7S6DUTSxjXy6cI2UA==,type:str] + - ENC[AES256_GCM,data:ie5TCQip/iPNSx5U9w==,iv:XMZxtJW/owpordEzVDbTElJBD+DWWM9FLYDRRH1ZMIo=,tag:EsERcPN4ToTo1l1JV7aKEA==,type:str] + - ENC[AES256_GCM,data:Ww3yxXbVVwlqrdM=,iv:PSlkFxZeMnrjKgUukBbpej8TbpOj12vODKxBc+Ol8GE=,tag:NaJKs8cQme7mj5KhOoet6Q==,type:str] + - ENC[AES256_GCM,data:VmkiadnukWBVAJ1sOw==,iv:CCT6dPkIK3xDAhJsG7Tc9mvD1fkHsQwvPFM7/O3dHZ4=,tag:hakwwgrjWHSeRrZZrYf/MQ==,type:str] + - ENC[AES256_GCM,data:x2safKtCLipdc//0,iv:ufArnPfu/mW9MEeSaLd+HZt0vDNIGH9Fa1GgHxLT0k4=,tag:WaDz+pCjQIsPypegHsMWqQ==,type:str] + - ENC[AES256_GCM,data:aeUMqKV/18hzi8yZ,iv:MNTIa6heTYkbi7hi/H3wxuWn3Ga47Kyp9iJdC9liEYo=,tag:RsvkAKquhAbntLbNxf6JTg==,type:str] + - ENC[AES256_GCM,data:DsoXLzx6NXxMU9+wQQupJOg=,iv:gscLdr9u2WqzsJsgSprezkNYPDLZSUOs12Lt5rAqriA=,tag:aQeC9hKyR7Zlv/V2W17Lzg==,type:str] + - ENC[AES256_GCM,data:MFfkAwqUaIh6KlTdsNkt+tM=,iv:h2x0xY0R0XD4WVOMPeK6JqCpF3nh4aOijtsesSxfYM8=,tag:MZrxG6WHpWeuLWTsdZuM+w==,type:str] + - ENC[AES256_GCM,data:/VNVp3enTZde,iv:DVkdS/KbN0biwRBidjZXOhrJAC6YvfsdiEUa2fp4HZY=,tag:lvbQkVZSqLZOkf52u2k4WA==,type:str] + - ENC[AES256_GCM,data:4Lc3F3W1Ob4YVsJC,iv:VLgTlBbfzWukUJpAdRcLpYHZlTiQn0Fz45zvwd9EPw8=,tag:kZRWqvO+jgNE1RUhNcNKyQ==,type:str] + - ENC[AES256_GCM,data:KLMrsAnPXbNBWrErOE/0S646Zw==,iv:9hOu70J7wACya2HjMPYDQbR2g7CG60nrCaGB57KtLGo=,tag:VVgR92DZ4iFWULsmd+cDTw==,type:str] + - ENC[AES256_GCM,data:pS5i6gVAS7BAy7EVEg==,iv:gNG0zYlhVoc/Uq5OoCvmZS7XephrvHkaZXS6NPnzJe0=,tag:Q92UhaCh2Ym5Ext37hZELA==,type:str] + - ENC[AES256_GCM,data:NbFpOY8G6B5aaA==,iv:tszo0CMBHbYfvd4sqlvSr5pz1SVGOxg/UJWTpab/Tx8=,tag:gIbPqLeZqtMpLQKQMor/NA==,type:str] + - ENC[AES256_GCM,data:H9ohaJa8J1dg9g==,iv:P+9Aw6aOFEek8tLjS1uMBQHdQldRW5skGV+K3J5lwpQ=,tag:5CAZA3d5zSTvxqx4ofPxGg==,type:str] + - ENC[AES256_GCM,data:YjWiIBkNhX930w==,iv:GMKVpAtvluU+Rm6TkXBQ9VgdEB64ejryDmWvA0UJGKA=,tag:zMuA98Kewokx92GPDHxOXw==,type:str] + - ENC[AES256_GCM,data:KlwfuCtU95WjYCgzTzU2bw==,iv:AgEx/FzKIt0cFCJHwPhCjBkuBf3qJ8B0Auh7INhLrj8=,tag:LvdQ/cWVEDc7Rie7UwB4GQ==,type:str] + - ENC[AES256_GCM,data:LVOXM+bAdg==,iv:X9kgInsvmtLnfTY4sUgT42nXtV9SbKc70Ct8FMMoDrQ=,tag:j7N4AR/Od2L4zRKntBlydQ==,type:str] + - ENC[AES256_GCM,data:P4blKvn7ZXZoNerZcw==,iv:olf3ex7YfifKNT/B79xabQ3H9A87wZ5cmfnLQewK53I=,tag:FqlfckDdCovl5J2ev1oNSw==,type:str] + - ENC[AES256_GCM,data:M0aT+OhTWyDS+WRx/T63mw==,iv:o2HWx4+IoSaZsVi2OwSR2Xo1/jVUln0mDcWHezoFlMM=,tag:JUmHqmdA6VGviSwcSDUeIQ==,type:str] + - ENC[AES256_GCM,data:j2JaNlkEuNsoY40=,iv:o8fLvXl0MOxTVYW+jB+3hMCznEkztozUHimDIOGS6Gk=,tag:BM/Litg0V8DQZEMZ6paL9g==,type:str] + - ENC[AES256_GCM,data:l1fTfkDMm9URQw==,iv:bBNqpT7Ek6+7/qEkR+dfyjq1GRrBndqhSRSXadlMjm0=,tag:kMe0HJ/KvOEe84VgeB0WaA==,type:str] + - ENC[AES256_GCM,data:Ox0yZpJ3pd0=,iv:1K9LzsMHFWMIq8yZ5CHKPRfACfaR7OcOnXKIN2nBUBA=,tag:3zdTLSe+q9ii65lKd3eY0w==,type:str] + - ENC[AES256_GCM,data:ANyYkgGrUck=,iv:F7OW1bO3pu1ONbJgJx26dmK7mHBKLZfAlfVm3iu+uFk=,tag:OXUYdne//3zq4w+Z54q39Q==,type:str] + - ENC[AES256_GCM,data:cQOF07tftb99,iv:GSFHINDDM/Pma5EF62ZN1SHMBEAq1weHyylYLftIw7Y=,tag:W+lGSfKspLWdEpkOOioUVg==,type:str] + - ENC[AES256_GCM,data:PqIJN1PfdrPpsv8=,iv:OF2qg0p8PAmitW7ZL97IKTyfIn/eeqDZ77o4QmUvMyI=,tag:xz2t0yoWcnF5jTn/vQCnHA==,type:str] + - ENC[AES256_GCM,data:ja9iOftyJp/QzQ4=,iv:l15bZWAJhd2wlTqh7+CabP4VF6S1loow9+7WrRDCQd0=,tag:8JkYSJeug3CaRaMyPaEi6A==,type:str] + - ENC[AES256_GCM,data:8PcRY0Mq720=,iv:LPirwM1OqEFvKusLbDZcQ3L783VJ95LGGtX4hoZ7b8g=,tag:07N/v49z9YxcrkJCDxDlNQ==,type:str] + - ENC[AES256_GCM,data:p3G15gX/CcF3SPM=,iv:YvJOpsRIAFiUbIDWu1Xpc9sUi3DDkLLi/T3dhpDIzcs=,tag:nVI1T2QMWxUMHTo+D9MweA==,type:str] + - ENC[AES256_GCM,data:FtGmbxNTej8diAMaTMMHdfg=,iv:Zhy6qIcwBWOSkFxO8lK2ojXdEIQ42ko82uZP0RvjBdo=,tag:fS4qtY4DZXLGbhbnWceP1w==,type:str] + - ENC[AES256_GCM,data:ZKEzjaY9HVRl,iv:jfoDxJXNRB/cuKQP1Zc1+w6YA1+iWB3eai7rkF6mHMM=,tag:nY7Uf4vKHTmjahFhEA7oUg==,type:str] + - ENC[AES256_GCM,data:d1sl58aPRxsBpuZx9w==,iv:grQDMr850I1RnPp3YBnOlr9fdOK7reWWvtwFY+QkdXY=,tag:OFQ30rnk9AcEIGfLa5veGg==,type:str] + - ENC[AES256_GCM,data:JgduQelMFXY=,iv:r3142YWZpMFd8vL0ZO0q/XCHD8k8YVs8GWT9UPqayq8=,tag:QcFXZR6UiB3+AHbos8b0oQ==,type:str] + - ENC[AES256_GCM,data:tfQ3ZoR6y2umTA==,iv:GJDTCRIp/VM30r29m881UQ6aBj0ENZx1vekU1+99hMc=,tag:qhADJyuN4/15ONnsSDDdjg==,type:str] + - ENC[AES256_GCM,data:/tW6OFSOBmHs,iv:9cUNnrg/2kwmjW7hiwPUL4a8ldj2wzocD8YSB2En6wc=,tag:8y1zN6LaicU46OE2NtAOjA==,type:str] + - ENC[AES256_GCM,data:YZ4OY7AptoCDXcOoLQ==,iv:EgDmV0HN+Gy/Rjqv37+xb7OCnzdbI6ZiBZHCTYUkH7o=,tag:o7Kw1gGLdTGHCQWYpffFMw==,type:str] + - ENC[AES256_GCM,data:ohDtm6NOuPcexb7x,iv:LtW3Pbfmq5J0wa7EU5R0Rb71w9M2vH1g8Pm8c0ghJ58=,tag:H2FbcDO71hOCk71wmBalMQ==,type:str] + - ENC[AES256_GCM,data:zkjTTTiNb7L6k4g=,iv:KlU1iLTspE72Xca70VV9E73DvRENgQl3FHqRFJyd4Rw=,tag:1b6bAuWl5Oo+zZ/wkXc30A==,type:str] + - ENC[AES256_GCM,data:urW65mWEcTNAcSQHmLh0MZVX,iv:eZSn2WgV7vIdS3RokgWmWrRGz9fRX8aUES3rr/FOvpc=,tag:abdtc1VyBiMbRrHTueflCg==,type:str] + - ENC[AES256_GCM,data:kEclKIyoeLmA/b3k,iv:cPBK23mZbJOTQPw27HOZvm8xJr8smSbcgBeVGZhYYHw=,tag:4JnLFYmJtaDR3Sy1aCaiyw==,type:str] + - ENC[AES256_GCM,data:Of8vYCtjt6qbPfVWEA==,iv:RQmGsMg6NclZTeVFXWHCHKq1KNaneN8kIv86S9aBeTk=,tag:o5VYgcc+Pl8AqJscqLHUrw==,type:str] + - ENC[AES256_GCM,data:vV+BLACYsvxmQ3On27BMZA==,iv:pVW33jsBdKDBSlRr+l5i7Ib7ZgbewxtiWfqoj5xeg2w=,tag:d4gKf5Uhbw94t+3fXEYLZg==,type:str] + - ENC[AES256_GCM,data:e3OnXAD5bRXjAK/+TA==,iv:FiLoLQ88cgRbPi40D5IVAVVQyZJi1e+hJks7TR7J7as=,tag:ezeNpqtExa32wWEmo8DuYg==,type:str] + - ENC[AES256_GCM,data:73gp2T8g7OxwVA==,iv:9zktpbTFFZdq4ipvNuafRhVal8r8eEghI6Vaaa9BT6M=,tag:Nr02ktmQHH0bdgK6n9akmQ==,type:str] + - ENC[AES256_GCM,data:zPZbxVCUMSpi,iv:FrlgU5OwhalAaNSZ7AJXvGVqSUfgLmeulEcmBBTr9sA=,tag:3qaqlWSP2MypEDIVxbfi5Q==,type:str] + - ENC[AES256_GCM,data:PVI+nh3PElog74/0eUmPbA==,iv:wCo8guYX0ozyt7TkNztoAvcObOtupMo02p13xw1/Gc0=,tag:HaHRiODRj1bitKUAYlbQFA==,type:str] + - ENC[AES256_GCM,data:ep4Uq8VKwRGNog0xsw==,iv:jk3mBhp1Y9IU/Ixy4856Tl6aXcpvypU6idXtiwH+7vM=,tag:VOyDzone8OjzzOMWBBtGxA==,type:str] + - ENC[AES256_GCM,data:FN31kVje4T3vnB9BoQ==,iv:SlnUa1f6KVM62ATr2KXLtHOug8pLqdp9v9DPR7GOA3w=,tag:nbXH4mqLtFH5mDUtBC7gIA==,type:str] + - ENC[AES256_GCM,data:WiFfkiTvGIq66m0=,iv:pKBwMsNZdtSkLpWaRv//RrlsOUvHICy8h0zbyVfy+xI=,tag:6s8+PJu9JJPud2eebPr1qA==,type:str] + - ENC[AES256_GCM,data:+0bZz8yDx+E/,iv:V3lW+7fx45eNBy9hKFsLPSGcBg4kubl+YxkCwFvh39I=,tag:ZaQOaVVu9UBrljY/ZyUv8g==,type:str] + - ENC[AES256_GCM,data:W6xR/bm5KtM=,iv:lr/K9Eg4183cU1zGt60V1urfLesrWjamnyWiYdcT2cc=,tag:/7pcVn1AVVo61SwqD/UDDg==,type:str] + - ENC[AES256_GCM,data:d2OJ1RD7BwAanf4B1zzRNsQ=,iv:AieYBajRrH0pusw3T3SRI5Dl+W7xrWc7z2hfl4jC51c=,tag:SOkMfPHB5CJbEoS6vFl6yA==,type:str] + - ENC[AES256_GCM,data:N0aWbk7WaUml/zGB,iv:ELE0WzMXxQM0aM2fRGM01vyaWOX+OWO1+cVy7t0UNmY=,tag:c3uGD448zHMU4lGP6Z0tFw==,type:str] + - ENC[AES256_GCM,data:XxXZNdquhug3T4h9,iv:alqnq0FLVpEUt5ob4ifbLBWStfUFSR9OAPV5pEBbuDw=,tag:IEoogUoZP2a3U/jevVTPRw==,type:str] + - ENC[AES256_GCM,data:mlr7GXpEoNr1/eyiGXTyBdYk,iv:oxYQr/aH3ck6/aeWU6/re1X3tlRl2GOQip3tXQbyiIE=,tag:V/nQib3cEgG22BKb1WraHA==,type:str] + - ENC[AES256_GCM,data:Jv0/0oN/IOmAadlArOcsrg==,iv:OIa/MRRWILRNQ4j6RxnCri2t2RBcnJ9SORN1MQ3a7As=,tag:BGN05WTZnfVG3MALWSAaFw==,type:str] + - ENC[AES256_GCM,data:NX8krbpFrwHB,iv:Uef3RzDQA1nxwVa+TW34jL9mFU0cioM+esfmguoA6bI=,tag:t6uEHrjVa7EEr3xeBKcouQ==,type:str] + - ENC[AES256_GCM,data:8R6xRJHoWIyx,iv:3GAp1qB0wvCmmYjafdL+zDLbtUXkiST0A9fWJKIJHvg=,tag:/AoZTtVKXr8G3yhbqLYA7g==,type:str] + - ENC[AES256_GCM,data:7F5bY9cIOCFx/g==,iv:Nd9P0/kalsEFzStYIlTZhcpnx179rqZYMysEtx3YJwk=,tag:QPkwKKgpD4vbGmVWH34cnA==,type:str] + - ENC[AES256_GCM,data:eooMF1ftfd+jWPI9cg==,iv:My1TNjNpBFk3a5Q0Uuh5YUjVWgndE21Czgul2OuTrIk=,tag:ZYqZtQdwdwjaCAk7gxFGig==,type:str] + - ENC[AES256_GCM,data:olXj6rr7SmMsLZfKq3vvMFCRHg==,iv:EcUJ+t2nu8RL6JD0PoflS0g+suaqdKmWDzUPQYFQAUc=,tag:ARkkmCA6JRvKJB/y5wJS6Q==,type:str] + - ENC[AES256_GCM,data:DZL6sS8UHbHjbvMYgkrpqOE=,iv:vdtJEX5gigB2nA3/XLmS9xLSd6BSTS58o39DULBaw+E=,tag:D2tUBnGRh6jpINWdKlg0yg==,type:str] + - ENC[AES256_GCM,data:s8wdrMCPJbv0WA==,iv:SN4bYX1O05j2hxSuM/9yi0beSOq4BpWmzzYqRT19n5A=,tag:oievcGRPeeMGkp6AMC9CJQ==,type:str] + - ENC[AES256_GCM,data:Uv6LetaLlYeuow==,iv:zVoJY+5j899g8kMG11VvPFofRorwGVNEtN60RlHm/mk=,tag:POKwRGkl98K1PXzz5Fxfsg==,type:str] + - ENC[AES256_GCM,data:mD6yAscnsHB7UyMn23o=,iv:+oD9flKjsn+m667FA42tNyJK+58OZvoOEuUjfgyo1qw=,tag:iXyEMhjHUSzXxZswc5D7Dw==,type:str] + - ENC[AES256_GCM,data:pic65YMaY63O,iv:+oSTVHapk1S0xPmtD0bkJp9dNLpZumxnUXAYnXn+EHw=,tag:LpFRWfDIIhcDGU5U1qO3PA==,type:str] + - ENC[AES256_GCM,data:e2Qwe2xtPRtPkA==,iv:cTlYdwWU9eZ9ngTl7r3k4XAElOaT4KeAyBRipEKGG8k=,tag:gNHDz8wA3lqlmGghCGXULg==,type:str] + - ENC[AES256_GCM,data:+GJF7FkyBGVthUNYnS6vAj4nUA==,iv:WOFrtFMLX6rtt7UQZjeXpx1kNV03yzPlsxwFiESKWlU=,tag:wpxlfCAJTatdMlW6q+Fiyw==,type:str] + - ENC[AES256_GCM,data:iMWxsNkB1f3L1/aK,iv:fCxY0bs8QiANutnqoSdl2dZ6u14rxMZVbSVoY82ls94=,tag:bugd3tORUmoZfUP3doRhbA==,type:str] + - ENC[AES256_GCM,data:V7jW8dQ0NYwYBuZH9haO5w==,iv:gj730c1cBtkM2emnbm8QuTjDU6MdI8t/gayFnFH9mAg=,tag:aR6B66HtyvLXLbHB4f8yCA==,type:str] + - ENC[AES256_GCM,data:eYzy31L0ByVamKs=,iv:myscNYxBHGQlMYwlJGR63fjnPfAhmacs1cIbP4agSIk=,tag:Md3/2o6c/JdjzTmlZ+G01w==,type:str] + - ENC[AES256_GCM,data:oAvn5Y0+3BLG,iv:O5OK5PchNqouC2S361N/Y7CC41zA8ucPxtKpD7oWBOA=,tag:Lfr0Lm7WSjhInG7yNv7YFw==,type:str] + - ENC[AES256_GCM,data:zO18Xce1xgRTkbBg,iv:HVEa4hufnA5AUkLuz8boV3+jTlTOFwvzeFzPoeCeyYk=,tag:TuLSFhsNAiXpxf0lnA2gxg==,type:str] + - ENC[AES256_GCM,data:uynJGlfn7ODwUq4=,iv:tK1uW9z+Tq7RTWrPy89GR03k0KXVW4Z5F9arnyHy7Ww=,tag:XVBZMKXR5govxrGOLQ6PaA==,type:str] + - ENC[AES256_GCM,data:3bto3ArJLCgV,iv:+UEEKFnrT3vbzc8KT8lncuRIp8A5obHjUjEMJ9QmcGo=,tag:LUYVoWPh0BUMlUFCRIdTtg==,type:str] + - ENC[AES256_GCM,data:PEts2iO/7A+wO3yi,iv:zB8iTRtfIPZ+ARZzpk+0/iTPQzq6eQrhipT1ijBT+xY=,tag:ICKiJpXqXQae/XpgkJo6ig==,type:str] + - ENC[AES256_GCM,data:kY3JpYrvVZIyHJCIVt+9tRAVcQ==,iv:4/OepIOYU4m3odIcUtj7TUFTEfAyiVpaAKTqmb/tl30=,tag:GOIJ2upzX8up61glw6oawg==,type:str] + - ENC[AES256_GCM,data:FwfHmK2Xl5T9ymbU,iv:hzJ1Qi9rchQr3dMei83t0t+ZjGqU5qC7HX7fCcIhkpY=,tag:2h9/MzqtK7KoQBftw6txlg==,type:str] + - ENC[AES256_GCM,data:O1k1ANP9OQ==,iv:FjuH6x6zeClwJGJon8nfEWI3HBIhdZ6XkoBdWZVBXW4=,tag:7d3/yjH25+z0TovJHMxsNQ==,type:str] + - ENC[AES256_GCM,data:Cs4G0BilfQ==,iv:PIYcldxmghC8WICDmyzBPaAbxo+SbpqlzUbzHRkKac0=,tag:oDxJp9L2HmPJvKG6pDBR3g==,type:str] + - ENC[AES256_GCM,data:+2oeTQ9nF/+tOo0K,iv:Vr+swJu/t0neZMJvSBcQ8M4ls/pcFpO9bpgms3cTrcE=,tag:ERz1LFfYg24VcysH4gxAWw==,type:str] + - ENC[AES256_GCM,data:tv+gExhP,iv:vcDKnhYLc6TiGWVXfcXIGR43RVboVmOktt1ceWI0Wkw=,tag:EZdKW4kYeis4k3Iui0QcvA==,type:str] + - ENC[AES256_GCM,data:8j+WptBHFW6joA==,iv:U4QCQrKh0sNo7+QDnJ6QdVq7e+5v2J90FpjnZ6hqKUo=,tag:BhU6jFziaJxGFxYQut4ASw==,type:str] + - ENC[AES256_GCM,data:apnQDjuoQTkI/CJB7lWW,iv:u0d+fKELT3beUPMkMR4nID9w6K1xKpF2h+PN9c7aB+w=,tag:KWvS4G8sIeRNoxhpX2qHWg==,type:str] + - ENC[AES256_GCM,data:OZ6XSGZ6BW9r,iv:wmrseWdjBFsTClZUvXvN8vfNEJLTkLNPnyjjDGjz1/A=,tag:5Ot7fFkgkHbD0/kNlQIoZg==,type:str] + - ENC[AES256_GCM,data:Ay9TCnM9XiPQoasthN4=,iv:z9HU0PHvG+HR/hN4g9C2/UHcWuXU/iSlrOaba/F370g=,tag:8ILkmeL4sK0wEzL/JU5f4w==,type:str] + - ENC[AES256_GCM,data:0dfcyWm3+xEmbuPYd4kxu958,iv:Aw4aZhCy2N0pjLkw0ReXqBowGFBcAWxA2xtPCA5KgP8=,tag:ccCeC2a7sGeqFNgIJDv2QA==,type:str] + - ENC[AES256_GCM,data:k1AaHgg6VkQ3IZ1s,iv:VkwZMcL3ZSpN9U4jJA/EOw9JQRfVO0lcp77j3b3TRlY=,tag:QcDqR/jsANc1UBUkMXQPqA==,type:str] + - ENC[AES256_GCM,data:08/BaDNxuO6ABaZmCQ==,iv:PNOKBv3XlXYfy7k2P8pFopJx8eVVZ681iIIqCI6+GJg=,tag:4kmk/6QC1LOqJTNPOzt/Fw==,type:str] + - ENC[AES256_GCM,data:bBEczmrqNmejjxyx6g==,iv:Z3AkjFUxAi2NUI9hclKHUiFretyQkUthrvnpmYHXU0s=,tag:9e6xEAI+X3WpHPgdR3y1Jw==,type:str] + - ENC[AES256_GCM,data:4pSnIyN7a9v1OIy64QDBvg==,iv:XwV4tRDnXfGMIN5LtRUyaWLRM8HlfCaNFUqeMAqqNsk=,tag:8XTMXVsEnHU1MRNzhZHSeg==,type:str] + - ENC[AES256_GCM,data:YOwpsXkPPL2wdE4j6yjkqQ==,iv:jRvl8DXKhMzTHY05AqtaFMFnh6r06N3eeKnTnulEm7Y=,tag:PLPpDXmC9c+59WNeMLoBjw==,type:str] + - ENC[AES256_GCM,data:5urBBoE2+djTDgbj9gvy,iv:F4aqaR16x/40l9WpEe5VWk2BvJo6TU47aounpuH58PY=,tag:JC8wlCn50B+SddysbfB+lw==,type:str] + - ENC[AES256_GCM,data:YtxwH1ZqRItJ0A==,iv:F2Q+4XY1c0/1WFEJEZv+kC1A0TUzYB5c1k3JsFY3epk=,tag:abSqxpYGutK2IKx7WB2MpA==,type:str] + - ENC[AES256_GCM,data:MVpq6d60fbzCOw==,iv:xSKbMKq3PKX9y+BmEb1nFYBSpnK94MKJnnhERLxKQ6w=,tag:Yyda7od3vFt1pg0XZ0zEUA==,type:str] + - ENC[AES256_GCM,data:1x9CWrDFiPNXxZ5KjuKFcBU6LNohG5w=,iv:gJt9AF447TycttgwiTowdqOQrBeebRCWbiEjnjT7WsM=,tag:bkvajKpyJyG2Y3uPb0cpCg==,type:str] + - ENC[AES256_GCM,data:KPYeeavT8dHd,iv:fx9Vx92AiXbKjniQspQVS22epZysuDninxKlBqMUv2M=,tag:iKlbSybSLeEsMGjs56jxiQ==,type:str] + - ENC[AES256_GCM,data:WlQApErNnYbxSg==,iv:yIggp0kevEcu5/AemAtHGLWu3oDkb+FkCar0EimY778=,tag:fZb4bM9pri5GzEDFzhCGLw==,type:str] + - ENC[AES256_GCM,data:ZabVkBakBvZzrw==,iv:MQtQzxmeXJfnyKd5tNwu/1xaU6Qcir5Pjz4HdKVH8jE=,tag:ZjZzeUPcL421BLvJ8pC2mw==,type:str] + - ENC[AES256_GCM,data:jgJmaKGyXEKvTKo=,iv:y5fCWz8YKR4DfN90UJOSnX+RBISBZ13Z6RWszkGH5oU=,tag:hqCI8ICsl1HvER9TNs3MCw==,type:str] + - ENC[AES256_GCM,data:sJ+U4ryXb82cdGzXcg7e,iv:XBBEA284uaZY5Ekux7JjpfC7RQKWQKSJiCaAOTf7T2o=,tag:rY/SxdDQIviatvQ+XvMmsQ==,type:str] + - ENC[AES256_GCM,data:eV3KkoEKLlKAjsYjOPU=,iv:ORAJuY9vpJ2GBhSGQxkQbttblk6CtaK+2V2mzaszJ3U=,tag:qENDPtjiynTPVfYhIoM1Cw==,type:str] + - ENC[AES256_GCM,data:ALornFnTL1WWoQjM,iv:0bt106tgxNUepVrpCRq6E9T4sUecooXt6x/Tjlqwrdk=,tag:vXXlCNb1D3cez/PZgnYfKQ==,type:str] + - ENC[AES256_GCM,data:ek3kxRR/QPQ9lm21czTdDQ==,iv:qxG2O4X060D3qDAeWVGMn7uFLwfqR3SUxWilLoifwtI=,tag:T+pyKUnLiUfzRzJAVHpr4Q==,type:str] + - ENC[AES256_GCM,data:HALkUqOxmSzrQ3KW,iv:n5heDaIxLJ/3QJW3EJhmpz0k2TxD+xGbQonP5bAEHSo=,tag:dAmG4nBOYvKBMPT7nYXU3Q==,type:str] + - ENC[AES256_GCM,data:2ku8s3+cUXdA/bM5nQ==,iv:M9K2ivWNsM3EzWrK3gx5uwDMc+E/ibwk7Ou0mhVeP38=,tag:FMFGrC7dUC2pjeyAn9yb+Q==,type:str] + - ENC[AES256_GCM,data:NWbZ++WYBxzlag==,iv:Z+bN2uv/doY+NWpmvNbsomaymATmAFSIUH4kNDx7Eqk=,tag:5ND+s7g4pdiQGKn0iqA3fg==,type:str] + - ENC[AES256_GCM,data:UmFovIByl5HlLA==,iv:88UWIgmqV4naIm+r1H4P/syPmh/c6Aj8r5fdJvcb04Q=,tag:iIoCa/QlfxEdhKYurAf/5g==,type:str] + - ENC[AES256_GCM,data:vVwsTGZx94BtBGTLqUj9xw==,iv:rB92cqHS1s/FW/eeoSz0ZxaqcewbAba21rmgjrc7Fp4=,tag:CNQcIqQ6elMnK9XyjmNcsQ==,type:str] + - ENC[AES256_GCM,data:jnsWIvoZmySFUrbzDZbt,iv:Vaq6yh04c2ofOZs3SQ3blpFu353X8jZeEmjMMIyrmbw=,tag:xKbmi+Idk3V4DEjc37s3yg==,type:str] + - ENC[AES256_GCM,data:b3gspRhXfUqUUfPIs5pk,iv:noN4p/U/r7lMY+OUs3D5er/yhdI2HVMxJXxyjR+iaos=,tag:Pc94fAwgiGtpiIvFH9vzvA==,type:str] + - ENC[AES256_GCM,data:AiWicCaLdOcqLLw=,iv:L4dqxeSMU+RlMN2iKYiF4pGEoErs6FH3q5wVCt3UUwU=,tag:zoEqeWuSxD3BZ6albBEJ4Q==,type:str] + - ENC[AES256_GCM,data:lIji46psL7OVlck=,iv:d7BiqmbSNVW2EFBBfBLteCs6HV7V++3NvlblCZJZaKg=,tag:6PYEhIOJkN1M2QrMVa5Qew==,type:str] + - ENC[AES256_GCM,data:3jgMt719dLE+ieP8,iv:6BDevEAPQXvxjVq16ufn4J6dZz3tL8u6nun3hcokX64=,tag:LV5GUXefjT/aD/RBepu66w==,type:str] + - ENC[AES256_GCM,data:bpiVQFKS2+iwVw==,iv:zN+LiUkGtcOiYAoHfPkMT2hPsUdWZeJUvZ68klUuSZ0=,tag:INTLnh7lYXD6aKu46hQ/5w==,type:str] + - ENC[AES256_GCM,data:H3gGusNiDYlb,iv:t/4QL7R5aWsWirqmsgIuZkt52+xtHE5OPSEzhtrnsng=,tag:dgETwkInn5L2eOCrH3vojg==,type:str] + - ENC[AES256_GCM,data:WcWymuVKDRITXO+j1w==,iv:YMPD9Fz/8763r9iDBsLL2XPzMK14tP8qpayETPPRFWs=,tag:jw5vBJTM8eWdk7wa1c8KXA==,type:str] + - ENC[AES256_GCM,data:7oCgi9JdD8BUz5CKHw==,iv:Y3YQhGHV53iJ8AsNykGam4Cnml/XO1yA+uLNXj8z+1I=,tag:WiH7qWADEZgVQ6imjSULVA==,type:str] + - ENC[AES256_GCM,data:aQa7WpaGB74SqZ8N/bR2pw==,iv:QHZQgq1tYjCRHwSkXMoMR49YX9Uxw24SOGr/2sQrJF0=,tag:0nqDnHOlkv2Od/6WQ7kkgg==,type:str] + - ENC[AES256_GCM,data:C+cPhkydSo7MnOtupeMI,iv:E8uUUHO9OAmeDVK/aXVp8mCFaiQe2Nd+YYZQ+bddRzI=,tag:NVjcriaK+xSvr7Y960jplg==,type:str] + - ENC[AES256_GCM,data:AIENuKKyEAL+n2i5,iv:3RWvv1A3VXoA1RwdZhd+6/j3h9LfMVJs0dKYaYPG1Io=,tag:mXJyvfux2KpmGOOPNUClVg==,type:str] + - ENC[AES256_GCM,data:EXzyRCo7no5TiI0=,iv:/u1H/NS5YQvmjke37+XpyOpN5xZnFZIL0ih0+UMVi9E=,tag:Mg7DCe/X6OzB6N8zfBfs4w==,type:str] + - ENC[AES256_GCM,data:4xquBLTSHCpoBqx5S1U=,iv:V2HcHf1BJcpxblH/SASgK7Ue7NG8qn+czQ89hxqQtqA=,tag:zzMvCaXR6qd1hMMkVgA82g==,type:str] + - ENC[AES256_GCM,data:BCojQinaKs+ibLk=,iv:LhqCFLoCMYjKbP7EaBRBtn8F+mnvBx0Kj/7ZHyvBAfo=,tag:UlBXmi2EimWPgvs5LuZ1yw==,type:str] + - ENC[AES256_GCM,data:WHa89dLVsBpRrQr1qn8=,iv:D1yXLBvpEGDk29sMwJT1aO8f5ozxhUgTxjTa0MJ3Paw=,tag:79jhUslk1bGNqOgXs/448g==,type:str] + - ENC[AES256_GCM,data:I5NZTm93jbTI5mwGCJhP,iv:Fn/4nqjL2Srjw4GKgrsFbXh90EWSiBKVwx6J9nnT5YY=,tag:kz/YZYaGdXrtFtyZtfTaoA==,type:str] + - ENC[AES256_GCM,data:0pm/rodTle70+6fP,iv:96r17NV7vUF759wWiccC75cxz+Ct8Ea+BbNx+tIKICw=,tag:KiInXmfCyRR+4Z9jHw8Z7w==,type:str] + - ENC[AES256_GCM,data:xo772ag9pUbpr1br1Ujg,iv:Gnl/bJdm8AW7vVI1RHBwyKEK+78KVtHP9gxM24UNusc=,tag:/YXJIAk9mIY/flaCUjY9sw==,type:str] + - ENC[AES256_GCM,data:Ggx30XBRgxV4ag==,iv:1gW0ixP/TQpASq51kshTAqV9ZhnwSPNi+gAVZvpM0OY=,tag:HTiiGh6N6TJytTb8/OBi0Q==,type:str] + - ENC[AES256_GCM,data:/nd6L02co7hPRXLPyQ==,iv:m+NMiHuxV9IHIY+gbWWcW8Y5NhHc7Jtq4zmlppT61Bg=,tag:dEXs+dCZfYO7hM2/K7j7SQ==,type:str] + - ENC[AES256_GCM,data:PhUoSXJdKaLC7bjR,iv:4DXaqtIqWfGm2F0SxU6zxTaZfBipM748iMqXCmffXAk=,tag:kfBMO6qFFxk9+RiJeuxktg==,type:str] + - ENC[AES256_GCM,data:Wq9vEXGC+4sJacSr0g==,iv:jkFtG3D+7ielNoJemRlAEpNCZJYKo8vcb95kD70361A=,tag:+TYLzgO4iOIQ1FHWZwE27w==,type:str] + - ENC[AES256_GCM,data:St/RlPbpBJQKitCiV1E=,iv:dI06dQNX6lh71RVjkipQjxRWAClBgMJW192gFy7cXVc=,tag:r43z+Zc0NEYDdCEqHR+qJg==,type:str] + - ENC[AES256_GCM,data:ZrgXmkvxvHG5,iv:RMUALVtkgVHNPieyTeK0tuvyKlFpY0WtoywTyFZ3Wxg=,tag:o40pNyRn1/BepqItXagLig==,type:str] + - ENC[AES256_GCM,data:pC9TmyyAGS0cPQt3ipM=,iv:eCLmjXmhA4gKhoxve1y1DH688hebDGKHKtQBAUn0vtg=,tag:mAGQ27dHvmzZ6JtbBU0HlA==,type:str] + - ENC[AES256_GCM,data:kaLtbocAPQG94zmeBjD3Ag==,iv:qFU54yGdWGd5w3sJhYVJPduA+e1ww0FrqwG50T2w7gU=,tag:vAcq5JQY04Ey3xYYWahbZQ==,type:str] + - ENC[AES256_GCM,data:SlQQoizw7rKs/djE8pI=,iv:v18tAJed9lbJIS+GnRcOLlY2bJbr2/0dALAPIFApRp4=,tag:ao5wo1wxmE1J7m4fWbTMCQ==,type:str] + - ENC[AES256_GCM,data:Gx9Nr8hfIiJ2NmWv,iv:KrEISy8kEHAaeTA1mgecV3B/pIdAITYTG0H2joBcOdk=,tag:3QrWUxc7/yK2b9fB/MW0cg==,type:str] + - ENC[AES256_GCM,data:bPnfqaC6asnkRFio1Q==,iv:AEs76jwFjb8HtgToIQQIRJmoBg+/25Xj6mygFY3jjuE=,tag:wu1oqkHdjYg+bw55l1TKJw==,type:str] + - ENC[AES256_GCM,data:14y+g0NPvgUvSBmGzg==,iv:/4QQfLL2Z9B6KFYTbGGCNlifoxC80rEvmTU9P7kQ73w=,tag:4DqG7Xi8L2leNk0JiZeB+Q==,type:str] + - ENC[AES256_GCM,data:1HZ7esrO+w==,iv:ORGjnzOa8X3RJ6qKasdxG+pr3tVy/Y8tAkGHn1ohblQ=,tag:hYo9JYExtJSeKRDEiptIvw==,type:str] + - ENC[AES256_GCM,data:RULXEnh7fQzadoCKIQ==,iv:hip6kTBVmdXAJS6I78KrAyNmffZ2Q6V0hPCmt9F8YAo=,tag:w6fi8K2okdR7WlFw7pLxfw==,type:str] + - ENC[AES256_GCM,data:U4yCBZsC/jXieM+UiQ==,iv:UKMlD7UUPzX+S3ghlth95d6aViMCvsBJr9sr/bM+UPY=,tag:DAPSmeaI2C3oRjB2XK2wSA==,type:str] + - ENC[AES256_GCM,data:QEE/IXZQE7FdkJqPCQLB,iv:4CUNY6f0xuLvQniPWZroUe8Y0RomMrBahj9EPWDZ71M=,tag:B0tw+d/lbb+/EmSDwMKyCw==,type:str] + - ENC[AES256_GCM,data:GQhTmQ0m9CUDV3iJCQ==,iv:l76d1YbRk3AXUf7b5E2JQPvXT0ywwrfc8lsDGcEJs0g=,tag:a4hiKZGrcex64RIjtNt8Jg==,type:str] + - ENC[AES256_GCM,data:u4W3dgqrj3j1A8sJaWGv+CLA958aDJ4=,iv:S7UNLNM5m9GfZp3U3h4TMfoedylfQxQJ84qMxMjW9qQ=,tag:70vFU4XLDe8zpSnAP15bug==,type:str] + - ENC[AES256_GCM,data:kXZkdpvqoaPVOGTbzbAmJ3k=,iv:d2svRs0vxYNZkYP2a4WIoENVY71SkQZEhq9s6w+W7Rk=,tag:zxH2ybwUO8QxSNxZupf9lA==,type:str] + - ENC[AES256_GCM,data:hAUCjwfgdRr7PHI=,iv:0aKzolGe69hR8g3uE7VGUzM2jWIhgql6LcgYLnWiubE=,tag:Twy5nhXHsRiwHdXNMlJTCw==,type:str] + - ENC[AES256_GCM,data:0NO7nwXiLUubYxc=,iv:TsOyFe0TJSm2h/KiyLFWSvubGDILdfktGFbTFd7w0T4=,tag:OaRsOok8QFUrF9yUmipfbA==,type:str] + - ENC[AES256_GCM,data:1sSomtVwdoCxujIGWyM=,iv:jxBSab8ftbX6ooPWin4mJ/OwxnCoz6SAn+hau1FhY8E=,tag:9tpBxrhsa2vSdnaThQaoIw==,type:str] + - ENC[AES256_GCM,data:qHda3TnTmuENZQHPNb2I7g==,iv:EYrmYkoO8FZL3mOv8giM1sIytHUf5IvFWnUsIAEGNVc=,tag:5In9z1IhaV/I70zW2FxFOA==,type:str] + - ENC[AES256_GCM,data:Cl4KlHB+Qg==,iv:Uvzi1PqUqkIK7A63lRUH2/0grJqlXVz5QfoaKImzlpU=,tag:nB7XqDeU5ma5W41TZ2N6xA==,type:str] + - ENC[AES256_GCM,data:MN1lws5mHoKBlA==,iv:uxVODVN21ZOvwqk7JzuJFyyBP+6v04UB48AbicNLTC8=,tag:lIGateMMydKbfsUVWPbvNg==,type:str] + - ENC[AES256_GCM,data:++011wFmozsoNL8=,iv:pKNC1U0UoAv4MHh8ag5r7mhIRFCXJfbbpaJ0lfwNsYY=,tag:FoqinD8nrigN38qujsvzbQ==,type:str] + - ENC[AES256_GCM,data:INW6s1igPurTRSkNz6oY5g==,iv:Qn4T7vFIamTBxDSWUY7T16PCgJZcGl3dGuJpGba8/EA=,tag:nHOYgoSaRpIC0CgVt1cu0A==,type:str] + - ENC[AES256_GCM,data:aECpheUO7GW6DOIjhg==,iv:4NeoN5i3TnEiz4/GqXkrs8QH2cTfjQNT/91A00rEVZg=,tag:k3SvuEdzHKcrP4mlMfvleQ==,type:str] + - ENC[AES256_GCM,data:2f6/WxeaJ0MVLB4=,iv:9Vv0IJOVbs7FS2Hp3zOXgAvne5kMjFpuJRikRFJZ4tU=,tag:MGNPCNOkh5rfE2z3TPZuAQ==,type:str] + - ENC[AES256_GCM,data:h73eZA2EJaJZeQQ=,iv:EYo43qxXWJHOG7dyA7EMUGfatRi0TN4QSUv4MOQpelY=,tag:D0XtmNnOrbal61M4MkQ24Q==,type:str] + - ENC[AES256_GCM,data:dBQsoR3UG6vLaFg=,iv:UdajhHUuyja6O2GSK1G7dOUK1UDrWi6sygOrNQkQgc0=,tag:7h5QHi0Gy7buutKZqqyhcA==,type:str] + - ENC[AES256_GCM,data:qmh7SDp8OAX7cxA=,iv:1PVPM/L39GfQgRYlBOL0VGDWseaj2/obnuRK4M+TVEg=,tag:4mkQxD/wDh6tEP0hRvjhhw==,type:str] + - ENC[AES256_GCM,data:jMEyuhmlL0ktSedNcIM=,iv:IvOyXXUmh2sn45OpBWn09OoI/HAUnD5cazVeYqnI1Gc=,tag:BeRN4KHfb5ciZ2Hezjv7lA==,type:str] + - ENC[AES256_GCM,data:hImAanH/CUCF2rU=,iv:29I0nr+HjzOjnRbiU69uT0mbvD8FsNG934gEULVXoUg=,tag:XODQ9mkmRvZeEQKxX2okMw==,type:str] + - ENC[AES256_GCM,data:Fx+76vj4QpfpFSX93d0=,iv:32reIezG0LIYOaxFce80JNyekcVRzZ7ssMxtaBIvfpM=,tag:Q2o9D/Mfe3qxpydcm3cdjA==,type:str] + - ENC[AES256_GCM,data:yT3eGMZR1TtsGBGN94ocFcBY,iv:a5MVB66tAIwg3ULtSHsI1ja73QedXO4fqzxFMivhIcs=,tag:0k+9ggImafQXZ9vzFrJnqA==,type:str] + - ENC[AES256_GCM,data:oQ8WO1nqKOINybdO0Y0=,iv:qevI7JiLq3+yqQjI3/nUuyw1xAG4mlKHat4SKWg502Y=,tag:Jilu6DAYBINU+8R+8tuLuw==,type:str] + - ENC[AES256_GCM,data:S9W3z0jDDw==,iv:h25zFHgk/HxGvvREPP0vofJRF0JxuNIR/GAZZ22gSGk=,tag:zBk49QcsLFARSTcG+5nUfQ==,type:str] + - ENC[AES256_GCM,data:6fzF99tT4MmsbJYlKY9f,iv:d0idZ2/17clHJfjehigBMVMcXwESmMf4qI8GZ0IpiSA=,tag:fwqTPFhsP9TyOwbjrw2b7w==,type:str] + - ENC[AES256_GCM,data:Weq7q7YHP/T3vRNf/rg=,iv:N+q5DF0qzeSj+fGwj2NiHYZApwYZnk43+IZsrk3nMvI=,tag:zSsLV5qAVlmSDyt4MP4qkg==,type:str] + - ENC[AES256_GCM,data:QqUDT73XDuI=,iv:rQiwOVbPJTgrfaPzXSew2RhyCHDDnkvj1rh188WmwM8=,tag:lUGkhhnyn3q7vn5suMCLOw==,type:str] + - ENC[AES256_GCM,data:Jdmh+6s/3526csmqemBI3A==,iv:tJotQBcPbLPe5cFEZ1IK5pNKko4icKpThCrYET1b8UE=,tag:Mj2/af4TA/QXjDJNLILpMw==,type:str] + - ENC[AES256_GCM,data:393c3zgxrzdFVSKq1A==,iv:4dtzvl/tXvLWHuEiZWnA5bVpxR07/HT9ZTA7Zgz7bG0=,tag:Gj9x7QyimkOPNPTJE91Xww==,type:str] + - ENC[AES256_GCM,data:tkBffkTXnA/uZvaDdHLiuMo=,iv:n3gErU8nvZwrIhPLvOSQLRYQibecRVAabFIi9xRH2Xw=,tag:0+3EnHf1ntxvjdQyK9hl6A==,type:str] + - ENC[AES256_GCM,data:1fZr/WTc8qk=,iv:FiDLTZYnXBssCsjbQkIF5VSc43kYt0DS3h+uorlkong=,tag:7xZYMtnfnzoAmJQB7qZT9A==,type:str] + - ENC[AES256_GCM,data:7s6/z8ggpWXm7jUCRAA7CcWW,iv:WI9VhY79h0oisbBtILMoVuT60Vd5hGpPOU5S1vEoYLg=,tag:tHi0hOXvkM+ZLlgPHIaocA==,type:str] + - ENC[AES256_GCM,data:K8ZSIfYMYUY0EzcbaA==,iv:47wUjhju2WaGpQbQlSjPztJGsb1NNJGz7EITtofk/uE=,tag:j6x1N/tWmU1mB2p+tzmydw==,type:str] + - ENC[AES256_GCM,data:aeXVm0eqn9QcFi4=,iv:yYO60kUtRV7VgYz5XJzozCbxuMEt4eYqXgthOU1VGys=,tag:96KKwEpIMat8xe/NmMbEAw==,type:str] + - ENC[AES256_GCM,data:/dVRzovIA7xGdepmQQ==,iv:i0QHBb3FKgrknNrQV/jtNDvnLQwcuAUYTgNQZLwiqhU=,tag:KIimHb4OADh4I5tQIbBlvA==,type:str] + - ENC[AES256_GCM,data:jMcDoWT8XP03dQDb,iv:Bkmd4yfjN1gpDflhLR1LKW38RaD66eIZcpHqAX49l2w=,tag:oNoy9HF9NHfHPJ/lv5GCog==,type:str] + - ENC[AES256_GCM,data:E+A20LbLb5j6uCwTqwU=,iv:PXAqt3lX5NKndGPKZzfy4tqa0/HVS7/w1z0pgYiggrg=,tag:ZVoFl5NLJdAWleNkC+dI+g==,type:str] + - ENC[AES256_GCM,data:aXRMofWUmYw9SkjZze8=,iv:vYAwZpbNEL8/ZohtbxTPE+o0t8PreYgstCAGAfbNzOk=,tag:XIn/c435Nc+DNGeTCYQvwg==,type:str] + - ENC[AES256_GCM,data:o2hSf9Cx+b8s,iv:uO2hmPEES2awo5+TOSNMIrfB/kqTGrA4gwypEOLA0ow=,tag:Lx29Uo7uTjbXCQlMZnRqBw==,type:str] + - ENC[AES256_GCM,data:wu1ElZw15sMcB8LvbQ==,iv:0TwCRKBcW+AQOWwZ7LZ/tJxYM2/jYytSeuvOIYWKvJ0=,tag:fYTqeigxzi+KcArfH2jWGA==,type:str] + - ENC[AES256_GCM,data:BbYZSf7gvJI=,iv:SKnKau0UQHdtgAFeJf2u8DH3mH/6NvNK5ttvmFq9Ldk=,tag:orWjhQdKg6QISmDcxf9XhA==,type:str] + - ENC[AES256_GCM,data:8Ukf9npHRezL4kwf,iv:U68ybU3Vex31TfwC5zp3KN4IgcPxCIvL2xy+yCakrrU=,tag:Hx3g4r2KzycAwBVYFAFP+g==,type:str] + - ENC[AES256_GCM,data:cfm90dnqj1qrk5C8VvzGW6jO6io=,iv:OfapgmYy77Cf1Y0qDAGSM+eoOH/HaSADTUg5vv8aSlw=,tag:sXyzfmEQ9I2IrkkgmKao5w==,type:str] + - ENC[AES256_GCM,data:OX9szepdm0JsNT8=,iv:ZMjbPrS7eWUukFPW2mlJy4NlJqP60K93RKUEis80V1s=,tag:dpGckMjwoKIfY9Q5+WCWpA==,type:str] + - ENC[AES256_GCM,data:IZby5xcVd+Lk,iv:lKJbO7VLk6blzJdrmCMcJwhGdFpaJLV+Bx7eWpgjTjM=,tag:1HazAvACEUcpDRi5SYA9XQ==,type:str] + - ENC[AES256_GCM,data:2vfgvewfzs7hEg==,iv:ApSfU4r4dcwRu+hLNVdsWyZeKSLrnawZp5Zz7L3ITL4=,tag:74zTZE18fOF7qWeC/DgoMA==,type:str] + - ENC[AES256_GCM,data:uxiTY1UlVFwPtg==,iv:JChUSXXOIVjGPadCFzxZrq96HBAlYRWxTk8e7OYLl3M=,tag:178arDz/koQDma2rYJ9T7g==,type:str] + - ENC[AES256_GCM,data:Y5QaPJNmqGB7AQ==,iv:b7/VjKUlo3ByWKi8aewnYpJdHJfeqxzOzxTWPTOtbt4=,tag:nx0WfXffM0razSnztTKhbQ==,type:str] + - ENC[AES256_GCM,data:1b7eXbpme/PQCTg=,iv:dznh4ElFULigPzWJK2phHshrSvBXWbw2Sj3GALSa9mw=,tag:kXG/veteqoaBg+MHGPacnw==,type:str] + - ENC[AES256_GCM,data:9HVeTF/4pnYy,iv:uc8YXbqkg2TckGQ/qxGUtms/kp3L61S7wBheU9MFtbs=,tag:EJZQpQFEoiwDo4L7VNu3AQ==,type:str] + - ENC[AES256_GCM,data:poTnAAZDgm8wqaKUuA==,iv:z5Yav/JWJROq+yTzpkwqiG05MHT98LSS3UZqomdOtCc=,tag:eTwt5tgdDCfiShICpDBBcA==,type:str] + - ENC[AES256_GCM,data:i8pLoehfc8M=,iv:Uzk4aXhY8Nv84F8QoCPtQPQzlTFXW1e03ZzQv5TUrRg=,tag:IpXw/CDaFFZwjaI+f7Ejyw==,type:str] + - ENC[AES256_GCM,data:YDIF73ziOhaJww==,iv:UnT3YyccICzBvk9bgts2u40lymWtI3H3f8g9pA9/bys=,tag:qJUP6jT5/jc8Su+7DUvznQ==,type:str] + - ENC[AES256_GCM,data:foeApSAsoxUkuw==,iv:byix29aFEUbjQT7ANuVvdxq4/NGIULi73CE/AQZenrY=,tag:QAL3zvenq1zloFdSxIg3fw==,type:str] + - ENC[AES256_GCM,data:ym9z9EQJLvou05poHQpXnQg=,iv:hmhz4feK67u943ad8tcR4I6kJBqVwQYnlTqLzggR92g=,tag:WWmXY17GDRkLM3ad+GM32w==,type:str] + - ENC[AES256_GCM,data:4qTW2/oX2PHCOt17bg==,iv:CvUbvfZ2RHbYlHolMcb3jKdC6bOUvGugKc9Dbr/kqzU=,tag:pQdeV+/kvOhyXfszYmAzog==,type:str] + - ENC[AES256_GCM,data:fpru0KgTm20X8w==,iv:ggfuIAhDsZs3MxKB/82aRIfrA4UsFeesH5lGYeLe/Ro=,tag:RVNrdeTNG0tSt5rp3fm+wA==,type:str] + - ENC[AES256_GCM,data:ixOaTclz29L5nGA=,iv:yfiXUN5Cb8J66D8UGbDwXtk9m36QEOE7rqIuv+eTt98=,tag:JlajNBD9QgBCgA8qqf3RNw==,type:str] + - ENC[AES256_GCM,data:cqFKPavDbOMALvg=,iv:eOU+yXeKFnZetKjvBYaF2GL3t/SPtcl8vxh45wStPM8=,tag:3zbm/QUcdzWooagQ6bUCbw==,type:str] + - ENC[AES256_GCM,data:odH8SpUzlfbuAou3OA==,iv:eS2jcT9Zcqrv6o2gWfokjRj0Vf1fn66WajHgaFp8BIw=,tag:N+f3ZlROvWqSI2JJh9JMDQ==,type:str] + - ENC[AES256_GCM,data:eYEvF5y+iMQcGjHb,iv:Q66/cuHWCUOrtLCqraTdwaDvbIZ5IINERiKUGvJB0Jw=,tag:oKew8XDZ0POGSMt69aIBiA==,type:str] + - ENC[AES256_GCM,data:X/pZaAmWsf7IJQ==,iv:41CuG6rUVKQeqzCGnEwXGgtcnXKnG8mdf8h0r5ozPbI=,tag:AzCs52kOXqBlhDO0O0WPnw==,type:str] + - ENC[AES256_GCM,data:WPZqQx7Qpq9Ai9o=,iv:Al9FVsdtNCpyCl6oPRvCz54Cq9yUoi6boEkICfUlc2U=,tag:uOabTQJ5INjV9kY/umFlLg==,type:str] + - ENC[AES256_GCM,data:9rw/hAVlCilX20f9VU9stitLGQkydYg=,iv:jp1SoVklHZ+5MYoEFA+bUuui97OwK/yr5kXNUbf+DOw=,tag:3mXCUKY9UrfKnT3cUbNNLA==,type:str] + - ENC[AES256_GCM,data:jhOvM+9XCiA=,iv:S+b06lIJGOJXlOB3w3TDEtaBZ0snWYcEMsFQd5gbD4w=,tag:Q7utZE+nylDC77EhOJ9hfQ==,type:str] + - ENC[AES256_GCM,data:eqsmvLL7mREgtw==,iv:W33nuHqXMejpRs4BEomx7ITAva31mmeDc9VKcftrb6c=,tag:Y34MF2zYtXk/VvjvLRf2bg==,type:str] + - ENC[AES256_GCM,data:E+DOmXF00M3YP3OCrQ==,iv:P6zFTk4jMMcIE2rN0OTjiXrFGZorTCVNze+gikg3Uww=,tag:Aq9ILepnZ4AFk3M9PjSFWw==,type:str] + - ENC[AES256_GCM,data:pwMImtovKBh8,iv:YBin4opwUcQsnN/egkDDlyK1wHiRzbMFU6yEz5IpuhU=,tag:UaMSm8j1JGKOj98OPfbejw==,type:str] + - ENC[AES256_GCM,data:5Onm11XAA+l+LNhE,iv:gr7DZQdz/ra8p//CCBo0OW+0uOn7y5hPRENpL0Bymjk=,tag:9dB2nT9qFsNV2mbjlffxjw==,type:str] + - ENC[AES256_GCM,data:hSDvOk84s4vcQQD5,iv:aGxthWZ524CgsNkhGDQUjeajwh2Fy+b6G3POIqqe0V0=,tag:forCyQRrQQPLqNfF7wYImw==,type:str] + - ENC[AES256_GCM,data:CbIaiTlRyFIQTA==,iv:vpJUxieKnBs/5ncY5dKEM83Auq5fGd8+qOyGNm1yjvs=,tag:VG0YC7RTqNoSPIQKjEYkVg==,type:str] + - ENC[AES256_GCM,data:QJa8VB5iIlw=,iv:/n6ur/nPJq9/rCSFLAZ6yljafuSdZeRnIFELCQWAnM8=,tag:r66ecZ2tujoE0RWZ33VZOA==,type:str] + - ENC[AES256_GCM,data:OvHR1PaEoHGNXw==,iv:RRyWFeVz209Wb6tZG/G+cAzfULBi7ICKNgnVfym1cBE=,tag:+Zm1zdtq86sFGbhzZ11FEQ==,type:str] + - ENC[AES256_GCM,data:FSj9a/R+mjgkAQ==,iv:/yh0qLvpR9jyRuCAGCl6lGTrXGuSt3+tXBIHuZA2GTI=,tag:PMStHEjVynavperEOVhWOA==,type:str] + - ENC[AES256_GCM,data:72aOlrRLjHLRdh8=,iv:U2JdNKAdUBx8nWuBpy19CJ8kC5GEFN99JOHPsuDB1NE=,tag:PN07CdUkygiukYHR+d/Bkw==,type:str] + - ENC[AES256_GCM,data:VyPGlzQeWMZADt+8TtqX,iv:7XBVFrOtkO6TnMOdvdulZ/+h2i7WVofJmvZkdqYsgUo=,tag:Eyd9KwbxSNFovT+ch05idA==,type:str] + - ENC[AES256_GCM,data:RQkDHIFCpB3TBAU=,iv:+CPDzeJHFQ0X/f0XrFTmz/dLRmV2vbYzonHIj1ZnBgc=,tag:Qnu6xUJ9AtzkxduZGW9u+Q==,type:str] + - ENC[AES256_GCM,data:dOq3o+IQQBCs6yWhVw==,iv:YcDR5kSowfNpL6X+SfdVUyqoyDFzEEwuw4rqt0aH2uE=,tag:JbVw6fhy4pDM9B+AdG4IKA==,type:str] + - ENC[AES256_GCM,data:yV39v8F5Jb5fyg==,iv:8kfidzr0vmxL24oetdLlPJ37kuwrtM2POJqZCVeaWLs=,tag:cJSzR3UBSsxPuDZXg3l2BQ==,type:str] + - ENC[AES256_GCM,data:AdgYurYP,iv:O211kyCZiQpyqlFlsGUFJv/gqr0LBVj1ps8jqL4hLw8=,tag:0TEcuIiyFD6bc3LDbhobrw==,type:str] + - ENC[AES256_GCM,data:FRZEkwt2bi4=,iv:9gF3cY6C+gu2E/vwK50xU5HmyesgsUgXBJzERShGEIc=,tag:5rZGm2ayhgik0FXpbN0Lpg==,type:str] + - ENC[AES256_GCM,data:JyG25IYlTNg=,iv:mnz7eMCrKIxCKuHzfkZjYhPWbWScHAXgUujCIeQ8oxs=,tag:pk+J+nJ75J7mov5KzGbmJw==,type:str] + - ENC[AES256_GCM,data:JEoBIFTG/4IgzA==,iv:l7s8vsZgilji6EKwuvCCe1pSTz/JrT6s2tpsrFaXEcM=,tag:q+Fq4E8FvVN/2/kgg0n3lw==,type:str] + - ENC[AES256_GCM,data:R1cQTXEM,iv:6JogjFS1CQ6zOK1HTGz/TISY35OJG1yk0TpTr9Wtsn4=,tag:grTvDhMK38Cju+kk+XlTTw==,type:str] + - ENC[AES256_GCM,data:kQLq7jmr,iv:KupsSPQ9eErc6EQmzQzNzkwcZSYq5ik5SuC0sczJ32Y=,tag:FuqQ3Qi8QnE4CABEK7AOBA==,type:str] + - ENC[AES256_GCM,data:hiBa0BPmYKQ=,iv:wS7rkwtWVOGlOPZApjw9MOnjlWKjw43BHW5T4uC1ezY=,tag:r0gGUsTXTm6aE4aSfQukyQ==,type:str] + - ENC[AES256_GCM,data:LNxe6tKyVGXe0jHc,iv:VFqbS6vIeyWgBqGZY42/M9ZGIDHh3YUhHLCGslSdY2k=,tag:934sxwcOLlM24YDIf52B8Q==,type:str] + - ENC[AES256_GCM,data:5k3dHNI3tEI63ik=,iv:oTq9wdCYJ2ilj9w5I9V/YhksSFQM8ygtKa7N/m9VOMo=,tag:JqlOg69CQB370uPKUsnj2A==,type:str] + - ENC[AES256_GCM,data:Tvow5GqAUnVVXA==,iv:dImurtMQe6V00snu0gUASwrExyNr22tKbrmgB8abLJs=,tag:t/XO++AE2qa1JyXeQqcC8g==,type:str] + - ENC[AES256_GCM,data:CdKK6KBqzzyiOA==,iv:go7DzGYAreIREwof0wpiVRI+PGMtLDJWTkLGYxMVKhs=,tag:E8H0IY1Egk2RdWr/MhofSA==,type:str] + - ENC[AES256_GCM,data:finhhrdrAhHX,iv:6+1pD4KIcwIihG5pkUMzRUpDTP+2e3XJE5vOk/sDgIE=,tag:ZJz7bO1xhWCGCB1qFHH+Lw==,type:str] + - ENC[AES256_GCM,data:RnkAphMpU40btg==,iv:dQZHU8VW0E2oWNVBQ/mSzohvCMDZkJUAsMywcyp1//M=,tag:Qu6xo8muH2LhDiBGAItxEw==,type:str] + - ENC[AES256_GCM,data:1oRToMNXk5uRJpU=,iv:tNY9c7VE2eB7OR8e6Y/8yhKO5OHkZ2qqz3vUqO53xKA=,tag:2iPdjhkJBkCQBETA6Hpa/A==,type:str] + - ENC[AES256_GCM,data:BG4x2voH5Mbmr3LV5Q==,iv:8yHdD5mZpLq9oVx/4qtifA8X2pkGaE19/fzf7y8Ab18=,tag:15cQ9N0HP2E2VzTVeuBxsw==,type:str] + - ENC[AES256_GCM,data:qbBYM601VKrltw==,iv:Ov7NIQbV4mjC257FAg5GC90lka0thPnLeZBdfLeXtLk=,tag:9mPF4VAebSB9I7LcBz+Jfg==,type:str] + - ENC[AES256_GCM,data:eXyEmqLmkA==,iv:xwq/9rPRdNdCrFkHY0k6OtHa1evBc6J99L0l6ZMHNC4=,tag:SdfyplfUwTkcoD7esVhFNA==,type:str] + - ENC[AES256_GCM,data:96GnV+aO7Z/Bums=,iv:I9CSbpjI/gGTpgio6eENmjJu8q0l/BIApH2OqGjaSc8=,tag:NCW3WuvRdp/609F/yE5DYw==,type:str] + - ENC[AES256_GCM,data:dBnX6rqheKpFxLK6M1yb,iv:I4mZJuOdThylLyT3/6vDUsEHy8fV+9uK06RspzzgS1Q=,tag:XtunH/75zz+R5D9ZJ7DxPQ==,type:str] + - ENC[AES256_GCM,data:leCJnnS0nG7BLY0QUWE=,iv:35tVS5C8pU/9RXGvkB6+pvZpQUrIj4fr9vVh3+M+4l0=,tag:6VyLvB5yrhADcZweEz3qJw==,type:str] + - ENC[AES256_GCM,data:fQZRIfnvrIxJnnZ7JXkszXY=,iv:7PIE3FC3n9ajZ+6znWnViROKLg0wB+Vrov+G5RkLkXI=,tag:5BS7fFr7Wn0CFKPYy8bK5w==,type:str] + - ENC[AES256_GCM,data:RYNl7p0wUFdVxk3IZ9tb4Q==,iv:5BADt5BJEvNvWVHh2InrISv+5s4BF0+vCuc8o7m+VkA=,tag:TxryxrV4E3FdS77hHhGzcQ==,type:str] + - ENC[AES256_GCM,data:DcU51QmTlpvsmMBi9MfJR9Gd,iv:OR2DNj+21qFjGamqhrDfvbKxPl7zTV8gOGRo95T3VN4=,tag:/HSUT94YUpANJ4ALslExIw==,type:str] + - ENC[AES256_GCM,data:UDzMsLcokp2gWAM=,iv:JhW332Xc6DU0fczRvbhCAdViysdLT/tzcmB7YVnTJSY=,tag:6CU+JCzLQrBogxqnivUe/Q==,type:str] + - ENC[AES256_GCM,data:hrR60KKiep0z3Q==,iv:PNEVFVvG9m6NR7gSGCecJ6WmOOfqcW/xCiQLTosLwUY=,tag:TqdWFs3baKtyBwAmuFBASg==,type:str] + - ENC[AES256_GCM,data:dYmeVtc4E95RAw==,iv:psmEcOHw9TTEsHCXM0I62J3hQrC/Vb8GFR5tUvAC90c=,tag:XzqsuPaE2Q7oBJZy0wP0+g==,type:str] + - ENC[AES256_GCM,data:5JpEWzhx9ZM7ig==,iv:gPoX7Dtdof+ysaDpcO+TuodorOWKE4VNkXr8EzzP6xU=,tag:eg3tu5rPhTexKzhWmXC8Hw==,type:str] + - ENC[AES256_GCM,data:J4cllt9K2iFmMP0=,iv:JzTvGHEMG26rBjiXPSaGL+XLHpwTRuQSHa9Nz2PipK4=,tag:EbroN5saGzL0e6m507V0wg==,type:str] + - ENC[AES256_GCM,data:Xv86N52+9kUxtTY=,iv:XVmlFFk1zc6hPQbaTaH4KFDxUBAu8JZzluU4yL1WdlQ=,tag:z09COD6RUU/JH/pS3K08ZQ==,type:str] + - ENC[AES256_GCM,data:I74wytZNTS4o,iv:sIcmsscJ29HpukwbLiC0N40VCbqcECAla5Uu0J6nWfY=,tag:i+R4Niy98QYWz2xVQuitJA==,type:str] + - ENC[AES256_GCM,data:P1urAngcPQU3QCmxy9E=,iv:7zl0if+C+mrbQbM3RH37Pn70RmxoPgWfwockFtEShcg=,tag:g2YN8fb3tt2yFlg8IJKdFw==,type:str] + - ENC[AES256_GCM,data:14pWlroW2Qcsmw==,iv:4vWZy3/cymLwmznqf7me5j2vhk0SdljdwAsMcGRncNQ=,tag:QrC32jbNx7C3SVwi1gedtg==,type:str] + - ENC[AES256_GCM,data:/zZV7tOX9LCsl1a5VhuvbM+I,iv:ZRoONKSc60RqKTdLc2hJRMpajzofsCJPjW7BPLVlfBk=,tag:fGUH+eIb9JyLHvsHDLloZg==,type:str] + - ENC[AES256_GCM,data:Qc/65f/HdSB+LHMC6Fy+x2DIFO8x4+M=,iv:Puug+1kib3j0UCu+42ALPBSwDCdIOP/ltJb79kXNCeM=,tag:TRpmv2Z7jOHMzd7QBsMAJg==,type:str] + - ENC[AES256_GCM,data:3EoXGp63QbNrzF+nzvn/XjpoBi+gxAs=,iv:KQqErgj566mMcny7YLyfG7ALy53wq1re+p/odPpS0W8=,tag:p79Vs7jDFqRAhdxicmZpqQ==,type:str] + - ENC[AES256_GCM,data:aSyjTrQHYSdJsqbRf7XWBFcUhx7F,iv:GbD4ZM3Sc6qU4q/BkSMPwdIFu4wYE55hvUdpsm0GP5Y=,tag:qpWVphHLAlLkPTg9pPdI9Q==,type:str] + - ENC[AES256_GCM,data:ObH2pQ0XIljG9ZxpK36swaBKctZpww==,iv:J7Jc640WY5WJs74TzyL7kcwLU+s48qD9p3e/JbnA6V8=,tag:45St6bzdnbumBhfyG1bSsg==,type:str] + - ENC[AES256_GCM,data:xLcc/z+eoLhDh+1agqyEW7ZrlgvX5A==,iv:tdO2E+OYGKpD4PZ0wCsFW6QMXR/BSjQFf9m22NL3sRQ=,tag:1MMHPPZ87mSkGHa04Mdf4g==,type:str] + - ENC[AES256_GCM,data:OpaKLfGwthhT8W06I+trGQeZgt4J,iv:endCM1279ndVw+NHM7SIOHwbkL+4VlSEipvdXYcqCEs=,tag:4omEks9WiBHVKa33YRMwvA==,type:str] + - ENC[AES256_GCM,data:2HhzCGgmrynZ5mpWL44RtQ01WGCGrw==,iv:Hlv7XxXzjguaQlSmlXBa3YS4uPId1hwEirXpCOeLJA4=,tag:aIts6NsTaznhSvC8pmigTA==,type:str] + - ENC[AES256_GCM,data://hIYWZoSccaOdsIlFgn8cBRF4Dp,iv:NDopjzVShWolVFySsZ985MDyC68DgLBSWDAQamJTG7c=,tag:qPnR8Ecg+/ezCLtzpmnWig==,type:str] + - ENC[AES256_GCM,data:G4yZDMLprc7YZbtsiTHJCcrFFFe5Ag==,iv:W1aUQapS1Kny/esHmep1cH56Jb8vAvA0vkOB/MF2DTg=,tag:t5XRIVDNJgfxfuO96EBMeQ==,type:str] + - ENC[AES256_GCM,data:4xtunuNNTEt55tD6Iuk040i1He6n,iv:stBlik3+tPBYSSKe5n1C/kkovSA10W3/vw2dsxGrhQ8=,tag:wfqS0RNLGYKycNgEMevg7Q==,type:str] + - ENC[AES256_GCM,data:dDQWZqq2+/KTZtwjN0KtNibvdOJ+tg==,iv:BYzhOMveIqjo39kj7pi18Uf+7AcEApNTZFFlfYbeBWw=,tag:oDwlZjhnfY6aj6OEKAcRUw==,type:str] + - ENC[AES256_GCM,data:ymTuSpykBCnV67MDkbLNYe+7/LjO,iv:uxwyE14G6XuHIpGoWZTlfqqZXzyl5FViqy0+i1clFPk=,tag:Tn57LYG6R9muKdbXXhzWvQ==,type:str] + - ENC[AES256_GCM,data:UEhy9scFP2jYEq/Khbd3m7B+d1NMbls=,iv:8lTf+7VuczexJMM2lmtfq01T3lintY51ZcJaEfI3LN8=,tag:Z5Iupx/V8qMCCr5neXAvgQ==,type:str] + - ENC[AES256_GCM,data:J7/IGRnazhIkn3Jj2fCe9ybQf6FRCAY=,iv:kQ5vFrmgZ0nkqPTrw4rzXedY9ZixlQvG77AI99ydTrg=,tag:xSEqoYtVmAw2nW88uUXUvg==,type:str] + - ENC[AES256_GCM,data:sGd8dA3km80Q09aA+alx6g==,iv:+dYwZVRP1ll+RI4ootkCmVsUTxl/lsGsM7WWc/SuCzQ=,tag:H/7p9o4mf/VlemhPlAOJ/g==,type:str] + - ENC[AES256_GCM,data:khvVALPSXCLgtGn+Z+4e2wbMwEI=,iv:Pz8oD6HRgr3/WNFy02zVr44zlbJ12RNIYgZ8C0zBzuQ=,tag:L1eQlR1XGEw6V/5nnlvzBA==,type:str] + - ENC[AES256_GCM,data:CLJLAKL8D6AtZwcC/Uh21WY=,iv:ipfWNvBUAtIRhERX2s/2zbLWMDOBx/6n5dXuTORcnFc=,tag:QXrvTMPI8d8c/qaaFshVzQ==,type:str] + - ENC[AES256_GCM,data:0zwfvygV5Cyzeagj67tmoOo=,iv:/5+BpC/X7tV1R74VpwSVSnUbVaWzFEQuUh5Hz7cCuCE=,tag:gfGFeTZsSmoOhGpHbgscHQ==,type:str] + - ENC[AES256_GCM,data:1cnVfUAqhm5XSFilh7W8gvf4pQ==,iv:bIs3FyKBhtGtlp7AeC92IC5mByFX5RaNkmShujV/uMw=,tag:hABKGLk5GIzg2+WymlFnxg==,type:str] + - ENC[AES256_GCM,data:423Htb8GL7EA8nUBLZZvkNLtiCEykr8nshk=,iv:KZzaN65LsipKjHTCQd6P4fxKrL18aOK93fMjdZaUbhE=,tag:+M0CfdDUHsWlphSpi13Q/Q==,type:str] + - ENC[AES256_GCM,data:7xQPwnpq2xdn5EYsO8xUgQodtGRloxUv,iv:SVxn+SPfyBrmBSiz0iwy34WZXlILrofThqbR/Z7m8AU=,tag:CXRPV812BoNCrA8YrE/G1A==,type:str] + - ENC[AES256_GCM,data:kc7HX0OMeoicFcMOvJNnc63oBc5SX5SoL00=,iv:kAhVPUzQuSzvg7+dwODl1DgxdrF1BAFvSWszXaqxgMY=,tag:T8I+T+svb641w9c3aaZmfA==,type:str] + - ENC[AES256_GCM,data:fpmeI2sEen4aP3fNn9mAL41UoQ==,iv:oglNOx0ubmK8El4iTqo6IaPaGSDDCoTzjAVuXD65W1c=,tag:tsylPXm19xFFWU8zbocv6w==,type:str] + - ENC[AES256_GCM,data:QMtqsYSrIUx6NDEVVreP1VY/3A==,iv:JKj7m4vrMQscVJbUTi6KYCkItQb+ZAi3yC3EUw+sCUY=,tag:2ERwqgNH1723Y1BgyMyvfg==,type:str] + - ENC[AES256_GCM,data:Zvenmjn4Jwh9tA6XhTeHOrzyLrUcxPM3HqVX,iv:f06NmKzEV7TYb+JLDxVF/gRgOfcggPsNgPch5SDdgBk=,tag:Juflkpk/JXvDqpGCrq774g==,type:str] + - ENC[AES256_GCM,data:XfzZWV83F5KUdUeq/b64GqMFGlkHRWTP,iv:iwbDO3alVDkcTiNBKMAQqH5A+ttlvQIUDCyWAG97cLo=,tag:z4G0IdRk3DaC+8xsY9QcXw==,type:str] + - ENC[AES256_GCM,data:saOPddVu6K0ae5ipRHC2cfRSLQ==,iv:j64A0PYUsmDHf2R/nYqFH3Zcf5b6kS9e/0cXWS+QQKQ=,tag:aWMC9XyR8hvm1AUXPwSZ4g==,type:str] + - ENC[AES256_GCM,data:kbaToImjgoiGX4mF1Et9GhXa7g==,iv:r6LO79u2OdFoAQ87wm9bpp7q4Ohq3BftVeARzg/4lGc=,tag:YVwGgzkv1WwxaZKMl0gprw==,type:str] + - ENC[AES256_GCM,data:AZwSSisn3YD5BijFHrt4MgOGLQ==,iv:Kx74sSsBXKYcczlYZ+JuHscMOnunsTSbAy94+W+GcwI=,tag:Usk6SZ2qDnoeiMV3U2GmPQ==,type:str] + - ENC[AES256_GCM,data:god9EaaGngL3vnG9ZdWnt48R8po=,iv:dySc3RxwO6gcpalmHKzg0n6F0RBQwn/IRywtT7ChRpI=,tag:yzL2QN9Y1dUf+ZNfzftfDg==,type:str] + - ENC[AES256_GCM,data:dXuwHa9TJ2yCPBrMpbuEN2Ue/flXSUqxSIE=,iv:NpK0YB9xF8GdYatwKUDhHm3HMw7/HBQOnI6yse2P5xc=,tag:WKpo5XwP1DXDfjhbYwJtjQ==,type:str] + - ENC[AES256_GCM,data:NuJmr2GFuceCmvCI/6/4D+TBxzuhZod6bOVD,iv:saXmMix3uBRs7Ce4sRIJM6tRq/jfVLPxub+11uN8C9g=,tag:wJ44NiV3PbYO/FEKPnxpwg==,type:str] + - ENC[AES256_GCM,data:HVGmbre40kl5A5cyYpGGbm3IlGvxRfLG6dXG,iv:t05W30R0bRo/lBqgJ1A1EmmD14/a/Y0QiDYwXjMiaS4=,tag:jnTH1f3G1EQMjYK7Y8MuoQ==,type:str] + - ENC[AES256_GCM,data:07LjZxBaIIk3eA==,iv:ciDZWihim9IfR+z7R8yH7Jloicu4HRkIXvLo5Mb19ao=,tag:e3S8kh4Dq9ctEZmv7z905Q==,type:str] + - ENC[AES256_GCM,data:UuscftQCIRAvvHwxjA==,iv:hK2GhWKLMW192cmBcUP4He/bOoywlFy4YaSwyTzFka8=,tag:WGF3R9OxpsQEjywpLzDUIA==,type:str] + - ENC[AES256_GCM,data:4ppqfewK7T4=,iv:5BYffAff/D9oapdtrsq/DvVXPmg7WXdgwVyjhGEAQBo=,tag:qbuGEEZ9hFove544CKACRw==,type:str] + - ENC[AES256_GCM,data:Ei5rje60raKX,iv:wxUpfljkxQnBW2h9mBG0Napfa07TmeSSEpIC4tzbrfw=,tag:mnODb4OXrLkVb69ult+xcQ==,type:str] + - ENC[AES256_GCM,data:mR330RrPvmJV,iv:xjHkRajr9edCUAlSQJtsuE3fczDwH2kGyJ4bQaWe5UA=,tag:bxnrqbMDSrxk/7CJtTs0+g==,type:str] + - ENC[AES256_GCM,data:hD5LUK43N9fNpQ==,iv:dyyz3fi5Kdl6D098C63FJQV/oHrKeRg+VnRccmzgVaA=,tag:0qPzY50W7VKSuqdWzxhltA==,type:str] + - ENC[AES256_GCM,data:/qakTtB/k8GVKfJt,iv:NPhxPywcNrKMMPTlFLQm1kujKuC8Unpa290TDjG0xNk=,tag:NNMgzw8yf9s0um1Ug0GZxg==,type:str] + - ENC[AES256_GCM,data:gBSbgiDCAEmmcF/0gqiojlaq2reD+w==,iv:B4131SxMwErih/p7sIqRR+9j4KXQDg/Dd4qutAybh2s=,tag:NIbEeSZyw2zw+wd/ticu3g==,type:str] + - ENC[AES256_GCM,data:de/l6T3t0ON9NA==,iv:avtHgGqt0ZVfgOfIDwGuxKyufpT6ZeLS3zHYP67k9K8=,tag:p+b1/48yYhiUCSgpkkdibw==,type:str] + - ENC[AES256_GCM,data:Ocdtuhsndw==,iv:kZjXE1P0Gt9Y9zcrLL7GXNMAGFVjoeprh3OUNtg0rWA=,tag:sqAnHObI3JzoTZ4TlyOwKQ==,type:str] + - ENC[AES256_GCM,data:kvj0IulK4Q40FKeKgA==,iv:l2K8IbY6SrZ6JsX/V05mhB83FqJyzBO94r5Fr18EK+k=,tag:iKuSEf/6aN44oIfzJYGosA==,type:str] + - ENC[AES256_GCM,data:IKpkuck8aJLlxT0=,iv:i4JRpAgC44AKrw+iusuuT/F8JYZPz6aa2fI78AVlzc0=,tag:GLkiW4XE/pA6Zehu607JfA==,type:str] + - ENC[AES256_GCM,data:PBNYsPy8GW6f8gkK,iv:yokkjwktnaxt1CKBbVeBPGPIN49f6mTosFH4fwVb7hM=,tag:IOUPutk70X/TgZb4Pzg8nw==,type:str] + - ENC[AES256_GCM,data:oqku+iWC+clTIck=,iv:DzIfO12TDny0lVuWf5pW3L6U2SDYcss/Ncv7aGrL95I=,tag:WAPLioKyZVmeyj0GaHaC1A==,type:str] + - ENC[AES256_GCM,data:C+l2sp2WA5+hWg==,iv:jBf1dQ7yriejEuKo7Qee4+QPrTR1EPvrEXWgvU8DAqI=,tag:ufyQs9gAPLqFHBZbxpWqCA==,type:str] + - ENC[AES256_GCM,data:M9TPF3swembcqSsrvtRnIQ==,iv:wFSLjR+3O5e6BB/pKIbnF4TU/wFurtMdNyOWP6l/iBE=,tag:j1654Loi7uAx6Kj+DkElmA==,type:str] + - ENC[AES256_GCM,data:4VR3dTHe5KUvKH5bKbBBGPRk,iv:ZkdNWSeHp7APTSr8jmKYB52/gth8El4tTXwBbkU94zQ=,tag:lReADvee/2FEYYzojbJSeQ==,type:str] + - ENC[AES256_GCM,data:vWWeh03W3w==,iv:H5CH0lrwtDqpYs+8/WgkiIYVB8/HKRemxDeY/jK7rws=,tag:upAB1EaPypcBpV4HUMGC8w==,type:str] + - ENC[AES256_GCM,data:Enh0kgcuDiI=,iv:Qfi5NPMUVa2fze769Ntw6AkTga8yTlN8nIpE31F6L+o=,tag:PP9oZW0CWBiH7RfMnmzblQ==,type:str] + - ENC[AES256_GCM,data:Xdt056awGMpPpbo6gxU=,iv:/5Vn04ZRBiJy4+eaNCM65xonmg9LoUpQIoKIsSOykII=,tag:i0DSyCXouaZuS+Mt0Re/zw==,type:str] + - ENC[AES256_GCM,data:LVaSla1GFnsXEg==,iv:4sdhaW4v3wsEgpsSIcSoV5dkPoyTCAbK8XIPIZCcQcQ=,tag:KZgHVuhz8COcOpl+AxEbUA==,type:str] + - ENC[AES256_GCM,data:cjI09ttzYUc=,iv:LxCMNta4FXZE0UjsbVQs/MebFCO2ntn+wl8dHuOFntw=,tag:fJk8QWtLom1XF0pqLhgfkQ==,type:str] + - ENC[AES256_GCM,data:sBRsHE0hg62iP8mC,iv:I1kpphYPLDbYsZCkCovBTmoVxAm8d57ZMlq/sOXL5pw=,tag:0Cz5HeMDseMaK+OHGRyqgQ==,type:str] + - ENC[AES256_GCM,data:R0GxJduvG370Q3w=,iv:oW8SGmPAxdQ63LOS4PtUmW1RqK43VSDF6sVfTLpB1QU=,tag:oUbLIbm+5S7c8gjCJPHfgw==,type:str] + - ENC[AES256_GCM,data:5KKy+dkTEjj9zQ==,iv:pECLtPaEFpG4OnDoWzMT7V+Xrk2/x7z5gwIwVN9ztEM=,tag:peT5oxb5OKJ/4/Jtuzq40A==,type:str] + - ENC[AES256_GCM,data:O9XQl6p+sRnYdskTiwQ=,iv:Yj0qsWVt+yf2eAww2LHF8CZOyeN4GyERTqB4B1i3M+s=,tag:yeJXzzxwX1qi2uztqKjpYQ==,type:str] + - ENC[AES256_GCM,data:7kOQFJgOCw==,iv:WtHLrrZcdxtVqqDdjYFmB9eGUOGQCN5EY2Q2jOTg/mc=,tag:XZN0y3XRCIGnis1IgZP+yA==,type:str] + - ENC[AES256_GCM,data:Ik6I9aOAGOQC,iv:77fwi0C8bdn75NS5SsWHCt4dmo8KK4IkNmIsRp6M/bg=,tag:2u5orusUp8lnMvzwaCtGJQ==,type:str] + - ENC[AES256_GCM,data:FSWVGFSYX8Jq3S/QORMDRQ==,iv:qXOeKAewbaH74B+z+wKBwr1cRSqp2mIGT2JrWY+E4tQ=,tag:eRsHHOOO/jPD6xCkk3JBHg==,type:str] + - ENC[AES256_GCM,data:wTP41zuyFctZHUHyfKU=,iv:oPqlcod+l3BOpHxDyUCPd168eS7OZpd5PG+rPxevKjE=,tag:UwArv/CsbC6thQhkGMRyMQ==,type:str] + - ENC[AES256_GCM,data:qk374e1MmHpGI1+bo94=,iv:fkrZITivAY/6k37hzPWmscUxppOjWj9obKmJpRJRtiU=,tag:EmnnzLjyxl98MUl02YHBvQ==,type:str] + - ENC[AES256_GCM,data:G5ktTAdu,iv:x6P+gZF23j0GQhMxuDGNgZLVG+3mtgqM+SAbh5lwm94=,tag:AdClRPE191nQWzkqsD9dLw==,type:str] + - ENC[AES256_GCM,data:CTZc0BfhWpbPPg==,iv:reij0+9LUiN84lglMJZXh6ipZ4bydbixlfX87RnTa4c=,tag:yNY0hRtywZNNJsSlYpP0ig==,type:str] + - ENC[AES256_GCM,data:Jn+GkTJvpQ8=,iv:WDlb1OTf3wI+eQplcrZXEgA02XM9vurP5eo5QABBe1I=,tag:Y5Kt4WZQqdr/Bw+RjhzcGw==,type:str] + - ENC[AES256_GCM,data:Mb1+Jzduhq4GAu0IrJJjd/o=,iv:DnW+26VtX3US2bYq6s/DTzSmWStFumvIaPIza7fOjnw=,tag:+gUvAkdkUCgjauWZG9aQqg==,type:str] + - ENC[AES256_GCM,data:TZPDyHB4tZrW3Q==,iv:OfGCex241mkWr9GbLNBHie5/yTgjoNM26MsvsC/7pXc=,tag:pk75xa+ZriNarg9Xgjo02w==,type:str] + - ENC[AES256_GCM,data:Gziqzyzm1C4=,iv:220jiRQj2LUU690DcWcs3rr2M/FkJ2az18AxXGjt0+k=,tag:NpyCP3dm3StS7KXvPuQ1vA==,type:str] + - ENC[AES256_GCM,data:59PKfyZOh72TaRvl,iv:8/jm6KyoCC26Rz+KQrnrunLK6vK7kgMCwOQOV8Mm7NA=,tag:KZPUvrMEGOXMpXtjdXzWjQ==,type:str] + - ENC[AES256_GCM,data:ZcgtQeIzvhx6hyRP,iv:Q05WHeTGmhLtQvfvW39lt4fZNsyxwuJKsF8sehuYBH0=,tag:EqHUh9Weq2eCXF0rG2czwg==,type:str] + - ENC[AES256_GCM,data:bhvUIMNCh+PP,iv:zTCUnS3rI8etZ2Yzw5JJBHDBBSH3fshgIjfU/7DyQgw=,tag:9AXXrNZ2ou8H3pjDF1C1ng==,type:str] + - ENC[AES256_GCM,data:NhccgJRIDmc33hiCj2k=,iv:FbeMy7OkADnxFMlEPaUBmGBBz2Q+aIw/kndGyJZjMr8=,tag:O0Bms0ZOpLycf8mZpSegsA==,type:str] + - ENC[AES256_GCM,data:vfDMwIbuN7KgzRCX,iv:uGnv9A+ZcMcTeFtZkdTNu72DQQJIxisJeCeU14ugZio=,tag:orTryt33bdTHL836VqnIPw==,type:str] + - ENC[AES256_GCM,data:EX2WsKdQ3K5C2Bs=,iv:TSYOAhf031Yyr5h5nDLg8JmyRrB3a2qyAySRMeuOvK0=,tag:i5jp6xw6s0eoWm3EBgnN3A==,type:str] + - ENC[AES256_GCM,data:o/Fi+tLi0GgDjrUjhS9sr0R7D/+p,iv:TWld8OMnsMdxtM/k6mbAb9eRNAJae6Q/DLD5E0PCob0=,tag:OHTcqu5v8a5CiqfY4Kpe2g==,type:str] + - ENC[AES256_GCM,data:rarKNn5r8Vs5kQ==,iv:eM6fm2yrycMYaee3pObLfcVOtLiMy4kDG/zXxJatLfw=,tag:41yplJ1vTGk2OuY3AwAROQ==,type:str] + - ENC[AES256_GCM,data:cGkPBrmknBOcWw==,iv:wbrUyLipvT4ZljoBBADxEcOV892RBMj+ikN7YQRSZAU=,tag:mrZfcIF1+tJXfyyqh3/JdA==,type:str] + - ENC[AES256_GCM,data:ZH3rnByhm1IN9f6X,iv:shYXQh6ODBHAVVXWGB/+RQ6PLb6FNv8p8uGuN4RskAU=,tag:Eb4A7MIw5VwGsZkZUnnF5w==,type:str] + - ENC[AES256_GCM,data:ICWbXwrEFg8mZr0=,iv:eYYr0GtJFUHNoSh+O3FJwTcGKSFy6er8ycSGIk1GuhY=,tag:H13RRVM+ZF1ShGriKivkCQ==,type:str] + - ENC[AES256_GCM,data:2Wzo12f7ka+iYXcmCJzfMA==,iv:zQ0mHBFC4+OmH+EuObKKcj3d/QqQWW7S1o/Qe51cc8o=,tag:OoxCBR/qEkAPlM92Ad2Nwg==,type:str] + - ENC[AES256_GCM,data:HuYfmtp7rRXyeyB754bcrJzoNgM=,iv:Xc3ZwBsNecpva8gonb7iNt0Of9/IMe6q5rG3KGf72xQ=,tag:nncBqJ8JC5LZ+lNTH67pXw==,type:str] + - ENC[AES256_GCM,data:HPke8eKiUh6iYEoKcGau,iv:HspfL7t+fYvHNEiIstGBcT6+BKltA7YKtVReDnq7lAs=,tag:DabYBxFIwlSS6bgX0wvXCQ==,type:str] + - ENC[AES256_GCM,data:DSGILuW4iQNAkYMn,iv:K92IONxVbUo/3DeYE92462pJ3mfVoMZm/2xnapnUD+M=,tag:j5W2BapAf8u21pUSP2I6Ww==,type:str] + - ENC[AES256_GCM,data:Hi/V4i//DixHY2g=,iv:dH9xQwPX9radWBB1qs2uwjVaVEU8oW69MLcul8SCy3o=,tag:1wkRwb35B20MkvdWVUTkvg==,type:str] + - ENC[AES256_GCM,data:zvttjl8wSkE=,iv:8xRzAPSk99fbO6ty1ZSH76AhBdw/bKjojvJnmfHkTt8=,tag:zPUSYstMj+1/tPGYYcSx5A==,type:str] + - ENC[AES256_GCM,data:hye9IlbHOR/R,iv:oztFuLFthwgO/QTlX1PS5m3NCdpob7ipP6QBfPWIFFU=,tag:T1+WahALSs91MrRsIF8qhw==,type:str] + - ENC[AES256_GCM,data:JcIod1gkknBPceoz6I4p,iv:OhWysIFidECQ68651hzR7r0T/zelD3BkCDcZe4KfWZg=,tag:4GAUcNi5UV19N5AlFdTydQ==,type:str] + - ENC[AES256_GCM,data:xrTGmW40HFJkIoTGlhI=,iv:8Enzm8TFU/H987dWQIPoCtzqnnVdq8vITOPxxhO2Eb4=,tag:5vCyUEYQEsztFsWkc8pErw==,type:str] + - ENC[AES256_GCM,data:EMKo6XrmJIrCyVW1EFzhRA==,iv:xjqwhCXDARqcT8sshIBgTypvlrdhOTdGX6PC8m3FjRI=,tag:rEokDHklO2GCZodwq5j3Jw==,type:str] + - ENC[AES256_GCM,data:tBR7ML6fvbyi,iv:eNWK2PThHLM3gNsViWWwmyT7A/qtE8QkAzEUBwIBs/c=,tag:AmO8J8a8vsd2KfccpEqDjw==,type:str] + - ENC[AES256_GCM,data:2Nc71v8Ak43kg0WmBpI=,iv:AYhb4M8lrDQaJZLoKo7rN8CnnHrJzKRlQp/UKf09SOo=,tag:zEDdbiIRs56eiFz0OqE4sQ==,type:str] + - ENC[AES256_GCM,data:2cKGXQ8Jo1DmSHnb8jBO44jSKtTjRL7JJaEz/HnoVqfx0PmA98Ft3XUzFxHmo5/wlyxu1bh+QAa8o0e0qnE=,iv:E36o/8cvxd32NmmrVanmRFUsAvU+3N7r6UIAkZqvlEM=,tag:Leho8mTI9qSq/MuX8NFD0A==,type:str] + - ENC[AES256_GCM,data:X788gn4rw9/XvUmT,iv:MCwQjkgkeh0yd9C6XL0j3mlVCnQoOzPsjPlW+LTBobc=,tag:NHFU7LUUiWAcr+GhGuQieg==,type:str] + - ENC[AES256_GCM,data:k5Tmdj+9MignDg==,iv:OeKQp5dH9nOahV6RhvaiYEzjaK1AYkPpRVcRgPb+Ilw=,tag:1HFQpHpsDnh90Hd0kKAoIA==,type:str] + - ENC[AES256_GCM,data:ttmCDY5Hb411uA==,iv:6SmCqEzNW+pbV/4FuC35qGvc2mD+gsjjnQhM8MxkTWM=,tag:uGeSTYPEvEzhBzvw+qCPGQ==,type:str] + - ENC[AES256_GCM,data:ga1E+ZQ9,iv:zOPzXdt/i1+vAiZ4qPloa0M8d21ptZ/dA9sQgVIFRkg=,tag:54Dkec/8z7y1r/REmvbizw==,type:str] + - ENC[AES256_GCM,data:cLpKLrwc,iv:z4K8xQVhIqBKRQPRsjbpmy/+AeueGWoyvfKg0svp/NE=,tag:OVbgDnMQ4V2QN9Hv9X6XWg==,type:str] + - ENC[AES256_GCM,data:xEUSNZfTdOFqqiQnhmo=,iv:wMvtH/3f/nZtMDzNbea3W5DL7OnkApzjOiMRwnUvDl0=,tag:8vpimA/sReaIG6/Rq34H2w==,type:str] + - ENC[AES256_GCM,data:KiLfX3S2KGqwlEaDDQ==,iv:2yKbEG8ETQPNZ7uFLjc7jlHCIBWVv14zvCngolCfkR4=,tag:YZkw3HXn9RpCGYp2wYTLBQ==,type:str] + - ENC[AES256_GCM,data:9gv0S+x2YUiy0+0=,iv:zXveKo7S9wjzu5aSQAkGWrmydyQNQi4lU7QnBmzbS44=,tag:tWcbdhS9IdBXlYQ0WpIkMw==,type:str] + - ENC[AES256_GCM,data:mXvwgnno9HRdj0UD,iv:3MFtHcKDQwXVgTD4QhSBREOf62kLjuxgLfd8IN+NCKk=,tag:ITdmPzqXzMOn3/2Iijipaw==,type:str] + - ENC[AES256_GCM,data:IkdaZ+MHi1po,iv:1FaOCG3cJdsKmHOgaRmV1++v/Iipij3B5EL6DVGDMs0=,tag:WbbnL+S+0oRXm40jedSExg==,type:str] + - ENC[AES256_GCM,data:Y/x4CTSj3hFXPdZkCLCJCc0=,iv:B+/slqTWOBxaz5ANMZN1hfuYTjTCZ6eHfxW1oGqvRPg=,tag:zEdGURUZj/uZKhFnoEkSXQ==,type:str] + - ENC[AES256_GCM,data:PrBWJkjW/Ipsxw==,iv:FWzE1rfS7nRWMv5m3ha3tWjUjTqPIlcX2QIPyAsGPOY=,tag:zB76SsdzJV1csB5V7Kjufg==,type:str] + - ENC[AES256_GCM,data:Y95tKonxgEdS,iv:gYUCU4vtwxgRY8zrCKGmpo/b+2KOU+ytzp3xZ+u0DqI=,tag:9Jrxy8bfRocwoUEqhfF0Og==,type:str] + - ENC[AES256_GCM,data:myl0HxOr7oMtNr0=,iv:DZHf8+CeSf7SpaA+xVVIBkd9z0CUxc9YGmnLTscrkTo=,tag:8QJDxx/dpSpdB3/SGArP7A==,type:str] + - ENC[AES256_GCM,data:yXVuJaj9nu4dsO4=,iv:s1S/e0ewJFZWgBBVtigPJQCvBhRU6yulnYTNYaUHLR8=,tag:jFLSZywzeKa70pphZXgTHA==,type:str] + - ENC[AES256_GCM,data:1l7LHY5qHgvCm4I=,iv:SA97tDQMgIQCJbHjHBt7uQjzYxRE7Q6WRWmfOA1bYIA=,tag:P4U5tTPB/5yFcDAktzeIMA==,type:str] + - ENC[AES256_GCM,data:NUmnZXCjpPunuQ8=,iv:tms/KaqQCpEUB1YI0oFLciDL5oe2Yo/DWG1Shf8OA2E=,tag:MhXeTTvufIEuT7VpKzaoCw==,type:str] + - ENC[AES256_GCM,data:5QNqqJe6pjU=,iv:mEw8kLzwFf3FJvVDrhSJ7jmaNrD/aDVv+5ToDclbSJI=,tag:rgtLDh91j3in7e4lqyFWcw==,type:str] + - ENC[AES256_GCM,data:A5Qdyxa4dh3z7o8O,iv:ep8xUcGP5pOBU0zdutP0IOXCngc6hNwByfyg+SWlJIw=,tag:WeShH4/3WJzQ0xLRycmxag==,type:str] + - ENC[AES256_GCM,data:K9MvZWJM+7XEpU0=,iv:E8Rf6MQgOToY1tVOkFISKbxkMKG9ujvs2oM1E2KBoGs=,tag:cCpPfgCefSQUVgKQ9BrHAg==,type:str] + - ENC[AES256_GCM,data:BHuKZDXlu1w=,iv:KWZU2Q0KguTXnDZZWheb1agpI6cyEdIs8icxNXlMexs=,tag:E4oowyX5OvCs9YZJ4bWxrA==,type:str] + - ENC[AES256_GCM,data:1xMnQ2pblZjb8sw=,iv:kQABYjzIbj1LBRxXJs9dv6ZWRJ69N2V0LnJU9H6Vpf0=,tag:OhE5rq1ux64hG0etQuzS1g==,type:str] + - ENC[AES256_GCM,data:iNgIMSzauyZ5jrc=,iv:Zo1/Y4+f2qta9NK1dMjqwQ4dCmNbik//WiUbJdOH8W4=,tag:CyGdKbwNOedSfhqPtOFlSg==,type:str] + - ENC[AES256_GCM,data:fhTtL1ZjbsLzOw==,iv:VrIm1BKueNgPVbHFs52Htys3qQoQcdeld8UqAMazDEc=,tag:Zah7sqBeDJ21n7NlIJ1aew==,type:str] + - ENC[AES256_GCM,data:SJThMVpSAkrg33g=,iv:aIG930rflQj/aavyClF2pPO8s7atIahdEn4jckMuogU=,tag:ElEbNzwTpUaz81d6aW+/IA==,type:str] + - ENC[AES256_GCM,data:iRqUvc3R5AFtUXg1HVibjFGSvw==,iv:fVwvl4vWBuXGz6+1UsT9NItj8papN3atH91ssP3lQWM=,tag:jUJDPVv2hJ7DXNZrx4MqgA==,type:str] + - ENC[AES256_GCM,data:1Q4meZhCNPGW,iv:dHJrdFU6SHKerQcoZaI9pMj3uNbtEdy9iLO5gtvJSTI=,tag:RBdIfVtdttPCIRw0uDX2Ow==,type:str] + - ENC[AES256_GCM,data:dtufWdqUzyT5Hk8V,iv:59f/QfGfgz+/3rsoUhq3DzzYf8mvLxyn0t1IY+vSyf8=,tag:TlYRG9JF6+sQPag3Lc6IYQ==,type:str] + - ENC[AES256_GCM,data:GTVaFpF5Am60zHfVFexhqiul,iv:mhEoSEyBUbGwUrUuGtKC3UubG2EfENm+/3G655+AVKI=,tag:+DniaVur1mQqPGEo3Av5pQ==,type:str] + - ENC[AES256_GCM,data:Lejc0KDzDrD4Wg==,iv:3tVO5dh6DT4f9mmaSy0vmEVlCr2GC99JM4TgRv4IOuw=,tag:2aZhAdcLlawmiT7exjhIGA==,type:str] + - ENC[AES256_GCM,data:qTvu8hRKu1bRIFeT,iv:P8UYWw3UOv4MCwhe95bhBW1cb51pPz0wqlAMVfERYSg=,tag:ob1FkyecQ0qTEMdOeRNaGA==,type:str] + - ENC[AES256_GCM,data:W3UbmMV1Ri/fZsuOEyut,iv:yHu11d78eKinJfk/krtYq6ydgbaCNirhH+cu1H+SuXY=,tag:EAgQEblTvgSwKwot4aaZpA==,type:str] + - ENC[AES256_GCM,data:TShvRRcg0SdraqaDm/Tn,iv:3EPmny8GXNklOoUah2nh5K84LIq5BdHNUUL2xKVjIEw=,tag:DCAnf4Ruy5UvLWCcOZfnig==,type:str] + - ENC[AES256_GCM,data:15jdXXI8h3SHjDbzsBvq,iv:lIPa9nTmClpsQokcT+F0bU1PWKKF2ID66KqR/n/mk9c=,tag:7aBF9AxMVWH96Z/p5FhTJg==,type:str] + - ENC[AES256_GCM,data:StALDCdIUY38,iv:ywR7ZRc04qi12b9l7ird++Q1/cFZU2jhez6KDSUuzmU=,tag:wD0Iin7oSDOuJb9oQB9fpQ==,type:str] + - ENC[AES256_GCM,data:uoVh8JLCi9g8JZ8=,iv:d553+at1CKhVdDdql5jEVkPJ82aPn8f3PDQ6cOQD9rE=,tag:fbKJNdr7uTBr+PyQsI4CxQ==,type:str] + - ENC[AES256_GCM,data:QCTUBkN+Xr84op5R,iv:K03FXJ7XZLoIJscyI5toQhIX3A54uk3LbuLkyPiqgKM=,tag:TRWK42vckUVycBpu4OcV1A==,type:str] + - ENC[AES256_GCM,data:GOQAGhmgtw/2mO8=,iv:Bh2njRDYalCfxjMOBuL/hLrzKTRAazapNNAeSpkV9tg=,tag:BuEBcs8hBlRBn7suhlNHew==,type:str] + - ENC[AES256_GCM,data:4Dm3jU7L4QcLomHu,iv:IvHxGSyt5tzyJr48UtTL0+2ZYjrfE+3RUtc+st+/vJA=,tag:NFA9XntnsACOzEBLxNZU6Q==,type:str] + - ENC[AES256_GCM,data:YGdCM0Aiou0OR0E=,iv:F6CXH2UpkEfjQjdCKNNVa/zrFKQBXfUsfwdKtw1hPYc=,tag:OJSFQoU72vLNXADD3FKQRA==,type:str] + - ENC[AES256_GCM,data:WRwjyk1fMJLZ9mY=,iv:tqa3nyZYjly12i5QwzqQXca4jfLuXOrl+MOYLir0wlo=,tag:C//fiYvzrhtXZ4QX3itFOQ==,type:str] + - ENC[AES256_GCM,data:9aJAa4gJFZF4rMZQLQ==,iv:oydZO8xj+4fErTNJ6U9sY83kSgj+lA47vqNDBzutfXE=,tag:RJuiKR+gSnpQbY3174s0Mw==,type:str] + - ENC[AES256_GCM,data:O1dZo1aOhc8sSGoTWS1voXTT,iv:nOwWUOJwoD6VEwva6FBpci1F2EXAkW6PTMypFQTNJSg=,tag:OoLA0thvYSOahI4veE9gjQ==,type:str] + - ENC[AES256_GCM,data:D5maP+jQ7E+qZ1UBFA==,iv:azcX4LGHCi9tE+PtC255xaqRIPk1WnbvD8YR7QvqgeA=,tag:xl6TOlEryjyyNn/o6h7AIA==,type:str] + - ENC[AES256_GCM,data:WX5pOeFmPLWo,iv:u9uNjLuUxUXog7wwhbDKB/Fhq0WvxCKHVhNX+THfoU0=,tag:4OVd1Lq2yOEmbiIiMMW4TQ==,type:str] + - ENC[AES256_GCM,data:a6vUzJMtExBx,iv:dgmV2ruiEcmV/OKTJe6UkhJjmefpNv5a2qLwwBqw5tQ=,tag:G75gSwoNnS/DlpoTam5q8w==,type:str] + - ENC[AES256_GCM,data:zj2ao02cWYpnOg==,iv:va8TepadXFL3rPyAOXXEd0ZUHXsM6iBCR+K07CEfHw8=,tag:cnPu64s7QKWh4yt1hsLOGw==,type:str] + - ENC[AES256_GCM,data:+nxyxfyzMiA9QFs=,iv:XfWl0Hil0/vqy3SVSiIivoYka1QyOksbubT1Go5U4cg=,tag:/iE7NS43PrSYZODKESdqWg==,type:str] + - ENC[AES256_GCM,data:Xgc78S9K23USTgzfFNtV22w=,iv:7lLw9CMl1bE5K7eEhHtF+m+aIjh6L6iOIYKP3Ds22WM=,tag:czJ8IhTTAKRjs3OnUMU/lA==,type:str] + - ENC[AES256_GCM,data:NUoCG+P936WYUPQx,iv:IGG8PMxjuZBoJnHxWZyG72uMhvXqoEiOrZV9M5s9BmM=,tag:CaB1kx4PHD/Cqkg0aRfR/g==,type:str] + - ENC[AES256_GCM,data:gxU87ZzBV8ReJ1Ys,iv:D+AWul2xXQxG9nLWd75SIJE8t+U3NpHlp2gQ6+EQJ2U=,tag:zfatKiy97+1ijBRPB8L2og==,type:str] + - ENC[AES256_GCM,data:kP2kwjOLAwjYNc0=,iv:Mj47Esz1cBbE0fSG6neuSbEX0Gc6tKxXVwPTzZ6zTcI=,tag:IMA6gz03E19otDQIiTXa3A==,type:str] + - ENC[AES256_GCM,data:1oZzfYT4ORH0Rw==,iv:/dC/HjRm91VOrJ/m+TaP34sEAyXMUgubzTuBcGNkry8=,tag:dok3SoQmYan1fMqY09Zg5A==,type:str] + - ENC[AES256_GCM,data:Rl8RwkxQs3Cj,iv:w3hmuIr3LIJsI5xr73HYYqS/v+cRm6cq4jemtWdkrbE=,tag:2gRC/og5uCNrHSzTvfbS1A==,type:str] + - ENC[AES256_GCM,data:WNpRa5eRSg==,iv:aUA2/9JhA9zTtYagczllXGKaPsUAYRcHbCl33mawDdU=,tag:dp3HB+PJ23RIPb30kxys7g==,type:str] + - ENC[AES256_GCM,data:jFLzFVwFfnYCyQ==,iv:sKbEAia330BhSt4bhhdFlX38vQJoDytQIGY8GeupgsY=,tag:YUULbhAdWf9vOghKok8MTA==,type:str] + - ENC[AES256_GCM,data:Ga2sYYbauv0=,iv:zwd4QBbCV92XAvniKVQBZw3Qtw6fvSzF6DVP1LvnOxc=,tag:9WTTnbBdBx1hybSdk1MkCA==,type:str] + - ENC[AES256_GCM,data:e3YUtAvTPSjjecjdzQ==,iv:56AHpjpOFTvsQBz7uItNvo7mmRrDqgLleMtRNulVnNE=,tag:oOczkmdb15a1MH0KnzAu3g==,type:str] + - ENC[AES256_GCM,data:TqqXFFof2vZ+8WeamgDUzE4=,iv:bQwUZLqM/n9skN6CTSpyFnMLUr9F6dEckWzEKzw8x4I=,tag:9gZ66HduJY7rIIwzuTNqWw==,type:str] + - ENC[AES256_GCM,data:q4m61dkHdvuTSqZ4xA==,iv:M5ndr94CVQZofzz6ucb5JFXGTQfuwcSeXR+ndjcTMqc=,tag:+9RA6mzyWSXU3bUy9832mQ==,type:str] + - ENC[AES256_GCM,data:p7W8E+s1wjog/S2Wrbs=,iv:JPJ7+Tf6pj9Js5Qlus0cbSGrP4II29OIY+onlYONJAw=,tag:2atUBhoCwLGc5JsrGfyrug==,type:str] + - ENC[AES256_GCM,data:TiusLX/l/w==,iv:z6T07+HI8ewd6urq5mw+B8C89Vq5lHn5XAS6PbE2mEc=,tag:HcHSwSM7ohvQUwLa6BlC+Q==,type:str] + - ENC[AES256_GCM,data:1in09Xi5Fd1P,iv:/QSCzeD++8cpbz0LifQWUx6uCQRVHBv+qytJ9oCf4zs=,tag:giKnibYcB1yz1oaVCeULAQ==,type:str] + - ENC[AES256_GCM,data:hDUH/+e7YME=,iv:JAoAPZT4Rh+hBzCjOkyXpPSNG5YKTg8naREjlWQXlOg=,tag:/Rj9MJB4dMA3KF//8CPXSQ==,type:str] + - ENC[AES256_GCM,data:pvmANPPNAXs=,iv:OEEwcO7tQo6XE+AWlVkGr/89XvKEtCDmND3NfO3E7L0=,tag:0MMr0+uk3GFQQdhyNcFNiQ==,type:str] + - ENC[AES256_GCM,data:uglJujcp7EQLyg==,iv:zEjutrD6B92boVVMXcts2klboLcFV1NeZnPiRFUgzK4=,tag:H5Xh5dLTRkbwzZzZmLmPQw==,type:str] + - ENC[AES256_GCM,data:eYR6fKfJGfSU,iv:EcxReD1Tj2fjn5tcWogz1ktGImYGGJpi5MjnBib3VNs=,tag:w/T2uPOfa0HLlhvGiyhdTg==,type:str] + - ENC[AES256_GCM,data:YTnL0l6IFg==,iv:NHDgKRfk+6Ku6GK2CjXVOqdM8Rjw+BDhWaaJpfomT3E=,tag:C+X0w+Yjz2ivDapraNSUWQ==,type:str] + - ENC[AES256_GCM,data:1rj/7ouspXb/0o0b,iv:vbFCnoadPYDxlj0HqPGO4Zu/75u6B/r9hA5SRRoFgcU=,tag:t0lDr8HshmxxobdCzjjleg==,type:str] + - ENC[AES256_GCM,data:60dJms/4BNJsDfsg,iv:5zjBeVerEf3YfyK3szGhfQq06PnPu5RftikzwMa8jAg=,tag:DzTSEoWGKu3FaEUpTRoqLw==,type:str] + - ENC[AES256_GCM,data:5SNVB2Banjy2igbmOGY33j2h2Q==,iv:LK2rHJ1leqYBO1mGkO9z5CKEIqn7elBlD7JbPt0omkc=,tag:6np7nkKVgnAsduGekJCFbw==,type:str] + - ENC[AES256_GCM,data:/OZSo9vw+ih2M5Bk,iv:WMGdRuvNEWnJjPK1W4gBaN2IpzwEXtgqarzvIIkr3S4=,tag:WI2Z1VCTpM0f0d00//yZrA==,type:str] + - ENC[AES256_GCM,data:QQR8GY73VfBksqABwg==,iv:MVXYjWasswKcwPCLifOGaaBv6w8t3iic4sOP5T3ssyk=,tag:ODF0rlZLk4Cdp9fa6AvSOg==,type:str] + - ENC[AES256_GCM,data:aaOklAoaiIbVLJ8=,iv:n87GJdjxVfLd0WQ2MSUJZBV5di5MRUa6dbUhXeGamqM=,tag:pMprdeq6+PI424Xu6dWqGA==,type:str] + - ENC[AES256_GCM,data:bshrMiYx2m3dsNo=,iv:i7hYlS39Qb/lIL8KdOuHu4PnoXTWoAKJDIT+zZOZVHo=,tag:vdSMlrUP4l5k/ggGBkU4ww==,type:str] + - ENC[AES256_GCM,data:4PSuMHyH3+q1aF/W,iv:r5WNn+fGWnHE9hDOVq8dpG48/SbK/UBSPxcnSi3YRR4=,tag:vK6bX4f2UFgiDUGG77PCug==,type:str] + - ENC[AES256_GCM,data:+4PV8KAV0ZvkNAU=,iv:BYEerGTK4dQ5zU4VLv5nrA+jkGjw7d/reIAWyUaYrWU=,tag:GTSfN4uzypb2sdYoXkJyIA==,type:str] + - ENC[AES256_GCM,data:ZukkjL6jyBBl39Ac,iv:xxqCC9TeDbklOJBDY/eVmcMH7mdHWtt2+jg46fkDe+g=,tag:NORj3pCIR1ZariGrtPloXQ==,type:str] + - ENC[AES256_GCM,data:sC2UEQeAJs7mtkjUbQ==,iv:Zo+j78umMNQJjYMoVX9PNwkrsyR7I/VLsydOg2OV34g=,tag:zRah+vVrkbDb2dEIEbifNA==,type:str] + - ENC[AES256_GCM,data:ajxkRjolp7nJr3Ya8/s=,iv:BJyQYDg5v5HyDaOqpEkgBFrcnugJdOsjh4iO0hceF3Y=,tag:CQZUSlNWItDNC1StSCPgNQ==,type:str] + - ENC[AES256_GCM,data:RobqPv00UJkg1XgX9ow=,iv:77+x+FYziuuoWQ5fF1UTgnzEqzglZyEd7fR62ZD4j5Q=,tag:rcFjquj4Z4emElKssuPEXw==,type:str] + - ENC[AES256_GCM,data:H3YByGQYI1sUHzI6A36D,iv:+3GmVqc0HK8lCqRbpPg1kcoC3953LylCZ9oDhKaJsl4=,tag:S7YyZslaaWY8G9P8zn0dhw==,type:str] + - ENC[AES256_GCM,data:GPTTmmoMD1QJabU+,iv:yzx0tTBhDQ4JY5TSg97zBAGZA4Xr4vTwApjsRU5+ZKg=,tag:YNpv9tFqAElqXvHPvYeOlw==,type:str] + - ENC[AES256_GCM,data:j7ykgVbCyIyxRaGivw==,iv:F7YU/MqkpdPsjHVMAi0Ed+5DmSRVDUiG4Iogk8qmH1s=,tag:dcq46PRe7+pcYczkd4Y94w==,type:str] + - ENC[AES256_GCM,data:xeBv/PKBFvl3wg==,iv:rLzMTDN8hDfexA5Diy2ymbZtir/gdV2iQwZwihsAEN0=,tag:Q7WRSFxJHB1RBrf7g5HJcw==,type:str] + - ENC[AES256_GCM,data:nLahruKI2cVrHw==,iv:zj8Mo8jXc8f50cvr/kjZAPuEPsdVEf72W17AsNrwJ1w=,tag:kjwFzxKf/TinMKPsnnRMJQ==,type:str] + - ENC[AES256_GCM,data:6Sgc0+ya3jWWSA==,iv:oY4MTcnDx0Xv5cAeM7UR0lyRKe2gHhjci8jp1JLcUBs=,tag:+/e0c1BeYuwHQYw4Hi93Lg==,type:str] + - ENC[AES256_GCM,data:TxGlnxQz7lGh9gheoh/p,iv:v+XO64P/hndfJeDbdROFEum7663uuIUfHusfIiq9LW4=,tag:BaC26zxS2+kUfa1f2Hp8vw==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-01-30T20:59:49Z" + enc: CiUA4OM7eNcLBsagKLtTgLcJ/n4CwKJ+1gaKwCNneJr8bDb8VZAjEkkAjTWv+lTxvWFT3o1W6OtZcpR1FXQhiSc9tMMjhS1k70GYRr5L1daloS0wO/ZAbPJ1K3pAmQDDPPQ53z8etGLA45xjw1XmHDlb + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-01-30T20:59:50Z" + mac: ENC[AES256_GCM,data:DdpEnEokJ9dZjW01lSmxngDgPUy9Fdw/flAPXBqwm0ZNkPiKr/bqPnJpocNj6TonTdtvrIR2ZNCXDywynhjPtqy7dnwpB9TxSJO566WzirDchKxoGRzaKh8OG2uwC8aEa4sl66PDian46BnGpH+4qUteCKIN6VjdzExuIPAyDDQ=,iv:G49B/FVJayLWy0gCdLoq/x94ERgrmr1VLt701n2s7jk=,tag:L1tvuzi7Lctm1VMe835r+w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From 1705f848f7338f49aefd22800f3c612b4c196c81 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 31 Jan 2024 12:43:47 -0800 Subject: [PATCH 371/494] Cleanup how tmpauthenticator is specified Ref https://github.com/2i2c-org/infrastructure/pull/3657#discussion_r1472423155 and https://github.com/2i2c-org/infrastructure/pull/3657#discussion_r1472367378 --- config/clusters/hhmi/spyglass.values.yaml | 7 +------ docs/howto/features/ephemeral.md | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index af62d15c68..d4220d1bd0 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -89,9 +89,4 @@ jupyterhub: hub: config: JupyterHub: - authenticator_class: tmpauthenticator.TmpAuthenticator - TmpAuthenticator: - # This allows users to go to the hub URL directly again to - # get a new server, instead of being plopped back into their - # older, existing user with a 'start server' button. - force_new_server: true + authenticator_class: tmp diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index 95d764940c..91c4c5ae20 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -37,12 +37,7 @@ jupyterhub: hub: config: JupyterHub: - authenticator_class: tmpauthenticator.TmpAuthenticator - TmpAuthenticator: - # This allows users to go to the hub URL directly again to - # get a new server, instead of being plopped back into their - # older, existing user with a 'start server' button. - force_new_server: true + authenticator_class: tmp ``` From 451cb5f9dbcda48bbe31d590349bb9aaeb3d4e2a Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 00:09:32 +0000 Subject: [PATCH 372/494] Bump charts ['prometheus', 'grafana', 'ingress-nginx'] to versions ['25.11.0', '7.3.0', '4.7.5'], respectively --- helm-charts/support/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index f28a596dcd..bcea0440f7 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -15,13 +15,13 @@ dependencies: - name: prometheus # NOTE: CHECK INSTRUCTIONS UNDER prometheus.server.command IN support/values.yaml # EACH TIME THIS VERSION IS BUMPED! - version: 25.8.2 + version: 25.11.0 repository: https://prometheus-community.github.io/helm-charts # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 6.60.1 + version: 7.3.0 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from @@ -29,7 +29,7 @@ dependencies: # that references this controller. # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx - name: ingress-nginx - version: 4.9.0 + version: 4.7.5 repository: https://kubernetes.github.io/ingress-nginx # cluster-autoscaler for k8s clusters where it doesn't come out of the box (EKS) From dec848a80e0eb101b8fbb554a74a882156878a8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 01:16:48 +0000 Subject: [PATCH 373/494] Bump actions/cache from 3 to 4 in /.github/actions/setup-deploy Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/setup-deploy/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml index 2b1c6c2fe9..2b527e9b11 100644 --- a/.github/actions/setup-deploy/action.yaml +++ b/.github/actions/setup-deploy/action.yaml @@ -54,7 +54,7 @@ runs: # action is run, as its only done after the "generate-jobs" job has been run # which will save a cache. - name: Restore pip's install cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.cache/pip # key determines if we define or re-use an existing cache or not. Our From c48d0735fd5976d06291a72c3fd8995c39b2dbca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 01:51:23 +0000 Subject: [PATCH 374/494] Bump nick-fields/retry from 2 to 3 Bumps [nick-fields/retry](https://github.com/nick-fields/retry) from 2 to 3. - [Release notes](https://github.com/nick-fields/retry/releases) - [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js) - [Commits](https://github.com/nick-fields/retry/compare/v2...v3) --- updated-dependencies: - dependency-name: nick-fields/retry dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy-hubs.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index 9b877dfca1..8c8b3267fd 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -241,7 +241,7 @@ jobs: # Retry action: https://github.com/marketplace/actions/retry-step - name: Run health check for staging hub on cluster ${{ matrix.jobs.cluster_name }} if: matrix.jobs.upgrade_staging - uses: nick-fields/retry@v2 + uses: nick-fields/retry@v3 with: timeout_minutes: 10 max_attempts: 2 @@ -261,7 +261,7 @@ jobs: # Retry action: https://github.com/marketplace/actions/retry-step - name: Run health check for dask-staging hub on cluster ${{ matrix.jobs.cluster_name }} if it exists if: matrix.jobs.upgrade_staging && matrix.jobs.cluster_name == '2i2c' - uses: nick-fields/retry@v2 + uses: nick-fields/retry@v3 with: timeout_minutes: 10 max_attempts: 2 @@ -407,7 +407,7 @@ jobs: # Retry action: https://github.com/marketplace/actions/retry-step - name: Run health check against ${{ matrix.jobs.hub_name }} hub on cluster ${{ matrix.jobs.cluster_name}} - uses: nick-fields/retry@v2 + uses: nick-fields/retry@v3 with: timeout_minutes: 10 max_attempts: 3 From 141772a95c809a7d8e626aa4f36bc336bcfa375c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 01:51:29 +0000 Subject: [PATCH 375/494] Bump peter-evans/create-or-update-comment from 3 to 4 Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 3 to 4. - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v3...v4) --- updated-dependencies: - dependency-name: peter-evans/create-or-update-comment dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/comment-dependabot-prs.yaml | 2 +- .github/workflows/comment-pending-deployment-info.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/comment-dependabot-prs.yaml b/.github/workflows/comment-dependabot-prs.yaml index c11035121c..01708aead6 100644 --- a/.github/workflows/comment-dependabot-prs.yaml +++ b/.github/workflows/comment-dependabot-prs.yaml @@ -12,7 +12,7 @@ jobs: pull-requests: write steps: - name: Add comment - uses: peter-evans/create-or-update-comment@v3 + uses: peter-evans/create-or-update-comment@v4 with: issue-number: ${{ github.event.number }} body: | diff --git a/.github/workflows/comment-pending-deployment-info.yaml b/.github/workflows/comment-pending-deployment-info.yaml index f28c4bf490..7933dca4a3 100644 --- a/.github/workflows/comment-pending-deployment-info.yaml +++ b/.github/workflows/comment-pending-deployment-info.yaml @@ -56,7 +56,7 @@ jobs: issue_author: "${{ github.event.issue.user.login }}" - name: Create comment if: ${{ steps.find-missing-info.outputs.pending_info }} - uses: peter-evans/create-or-update-comment@v3 + uses: peter-evans/create-or-update-comment@v4 with: issue-number: ${{ github.event.issue.number }} body: ${{ steps.template.outputs.result }} From c9142311d61361de07f55bac5253d4dd07eb45a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 01:51:34 +0000 Subject: [PATCH 376/494] Bump toshimaru/auto-author-assign from 2.0.1 to 2.1.0 Bumps [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) from 2.0.1 to 2.1.0. - [Release notes](https://github.com/toshimaru/auto-author-assign/releases) - [Changelog](https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md) - [Commits](https://github.com/toshimaru/auto-author-assign/compare/v2.0.1...v2.1.0) --- updated-dependencies: - dependency-name: toshimaru/auto-author-assign dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-author-assign-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-author-assign-pull-request.yaml b/.github/workflows/auto-author-assign-pull-request.yaml index c00899ae21..dc92d0be71 100644 --- a/.github/workflows/auto-author-assign-pull-request.yaml +++ b/.github/workflows/auto-author-assign-pull-request.yaml @@ -16,4 +16,4 @@ jobs: steps: - name: Automatically assign PR author id: assignation - uses: toshimaru/auto-author-assign@v2.0.1 + uses: toshimaru/auto-author-assign@v2.1.0 From c4da94880a5df51cb9491211d3e2d2d0f6c6c993 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 01:55:41 +0000 Subject: [PATCH 377/494] Update gspread requirement from ==5.* to ==6.* Updates the requirements on [gspread](https://github.com/burnash/gspread) to permit the latest version. - [Release notes](https://github.com/burnash/gspread/releases) - [Changelog](https://github.com/burnash/gspread/blob/master/HISTORY.rst) - [Commits](https://github.com/burnash/gspread/compare/v5.0.0...v6.0.0) --- updated-dependencies: - dependency-name: gspread dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 0fe51ac9f8..53731087e0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -32,7 +32,7 @@ pandera prometheus_pandas pytest-mock google-cloud-bigquery[pandas]==3.* -gspread==5.* +gspread==6.* # requests is used by deployer/commands/cilogon.py requests==2.* From 3b72ba375573b10b0f678167f829b1a165720951 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 1 Feb 2024 11:17:20 +0100 Subject: [PATCH 378/494] support chart: bump nginx-ingress 4.9.0 to 4.9.1 --- helm-charts/support/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index bcea0440f7..a223d4bae2 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -29,7 +29,7 @@ dependencies: # that references this controller. # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx - name: ingress-nginx - version: 4.7.5 + version: 4.9.1 repository: https://kubernetes.github.io/ingress-nginx # cluster-autoscaler for k8s clusters where it doesn't come out of the box (EKS) From 84e346c148681b8a6eaa6117bd4b45bba806aa57 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 1 Feb 2024 11:17:38 +0100 Subject: [PATCH 379/494] support chart: bump grafana 6.60.1 to 6.61.3 --- helm-charts/support/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index a223d4bae2..f30a5a8e6e 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -21,7 +21,7 @@ dependencies: # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 7.3.0 + version: 6.61.3 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from From bc7c6cd4d21ef674b53859b88aaf885736166da5 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 1 Feb 2024 11:22:16 +0100 Subject: [PATCH 380/494] support chart: de-bump grafana 6.61.3 to 6.61.2 --- helm-charts/support/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index f30a5a8e6e..4ee34db007 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -21,7 +21,7 @@ dependencies: # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 6.61.3 + version: 6.61.2 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from From 68205f76b6f7bded548d59dfcb0d1c65333de333 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 11:23:42 -0800 Subject: [PATCH 381/494] Fix typo in docs Caught by codespell --- docs/hub-deployment-guide/configure-auth/github-orgs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub-deployment-guide/configure-auth/github-orgs.md b/docs/hub-deployment-guide/configure-auth/github-orgs.md index a7b286f3c6..c99a22dd47 100644 --- a/docs/hub-deployment-guide/configure-auth/github-orgs.md +++ b/docs/hub-deployment-guide/configure-auth/github-orgs.md @@ -242,7 +242,7 @@ belongs to, and they will get an opaque 'Access denied' error. 1. Check with the community to know *when* is a good time to log everyone out. If users have running servers, they will need to refresh the page - which will put them through the authentication flow again. It's best to - do this at a time when minimal or no users are running, to minimze + do this at a time when minimal or no users are running, to minimize disruption. 2. We log everyone out by regenerating [hub.cookieSecret](https://z2jh.jupyter.org/en/stable/resources/reference.html#hub-cookiesecret). From 2db22e0d81f69a104e62961b8acbe3bf11e95582 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 11:27:09 -0800 Subject: [PATCH 382/494] Explicitly allow self-merging spell check fixes After self-merging https://github.com/2i2c-org/infrastructure/pull/3678 I realized we don't explicitly list that as a self-mergeable PR. I think we should. I explicitly mention documentation and code comments, as config spelling changes may have unintended consequences. --- docs/contributing/code-review.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/contributing/code-review.md b/docs/contributing/code-review.md index 68ba2d1d01..139e62580e 100644 --- a/docs/contributing/code-review.md +++ b/docs/contributing/code-review.md @@ -55,7 +55,8 @@ any approval. 6. Emergency (eg exam, outage) related resource bumps 7. *Cleanly* reverting a change that failed CI 8. Updating soon to be expired credentials - +9. Spelling and grammar error fixes in documentation or code comments + ## Self-merging as a community partner As part of our [shared responsibility model](https://docs.2i2c.org/en/latest/about/service/shared-responsibility.html), we may grant merge rights to partner engineers. From 0a7fbbb527ed8d666ec49fc7f3cff1d8698ee45f Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 12:02:00 -0800 Subject: [PATCH 383/494] Point earthscope hubs to community provided domains Per https://2i2c.freshdesk.com/a/tickets/1280 I'm working on a runbook for this process in https://hackmd.io/RkOZiozhQT-Wd-2XilBmNg?edit, shall make a PR when it's filled out. --- config/clusters/earthscope/cluster.yaml | 4 ++-- .../earthscope/enc-prod.secret.values.yaml | 17 +++++++---------- .../earthscope/enc-staging.secret.values.yaml | 17 +++++++---------- config/clusters/earthscope/prod.values.yaml | 8 +++----- config/clusters/earthscope/staging.values.yaml | 9 ++++----- 5 files changed, 23 insertions(+), 32 deletions(-) diff --git a/config/clusters/earthscope/cluster.yaml b/config/clusters/earthscope/cluster.yaml index 0ba2dc1848..d07322c097 100644 --- a/config/clusters/earthscope/cluster.yaml +++ b/config/clusters/earthscope/cluster.yaml @@ -12,7 +12,7 @@ support: hubs: - name: staging display_name: "EarthScope (staging)" - domain: staging.earthscope.2i2c.cloud + domain: staging.geolab.earthscope.cloud helm_chart: daskhub helm_chart_values_files: - common.values.yaml @@ -20,7 +20,7 @@ hubs: - enc-staging.secret.values.yaml - name: prod display_name: "EarthScope (prod)" - domain: earthscope.2i2c.cloud + domain: geolab.earthscope.cloud helm_chart: daskhub helm_chart_values_files: - common.values.yaml diff --git a/config/clusters/earthscope/enc-prod.secret.values.yaml b/config/clusters/earthscope/enc-prod.secret.values.yaml index 2894018c8d..0300bd385c 100644 --- a/config/clusters/earthscope/enc-prod.secret.values.yaml +++ b/config/clusters/earthscope/enc-prod.secret.values.yaml @@ -3,22 +3,19 @@ basehub: hub: config: Auth0OAuthenticator: - client_id: ENC[AES256_GCM,data:DwOUn4AFZyJrPv2gw3SvArLXNrEOQgoWJPYLpJSQetE=,iv:HFevqec5FROZQkAfCnkoVZacFhVsRB2Fym82XHDzFBw=,tag:O9it7h27UX7a89sExeXs9A==,type:str] - client_secret: ENC[AES256_GCM,data:fQdBLKrl9OG1zB9wX0+j10K+1+rgSTz1/v/tVOcV8ZZcXM8FCs9EKR2nhvfrMHL3nX59NMUeI64Jb9EG16mE5g==,iv:JfSBDbzia4xNSWPmW3Cde8RqUg78l6t34yviXx54VXU=,tag:9ID3wzmWvZa1hbfsT2rTyw==,type:str] - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:1C0ercYZjjc63vTPPcVa7B0Y1bnuawg854Yf3Kl4UnJ0gYuqem+zuv1lQfOzU8zKXy5L,iv:2IZjb7WzomJg8I9uDDXINjULJPXUBfJCldMOxH+B8tA=,tag:Dv1xaVkDCpI7/GLuGv6GzA==,type:str] - client_secret: ENC[AES256_GCM,data:2mGbTTnKcVZp57ZX2Tj2o+j2y0NfABPtTiV6sw3oWlR/t7w4fiFkSK9cyArnJwQfRjWc6M6NNB50A3zWZrKaoPLRj8Afiq8pFTjtRZnZGe5g4h2mXYg=,iv:xmJEHc2V0aG1KEh2eAPj80tZoNzFnBz42QdCSmzO2mc=,tag:+48SuYVdlJCizaYVMn9hrA==,type:str] + client_id: ENC[AES256_GCM,data:qn8Xel6vzFKHuL7gP8aGKQr3C7AGORQ7sCyNvKulbDE=,iv:bWYt/w31HcaEDjUBW3DZv/Lb4Ny/BPEjoBTsjp0XP6g=,tag:/02E1lYfhfOMcd+P2+DV8Q==,type:str] + client_secret: ENC[AES256_GCM,data:qry2vIkYLTRd7rlg6RTO6pB+e4SP5mvzClqagyJbbzXYkdeiGQccVFsERQ15RT/BRDX/PX4Bj5ZxcuCY9wGsxw==,iv:k763ow53AuqWG7dSyqkaosa9O4NwufRnmmORRxssGQA=,tag:MX4zqeOS3vdxhhYUljipJA==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-12-14T18:24:33Z" - enc: CiUA4OM7eKr6IJS10QOinx3kZfdMUdO4HmyV6U+JIe+s7IqTAm1DEkkAjTWv+ifsDVRYeh6Gdg0+tLE53DfZfJP0xHGuo6yxdoREE2FGKpodr42/SaaTUt2k5zKlg6k9tOe4FgmRGCT5JjIltibg5hwU + created_at: "2024-02-01T19:48:36Z" + enc: CiUA4OM7eNqlXnXuPafjk2mTtwiF9Rj9YkZ3urDKx4qdhKBpmS6bEkkAjTWv+vVCb2ruGuWZED5P/YZ637VqREwUreI3ycHvsSoaAEXe8CSUZBQ+0FIi4x9xKnpnLEF9JNcwaME2Fr9iwURYVJhoDk89 azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-01-24T22:53:57Z" - mac: ENC[AES256_GCM,data:MgnyRZmQryZqw+0gy3yUp3syuIYsWi3vvkOQrjW4jkk3/ZfIjWyo81cnO3Jgxr2pAADAbqX4qKITpBuWpX05lEDhv3kg3L6DAhnY0iExuDSWHGYJ04856pADGtuHIFIYmQxG46u+RfpTljVZK4cHAY4OVUraHVbKVxg/iP5pkpU=,iv:XF43toaqgiGjUh0W3HG0Iq2Y10paP24BGnPk9HomLKk=,tag:bsp93INUlVt1WJA4h7uVLw==,type:str] + lastmodified: "2024-02-01T19:48:36Z" + mac: ENC[AES256_GCM,data:Cw3rTUGqQlymWXXu/Z7qLSAIlULn5B3SAPxbzkeBDCFSO8u4fhuZXEjoEBvFFdujdEtU9Q7bASKRyl4aveZDJ+aZHboKNDV77d7atONojcEFj/DIy2ELQriMwyq1hx5hZS/onGgt8XLmcjXDJdMH6zEZOYrZl93uTuoS+Qt+4GI=,iv:oCWMr+17mgo+P1btrLglokBO3yYZ9JpZBTx36Vhtb3s=,tag:GEN4T0/9KQzz4+oTxvhbBQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/config/clusters/earthscope/enc-staging.secret.values.yaml b/config/clusters/earthscope/enc-staging.secret.values.yaml index 7dc792e327..9ae205942a 100644 --- a/config/clusters/earthscope/enc-staging.secret.values.yaml +++ b/config/clusters/earthscope/enc-staging.secret.values.yaml @@ -3,22 +3,19 @@ basehub: hub: config: Auth0OAuthenticator: - client_id: ENC[AES256_GCM,data:zAZAcTnDoYXd6+HEHyCTAZcWDfFb4MVGaHguf+l80jc=,iv:aQidh2IJMcMcEPBCyB7I94of0ywyvNNc4R/9jrTh/Xo=,tag:EN3jpNVKALN4L5mBw21Ptg==,type:str] - client_secret: ENC[AES256_GCM,data:glfuw+S6w1n8hNOvYlEPvTVU6yfAePNt1/zzz8ttrW8eTro5o05dKLeUgULp75/tk5BbVoYkjt3VsruVWq5nWg==,iv:GtB9642/chhguJaLsvI/It1kGWH/VZ5J/ubdbu5GzvY=,tag:Ym62f23AnqPDEFTDC9RwAA==,type:str] - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:Lv/25K0A8CZs6dK20mujkn536hpreimP/MUqGOJ4cpXLTFnJNRmGkN7mYPC2klalEKcn,iv:nj4b7Y75A9wgg+w2XBas17Cs8Az3AzDkeO9u1ZwI1Jo=,tag:gCMMoa3iQWVRQvTQkCIkAg==,type:str] - client_secret: ENC[AES256_GCM,data:EAD3iQGXs7soD4VxRXol2YuuJBmOpDBbX5Cg+VyTk7xA7Jn715vZMNBeOKtal1a6kzyds3tuw+h+DWsF3Dod2MxHS7H4FARHLopP9xuAvS6Tw3mZZ28=,iv:F8CqwLYz7WR5qge0Yj91aU/w5pj6fiEaBvndVe4zvG4=,tag:60BekNlkRhf2a3Nkvo1kWg==,type:str] + client_id: ENC[AES256_GCM,data:urLrYypX6IUSVpqFAumEAi9aGJKyQv8oQuNqw5HNhKo=,iv:sQcq2R5wbS2P00nygxPQ3p2LdAsxkRQrk4jvnMWAjQg=,tag:eosLpXx6vWQMNjIxDcsC7Q==,type:str] + client_secret: ENC[AES256_GCM,data:PrphM7gVSfUOInO008VgfhNU4r1+I4oLRT+ypJv5848Bvy1nN+ARzTrPgu7Q3KIiCaXyfNd3Xv6ieb0lsKCLZw==,iv:Vnbo4jG0sARtOL28GxgGAKKITQb5Tx6/TNscWUNgkJU=,tag:RgxhqVzdfsmwMTTEMCn2Zw==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-12-14T18:42:48Z" - enc: CiUA4OM7eGqP+F9UNcdWkWcEANT1YIeSiFyzogRgfD+PMhJISk+lEkkAjTWv+sk2C+z/gAjXwaTvoJEJKeuCyiegMLu8QTkJ1KCtcQEU52qv/gm6HvBAlQAnTUKxpQFejxzGOp/8+FNCZiAuaT2hHq1D + created_at: "2024-02-01T19:48:31Z" + enc: CiUA4OM7eAKAiiSfQuUB7nTB5A/zSI/P16GJHnWqh+mnJDX9kseyEkkAjTWv+rx43jKyWwvhoDQeXbLRa9yx50aBn+OWolR8xigR8gbbApOBQScDu7lkReRftbVRCi06PU1l4TbDVM3Jqdk8+VJdGhaC azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-01-24T23:03:04Z" - mac: ENC[AES256_GCM,data:ZPZmbQLCeuK1C7FR8USNXtJiE8xV6esOt4tcqSRuwe73HxAyogAstYBqDz5rlsi5qf68ew6dLkhX17oiJxABTCi4PpNMMktuVGe10OrlAEgZm4cRc3H4MfdMEfS/2I7V0PcItJINqte0EGQbYqRYgkz5XCA4+0k8075uIqypoug=,iv:uzeiyu9hP6mo7YphNJU/AZOquKU055IxznWiDXrETrA=,tag:qwDi7EleXQaYHagsXS7jzA==,type:str] + lastmodified: "2024-02-01T19:48:31Z" + mac: ENC[AES256_GCM,data:ZYVgv+u0FD+jxYtgyITNLXr5bHNEEkkXtTM0SJGv8txbAVM4yt1k9CF95iVevPsRGG2yztY5vTDQaFGeg0tLGmG55fuuliZhMrB9RsDkmM3qEibVgQQTQZI5ZUciWHSBGm/NCMKnj6ujIx0h3E3cjtZBESIpONH+66kbuGhAlMo=,iv:ORwgid7PCff05bxWN9FuWNCN+wLY+bVZi0GfGDZwQj4=,tag:O+Bkh0UbeDzmAvYWJ5PpKQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.7.3 diff --git a/config/clusters/earthscope/prod.values.yaml b/config/clusters/earthscope/prod.values.yaml index 1bba5920c2..55c932cbe2 100644 --- a/config/clusters/earthscope/prod.values.yaml +++ b/config/clusters/earthscope/prod.values.yaml @@ -1,9 +1,9 @@ basehub: jupyterhub: ingress: - hosts: [earthscope.2i2c.cloud] + hosts: [geolab.earthscope.cloud] tls: - - hosts: [earthscope.2i2c.cloud] + - hosts: [geolab.earthscope.cloud] secretName: https-auto-tls custom: homepage: @@ -13,11 +13,9 @@ basehub: hub: config: CustomAuth0OAuthenticator: - logout_redirect_to_url: https://earthscope.2i2c.cloud + logout_redirect_to_url: https://geolab.earthscope.cloud Auth0OAuthenticator: auth0_domain: login.earthscope.org extra_authorize_params: # This isn't an actual URL, just a string. Must not have a trailing slash audience: https://api.earthscope.org - CILogonOAuthenticator: - oauth_callback_url: https://earthscope.2i2c.cloud/hub/oauth_callback diff --git a/config/clusters/earthscope/staging.values.yaml b/config/clusters/earthscope/staging.values.yaml index 728745a671..11541d14a8 100644 --- a/config/clusters/earthscope/staging.values.yaml +++ b/config/clusters/earthscope/staging.values.yaml @@ -1,9 +1,10 @@ basehub: jupyterhub: ingress: - hosts: [staging.earthscope.2i2c.cloud] + hosts: + - staging.geolab.earthscope.cloud tls: - - hosts: [staging.earthscope.2i2c.cloud] + - hosts: [staging.geolab.earthscope.cloud] secretName: https-auto-tls custom: homepage: @@ -13,11 +14,9 @@ basehub: hub: config: CustomAuth0OAuthenticator: - logout_redirect_to_url: https://staging.earthscope.2i2c.cloud + logout_redirect_to_url: https://staging.geolab.earthscope.cloud Auth0OAuthenticator: auth0_domain: login-dev.earthscope.org extra_authorize_params: # This isn't an actual URL, just a string. Must not have a trailing slash audience: https://api.dev.earthscope.org - CILogonOAuthenticator: - oauth_callback_url: https://staging.earthscope.2i2c.cloud/hub/oauth_callback From 2cf73ddb863781b62c75a39b098dc1bc288f884b Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 30 Jan 2024 19:23:35 -0800 Subject: [PATCH 384/494] Add 'runbook' for adding admin users from freshdesk Each time I handle a ticket on freshdesk, if one doesn't already exist, I'm going to try to write a clear, step by step 'runbook' that anyone doing support can follow whenever a specific kind of request comes in via freshdesk. This is such a runbook for adding admins to a hub, for https://2i2c.freshdesk.com/a/tickets/1279 that led to https://github.com/2i2c-org/infrastructure/pull/3659 --- docs/sre-guide/support/admin-users.md | 40 +++++++++++++++++++++++++++ docs/sre-guide/support/index.md | 1 + 2 files changed, 41 insertions(+) create mode 100644 docs/sre-guide/support/admin-users.md diff --git a/docs/sre-guide/support/admin-users.md b/docs/sre-guide/support/admin-users.md new file mode 100644 index 0000000000..2cd0cf673d --- /dev/null +++ b/docs/sre-guide/support/admin-users.md @@ -0,0 +1,40 @@ +# Adding admin users based on a support request + +Requests to make specific users admin are handled via Freshdesk. + +1. Validate that the person asking is allowed to ask for this + TODO: Link to the team-compass page once that is merged + +2. Make sure that the username is in the correct format for the hub! + This means GitHub handles for GitHub Auth, appropriate values based on + `username_claim` for CILogon based setup, and look for examples under + existing admin list for any custom auth setups we may have. + + If it looks like the username format is invalid, ask them to go to + `{{ hub-url }}/hub/home` and tell us the username they see on the top right. + This is always correct. + +3. Add the username provided to admin users, under `hub.config.Authenticator.admin_users`. + Add a comment linking to the freshdesk ticket that required us to add this next + to the username. + +4. Make a pull request with this change, and you can self merge this. + +5. Let the requestor know this has been deployed. You may use the following template: + + > Hello {{ Name }} + > + > The usernames you provided have been made admins on the JupyterHub! You can verify + > this by going to the hub control panel at {{ hub-url }}/hub/home, and you should + > see an 'Admin' option in the top bar. + > + > Thanks! + +## Caveats & future work + +We don't have a clearly stated policy on wether admin access should +be granted via config or via existing admins marking other users as +admin. Marking other users as admins via the admin interface may +cause them to lose that status if we ever have to nuke and redeploy +the hub's database. This lack of clarity in our policy is why we don't +just tell them to use the admin interface if they email support \ No newline at end of file diff --git a/docs/sre-guide/support/index.md b/docs/sre-guide/support/index.md index 132735033a..7b1ead5522 100644 --- a/docs/sre-guide/support/index.md +++ b/docs/sre-guide/support/index.md @@ -12,4 +12,5 @@ decrypt-age build-image-remotely credits grafana-account +admin-users ``` From 209496cf244904f310f84c25fe7855c35cc283a2 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Wed, 31 Jan 2024 08:09:33 -0800 Subject: [PATCH 385/494] Fix typo Co-authored-by: Georgiana --- docs/sre-guide/support/admin-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sre-guide/support/admin-users.md b/docs/sre-guide/support/admin-users.md index 2cd0cf673d..3f7889ff38 100644 --- a/docs/sre-guide/support/admin-users.md +++ b/docs/sre-guide/support/admin-users.md @@ -32,7 +32,7 @@ Requests to make specific users admin are handled via Freshdesk. ## Caveats & future work -We don't have a clearly stated policy on wether admin access should +We don't have a clearly stated policy on whether admin access should be granted via config or via existing admins marking other users as admin. Marking other users as admins via the admin interface may cause them to lose that status if we ever have to nuke and redeploy From 655cf4a63f1136f1ca378ca53950c69c8a603b80 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 14:52:00 -0800 Subject: [PATCH 386/494] Remove TODO --- docs/sre-guide/support/admin-users.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/sre-guide/support/admin-users.md b/docs/sre-guide/support/admin-users.md index 3f7889ff38..d289a91988 100644 --- a/docs/sre-guide/support/admin-users.md +++ b/docs/sre-guide/support/admin-users.md @@ -3,7 +3,6 @@ Requests to make specific users admin are handled via Freshdesk. 1. Validate that the person asking is allowed to ask for this - TODO: Link to the team-compass page once that is merged 2. Make sure that the username is in the correct format for the hub! This means GitHub handles for GitHub Auth, appropriate values based on From c03de078adb623127d3d2a88a77b3b03b2565b6f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 1 Feb 2024 15:03:57 -0800 Subject: [PATCH 387/494] Split cryptnono docs into topic & howto - It can be overwhelming to have this much information on a single page - smaller chunks are generally more digestible - There is information here (such as future work, R2R considerations) that are important to have documented, but are superfluous to the steps an engineer should take to enable this feature. Hence the recommendation to move them into a topic section that is linked to from the how-to. --- docs/howto/features/cryptnono.md | 59 +++++------------------------- docs/topic/cryptnono.md | 56 ++++++++++++++++++++++++++++ docs/topic/infrastructure/index.md | 1 + 3 files changed, 67 insertions(+), 49 deletions(-) create mode 100644 docs/topic/cryptnono.md diff --git a/docs/howto/features/cryptnono.md b/docs/howto/features/cryptnono.md index ff79eab1f8..932f735618 100644 --- a/docs/howto/features/cryptnono.md +++ b/docs/howto/features/cryptnono.md @@ -1,38 +1,17 @@ (howto:features:cryptnono)= # Enable stronger anti-crypto abuse features for a hub -For JupyterHubs and BinderHubs that are broadly open to the public, cryptomining +These docs discuss how to enable the `execwhacker` detector, particularly for hubs that are open to the world. attacks are the most common security threat. They take up resources and rack up -cloud costs. While most hubs can get away with gating access to them via some -kind of login restriction, for a subset of hubs this is not ideal (for equity and -access reasons). - -For those cases, we enable a stronger deployment of [cryptnono](https://github.com/cryptnono/cryptnono). -The cryptnono project (in use on mybinder.org as well) helps detect and kill cryptominers via -various 'Detectors'. - -## Detectors - -Cryptnono currently has two primary detectors: - -1. A detector for the [monero](https://www.getmonero.org/) cryptocurrency, that is based on - official guidance [from the monero project](https://blog.px.dev/detect-monero-miners/) on - how to detect it. This is fairly safe and has a very low false positive rate, and requires - no configuration. So by default, **this detector is enabled on all hubs**. - -2. A detector (`execwhacker`) based on heuristics, where the full commandline used to execute a process ( - regardless of how it is started) is used to detect if a process is likely crypto mining, - and if so, immediately kill it. This relies on a tweakable config of banned strings to - look for in the commandline of a process, and is [constantly being tweaked](https://github.com/jupyterhub/mybinder.org-deploy/security/advisories/GHSA-j42g-x8qw-jjfh). - Since making the list of banned strings public would make ban evasion easy, the list of - strings (and the method used to generate them) is encrypted. You can read more details - about the specific method used by looking in the encrypted code file (`deployer/commands/generate/cryptnono_config/encrypted_secret_blocklist.py`) - in the `infrastructure` repository. - - Since this detector may have a non-0 false positive rate, it is currently *not* enabled by - default. However, eventually, once the config matures enough (and we have tested it enough), - this would also be enabled by default everywhere. In the meantime, we only enable it for - *clusters* with any hub that allows unfettered external access. +They also cover: +- how to test if `execWhacker` is operational, +- regenerating the list of banned strings used by `execwhacker`, and +- how to work on the encrypted banned strings generator script. + +```{note} +For more information on `cryptnono`, it's use, and the detectors, please see +[](topic:cryptnono) and . +``` ## Enabling the `execwhacker` detector @@ -172,21 +151,3 @@ documentation in `enc-blocklist-generator.secret.py`, but how does one maintain ``` 4. Run `deployer generate cryptnono-secret-config` to test. - -## Right to Replicate considerations - -2i2c's [Right to Replicate](https://2i2c.org/right-to-replicate/) guarantees that communities can leave -with their hubs whenever they please, without any secret sauce. Cryptnono has two pieces of secret info -here: - -1. The script to generate the secret config. -2. The secret config itself. - -If a community wishes to leave and needs the config, we can make sure they know what the config is and -how to keep it updated - very similar to how we would handle passing on CILogon credentials or similar to -them. Since none of the code for cryptnono itself is secret, this does not conflict with right to replicate. - -## Future work - -`cryptnono` also exposes prometheus metrics about processes it has killed. We currently *do* collect these, -but there is no Grafana dashboard that exposes them yet. diff --git a/docs/topic/cryptnono.md b/docs/topic/cryptnono.md new file mode 100644 index 0000000000..c47e07bee7 --- /dev/null +++ b/docs/topic/cryptnono.md @@ -0,0 +1,56 @@ +(topic:cryptnono)= +# Cryptnono for preventing cryptomining abuse + +For JupyterHubs and BinderHubs that are broadly open to the public, cryptomining +attacks are the most common security threat. They take up resources and rack up +cloud costs. While most hubs can get away with gating access to them via some +kind of login restriction, for a subset of hubs this is not ideal (for equity and +access reasons). + +For those cases, we enable a stronger deployment of [cryptnono](https://github.com/cryptnono/cryptnono). +The cryptnono project (in use on mybinder.org as well) helps detect and kill cryptominers via +various 'Detectors'. + +(topic:cryptnono:detectors)= +## Detectors + +Cryptnono currently has two primary detectors: + +1. A detector for the [monero](https://www.getmonero.org/) cryptocurrency, that is based on + official guidance [from the monero project](https://blog.px.dev/detect-monero-miners/) on + how to detect it. This is fairly safe and has a very low false positive rate, and requires + no configuration. So by default, **this detector is enabled on all hubs**. + +2. A detector (`execwhacker`) based on heuristics, where the full commandline used to execute a process ( + regardless of how it is started) is used to detect if a process is likely crypto mining, + and if so, immediately kill it. This relies on a tweakable config of banned strings to + look for in the commandline of a process, and is [constantly being tweaked](https://github.com/jupyterhub/mybinder.org-deploy/security/advisories/GHSA-j42g-x8qw-jjfh). + Since making the list of banned strings public would make ban evasion easy, the list of + strings (and the method used to generate them) is encrypted. You can read more details + about the specific method used by looking in the encrypted code file (`deployer/commands/generate/cryptnono_config/encrypted_secret_blocklist.py`) + in the `infrastructure` repository. + + Since this detector may have a non-0 false positive rate, it is currently *not* enabled by + default. However, eventually, once the config matures enough (and we have tested it enough), + this would also be enabled by default everywhere. In the meantime, we only enable it for + *clusters* with any hub that allows unfettered external access. + +(topic:cryptnono:r2r)= +## Right to Replicate considerations + +2i2c's [Right to Replicate](https://2i2c.org/right-to-replicate/) guarantees that communities can leave +with their hubs whenever they please, without any secret sauce. Cryptnono has two pieces of secret info +here: + +1. The script to generate the secret config. +2. The secret config itself. + +If a community wishes to leave and needs the config, we can make sure they know what the config is and +how to keep it updated - very similar to how we would handle passing on CILogon credentials or similar to +them. Since none of the code for cryptnono itself is secret, this does not conflict with right to replicate. + +(topic:cryptnono:future)= +## Future work + +`cryptnono` also exposes prometheus metrics about processes it has killed. We currently *do* collect these, +but there is no Grafana dashboard that exposes them yet. \ No newline at end of file diff --git a/docs/topic/infrastructure/index.md b/docs/topic/infrastructure/index.md index 6311279ec9..237a3df362 100644 --- a/docs/topic/infrastructure/index.md +++ b/docs/topic/infrastructure/index.md @@ -11,4 +11,5 @@ terraform.md hub-helm-charts.md network.md storage-layer.md +cryptnono.md ``` From 6be9aa5d2a8bcdea3dbae36e34c6f72301c9ff8e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 22:59:02 +0000 Subject: [PATCH 388/494] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- docs/sre-guide/support/admin-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sre-guide/support/admin-users.md b/docs/sre-guide/support/admin-users.md index d289a91988..ec7c0a3f84 100644 --- a/docs/sre-guide/support/admin-users.md +++ b/docs/sre-guide/support/admin-users.md @@ -19,7 +19,7 @@ Requests to make specific users admin are handled via Freshdesk. 4. Make a pull request with this change, and you can self merge this. -5. Let the requestor know this has been deployed. You may use the following template: +5. Let the requester know this has been deployed. You may use the following template: > Hello {{ Name }} > From 078da0ac6f7933b403291ebb4147ed3c3aaab8a5 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 14:58:24 -0800 Subject: [PATCH 389/494] Have codespell autofix the issues it finds --- .pre-commit-config.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 786bd3c387..1b3a51482c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -64,6 +64,9 @@ repos: rev: v2.2.5 hooks: - id: codespell + args: + # Autofix known typos + - --write-changes additional_dependencies: - tomli From b08f4fb8ac6c84c0fecb943122fbade383d937b9 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 16:47:06 -0800 Subject: [PATCH 390/494] Add redirects --- config/clusters/earthscope/support.values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/config/clusters/earthscope/support.values.yaml b/config/clusters/earthscope/support.values.yaml index 97b0aae8fa..ca5153b436 100644 --- a/config/clusters/earthscope/support.values.yaml +++ b/config/clusters/earthscope/support.values.yaml @@ -1,6 +1,13 @@ prometheusIngressAuthSecret: enabled: true +redirects: + rules: + - from: staging.earthscope.2i2c.cloud + to: staging.geolab.earthscope.cloud + - from: earthscope.2i2c.cloud + to: geolab.earthscope.cloud + prometheus: server: ingress: From 665baea4c628f76ca04a5ea2c29d5e1ac36e92e9 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 16:34:26 -0800 Subject: [PATCH 391/494] Add runbook for setting up a community managed hub domain name Documenting in detail the process being followed in https://2i2c.freshdesk.com/a/tickets/1280. The audience is anyone handling support. There already was a CNAME management howto - however, it was not structured as a *runbook* that someone could just follow linearly. The new guide is structured better, has all the information from the previous guide and some more. In addition, it also codifies Erik's request in https://github.com/2i2c-org/infrastructure/issues/2356 to always set up redirects from a 2i2c managed domain name to the community managed domain. The section on changing authorized URL in CILogon is missing because I don't know how to do that - but I think that's ok! We can add that the next time we change it. These guides don't have to be 100% complete to be useful. https://github.com/2i2c-org/infrastructure/pull/3680 is the associated PR implementing this. Note that we are debugging some auth0 related things there with the community - I'll update this guide once there's more clarity there, but that should not block this PR. --- docs/howto/features/index.md | 2 +- docs/howto/manage-domains/index.md | 1 - docs/howto/manage-domains/set-cnames.md | 70 ------- .../deploy-support/configure-support.md | 1 + docs/sre-guide/support/community-domains.md | 173 ++++++++++++++++++ docs/sre-guide/support/index.md | 1 + 6 files changed, 176 insertions(+), 72 deletions(-) delete mode 100644 docs/howto/manage-domains/set-cnames.md create mode 100644 docs/sre-guide/support/community-domains.md diff --git a/docs/howto/features/index.md b/docs/howto/features/index.md index 5045b7d8f3..d63e08e41a 100644 --- a/docs/howto/features/index.md +++ b/docs/howto/features/index.md @@ -27,7 +27,7 @@ See the sections below for more details. ### Community Customization Layer ```{toctree} :maxdepth: 1 -1. Community specific hub domain <../manage-domains/set-cnames> +1. Community managed hub domain <../../sre-guide/support/community-domains> 2. Configure the hub login page ``` 3. Customizations of hub pages diff --git a/docs/howto/manage-domains/index.md b/docs/howto/manage-domains/index.md index 01a5453b3a..ca93f0820f 100644 --- a/docs/howto/manage-domains/index.md +++ b/docs/howto/manage-domains/index.md @@ -5,7 +5,6 @@ of our hubs and how to go about achieving that. ```{toctree} :maxdepth: 2 -set-cnames.md redirects.md override-domain.md ``` diff --git a/docs/howto/manage-domains/set-cnames.md b/docs/howto/manage-domains/set-cnames.md deleted file mode 100644 index 73fe785fe8..0000000000 --- a/docs/howto/manage-domains/set-cnames.md +++ /dev/null @@ -1,70 +0,0 @@ -# Set a community-specific domain using a CNAME - -We most commonly make hubs available at an address that follows a pattern such -as: `..2i2c.cloud` or `.2i2c.cloud` -(depending on whether the hub is deployed to a shared cluster or a dedicated one -respectively). However, some communities may have their own domain name and may -want their hub to be available at that address instead, for example: -`hub.`. This guide covers the steps required to allow this. - -```{attention} -This guide requires that you have completed the steps in the [](deploy-support-chart) -section of the Hub Deployment Guide. -``` - -## Let the Community Representative know what to do in their DNS provider - -In [](deploy-support-chart:dns-records), you probably created a DNS record in -our Namecheap account that looked something like `*.` and -pointed it at the external IP address of the NGINX load balancer service that is -deployed as part of the `support` chart. It is unlikely that a 2i2c engineer -will have access to the DNS provider a community are using to manage their -domain name so we must provide them with the steps required for them to proceed. -You can use the template below to comment on the relevant "New Hub - Request -deployment" issue asking them to complete the steps. - -```markdown -### Instructions for setting CNAMEs - -For the hub to be available at hub.``, please follow the below steps: - -1. Please create a CNAME record in your DNS zone -2. Give the CNAME record an understandable name. This can be anything you want, - for example, `hub`. -3. Set the following URL as the CNAME target: - - `.2i2c.cloud` # Or whatever the record in our DNS zone is -4. Let me know when you have done that and I shall redeploy the hub to use the new URL - -You can repeat this process to also host the staging hub at staging.hub.``, -but this time, the CNAME record should be called something slightly different, -such as `staging.hub` or whatever you prefer, and the target URL is -`staging..2i2c.cloud` - -Hope that makes sense! -``` - -```{important} -The reason we ask a community to set CNAMEs that point to the record in our -domain is so that we only need to update _our_ DNS records if the external IP -address of our load balancing service changes. No changes will be required -upstream in the community-owned DNS zone. -``` - -## Update our config to use the new URL - -Once the Community Representative has confirmed that they have setup the -required CNAMEs, we must update our config and redeploy the hubs. - -At an _absolute minimum_, the `domain` field of the relevant hub entry in the -`cluster.yaml` file needs to be changed to match the new URL. - -Additionally, if the method of authentication setup on the hubis associated with -an app, such as [](auth:github-orgs) or [](auth:cilogon), then these extra -changes will also be required: - -- Update the OAuth Callback URL stored in our config to match the new URL -- Change the **homepage URL** and the **OAuth Callback URL** defined in the - settings of the OAuth app to match the new URL - -Once you have made these changes and committed them, you can deploy them either -via [CI/CD by merging a PR](cicd) or by [manually running the deployer](hubs:manual-deploy). diff --git a/docs/hub-deployment-guide/deploy-support/configure-support.md b/docs/hub-deployment-guide/deploy-support/configure-support.md index e621cf522b..c99aba4dcd 100644 --- a/docs/hub-deployment-guide/deploy-support/configure-support.md +++ b/docs/hub-deployment-guide/deploy-support/configure-support.md @@ -90,6 +90,7 @@ support: - support.values.yaml ``` +(deploy-support-chart:manual)= ## Deploy the `support` chart via the `deployer` Use the `deployer` tool to deploy the support chart to the cluster. diff --git a/docs/sre-guide/support/community-domains.md b/docs/sre-guide/support/community-domains.md new file mode 100644 index 0000000000..98c1ae1816 --- /dev/null +++ b/docs/sre-guide/support/community-domains.md @@ -0,0 +1,173 @@ +# Provide the hub on a community maintained domain + +Some communities want the hub to be available under a domain they control, +rather than as `.2i2c.cloud`. This runbook describes how to handle +requests for such custom domains. + +## Terminology + +- **2i2c managed domain** + + A subdomain under `.2i2c.cloud` that 2i2c engineers have full control over. + This will *always* be an `A` (GCP, Azure) or `CNAME` (AWS) record pointing to the + external IP of the `nginx-ingress` service in the cluster. + + ```{note} + + You can verify this by running `kubectl -n support get svc + support-ingress-nginx-controller` and looking under the `EXTERNAL IP` column. + ``` + +- **community managed domain** + + Any domain not under 2i2c control that the community wants the + hub to be available at. The community will manage domain registration and DNS + records for this domain. This will *always* be a `CNAME` pointing to a 2i2c + managed domain. + + +```{important} +The reason we ask a community to set CNAMEs that point to the record in our +domain is so that we only need to update _our_ DNS records if the external IP +address of our load balancing service changes. No changes will be required +upstream in the community managed DNS system. +``` + +## Providing the community instructions for changes they need to make + +The community will have to set up appropriate DNS records first before we can +make progress, but we will have to tell them what records to set up. + +In addition, if Auth0 is being used as the authentication provider, the +community will also need to make specific changes to the Auth0 application they +gave us. + +The following template may be used to communicate this to the community. + +```markdown + +Hi {{ name }}, +​ +The actions we need from you are: + +{{ for each hub }} +- Make a CNAME DNS record, from {{ community managed domain }} pointing to {{ 2i2c managed domain }} +{{ end for }} + +{{ if auth0 is in use}} +-. Since you manage the auth0 setup, you'll need to make the following changes to the Auth0 application: + {{ for each hub }} + a. Add https://{{ community managed domain}}/hub/oauth_callback to the list of allowed callback URLs. + b. Add https://{{ community managed domain}} to the list of allowed logout redirect URLs + {{ end }} +{{ end if }} + +Let us know when these are done and we'll do the config changes required on our part! + +``` + +Since a wide variety of domain registrars / DNS record management software may +be used, we can not provide support for actually making these changes - that is +a community responsibility. + +## Verify the DNS changes + +Once the community has made the changes, we can test that with the following command: + +```bash +dig +short -t cname {{ community managed domain }} +``` + +Should provide the output of the 2i2c managed domain we have set up for the hub. If +it does not, wait for about 15 minutes and try again - DNS propagation may take a while. + +## Preparing the configuration change + +1. In the `.values.yaml` file, change `jupyterhub.ingress.hosts` and + `jupyterhub.ingress.tls`, replacing the 2i2c domain name with the community + provided domain name. + +2. In `cluster.yaml` file for the cluster the hubs are + in, change the `domain` field to point to the community managed domain. + +3. If Auth0 is being used, change `jupyterhub.hub.config.CustomAuth0OAuthenticator.logout_redirect_to_url` + to point to the community managed domain. + +4. If GitHub Authentication is being used, change the domain used in the URL in + `jupyterhub.hub.config.GitHubOAuthenticator.oauth_callback_url` to point to the community + managed domain. + +5. If CILogon Authentication is being used, change the domain used in the URL in + `jupyterhub.hub.config.CILogonOAuthenticator.oauth_callback_url` to point to the community + managed domain. + +6. In the `support.values.yaml` file for the cluster in which the hubs are, we set up redirects + so folks who go to the older domains will get redirected to the new domain. + + ```yaml + redirects: + rules: + - from: <2i2c-managed-domain> + to: + ``` + +7. Make a PR with your changes. + +## Deploying the configuration change + +If there is a staging hub in the list of hubs being changed, you can [deploy manually](hubs:manual-deploy) +to test these changes. To test the redirects manually, you can use the [deploy-support](deploy-support-chart:manual) +command. + +### Determine a possible deployment time window + +If this is a currently running hub with active users, this change will be *disruptive*, as the old +URLs will no longer work. Communicate this to the community, and find a useful time to deploy +the change that will be the least disruptive. + +However, most often this is done *before* there is any real usage on the hub, and timing this +is not a consideration. + +### Authentication updates + +**Just** before deployment, we should change the Authorized Callback URLs in the appropriate +upstream authentication provider we use. We delay this to just before the deployment, since in +most providers we can have only *one* authorized callback URL. As soon as we change this URL to +point to the new domain, users can not log in to the old domain anymore! + +#### GitHub Authentication + +1. Open the appropriate GitHub App from the [list of OAuth apps](https://github.com/organizations/2i2c-org/settings/applications) + in the 2i2c-org GitHub org. +2. Change the **Homepage URL** to point to the new community managed domain. +3. Change the **Authorization callback URL** to point to the new community managed domain. This + should match the value in `jupyterhub.hub.config.GitHubOAuthenticator.oauth_callback_url`. +4. Hit the **Update application** button. + +#### CILogon Authentication + +```{todo} +This section to be filled in :) +``` + +#### Auth0 Authentication + +Since Auth0 supports multiple active authorized callback URLs, and we asked the community to +*add* (not replace) authorized callback URLs, no action is necessary here. + +### Deploy the change + +Merge the pull request you made! + +### Test the change + +After the deployment has completed, and re-test to make sure that the following features work: + +a. Logging in to the hub +b. Spawning a server +c. Logging out of the hub + +### Let the community know + +Once you've verified that the new domain works ok, communicate to the community that this change +is complete. diff --git a/docs/sre-guide/support/index.md b/docs/sre-guide/support/index.md index 7b1ead5522..d95420df49 100644 --- a/docs/sre-guide/support/index.md +++ b/docs/sre-guide/support/index.md @@ -13,4 +13,5 @@ build-image-remotely credits grafana-account admin-users +community-domains.md ``` From f03236c60012808a40cf47cb0fe6acd9fd193fdb Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 16:49:18 -0800 Subject: [PATCH 392/494] Remove the redirects file This is now integrated into the domain setup instructions --- docs/howto/manage-domains/index.md | 1 - docs/howto/manage-domains/redirects.md | 20 -------------------- 2 files changed, 21 deletions(-) delete mode 100644 docs/howto/manage-domains/redirects.md diff --git a/docs/howto/manage-domains/index.md b/docs/howto/manage-domains/index.md index ca93f0820f..af0e8385b8 100644 --- a/docs/howto/manage-domains/index.md +++ b/docs/howto/manage-domains/index.md @@ -5,6 +5,5 @@ of our hubs and how to go about achieving that. ```{toctree} :maxdepth: 2 -redirects.md override-domain.md ``` diff --git a/docs/howto/manage-domains/redirects.md b/docs/howto/manage-domains/redirects.md deleted file mode 100644 index 358b0614b5..0000000000 --- a/docs/howto/manage-domains/redirects.md +++ /dev/null @@ -1,20 +0,0 @@ -(domain-redirects)= -# Setup Domain Redirects - -Sometimes, when we move a hub, we want to redirect users from the -old hub to the new hub. While this will still break users *currently* -on the hub, it should work seamlessly for anyone trying to login. - -You can set up redirects by adding something like this to the appropriate -`support.values.yaml` file for the *cluster* the hub is on: - -```yaml -redirects: - rules: - - from: - to: -``` - -You can add any number of such redirects. They will all be `302 Temporary` -redirects, in case we want to reuse the old domain for something else in -the future. From ce2a9b9767900df50ca01a3cdc2fc2a1e99cdab9 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 19:11:50 -0800 Subject: [PATCH 393/494] Add a simple python package addition runbook Developed along with @sgibson91 as part of handling https://2i2c.freshdesk.com/a/tickets/1259. As we get more python package requests, this guide may be refined to add more questions and clarifications. --- docs/sre-guide/support/index.md | 1 + .../support/simple-python-package.md | 140 ++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 docs/sre-guide/support/simple-python-package.md diff --git a/docs/sre-guide/support/index.md b/docs/sre-guide/support/index.md index 7b1ead5522..8cbc773c4d 100644 --- a/docs/sre-guide/support/index.md +++ b/docs/sre-guide/support/index.md @@ -8,6 +8,7 @@ There is also a wiki with [per-cluster support notes](https://github.com/2i2c-or ```{toctree} :maxdepth: 2 home-dir +simple-python-package decrypt-age build-image-remotely credits diff --git a/docs/sre-guide/support/simple-python-package.md b/docs/sre-guide/support/simple-python-package.md new file mode 100644 index 0000000000..6e3ecd7885 --- /dev/null +++ b/docs/sre-guide/support/simple-python-package.md @@ -0,0 +1,140 @@ +# Add a simple python package to an image we maintain + +This runbook describes the steps folks can take when they receive a request for +adding a python package to an image we maintain for a community. Most requests are for +a simple, uncomplicated package addition. This guide helps you determine if the request +is simple, and if so, complete it. + +## Pre-requisites + +1. We (2i2c) are responsible for maintaining this image. There is currently no single source of + truth for determining this, unfortunately - please ask in the `#partnerships` channel if you + are not sure. + + ```{Note} + If we do not maintain the image for a community, we should have a template response to be + sent back here. + ``` + +2. The image is maintained on a GitHub repo we have full rights on. + +3. The image is built and pushed with [repo2docker-action](https://github.com/jupyterhub/repo2docker-action) + +4. The request is for a python package. + +5. The image is constructed in one of the following ways: + a. It is using repo2docker files, and has an `environment.yml` file + b. It is inheriting from one of the following community maintained upstream images via a `Dockerfile`. + i. [jupyter/docker-stacks](https://github.com/jupyter/docker-stacks) + ii. [pangeo-docker-images](https://github.com/pangeo-data/pangeo-docker-images/) + +If *any* of these pre-requisites are not met, escalate to all of engineering to figure this out. + +## Determine if this is a 'simple' package addition + +### Q1: Is the python package being requested available on `pip` or the `conda-forge` channel? + +- [conda-forge search](https://anaconda.org/search). Verify that the package is in the `conda-forge` channel here, rather than in any other channel. +- [pypi search](https://pypi.org/) + +#### No + +- The package is from GitHub -> Tell the requester to release it on PyPI, and we + can install it from there. In the meantime, they can test it within their + environment by just `pip install`ing from their github repo. + +- Package is available in a non-conda-forge channel -> Escalate to rest of the + team, as mixing conda channels can get messy and complex. + +#### Yes + +Go to Q2. + +### Q2: Is this package part of the ML ecosystem? + +There are two distinct ML ecosystems in python - based on +[tensorflow](https://www.tensorflow.org/) and [pytorch](https://pytorch.org/). +Does the package depend transitively on either of these packages? + +```{note} +We need to provide a simple way to determine this transitive dependency. Currently +it's up to the implementor to figure that out +``` + +#### No + +Yes, this is a *simple* package addition. Proceed to implementation. + +#### Yes + +Go to Q3 + +### Q3: Is the base package (tensorflow or pytorch) already installed in the image? + +#### Yes + +Yes, this is a *simple* package addition. Proceed to implementation. + +#### No + +No, this is not a simple package addition. Escalate to the rest of the team, to help choose +between: + +1. Adding ML packages to existing image +2. Suggesting the community to use a different image as part of a `profileList` +3. Suggesting a new hub be deployed for ML use cases + +## Implementing a simple package addition + +### Guidelines for choosing conda-forge vs pypi + +1. If the package is ML related, and the base package (tensorflow or pytorch) is + already present in the image, use the same installation method (conda-forge or + PyPI) that the base package uses. This reduces intermixing of dependencies, + which may cause breakage. +2. If the package is present on conda-forge, prefer that over PyPI + +*If* there is an `environment.yml` file present, add the package there. If +*getting from `conda-forge`, it goes under the `dependencies`. If we are getting +*this from `PyPI`, it goes under the `pip` section under `dependencies`. + +### Determine the latest version & pin to latest minor version. + +**Ideally**, we will use a lock file for each image we maintain to have perfect +*pinning. However, we currently do not have that. Until then, we should use pin +*to the latest minor version of the requested package. So if the latest version +*is `2.0.5`, we can specify `==2.0.*` as the version constraint. While this +*still allows for versions of *dependent* packages to drift during rebuilds, it +*at least pins the *directly requested package* to an acceptable level (compared +*to not specifying a version at all). + +You can find the current latest version from either PyPI or `conda-forge` (depending +on where it is being installed from, per the previous step). + +### Provenance + +Add a comment linking back to the support ticket where this package was requested. + +### Does the build succeed? + +We use [repo2docker-action](https://github.com/jupyterhub/repo2docker-action) to build and test PRs made to image repos. If the package can be successfully resolved and installed given our version constraints, the PR will have a successful build. + +#### Yes + +You can self merge the PR and roll it out to staging for the requester to test. The following response template may be used: + +> Hello {{ name of requester }} +> +> We have installed the package you requested via {{ link to PR }}, and I have rolled it out to the staging hub at {{ link to staging hub }}. Can you test it out and let me know if it looks good? If so, I can roll it out to production. +> +> Thanks! + +#### No + +Escalate to engineering so this can be debugged. We should communicate this to the requester as well. The following template may be used: + +> Hello {{ name of requester }} +> +> We tried to add the package you requested in {{ link to PR }}. However, it looks like the package addition is not simple, and the build has failed. I've escalated this to our general engineering prioritization process, and we will get back to you once we have more information. Thank you for your patience! +> +> Thanks! From 1f2691e5020852dfb0afee75980d970c29b2bb75 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 1 Feb 2024 19:17:22 -0800 Subject: [PATCH 394/494] Mention that nfs.pv should also be set to false Until https://github.com/2i2c-org/infrastructure/issues/3654 gets fixed, we update the ephemeral hub docs so folks who are setting up an ephemeral hub can just copy paste --- docs/howto/features/ephemeral.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/howto/features/ephemeral.md b/docs/howto/features/ephemeral.md index 91c4c5ae20..b2e357d390 100644 --- a/docs/howto/features/ephemeral.md +++ b/docs/howto/features/ephemeral.md @@ -49,6 +49,9 @@ provide persistent storage. So we turn it all off - particularly the home direct ```yaml nfs: enabled: false + # Required until https://github.com/2i2c-org/infrastructure/issues/3654 is fixed + pv: + enabled: false jupyterhub: custom: From 1694442b44a0dc18f96f2df403856c845c1419b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Feb 2024 11:26:35 +0000 Subject: [PATCH 395/494] Bump actions/cache from 3 to 4 Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy-hubs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index b39d8eab4b..c2ae2ff399 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -82,7 +82,7 @@ jobs: # this job is re-attempted as part of the same workflow run after # succeeding previously. - name: Save pip's install cache on job completion - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.cache/pip # key determines if we define or reuse an existing cache or not. Our From c86ca12fb554950f2b898898a7e03b5706afba5c Mon Sep 17 00:00:00 2001 From: Jenny Wong Date: Fri, 2 Feb 2024 14:37:09 +0000 Subject: [PATCH 396/494] Update showcase image --- config/clusters/2i2c-aws-us/showcase.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index d092317c1b..4af7c3f1e6 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -137,7 +137,7 @@ basehub: display_name: Handbook Authoring slug: handbook kubespawner_override: - image: quay.io/2i2c/handbook-authoring-image:ad18f6ea575d + image: quay.io/2i2c/handbook-authoring-image:b5b2c88daa24 pangeo: display_name: Pangeo Notebook default: true From 928516b56dbf145a38937690cec0f60e85616c11 Mon Sep 17 00:00:00 2001 From: James Munroe Date: Fri, 2 Feb 2024 10:40:14 -0500 Subject: [PATCH 397/494] change available RAM on spyglass to 3.4GB --- config/clusters/hhmi/spyglass.values.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index d4220d1bd0..43dcd6e99e 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -66,6 +66,15 @@ jupyterhub: image: name: quay.io/2i2c/hhmi-spyglass-image tag: "67523d9ea855" + profileList: + - display_name: "Spyglass" + description: "3.4GB RAM environment for spyglass notebooks" + default: true + kubespawner_override: + mem_guarantee: 3.4G + mem_limit: 3.4G + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 extraContainers: - name: mysql image: datajoint/mysql # following the spyglass tutorial at https://lorenfranklab.github.io/spyglass/latest/notebooks/00_Setup/#existing-database From 528b8256f15aa7c31836846f937fe762484ad71a Mon Sep 17 00:00:00 2001 From: James Munroe Date: Fri, 2 Feb 2024 11:19:53 -0500 Subject: [PATCH 398/494] hhmi/spyglass do not use profile lists --- config/clusters/hhmi/spyglass.values.yaml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 43dcd6e99e..b4fdde58ea 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -66,15 +66,12 @@ jupyterhub: image: name: quay.io/2i2c/hhmi-spyglass-image tag: "67523d9ea855" - profileList: - - display_name: "Spyglass" - description: "3.4GB RAM environment for spyglass notebooks" - default: true - kubespawner_override: - mem_guarantee: 3.4G - mem_limit: 3.4G - node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 + profileList: null + memory: + limit: 3.4G + guarantee: 3.4G + nodeSelector: + node.kubernetes.io/instance-type: n2-highmem-4 extraContainers: - name: mysql image: datajoint/mysql # following the spyglass tutorial at https://lorenfranklab.github.io/spyglass/latest/notebooks/00_Setup/#existing-database From 452a303368be7e60467ffe2a99a6c9d34687556b Mon Sep 17 00:00:00 2001 From: Julius Busecke Date: Fri, 2 Feb 2024 13:12:00 -0500 Subject: [PATCH 399/494] Bump LEAP notebook tags --- config/clusters/leap/common.values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index 32a6ecfa9c..25bf3db7d7 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -204,17 +204,17 @@ basehub: default: true slug: "pangeo" kubespawner_override: - image: "pangeo/pangeo-notebook:2023.08.29" + image: "pangeo/pangeo-notebook:2023.08.292024.01.23" tensorflow: display_name: Pangeo Tensorflow ML Notebook slug: "tensorflow" kubespawner_override: - image: "pangeo/ml-notebook:2023.08.29" + image: "pangeo/ml-notebook:2024.01.23" pytorch: display_name: Pangeo PyTorch ML Notebook slug: "pytorch" kubespawner_override: - image: "pangeo/pytorch-notebook:2023.08.29" + image: "pangeo/pytorch-notebook:2024.01.23" leap-pangeo-edu: display_name: LEAP Education Notebook (Testing Prototype) slug: "leap_edu" @@ -267,12 +267,12 @@ basehub: display_name: Pangeo Tensorflow ML Notebook slug: "tensorflow" kubespawner_override: - image: "pangeo/ml-notebook:2023.08.29" + image: "pangeo/ml-notebook:2024.01.23" pytorch: display_name: Pangeo PyTorch ML Notebook slug: "pytorch" kubespawner_override: - image: "pangeo/pytorch-notebook:2023.08.29" + image: "pangeo/pytorch-notebook:2024.01.23" kubespawner_override: environment: NVIDIA_DRIVER_CAPABILITIES: compute,utility From b40fb4defa99ae00f882ddfb5ecec28976fba486 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 2 Feb 2024 19:15:57 +0100 Subject: [PATCH 400/494] leap: fix image tag typo --- config/clusters/leap/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index 25bf3db7d7..8053e5aadb 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -204,7 +204,7 @@ basehub: default: true slug: "pangeo" kubespawner_override: - image: "pangeo/pangeo-notebook:2023.08.292024.01.23" + image: "pangeo/pangeo-notebook:2024.01.23" tensorflow: display_name: Pangeo Tensorflow ML Notebook slug: "tensorflow" From 020da051d77a07645b2f69176b7e4098aae344eb Mon Sep 17 00:00:00 2001 From: James Munroe Date: Fri, 2 Feb 2024 14:43:37 -0500 Subject: [PATCH 401/494] remove unneeded line --- config/clusters/hhmi/spyglass.values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index b4fdde58ea..5a7b07ad78 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -66,7 +66,6 @@ jupyterhub: image: name: quay.io/2i2c/hhmi-spyglass-image tag: "67523d9ea855" - profileList: null memory: limit: 3.4G guarantee: 3.4G From 1b31ee757097df3f730f87893073db772b424fbf Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Fri, 2 Feb 2024 12:38:11 -0800 Subject: [PATCH 402/494] Add section on how to update CILogon callback_url Co-authored-by: Georgiana --- docs/sre-guide/support/community-domains.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/docs/sre-guide/support/community-domains.md b/docs/sre-guide/support/community-domains.md index 98c1ae1816..df49856b89 100644 --- a/docs/sre-guide/support/community-domains.md +++ b/docs/sre-guide/support/community-domains.md @@ -146,8 +146,21 @@ point to the new domain, users can not log in to the old domain anymore! #### CILogon Authentication -```{todo} -This section to be filled in :) +Use the `deployer cilogon-client` command to update the existing CILogon client application. + +This commands needs to be passed the cluster name, the hub name and the **new domain**. + +The example below updates the 2i2c's staging hub domain to ` new-domain.staging.2i2c.cloud`. + +```bash +deployer cilogon-client update 2i2c staging new-domain.staging.2i2c.cloud +``` + +````{tip} +You can use the get command afterwards to verify that the update happened successfully and check the `redirect_urls` list in the output dictionary of the command. + +```bash +deployer cilogon-client get 2i2c staging ``` #### Auth0 Authentication From 1219fabdcfdafaa123bdc851d80dafe9316e77fe Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 2 Feb 2024 12:48:40 -0800 Subject: [PATCH 403/494] Reword CILogon Authentication changes a little --- docs/sre-guide/support/community-domains.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/sre-guide/support/community-domains.md b/docs/sre-guide/support/community-domains.md index df49856b89..a633c62d2b 100644 --- a/docs/sre-guide/support/community-domains.md +++ b/docs/sre-guide/support/community-domains.md @@ -148,21 +148,21 @@ point to the new domain, users can not log in to the old domain anymore! Use the `deployer cilogon-client` command to update the existing CILogon client application. -This commands needs to be passed the cluster name, the hub name and the **new domain**. - -The example below updates the 2i2c's staging hub domain to ` new-domain.staging.2i2c.cloud`. +This commands needs to be passed the cluster name, the hub name and the **new community managed domain**. ```bash -deployer cilogon-client update 2i2c staging new-domain.staging.2i2c.cloud +deployer cilogon-client update {{ cluster name }} {{ hub name }} {{ community managed domain}} ``` -````{tip} -You can use the get command afterwards to verify that the update happened successfully and check the `redirect_urls` list in the output dictionary of the command. +You can verify this was updated correctly by looking at the output of the following command: ```bash -deployer cilogon-client get 2i2c staging +deployer cilogon-client get {{ cluster name }} {{ hub name }} ``` +The `redirect_uris` field should have the new community managed domain, and should match +the value in `jupyterhub.hub.config.CILogonOAuthenticator.oauth_callback_url`` + #### Auth0 Authentication Since Auth0 supports multiple active authorized callback URLs, and we asked the community to From a2e363e743866e7cb43c8f3424d92086e34fcdae Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 2 Feb 2024 13:29:01 -0800 Subject: [PATCH 404/494] Explicitly describe how to escalate package installs --- .../support/simple-python-package.md | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/docs/sre-guide/support/simple-python-package.md b/docs/sre-guide/support/simple-python-package.md index 6e3ecd7885..bd1df9a3bf 100644 --- a/docs/sre-guide/support/simple-python-package.md +++ b/docs/sre-guide/support/simple-python-package.md @@ -28,7 +28,7 @@ is simple, and if so, complete it. i. [jupyter/docker-stacks](https://github.com/jupyter/docker-stacks) ii. [pangeo-docker-images](https://github.com/pangeo-data/pangeo-docker-images/) -If *any* of these pre-requisites are not met, escalate to all of engineering to figure this out. +If *any* of these pre-requisites are not met, go straight to [escalation](sre-guide:support:simple-python-package:escalation). ## Determine if this is a 'simple' package addition @@ -43,7 +43,8 @@ If *any* of these pre-requisites are not met, escalate to all of engineering to can install it from there. In the meantime, they can test it within their environment by just `pip install`ing from their github repo. -- Package is available in a non-conda-forge channel -> Escalate to rest of the +- Package is available in a non-conda-forge channel -> + [Escalate](sre-guide:support:simple-python-package:escalation) to rest of the team, as mixing conda channels can get messy and complex. #### Yes @@ -77,8 +78,9 @@ Yes, this is a *simple* package addition. Proceed to implementation. #### No -No, this is not a simple package addition. Escalate to the rest of the team, to help choose -between: +No, this is not a simple package addition. +[Escalate](sre-guide:support:simple-python-package:escalation) to the rest of +the team, to help choose between: 1. Adding ML packages to existing image 2. Suggesting the community to use a different image as part of a `profileList` @@ -131,10 +133,22 @@ You can self merge the PR and roll it out to staging for the requester to test. #### No -Escalate to engineering so this can be debugged. We should communicate this to the requester as well. The following template may be used: +[Escalate](sre-guide:support:simple-python-package:escalation) to the whole team +so this can be debugged. We should communicate this escalation to the requester as well. +The following template may be used: > Hello {{ name of requester }} > > We tried to add the package you requested in {{ link to PR }}. However, it looks like the package addition is not simple, and the build has failed. I've escalated this to our general engineering prioritization process, and we will get back to you once we have more information. Thank you for your patience! > > Thanks! + +(sre-guide:support:simple-python-package:escalation)= +## Escalation + +If this is *not* a simple package installation, escalate this to rest of engineering in the following way: + +1. If it doesn't already exist, create a [freshdesk tracking issue](https://github.com/2i2c-org/infrastructure/issues/new?assignees=&labels=support&projects=&template=5_freshdesk-ticket.yml&title=%5BSupport%5D+%7B%7B+Ticket+name+%7D%7D) + in the `2i2c-org/infrastructure` repository. Make sure to fill in whatever you have learnt so + far. +2. Raise this in the `#support-freshdesk` channel on slack for further help and action. From a7f7e9be9bee5238af3599b8da6c31fff90c87a3 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 2 Feb 2024 13:53:53 -0800 Subject: [PATCH 405/494] Expand on how people can find transitive dependencies --- .../support/simple-python-package.md | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/docs/sre-guide/support/simple-python-package.md b/docs/sre-guide/support/simple-python-package.md index bd1df9a3bf..3022f8ea39 100644 --- a/docs/sre-guide/support/simple-python-package.md +++ b/docs/sre-guide/support/simple-python-package.md @@ -57,11 +57,32 @@ There are two distinct ML ecosystems in python - based on [tensorflow](https://www.tensorflow.org/) and [pytorch](https://pytorch.org/). Does the package depend transitively on either of these packages? -```{note} -We need to provide a simple way to determine this transitive dependency. Currently -it's up to the implementor to figure that out +#### Check dependencies on `pip` + +If we are installing from `PyPI` via `pip`, you can check transitive dependencies +via the excellent [libraries.io](https://libraries.io). + +1. Go to the [libraries.io/pypi](https://libraries.io/pypi/) page - this collects + and provides many useful pieces of information about packages on PyPI. +2. Search for the name of the package, and open its page. +3. In the right sidebar, under 'Dependencies', click 'Explore' dependencies. + This should take you to a dependency tree page, showing all dependencies + (including transitive dependencies). Here is what that looks + like for [pymc3](https://libraries.io/pypi/pymc3/3.11.5/tree). +4. Search for `tensorflow` or `torch` (the package name for pytorch) here. + +#### Check dependencies on `conda` + +If the package is in `conda-forge` and you have [mamba](https://mamba.readthedocs.io) +locally installed, you can use the [mamba repoquery](https://mamba.readthedocs.io/en/latest/user_guide/mamba.html#repoquery) +command. For example, to find all the dependencies of `pymc`, you would run: + +```bash +mamba repoquery depends -c conda-forge pymc --tree ``` +This should show you all the transitive dependencies + #### No Yes, this is a *simple* package addition. Proceed to implementation. From 096a4ce203e29ceb391c6e5caff7a2c95d6197ec Mon Sep 17 00:00:00 2001 From: Jenny Wong Date: Mon, 5 Feb 2024 13:50:35 +0000 Subject: [PATCH 406/494] Add 2i2c-community-showcase:access-2i2c-showcase to allowed organisations --- config/clusters/2i2c-aws-us/showcase.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index 4af7c3f1e6..42dabd1c59 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -41,6 +41,7 @@ basehub: populate_teams_in_auth_state: true allowed_organizations: - 2i2c-org:research-delight-team + - 2i2c-community-showcase:access-2i2c-showcase - 2i2c-demo-hub-access:showcase-topst - ScienceCore scope: From 0b14e29b73f665f14f44c6f45b09804a323b4a03 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 18:34:38 +0000 Subject: [PATCH 407/494] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v3.1.0 → v4.0.0-alpha.8](https://github.com/pre-commit/mirrors-prettier/compare/v3.1.0...v4.0.0-alpha.8) - [github.com/psf/black: 23.12.1 → 24.1.1](https://github.com/psf/black/compare/23.12.1...24.1.1) - [github.com/pycqa/flake8: 6.1.0 → 7.0.0](https://github.com/pycqa/flake8/compare/6.1.0...7.0.0) - [github.com/codespell-project/codespell: v2.2.5 → v2.2.6](https://github.com/codespell-project/codespell/compare/v2.2.5...v2.2.6) --- .pre-commit-config.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1b3a51482c..662daac0c6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: markdown, yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.1.0 + rev: v4.0.0-alpha.8 hooks: - id: prettier @@ -31,7 +31,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: "23.12.1" + rev: "24.1.1" hooks: - id: black # This is a `.py` file but is encrypted with sops @@ -39,7 +39,7 @@ repos: # Lint: Python code - repo: https://github.com/pycqa/flake8 - rev: "6.1.0" + rev: "7.0.0" hooks: - id: flake8 # This is a `.py` file but is encrypted with sops @@ -61,7 +61,7 @@ repos: # Prevent known typos from being committed - repo: https://github.com/codespell-project/codespell - rev: v2.2.5 + rev: v2.2.6 hooks: - id: codespell args: From 6b32a9f69e32c85da02fec53d069eb2c3249dcd5 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 18:34:54 +0000 Subject: [PATCH 408/494] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- .github/actions/setup-deploy/action.yaml | 2 +- deployer/cli_app.py | 1 + deployer/commands/debug.py | 1 + deployer/commands/deployer.py | 1 + deployer/commands/exec/cloud.py | 1 + .../generate/dedicated_cluster/aws.py | 1 + .../dedicated_cluster_app.py | 1 + .../generate/dedicated_cluster/gcp.py | 1 + .../generate/helm_upgrade/decision.py | 40 +++++++++---------- .../resource_allocation/daemonset_requests.py | 12 +++--- .../resource_allocation_app.py | 1 + deployer/commands/validate/config.py | 1 + deployer/keys/decrypt_age.py | 1 + deployer/utils/file_acquisition.py | 1 + .../generate-general-info-table-about-hubs.py | 9 +++-- .../generate-hub-features-table.py | 1 + extra-scripts/comment-deployment-plan-pr.py | 1 + extra-scripts/comment-test-link-merged-pr.py | 1 + extra-scripts/rsync-active-users.py | 1 + noxfile.py | 1 + 20 files changed, 48 insertions(+), 31 deletions(-) diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml index 2b527e9b11..e77402d8bb 100644 --- a/.github/actions/setup-deploy/action.yaml +++ b/.github/actions/setup-deploy/action.yaml @@ -57,7 +57,7 @@ runs: uses: actions/cache@v4 with: path: ~/.cache/pip - # key determines if we define or re-use an existing cache or not. Our + # key determines if we define or reuse an existing cache or not. Our # key ensure we cache within a workflow run and its attempts, but not # between workflow runs. key: "${{ github.run_id }}" diff --git a/deployer/cli_app.py b/deployer/cli_app.py index 7026765e91..0bab2d760f 100644 --- a/deployer/cli_app.py +++ b/deployer/cli_app.py @@ -5,6 +5,7 @@ for the same CLI application. So we can put deployment related stuff under deployer.py, debug related stuff under debug.py, etc """ + import typer # The typer app to which all subcommands are attached diff --git a/deployer/commands/debug.py b/deployer/commands/debug.py index 9215a1b509..b6a22dadb1 100644 --- a/deployer/commands/debug.py +++ b/deployer/commands/debug.py @@ -1,6 +1,7 @@ """ Helper commands for debugging active issues in a hub """ + import string import subprocess from enum import Enum diff --git a/deployer/commands/deployer.py b/deployer/commands/deployer.py index dcadca96ad..e8c10cffee 100644 --- a/deployer/commands/deployer.py +++ b/deployer/commands/deployer.py @@ -1,6 +1,7 @@ """ Actions available when deploying many JupyterHubs to many Kubernetes clusters """ + import base64 import os import subprocess diff --git a/deployer/commands/exec/cloud.py b/deployer/commands/exec/cloud.py index bb793e7981..6cf7271a1c 100644 --- a/deployer/commands/exec/cloud.py +++ b/deployer/commands/exec/cloud.py @@ -4,6 +4,7 @@ Google Cloud's `gcloud` is more user friendly than AWS's `aws`, so we have some augmented methods here primarily for AWS use. """ + import json import os import subprocess diff --git a/deployer/commands/generate/dedicated_cluster/aws.py b/deployer/commands/generate/dedicated_cluster/aws.py index a97a5bd343..b3d763aeed 100644 --- a/deployer/commands/generate/dedicated_cluster/aws.py +++ b/deployer/commands/generate/dedicated_cluster/aws.py @@ -6,6 +6,7 @@ - a .tfvars file - An ssh-key (the private part is encrypted) """ + import os import subprocess diff --git a/deployer/commands/generate/dedicated_cluster/dedicated_cluster_app.py b/deployer/commands/generate/dedicated_cluster/dedicated_cluster_app.py index 58bd7be19c..a35009c66e 100644 --- a/deployer/commands/generate/dedicated_cluster/dedicated_cluster_app.py +++ b/deployer/commands/generate/dedicated_cluster/dedicated_cluster_app.py @@ -3,6 +3,7 @@ nested as a sub-command named "dedicated-cluster" under the `generate` sub-command of the deployer. """ + import typer from deployer.cli_app import generate_app diff --git a/deployer/commands/generate/dedicated_cluster/gcp.py b/deployer/commands/generate/dedicated_cluster/gcp.py index 36ae0e8e9e..ddf781b9ab 100644 --- a/deployer/commands/generate/dedicated_cluster/gcp.py +++ b/deployer/commands/generate/dedicated_cluster/gcp.py @@ -9,6 +9,7 @@ - `config//enc-support.secret.values.yaml` """ + import jinja2 import typer from typing_extensions import Annotated diff --git a/deployer/commands/generate/helm_upgrade/decision.py b/deployer/commands/generate/helm_upgrade/decision.py index aab4bc3586..250d17c892 100644 --- a/deployer/commands/generate/helm_upgrade/decision.py +++ b/deployer/commands/generate/helm_upgrade/decision.py @@ -3,6 +3,7 @@ support helm chart upgrading depending on an input list of filenames that have been added or modified in a GitHub Pull Request. """ + import fnmatch from rich.console import Console @@ -111,9 +112,9 @@ def generate_hub_matrix_jobs( matrix_job["hub_name"] = hub["name"] if upgrade_all_hubs_on_all_clusters: - matrix_job[ - "reason_for_redeploy" - ] = "Core infrastructure has been modified" + matrix_job["reason_for_redeploy"] = ( + "Core infrastructure has been modified" + ) matrix_jobs.append(matrix_job) @@ -133,10 +134,9 @@ def generate_hub_matrix_jobs( # upgraded matrix_job = cluster_info.copy() matrix_job["hub_name"] = hub["name"] - matrix_job[ - "reason_for_redeploy" - ] = "Following helm chart values files were modified: " + ", ".join( - [path.name for path in intersection] + matrix_job["reason_for_redeploy"] = ( + "Following helm chart values files were modified: " + + ", ".join([path.name for path in intersection]) ) matrix_jobs.append(matrix_job) @@ -210,9 +210,9 @@ def generate_support_matrix_jobs( matrix_job["upgrade_support"] = True if upgrade_support_on_all_clusters: - matrix_job[ - "reason_for_support_redeploy" - ] = "Support helm chart has been modified" + matrix_job["reason_for_support_redeploy"] = ( + "Support helm chart has been modified" + ) matrix_jobs.append(matrix_job) @@ -227,10 +227,9 @@ def generate_support_matrix_jobs( if intersection: matrix_job = cluster_info.copy() matrix_job["upgrade_support"] = True - matrix_job[ - "reason_for_support_redeploy" - ] = "Following helm chart values files were modified: " + ", ".join( - [path.name for path in intersection] + matrix_job["reason_for_support_redeploy"] = ( + "Following helm chart values files were modified: " + + ", ".join([path.name for path in intersection]) ) matrix_jobs.append(matrix_job) @@ -310,9 +309,9 @@ def move_staging_hubs_to_staging_matrix( # Update the matching job in support_and_staging_matrix_jobs to hold # information related to upgrading the staging hub support_and_staging_matrix_jobs[job_idx]["upgrade_staging"] = True - support_and_staging_matrix_jobs[job_idx][ - "reason_for_staging_redeploy" - ] = staging_job["reason_for_redeploy"] + support_and_staging_matrix_jobs[job_idx]["reason_for_staging_redeploy"] = ( + staging_job["reason_for_redeploy"] + ) else: # A job with a matching cluster name doesn't exist, this is because its # support chart doesn't need upgrading. We create a new job in that will @@ -365,10 +364,9 @@ def ensure_support_staging_jobs_have_correct_keys( # There are prod hubs on this cluster that require an upgrade, and so we # also upgrade staging job["upgrade_staging"] = True - job[ - "reason_for_staging_redeploy" - ] = "Following prod hubs require redeploy: " + ", ".join( - hubs_on_this_cluster + job["reason_for_staging_redeploy"] = ( + "Following prod hubs require redeploy: " + + ", ".join(hubs_on_this_cluster) ) else: # There are no prod hubs on this cluster that require an upgrade, so we diff --git a/deployer/commands/generate/resource_allocation/daemonset_requests.py b/deployer/commands/generate/resource_allocation/daemonset_requests.py index f6611f38b9..1a02a83d0f 100644 --- a/deployer/commands/generate/resource_allocation/daemonset_requests.py +++ b/deployer/commands/generate/resource_allocation/daemonset_requests.py @@ -76,12 +76,12 @@ def get_daemon_sets_requests(): # So we have to calculate the requests of the init containers and containers separately, # and take the max as the effective request / limit - container_req_mem = ( - container_req_cpu - ) = container_lim_mem = container_lim_cpu = 0 - init_container_req_mem = ( - init_container_req_cpu - ) = init_container_lim_mem = init_container_lim_cpu = 0 + container_req_mem = container_req_cpu = container_lim_mem = ( + container_lim_cpu + ) = 0 + init_container_req_mem = init_container_req_cpu = init_container_lim_mem = ( + init_container_lim_cpu + ) = 0 for c in ds["spec"]["template"]["spec"]["containers"]: resources = c.get("resources", {}) diff --git a/deployer/commands/generate/resource_allocation/resource_allocation_app.py b/deployer/commands/generate/resource_allocation/resource_allocation_app.py index dd5c2555b0..a07ae9dd5d 100644 --- a/deployer/commands/generate/resource_allocation/resource_allocation_app.py +++ b/deployer/commands/generate/resource_allocation/resource_allocation_app.py @@ -3,6 +3,7 @@ nested as a sub-command named "resource-allocation" under the `generate` sub-command of the deployer. """ + import typer from deployer.cli_app import generate_app diff --git a/deployer/commands/validate/config.py b/deployer/commands/validate/config.py index 4e9eb2053f..59f66efdcd 100644 --- a/deployer/commands/validate/config.py +++ b/deployer/commands/validate/config.py @@ -2,6 +2,7 @@ Functions related to validating configuration files such as helm chart values and our cluster.yaml files """ + import functools import json import os diff --git a/deployer/keys/decrypt_age.py b/deployer/keys/decrypt_age.py index 59147c450e..f8f2b4b20e 100755 --- a/deployer/keys/decrypt_age.py +++ b/deployer/keys/decrypt_age.py @@ -1,6 +1,7 @@ """ Simple utility to decrypt secrets sent to `support@2i2c.org` via `age` """ + import pathlib import subprocess import sys diff --git a/deployer/utils/file_acquisition.py b/deployer/utils/file_acquisition.py index e54a8d6b5e..724502cb2a 100644 --- a/deployer/utils/file_acquisition.py +++ b/deployer/utils/file_acquisition.py @@ -2,6 +2,7 @@ Functions related to finding and reading files. Checking files exist, finding their absolute paths, decrypting and reading encrypted files when needed. """ + import json import os import subprocess diff --git a/docs/helper-programs/generate-general-info-table-about-hubs.py b/docs/helper-programs/generate-general-info-table-about-hubs.py index 2b94038cde..387f99d8cc 100644 --- a/docs/helper-programs/generate-general-info-table-about-hubs.py +++ b/docs/helper-programs/generate-general-info-table-about-hubs.py @@ -5,6 +5,7 @@ - docs/_static/hub-table.json is published with the docs and meant for reuse in other parts of 2i2c - docs/tmp/hub-table.csv is read by reference/hubs.md to create a list of hubs """ + import pandas as pd from utils import get_cluster_provider, get_clusters_list, write_to_json_and_csv_files from yaml import safe_load @@ -71,9 +72,11 @@ def build_hub_list_entry( "cluster": cluster["name"], "provider": provider, "data center location": datacentre_loc, # Americanising for you ;) - "UI console link": f"[Use with **{account}** account]({cluster_console_url})" - if cluster_console_url - else None, + "UI console link": ( + f"[Use with **{account}** account]({cluster_console_url})" + if cluster_console_url + else None + ), "admin_url": f"[admin](https://{hub['domain']}/hub/admin)", } diff --git a/docs/helper-programs/generate-hub-features-table.py b/docs/helper-programs/generate-hub-features-table.py index 8fd6e18a05..fc7a15e31b 100644 --- a/docs/helper-programs/generate-hub-features-table.py +++ b/docs/helper-programs/generate-hub-features-table.py @@ -5,6 +5,7 @@ - docs/_static/hub-options-table.json is published with the docs and meant for reuse in other parts of 2i2c - docs/tmp/hub-options-table.csv is read by reference/options.md to create a list of hubs """ + import hcl2 import pandas as pd from utils import ( diff --git a/extra-scripts/comment-deployment-plan-pr.py b/extra-scripts/comment-deployment-plan-pr.py index 66d8b9edec..00a092af79 100644 --- a/extra-scripts/comment-deployment-plan-pr.py +++ b/extra-scripts/comment-deployment-plan-pr.py @@ -4,6 +4,7 @@ to download the markdown content of the deployment plan from a GitHub Actions workflow artifact and then post it as a comment on the PR that generated the plan. """ + import io import os import re diff --git a/extra-scripts/comment-test-link-merged-pr.py b/extra-scripts/comment-test-link-merged-pr.py index d37402a333..f35eb80eb3 100644 --- a/extra-scripts/comment-test-link-merged-pr.py +++ b/extra-scripts/comment-test-link-merged-pr.py @@ -17,6 +17,7 @@ Pull Request number, and the name of the *other* workflow that we want to provide a link to. """ + import os import re import sys diff --git a/extra-scripts/rsync-active-users.py b/extra-scripts/rsync-active-users.py index 0659fd9146..348abbc01e 100755 --- a/extra-scripts/rsync-active-users.py +++ b/extra-scripts/rsync-active-users.py @@ -9,6 +9,7 @@ An environment variable 'JUPYTERHUB_ADMIN' must be set with an admin token, obtainable from {hub_url}/hub/token by an admin user. """ + import argparse import os import string diff --git a/noxfile.py b/noxfile.py index be7336dbd8..8b1ecb8938 100644 --- a/noxfile.py +++ b/noxfile.py @@ -9,6 +9,7 @@ - Install nox: pip install nox - Start a live reloading docs server: nox -- live """ + import nox nox.options.reuse_existing_virtualenvs = True From 3726c03cd8648735f8b3cf5b0ebec13264b07010 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 5 Feb 2024 20:17:23 +0100 Subject: [PATCH 409/494] Don't upgrade to v4 alpha of prettier It has caused some trouble, so lets wait --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 662daac0c6..d293354e1f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: markdown, yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v4.0.0-alpha.8 + rev: v3.1.0 hooks: - id: prettier From dce99f2dfe76ed06b99307aee2eeb3715a67322b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 6 Feb 2024 10:15:24 +0100 Subject: [PATCH 410/494] leap: remove ignored singleuser.image config for clarity --- config/clusters/leap/common.values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index 8053e5aadb..9681aaa7a8 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -76,9 +76,6 @@ basehub: - rabernat - jbusecke singleuser: - image: - name: pangeo/pangeo-notebook - tag: "2023.05.18" extraEnv: GH_SCOPED_CREDS_CLIENT_ID: "Iv1.0c7df3d4b3191b2f" GH_SCOPED_CREDS_APP_URL: https://github.com/apps/leap-hub-push-access From a0338c684940896ec12870bff7222a071ccbbc15 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 6 Feb 2024 10:41:09 +0000 Subject: [PATCH 411/494] Add nasa-openscapes-workshops to list of allowed orgs to access openscapes hubs --- config/clusters/openscapes/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index cb7dff1449..89e7bf70f4 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -46,6 +46,7 @@ basehub: - NASA-Openscapes:workshopaccess-2i2c - NASA-Openscapes:longtermaccess-2i2c - NASA-Openscapes:championsaccess-2i2c + - nasa-openscapes-workshops # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 kubespawner_override: image: openscapes/python:4f340eb profile_options: &profile_options From bb52ccaa6bb83abbcb71afec736b2802604b91c1 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 10:42:42 +0000 Subject: [PATCH 412/494] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- config/clusters/openscapes/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index 89e7bf70f4..e9ab82bde2 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -46,7 +46,7 @@ basehub: - NASA-Openscapes:workshopaccess-2i2c - NASA-Openscapes:longtermaccess-2i2c - NASA-Openscapes:championsaccess-2i2c - - nasa-openscapes-workshops # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 + - nasa-openscapes-workshops # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 kubespawner_override: image: openscapes/python:4f340eb profile_options: &profile_options From 50d27dcc66de6912276343a92df56c95bd7b2dcc Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 6 Feb 2024 10:52:46 +0000 Subject: [PATCH 413/494] Add gh-scoped-creds env vars for openscapes hubs --- config/clusters/openscapes/common.values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index cb7dff1449..2d5d12ec50 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -37,6 +37,9 @@ basehub: singleuser: serviceAccountName: cloud-user-sa defaultUrl: /lab + extraEnv: + GH_SCOPED_CREDS_CLIENT_ID: "Iv1.6981e043b45f042f" + GH_SCOPED_CREDS_ALL_URL: https://github.com/apps/openscapes-github-push-access profileList: - display_name: Python description: Python datascience environment From 0217a1f737ea39a885c11924fc3a277e2b655e7c Mon Sep 17 00:00:00 2001 From: Jenny Wong Date: Tue, 6 Feb 2024 11:53:29 +0000 Subject: [PATCH 414/494] Remove research-delight team and add showcase access to allowed_team --- config/clusters/2i2c-aws-us/showcase.values.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/config/clusters/2i2c-aws-us/showcase.values.yaml b/config/clusters/2i2c-aws-us/showcase.values.yaml index 42dabd1c59..aba420a672 100644 --- a/config/clusters/2i2c-aws-us/showcase.values.yaml +++ b/config/clusters/2i2c-aws-us/showcase.values.yaml @@ -40,7 +40,6 @@ basehub: oauth_callback_url: "https://showcase.2i2c.cloud/hub/oauth_callback" populate_teams_in_auth_state: true allowed_organizations: - - 2i2c-org:research-delight-team - 2i2c-community-showcase:access-2i2c-showcase - 2i2c-demo-hub-access:showcase-topst - ScienceCore @@ -122,7 +121,7 @@ basehub: description: "A shared machine, the recommended option until you experience a limitation." allowed_teams: &allowed_teams - 2i2c-org:hub-access-for-2i2c-staff - - 2i2c-org:research-delight-team + - 2i2c-community-showcase:access-2i2c-showcase profile_options: &profile_options image: display_name: Image @@ -209,7 +208,6 @@ basehub: slug: gpu allowed_teams: - 2i2c-org:hub-access-for-2i2c-staff - - 2i2c-org:research-delight-gpu-team description: "Start a container on a dedicated node with a GPU" profile_options: image: From 491e62622e3dce5687d775982ee265fbe6047c00 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Wed, 7 Feb 2024 14:06:33 +0000 Subject: [PATCH 415/494] Add specific teams from nasa-openscapes-workshops org for hub access --- config/clusters/openscapes/common.values.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index 89e7bf70f4..ae97b3607b 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -46,7 +46,11 @@ basehub: - NASA-Openscapes:workshopaccess-2i2c - NASA-Openscapes:longtermaccess-2i2c - NASA-Openscapes:championsaccess-2i2c - - nasa-openscapes-workshops # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 + # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 + - nasa-openscapes-workshops:AdminTeam + - nasa-openscapes-workshops:ChampionsAccess-2i2c + - nasa-openscapes-workshops:LongtermAccess-2i2c + - nasa-openscapes-workshops:WorkshopAccess-2i2c kubespawner_override: image: openscapes/python:4f340eb profile_options: &profile_options From 72c9adddb3acb21893946ec713e4f3cf5cb5b8c5 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 8 Feb 2024 10:49:27 +0000 Subject: [PATCH 416/494] Add the new teams in a few more places --- config/clusters/openscapes/common.values.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index ae97b3607b..3611afe3b6 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -128,6 +128,11 @@ basehub: - NASA-Openscapes:workshopaccess-2i2c - NASA-Openscapes:longtermaccess-2i2c - NASA-Openscapes:championsaccess-2i2c + # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 + - nasa-openscapes-workshops:AdminTeam + - nasa-openscapes-workshops:ChampionsAccess-2i2c + - nasa-openscapes-workshops:LongtermAccess-2i2c + - nasa-openscapes-workshops:WorkshopAccess-2i2c kubespawner_override: image: openscapes/rocker:a7596b5 # Ensures container working dir is homedir @@ -141,6 +146,11 @@ basehub: - NASA-Openscapes:workshopaccess-2i2c - NASA-Openscapes:longtermaccess-2i2c - NASA-Openscapes:championsaccess-2i2c + # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 + - nasa-openscapes-workshops:AdminTeam + - nasa-openscapes-workshops:ChampionsAccess-2i2c + - nasa-openscapes-workshops:LongtermAccess-2i2c + - nasa-openscapes-workshops:WorkshopAccess-2i2c kubespawner_override: image: openscapes/matlab:2023-11-28 profile_options: *profile_options @@ -178,6 +188,11 @@ basehub: - NASA-Openscapes:workshopaccess-2i2c - NASA-Openscapes:longtermaccess-2i2c - NASA-Openscapes:championsaccess-2i2c + # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 + - nasa-openscapes-workshops:AdminTeam + - nasa-openscapes-workshops:ChampionsAccess-2i2c + - nasa-openscapes-workshops:LongtermAccess-2i2c + - nasa-openscapes-workshops:WorkshopAccess-2i2c scope: - read:org Authenticator: From d92be33d548a941fa2dd9cb09baee6a2bdf7acdf Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Thu, 8 Feb 2024 17:40:17 +0000 Subject: [PATCH 417/494] Add nasa-openscapes-workshops AdminTeam and LongTermAccess-2i2c teams to 'bring your own image' profile --- config/clusters/openscapes/common.values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index 3611afe3b6..8d968456ea 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -160,6 +160,9 @@ basehub: allowed_teams: - NASA-Openscapes:longtermaccess-2i2c - 2i2c-org:hub-access-for-2i2c-staff + # Requested in: https://2i2c.freshdesk.com/a/tickets/1284 + - nasa-openscapes-workshops:AdminTeam + - nasa-openscapes-workshops:LongtermAccess-2i2c profile_options: image: display_name: Image From 6243b6197c5c40fc7b4623f40dbb0660516bcaeb Mon Sep 17 00:00:00 2001 From: Slesa Adhikari Date: Thu, 8 Feb 2024 12:49:39 -0500 Subject: [PATCH 418/494] Add `us-ghg-center` github org for graphana access --- config/clusters/nasa-ghg/support.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/nasa-ghg/support.values.yaml b/config/clusters/nasa-ghg/support.values.yaml index ef12eccfac..a0e6f0a718 100644 --- a/config/clusters/nasa-ghg/support.values.yaml +++ b/config/clusters/nasa-ghg/support.values.yaml @@ -13,7 +13,7 @@ grafana: root_url: https://grafana.nasa-ghg.2i2c.cloud/ auth.github: enabled: true - allowed_organizations: 2i2c-org + allowed_organizations: 2i2c-org us-ghg-center ingress: hosts: - grafana.nasa-ghg.2i2c.cloud From 49bbfc09bac6c500e34d4e2352cc04473ba74841 Mon Sep 17 00:00:00 2001 From: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> Date: Thu, 8 Feb 2024 17:51:36 +0000 Subject: [PATCH 419/494] fix typo Co-authored-by: Yuvi Panda --- config/clusters/openscapes/common.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/openscapes/common.values.yaml b/config/clusters/openscapes/common.values.yaml index 2d5d12ec50..6f4192195d 100644 --- a/config/clusters/openscapes/common.values.yaml +++ b/config/clusters/openscapes/common.values.yaml @@ -39,7 +39,7 @@ basehub: defaultUrl: /lab extraEnv: GH_SCOPED_CREDS_CLIENT_ID: "Iv1.6981e043b45f042f" - GH_SCOPED_CREDS_ALL_URL: https://github.com/apps/openscapes-github-push-access + GH_SCOPED_CREDS_APP_URL: https://github.com/apps/openscapes-github-push-access profileList: - display_name: Python description: Python datascience environment From 62098dd10d49a4477cb3b5a020397c2f158b0998 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 9 Feb 2024 12:36:14 +0200 Subject: [PATCH 420/494] Regenerate ghg grafana token --- config/clusters/nasa-ghg/enc-grafana-token.secret.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/clusters/nasa-ghg/enc-grafana-token.secret.yaml b/config/clusters/nasa-ghg/enc-grafana-token.secret.yaml index 1fbcb19e5e..5b31acf388 100644 --- a/config/clusters/nasa-ghg/enc-grafana-token.secret.yaml +++ b/config/clusters/nasa-ghg/enc-grafana-token.secret.yaml @@ -1,15 +1,15 @@ -grafana_token: ENC[AES256_GCM,data:/aUJUK4JYe9StYl6GFgdSDr4U0Gu/hWYrZFPrHiwakte522qWcLi41GlFtDcLg==,iv:5vHDygc6p4Z7KeaLtMAnRooUZXpM60YtWtYGAinvr7o=,tag:DhzypLdZH3Xj2rIAcY0NtQ==,type:str] +grafana_token: ENC[AES256_GCM,data:ihqjjOd72G4hmfEFbUvjqyW37toAyED1bAvexOSLi1sx0XoQ8d9nrOW4c6UtVg==,iv:I2NWn3h7ZRcYBpUJ+qlgRLj005Kp3/94YMvrvojhpRk=,tag:Qwk5kApDfracK+j7aWG+jA==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2023-08-01T04:13:35Z" - enc: CiUA4OM7eMF/JSawr4Gq4HWeu9qf8hXfRVMstEX5E0q2y2Oi4pxUEkkAyiwFHMPa7FIjUnCClxQkvPyFEp0gHa9g4N83mh6hLpTXcca9gE0MT/uHL+VU70osF0VGlJasDTPygGqcQlBkNjQsZrsLKCOf + created_at: "2024-02-09T10:34:14Z" + enc: CiUA4OM7eA1BDaIYR2kxnolHFaWLLlf+ZVjdmws2WpD2XdW0WpdxEkkAjTWv+jNxFWkW6Z05+jf+nJY9orGIzSyfX1BkxP/RFWYsar4WEizgP6upIlSVy+4IOtev1mwnyMO9COqTtnh+qSkqFvUJagb4 azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-08-01T04:13:35Z" - mac: ENC[AES256_GCM,data:bTYLCJokBwKg5PmG1Myys++tIuXGF9jpLfQxCCAvUg5VkFp/8SX4RpHcph2xUJqkXT9aELTnwGo5CcZurpCcXgcxN/FRWProRbO7i9oFTC2fbZg7MP7lrnOAy0quQ6CFPe15XYlGFSDdeabLX3RRDQ3j14vacPlwfI4r2jhY4L0=,iv:V/B1EYeD8qbPEzsvNYBy1mEkyHdX1ZkYr8j3qSTDopQ=,tag:mcKaH15YDZMewlV9Iyr4Hw==,type:str] + lastmodified: "2024-02-09T10:34:14Z" + mac: ENC[AES256_GCM,data:juFIE8Gf7IemXeQI488EGO1B+1BfWT/xsXS48bv5mpR/IRD1pbEeXdYMUfSac5LVaT7iZL0YzDEFoz756oxpxy04ob09xdtk/YYpdt2e9Gudi/F1skve7iPH12tN5aVaxuwqkRuT/ICcYYB6OKbAgF2wIZpdkqCFD7bDF/ul6KI=,iv:O/2Hz6QuohlVuG+4SbBWOS8WEhZ07Yyqdlscd1WyM8E=,tag:T90pbkmdC7fQbhymrwbklQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 From d074164604042ee5cfcd7ca3c4f0af1e4430e0cb Mon Sep 17 00:00:00 2001 From: Brian Freitag Date: Fri, 9 Feb 2024 16:00:36 -0600 Subject: [PATCH 421/494] Add additional team for NASA-GHG --- config/clusters/nasa-ghg/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-ghg/common.values.yaml b/config/clusters/nasa-ghg/common.values.yaml index ee71a39746..6d8d079496 100644 --- a/config/clusters/nasa-ghg/common.values.yaml +++ b/config/clusters/nasa-ghg/common.values.yaml @@ -49,6 +49,7 @@ basehub: - US-GHG-Center:ghg-use-case-3 - US-GHG-Center:ghg-external-collaborators - US-GHG-Center:ghg-ams-2024-workshop-access + - US-GHG-Center:ghg-trial-access scope: - read:org Authenticator: From de1fd59fd0dae9ab6ce8530ab8f5db756193a9f6 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 12 Feb 2024 11:38:46 -0800 Subject: [PATCH 422/494] Fix extra case sensitivity in GitHub teams check The community reproted an issue with people from the new organization being unable to login. This was the error message, only found in the logs. > Your GitHub team membership is insufficient to launch any server profiles. > > GitHub teams you are a member of that this JupyterHub knows about are > nasa-openscapes-workshops:workshopaccess-2i2c, > > If you are part of additional teams, log out of this JupyterHub and > log back in to refresh that information Looking at the *case* of the error message, we see that our config specifies `nasa-openscapes-workshops:WorkshopAccess-2i2c` while the team name returned to us by GitHub is all lower case instead. GitHub orgs are [not case sensitive](https://docs.github.com/en/rest/orgs/orgs?apiVersion=2022-11-28#get-an-organization), and it was not clear to me if *teams* are or are not. Nevertheless, I verified that you can not actually create a different team in the same org with the same name but different case. This patch casefolds all the team and org names we use, so comparisons are case insensitive. casefold works for all languages, while calling `.lower()` only works for a subset of languages. Ref https://github.com/2i2c-org/infrastructure/issues/3695 --- helm-charts/basehub/values.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index ec16311659..dde5aa20ba 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -868,7 +868,9 @@ jupyterhub: raise web.HTTPError(403) # Format user's teams in auth_state to "org:team" - teams = set([f'{team["organization"]["login"]}:{team["slug"]}' for team in auth_state["teams"]]) + # casefold them so we can do case insensitive comparisons, as github itself is case insensitive (but preserving) + # for orgs and teams + teams = set([f'{team["organization"]["login"]}:{team["slug"]}'.casefold() for team in auth_state["teams"]]) print(f"User {spawner.user.name} is part of teams {' '.join(teams)}") # Filter out profiles with allowed_teams set if the user isn't part @@ -882,8 +884,10 @@ jupyterhub: # allowed_teams can be "org" or "org:team", and we check # membership just in time for orgs if needed - allowed_orgs = set([o for o in allowed_teams if ':' not in o]) - allowed_teams = set([t for t in allowed_teams if ':' in t]) + # casefold them so we can do case insensitive comparisons, as github itself is case insensitive (but preserving) + # for orgs and teams + allowed_orgs = set([o.casefold() for o in allowed_teams if ':' not in o]) + allowed_teams = set([t.casefold() for t in allowed_teams if ':' in t]) if allowed_teams & teams: print(f"Allowing profile {profile['display_name']} for user {spawner.user.name} based on team membership") From 9ba7699f13566c978c0687f0abe6fdecbeb4d7df Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 13 Feb 2024 09:04:05 +0100 Subject: [PATCH 423/494] cloudbank, ccsf: add access for spring semester tutors --- config/clusters/cloudbank/ccsf.values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/clusters/cloudbank/ccsf.values.yaml b/config/clusters/cloudbank/ccsf.values.yaml index 7039b61fff..6358bea5b5 100644 --- a/config/clusters/cloudbank/ccsf.values.yaml +++ b/config/clusters/cloudbank/ccsf.values.yaml @@ -45,6 +45,12 @@ jupyterhub: Authenticator: allowed_users: - clare.alice.heimer@gmail.com + # Below are UC Berkeley tutors for spring semester 2024 + - k_usovich@berkeley.edu + - bellajzhang@berkeley.edu + - freddygoh21@berkeley.edu + - knnebedum@berkeley.edu + - kingsun@berkeley.edu admin_users: - ericvd@berkeley.edu - sean.smorris@berkeley.edu From 8e41d2db91f11863b2bf5d19a07b0dcc2920a9cd Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 13 Feb 2024 10:54:10 +0100 Subject: [PATCH 424/494] victor, all hubs: remove ignored singleuser.image config for clarity --- config/clusters/victor/common.values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/clusters/victor/common.values.yaml b/config/clusters/victor/common.values.yaml index d39ab2f1fa..f84eb373c3 100644 --- a/config/clusters/victor/common.values.yaml +++ b/config/clusters/victor/common.values.yaml @@ -81,9 +81,6 @@ basehub: node_selector: node.kubernetes.io/instance-type: m5.8xlarge defaultUrl: /lab - image: - name: pangeo/pangeo-notebook - tag: "2022.09.21" scheduling: userScheduler: enabled: true From 6d23d4758009d68cd4ea98d6b258777a82e123d5 Mon Sep 17 00:00:00 2001 From: James Munroe Date: Tue, 13 Feb 2024 14:55:44 -0500 Subject: [PATCH 425/494] update image tags for hhmi and spyglass --- config/clusters/hhmi/common.values.yaml | 2 +- config/clusters/hhmi/spyglass.values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/clusters/hhmi/common.values.yaml b/config/clusters/hhmi/common.values.yaml index 508ac5ad9b..253be572e9 100644 --- a/config/clusters/hhmi/common.values.yaml +++ b/config/clusters/hhmi/common.values.yaml @@ -144,7 +144,7 @@ basehub: display_name: Spyglass slug: spyglass kubespawner_override: - image: "quay.io/lorenlab/hhmi-spyglass-image:c307f9418a60" + image: "quay.io/lorenlab/hhmi-spyglass-image:78764087554d" - display_name: "Community Images" description: "Start a container with a community maintained image" slug: community diff --git a/config/clusters/hhmi/spyglass.values.yaml b/config/clusters/hhmi/spyglass.values.yaml index 5a7b07ad78..74a3443bf6 100644 --- a/config/clusters/hhmi/spyglass.values.yaml +++ b/config/clusters/hhmi/spyglass.values.yaml @@ -64,8 +64,8 @@ jupyterhub: readOnly: true defaultUrl: /lab image: - name: quay.io/2i2c/hhmi-spyglass-image - tag: "67523d9ea855" + name: quay.io/lorenlab/hhmi-spyglass-image + tag: "78764087554d" memory: limit: 3.4G guarantee: 3.4G From e71dde72afd290a411b3f7c91684c025f0b294df Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 14 Feb 2024 09:24:08 +0100 Subject: [PATCH 426/494] nasa-veda: add bucket permissions to terraform added outside terraform --- terraform/aws/projects/nasa-veda.tfvars | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index a06e4796ae..df4681f32f 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -58,7 +58,9 @@ hub_cloud_permissions = { "arn:aws:s3:::maap-ops-workspace", "arn:aws:s3:::maap-ops-workspace/*", "arn:aws:s3:::nasa-maap-data-store", - "arn:aws:s3:::nasa-maap-data-store/*" + "arn:aws:s3:::nasa-maap-data-store/*", + "arn:aws:s3:::sdap-dev-zarr", + "arn:aws:s3:::sdap-dev-zarr/*" ] }, { @@ -113,7 +115,9 @@ hub_cloud_permissions = { "arn:aws:s3:::maap-ops-workspace", "arn:aws:s3:::maap-ops-workspace/*", "arn:aws:s3:::nasa-maap-data-store", - "arn:aws:s3:::nasa-maap-data-store/*" + "arn:aws:s3:::nasa-maap-data-store/*", + "arn:aws:s3:::sdap-dev-zarr", + "arn:aws:s3:::sdap-dev-zarr/*" ] }, { From 4755861b4bfd5d4fc765be2f9b5f8015274edfd0 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 14 Feb 2024 09:40:33 +0100 Subject: [PATCH 427/494] nasa smce clusters: re-generate deployer credentials --- .../enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-ghg/enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-veda/enc-deployer-credentials.secret.json | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json index ed06b36be2..5368a3d083 100644 --- a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:oPKOsurPOC6y9M/1fC+zXWRPlLc=,iv:x/4c7QaVebYIgv1dRz+TrKi26SHx+4Du+6nveh1YCn4=,tag:f98HqtXCHLjwzMqakwJZew==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:2wgKlpvDw58nG8I8De1OGuY/iMRBI0YBuOT4PyrS+ftK1z3XaOHE2g==,iv:OjcEoj5TOw0CfgpP0JB3MIUsPX7BuD41UHeKN5X6mWU=,tag:qIPK9FshxAmxQR0eu43obA==,type:str]", - "UserName": "ENC[AES256_GCM,data:V3gK4fwvdg6S0Gqm+OMYYQ+CHPaHwx8=,iv:KgqXw4up32lco9+4FJug/59ZxPtp37OSsWeKKuFtM1E=,tag:Dl8I+Q9wZ3iG6vLqtBOuLA==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:qFl+zOe2m7SnHq0c9nSOap+942U=,iv:m19mljbHzK5JgN7dzTgv6HZ+ughWP1NgJixRJx87hXw=,tag:UqZcqL2l8qpn6cMkadIf9Q==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:dYcC/STqxXdamGsD2EXA0av1JhQawniFMxpwTrppUanrVxm6UEQsyQ==,iv:xmgUAqlHfgIiDK9GKV2ehGz+9eomwz76Ac+XAzghKos=,tag:O0f7rym0GLJYOWCXCAU7hA==,type:str]", + "UserName": "ENC[AES256_GCM,data:ckDpLNhDShNT10PvQAm9v+9AVx9ZSWk=,iv:PHNDSUAeoBeecRgEWLOrUjnNTd1pyyw6CzLWb/62DmU=,tag:yrl+cpujI9y0S4AQq8XkjA==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-01-04T23:28:35Z", - "enc": "CiUA4OM7eEbZmWcl3SiVG55lrCeNODpLG1k9+umcz3UTw5P2figfEkkAjTWv+piz7M8eFX8o1DVN9zQSgsExgMSC3Ht8Gfy+HQFZMzxSn996JakPNi8m94+LtpZS4cjbqi2jRIEnCMCFhZWNzDRbazvI" + "created_at": "2024-02-14T08:37:56Z", + "enc": "CiUA4OM7eI6f19C8pTp8BaZcdj00p3jDgRvefeB5v5VdgMIrmHAlEkkAXoW3JvAcx7P2IF4JUPEsq3itBPUjfKqOluTg+069G2tDwBdRUv+0lBYjv7EuSyRIbPNoLkMZHxfXCE7amiptD4jouY7UejUD" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-01-04T23:28:36Z", - "mac": "ENC[AES256_GCM,data:39hU3JfFxp0+s0adR2OPJv+QXVW81kYXXQ4BzUYAA7cCmRA4o9jQWE+9qAPBVmpWU0zi5WeSAsAJtRV28apcQGcNd4hqtB405dxxsX3cTIlviiAgPggsiS8ZEte5KutCa5BmKkXdMzMxZkMLgbj61K7YlCat82yi3dosHL1rSGA=,iv:jrx0m5+BJab3AeSay9mdZRSwlluDeMiZiVSM60HEUbM=,tag:nK4SFQWnGj+xtB1Jt1YXTw==,type:str]", + "lastmodified": "2024-02-14T08:37:56Z", + "mac": "ENC[AES256_GCM,data:ZcqsPCdH+dqcoEIl1PG/7t9ZWLEWdO5Ql4Li0UuffmEQ/5uDjsoemcS91z88M8WC33xm22BN3FbXzl7FlKroCg/rVbK81HS11Dnv2zuvs510rgcNXdQh8pEhXaesUQ208WTU1j0Yn614QrIs9fd+VOgqwkkUx7Hj4Fmq3x5Wz+Q=,iv:cIa4Dj5dyCAQ9ixCFn4fJo5fOrUYZY/eXUICh81a0sI=,tag:Gb4+ZGrPchM0xyRBaHUNIQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json index 055b33fb46..b08974a6da 100644 --- a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:vXMsN91BXqgdF7KXxqX86p61aDo=,iv:P+RyTSlHiqSB9wu0lWJztJkuHwcPsmGQXNEzHM65XR4=,tag:Q/4fuVHgLFxXRNQ0LxCcvg==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:px56aI9GMUgkvcbYj001XHhxfMo1nWaWxiBuuIT1x1+N70fE8YFaIw==,iv:xmhfzt1JqlEHESWZnirojcVBvsJTk9hqF7Om3YKUHOs=,tag:y3PN+YRl50FDieRIl9QRyA==,type:str]", - "UserName": "ENC[AES256_GCM,data:pQeaY7atRNpI/i8ah9AKprHp194sbuA=,iv:74ae090GbgcxudUi/cDeV46CJX9v5qNBKK3+zk0HCu0=,tag:dT7+f0JuJC1NfaizUFbB9w==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:Gt1qbIr5LxRbyiXAsatdrnoXKE0=,iv:anT4NC8bEs2MSCOkb3PL+j0EWteLGJz2dfSl5b30js4=,tag:0TJ8Uz29W+mrTgu8toFeDw==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:J9JP9vHVPA6FO9gpORDDdttpLmIEPO33p3YghRs7RYRuzx3jO7hghA==,iv:wdG0no8rWt2lhN+I1Sw/bJr1Fm7JLIJ/AttFhBCTy1E=,tag:mtdhCuQDDz5Dt5GscBKVaw==,type:str]", + "UserName": "ENC[AES256_GCM,data:3qXSpMQIG+hxZfTmEP18b8MbKIq9Qa8=,iv:Du4iyzxGWc92f2JIWZ2rnBxvquve28KYiKxSa3G3Nz0=,tag:U4pECdtiK5G8XMm5OzKbJQ==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-01-04T23:10:31Z", - "enc": "CiUA4OM7eKIg03EAlCM64KT1ZKrqMBL0QvL7zgFEAVQiIWcgjSWeEkkAjTWv+pfKWeZpLUe4MO5M3t7qdwzWD9mP7QpARXmCvwULPVP79EKzCHaErQHIa0Sq8g3ZvZHn2IpaSEGqvSg08rnL2UvPXWn2" + "created_at": "2024-02-14T08:37:35Z", + "enc": "CiUA4OM7eM5ZIXKj0JAXCpV7NLjQfnnLeUsxAoE5iX4w1HeQuaK2EkkAXoW3JuZcKpWFddOTHzGdV5hiwLyUqpsNzko+L7ydRFPPjmmc0SetkuqkeGG/chEsn7IbkDHUyUS4UAZ7qYNloZM2EA3leNG9" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-01-04T23:10:31Z", - "mac": "ENC[AES256_GCM,data:ThsEIM/YzZyCVCUsnSqoR3gMC+WDt6PyFHY4bSdI5zwD7gbW3V//GK/xUz0XcYsTmKqgL3b99mv3yK1EOyDlYj0LZoLOLZg8nh7Cc9JaiFA4fuvDu/b5r2hA1zYLERxJnJftlqG5sA4nDzv1wnNWf/LL0jzxApvlHty7g1Oa5BU=,iv:sp6AifQVyXgrHTVrIPEGzekhvyfA5syIA2YthhMuJsQ=,tag:k7L2uvgirZkoV5tG1aKLkA==,type:str]", + "lastmodified": "2024-02-14T08:37:36Z", + "mac": "ENC[AES256_GCM,data:fBdPDUC9r04k/P1iPu36sTn6jtzaC1dRWDtxt/i9ry2Uimyt9dX7zK+hNUkgQsixrwKF2SDcw1+G7q3CYmjgt/sw/1uLoJBdkxU1teE/dommdj6hw63ZfSycDFoO4EG6SM2iieiNxl3ivN1/Kyg8lO9EAO//5uRu9hZANHtrKGw=,iv:JV+G/2NAiCd8zdM5pm9XgrOaeMk/AyVrB3ncqUAJPOw=,tag:CmWySDChnR+w5ZLU66XHJQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json index 94c8435b3b..e50731607a 100644 --- a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:3raNFoP4EOz5brXR10QdppGdRoQ=,iv:CHhvKsS+eZwCA+ryRkiHKGuyzH5YI1fCsChalBdm/3M=,tag:j92XTrA1OxZBQGZIj4eQSg==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:uJfSLuUpvtxEPQLV7AUY5+g948dr0kyMGcfSIqRDaCI1bGKOZjjx6g==,iv:lnlnK8ZcvAswaiE5U4qPE6LCTIubgPfWEoq9zIvvaRQ=,tag:0IwOhy99k21ifv0jzMwhMQ==,type:str]", - "UserName": "ENC[AES256_GCM,data:uCxkY2QPKebMKHAnGRi0/LZg8vePcMI=,iv:+E1dTSDk93Gtsd9pPVoyFULI641SBkjFOaXeG5Z1J+o=,tag:gpNsfqEsqqGKLY1ytqMihw==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:B//0d0fUA5I29nngWNCXIahCA0o=,iv:1FLf+0o43t45GXWx8hkpHSnHXymuSp2J4xnUepSzsWk=,tag:vFe7Y2Ox+kNgfCpaQ5l/Iw==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:zB5rgp05IVWbzd/ZF8zYc0PCy3hPeJO7DTtp5QzkeB9Up/zIbN6XrQ==,iv:usRkrMXk7ZuD52E6jaZJnqK9fejKFJhI7QOTAHmd1Hs=,tag:IgRRfLc2HhPCXbWpvMrVQA==,type:str]", + "UserName": "ENC[AES256_GCM,data:0ztpROiUhXLYefsxji94vPDsXU6J/M4=,iv:RHqWoHdWQdvdYzadQgbYHmkYbxPGAWPZrb7+i332jQA=,tag:k/ajOUWbKd/PZFdm13ZvXA==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-01-04T23:06:56Z", - "enc": "CiUA4OM7eM8HZ6FS+hnOqcl86XpGiYj9GeOW3aeoFnMpu6VkVoDsEkkAjTWv+iU0Yu+kXQ8FodYPhsM8asnqX1CjZ5pqIQCU0fY1qKxZ/SQNwL4rPb44VIWeYtnne3M6pZJOwtDQvtElowmuOkjEfrsz" + "created_at": "2024-02-14T08:36:56Z", + "enc": "CiUA4OM7eDh9sk57G2y6Mib1AIKRFjkjL6sX9ZqzhXI504Uzhya6EkkAXoW3JlP/CCOgdK7FC9JBC6KXZsH9sgca8WG+T9tpjrS9CL/uROoHn9LiQNM0R/72LyDil99hbEdwWwLcLt0zf4bKk7k3QLQ7" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-01-04T23:06:57Z", - "mac": "ENC[AES256_GCM,data:yU4oEi/fef0HKtezbjkjcNmKM/1LNUhdUPQMOHixsstaGoETva6BHYh+5YtHAdepDPfEd76y9vC4OeIZ2Aenilq6Qe3B2ar+lIGy0CA/Ph1KjS1+Q9/5v0vc9hlReNtpjoqz3xtx320sP0NwlIlKXNwg52xQQzQrvGOvFjzhLoA=,iv:GBR/zD7oynCaDSvF+Ec937VHKgNCcNIuuTO7EtKcfRg=,tag:EdbJ9VOE8/0TCA35SsMyKQ==,type:str]", + "lastmodified": "2024-02-14T08:36:57Z", + "mac": "ENC[AES256_GCM,data:UXLBG1lKAQl2UNb5QtBhHXZttfXpIyilC6XCVOQSN7zfO3dqPkRtZ8OKC54jp0Zs4+Fq5nGOPWhQhptCWFGDMKthFJ6uL4juVYuNOXbe6ouvSSCLKzdZKMXssgtp2GomU9MVR5SixEGXH3wrgQQvE7WCOUzDYGTdSYJkxJh9yRo=,iv:IlVFKWD4cC7nT5VGxnDbnBNctDtP1FgHKGG9sxNX/0I=,tag:0DhbeKEi84/Y1vRw5JVBWA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" From 5e8825d3a0bf739e76188eb153d9027172ab60fc Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 16 Nov 2023 20:21:36 +0530 Subject: [PATCH 428/494] Clarify what the requestor_pays flag does --- terraform/aws/variables.tf | 14 ++++++++++---- terraform/gcp/variables.tf | 10 ++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index 281374d1b5..1874ff88c3 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -44,7 +44,11 @@ variable "user_buckets" { } variable "hub_cloud_permissions" { - type = map(object({ requestor_pays : bool, bucket_admin_access : set(string), extra_iam_policy : string })) + type = map(object({ + allow_access_to_requestor_pays_buckets : optional(bool, false), + bucket_admin_access : set(string), + extra_iam_policy : string + })) default = {} description = <<-EOT Map of cloud permissions given to a particular hub @@ -52,9 +56,11 @@ variable "hub_cloud_permissions" { Key is name of the hub namespace in the cluster, and values are particular permissions users running on those hubs should have. Currently supported are: - 1. requestor_pays: Identify as coming from the google cloud project when accessing - storage buckets marked as https://cloud.google.com/storage/docs/requester-pays. - This *potentially* incurs cost for us, the originating project, so opt-in. + 1. allow_access_to_requestor_pays_buckets: Allow code running in user servers from this + hub to identify as coming from this particular GCP project when accessing GCS buckets + marked as 'requestor_pays'. In this case, the egress costs will + be borne by the project *containing the hub*, rather than the project *containing the bucket*. + Egress costs can get quite expensive, so this is 'opt-in'. 2. bucket_admin_access: List of S3 storage buckets that users on this hub should have read and write permissions for. 3. extra_iam_policy: An AWS IAM Policy document that grants additional rights to the users diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 91a7526f3e..37068e7b8d 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -401,7 +401,7 @@ variable "max_cpu" { variable "hub_cloud_permissions" { type = map( object({ - requestor_pays : bool, + allow_access_to_requestor_pays_buckets : optional(bool, false), bucket_admin_access : set(string), bucket_readonly_access : optional(set(string), []), hub_namespace : string @@ -414,9 +414,11 @@ variable "hub_cloud_permissions" { Key is name of the hub namespace in the cluster, and values are particular permissions users running on those hubs should have. Currently supported are: - 1. requestor_pays: Identify as coming from the google cloud project when accessing - storage buckets marked as https://cloud.google.com/storage/docs/requester-pays. - This *potentially* incurs cost for us, the originating project, so opt-in. + 1. allow_access_to_requestor_pays_buckets: Allow code running in user servers from this + hub to identify as coming from this particular GCP project when accessing GCS buckets + marked as 'requestor_pays'. In this case, the egress costs will + be borne by the project *containing the hub*, rather than the project *containing the bucket*. + Egress costs can get quite expensive, so this is 'opt-in'. 2. bucket_admin_access: List of GCS storage buckets that users on this hub should have read and write permissions for. EOT From 38e0d89f4b872fd522af628f836565327a9b29f5 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 14 Feb 2024 16:06:22 +0200 Subject: [PATCH 429/494] Update requester_pays docs with clarifications --- docs/howto/features/cloud-access.md | 8 ++++---- docs/topic/features.md | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/docs/howto/features/cloud-access.md b/docs/howto/features/cloud-access.md index 5dd9ef9d74..7b50a3c273 100644 --- a/docs/howto/features/cloud-access.md +++ b/docs/howto/features/cloud-access.md @@ -42,7 +42,7 @@ This AWS IAM Role is managed via terraform. ``` hub_cloud_permissions = { "": { - requestor_pays : true, + allow_access_to_requestor_pays_buckets : true, bucket_admin_access : ["bucket-1", "bucket-2"] hub_namespace : "" } @@ -55,9 +55,9 @@ This AWS IAM Role is managed via terraform. and the cluster name together can't be more than 29 characters. `terraform` will complain if you go over this limit, so in general just use the name of the hub and shorten it only if `terraform` complains. - 2. (GCP only) `requestor_pays` enables permissions for user pods and dask worker - pods to identify as the project while making requests to Google Cloud Storage - buckets marked as 'requestor pays'. More details [here](topic:features:cloud:gcp:requestor-pays). + 2. (GCP only) `allow_access_to_requestor_pays_buckets` enables permissions for user pods and dask worker + pods to identify as the project while making requests to other Google Cloud Storage + buckets, outside of this project, that have 'Requester Pays' enabled. More details [here](topic:features:cloud:gcp:requestor-pays). 3. `bucket_admin_access` lists bucket names (as specified in `user_buckets` terraform variable) all users on this hub should have full read/write access to. Used along with the [user_buckets](howto:features:storage-buckets) diff --git a/docs/topic/features.md b/docs/topic/features.md index 517f7fee16..e3235ea69b 100644 --- a/docs/topic/features.md +++ b/docs/topic/features.md @@ -34,9 +34,23 @@ the data. This is very commonly used by organizations that provide big datasets on Google Cloud storage, to sustainably share costs of maintaining the data. When this feature is enabled, users on a hub accessing cloud buckets from -other organizations marked as 'requestor pays' will increase our cloud bill. +other organizations marked as 'Requester Pays' will increase our cloud bill. Hence, this is an opt-in feature. +```{important} +This feature enables the hub users to access `Requester Pays` buckets, +**outside** of their project. + +However, note that this feature **does not** control which buckets **inside** +the project will have `Requester Pays` enabled for themselves. + +This can be checked from the console following these steps in the +[GCP docs](`Requester Pays`). Enabling/disabling the `Requester Pays` +setting on a bucket can be achieved following +[this other section](https://cloud.google.com/storage/docs/using-requester-pays#set) + of the GCP docs. +``` + (topic:features:cloud:scratch-buckets)= ## 'Scratch' buckets on object storage From 930a530c5ffc320a9ba0dd4ae3a70ffb8cad878a Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 15 Feb 2024 11:29:55 +0200 Subject: [PATCH 430/494] Add bring your own image profile --- .../2i2c-aws-us/itcoocean.values.yaml | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/config/clusters/2i2c-aws-us/itcoocean.values.yaml b/config/clusters/2i2c-aws-us/itcoocean.values.yaml index 99b8abf493..e06d5e12d9 100644 --- a/config/clusters/2i2c-aws-us/itcoocean.values.yaml +++ b/config/clusters/2i2c-aws-us/itcoocean.values.yaml @@ -241,6 +241,92 @@ jupyterhub: mem_guarantee: 115.549G mem_limit: 128G cpu_guarantee: 15.0 + - display_name: "Bring your own image" + description: Specify your own docker image (must have python and jupyterhub installed in it) + slug: custom + allowed_teams: + # Requested in: https://2i2c.freshdesk.com/a/tickets/1320 + - Hackweek-ITCOocean:itcoocean-hackweek-2023 + - nmfs-opensci:2i2c-demo + - 2i2c-org:hub-access-for-2i2c-staff + profile_options: + image: + display_name: Image + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: {} + resource_allocation: + display_name: Resource Allocation + choices: + mem_1_9: + display_name: 1.9 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 1992701952 + mem_limit: 1992701952 + cpu_guarantee: 0.234375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 3985403904 + mem_limit: 3985403904 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 7970807808 + mem_limit: 7970807808 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 15941615616 + mem_limit: 15941615616 + cpu_guarantee: 1.875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 31883231232 + mem_limit: 31883231232 + cpu_guarantee: 3.75 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_60_6: + display_name: 60.6 GB RAM, upto 15.7 CPUs + kubespawner_override: + mem_guarantee: 65094813696 + mem_limit: 65094813696 + cpu_guarantee: 7.86 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge + mem_121_2: + display_name: 121.2 GB RAM, upto 15.7 CPUs + kubespawner_override: + mem_guarantee: 130189627392 + mem_limit: 130189627392 + cpu_guarantee: 15.72 + cpu_limit: 15.72 + node_selector: + node.kubernetes.io/instance-type: r5.4xlarge kubespawner_override: cpu_limit: null mem_limit: null From fec6d4d88c28e8a7f071399629eb47b0cd1073d8 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 15 Feb 2024 12:28:22 +0200 Subject: [PATCH 431/494] Update the enable/disable instructure to not be overwritable by an apply --- docs/topic/features.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/topic/features.md b/docs/topic/features.md index e3235ea69b..20141c2f91 100644 --- a/docs/topic/features.md +++ b/docs/topic/features.md @@ -44,11 +44,14 @@ This feature enables the hub users to access `Requester Pays` buckets, However, note that this feature **does not** control which buckets **inside** the project will have `Requester Pays` enabled for themselves. -This can be checked from the console following these steps in the -[GCP docs](`Requester Pays`). Enabling/disabling the `Requester Pays` -setting on a bucket can be achieved following -[this other section](https://cloud.google.com/storage/docs/using-requester-pays#set) - of the GCP docs. +1. This can be **checked** from the console following these steps in the +[GCP docs](https://cloud.google.com/storage/docs/using-requester-pays#check) or +by checking the `user_buckets` configuration in the project's terraform config +file if any `requester_pays` flag is specified because it is disabled by default. + +2. **Enabling or disabling** the `Requester Pays` flag on a bucket can be achieved by +setting the [`requestor_pays`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#requester_pays) flag to true in our terraform config +`user_buckets` variable as described in [](howto:features:storage-buckets). ``` (topic:features:cloud:scratch-buckets)= From 8cf8947babab2326bd43f0a8c7e483d5e4d376f2 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 15 Feb 2024 12:28:50 +0200 Subject: [PATCH 432/494] Also provide a technical example of the setup --- docs/howto/features/buckets.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/howto/features/buckets.md b/docs/howto/features/buckets.md index c7150fb67d..b3a8a85fbb 100644 --- a/docs/howto/features/buckets.md +++ b/docs/howto/features/buckets.md @@ -106,6 +106,35 @@ user_buckets = { } ``` +## Enabling Requester Pays flag on buckets + +Some hubs want to expose a particular bucket to the broad internet +but not be billed for the charges associated with making and executing the +requests on this bucket. + +By enabling the [Requester Pays flag](https://cloud.google.com/storage/docs/using-requester-pays#using), +the requesters are required to include a billing project in their requests, +which will mean that the billing will happen on the requester's project. + +Enabling Requester Pays is useful, for example, if the communities have a lot +of data that they want to make available to others, but don't want to be +charged for their access to that data. + +This can be enabled by setting the `requester_pays` parameter in `user_buckets` +for the appropriate bucket, and running `terraform apply`. + +Example: + +```terraform +user_buckets = { + "persistent": { + "delete_after": null, + "public_access": true, + "requester_pays": true + } +} +``` + ## Enable access logs for objects in a bucket ### GCP From 012872c395e1f13b1ff8e3763607f301611a4b1b Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 16 Feb 2024 10:04:14 +0200 Subject: [PATCH 433/494] Default new profile to lab interface --- config/clusters/2i2c-aws-us/itcoocean.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/2i2c-aws-us/itcoocean.values.yaml b/config/clusters/2i2c-aws-us/itcoocean.values.yaml index e06d5e12d9..87f889e08b 100644 --- a/config/clusters/2i2c-aws-us/itcoocean.values.yaml +++ b/config/clusters/2i2c-aws-us/itcoocean.values.yaml @@ -328,6 +328,7 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.4xlarge kubespawner_override: + default_url: /lab cpu_limit: null mem_limit: null node_selector: From dbdc18230fd810d53a6be3b9d4022bb2f0d0e057 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Wed, 14 Feb 2024 00:56:35 -0300 Subject: [PATCH 434/494] catalyst latam: Standarize profileList --- .../catalystproject-latam/cicada.values.yaml | 32 ---- .../catalystproject-latam/common.values.yaml | 180 ++++++------------ 2 files changed, 63 insertions(+), 149 deletions(-) diff --git a/config/clusters/catalystproject-latam/cicada.values.yaml b/config/clusters/catalystproject-latam/cicada.values.yaml index 1d9e18a963..31dce27c18 100644 --- a/config/clusters/catalystproject-latam/cicada.values.yaml +++ b/config/clusters/catalystproject-latam/cicada.values.yaml @@ -37,35 +37,3 @@ jupyterhub: admin_users: - mfariello - luciauy - singleuser: - profileList: - - display_name: Jupyter - slug: jupyter-scipy - description: "Python environment" - default: true - kubespawner_override: - image: jupyter/scipy-notebook:2023-06-27 - default_url: /lab - profile_options: &profile_options - resource_allocation: - display_name: Resource Allocation - choices: - mem_8: - default: true - display_name: ~8 GB RAM, ~1.0 CPU - kubespawner_override: - mem_guarantee: 6.684G - cpu_guarantee: 0.75 - mem_limit: null - cpu_limit: null - node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 - - display_name: RStudio - description: R environment - kubespawner_override: - image: rocker/binder:4.3 - default_url: /rstudio - # Ensures container working dir is homedir - # https://github.com/2i2c-org/infrastructure/issues/2559 - working_dir: /home/rstudio - profile_options: *profile_options diff --git a/config/clusters/catalystproject-latam/common.values.yaml b/config/clusters/catalystproject-latam/common.values.yaml index 5174a4ffe2..6d1bb24bbd 100644 --- a/config/clusters/catalystproject-latam/common.values.yaml +++ b/config/clusters/catalystproject-latam/common.values.yaml @@ -12,134 +12,80 @@ jupyterhub: hub: allowNamedServers: true singleuser: - image: - # This image specification is likely overridden via the configurator. - # - # jupyter/scipy-notebook is maintained at: https://github.com/jupyter/docker-stacks - # tags can be viewed at: https://hub.docker.com/r/jupyter/scipy-notebook/tags - name: jupyter/scipy-notebook - tag: "2023-07-06" profileList: - # NOTE: About node sharing - # - # CPU/Memory requests/limits are actively considered still. This - # profile list is setup to involve node sharing as considered in - # https://github.com/2i2c-org/infrastructure/issues/2121. - # - # - Memory requests are different from the description, based on: - # what's found to remain allocate in k8s, subtracting 1GiB - # overhead for misc system pods, and transitioning from GB in - # description to GiB in mem_guarantee - # https://cloud.google.com/kubernetes-engine/docs/concepts/plan-node-sizes. - # - # - CPU requests are lower than the description, with a factor - # that depends on the node's total CPU like: (node_cpu - 1)/node_cpu - # - # The purpose of this is to ensure that we manage to schedule pods - # even if system pods have requested up to 1 CPU. - # - # 4 CPU node: 0.75 - # 16 CPU node: 0.9375 - # 64 CPU node: 0.984375 - # - - display_name: "Small: up to 4 CPU / 32 GB RAM" - description: &profile_list_description "Start a container with at least a chosen share of capacity on a node of this type" - slug: small + - display_name: Jupyter SciPy Notebook + description: Python environment + slug: jupyter default: true - profile_options: - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share - choices: - mem_1: - default: true - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.836G - cpu_guarantee: 0.094 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.671G - cpu_guarantee: 0.188 - mem_4: - display_name: ~4 GB, ~0.5 CPU - kubespawner_override: - mem_guarantee: 3.342G - cpu_guarantee: 0.375 - mem_8: - display_name: ~8 GB, ~1.0 CPU - kubespawner_override: - mem_guarantee: 6.684G - cpu_guarantee: 0.75 - mem_16: - display_name: ~16 GB, ~2.0 CPU - kubespawner_override: - mem_guarantee: 13.369G - cpu_guarantee: 1.5 - mem_32: - display_name: ~32 GB, ~4.0 CPU - kubespawner_override: - mem_guarantee: 26.738G - cpu_guarantee: 3.0 kubespawner_override: - cpu_limit: null - mem_limit: null + image: jupyter/scipy-notebook:2023-06-27 + default_url: /lab node_selector: node.kubernetes.io/instance-type: n2-highmem-4 - - display_name: "Medium: up to 16 CPU / 128 GB RAM" - description: *profile_list_description - slug: medium - profile_options: - requests: - # NOTE: Node share choices are in active development, see comment - # next to profileList: above. - display_name: Node share + profile_options: &profile_options + resource_allocation: &resource_allocation + display_name: Resource Allocation choices: - mem_1: - display_name: ~1 GB, ~0.125 CPU - kubespawner_override: - mem_guarantee: 0.903G - cpu_guarantee: 0.117 - mem_2: - display_name: ~2 GB, ~0.25 CPU - kubespawner_override: - mem_guarantee: 1.805G - cpu_guarantee: 0.234 - mem_4: + mem_0_5: default: true - display_name: ~4 GB, ~0.5 CPU + display_name: ~0.5 GB RAM, ~1/16 CPU kubespawner_override: - mem_guarantee: 3.611G - cpu_guarantee: 0.469 - mem_8: - display_name: ~8 GB, ~1.0 CPU + mem_guarantee: 0.5G + mem_limit: 1G + cpu_guarantee: 0.05625 + cpu_limit: 1 + mem_1_0: + display_name: ~1 GB RAM, ~1/8 CPU kubespawner_override: - mem_guarantee: 7.222G - cpu_guarantee: 0.938 - mem_16: - display_name: ~16 GB, ~2.0 CPU + mem_guarantee: 1G + mem_limit: 2G + cpu_guarantee: 0.1125 + cpu_limit: 1 + mem_2_0: + display_name: ~2 GB RAM, ~1/4 CPU kubespawner_override: - mem_guarantee: 14.444G - cpu_guarantee: 1.875 - mem_32: - display_name: ~32 GB, ~4.0 CPU + mem_guarantee: 2G + mem_limit: 4G + cpu_guarantee: 0.225 + cpu_limit: 2 + mem_4_0: + display_name: ~4 GB RAM, ~1/2 CPU kubespawner_override: - mem_guarantee: 28.887G - cpu_guarantee: 3.75 - mem_64: - display_name: ~64 GB, ~8.0 CPU + mem_guarantee: 4G + mem_limit: 8G + cpu_guarantee: 0.45 + cpu_limit: 2 + mem_8_0: + display_name: ~8 GB RAM, ~1.0 CPU kubespawner_override: - mem_guarantee: 57.775G - cpu_guarantee: 7.5 - mem_128: - display_name: ~128 GB, ~16.0 CPU - kubespawner_override: - mem_guarantee: 115.549G - cpu_guarantee: 15.0 + mem_guarantee: 8G + mem_limit: 16G + cpu_guarantee: 0.9 + cpu_limit: 2 + + - display_name: Rocker Geospatial with RStudio + description: R environment + slug: rocker kubespawner_override: - cpu_limit: null - mem_limit: null + image: rocker/binder:4.3 + default_url: /rstudio + working_dir: /home/rstudio # Ensures container working dir is homedir node_selector: - node.kubernetes.io/instance-type: n2-highmem-16 + node.kubernetes.io/instance-type: n2-highmem-4 + profile_options: *profile_options + + - display_name: Bring your own image + description: Specify your own docker image (must have python and jupyterhub installed in it) + slug: custom + profile_options: + image: + display_name: Image + unlisted_choice: + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + kubespawner_override: + image: "{value}" + choices: {} + resource_allocation: *resource_allocation From 0ff9ece0a8f5767dc45d1ead96b8056536374959 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 19 Feb 2024 12:37:52 +0200 Subject: [PATCH 435/494] Default all profiles to lab and add new team to authenticator config --- config/clusters/2i2c-aws-us/itcoocean.values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/clusters/2i2c-aws-us/itcoocean.values.yaml b/config/clusters/2i2c-aws-us/itcoocean.values.yaml index 87f889e08b..e5fa4b8cbd 100644 --- a/config/clusters/2i2c-aws-us/itcoocean.values.yaml +++ b/config/clusters/2i2c-aws-us/itcoocean.values.yaml @@ -36,12 +36,15 @@ jupyterhub: oauth_callback_url: https://itcoocean.2i2c.cloud/hub/oauth_callback allowed_organizations: - Hackweek-ITCOocean:itcoocean-hackweek-2023 + - nmfs-opensci:2i2c-demo scope: - read:org Authenticator: admin_users: - eeholmes # Eli Holmes, Community representative singleuser: + # Requested in https://2i2c.freshdesk.com/a/tickets/1320 + defaultUrl: /lab # shared-public for collaboration # See https://github.com/2i2c-org/infrastructure/issues/2821#issuecomment-1665642853 storage: @@ -241,11 +244,11 @@ jupyterhub: mem_guarantee: 115.549G mem_limit: 128G cpu_guarantee: 15.0 + # Requested in: https://2i2c.freshdesk.com/a/tickets/1320 - display_name: "Bring your own image" description: Specify your own docker image (must have python and jupyterhub installed in it) slug: custom allowed_teams: - # Requested in: https://2i2c.freshdesk.com/a/tickets/1320 - Hackweek-ITCOocean:itcoocean-hackweek-2023 - nmfs-opensci:2i2c-demo - 2i2c-org:hub-access-for-2i2c-staff @@ -328,7 +331,6 @@ jupyterhub: node_selector: node.kubernetes.io/instance-type: r5.4xlarge kubespawner_override: - default_url: /lab cpu_limit: null mem_limit: null node_selector: From 0cbdfb7cb348de441f82daea53585e118ae6924c Mon Sep 17 00:00:00 2001 From: James Munroe Date: Mon, 19 Feb 2024 14:28:58 -0500 Subject: [PATCH 436/494] Point to a new airtable for a tech contact --- .github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml b/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml index f095d227c2..209070cfb5 100644 --- a/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml +++ b/.github/ISSUE_TEMPLATE/2_new-hub-provide-info.yml @@ -28,7 +28,7 @@ body: label: Technical support contacts listed description: | Technical contacts are the folks who are authorized to open support tickets about this hub. - The source of truth is maintained in [this airtable](https://airtable.com/appxk7c9WUsDjSi0Q/tbl3CWOgyoEtuGuIw/viwtpo7RxkYv63hiD?blocks=hide). + The source of truth is maintained in [this airtable](https://airtable.com/appbjBTRIbgRiElkr/pagog9egWRpeLyLGW?uMtyG=b%3AWzAsWyI4WnV1VyIsOSxbInNlbDRjSG1pdlRuRlRza0ljIl0sIklPZVJqIl1d). Validate that there is at least one technical contact listed in the airtable for this hub. If not, ping partnerships to ensure they find out who that is and fill that information in. From 749ea29625091e40c9417f95d13bd8bfd995d320 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 21 Feb 2024 17:19:59 +0200 Subject: [PATCH 437/494] Update docs --- docs/topic/access-creds/cloud-auth.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/topic/access-creds/cloud-auth.md b/docs/topic/access-creds/cloud-auth.md index f05d3326d9..50b41bbd23 100644 --- a/docs/topic/access-creds/cloud-auth.md +++ b/docs/topic/access-creds/cloud-auth.md @@ -102,11 +102,12 @@ To do so, follow these steps: after logging in for current set of IAM users. 2. Go to the [SSO users](https://console.aws.amazon.com/singlesignon/identity/home?region=us-east-1#!/users) page, and create an appropriate entry for the new user. - a. Their username should match their `2i2c.org` email address. - b. Use their `2i2c.org` address as email address. - c. Other than email and username, provide as little info as possible. This would be + + - Their username should match their `2i2c.org` email address. + - Use their `2i2c.org` address as email address. + - Other than email and username, provide as little info as possible. This would be just first name, last name and display name. - d. "Send an email to the user with password setup instructions". + - "Send an email to the user with password setup instructions". 3. Add them to the `2i2c-engineers` group. This gives them access to all the other AWS accounts we create. 4. Create the account! They'll receive an email with appropriate instructions. From ed7cd616e91ce3eca000f6f01ccd3e6b18028541 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 21 Feb 2024 17:21:15 +0200 Subject: [PATCH 438/494] Add the eksctl files for new cluster opensci --- eksctl/opensci.jsonnet | 128 +++++++++++++++++++++++++++++ eksctl/ssh-keys/opensci.key.pub | 1 + eksctl/ssh-keys/secret/opensci.key | 21 +++++ 3 files changed, 150 insertions(+) create mode 100644 eksctl/opensci.jsonnet create mode 100644 eksctl/ssh-keys/opensci.key.pub create mode 100644 eksctl/ssh-keys/secret/opensci.key diff --git a/eksctl/opensci.jsonnet b/eksctl/opensci.jsonnet new file mode 100644 index 0000000000..f81a65c043 --- /dev/null +++ b/eksctl/opensci.jsonnet @@ -0,0 +1,128 @@ +/* + This file is a jsonnet template of a eksctl's cluster configuration file, + that is used with the eksctl CLI to both update and initialize an AWS EKS + based cluster. + + This file has in turn been generated from eksctl/template.jsonnet which is + relevant to compare with for changes over time. + + To use jsonnet to generate an eksctl configuration file from this, do: + + jsonnet opensci.jsonnet > opensci.eksctl.yaml + + References: + - https://eksctl.io/usage/schema/ +*/ +local ng = import "./libsonnet/nodegroup.jsonnet"; + +// place all cluster nodes here +local clusterRegion = "us-west-2"; +local masterAzs = ["us-west-2a", "us-west-2b", "us-west-2c"]; +local nodeAz = "us-west-2a"; + +// Node definitions for notebook nodes. Config here is merged +// with our notebook node definition. +// A `node.kubernetes.io/instance-type label is added, so pods +// can request a particular kind of node with a nodeSelector +local notebookNodes = [ + { instanceType: "r5.xlarge" }, + { instanceType: "r5.4xlarge" }, + { instanceType: "r5.16xlarge" }, +]; +local daskNodes = []; + + +{ + apiVersion: 'eksctl.io/v1alpha5', + kind: 'ClusterConfig', + metadata+: { + name: "opensci", + region: clusterRegion, + version: "1.28", + }, + availabilityZones: masterAzs, + iam: { + withOIDC: true, + }, + // If you add an addon to this config, run the create addon command. + // + // eksctl create addon --config-file=opensci.eksctl.yaml + // + addons: [ + { + // aws-ebs-csi-driver ensures that our PVCs are bound to PVs that + // couple to AWS EBS based storage, without it expect to see pods + // mounting a PVC failing to schedule and PVC resources that are + // unbound. + // + // Related docs: https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html + // + name: 'aws-ebs-csi-driver', + version: "latest", + wellKnownPolicies: { + ebsCSIController: true, + }, + }, + ], + nodeGroups: [ + ng + { + namePrefix: 'core', + nameSuffix: 'a', + nameIncludeInstanceType: false, + availabilityZones: [nodeAz], + ssh: { + publicKeyPath: 'ssh-keys/opensci.key.pub' + }, + instanceType: "r5.xlarge", + minSize: 1, + maxSize: 6, + labels+: { + "hub.jupyter.org/node-purpose": "core", + "k8s.dask.org/node-purpose": "core" + }, + }, + ] + [ + ng + { + namePrefix: 'nb', + availabilityZones: [nodeAz], + minSize: 0, + maxSize: 500, + instanceType: n.instanceType, + ssh: { + publicKeyPath: 'ssh-keys/opensci.key.pub' + }, + labels+: { + "hub.jupyter.org/node-purpose": "user", + "k8s.dask.org/node-purpose": "scheduler" + }, + taints+: { + "hub.jupyter.org_dedicated": "user:NoSchedule", + "hub.jupyter.org/dedicated": "user:NoSchedule" + }, + } + n for n in notebookNodes + ] + ( if daskNodes != null then + [ + ng + { + namePrefix: 'dask', + availabilityZones: [nodeAz], + minSize: 0, + maxSize: 500, + ssh: { + publicKeyPath: 'ssh-keys/opensci.key.pub' + }, + labels+: { + "k8s.dask.org/node-purpose": "worker" + }, + taints+: { + "k8s.dask.org_dedicated" : "worker:NoSchedule", + "k8s.dask.org/dedicated" : "worker:NoSchedule" + }, + instancesDistribution+: { + onDemandBaseCapacity: 0, + onDemandPercentageAboveBaseCapacity: 0, + spotAllocationStrategy: "capacity-optimized", + }, + } + n for n in daskNodes + ] else [] + ) +} \ No newline at end of file diff --git a/eksctl/ssh-keys/opensci.key.pub b/eksctl/ssh-keys/opensci.key.pub new file mode 100644 index 0000000000..0a3046478f --- /dev/null +++ b/eksctl/ssh-keys/opensci.key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCronsz3J+j6Lbp8BJ/mpTn25/1dgmpZQpoLjEqflTtK0Ur/JBZ+P05aD6eLKy89ANyD9RC/x1oHgDwIAtN7zoCG6QJA+8dWUhqlESYzfQ4ieSW36oi1k4VxPLVUU4zVMPr71tdBaFPOsE3jTEWJxSeDZ8YjzHa0sr5X8HzuACO0V5HG8FnSxsXCPAAtwR1VdZF9xRjhQ8u4yLhDz/kTb1vXCjgz0CcHIs7b7ZSxY/tLxIeCTjfyw3SSvHPTZRgZgoqY5mXwgxq4mLQ96u19u6T9zW1qTjHqVQ2OhuAfIC7LzKtZq2S+RlPiv9xoP1+vK2OULZMtdH/u8VHXGGws4iiPVo+xuADtIKAVZCXgrkvHP//bN4pFObzxsxWa2w1m+mGcXKLmHWy3sqSYZHIJwYhcXQXSSiZF56fFKKtCoT/0Ddk6FdMr9WqNjc3Tq12AfXQgobn0JbDUhYRl5bLVfIo7urshDEfTN+fRvcMnDKCNEmnT/ihn5Ki9BPP+Q8NTOU= georgiana@georgiana.local diff --git a/eksctl/ssh-keys/secret/opensci.key b/eksctl/ssh-keys/secret/opensci.key new file mode 100644 index 0000000000..98a5dff54a --- /dev/null +++ b/eksctl/ssh-keys/secret/opensci.key @@ -0,0 +1,21 @@ +{ + "data": "ENC[AES256_GCM,data:3U6QvkVPU64GcF+6QaYPnPff9ILQLpmRYlL7yWVZbDGP5z/YTwoIRh+eIN+78zAmQwiJgWDpKN6Y3MAPYpmzKaktXzsz6tnADGBZlL28kYDHkgVd8iqexoQgq5JCqNKnw28rzMLlEpUMGefu8ZZMxpBcJu8DfvvymnV6hfjmPxCRSTBj+ZqDQtdDoMPNrZq9tF/W+Rs1yDIlImJpsy1KGsWQSluShr1t2wrfuZEcHZXaCg9qd9qRD1UTCq+mFhYy9oC8XKdHYOMrVNynau2pr3JOWhNBYxVGdEUEu13w0ySrBL9FWKhpoLetqIgtetm8V9Cvfd/DjbhuPPuoWN4Hpxr7o3/NR0MEdg4H6YI1IgyrYU6oF59032z8JZVFSktBwSSyPREyxTWhIuuqKCXoz7ZP9JSUt9aE8oJZD7GvRz4yOBi5/7Eyhg1Jof/CYqF7ncUdAJk1sprh2WV3FclpoDjaM2scgBAjy9HjTRUB0jKhQ/nOzVdVguTTvEPOqEbu1dx2D8p3JOQFpCHVmlBKpBmq35X1L0SqR4EkvcSFySqstVMt2vBmOdy2gx8Gl7HaSV1HBnDJWvFomESzI5nxB+ZFrtv+5ljYQP4o02fTCSa0fcEhsz64MpZHh8BlULQDh/FyUSUn+1otiNoLmd0tIhAMRcGslHvGzM1st9oyVP0dRAvG2cxZaRflpOpS63ezjHpCRmYgDuRcogNTTbrXoFSvZEhqamGmQTgNEte0GGtIU6U7NX2EMLloU+znqT7OQJyNHBByx2tcC4dxzc105P2VusWFPFEN4gL2ltq74TBGwIckeBC2b6BQuIgrBrc49z56HwEszWkpLEgHnjW1R+qCFxb4JEPlUtCTRvB+n3rdBKHHtvhLZhHM9LKNbBqr/10gwcBqD8i7B3bGwRvYeIKNOU5/UWtBxy2Byn9P+Z1RVTrXLNLXDjE/MfsWd3NInxgnQsPzpg/ZiESZH/cgD9KQmI+VM/tXbmaQXIyo4tod5x0zh50Y52/yqHZ7uKtPjetM/oJwRiKGbEQcMPqAdN9m5JKP9gyYn/sdIRPVmSoD9+5spxE96sBb1kwiuQXDdXFwVQsBZ1eGr2nRkLTddsX13+oPKVVPbYukGTRPDPZR7TyjQ+ztXTybsmQ3h8mbZ5Xf20UhSs63nkh0W691Gyo6H1d2lAJFBh5doKl0/i8v1im8kyip5GrH8xoVmCfEVYSRXbotXY4ccqzPoCqsh4VumeM3O4qa+fZLaVGsGc0UsR+9MWcmZ2E8HTEZi2vnDQA/wgEn6zbCfoxyaoX7nC/mPTcgRhvfPRRfZEuPIaTTGOaEyt85QpSVSqf5diZf/DaoYsIMasQ0XI/JH2fDcXtduc86kW9bdOS2RdG3XqMBJWdI5XmcdaDw5stQTxXFRsVy1jshAm6SXprMs54LbiQPXmzVEiOz8xjVlqmH40BN4ihbyW1VLujSQkUZ+wZ9cRhNYiSGNUUCBtajcdYSYOsLw+nvzv9DZB6wl8pBJkwElOuGaaiFrlpMdEJYQrkwkwIdIv6lx5oe9QH9SFrLbXS3i7+Vffh+mzwu/BLnQi4tRJJjtI3ORo94od3dZXoiDUJikl7zFXoiE2bgBvFhVDd2UTRwpbql3iW/dcvBzsHPtfiXsUKSPhGCGb5pVuTSEwXs0reK+V+/aY/BWuH7DFUEAvVqPSr0OpkK3y2Ok1XK3+4AdSWDPYo3nPy89b8Aid4Bj+BEb0nOeEl7uOTxR0D0emTgyCTffHV+eoYFMfsozmcME0y93GuEBe800GLaucmKjUHN8QTUpgXr1p2ReLgL3uayvnOQ4eEJQOEPYr4seKfDzDzCLabCd8o77hgnQReoDl6RmLpOiJd0KsFl8oUv03egIdQN+2++NYCd+H4n+S5rWE6wZWqwKU9ieADyZxTr2QGO22vFliktWVx09As+4R96NfCjoVLgY8pFBaC00HArGsPKVWp0zrPgBdjnup5J9JJOMK1dJKN/V0Ha4xbVuskDXY8JGZMeUc04lAg1s7ylm5w3vqnSPJ80w5wgYXfTy9t+fFTxSq//wqe0bgAM/gGgS25+JcSad84N4uaNvuj/nX0zWb1TUUXdKUt1sdptssgg5ExCryRMX0oVlUNhMD4jrpK1oyzIiUUWOUyawLpDWT29tgVBVFTVd4KiDuJThqWa1amAjYL+tsk6IStxNuFIzs3390JWg4WIOy0eg14Cr3J1JaND/IK97d3Y4IdewRhfR21TPZT8sRGg+V5oP0rMXxyte8YARaKRNY9j1X+zg4cEtg2mFw32UkxEpEHHSSk/1JPGJoCAo6AhdIalc9hb3gzqTlPC+roJvQT7KEftE+ZLyXu1lwIwXor0wYtpz2u6SNi+cHBRh3T2dYKkhrklKTMq2ZoRzh9xwoEL3cfzFeFv0XbbJtfILmSxt5KitRisv1w21g/tn746psfRHXD/FIpj5WDr21QCkW0tvsKvWc72Ww6Furnljay1osBHJ5GLgLQdZMNMF4t2nh3De2YMyYxfdprcZQCLtsIzBv1f+seqV3ffUTGDpNCPJryMAreZJS4+7X0qKEOR6jt/yyUPz6r7mYGMA5YBZ4wYuwo5SpQpLn5s1dVTseaLD+giSV6QHR8czs1ZohUMmqAXxBvX0wcCvsYcyFu5kd92zm0MIfZv2k5RHMHl4fwa936oPGd1pXkInR42K38PTrKAgJn5XcoyZ91ebUI4gcw4DaQX9D66T5Td8GLijOkI/reBIXhqLjDRvz9d3Odl21lnrOppBKGTA5kN3IODqxEE92Wqfexmaq6uIJUCA67PHgpuRK7Z/KxOYwjXXCgejazymicB7XYbMRSTxJWAHEo8pmuh/7TgZe+1YENHYnZ+QguR4guSuu6iVSRTtsUSA9ilgFkvoZhKJ4vDMBMeZ7FBPV8uix3C2vM8ukx5YnbKEmYLnoDQKS5mLxs3iUurtYw27+kmIemaKUjElTcdmXFNvOBqru6M0mWNZqW1DH+WeIHxQMjK1zQ8iyiA5K4+46ytNrHxkEEc66Pj55/x21O5wP3ETDigv2gOnX/dY3erFhP9N4/xlIoiYwYi/4P/IzQLd1tXwsd4iz+auoRps2ioUgxvCH8ItRcQwxiLGBDM2j3Yyh7GM0JQCcIKjfftMbfzF+eTo57yo72VTMRxUsi9w/RUdatK1rvmlxuLLZDkz50fEqaATMEQoaiwc+XxZHSlrmbbcsRG/vcnBo+ZamBaiDxFbr3T0AFzWwCSVrj9UOyXOS02VnoxuDT1ibL9POyn4UlInNuHdIc9LQZl3v5PW1R1CStDmuWta7wQA9fm1YbhSbSkyGOc85LV8nhSr9eXwUZjdYjXloJvDj26cCCwBKtw9olN+vOBA/ATGyxCD3ST54MpkBvA0qjkmGe0LZZ3RZT3SGiYK0NDUt7dI87ShWlRDnLuGHmqvYro6184yFd4tM75NsmFaAnSMB8D2rli,iv:MGI6Z8r7iSq607tG9zNZro9vcm1QyQfonvPDALwcGos=,tag:M50exMUMyB/XP/g74gNCwQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2024-02-21T14:04:12Z", + "enc": "CiUA4OM7eKhKM5t1tiyTheQFNUS/u/5AvlqlPcTYNvKLlsPgIhHAEkkAXoW3JqdiQg/3FWiPJ9Gww+hh66YZI5UEaRalxl93S47xW0YbFcL3NFirOHbZXflEHW6Wtp+Wco9XoyL7uBmeQBKcOzLTivvo" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2024-02-21T14:04:13Z", + "mac": "ENC[AES256_GCM,data:ZPkBK+cIm8zAW8Zji/bk5GzlAnz2H3maYzgiHw+dssSyAf2gVZPl8fy5+jHFfg0GfG2Cy2dwEgURNYg7Aa4UsVUq1Xkr/ppl0ZtjMqjCxs0DPK5K3jXjpA7vgvhgPCGBAaZOsA2camkAFPQrUtzWUkLq5D0LmdJGyg1bvCHKVPg=,iv:XvtMDUT3uHmw6moSNcrhhIpPHE8t8FLZl6dtkywAl6c=,tag:peyJkyp/sjAegeOnpyVllQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file From c29131296e085e2cd1b02e43342a6ffbace53ca5 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 21 Feb 2024 17:43:13 +0200 Subject: [PATCH 439/494] Add terraform and basic cluster config --- .../enc-deployer-credentials.secret.json | 25 +++++++++++++++++ .../opensci/enc-support.secret.values.yaml | 17 +++++++++++ config/clusters/opensci/support.values.yaml | 28 +++++++++++++++++++ terraform/aws/projects/opensci.tfvars | 28 +++++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 config/clusters/opensci/enc-deployer-credentials.secret.json create mode 100644 config/clusters/opensci/enc-support.secret.values.yaml create mode 100644 config/clusters/opensci/support.values.yaml create mode 100644 terraform/aws/projects/opensci.tfvars diff --git a/config/clusters/opensci/enc-deployer-credentials.secret.json b/config/clusters/opensci/enc-deployer-credentials.secret.json new file mode 100644 index 0000000000..8130dd5fca --- /dev/null +++ b/config/clusters/opensci/enc-deployer-credentials.secret.json @@ -0,0 +1,25 @@ +{ + "AccessKey": { + "AccessKeyId": "ENC[AES256_GCM,data:MtyZwyAG9hUN2TZmVBY99AUkTzk=,iv:X1yxWvoAR4qlzPGDr9sh5fI5/nPqsKezibr/gJ6sGyI=,tag:JkExYO+KJxqrBep71B+tpw==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:k5ZOOtSBK6GQG60fkcuVju/zuIzyXSmou+lMpbqI9KXj/70nK2vMxw==,iv:rxPpG9bTHAFB6TbtZoJQ6CglXHnDk0d6+3OV3//TqUs=,tag:CksFoyD6jh7Bd3tIZHQvug==,type:str]", + "UserName": "ENC[AES256_GCM,data:POvIw42gLg8qNOAQeZsvyi+Zma/I5Jo=,iv:uMiKk7ONZxSMm5K/rSEgOL1ZusHy8VgFD9C2D2ezEcg=,tag:oDJTF8RmGwpCBpEjvqL+PA==,type:str]" + }, + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2024-02-21T15:39:23Z", + "enc": "CiUA4OM7eF5o6mB9Vayi+puvS7aVXCANRtsaycfD68b7ISp9B6drEkkAXoW3JtPtnpYszaNYGfUeJiDVthqBYPcRJjtmCPqm6DEVL9Uyyordh2F636IlremL8X5LedANy3V6JQfofNHug3SiOYSzTqaj" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2024-02-21T15:39:24Z", + "mac": "ENC[AES256_GCM,data:mX6G6KmXOkBiUMT/robJTZ2L8KozL2S8av0UIBhO7lNWo4BJJYLNx9fQL6wzjgWkclE8NI6AiZg57qo6u8SCIV+Fg1veJjsTv9mxOtuV1NbSH8vLs8FOCq0Qp/qDUTFCTIATqqIGPaTB6oUeM7TkBAlwS3SedRn/GTVMAFFDjbY=,iv:zncrRM8g/aC+oh/Hoogil+kUSst/GXOrQbKOwtbw1G4=,tag:V4wlwuxyDLVdLn9t1No41Q==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/config/clusters/opensci/enc-support.secret.values.yaml b/config/clusters/opensci/enc-support.secret.values.yaml new file mode 100644 index 0000000000..d19f4384f8 --- /dev/null +++ b/config/clusters/opensci/enc-support.secret.values.yaml @@ -0,0 +1,17 @@ +prometheusIngressAuthSecret: + username: ENC[AES256_GCM,data:NAA8fg7Oin4CLlFAR0/q9I0FpqHHsyXntce7by5Fg4B4PVGnmboc6hiHKbcvq4gkhFu3JkSPO/UZOnAi/vPXVA==,iv:t21nYjrvFgJ5vRM/8FDGwMrlGiLYsE9R4+BFxjDf91c=,tag:gnyjHQCSfouHljf6AzQKiw==,type:str] + password: ENC[AES256_GCM,data:Dcu0hyudGn0a51p8yutj2MbMv0ydSS/ewXqDF1xAVsWV75DUikNjnqxKZWbBDmjZisi+lMiRHZEUrxaszcGE9w==,iv:AM/9clOgMS80/JdZb1UC9fZNliQwhD8BJdZmSk7+Xow=,tag:kV4UPf5vPkTjESJGNusS9A==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-02-21T14:04:13Z" + enc: CiUA4OM7eH9GfolTeTic397lI94/FljLr1s7Hz77OOck8EsW/8pvEkkAXoW3JqTtm0UrLSlLBrebh+OQ+6ik5KFXmY8Xxl9ICv9kSnbz7CFBvAHlhrP7W7/NK8ZP5+6NnOivp0SZlghOW9M5Lv5ZpnQc + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-21T14:04:13Z" + mac: ENC[AES256_GCM,data:IlvuWpEYx2Qjp12hXHSnQdS9RYU1lwH2L8CgE1Js2cXRzhFr+cRalpJ68h/G8uzJOowb/WI5svSBB372HoX0FSf3kRmUPBdj0nI0Leb7kzZoOWJfVsCNh+Z7KVqs7iBnCWRtIr5v00eD6WUf1Q93qgxgcuZgAewd8rzaiixN0GE=,iv:I6/qm0v3/kBt+zFXm/jM29wo3ZW8p6xT9cfI+ruJGCQ=,tag:F2rZt0kHoHSsdECq0IY7eQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/opensci/support.values.yaml b/config/clusters/opensci/support.values.yaml new file mode 100644 index 0000000000..690b30401e --- /dev/null +++ b/config/clusters/opensci/support.values.yaml @@ -0,0 +1,28 @@ +prometheusIngressAuthSecret: + enabled: true + +prometheus: + server: + ingress: + enabled: true + hosts: + - prometheus.opensci.2i2c.cloud + tls: + - secretName: prometheus-tls + hosts: + - prometheus.opensci.2i2c.cloud + +grafana: + grafana.ini: + server: + root_url: https://grafana.opensci.2i2c.cloud/ + auth.github: + enabled: true + allowed_organizations: 2i2c-org + ingress: + hosts: + - grafana.opensci.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.opensci.2i2c.cloud diff --git a/terraform/aws/projects/opensci.tfvars b/terraform/aws/projects/opensci.tfvars new file mode 100644 index 0000000000..7472d20bcb --- /dev/null +++ b/terraform/aws/projects/opensci.tfvars @@ -0,0 +1,28 @@ +region = "us-west-2" + +cluster_name = "opensci" + +cluster_nodes_location = "us-west-2a" + +user_buckets = { + "scratch-staging" : { + "delete_after" : 7 + }, + "scratch" : { + "delete_after" : 7 + }, +} + + +hub_cloud_permissions = { + "staging" : { + requestor_pays : true, + bucket_admin_access : ["scratch-staging"], + extra_iam_policy : "" + }, + "prod" : { + requestor_pays : true, + bucket_admin_access : ["scratch"], + extra_iam_policy : "" + }, +} \ No newline at end of file From 58347a22d99c92029949e3db20c7da8fd61c4e22 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 21 Feb 2024 17:50:06 +0200 Subject: [PATCH 440/494] Add basic cluster config file --- config/clusters/opensci/cluster.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 config/clusters/opensci/cluster.yaml diff --git a/config/clusters/opensci/cluster.yaml b/config/clusters/opensci/cluster.yaml new file mode 100644 index 0000000000..28c5060ac8 --- /dev/null +++ b/config/clusters/opensci/cluster.yaml @@ -0,0 +1,8 @@ +name: opensci +provider: aws +aws: + key: enc-deployer-credentials.secret.json + clusterType: eks + clusterName: opensci + region: us-west-2 +hubs: [] From 6fa3cda2147065fa80bc586666335b360aa7180c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 21 Feb 2024 17:50:05 +0100 Subject: [PATCH 441/494] terraform: default to k8s 1.29 for new GKE/EKS clusters --- eksctl/template.jsonnet | 2 +- terraform/gcp/cluster.tf | 1 - terraform/gcp/projects/basehub-template.tfvars | 15 +++++++++++++++ terraform/gcp/projects/daskhub-template.tfvars | 15 +++++++++++++++ terraform/gcp/variables.tf | 1 + 5 files changed, 32 insertions(+), 2 deletions(-) diff --git a/eksctl/template.jsonnet b/eksctl/template.jsonnet index 3b681e9d7c..5a22ce8885 100644 --- a/eksctl/template.jsonnet +++ b/eksctl/template.jsonnet @@ -69,7 +69,7 @@ local daskNodes = []; version should be the latest support version by the eksctl CLI, see https://eksctl.io/getting-started/ for a list of supported versions. -#} - version: "1.28", + version: "1.29", }, availabilityZones: masterAzs, iam: { diff --git a/terraform/gcp/cluster.tf b/terraform/gcp/cluster.tf index d12860e302..d1a16f99ad 100644 --- a/terraform/gcp/cluster.tf +++ b/terraform/gcp/cluster.tf @@ -5,7 +5,6 @@ # To get get the output of relevance, run: # # terraform plan -var-file=projects/$CLUSTER_NAME.tfvars -# terraform output regular_channel_latest_k8s_versions # # data ref: https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_engine_versions data "google_container_engine_versions" "k8s_version_prefixes" { diff --git a/terraform/gcp/projects/basehub-template.tfvars b/terraform/gcp/projects/basehub-template.tfvars index 9419751eeb..32c9f87978 100644 --- a/terraform/gcp/projects/basehub-template.tfvars +++ b/terraform/gcp/projects/basehub-template.tfvars @@ -14,6 +14,21 @@ region = "{{ cluster_region }}" # Default to a HA cluster for reliability regional_cluster = true + +# TODO: Before applying this, identify a k8s version to specify. Pick the latest +# k8s version from GKE's regular release channel. Look at the output +# called `regular_channel_latest_k8s_versions` as seen when using +# `terraform plan -var-file=projects/{{ cluster_name }}.tfvars`. +# +# Then use that version to explicitly set all k8s versions below, and +# finally decomment the k8s_versions section and removing this comment. +# +#k8s_versions = { +# min_master_version : "", +# core_nodes_version : "", +# notebook_nodes_version : "", +#} + core_node_machine_type = "n2-highmem-2" # For multi-tenant cluster, network policy is required to enforce separation between hubs diff --git a/terraform/gcp/projects/daskhub-template.tfvars b/terraform/gcp/projects/daskhub-template.tfvars index 1bcf3e668a..6aa89162db 100644 --- a/terraform/gcp/projects/daskhub-template.tfvars +++ b/terraform/gcp/projects/daskhub-template.tfvars @@ -14,6 +14,21 @@ region = "{{ cluster_region }}" # Default to a HA cluster for reliability regional_cluster = true +# TODO: Before applying this, identify a k8s version to specify. Pick the latest +# k8s version from GKE's regular release channel. Look at the output +# called `regular_channel_latest_k8s_versions` as seen when using +# `terraform plan -var-file=projects/{{ cluster_name }}.tfvars`. +# +# Then use that version to explicitly set all k8s versions below, and +# finally decomment the k8s_versions section and removing this comment. +# +#k8s_versions = { +# min_master_version : "", +# core_nodes_version : "", +# notebook_nodes_version : "", +# dask_nodes_version : "", +#} + core_node_machine_type = "n2-highmem-4" # Network policy is required to enforce separation between hubs on multi-tenant clusters diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 91a7526f3e..b131d50965 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -49,6 +49,7 @@ variable "k8s_version_prefixes" { default = [ "1.27.", "1.28.", + "1.29.", "1.", ] description = <<-EOT From fd5b4bf338676715c59fd226f6041893c71240d1 Mon Sep 17 00:00:00 2001 From: Silva Alejandro Ismael Date: Wed, 21 Feb 2024 18:01:16 -0300 Subject: [PATCH 442/494] catalyst latam: Improved mem and cpu guarantees --- .../catalystproject-latam/common.values.yaml | 58 ++++++++++--------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/config/clusters/catalystproject-latam/common.values.yaml b/config/clusters/catalystproject-latam/common.values.yaml index 6d1bb24bbd..a13781d172 100644 --- a/config/clusters/catalystproject-latam/common.values.yaml +++ b/config/clusters/catalystproject-latam/common.values.yaml @@ -20,49 +20,53 @@ jupyterhub: kubespawner_override: image: jupyter/scipy-notebook:2023-06-27 default_url: /lab - node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 profile_options: &profile_options resource_allocation: &resource_allocation display_name: Resource Allocation choices: - mem_0_5: + mem_0_3: default: true - display_name: ~0.5 GB RAM, ~1/16 CPU + display_name: 375 MB RAM, ~1/20 CPU kubespawner_override: - mem_guarantee: 0.5G + mem_guarantee: 366210K mem_limit: 1G - cpu_guarantee: 0.05625 + cpu_guarantee: 0.046 cpu_limit: 1 - mem_1_0: - display_name: ~1 GB RAM, ~1/8 CPU + mem_0_7: + display_name: 750 MB RAM, ~1/10 CPU kubespawner_override: - mem_guarantee: 1G + mem_guarantee: 732421K mem_limit: 2G - cpu_guarantee: 0.1125 + cpu_guarantee: 0.093 cpu_limit: 1 - mem_2_0: - display_name: ~2 GB RAM, ~1/4 CPU + mem_1_5: + display_name: 1.5 GB RAM, ~1/5 CPU kubespawner_override: - mem_guarantee: 2G - mem_limit: 4G - cpu_guarantee: 0.225 + mem_guarantee: 1464843.75K + mem_limit: 3G + cpu_guarantee: 0.187 cpu_limit: 2 - mem_4_0: - display_name: ~4 GB RAM, ~1/2 CPU + mem_3_0: + display_name: 3 GB RAM, ~1/2 CPU kubespawner_override: - mem_guarantee: 4G - mem_limit: 8G - cpu_guarantee: 0.45 + mem_guarantee: 2929687.5K + mem_limit: 6G + cpu_guarantee: 0.375 cpu_limit: 2 - mem_8_0: - display_name: ~8 GB RAM, ~1.0 CPU + mem_6_0: + display_name: 6 GB RAM, 3/4 CPU kubespawner_override: - mem_guarantee: 8G - mem_limit: 16G - cpu_guarantee: 0.9 + mem_guarantee: 5859375K + mem_limit: 12G + cpu_guarantee: 0.750 cpu_limit: 2 - + mem_12_0: + display_name: 12 GB RAM, 1.5 CPU + kubespawner_override: + mem_guarantee: 11718750K + mem_limit: 24G + cpu_guarantee: 1.5 + cpu_limit: 3 - display_name: Rocker Geospatial with RStudio description: R environment slug: rocker @@ -70,8 +74,6 @@ jupyterhub: image: rocker/binder:4.3 default_url: /rstudio working_dir: /home/rstudio # Ensures container working dir is homedir - node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 profile_options: *profile_options - display_name: Bring your own image From b04118f0952a681860c489c2dbfa401859d34156 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 22 Feb 2024 14:18:22 +0200 Subject: [PATCH 443/494] Add the new cluster to the deployment workflow --- .github/workflows/deploy-hubs.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index c2ae2ff399..b6f821b8b6 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -206,6 +206,7 @@ jobs: failure_hhmi: "${{ env.failure_hhmi }}" failure_nasa-esdis: "${{ env.failure_nasa-esdis }}" failure_earthscope: "${{ env.failure_earthscope }}" + failure_opensci: "${{ env.failure_opensci }}" # Only run this job on pushes to the default branch and when the job output is not # an empty list From 361eaef5c26f5c90e4b858812aa0648bd8ff1f1d Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 22 Feb 2024 14:19:10 +0200 Subject: [PATCH 444/494] Add the support config and initial staging hub --- config/clusters/opensci/cluster.yaml | 17 +- config/clusters/opensci/common.values.yaml | 179 ++++++++++++++++++ .../opensci/enc-staging.secret.values.yaml | 20 ++ config/clusters/opensci/staging.values.yaml | 17 ++ config/clusters/opensci/support.values.yaml | 6 + 5 files changed, 238 insertions(+), 1 deletion(-) create mode 100644 config/clusters/opensci/common.values.yaml create mode 100644 config/clusters/opensci/enc-staging.secret.values.yaml create mode 100644 config/clusters/opensci/staging.values.yaml diff --git a/config/clusters/opensci/cluster.yaml b/config/clusters/opensci/cluster.yaml index 28c5060ac8..598ccb1560 100644 --- a/config/clusters/opensci/cluster.yaml +++ b/config/clusters/opensci/cluster.yaml @@ -5,4 +5,19 @@ aws: clusterType: eks clusterName: opensci region: us-west-2 -hubs: [] +support: + helm_chart_values_files: + - support.values.yaml + - enc-support.secret.values.yaml +hubs: + - name: staging + display_name: "Opensci (staging)" + domain: staging.opensci.2i2c.cloud + helm_chart: basehub + helm_chart_values_files: + # The order in which you list files here is the order the will be passed + # to the helm upgrade command in, and that has meaning. Please check + # that you intend for these files to be applied in this order. + - common.values.yaml + - staging.values.yaml + - enc-staging.secret.values.yaml diff --git a/config/clusters/opensci/common.values.yaml b/config/clusters/opensci/common.values.yaml new file mode 100644 index 0000000000..0d701951be --- /dev/null +++ b/config/clusters/opensci/common.values.yaml @@ -0,0 +1,179 @@ +nfs: + pv: + # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html + mountOptions: + - rsize=1048576 + - wsize=1048576 + - timeo=600 + - soft # We pick soft over hard, so NFS lockups don't lead to hung processes + - retrans=2 + - noresvport + serverIP: fs-065fcb5bb0ad79b25.efs.us-west-2.amazonaws.com + baseShareName: / + +jupyterhub: + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false + homepage: + templateVars: + org: + name: Demo image building with binderhub-service + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "" + url: "" + singleuser: + profileList: + - display_name: "Only Profile Available, this info is not shown in the UI" + slug: only-choice + profile_options: + image: + display_name: Image + unlisted_choice: &profile_list_unlisted_choice + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + display_name_in_choices: "Specify an existing docker image" + description_in_choices: "Use a pre-existing docker image from a public docker registry (dockerhub, quay, etc)" + kubespawner_override: + image: "{value}" + choices: + pangeo: + display_name: Pangeo Notebook Image + description: "Python image with scientific, dask and geospatial tools" + kubespawner_override: + image: pangeo/pangeo-notebook:2023.09.11 + geospatial: + display_name: Rocker Geospatial + description: "R image with RStudio, the tidyverse & Geospatial tools" + default: true + slug: geospatial + kubespawner_override: + image: rocker/binder:4.3 + # Launch into RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + scipy: + display_name: Jupyter SciPy Notebook + slug: scipy + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-26 + resources: + display_name: Resource Allocation + choices: + mem_3_4: + display_name: 3.4 GB RAM, upto 3.485 CPUs + kubespawner_override: + mem_guarantee: 3662286336 + mem_limit: 3662286336 + cpu_guarantee: 0.435625 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + default: true + mem_6_8: + display_name: 6.8 GB RAM, upto 3.485 CPUs + kubespawner_override: + mem_guarantee: 7324572672 + mem_limit: 7324572672 + cpu_guarantee: 0.87125 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + mem_13_6: + display_name: 13.6 GB RAM, upto 3.485 CPUs + kubespawner_override: + mem_guarantee: 14649145344 + mem_limit: 14649145344 + cpu_guarantee: 1.7425 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + mem_27_3: + display_name: 27.3 GB RAM, upto 3.485 CPUs + kubespawner_override: + mem_guarantee: 29298290688 + mem_limit: 29298290688 + cpu_guarantee: 3.485 + cpu_limit: 3.485 + node_selector: + node.kubernetes.io/instance-type: n2-highmem-4 + hub: + # Allows for multiple concurrent demos + allowNamedServers: true + services: + binder: + # FIXME: ref https://github.com/2i2c-org/binderhub-service/issues/57 + # for something more readable and requiring less copy-pasting + url: http://imagebuilding-demo-binderhub-service:8090 + image: + name: quay.io/2i2c/dynamic-image-building-experiment + tag: "0.0.1-0.dev.git.7567.ha4162031" + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + allowed_organizations: + - 2i2c-demo-hub-access + - ScienceCore + scope: + - read:org + + extraConfig: + enable-fancy-profiles: | + from jupyterhub_fancy_profiles import setup_ui + setup_ui(c) + +binderhub-service: + nodeSelector: + hub.jupyter.org/node-purpose: core + enabled: true + service: + port: 8090 + # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml + # will start a docker-api pod on a user node. + # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, + # that will be accessible via a unix socket, mounted by the build. + # The docker-api pod must run on the same node as the builder pods. + dockerApi: + nodeSelector: + hub.jupyter.org/node-purpose: user + tolerations: + # Tolerate tainted jupyterhub user nodes + - key: hub.jupyter.org_dedicated + value: user + effect: NoSchedule + - key: hub.jupyter.org/dedicated + value: user + effect: NoSchedule + config: + BinderHub: + base_url: /services/binder + use_registry: true + # Re-uses the registry created for the `binderhub-staging` hub + # but pushes images under a different prefix + image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binderhub-service- + KubernetesBuildExecutor: + # Get ourselves a newer repo2docker! + build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 + node_selector: + # Schedule builder pods to run on user nodes only + hub.jupyter.org/node-purpose: user + # The password to the registry is stored encrypted in the hub's encrypted config file + buildPodsRegistryCredentials: + server: "https://us-central1-docker.pkg.dev" + username: "_json_key" diff --git a/config/clusters/opensci/enc-staging.secret.values.yaml b/config/clusters/opensci/enc-staging.secret.values.yaml new file mode 100644 index 0000000000..a04fd2334c --- /dev/null +++ b/config/clusters/opensci/enc-staging.secret.values.yaml @@ -0,0 +1,20 @@ +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:s6J6NCDKC+8DWL/G1HfeoS6LvVw=,iv:ppAQJ0Bcp4jR2RM7ZzpjKN8a+lKCAf93m8GxyoemFvY=,tag:xNT4AbtaYEilgTPtOAb+Lw==,type:str] + client_secret: ENC[AES256_GCM,data:690jNdjfNH8tEOmPs8vvsaU1R9Z0ooQIY/EabmqX4bU7CSF6Ho6rOQ==,iv:TXeDQdL4Bzx1Ky0fjg1tNCPhRG1lJra5KvzPkSHMYmE=,tag:m173HByyyMF0CEvt4aJBCw==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-02-22T12:06:32Z" + enc: CiUA4OM7eP01v1Kyb9Ju8g3mAA1U9yPxtdOKulHLakW+cmwRyDweEkkAXoW3JodsyugXQTcoglPT5W4ElfRnz3O0EMdsoNY5DHJiaKFSa6bZUOrbePG1/9R6vA7iPS4ZX1f1kd8iyYIb05255bumCIzo + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-22T12:06:33Z" + mac: ENC[AES256_GCM,data:3SL337k6foIN/veukv1DeYRP4xmSbnhLaEKgujqbjSG2AzBZPngukdhUQ31ExO6/MqcjFpSllicHZPhjtPYcgSbxJfKRM+7zxEofeZqVtJkA3Q1N0J3JigTm483MNTc9l89Rn+JnaKej1ouBaR3O3PD6jjCAowZXpKoSgcrgxPk=,iv:dBfT1g+ZR1kwbp2rNFdekwKlTcpnt4/72ExKybqTJwo=,tag:lzCkerc3rNarGHWy3CfcrQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/opensci/staging.values.yaml b/config/clusters/opensci/staging.values.yaml new file mode 100644 index 0000000000..c2c939b6d0 --- /dev/null +++ b/config/clusters/opensci/staging.values.yaml @@ -0,0 +1,17 @@ +jupyterhub: + ingress: + hosts: + - staging.opensci.2i2c.cloud + tls: + - secretName: https-auto-tls + hosts: + - staging.opensci.2i2c.cloud + hub: + config: + GitHubOAuthenticator: + oauth_callback_url: https://staging.opensci.2i2c.cloud/hub/oauth_callback + services: + binder: + # FIXME: ref https://github.com/2i2c-org/binderhub-service/issues/57 + # for something more readable and requiring less copy-pasting + url: https://staging.opensci-binderhub-service:8090 diff --git a/config/clusters/opensci/support.values.yaml b/config/clusters/opensci/support.values.yaml index 690b30401e..d1d7ba1c91 100644 --- a/config/clusters/opensci/support.values.yaml +++ b/config/clusters/opensci/support.values.yaml @@ -1,6 +1,12 @@ prometheusIngressAuthSecret: enabled: true +cluster-autoscaler: + enabled: true + autoDiscovery: + clusterName: opensci + awsRegion: us-west-2 + prometheus: server: ingress: From 73d805571771b4793ac709a6b0131798f3832d8e Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 22 Feb 2024 14:51:23 +0200 Subject: [PATCH 445/494] Update the resource allocation options to aws --- config/clusters/opensci/common.values.yaml | 56 +++++++++++----------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/config/clusters/opensci/common.values.yaml b/config/clusters/opensci/common.values.yaml index 0d701951be..8a91f0054f 100644 --- a/config/clusters/opensci/common.values.yaml +++ b/config/clusters/opensci/common.values.yaml @@ -75,43 +75,43 @@ jupyterhub: resources: display_name: Resource Allocation choices: - mem_3_4: - display_name: 3.4 GB RAM, upto 3.485 CPUs + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs kubespawner_override: - mem_guarantee: 3662286336 - mem_limit: 3662286336 - cpu_guarantee: 0.435625 - cpu_limit: 3.485 + mem_guarantee: 3982682624 + mem_limit: 3982682624 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 + node.kubernetes.io/instance-type: r5.xlarge default: true - mem_6_8: - display_name: 6.8 GB RAM, upto 3.485 CPUs + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs kubespawner_override: - mem_guarantee: 7324572672 - mem_limit: 7324572672 - cpu_guarantee: 0.87125 - cpu_limit: 3.485 + mem_guarantee: 7965365248 + mem_limit: 7965365248 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 - mem_13_6: - display_name: 13.6 GB RAM, upto 3.485 CPUs + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs kubespawner_override: - mem_guarantee: 14649145344 - mem_limit: 14649145344 - cpu_guarantee: 1.7425 - cpu_limit: 3.485 + mem_guarantee: 15930730496 + mem_limit: 15930730496 + cpu_guarantee: 1.875 + cpu_limit: 3.75 node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 - mem_27_3: - display_name: 27.3 GB RAM, upto 3.485 CPUs + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs kubespawner_override: - mem_guarantee: 29298290688 - mem_limit: 29298290688 - cpu_guarantee: 3.485 - cpu_limit: 3.485 + mem_guarantee: 31861460992 + mem_limit: 31861460992 + cpu_guarantee: 3.75 + cpu_limit: 3.75 node_selector: - node.kubernetes.io/instance-type: n2-highmem-4 + node.kubernetes.io/instance-type: r5.xlarge hub: # Allows for multiple concurrent demos allowNamedServers: true From 1da4310ab11103e7600c667f4d9e0aac72305aa2 Mon Sep 17 00:00:00 2001 From: Brian Freitag Date: Thu, 22 Feb 2024 16:16:45 -0600 Subject: [PATCH 446/494] added permissions to read USGS Landsat bucket --- terraform/aws/projects/nasa-veda.tfvars | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index df4681f32f..4e685adc45 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -60,7 +60,9 @@ hub_cloud_permissions = { "arn:aws:s3:::nasa-maap-data-store", "arn:aws:s3:::nasa-maap-data-store/*", "arn:aws:s3:::sdap-dev-zarr", - "arn:aws:s3:::sdap-dev-zarr/*" + "arn:aws:s3:::sdap-dev-zarr/*", + "arn:aws:s3:::usgs-landsat", + "arn:aws:s3:::usgs-landsat/*" ] }, { From 0ba20f40f3c6ef39eb95fab6135b219a2bd0bc83 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 23 Feb 2024 08:03:41 +0100 Subject: [PATCH 447/494] Add usgs-landsat bucket permissions to staging also --- terraform/aws/projects/nasa-veda.tfvars | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index 4e685adc45..e834ce1829 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -119,7 +119,9 @@ hub_cloud_permissions = { "arn:aws:s3:::nasa-maap-data-store", "arn:aws:s3:::nasa-maap-data-store/*", "arn:aws:s3:::sdap-dev-zarr", - "arn:aws:s3:::sdap-dev-zarr/*" + "arn:aws:s3:::sdap-dev-zarr/*", + "arn:aws:s3:::usgs-landsat", + "arn:aws:s3:::usgs-landsat/*" ] }, { From aa0748b41c96ae27c2761d17e3d3068233554790 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 23 Feb 2024 12:32:27 +0200 Subject: [PATCH 448/494] Move whole config into the staging yaml --- config/clusters/opensci/common.values.yaml | 167 -------------------- config/clusters/opensci/staging.values.yaml | 166 ++++++++++++++++++- 2 files changed, 162 insertions(+), 171 deletions(-) diff --git a/config/clusters/opensci/common.values.yaml b/config/clusters/opensci/common.values.yaml index 8a91f0054f..9e58930e8e 100644 --- a/config/clusters/opensci/common.values.yaml +++ b/config/clusters/opensci/common.values.yaml @@ -10,170 +10,3 @@ nfs: - noresvport serverIP: fs-065fcb5bb0ad79b25.efs.us-west-2.amazonaws.com baseShareName: / - -jupyterhub: - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - jupyterhubConfigurator: - enabled: false - homepage: - templateVars: - org: - name: Demo image building with binderhub-service - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: "" - url: "" - singleuser: - profileList: - - display_name: "Only Profile Available, this info is not shown in the UI" - slug: only-choice - profile_options: - image: - display_name: Image - unlisted_choice: &profile_list_unlisted_choice - enabled: True - display_name: "Custom image" - validation_regex: "^.+:.+$" - validation_message: "Must be a publicly available docker image, of form :" - display_name_in_choices: "Specify an existing docker image" - description_in_choices: "Use a pre-existing docker image from a public docker registry (dockerhub, quay, etc)" - kubespawner_override: - image: "{value}" - choices: - pangeo: - display_name: Pangeo Notebook Image - description: "Python image with scientific, dask and geospatial tools" - kubespawner_override: - image: pangeo/pangeo-notebook:2023.09.11 - geospatial: - display_name: Rocker Geospatial - description: "R image with RStudio, the tidyverse & Geospatial tools" - default: true - slug: geospatial - kubespawner_override: - image: rocker/binder:4.3 - # Launch into RStudio after the user logs in - default_url: /rstudio - # Ensures container working dir is homedir - # https://github.com/2i2c-org/infrastructure/issues/2559 - working_dir: /home/rstudio - scipy: - display_name: Jupyter SciPy Notebook - slug: scipy - kubespawner_override: - image: jupyter/scipy-notebook:2023-06-26 - resources: - display_name: Resource Allocation - choices: - mem_3_7: - display_name: 3.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 3982682624 - mem_limit: 3982682624 - cpu_guarantee: 0.46875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - default: true - mem_7_4: - display_name: 7.4 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 7965365248 - mem_limit: 7965365248 - cpu_guarantee: 0.9375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_14_8: - display_name: 14.8 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 15930730496 - mem_limit: 15930730496 - cpu_guarantee: 1.875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_29_7: - display_name: 29.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 31861460992 - mem_limit: 31861460992 - cpu_guarantee: 3.75 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - hub: - # Allows for multiple concurrent demos - allowNamedServers: true - services: - binder: - # FIXME: ref https://github.com/2i2c-org/binderhub-service/issues/57 - # for something more readable and requiring less copy-pasting - url: http://imagebuilding-demo-binderhub-service:8090 - image: - name: quay.io/2i2c/dynamic-image-building-experiment - tag: "0.0.1-0.dev.git.7567.ha4162031" - config: - JupyterHub: - authenticator_class: github - GitHubOAuthenticator: - allowed_organizations: - - 2i2c-demo-hub-access - - ScienceCore - scope: - - read:org - - extraConfig: - enable-fancy-profiles: | - from jupyterhub_fancy_profiles import setup_ui - setup_ui(c) - -binderhub-service: - nodeSelector: - hub.jupyter.org/node-purpose: core - enabled: true - service: - port: 8090 - # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml - # will start a docker-api pod on a user node. - # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, - # that will be accessible via a unix socket, mounted by the build. - # The docker-api pod must run on the same node as the builder pods. - dockerApi: - nodeSelector: - hub.jupyter.org/node-purpose: user - tolerations: - # Tolerate tainted jupyterhub user nodes - - key: hub.jupyter.org_dedicated - value: user - effect: NoSchedule - - key: hub.jupyter.org/dedicated - value: user - effect: NoSchedule - config: - BinderHub: - base_url: /services/binder - use_registry: true - # Re-uses the registry created for the `binderhub-staging` hub - # but pushes images under a different prefix - image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binderhub-service- - KubernetesBuildExecutor: - # Get ourselves a newer repo2docker! - build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 - node_selector: - # Schedule builder pods to run on user nodes only - hub.jupyter.org/node-purpose: user - # The password to the registry is stored encrypted in the hub's encrypted config file - buildPodsRegistryCredentials: - server: "https://us-central1-docker.pkg.dev" - username: "_json_key" diff --git a/config/clusters/opensci/staging.values.yaml b/config/clusters/opensci/staging.values.yaml index c2c939b6d0..bf75fa88e3 100644 --- a/config/clusters/opensci/staging.values.yaml +++ b/config/clusters/opensci/staging.values.yaml @@ -6,12 +6,170 @@ jupyterhub: - secretName: https-auto-tls hosts: - staging.opensci.2i2c.cloud + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false + homepage: + templateVars: + org: + name: Opensci (Staging) + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "" + url: "" + singleuser: + profileList: + - display_name: "Only Profile Available, this info is not shown in the UI" + slug: only-choice + profile_options: + image: + display_name: Image + unlisted_choice: &profile_list_unlisted_choice + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + display_name_in_choices: "Specify an existing docker image" + description_in_choices: "Use a pre-existing docker image from a public docker registry (dockerhub, quay, etc)" + kubespawner_override: + image: "{value}" + choices: + pangeo: + display_name: Pangeo Notebook Image + description: "Python image with scientific, dask and geospatial tools" + kubespawner_override: + image: pangeo/pangeo-notebook:2023.09.11 + geospatial: + display_name: Rocker Geospatial + description: "R image with RStudio, the tidyverse & Geospatial tools" + default: true + slug: geospatial + kubespawner_override: + image: rocker/binder:4.3 + # Launch into RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + scipy: + display_name: Jupyter SciPy Notebook + slug: scipy + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-26 + resources: + display_name: Resource Allocation + choices: + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 3982682624 + mem_limit: 3982682624 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 7965365248 + mem_limit: 7965365248 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 15930730496 + mem_limit: 15930730496 + cpu_guarantee: 1.875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 31861460992 + mem_limit: 31861460992 + cpu_guarantee: 3.75 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + hub: - config: - GitHubOAuthenticator: - oauth_callback_url: https://staging.opensci.2i2c.cloud/hub/oauth_callback + # Allows for multiple concurrent demos + allowNamedServers: true services: binder: # FIXME: ref https://github.com/2i2c-org/binderhub-service/issues/57 # for something more readable and requiring less copy-pasting - url: https://staging.opensci-binderhub-service:8090 + url: http://staging-binderhub-service:8090 + image: + name: quay.io/2i2c/dynamic-image-building-experiment + tag: "0.0.1-0.dev.git.7567.ha4162031" + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://staging.opensci.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - 2i2c-demo-hub-access + - ScienceCore + scope: + - read:org + + extraConfig: + enable-fancy-profiles: | + from jupyterhub_fancy_profiles import setup_ui + setup_ui(c) + +binderhub-service: + nodeSelector: + hub.jupyter.org/node-purpose: core + enabled: true + service: + port: 8090 + # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml + # will start a docker-api pod on a user node. + # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, + # that will be accessible via a unix socket, mounted by the build. + # The docker-api pod must run on the same node as the builder pods. + dockerApi: + nodeSelector: + hub.jupyter.org/node-purpose: user + tolerations: + # Tolerate tainted jupyterhub user nodes + - key: hub.jupyter.org_dedicated + value: user + effect: NoSchedule + - key: hub.jupyter.org/dedicated + value: user + effect: NoSchedule + config: + BinderHub: + base_url: /services/binder + use_registry: true + # Re-uses the registry created for the `binderhub-staging` hub + # but pushes images under a different prefix + image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binderhub-service- + KubernetesBuildExecutor: + # Get ourselves a newer repo2docker! + build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 + node_selector: + # Schedule builder pods to run on user nodes only + hub.jupyter.org/node-purpose: user + # The password to the registry is stored encrypted in the hub's encrypted config file + buildPodsRegistryCredentials: + server: "https://us-central1-docker.pkg.dev" + username: "_json_key" From 4752ae42075d79b44191a9855adee87dbfb17319 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 23 Feb 2024 13:03:49 +0200 Subject: [PATCH 449/494] Add registry creds --- config/clusters/opensci/enc-staging.secret.values.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/config/clusters/opensci/enc-staging.secret.values.yaml b/config/clusters/opensci/enc-staging.secret.values.yaml index a04fd2334c..bced0be132 100644 --- a/config/clusters/opensci/enc-staging.secret.values.yaml +++ b/config/clusters/opensci/enc-staging.secret.values.yaml @@ -1,3 +1,6 @@ +binderhub-service: + buildPodsRegistryCredentials: + password: ENC[AES256_GCM,data:PYZwok82f2+UkmzVkTGh03HPRpUbOG2HC1CGB6SvU+BtXxPHeqlEWtWRt7S5jXXamBlo6zvE90O8rep7wVVKHlAxp5ckwnirs9ZyujRYhlKgVpbcRFO0znnGZbxOJboy5dGOdMVxmBuL0IIdKTLIn+hLYW1QvOGlzbDwZy4PtVi6HP1nk80ZZz30hUcDy3pnVbNvVexH719Gl/Wk2YeGCLsm9/3CjyAmnZxzR3JCTprgQnSdigdUoL9cgiBxge66W8tOdOhXqb6HRNSouXGruwm1iybJIUmzWJYGvrsbK+IV8FWaeMU6XtOsL7Dho/L7t+MaAqX4rZugqmDs2fif8lUAmSfvfcG7tzoWIboHLBSxMWT4wO89l6KE14n8QBcAEHNv7/7cqUZIWne6uTiUoexQ0/KyYp5UZ9LdIwf7nCsaQga9HO0fQl6A8iDdNa0YQnAsPhNwNJCzYM/U4+truyw24dx70DVPINdxXIejPr2vv0dqHIvWCJIdDlBq65oZLwDg1x0Bj5mYPdnoFaU1hwi6y1251F+U2F6CRfq60itvfmr/6EINeYUVoeYdIom3jmrUo4cPtcwmEy3/EfjK7c7ki93yLrol47bFWt9sANFLD4mDdkzhQPH85YonVlj1iXpnJ3ExYj/TqNTm8KLUfFq6l9A4ZGGtDQZpveRxXYLzBqcLK6Ysg9H7+cFyhPFFQ4q6bAIBy8A5LYDlYAo4oWRKo3VoH5A4opZSbcY/OV238Tv2kdWwSefqLfNfwb8WXhT5lbZW18vHQsOkeOXsnQ4h/j+4mDjVUbk0HIHXrIaPuNZwSugaChX3H/sRUmxhIHZIhb1E1YyYlpuzfqorqpnQ/0omP5hofSNOXBZO45TTVkLO5Fen8CL1JeizdL9BpINvnFIrlntUrCfr4qxa27op9s+xZwEOFQky2o3FBKK2+NU7n5cWKfhTgz2oJPAk8LI2UX3gooo4Vbiz0jRfZ4ZuLtKYxC/8zEwP3I+jT3bKSiyjiQM2TAFuwxlj9Ojbr+d5SATMMkkdjw7YGnExW3JkL3WLP1y3ZCBVxqiw62NGCGwYsMMuEAhoiRqIE1+IF9Gip3/SPtLxiS/G7ceWHCIghZ/Jv04EUDhreCm7CaxD/5GVCxDG4xLFmKWi20t9fRJFKx+khdtWp6l84Vn5DrzLuh1IAW0a22I6L8rVXGJHAYhuVPhXUAjp4F/Vai9ZVUH+WPf2WbqIOXvhGRG7XWl+rpc8H0+ECSTheg/Ieurn8Y2k6CKKKwWky0B9Lj5d1K/A6BKW0+1wLHTDykihVI5XOp7yNTlDgLA9zgpyasj1rpY0J0FQp+h6o1OSDuhIAizdHhEfZIQfLs3IebGHL/fJlk2TjU10kUUgzdn2APS41OkyQtKfLUpPDt/OE60YROZ3q4pFKejjapngQVVwR1S/jUNULo2WA6zfSI9foGrYzIF9nd1NAHnMxnrfBLP3wtyKU7nnJ0PWJ42PyQz0hfW7ACoPPjdlx4OqMcB6JnlmcDzHKwuCtCNntgug5uD+sy+7q4m/y3pVOG/PziiToIn2IF7xwRVlzK/trbFNfbYJeoAkJzMlgyguUijFOY/yjkgzwupO2JTwHQxnH3Ip+3kqi6IXep561OcBySm/sAQmnnT6kgyjfYjGviELeqQsCjl4O9o2/DpZ6bHookw5G0gdfWfukqC2PTF9DWkMUoUir7MOBIQv+UT2G0NBbohhP2Qano2JPk9j5wGyrwnSnUf5vbrasDnPJKrOiYVs9lRR3MWuKV1uh08dp7v5DfpYj5pV6/y2pBuAWATbBZOLRkQeVNRdHaBWkhLaKSA8r/rhkVkPJ3G0oDTbIud+8PE5gXbp8wAOZn0Ms8se4NXY3889pZp2OV2oxD6htgaTu2/sY/HszXI6bhB95oFAvB09VBd58xBQe7z4efbY354Gd7S/iDzOZLvUCmPNtxXDdT2i3lnAsp8mTqZct/7M8X9sgEZtTtHKk8gp5KTyb6W6U5+VUZt50ZKsXXZpGYp8/dxYNk2jJ9SXCarvHAabksFIZJrVd8KAD/LZ9N19ZDtn1B8o3+2nTQnN+FK/lrHMmjblg60QCkzArMxuPfh1DStnoY+mXNWfrGTRfuj/EGpZl5mq0hiuTsStI1I4hGM20ATAnUHcPf9eXUbZMr3UiHTv0bVmOlr2FMwjVVEzBgB+Q2GuMC/LTU0w5IW/OV0BTJtyiZPIMIBj0ur6XArb5SmsythTumHQUzVtdK9k+zEnGHnIkOT/x+H95Z0X5zQAmYFYbeXK1kO8WyoIb+IinGoZHrNZTbHMSoLxVNx0j7srNTLTSZ4BMLfVJt4QfODcIBK6IsRyQ4APATytPxkEbnpXxaia9ADvj4UGQ9GsPfufDlMLctxew5CSMBoAu5AvGakWeg8A0a7tYWlHM0sROGRX5SZLfqtgckx8GIyQHGwUzJ/ougsICLJW+L+UcLEUDpjiL7XjYrMAMMcodK7n1t6fjXcMkTap84yZa5ErnHiCUUkEG0ceQfJBIab2ZT9IcvcH+qPAcVbtCnanZcsgTHjpj1oVcPPVlgbPOaS+I//ml17onp4ZAHwLedBE23kjBcCC5SiNYpvk0jS8zeHecQjsxhkeF0mhl3OOx0eQH4z1nfwtAc47mxZw/5+wwBE5YSLuwYYt1NCNR6Ogy3ZrrYVv0gFmiX9jSHnq2b3mNo0fQ/hT3F+1VXcUr6H53aa2kjpzyfxi3MjOl+Z/KWF2qn7fwzevcg6ou9ZKYh7ux7CvV9Ukiwk0bxwhRURWEIZ/Jzl5PdrveH29P0c5zojmXb6vH8m9n+TKd/N6RID3q29eCseBDXz0zOCHNAGHi2F40n10yhZ1jMPBwhtsrgJRjrKjTFSXWblhYIHK3tUp8quFob4CnBEwavTnFJXACuQpZPjqpVMmii1zWV5x4ADjvPJeRK/5xkFJzvtWn+QENX3bt1FPWrtaRva6++zQ2oIik56xpfsQ1+tUrulmnhC50krGSCpoZgr6aAQMExlvm680LuUPgyQ7EyE4DLiL5T66F4pkCEz45oNvnXBKNts+GsNYM4QKNqbszTQR5fLODfbufErgV2IQ8fg/rHp/RLLqGsnTNMv+JiEa6T6bNWtgTpzVjmFg+toGTm+LWW7SHgBkwKcY2qLW8wgGVzTxA3cXZ33iNhac0uLhiC7W+XQVVHHVXyXt2SLD+CcOLvwq49/aENSKhNwcFpPXUNXMayW+A6p4/i5YPWiAl6c/9fhI57Jz8zLQfVd7HkR0fd2k607ijT7TCOvI9DpAdlN4PFaINDUFLkl6ydSzz9k=,iv:QacAujnWzobIHty1/VpiWUNhY7WXnoJqJq8LjD44Ttg=,tag:9VM1+usAXUj+3rZwW7NFOQ==,type:str] jupyterhub: hub: config: @@ -13,8 +16,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-02-22T12:06:33Z" - mac: ENC[AES256_GCM,data:3SL337k6foIN/veukv1DeYRP4xmSbnhLaEKgujqbjSG2AzBZPngukdhUQ31ExO6/MqcjFpSllicHZPhjtPYcgSbxJfKRM+7zxEofeZqVtJkA3Q1N0J3JigTm483MNTc9l89Rn+JnaKej1ouBaR3O3PD6jjCAowZXpKoSgcrgxPk=,iv:dBfT1g+ZR1kwbp2rNFdekwKlTcpnt4/72ExKybqTJwo=,tag:lzCkerc3rNarGHWy3CfcrQ==,type:str] + lastmodified: "2024-02-23T10:41:27Z" + mac: ENC[AES256_GCM,data:Iy3P4qI6Fe53yLA5gF69qjjmlaP0cXufyqxp0nPHi1XVCnaGmSsSkFvVEUUyi+ZZ/nvTWf+K22g8QTWEFwuANor1wZms73ATrkU8LRp3Tp72v3OJHFqCOJOpvAk0XhjLBhZjxkSdvcC/XgBUnW/i0+fCDMtTAz8aLMDdgVp6dm8=,iv:GSxTy8DdXKz2iW9/ZO1GniSW0Ccp/0tTOz4lJ6Jsd5w=,tag:Po+2MsvZ/pokWYcRYvAxqw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 From 631369ebf7f1907fcce42bc9f48417c5b4d4c28e Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 23 Feb 2024 13:04:03 +0200 Subject: [PATCH 450/494] Update the image prefix --- config/clusters/opensci/staging.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/opensci/staging.values.yaml b/config/clusters/opensci/staging.values.yaml index bf75fa88e3..c26ccad8ad 100644 --- a/config/clusters/opensci/staging.values.yaml +++ b/config/clusters/opensci/staging.values.yaml @@ -162,7 +162,7 @@ binderhub-service: use_registry: true # Re-uses the registry created for the `binderhub-staging` hub # but pushes images under a different prefix - image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binderhub-service- + image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/opensci- KubernetesBuildExecutor: # Get ourselves a newer repo2docker! build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 From 40e202464ddf82ec9f02f3a0296d93e8bfe82cb7 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 23 Feb 2024 14:04:56 +0200 Subject: [PATCH 451/494] Rm the staging hub --- config/clusters/opensci/cluster.yaml | 10 +- .../opensci/enc-staging.secret.values.yaml | 23 --- config/clusters/opensci/staging.values.yaml | 175 ------------------ 3 files changed, 5 insertions(+), 203 deletions(-) delete mode 100644 config/clusters/opensci/enc-staging.secret.values.yaml delete mode 100644 config/clusters/opensci/staging.values.yaml diff --git a/config/clusters/opensci/cluster.yaml b/config/clusters/opensci/cluster.yaml index 598ccb1560..3ba0308dcf 100644 --- a/config/clusters/opensci/cluster.yaml +++ b/config/clusters/opensci/cluster.yaml @@ -10,14 +10,14 @@ support: - support.values.yaml - enc-support.secret.values.yaml hubs: - - name: staging - display_name: "Opensci (staging)" - domain: staging.opensci.2i2c.cloud + - name: sciencecore + display_name: "Sciencecore " + domain: sciencecore.opensci.2i2c.cloud helm_chart: basehub helm_chart_values_files: # The order in which you list files here is the order the will be passed # to the helm upgrade command in, and that has meaning. Please check # that you intend for these files to be applied in this order. - common.values.yaml - - staging.values.yaml - - enc-staging.secret.values.yaml + - sciencecore.values.yaml + - enc-sciencecore.secret.values.yaml diff --git a/config/clusters/opensci/enc-staging.secret.values.yaml b/config/clusters/opensci/enc-staging.secret.values.yaml deleted file mode 100644 index bced0be132..0000000000 --- a/config/clusters/opensci/enc-staging.secret.values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -binderhub-service: - buildPodsRegistryCredentials: - password: ENC[AES256_GCM,data:PYZwok82f2+UkmzVkTGh03HPRpUbOG2HC1CGB6SvU+BtXxPHeqlEWtWRt7S5jXXamBlo6zvE90O8rep7wVVKHlAxp5ckwnirs9ZyujRYhlKgVpbcRFO0znnGZbxOJboy5dGOdMVxmBuL0IIdKTLIn+hLYW1QvOGlzbDwZy4PtVi6HP1nk80ZZz30hUcDy3pnVbNvVexH719Gl/Wk2YeGCLsm9/3CjyAmnZxzR3JCTprgQnSdigdUoL9cgiBxge66W8tOdOhXqb6HRNSouXGruwm1iybJIUmzWJYGvrsbK+IV8FWaeMU6XtOsL7Dho/L7t+MaAqX4rZugqmDs2fif8lUAmSfvfcG7tzoWIboHLBSxMWT4wO89l6KE14n8QBcAEHNv7/7cqUZIWne6uTiUoexQ0/KyYp5UZ9LdIwf7nCsaQga9HO0fQl6A8iDdNa0YQnAsPhNwNJCzYM/U4+truyw24dx70DVPINdxXIejPr2vv0dqHIvWCJIdDlBq65oZLwDg1x0Bj5mYPdnoFaU1hwi6y1251F+U2F6CRfq60itvfmr/6EINeYUVoeYdIom3jmrUo4cPtcwmEy3/EfjK7c7ki93yLrol47bFWt9sANFLD4mDdkzhQPH85YonVlj1iXpnJ3ExYj/TqNTm8KLUfFq6l9A4ZGGtDQZpveRxXYLzBqcLK6Ysg9H7+cFyhPFFQ4q6bAIBy8A5LYDlYAo4oWRKo3VoH5A4opZSbcY/OV238Tv2kdWwSefqLfNfwb8WXhT5lbZW18vHQsOkeOXsnQ4h/j+4mDjVUbk0HIHXrIaPuNZwSugaChX3H/sRUmxhIHZIhb1E1YyYlpuzfqorqpnQ/0omP5hofSNOXBZO45TTVkLO5Fen8CL1JeizdL9BpINvnFIrlntUrCfr4qxa27op9s+xZwEOFQky2o3FBKK2+NU7n5cWKfhTgz2oJPAk8LI2UX3gooo4Vbiz0jRfZ4ZuLtKYxC/8zEwP3I+jT3bKSiyjiQM2TAFuwxlj9Ojbr+d5SATMMkkdjw7YGnExW3JkL3WLP1y3ZCBVxqiw62NGCGwYsMMuEAhoiRqIE1+IF9Gip3/SPtLxiS/G7ceWHCIghZ/Jv04EUDhreCm7CaxD/5GVCxDG4xLFmKWi20t9fRJFKx+khdtWp6l84Vn5DrzLuh1IAW0a22I6L8rVXGJHAYhuVPhXUAjp4F/Vai9ZVUH+WPf2WbqIOXvhGRG7XWl+rpc8H0+ECSTheg/Ieurn8Y2k6CKKKwWky0B9Lj5d1K/A6BKW0+1wLHTDykihVI5XOp7yNTlDgLA9zgpyasj1rpY0J0FQp+h6o1OSDuhIAizdHhEfZIQfLs3IebGHL/fJlk2TjU10kUUgzdn2APS41OkyQtKfLUpPDt/OE60YROZ3q4pFKejjapngQVVwR1S/jUNULo2WA6zfSI9foGrYzIF9nd1NAHnMxnrfBLP3wtyKU7nnJ0PWJ42PyQz0hfW7ACoPPjdlx4OqMcB6JnlmcDzHKwuCtCNntgug5uD+sy+7q4m/y3pVOG/PziiToIn2IF7xwRVlzK/trbFNfbYJeoAkJzMlgyguUijFOY/yjkgzwupO2JTwHQxnH3Ip+3kqi6IXep561OcBySm/sAQmnnT6kgyjfYjGviELeqQsCjl4O9o2/DpZ6bHookw5G0gdfWfukqC2PTF9DWkMUoUir7MOBIQv+UT2G0NBbohhP2Qano2JPk9j5wGyrwnSnUf5vbrasDnPJKrOiYVs9lRR3MWuKV1uh08dp7v5DfpYj5pV6/y2pBuAWATbBZOLRkQeVNRdHaBWkhLaKSA8r/rhkVkPJ3G0oDTbIud+8PE5gXbp8wAOZn0Ms8se4NXY3889pZp2OV2oxD6htgaTu2/sY/HszXI6bhB95oFAvB09VBd58xBQe7z4efbY354Gd7S/iDzOZLvUCmPNtxXDdT2i3lnAsp8mTqZct/7M8X9sgEZtTtHKk8gp5KTyb6W6U5+VUZt50ZKsXXZpGYp8/dxYNk2jJ9SXCarvHAabksFIZJrVd8KAD/LZ9N19ZDtn1B8o3+2nTQnN+FK/lrHMmjblg60QCkzArMxuPfh1DStnoY+mXNWfrGTRfuj/EGpZl5mq0hiuTsStI1I4hGM20ATAnUHcPf9eXUbZMr3UiHTv0bVmOlr2FMwjVVEzBgB+Q2GuMC/LTU0w5IW/OV0BTJtyiZPIMIBj0ur6XArb5SmsythTumHQUzVtdK9k+zEnGHnIkOT/x+H95Z0X5zQAmYFYbeXK1kO8WyoIb+IinGoZHrNZTbHMSoLxVNx0j7srNTLTSZ4BMLfVJt4QfODcIBK6IsRyQ4APATytPxkEbnpXxaia9ADvj4UGQ9GsPfufDlMLctxew5CSMBoAu5AvGakWeg8A0a7tYWlHM0sROGRX5SZLfqtgckx8GIyQHGwUzJ/ougsICLJW+L+UcLEUDpjiL7XjYrMAMMcodK7n1t6fjXcMkTap84yZa5ErnHiCUUkEG0ceQfJBIab2ZT9IcvcH+qPAcVbtCnanZcsgTHjpj1oVcPPVlgbPOaS+I//ml17onp4ZAHwLedBE23kjBcCC5SiNYpvk0jS8zeHecQjsxhkeF0mhl3OOx0eQH4z1nfwtAc47mxZw/5+wwBE5YSLuwYYt1NCNR6Ogy3ZrrYVv0gFmiX9jSHnq2b3mNo0fQ/hT3F+1VXcUr6H53aa2kjpzyfxi3MjOl+Z/KWF2qn7fwzevcg6ou9ZKYh7ux7CvV9Ukiwk0bxwhRURWEIZ/Jzl5PdrveH29P0c5zojmXb6vH8m9n+TKd/N6RID3q29eCseBDXz0zOCHNAGHi2F40n10yhZ1jMPBwhtsrgJRjrKjTFSXWblhYIHK3tUp8quFob4CnBEwavTnFJXACuQpZPjqpVMmii1zWV5x4ADjvPJeRK/5xkFJzvtWn+QENX3bt1FPWrtaRva6++zQ2oIik56xpfsQ1+tUrulmnhC50krGSCpoZgr6aAQMExlvm680LuUPgyQ7EyE4DLiL5T66F4pkCEz45oNvnXBKNts+GsNYM4QKNqbszTQR5fLODfbufErgV2IQ8fg/rHp/RLLqGsnTNMv+JiEa6T6bNWtgTpzVjmFg+toGTm+LWW7SHgBkwKcY2qLW8wgGVzTxA3cXZ33iNhac0uLhiC7W+XQVVHHVXyXt2SLD+CcOLvwq49/aENSKhNwcFpPXUNXMayW+A6p4/i5YPWiAl6c/9fhI57Jz8zLQfVd7HkR0fd2k607ijT7TCOvI9DpAdlN4PFaINDUFLkl6ydSzz9k=,iv:QacAujnWzobIHty1/VpiWUNhY7WXnoJqJq8LjD44Ttg=,tag:9VM1+usAXUj+3rZwW7NFOQ==,type:str] -jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:s6J6NCDKC+8DWL/G1HfeoS6LvVw=,iv:ppAQJ0Bcp4jR2RM7ZzpjKN8a+lKCAf93m8GxyoemFvY=,tag:xNT4AbtaYEilgTPtOAb+Lw==,type:str] - client_secret: ENC[AES256_GCM,data:690jNdjfNH8tEOmPs8vvsaU1R9Z0ooQIY/EabmqX4bU7CSF6Ho6rOQ==,iv:TXeDQdL4Bzx1Ky0fjg1tNCPhRG1lJra5KvzPkSHMYmE=,tag:m173HByyyMF0CEvt4aJBCw==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2024-02-22T12:06:32Z" - enc: CiUA4OM7eP01v1Kyb9Ju8g3mAA1U9yPxtdOKulHLakW+cmwRyDweEkkAXoW3JodsyugXQTcoglPT5W4ElfRnz3O0EMdsoNY5DHJiaKFSa6bZUOrbePG1/9R6vA7iPS4ZX1f1kd8iyYIb05255bumCIzo - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2024-02-23T10:41:27Z" - mac: ENC[AES256_GCM,data:Iy3P4qI6Fe53yLA5gF69qjjmlaP0cXufyqxp0nPHi1XVCnaGmSsSkFvVEUUyi+ZZ/nvTWf+K22g8QTWEFwuANor1wZms73ATrkU8LRp3Tp72v3OJHFqCOJOpvAk0XhjLBhZjxkSdvcC/XgBUnW/i0+fCDMtTAz8aLMDdgVp6dm8=,iv:GSxTy8DdXKz2iW9/ZO1GniSW0Ccp/0tTOz4lJ6Jsd5w=,tag:Po+2MsvZ/pokWYcRYvAxqw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/opensci/staging.values.yaml b/config/clusters/opensci/staging.values.yaml deleted file mode 100644 index c26ccad8ad..0000000000 --- a/config/clusters/opensci/staging.values.yaml +++ /dev/null @@ -1,175 +0,0 @@ -jupyterhub: - ingress: - hosts: - - staging.opensci.2i2c.cloud - tls: - - secretName: https-auto-tls - hosts: - - staging.opensci.2i2c.cloud - custom: - 2i2c: - add_staff_user_ids_to_admin_users: true - add_staff_user_ids_of_type: "github" - jupyterhubConfigurator: - enabled: false - homepage: - templateVars: - org: - name: Opensci (Staging) - url: https://2i2c.org - logo_url: https://2i2c.org/media/logo.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: "" - url: "" - singleuser: - profileList: - - display_name: "Only Profile Available, this info is not shown in the UI" - slug: only-choice - profile_options: - image: - display_name: Image - unlisted_choice: &profile_list_unlisted_choice - enabled: True - display_name: "Custom image" - validation_regex: "^.+:.+$" - validation_message: "Must be a publicly available docker image, of form :" - display_name_in_choices: "Specify an existing docker image" - description_in_choices: "Use a pre-existing docker image from a public docker registry (dockerhub, quay, etc)" - kubespawner_override: - image: "{value}" - choices: - pangeo: - display_name: Pangeo Notebook Image - description: "Python image with scientific, dask and geospatial tools" - kubespawner_override: - image: pangeo/pangeo-notebook:2023.09.11 - geospatial: - display_name: Rocker Geospatial - description: "R image with RStudio, the tidyverse & Geospatial tools" - default: true - slug: geospatial - kubespawner_override: - image: rocker/binder:4.3 - # Launch into RStudio after the user logs in - default_url: /rstudio - # Ensures container working dir is homedir - # https://github.com/2i2c-org/infrastructure/issues/2559 - working_dir: /home/rstudio - scipy: - display_name: Jupyter SciPy Notebook - slug: scipy - kubespawner_override: - image: jupyter/scipy-notebook:2023-06-26 - resources: - display_name: Resource Allocation - choices: - mem_3_7: - display_name: 3.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 3982682624 - mem_limit: 3982682624 - cpu_guarantee: 0.46875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - default: true - mem_7_4: - display_name: 7.4 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 7965365248 - mem_limit: 7965365248 - cpu_guarantee: 0.9375 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_14_8: - display_name: 14.8 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 15930730496 - mem_limit: 15930730496 - cpu_guarantee: 1.875 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - mem_29_7: - display_name: 29.7 GB RAM, upto 3.7 CPUs - kubespawner_override: - mem_guarantee: 31861460992 - mem_limit: 31861460992 - cpu_guarantee: 3.75 - cpu_limit: 3.75 - node_selector: - node.kubernetes.io/instance-type: r5.xlarge - - hub: - # Allows for multiple concurrent demos - allowNamedServers: true - services: - binder: - # FIXME: ref https://github.com/2i2c-org/binderhub-service/issues/57 - # for something more readable and requiring less copy-pasting - url: http://staging-binderhub-service:8090 - image: - name: quay.io/2i2c/dynamic-image-building-experiment - tag: "0.0.1-0.dev.git.7567.ha4162031" - config: - JupyterHub: - authenticator_class: github - GitHubOAuthenticator: - oauth_callback_url: https://staging.opensci.2i2c.cloud/hub/oauth_callback - allowed_organizations: - - 2i2c-demo-hub-access - - ScienceCore - scope: - - read:org - - extraConfig: - enable-fancy-profiles: | - from jupyterhub_fancy_profiles import setup_ui - setup_ui(c) - -binderhub-service: - nodeSelector: - hub.jupyter.org/node-purpose: core - enabled: true - service: - port: 8090 - # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml - # will start a docker-api pod on a user node. - # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, - # that will be accessible via a unix socket, mounted by the build. - # The docker-api pod must run on the same node as the builder pods. - dockerApi: - nodeSelector: - hub.jupyter.org/node-purpose: user - tolerations: - # Tolerate tainted jupyterhub user nodes - - key: hub.jupyter.org_dedicated - value: user - effect: NoSchedule - - key: hub.jupyter.org/dedicated - value: user - effect: NoSchedule - config: - BinderHub: - base_url: /services/binder - use_registry: true - # Re-uses the registry created for the `binderhub-staging` hub - # but pushes images under a different prefix - image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/opensci- - KubernetesBuildExecutor: - # Get ourselves a newer repo2docker! - build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 - node_selector: - # Schedule builder pods to run on user nodes only - hub.jupyter.org/node-purpose: user - # The password to the registry is stored encrypted in the hub's encrypted config file - buildPodsRegistryCredentials: - server: "https://us-central1-docker.pkg.dev" - username: "_json_key" From fdba7447d883902c192c7cb1bd8fd4c857dfab09 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 23 Feb 2024 14:05:20 +0200 Subject: [PATCH 452/494] Add the science core hub instead --- .../enc-sciencecore.secret.values.yaml | 23 +++ .../clusters/opensci/sciencecore.values.yaml | 175 ++++++++++++++++++ 2 files changed, 198 insertions(+) create mode 100644 config/clusters/opensci/enc-sciencecore.secret.values.yaml create mode 100644 config/clusters/opensci/sciencecore.values.yaml diff --git a/config/clusters/opensci/enc-sciencecore.secret.values.yaml b/config/clusters/opensci/enc-sciencecore.secret.values.yaml new file mode 100644 index 0000000000..7ab0a63c19 --- /dev/null +++ b/config/clusters/opensci/enc-sciencecore.secret.values.yaml @@ -0,0 +1,23 @@ +binderhub-service: + buildPodsRegistryCredentials: + password: ENC[AES256_GCM,data:1OhtPmu5jb1D1yUMvIY2tcGpGYRFXnibqinkdalyDqsbDgCdtHLS9Hojidm8JchEXWDpI7wtwXEWXDvm4gXj3g1RpDI+ghUT1v5GeV0Gx9KLDSSdf+mUMC27HlqT5CdVeA9vJs3kjjZ3lBPjZGRi3Yec1tFNVUvbHiCTBTosBIA3YAUdG2rUMxjB2MTxiZzLl5sAICDEmYmbHRLNL7HjbXvpzFYvLxKZIqR4V8jeNBWyfMttCnTqYFNoFrB89WlmgJqdy7JvgmjOlSYBkPd/Czajk2bYeb2DNZmk0OOohDYygdSk1GQM7mNKHB6ToyvxKNnl2rpZxFIZNPvUIoiiS/D0+bvZtkZ3ENhggDVCf7pI4ZtStuQNTjOn7AbkKpHL+ZjdIwno6eixABGday5ulD9N+Tje8Vmp980vNXsmFljCljIx3D8h2qIFjSZ3THxeTP1IbfdwtbI2CR6WEwjlAgPUGLH3U6fOXX31I6bbsJ3HqJOj2qgqSr4g28Tzyt9k1l3dFAg2tXKyIMVqk45/Dm+k160Rxf7n4bHmicyXASVig/rLHwq3OhZh2uJSozqkT3Omw0tZJyZxSqEfL6Kt1q6sJfS/NxYevZp1+hMA9sf+9hl3o5ltdktqGGDxQoLkHiDdfNUnnyt5+zWUtWwGG1CZQ3P7aiQwkLAZ66LsJ/nsK02mBK9ae5D8/lbCEgs069ryDD6KY5in/2Oe+6CGw0bqG/swRNJFr65kQ2oZMRNBhT6pVR2RFkskZY8buBBt+rlXwZqbdVhfTkv0OVwZIxRVcMMDi9xYuGDpvdJ6xTyKZ7cX7TnPO7fV1DRjprt2YkqcYL8j+KkQ+UzJ9zbwYLrSrqIu0kpHlCJwsxix3u6lvmd028uhVkDd2GKaN7Q2c3vJx9Sm3KBVmKcL5+HFHfoy59Ouo4oIVcvEecHDvp8UDDkm8RzFHGaZZZeZ4UqGHETU/ZGB+0tKZpZjzwOKQbPYWrTEadd1rzRC+8UqYjOyQRiCPnDpnsXBmcvXYZ0F+WnB4E/EJaqdRmfoSlZFivjq8aEoc7xx6XsPDwyEEgBAV1MfV5VY3RiHGXUI2BRquObDTl+RBTb2saQzI9ONzAqa9HlJ3rmMQgeXVzgtXB8jKuXQDdmJMrTZnPRCy1IdQrqeUkNOhgP4JZXVws+so1K/DhnUNMtgFoTS3gFtQNHGojAEUK0RkaNj8EeU4ODiWsO7b9bGbwKK5aKMCzoZrjVsoKb/aCBGw6innDJnZQcV0EPsSsJ2eqB9f8iVeQSIkzFRQnmEiQG07MO9j0onJxjtpQ68Pa68Jhr2JegaRX/ixX5mHkquMCIsyERIJXk+yQ0cbeROeTu0HcnTf8i6oyEfOb1qpDXgMyFpKNH7VUZeKfNyec9oOuEVcG7UM6ewdnq5FUcV5raXxyaHXy5zfk3pZ2sA6Ov+5tPSihmlAHg8lfC0jsOxzxY8iAU5JTf6xRCYrPMdy8CqZRzYdtM9TPaz4LUOJyH3BCuGzPttzd9Q5N9l/kvNe+U4zJ3C9pCR0sgo5G1DTRcofpuCHQmpEuOfoMwSPdi4RT9nR4+d7WXl+geyKSqWKF3YxcJRpuyUQ7yC0+NMA6EyKvGx2RgH2rij2wUX8YvEPL0RF4/7iZGG+82z+8IjOCZCKGwwdcZhTuUw/oT22014lQ7EbLTh6EghYoVm/h7q8smqwqw2zBS1PvoadP327/RJcxIXocI7WXc/OlHBgggxQD4S0fpsGz2Glle/vcbx4GGZhU/U1Vh88jtnNgJGR12W2Z/C0u3oplO4jl0+LYK73qmvYQYDkN2EM3SpsY1KTPPFT4Y2qKwXPBZSLdXBA5uMgMrP2S8pKZDEO3l35Q52lzz+C+0wtoaaExp6QA9ruN5nd31pUMyToF/S2S28a0OAkH/5yrrkSAd16BTeBS3e1miFiWCWhEQbNa+8uZCItuobaf5bS90JeR3t8l/miD/lgWwn51w2HTYmikSlfCcoxtUakhGNCXOHKcTRy61GM7uEdEi0HjsPc+vk6fjF3Rvdsrv8j7CF+HY00wBYudUDRA3dB/7F1ZOTfItgsKdejQmtWPeLiJSXnK/sBR0psd/rmr5wFJU+qIzSiZc7qWeeIophQWw557XBboBcxLOyHwwBUe1rDc4brgm8dHLEnXUfZJeLkL301YthhsSSfKoRnkTPQSpvxiNy62verETEaCJrZ0Q/SD1cPMIdNDHSKIbRDbJEo86G3UFOGE82C+MwVib2v6+Te6V+Ug8jAiW+d3spY4bAmngjzf6JWxHqt6wtxlEUTH4JU3OeqztSNc8dmenjs3frkk2y4tLP0BkMtuf4PMtB2n4OgWjlEPcjO1XcLT+bYOfSU03LBvGAT8N9SACpC+pC44MwnWpdwzTN0b3gFLSbPTh2uynRpniWHoAD3mq0E/A9WcFiWzbXqKplm7m1n9uhOhMEHROv7p9eHgMPMiieu5XEH06KQJ9mRlHBz8iUs086SCjwsM3O7Rtf/pgjrAW2X69cis31iS3JcspCcY+fn2U81TiW+pIS71pMXsl4FtJ+GCVvLPJpYyLmrJhK372mERGT5t9xiNZpmNcyL5vQaQl/F4aq3u2wlcJICFIsx6G58NcB7ICFFkHQ5IF6PCFiTXEr4P4tBPHQO+JewIFbdxFGKUtUHgC13tEvRjb8HD8bOGSnOzTi/wgxB1GujJOrk5sauJ9bARfcOng4v5DJf8xhy7Yy0umhLdwyatQ5UkkKHZO412tJwp9uyfyIlE+XONJdWfSdbxB7y7wZbX9zWOg3HmuMC7SbJAKPrBkQ9pIqilRio9Y5o5kgw/btzFyBo7QeWp0poD/k8YOeB3qDGxnN7nlsDEG778bZ46sR+2mEoV6tJUCJWL9968QW36VFWQzTSACrRISaXNxFS5XYNf4JvMVZI+9bpqZAWOSFfaicpupQnHAqai3eY1VouyG4DOLb5KMzbmcyJZ0Cqks/JOgz5KPIXvT3FkXNjubhGshqoZqfWUEFR/WjdIQJQLeKQIerwKiPX8KWZrjCOFjVJVthkBWI+bslNNtiUlj7Z9xK5+Mv0DnumDthu6d27HKKMbBMpMt5+2c0JXqVK9SvZGl9zy5JzYkj95SniAS4tUpIskX2vIgPXACCl5urfRo8HqxYK1scM8wyn6goIg4H4+ce/3pXBY+TYywoxBaEXtYvt/J/on1jLSp4zlWxrnf53d4QF7LX,iv:iWOUHcl6uE/5WtybLkDYM7duIpnFKQaSn2/bFvg3GKw=,tag:OL02P4I73VNxhNA1cD7KhA==,type:str] +jupyterhub: + hub: + config: + GitHubOAuthenticator: + client_id: ENC[AES256_GCM,data:dhNb/AwKFr/2s1+RUIsndJ5EKC4=,iv:6Rzm5NBgBZcHrOyWFYi1qib1iraWoRpeoPCo42wUD10=,tag:JIKjxJQ8I8fM+Z+MFRfsEA==,type:str] + client_secret: ENC[AES256_GCM,data:LQedpZelm6SO8KAFBpV5fHFYmTOXyzz75HoKC+N9D3/lH7TXZFxl9w==,iv:isCaLvhi3aU/mOLEtsRegzSVxcMh4HRV2kCB3Klrsq0=,tag:c3zZ2190eyzsuK1Mv2t6CQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2023-09-18T19:00:41Z" + enc: CiUA4OM7eFioG9yDgVwKtc0cYrU65GNcqMSDuUgnuXuq3KW9dRI6EkkAq2nhVV2TFrZOq5jktjMd4TQF1lwH/08tAyGd3vMfBmdd3Xdy3bAUUHhrPXcK6QabMRYdXPzQzgB+oBGaqOsJO7D7jT9NpeCn + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-23T11:56:17Z" + mac: ENC[AES256_GCM,data:1NuBjid3SNq/Fv5Pxdfby5Wl7mb7mQG9MYa6pjPaEU2YFf9wRK8WNADCEa4H98xI4dPxcFyftJ0Ww7xUX2o6sa6N6ExM0RMbpSFZ7gttUhDTsLa/D1oYvyr5sFZXOsfeXKyqmSeQZ8+zmZ1GROKjSuNpumS+TGe5ir2EIE3Zuf0=,iv:bJqET8IxysTgdjvmlL2u4xU/fcnDV+j4AlShoMeQ28k=,tag:N+e3YkfTFqEaqqYPwpmuLQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml new file mode 100644 index 0000000000..b45508baa0 --- /dev/null +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -0,0 +1,175 @@ +jupyterhub: + ingress: + hosts: + - sciencecore.opensci.2i2c.cloud + tls: + - secretName: https-auto-tls + hosts: + - sciencecore.opensci.2i2c.cloud + custom: + 2i2c: + add_staff_user_ids_to_admin_users: true + add_staff_user_ids_of_type: "github" + jupyterhubConfigurator: + enabled: false + homepage: + templateVars: + org: + name: Sciencecore + url: https://2i2c.org + logo_url: https://2i2c.org/media/logo.png + designed_by: + name: 2i2c + url: https://2i2c.org + operated_by: + name: 2i2c + url: https://2i2c.org + funded_by: + name: "" + url: "" + singleuser: + profileList: + - display_name: "Only Profile Available, this info is not shown in the UI" + slug: only-choice + profile_options: + image: + display_name: Image + unlisted_choice: &profile_list_unlisted_choice + enabled: True + display_name: "Custom image" + validation_regex: "^.+:.+$" + validation_message: "Must be a publicly available docker image, of form :" + display_name_in_choices: "Specify an existing docker image" + description_in_choices: "Use a pre-existing docker image from a public docker registry (dockerhub, quay, etc)" + kubespawner_override: + image: "{value}" + choices: + pangeo: + display_name: Pangeo Notebook Image + description: "Python image with scientific, dask and geospatial tools" + kubespawner_override: + image: pangeo/pangeo-notebook:2023.09.11 + geospatial: + display_name: Rocker Geospatial + description: "R image with RStudio, the tidyverse & Geospatial tools" + default: true + slug: geospatial + kubespawner_override: + image: rocker/binder:4.3 + # Launch into RStudio after the user logs in + default_url: /rstudio + # Ensures container working dir is homedir + # https://github.com/2i2c-org/infrastructure/issues/2559 + working_dir: /home/rstudio + scipy: + display_name: Jupyter SciPy Notebook + slug: scipy + kubespawner_override: + image: jupyter/scipy-notebook:2023-06-26 + resources: + display_name: Resource Allocation + choices: + mem_3_7: + display_name: 3.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 3982682624 + mem_limit: 3982682624 + cpu_guarantee: 0.46875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + default: true + mem_7_4: + display_name: 7.4 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 7965365248 + mem_limit: 7965365248 + cpu_guarantee: 0.9375 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_14_8: + display_name: 14.8 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 15930730496 + mem_limit: 15930730496 + cpu_guarantee: 1.875 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + mem_29_7: + display_name: 29.7 GB RAM, upto 3.7 CPUs + kubespawner_override: + mem_guarantee: 31861460992 + mem_limit: 31861460992 + cpu_guarantee: 3.75 + cpu_limit: 3.75 + node_selector: + node.kubernetes.io/instance-type: r5.xlarge + + hub: + # Allows for multiple concurrent demos + allowNamedServers: true + services: + binder: + # FIXME: ref https://github.com/2i2c-org/binderhub-service/issues/57 + # for something more readable and requiring less copy-pasting + url: http://sciencecore-binderhub-service:8090 + image: + name: quay.io/2i2c/dynamic-image-building-experiment + tag: "0.0.1-0.dev.git.7567.ha4162031" + config: + JupyterHub: + authenticator_class: github + GitHubOAuthenticator: + oauth_callback_url: https://sciencecore.opensci.2i2c.cloud/hub/oauth_callback + allowed_organizations: + - 2i2c-demo-hub-access + - ScienceCore + scope: + - read:org + + extraConfig: + enable-fancy-profiles: | + from jupyterhub_fancy_profiles import setup_ui + setup_ui(c) + +binderhub-service: + nodeSelector: + hub.jupyter.org/node-purpose: core + enabled: true + service: + port: 8090 + # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml + # will start a docker-api pod on a user node. + # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, + # that will be accessible via a unix socket, mounted by the build. + # The docker-api pod must run on the same node as the builder pods. + dockerApi: + nodeSelector: + hub.jupyter.org/node-purpose: user + tolerations: + # Tolerate tainted jupyterhub user nodes + - key: hub.jupyter.org_dedicated + value: user + effect: NoSchedule + - key: hub.jupyter.org/dedicated + value: user + effect: NoSchedule + config: + BinderHub: + base_url: /services/binder + use_registry: true + # Re-uses the registry created for the `binderhub-staging` hub + # but pushes images under a different prefix + image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/opensci- + KubernetesBuildExecutor: + # Get ourselves a newer repo2docker! + build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 + node_selector: + # Schedule builder pods to run on user nodes only + hub.jupyter.org/node-purpose: user + # The password to the registry is stored encrypted in the hub's encrypted config file + buildPodsRegistryCredentials: + server: "https://us-central1-docker.pkg.dev" + username: "_json_key" From 7ba5d437d58e78ee2772d3c4daf6c06b848e2ffc Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Sun, 25 Feb 2024 19:01:24 +0200 Subject: [PATCH 453/494] Switch to quay.io --- config/clusters/opensci/enc-sciencecore.secret.values.yaml | 6 +++--- config/clusters/opensci/sciencecore.values.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/clusters/opensci/enc-sciencecore.secret.values.yaml b/config/clusters/opensci/enc-sciencecore.secret.values.yaml index 7ab0a63c19..90e60c5a20 100644 --- a/config/clusters/opensci/enc-sciencecore.secret.values.yaml +++ b/config/clusters/opensci/enc-sciencecore.secret.values.yaml @@ -1,6 +1,6 @@ binderhub-service: buildPodsRegistryCredentials: - password: ENC[AES256_GCM,data:1OhtPmu5jb1D1yUMvIY2tcGpGYRFXnibqinkdalyDqsbDgCdtHLS9Hojidm8JchEXWDpI7wtwXEWXDvm4gXj3g1RpDI+ghUT1v5GeV0Gx9KLDSSdf+mUMC27HlqT5CdVeA9vJs3kjjZ3lBPjZGRi3Yec1tFNVUvbHiCTBTosBIA3YAUdG2rUMxjB2MTxiZzLl5sAICDEmYmbHRLNL7HjbXvpzFYvLxKZIqR4V8jeNBWyfMttCnTqYFNoFrB89WlmgJqdy7JvgmjOlSYBkPd/Czajk2bYeb2DNZmk0OOohDYygdSk1GQM7mNKHB6ToyvxKNnl2rpZxFIZNPvUIoiiS/D0+bvZtkZ3ENhggDVCf7pI4ZtStuQNTjOn7AbkKpHL+ZjdIwno6eixABGday5ulD9N+Tje8Vmp980vNXsmFljCljIx3D8h2qIFjSZ3THxeTP1IbfdwtbI2CR6WEwjlAgPUGLH3U6fOXX31I6bbsJ3HqJOj2qgqSr4g28Tzyt9k1l3dFAg2tXKyIMVqk45/Dm+k160Rxf7n4bHmicyXASVig/rLHwq3OhZh2uJSozqkT3Omw0tZJyZxSqEfL6Kt1q6sJfS/NxYevZp1+hMA9sf+9hl3o5ltdktqGGDxQoLkHiDdfNUnnyt5+zWUtWwGG1CZQ3P7aiQwkLAZ66LsJ/nsK02mBK9ae5D8/lbCEgs069ryDD6KY5in/2Oe+6CGw0bqG/swRNJFr65kQ2oZMRNBhT6pVR2RFkskZY8buBBt+rlXwZqbdVhfTkv0OVwZIxRVcMMDi9xYuGDpvdJ6xTyKZ7cX7TnPO7fV1DRjprt2YkqcYL8j+KkQ+UzJ9zbwYLrSrqIu0kpHlCJwsxix3u6lvmd028uhVkDd2GKaN7Q2c3vJx9Sm3KBVmKcL5+HFHfoy59Ouo4oIVcvEecHDvp8UDDkm8RzFHGaZZZeZ4UqGHETU/ZGB+0tKZpZjzwOKQbPYWrTEadd1rzRC+8UqYjOyQRiCPnDpnsXBmcvXYZ0F+WnB4E/EJaqdRmfoSlZFivjq8aEoc7xx6XsPDwyEEgBAV1MfV5VY3RiHGXUI2BRquObDTl+RBTb2saQzI9ONzAqa9HlJ3rmMQgeXVzgtXB8jKuXQDdmJMrTZnPRCy1IdQrqeUkNOhgP4JZXVws+so1K/DhnUNMtgFoTS3gFtQNHGojAEUK0RkaNj8EeU4ODiWsO7b9bGbwKK5aKMCzoZrjVsoKb/aCBGw6innDJnZQcV0EPsSsJ2eqB9f8iVeQSIkzFRQnmEiQG07MO9j0onJxjtpQ68Pa68Jhr2JegaRX/ixX5mHkquMCIsyERIJXk+yQ0cbeROeTu0HcnTf8i6oyEfOb1qpDXgMyFpKNH7VUZeKfNyec9oOuEVcG7UM6ewdnq5FUcV5raXxyaHXy5zfk3pZ2sA6Ov+5tPSihmlAHg8lfC0jsOxzxY8iAU5JTf6xRCYrPMdy8CqZRzYdtM9TPaz4LUOJyH3BCuGzPttzd9Q5N9l/kvNe+U4zJ3C9pCR0sgo5G1DTRcofpuCHQmpEuOfoMwSPdi4RT9nR4+d7WXl+geyKSqWKF3YxcJRpuyUQ7yC0+NMA6EyKvGx2RgH2rij2wUX8YvEPL0RF4/7iZGG+82z+8IjOCZCKGwwdcZhTuUw/oT22014lQ7EbLTh6EghYoVm/h7q8smqwqw2zBS1PvoadP327/RJcxIXocI7WXc/OlHBgggxQD4S0fpsGz2Glle/vcbx4GGZhU/U1Vh88jtnNgJGR12W2Z/C0u3oplO4jl0+LYK73qmvYQYDkN2EM3SpsY1KTPPFT4Y2qKwXPBZSLdXBA5uMgMrP2S8pKZDEO3l35Q52lzz+C+0wtoaaExp6QA9ruN5nd31pUMyToF/S2S28a0OAkH/5yrrkSAd16BTeBS3e1miFiWCWhEQbNa+8uZCItuobaf5bS90JeR3t8l/miD/lgWwn51w2HTYmikSlfCcoxtUakhGNCXOHKcTRy61GM7uEdEi0HjsPc+vk6fjF3Rvdsrv8j7CF+HY00wBYudUDRA3dB/7F1ZOTfItgsKdejQmtWPeLiJSXnK/sBR0psd/rmr5wFJU+qIzSiZc7qWeeIophQWw557XBboBcxLOyHwwBUe1rDc4brgm8dHLEnXUfZJeLkL301YthhsSSfKoRnkTPQSpvxiNy62verETEaCJrZ0Q/SD1cPMIdNDHSKIbRDbJEo86G3UFOGE82C+MwVib2v6+Te6V+Ug8jAiW+d3spY4bAmngjzf6JWxHqt6wtxlEUTH4JU3OeqztSNc8dmenjs3frkk2y4tLP0BkMtuf4PMtB2n4OgWjlEPcjO1XcLT+bYOfSU03LBvGAT8N9SACpC+pC44MwnWpdwzTN0b3gFLSbPTh2uynRpniWHoAD3mq0E/A9WcFiWzbXqKplm7m1n9uhOhMEHROv7p9eHgMPMiieu5XEH06KQJ9mRlHBz8iUs086SCjwsM3O7Rtf/pgjrAW2X69cis31iS3JcspCcY+fn2U81TiW+pIS71pMXsl4FtJ+GCVvLPJpYyLmrJhK372mERGT5t9xiNZpmNcyL5vQaQl/F4aq3u2wlcJICFIsx6G58NcB7ICFFkHQ5IF6PCFiTXEr4P4tBPHQO+JewIFbdxFGKUtUHgC13tEvRjb8HD8bOGSnOzTi/wgxB1GujJOrk5sauJ9bARfcOng4v5DJf8xhy7Yy0umhLdwyatQ5UkkKHZO412tJwp9uyfyIlE+XONJdWfSdbxB7y7wZbX9zWOg3HmuMC7SbJAKPrBkQ9pIqilRio9Y5o5kgw/btzFyBo7QeWp0poD/k8YOeB3qDGxnN7nlsDEG778bZ46sR+2mEoV6tJUCJWL9968QW36VFWQzTSACrRISaXNxFS5XYNf4JvMVZI+9bpqZAWOSFfaicpupQnHAqai3eY1VouyG4DOLb5KMzbmcyJZ0Cqks/JOgz5KPIXvT3FkXNjubhGshqoZqfWUEFR/WjdIQJQLeKQIerwKiPX8KWZrjCOFjVJVthkBWI+bslNNtiUlj7Z9xK5+Mv0DnumDthu6d27HKKMbBMpMt5+2c0JXqVK9SvZGl9zy5JzYkj95SniAS4tUpIskX2vIgPXACCl5urfRo8HqxYK1scM8wyn6goIg4H4+ce/3pXBY+TYywoxBaEXtYvt/J/on1jLSp4zlWxrnf53d4QF7LX,iv:iWOUHcl6uE/5WtybLkDYM7duIpnFKQaSn2/bFvg3GKw=,tag:OL02P4I73VNxhNA1cD7KhA==,type:str] + password: ENC[AES256_GCM,data:+WZcWoVpAteJXujz9dAaEAv0tvLWgdgfEThAGDD4abuABmWoBVCBWzrmsaD1FX4OWrRRC5cPM+sBgqD/ICT4zw==,iv:OuvUqG1pf2RnAbrnVi/4fAna83t9nXM4WENMX22fluc=,tag:o6dTP6IM8h2GATDZvR45/A==,type:str] jupyterhub: hub: config: @@ -16,8 +16,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-02-23T11:56:17Z" - mac: ENC[AES256_GCM,data:1NuBjid3SNq/Fv5Pxdfby5Wl7mb7mQG9MYa6pjPaEU2YFf9wRK8WNADCEa4H98xI4dPxcFyftJ0Ww7xUX2o6sa6N6ExM0RMbpSFZ7gttUhDTsLa/D1oYvyr5sFZXOsfeXKyqmSeQZ8+zmZ1GROKjSuNpumS+TGe5ir2EIE3Zuf0=,iv:bJqET8IxysTgdjvmlL2u4xU/fcnDV+j4AlShoMeQ28k=,tag:N+e3YkfTFqEaqqYPwpmuLQ==,type:str] + lastmodified: "2024-02-25T17:01:03Z" + mac: ENC[AES256_GCM,data:grR3Oni0pj5ycFq2Y+gdfHSXYcmCb8TK80GTY1DuFopCq86u8sv3X+7YfH0davs/Un+SZtZjZU0nUTu/BZFq27vmQrmcfdFjF9iTqFbBIUvwZqwuWZKQtJuWvU0Nkaww70EjaGdB/yVenyRLoTSR70TGtuNUn73Kva70kZEIse8=,iv:bNmrHC4JFdyIXYsRoDejlD8P1oRasL8m0r3Yrum1Qt8=,tag:AE6/SNzcuox8gGlkCqdgSQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml index b45508baa0..25ea9056d3 100644 --- a/config/clusters/opensci/sciencecore.values.yaml +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -162,7 +162,7 @@ binderhub-service: use_registry: true # Re-uses the registry created for the `binderhub-staging` hub # but pushes images under a different prefix - image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/opensci- + image_prefix: quay.io/2i2c/opensci-sciencecore KubernetesBuildExecutor: # Get ourselves a newer repo2docker! build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 @@ -171,5 +171,5 @@ binderhub-service: hub.jupyter.org/node-purpose: user # The password to the registry is stored encrypted in the hub's encrypted config file buildPodsRegistryCredentials: - server: "https://us-central1-docker.pkg.dev" - username: "_json_key" + server: "https://quay.io" + username: "2i2c+opensci_sciencecore_binderhub_service" From 66fbc990c3fc6d5e70a0483e899053ad490575eb Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Mon, 26 Feb 2024 11:03:03 +0200 Subject: [PATCH 454/494] Add imagepullSecret to be able to pull private images from our quay registry --- .../clusters/opensci/enc-sciencecore.secret.values.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/config/clusters/opensci/enc-sciencecore.secret.values.yaml b/config/clusters/opensci/enc-sciencecore.secret.values.yaml index 90e60c5a20..94e3663e72 100644 --- a/config/clusters/opensci/enc-sciencecore.secret.values.yaml +++ b/config/clusters/opensci/enc-sciencecore.secret.values.yaml @@ -2,6 +2,11 @@ binderhub-service: buildPodsRegistryCredentials: password: ENC[AES256_GCM,data:+WZcWoVpAteJXujz9dAaEAv0tvLWgdgfEThAGDD4abuABmWoBVCBWzrmsaD1FX4OWrRRC5cPM+sBgqD/ICT4zw==,iv:OuvUqG1pf2RnAbrnVi/4fAna83t9nXM4WENMX22fluc=,tag:o6dTP6IM8h2GATDZvR45/A==,type:str] jupyterhub: + imagePullSecret: + create: ENC[AES256_GCM,data:aJ5t7w==,iv:mdiodKbsYFnfzFkwCBbgQ6B/myJcL/z1+f15vTgSQwQ=,tag:mmuYSMXreRi2O4nwAzaZsw==,type:bool] + registry: ENC[AES256_GCM,data:iGtOHQXDhw==,iv:YXdzdemCE+6B5sA437zaUFKDhb2xj2X7gMZNzu3tTqM=,tag:Bqn2k57b6RYQJYB5v1Li2A==,type:str] + username: ENC[AES256_GCM,data:Tpi9Jr933Pdr30dJciikd5986k2qgWM+NR/uywFO25qFKYkWUTpEGpbT,iv:UQKLBLwKAqzlvBgj5QQvEwTT+M8NQ20YP1HuJ1JpNzo=,tag:PcNrqzCGRQetSslXb6IdfA==,type:str] + password: ENC[AES256_GCM,data:ykY706UePlnQ6L5swTY5e5/N1yk3Hpql8s2wy7MpYLugwmM4cr0VhKHbP1ZuL7uGrSIKYHXPQB0y7hfwgWsm9g==,iv:suZsgkz1dzBKp53XX+8QfzQ+fvWGnMIHEjIP+tVFERs=,tag:bNVbdkVD19YS5PxGMyBWfA==,type:str] hub: config: GitHubOAuthenticator: @@ -16,8 +21,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-02-25T17:01:03Z" - mac: ENC[AES256_GCM,data:grR3Oni0pj5ycFq2Y+gdfHSXYcmCb8TK80GTY1DuFopCq86u8sv3X+7YfH0davs/Un+SZtZjZU0nUTu/BZFq27vmQrmcfdFjF9iTqFbBIUvwZqwuWZKQtJuWvU0Nkaww70EjaGdB/yVenyRLoTSR70TGtuNUn73Kva70kZEIse8=,iv:bNmrHC4JFdyIXYsRoDejlD8P1oRasL8m0r3Yrum1Qt8=,tag:AE6/SNzcuox8gGlkCqdgSQ==,type:str] + lastmodified: "2024-02-26T08:54:20Z" + mac: ENC[AES256_GCM,data:dFxtb2e64nSVwq310U8IyNs+PCFe4AxBLHAdlMZWtSS3alZIm79Kn/wPC6WJFX41ib+mVSGU8rPFDoqsM/pBv4Ol8Fjkz2zlvSYbYpT/DwZO7hsCR+hoUrdiGTPFx0+qd4efN+J7WZKBb3dTkxzVECgS37WJGR8tv2afBBHlhQM=,iv:gIVEDiNshqJNDg5Ktb4k9sZHPw+5k9ALR5TR2Xhuzqs=,tag:oGufX/5w/PqG1OWPZ6H+rw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 From c34cef4c8143f519ce9490d6ed090571ebda4c4f Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 27 Feb 2024 10:16:18 +0200 Subject: [PATCH 455/494] Return some defaults when key dicts don't exist instead of raising errors --- .../generate-hub-features-table.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/helper-programs/generate-hub-features-table.py b/docs/helper-programs/generate-hub-features-table.py index fc7a15e31b..8e7e1e1e5c 100644 --- a/docs/helper-programs/generate-hub-features-table.py +++ b/docs/helper-programs/generate-hub-features-table.py @@ -96,7 +96,7 @@ def retrieve_jupyterhub_config_dict(hub_config): return hub_config["binderhub"]["jupyterhub"] return hub_config["jupyterhub"] except KeyError: - return + return {} def parse_yaml_config_value_files_for_features(cluster_path, hub_values_files): @@ -168,20 +168,20 @@ def build_options_list_entry(hub, hub_count, values_files_features, terraform_fe return { "domain": domain, "dedicated cluster": False if hub_count else True, - "dedicated nodepool": values_files_features["dedicated_nodepool"], + "dedicated nodepool": values_files_features.get("dedicated_nodepool", False), "user buckets (scratch/persistent)": terraform_features.get( hub["name"], {} ).get("user_buckets", False), "requester pays for buckets storage": terraform_features.get( hub["name"], {} ).get("requestor_pays", False), - "authenticator": values_files_features["authenticator"], - "user anonymisation": values_files_features["anonymization"], - "admin access to allusers dirs": values_files_features["allusers"], + "authenticator": values_files_features.get("authenticator", None), + "user anonymisation": values_files_features.get("anonymization", False), + "admin access to allusers dirs": values_files_features.get("allusers", False), "community domain": False if "2i2c.cloud" in domain else True, - "custom login page": values_files_features["custom_homepage"], - "custom html pages": values_files_features["custom_html"], - "gh-scoped-creds": values_files_features["gh_scoped_creds"], + "custom login page": values_files_features.get("custom_homepage", False), + "custom html pages": values_files_features.get("custom_html", False), + "gh-scoped-creds": values_files_features.get("gh_scoped_creds", False), # "static web pages": # "GPUs": # "profile lists": From c9b5def993e1b06cdeb1225f364b9e6eb4849e89 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 27 Feb 2024 10:23:48 +0200 Subject: [PATCH 456/494] Deploy grafana dashboards and add new cluster to the central one --- .github/workflows/deploy-grafana-dashboards.yaml | 1 + .../opensci/enc-grafana-token.secret.yaml | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 config/clusters/opensci/enc-grafana-token.secret.yaml diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 208772c51d..fd0b8688cf 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -29,6 +29,7 @@ jobs: - cluster_name: nasa-esdis - cluster_name: nasa-veda - cluster_name: openscapes + - cluster_name: opensci - cluster_name: pangeo-hubs - cluster_name: qcl - cluster_name: smithsonian diff --git a/config/clusters/opensci/enc-grafana-token.secret.yaml b/config/clusters/opensci/enc-grafana-token.secret.yaml new file mode 100644 index 0000000000..dbe09afae5 --- /dev/null +++ b/config/clusters/opensci/enc-grafana-token.secret.yaml @@ -0,0 +1,15 @@ +grafana_token: ENC[AES256_GCM,data:FUDyTxRjgJ3FrEzZ4FJeNCVOYtfAVGtz82Xjzlq0JSDrcDSdcOVc5VRZAixo6g==,iv:wP1WsvpXh4T6i0zKQatAmYS/+GRa5vwmRtOUz82VUWY=,tag:WY1AuW4YhYE54ij6pIjmZQ==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-02-27T08:21:10Z" + enc: CiUA4OM7eJwLqe0B1wFs4I0fTW9ca4t9EVaupRu6drh9jlu2BMxSEkkAXoW3JoVJBEtoW1U21/GHpWilS78im8nQUr/+YbIpFgHLJO1hsEbVqIjhJQ82ZfYryz9ozn/4/Fwxlzx6XymhncSnR/1KllE1 + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-27T08:21:11Z" + mac: ENC[AES256_GCM,data:dgsHlAhpVrM3246Mmk+Hiemmh4MVrkd75LYNx7ffyw0ojThJ8/wTLL8Bio25Py7vzQR10r3qVtj1+TNnDXE3cGHPTpXBuBS4RfdI63/+SAdoONL8T0J0zUM58opWfkhp3XaB5JAKJH4JTP+WGVDGmYWiyRC6kbxvn7fhLqq509U=,iv:SZ+s+LU+EJHNPbfGpHpkOzS4aTUWT0fHGyX5om0jH2w=,tag:F0vuPTXtXVUqlpCOKcLaAA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From 8e76c41ee18ebd97ec2fb6a8629a51c91e12dcab Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 27 Feb 2024 10:48:22 +0000 Subject: [PATCH 457/494] Remove staging hub config files --- config/clusters/callysto/cluster.yaml | 8 -------- .../callysto/enc-staging.secret.values.yaml | 20 ------------------- config/clusters/callysto/staging.values.yaml | 13 ------------ 3 files changed, 41 deletions(-) delete mode 100644 config/clusters/callysto/enc-staging.secret.values.yaml delete mode 100644 config/clusters/callysto/staging.values.yaml diff --git a/config/clusters/callysto/cluster.yaml b/config/clusters/callysto/cluster.yaml index 642a726781..db6dafbfb6 100644 --- a/config/clusters/callysto/cluster.yaml +++ b/config/clusters/callysto/cluster.yaml @@ -12,14 +12,6 @@ support: - support.values.yaml - enc-support.secret.values.yaml hubs: - - name: staging - display_name: "Callysto Staging" - domain: staging.callysto.2i2c.cloud - helm_chart: basehub - helm_chart_values_files: - - common.values.yaml - - staging.values.yaml - - enc-staging.secret.values.yaml - name: prod display_name: "Callysto Prod" domain: 2i2c.callysto.ca diff --git a/config/clusters/callysto/enc-staging.secret.values.yaml b/config/clusters/callysto/enc-staging.secret.values.yaml deleted file mode 100644 index 6769201b13..0000000000 --- a/config/clusters/callysto/enc-staging.secret.values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -jupyterhub: - hub: - config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:hUwFQGdeR8v3E8f1QIf0CWS3VIL/CMVjd8n6dZbkIi9PcoKfSEnTBXCgqBVcB0Qq9Fg=,iv:CUPKWHMIeOHJy0QKwQZbKn+tbh6tIAMbC73HMGDGJyk=,tag:ZpYhXNXoANURxlwtoTtyrQ==,type:str] - client_secret: ENC[AES256_GCM,data:M7xNlBrWqmOOt8B/v0HhisBlX3haZWFnQOPoucQdUtq+J0rjE5NdlY3t5XrFBdzBUM1l8Szc1OucJunpLRaMH9Mk7nYsK2dOtS8/JjJq7vASJPLIZ+o=,iv:ycH+HJwoEViPaxXQCOVBQ5uHmyzKCIVLK8VpLIY4r2A=,tag:T9W84ealMLHFIG3zSQl3lw==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-08-26T07:06:08Z" - enc: CiQA4OM7eOcDPtgayKH1sVxMED3Sdo++ww+ytiPWDa9bTIBiFG0SSQDuy/p8rfPkrcELUB/ZZPtsacL2beuCL4m/qHeavx0xj9jZv/dHsvLNfyoXpBsMYSkKTcW2pzvZbXRR7VAGlJIsx3bA3cK5lCs= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-08-26T07:06:09Z" - mac: ENC[AES256_GCM,data:4zjXLg6CaYq3RC/1g7eS05aTDPKAIMnDcAWuHXQUmp/mPM774urSXz/eKc587tEoWlERKgljVMbOmr59hExa0Qt05LizsbMoSEo4V/a/aJcYeas0fbSZ5oJbD7IcBkqb4oYX0CKN8ILXtKC67NooD2etbpN9FNC2am5IE7FmYmE=,iv:RpxlPYb6y2UPWL3IR/5hTmhIWgEcSNWQmZJE18uIncg=,tag:KIGvvpo0S1Lq3v4ohHHXSQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/callysto/staging.values.yaml b/config/clusters/callysto/staging.values.yaml deleted file mode 100644 index 79bc6089fa..0000000000 --- a/config/clusters/callysto/staging.values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -jupyterhub: - ingress: - hosts: [staging.callysto.2i2c.cloud] - tls: - - hosts: [staging.callysto.2i2c.cloud] - secretName: https-auto-tls - hub: - config: - CILogonOAuthenticator: - oauth_callback_url: https://staging.callysto.2i2c.cloud/hub/oauth_callback - custom: - homepage: - gitRepoBranch: "callysto-staging" From 90b9ec1739a762f6cbd2510c6ebe1350f76d0aa5 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 27 Feb 2024 13:47:06 +0200 Subject: [PATCH 458/494] Rename requester_pays again and rm it from aws --- terraform/aws/variables.tf | 10 ++-------- terraform/gcp/variables.tf | 4 ++-- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index 1874ff88c3..332a78ab5a 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -45,7 +45,6 @@ variable "user_buckets" { variable "hub_cloud_permissions" { type = map(object({ - allow_access_to_requestor_pays_buckets : optional(bool, false), bucket_admin_access : set(string), extra_iam_policy : string })) @@ -56,14 +55,9 @@ variable "hub_cloud_permissions" { Key is name of the hub namespace in the cluster, and values are particular permissions users running on those hubs should have. Currently supported are: - 1. allow_access_to_requestor_pays_buckets: Allow code running in user servers from this - hub to identify as coming from this particular GCP project when accessing GCS buckets - marked as 'requestor_pays'. In this case, the egress costs will - be borne by the project *containing the hub*, rather than the project *containing the bucket*. - Egress costs can get quite expensive, so this is 'opt-in'. - 2. bucket_admin_access: List of S3 storage buckets that users on this hub should have read + 1. bucket_admin_access: List of S3 storage buckets that users on this hub should have read and write permissions for. - 3. extra_iam_policy: An AWS IAM Policy document that grants additional rights to the users + 2. extra_iam_policy: An AWS IAM Policy document that grants additional rights to the users on this hub when talking to AWS services. EOT } diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 37068e7b8d..befa640d37 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -401,7 +401,7 @@ variable "max_cpu" { variable "hub_cloud_permissions" { type = map( object({ - allow_access_to_requestor_pays_buckets : optional(bool, false), + allow_access_to_external_requestor_pays_buckets : optional(bool, false), bucket_admin_access : set(string), bucket_readonly_access : optional(set(string), []), hub_namespace : string @@ -414,7 +414,7 @@ variable "hub_cloud_permissions" { Key is name of the hub namespace in the cluster, and values are particular permissions users running on those hubs should have. Currently supported are: - 1. allow_access_to_requestor_pays_buckets: Allow code running in user servers from this + 1. allow_access_to_external_requestor_pays_buckets: Allow code running in user servers from this hub to identify as coming from this particular GCP project when accessing GCS buckets marked as 'requestor_pays'. In this case, the egress costs will be borne by the project *containing the hub*, rather than the project *containing the bucket*. From b7fd9a5250cd868944def210acdf43b1b403d683 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Tue, 27 Feb 2024 14:11:09 +0200 Subject: [PATCH 459/494] Rename requestor to requester to match google's documentation and update docs language for clarity --- docs/topic/features.md | 35 +++++++++++++++++++---------------- terraform/gcp/variables.tf | 4 ++-- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/docs/topic/features.md b/docs/topic/features.md index 20141c2f91..8d04616eab 100644 --- a/docs/topic/features.md +++ b/docs/topic/features.md @@ -23,8 +23,8 @@ improving the security posture of our hubs. ### GCP -(topic:features:cloud:gcp:requestor-pays)= -#### 'Requestor Pays' access to Google Cloud Storage buckets +(topic:features:cloud:gcp:requester-pays)= +#### 'Requester Pays' access By default, the organization *hosting* data on Google Cloud pays for both storage and bandwidth costs of the data. However, Google Cloud also offers @@ -33,25 +33,28 @@ option, where the bandwidth costs are paid for by the organization *requesting* the data. This is very commonly used by organizations that provide big datasets on Google Cloud storage, to sustainably share costs of maintaining the data. +**Requester Pays** is a feature that a bucket can have. + +#### Allow access to external `Requester Payes` buckets + +If buckets outside the project have the `Requester Payes` flag, then we need to: +- set `hub_cloud_permissions.allow_access_to_external_requester_pays_buckets` + in the terraform config of the cluster +- this will allow them to be charged on their project for access of such + outside buckets + +```{warning} When this feature is enabled, users on a hub accessing cloud buckets from -other organizations marked as 'Requester Pays' will increase our cloud bill. +other organizations marked as `Requester Pays` will increase our cloud bill. Hence, this is an opt-in feature. +``` -```{important} -This feature enables the hub users to access `Requester Pays` buckets, -**outside** of their project. - -However, note that this feature **does not** control which buckets **inside** -the project will have `Requester Pays` enabled for themselves. +#### Enable `Requester Pays` flag on community buckets -1. This can be **checked** from the console following these steps in the -[GCP docs](https://cloud.google.com/storage/docs/using-requester-pays#check) or -by checking the `user_buckets` configuration in the project's terraform config -file if any `requester_pays` flag is specified because it is disabled by default. +The buckets that we set for communities, inside their projects can also have this flag enabled on them, which means that other people outside will be charged for their usage. -2. **Enabling or disabling** the `Requester Pays` flag on a bucket can be achieved by -setting the [`requestor_pays`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#requester_pays) flag to true in our terraform config -`user_buckets` variable as described in [](howto:features:storage-buckets). +```{warning} +This is not supported yet by our terraform. Follow (todo: insert issue link) for when support will be added. ``` (topic:features:cloud:scratch-buckets)= diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index befa640d37..f842bec480 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -401,7 +401,7 @@ variable "max_cpu" { variable "hub_cloud_permissions" { type = map( object({ - allow_access_to_external_requestor_pays_buckets : optional(bool, false), + allow_access_to_external_requester_pays_buckets : optional(bool, false), bucket_admin_access : set(string), bucket_readonly_access : optional(set(string), []), hub_namespace : string @@ -414,7 +414,7 @@ variable "hub_cloud_permissions" { Key is name of the hub namespace in the cluster, and values are particular permissions users running on those hubs should have. Currently supported are: - 1. allow_access_to_external_requestor_pays_buckets: Allow code running in user servers from this + 1. allow_access_to_external_requester_pays_buckets: Allow code running in user servers from this hub to identify as coming from this particular GCP project when accessing GCS buckets marked as 'requestor_pays'. In this case, the egress costs will be borne by the project *containing the hub*, rather than the project *containing the bucket*. From b9346a4049794206a5fb9a8689f5af5483219534 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 27 Feb 2024 12:57:13 +0000 Subject: [PATCH 460/494] Remove prod hub config files --- config/clusters/callysto/cluster.yaml | 10 +- config/clusters/callysto/common.values.yaml | 100 ------------------ .../callysto/enc-prod.secret.values.yaml | 20 ---- config/clusters/callysto/prod.values.yaml | 13 --- 4 files changed, 1 insertion(+), 142 deletions(-) delete mode 100644 config/clusters/callysto/common.values.yaml delete mode 100644 config/clusters/callysto/enc-prod.secret.values.yaml delete mode 100644 config/clusters/callysto/prod.values.yaml diff --git a/config/clusters/callysto/cluster.yaml b/config/clusters/callysto/cluster.yaml index db6dafbfb6..55acfbc1f8 100644 --- a/config/clusters/callysto/cluster.yaml +++ b/config/clusters/callysto/cluster.yaml @@ -11,12 +11,4 @@ support: helm_chart_values_files: - support.values.yaml - enc-support.secret.values.yaml -hubs: - - name: prod - display_name: "Callysto Prod" - domain: 2i2c.callysto.ca - helm_chart: basehub - helm_chart_values_files: - - common.values.yaml - - prod.values.yaml - - enc-prod.secret.values.yaml +hubs: [] diff --git a/config/clusters/callysto/common.values.yaml b/config/clusters/callysto/common.values.yaml deleted file mode 100644 index 11d3dab4ef..0000000000 --- a/config/clusters/callysto/common.values.yaml +++ /dev/null @@ -1,100 +0,0 @@ -nfs: - enabled: true - pv: - mountOptions: - - soft # We pick soft over hard, so NFS lockups don't lead to hung processes - - noatime - # Google FileStore IP - serverIP: 10.93.235.178 - # Name of Google Filestore share - baseShareName: /homes/ -jupyterhub: - custom: - 2i2c: - # add_staff_user_ids_to_admin_users is disabled because the usernames - # aren't github id or email based, individual 2i2c members have added - # their user to admin_users manually instead. - add_staff_user_ids_to_admin_users: false - # add_staff_user_ids_of_type: "google" - homepage: - templateVars: - org: - name: Callysto - url: https://www.callysto.ca - logo_url: https://www.callysto.ca/wp-content/uploads/2022/08/Callysto-HUB_vertical.png - designed_by: - name: 2i2c - url: https://2i2c.org - operated_by: - name: 2i2c - url: https://2i2c.org - funded_by: - name: Callysto - url: https://www.callysto.ca - singleuser: - extraFiles: - tree.html: - mountPath: /usr/local/share/jupyter/custom_template/tree.html - stringData: | - {% extends "templates/tree.html" %} - {% block header %} - - {% endblock %} - {% block logo %} - CallystoHub - {% endblock %} - notebook.html: - mountPath: /usr/local/share/jupyter/custom_template/notebook.html - stringData: | - {% extends "templates/notebook.html" %} - {% block logo %} - CallystoHub - {% endblock %} - hub: - config: - JupyterHub: - authenticator_class: cilogon - CILogonOAuthenticator: - allowed_idps: - http://google.com/accounts/o8/id: - default: true - username_derivation: - username_claim: "oidc" - allowed_domains_claim: email - allowed_domains: &allowed_domains - - 2i2c.org - - btps.ca - - callysto.ca - - cssd.ab.ca - - cybera.ca - - eics.ab.ca - - eips.ca - - epsb.ca - - fmpsd.ab.ca - - fmcsd.ab.ca - - rvschools.ab.ca - - spschools.org - - wsrd.ca - - ucalgary.ca - - ualberta.ca - - cfis.com - - "*.ca" - http://login.microsoftonline.com/common/oauth2/v2.0/authorize: - username_derivation: - username_claim: "oidc" - allowed_domains_claim: email - allowed_domains: *allowed_domains - # Usernames are based on a unique "oidc" claim and not email, so we need - # to reference these names when declaring admin_users. - admin_users: - - "117859169473992122769" # Georgiana (2i2c) - - "115722756968212778437" # Sarah (2i2c) - - "103849660365364958119" # Erik (2i2c) - - "115240156849150087300" # Ian Allison (PIMS) - - "102749090965437723445" # Byron Chu (Cybera) - - "115909958579864751636" # Michael Jones (Cybera) - - "106951135662332329542" # Elmar Bouwer (Cybera) diff --git a/config/clusters/callysto/enc-prod.secret.values.yaml b/config/clusters/callysto/enc-prod.secret.values.yaml deleted file mode 100644 index 92ac96c58a..0000000000 --- a/config/clusters/callysto/enc-prod.secret.values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -jupyterhub: - hub: - config: - CILogonOAuthenticator: - client_id: ENC[AES256_GCM,data:hDvmVElKOzOit25g/6dwr8cuxtxomTTWGau98geXsCYUImn/ah7jSQVk4ThEuICT99Ur,iv:9mLxAJE/6+BDns4frcx/+b3khNPvmR8fb+1a75gboe4=,tag:hRvx43HTMv6RR/qyFHfFkw==,type:str] - client_secret: ENC[AES256_GCM,data:pfuxypyKp0gLyadQLTW/4Us3eFT2Gq1LFVVR2XuI5OrLSJ/1r/9ZxjyfudzeHVIt0uj+TBMzIm3KZy0iuxUVC37xxWdNT4edqfWKS0DzourtWNjw7hI=,iv:ZEFOAjCiOHcECHhYhZGdEvkzgimIPp6IbnaNcRzJDmQ=,tag:XTKAl/cKyUVMoYI0RhWyyQ==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-09-01T08:14:40Z" - enc: CiQA4OM7eBuDtViKx8a4ai2VE6WlL5Egd8jfhl9dQyxoKHzxc58SSQDuy/p8FNJmSh+QHjrmZ0CwdBcXPmDDIUWVl+pOvPkeKXf9BUhBlKDXs/UVn6JbXDlxYMOVuWRrtPUTxK4+RqofYCxEXlLFBuE= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-09-01T08:14:40Z" - mac: ENC[AES256_GCM,data:hrzSUn7szHDXUdbmwCiNXaz1Yyn2gF/QVToYwaKSD6jZX459viLWcJwcBcGDdhC7EoycpPaEhCf88xsRC7aJaWq/xhHjGgcxC8MxKjyBQYBx5CKFmrYwOhxrlJuVBnM80kgXoi+EHKlzVf/2k2Y6unCqKyjs2cPx/H8R00a7/NQ=,iv:84Ik3Jd7+XSk3ldBMnwlRAPL1bPc0MMwq/QXl7nHXwg=,tag:+fnpq1dgvamKhkWqKeyAdw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/callysto/prod.values.yaml b/config/clusters/callysto/prod.values.yaml deleted file mode 100644 index 08edda058e..0000000000 --- a/config/clusters/callysto/prod.values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -jupyterhub: - ingress: - hosts: [2i2c.callysto.ca] - tls: - - hosts: [2i2c.callysto.ca] - secretName: https-auto-tls - hub: - config: - CILogonOAuthenticator: - oauth_callback_url: https://2i2c.callysto.ca/hub/oauth_callback - custom: - homepage: - gitRepoBranch: "callysto-prod" From f222528dcac89a9344b144439a9965d2e2c668e7 Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 27 Feb 2024 13:28:24 +0000 Subject: [PATCH 461/494] Remove the cluster files --- config/clusters/callysto/cluster.yaml | 14 --------- .../enc-deployer-credentials.secret.json | 30 ------------------- .../callysto/enc-grafana-token.secret.yaml | 15 ---------- .../callysto/enc-support.secret.values.yaml | 22 -------------- config/clusters/callysto/support.values.yaml | 28 ----------------- 5 files changed, 109 deletions(-) delete mode 100644 config/clusters/callysto/cluster.yaml delete mode 100644 config/clusters/callysto/enc-deployer-credentials.secret.json delete mode 100644 config/clusters/callysto/enc-grafana-token.secret.yaml delete mode 100644 config/clusters/callysto/enc-support.secret.values.yaml delete mode 100644 config/clusters/callysto/support.values.yaml diff --git a/config/clusters/callysto/cluster.yaml b/config/clusters/callysto/cluster.yaml deleted file mode 100644 index 55acfbc1f8..0000000000 --- a/config/clusters/callysto/cluster.yaml +++ /dev/null @@ -1,14 +0,0 @@ -name: callysto -provider: gcp # https://console.cloud.google.com/kubernetes/clusters/details/northamerica-northeast1/callysto-cluster/details?project=callysto-202316 -gcp: - key: enc-deployer-credentials.secret.json - project: callysto-202316 - cluster: callysto-cluster - zone: northamerica-northeast1 - billing: - paid_by_us: false -support: - helm_chart_values_files: - - support.values.yaml - - enc-support.secret.values.yaml -hubs: [] diff --git a/config/clusters/callysto/enc-deployer-credentials.secret.json b/config/clusters/callysto/enc-deployer-credentials.secret.json deleted file mode 100644 index e3189cb9b3..0000000000 --- a/config/clusters/callysto/enc-deployer-credentials.secret.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "type": "ENC[AES256_GCM,data:jLxq+8Yw1WQf2LeGKDqJ,iv:mvsyVv2DbvlOWzeus8vfipBjWtK18d7ncgd5xmzC7yU=,tag:bZ+/QPlyd4kELjDqmMZ0gg==,type:str]", - "project_id": "ENC[AES256_GCM,data:/oT3AuZ/PaFUGVyJqvTQ,iv:sHphaqeS4FEBIKvaoi5vh617Z3YN42GMABzYWAsE1Cc=,tag:qR9XPC/pQsSvfv64W7Vq5g==,type:str]", - "private_key_id": "ENC[AES256_GCM,data:1z7ZI2Ca9Is/S6Sd+/i5x5ToKTZlhnimR4AF7i078wG1/T3Rn/z08g==,iv:GWDlub5VKcThxJ4GgSEJftKY/GoT2J+Y9NuJeZyJlko=,tag:NocH+qc9QDpMKSUwoZE9dw==,type:str]", - "private_key": "ENC[AES256_GCM,data:vUjNhDaoJ7doc/fcKqwCkODVZ6pj6Sc5aA9CmA4IAzLsAlyDpLPGBI32gIAPEwvsAE1yHNi6MOX4g+Uvk9qjwibhhaYBJTz7mzfDjcctoz12afGkCdmP8DCpILvNcXs/G4cmAb8VFVPvDnWX45aP1F0IgTPcvOXZRxuY24EOITzxSf75WWMXrKYCLI86xbF2d5ov5MGukP3bZlJWVDyGbU10JVjfZniv/YVvOrLGIayM5I92ANwjLTD7sLNpHmhuFsMQJVGYep5yWxQNFIDzqUl1PVFO9k5wt+yrCifOgdEOCM0OrONoV/RVNHbVENvvJFPRFMRAELcxWgrNun3xjKiXsQNCNgyDetImXZ5cmdB02H10vTjauf0n5RLedcBxbQTrsCOfRYyqAsc+tg6PkoNpSRJsfd7ji3iJ7VtKsfOS7JkXCEHmLnmD18xYw3l1sSM6Eb/Lg6a+m8SfkQYkKKSy142kPTclkQP0euLwjPHXeBXmjd4eKFGMXNN1Ut47oR1S85MQHN5ONYkq0ZIt2BVPuiAFH7QbPz4fT5wmw00L6KlqL3Y6dCYM11v8jRWCl+SUhnSwfu8aUXEFtwdftxOkEi8OvK11CwIQEIiHrCcO8yIhX5BtxeLePVgPgmIy0fII+lkdEd5OQ3Yx2SHA5OdRwS+p37EGe175YnPZGPzKO0CQyp+Y2wl4X8WqZ/Z3Myhy+cEbb+OrnLQiOHQ/xgrta5HJlVcAZ/MtDCliRtxDeRZrkevcXzO9tl+Yw+ivERsxzq4OJS6qsN0E/r4qHz4IHXPEakG0INEvwnv78M8mtTB7dDUTmS5viODKP1PW0QcA8LCs28pQrlL7Urw85aYM6nHd+xA80tsQuymJ9UeHllqWl4ZN/7ByLQFv9b8/GeZPjr/GRWn48FDigQwZRmTAYuhjakCZhI5AKR5wZq5HUvhUvg96AU7QetpTcSCg0J/wVIURU7C5ZUzN6kIjAYBbOD2NQwyHPp4QE4+bf53ESdapuJHrAYqX54eoShqDy+I7RtcRRjIgzkIde8+/pUF8MKbKbElnovKP61FoU2WCCmvnbVdGdteJi/Y+vktbxsOpRt7L/xPp5jyoUQZJE8mqS8jGnXBJXRW5sO50FogWKP4G21NkGS99sQZXpmCw9uS3akPILi1kyw3DSTsamEdE9TS+3CXG7VPSME1DleQXq69PU7gyzA7qALamZQRK8SBYS0e198HYSupNBu0YFe8Ci8WHi+DH+22Pt4KlOdaMyB3KgddwVsVSHZIGUsiOEBSJ8jDTmXaSdLZWlAjnoIWb1TrFb6BdKEolBE3rz1Bw5SDgYgnQM64n7hBQEpb4ml0JLAwMln+gi31ugdvHbMlTMjgZwvOEEGaE0qfbEOZNPot+fXTzwaV6th56IGVb3HT9m8ue86R0aeIPCXR9It7UuQAE4c6qMHY1q7B9lXk/2z53RDTENp+HdBf6fttkMjFX9fl4sxyr0ObqnLDb7SVaw0DOTywsnpflJxr3wAxayGiRxSUJL7S6PVKZnPlg9jCdcx8MB+NhMohE+d1UwjczWle+2y/t9uhCYpeaDLnQVJla1jQfZ9ogZdsPhAiXg3gzhHmrGwyrhERVJTAEudJQOLjsYZDtQ55dB7hFWy/5JVWIPgtdSX58Bj2Ao/sJDXF7B6fHVkAd8JFgT0JdknSpvfMzcvE8maj9fB6e6N0FsrlfPZEcFFIxiMP/iPA5wBqsCs5LR7r7G7n/INaX3uF1uuGqzGHzuSh5ogMQ6/q9dGpL4nrRulo4fz9LMBKyMcyouC7pz7AScpWgvyYPGeTC6zev4Uz6lP2OhHkn4ApeJ8I8pE3BA5lAZvtuvwtX2vq6e22U//Lva9NSsgNHlUk4zV+WcOZxMoimFteZ08WMoi+hMXDVcRV08amMt0STKY80QfNDHtISg4ay7BWlU+czoP1xMX/itaZqBpOpYqNRtPr8TCD3/J4OWrZ+LFyN22JmG6Z6IaU8z2V0Pe7jMG6ixpil3NgKwZWgghX8kFZk/++4YKa/mD/QLPo/ghi9um159JaKgU+EIrQVHAcYkRFqM+DbKXQYpIG7pmX9KLmb/Q2SY7PvuQsJICCoap5MVSfckiN+YQp6uxdjG72rSa0Hh9FbJMIn/FVO/33I8Nr2CMaSoD/qtyqe5HJtspi5kv5BXI+EtQKhbhB2KQfBM8MU5aGwvtb2D9vM+puBHGSF/xhR99B8+VMxJZOTrCXovCkLFB/5JIA9KSoUovxI5W3GzkmDa1+N,iv:QlmlLCJvkXH1fh2V9n+0Ud2bwiCSbNeLe8Sx6Al+t/k=,tag:B2QJN3oF8Sxvc2VfQRQJ5w==,type:str]", - "client_email": "ENC[AES256_GCM,data:7o95KOWmXHMBx5+I7cNLpZPGJ8ALp0C5est9tam8puEn4jGQwMI+LVuL5F8CJ2f72isEmv8p,iv:5nxtrHsqVfmcfKDQAog4i2KChyNVgX8zBnRJfOyubX4=,tag:TFVkcNYsf+/ZkD3qkUkIqw==,type:str]", - "client_id": "ENC[AES256_GCM,data:ViNSS/FEkNzc/DG2luTXtLgAyyS7,iv:k0o8k8J/mlLlvSleltA9oQbbxHGPedd7YCjdwWLUC1I=,tag:5b2wv7dmWXkCA6DKL+fZtg==,type:str]", - "auth_uri": "ENC[AES256_GCM,data:L0DSSF7MsP7Jm/zfRYvc12Ig2rSwi+IUOLCTYuSp5iRjEgD/8qz6cBk=,iv:p+JiUJ1Trswbsq+UYgmGBeYqIt2Qpgmhix3seQMVnuI=,tag:M50xJagDNsWqPgCYac3aiw==,type:str]", - "token_uri": "ENC[AES256_GCM,data:FNgE3aClBnbjhOgcjum5cp8GBx7F6SFsHR0SHfgTT5fUhR8=,iv:CjYp2WJG/wVDZ7U5XnwmLycAidWgoCX9EM5qjHRnbuA=,tag:+2mAUgk9YIK6QNBvYMIIRA==,type:str]", - "auth_provider_x509_cert_url": "ENC[AES256_GCM,data:8eyI6CuYG1KZTUasBazXkwtjqLFMCboArHkLcvPdbY1tpjac1A+SnUon,iv:jdWStvR6KL/YGZToBXlHj+2TVmk9EUEqO9IoF/d12MQ=,tag:dyZFN6hzqQ7yDefOcVvIEw==,type:str]", - "client_x509_cert_url": "ENC[AES256_GCM,data:EWPsqxfyY0RqwE1ptObkSw5uEuanRwPGAHj5ySt2DZ1+WbhQzE/ZhEqFWaBE3ZYgaws8K2SOTo6IJdNrPKpv6MeMKJzyKAvWD2GojbNU+l34fx1BbChw2HBDozCWZRzqP+SkRquAF41yXg==,iv:w1nNA7HMlu+BenWhNKY2Cb5/GStIFDfUTQGGbt/clL4=,tag:cFRPU+oxuOPjFCk6QTNpPw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": [ - { - "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2022-08-25T10:53:25Z", - "enc": "CiQA4OM7eJb89U2i9YVone8gQ3u7TZuRon9jLWD0rSWwkvGHqo8SSQDuy/p8LqA/v+aDq09ittMSQUdaRLjOptN/Em1+4OkLeSzFx4jeBWJ27qTqv+bhfQqyEBEVfcPJYAiiDqQsw/GmBTjs1BIQboc=" - } - ], - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-08-25T11:28:14Z", - "mac": "ENC[AES256_GCM,data:6TUvA+akSeL+Nnuq4MFjRXyv33SlEPj1MtqBej38eBV4aUs3ssqxiLxQiyfRH+61sqtHazZq1o4r9i0YVkhkv37iauApyctQeeh0WFAMXKfmuBf9pQHsYToP9rcAj/fmMrWM35AU4jLNl+ChcJNSy97k59laNYu1FK2u2kq2DVg=,iv:1kf/lWoD8JBJhaB/nOA1tqKNw7BtAinVUughjuVuZz0=,tag:AumEJbN3sQQ3SCGl/SofLQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} diff --git a/config/clusters/callysto/enc-grafana-token.secret.yaml b/config/clusters/callysto/enc-grafana-token.secret.yaml deleted file mode 100644 index a202eeb7c6..0000000000 --- a/config/clusters/callysto/enc-grafana-token.secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -grafana_token: ENC[AES256_GCM,data:lpFQ/cYY5blAhNAZ0ANG9AXmoUEjTXcPtvxEQsxvTJwkd+HCq7h+bTnyyS2N62fF059KOVOzDa6WELCT0uwx0p3kgTjN2CvtRY2asBpwxMySxAhrodvMWYYFmFuPRT+sh4M8o+vKpzAn+LQ3,iv:2FEtw1DkowLMeYslLHXCqoaIngfrxyw7fSSsnDLcX3s=,tag:OsxPJraC2PhmwQby2pyRSQ==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-08-25T19:48:34Z" - enc: CiQA4OM7eNtEJVA9HZFHSJnoWCJFJcqq5SXnuwhx3CsZ5Vifjh8SSQDuy/p8FzcrFbYdXV4CzEhdRN0WnftfQygFe70+TWoh2wslepnl5QQ1fLr0fWxrfORLFmUDdb4wZi67LIhFrBV8gTCYd+QSrpk= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-08-25T19:48:35Z" - mac: ENC[AES256_GCM,data:e8TcGvhEWdKQh3kiNk8KxNAqmHctUeecm1WEpErstmuZIqm20Ayd2povxpzWGtXv7OKiBiBVJacbx6VnFv/X2NZAUNIal3mGTgu2XOiCcjaZQrxLSkjBskS/2qSaa874Hd+Q35t0XZ93u3nbQWD1zbyWnY3NThXG0msnVQ3eC3c=,iv:x57QXWh1nNz1WCzOSeyWnGolX7G966XlTi9jqvUQKzE=,tag:kPSD2+tkVAvFd23qMwjLKQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/callysto/enc-support.secret.values.yaml b/config/clusters/callysto/enc-support.secret.values.yaml deleted file mode 100644 index d7f7c68ed1..0000000000 --- a/config/clusters/callysto/enc-support.secret.values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -prometheusIngressAuthSecret: - username: ENC[AES256_GCM,data:PRxijXnlvkmjCkQyK/I+l2wWbaDkaJP94EmX7URKnBwZgokrPVG8azrHDJt5lEGo5PhX6waXTLHVgpK+ocP3Kg==,iv:HOVnan28Mpfg0X8jo284ZVdHUtV1CmgW3fR3hd+Vah8=,tag:vc2rLFUvs/p6JpoaIvQp5Q==,type:str] - password: ENC[AES256_GCM,data:mKNG8ASGy/G0fR3i6iOumvofaecFsT/lgZgKf3EitAz/bjqZ1MS4ofV73TQDdfxPx8/xYXjg1xH37mWd9s19aw==,iv:2AWZ1wnbBY+MFxtfu9SKPykIU6zih+7a+VhvTxWKM3A=,tag:uEH9uCPrIjywqcC53CZZTQ==,type:str] -grafana: - grafana.ini: - auth.github: - client_id: ENC[AES256_GCM,data:KuO3irah/twI6TQucSyppd9oLg8=,iv:D4Z9iipzgb3J9nZ8hv+Jv66R0Mi0iEFbMKambqTalRY=,tag:E9Ml95cTLk8PtwgWjS0TjQ==,type:str] - client_secret: ENC[AES256_GCM,data:Gn6XVtOQlRGw7qS6ctFWUwPDV8dsH87Epx1V6DIDuCylssZBq+W0Yw==,iv:3hF7N7QMzYQL1BAg/zwsofCZ4Wz3ulhLqiJ1BZzqlC8=,tag:dr5ryYXOJ6fr4/G/e+mMRw==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-08-25T11:12:05Z" - enc: CiQA4OM7eEd2fDWFZwDNAGHxtrOPsIVHXHJuJAAGI3LveTlj5kMSSQDuy/p8fj5K2nUPys2R/te2CsQxDY1yHAMwfYWqx7bFI1Fb6i4GMGbUMvsdd6iiiSIscQnU1CJvKhGRvr4ABt5IeP2MHTTfPhc= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-02-08T14:00:05Z" - mac: ENC[AES256_GCM,data:E/VDvnHvE1CjjR4uYo0LS3dNo8uEG3Cp4IEp/WIWPDSAYWfCiMMGQSwXQCmFtZyjhQ+0Ve+nbfzsmXTNfCobzadStzA938uvT3L1i/hGpUne0CBCninyRERd0h8jkzbs2l9kDFMDIQEEkSet0OfRVg3yl0956o06ocQzcdd9jWY=,iv:iq44FBwxVud/1KYkWodQEdrXjHnn0VBnMlAlbfdkIl0=,tag:6n/kYOqwtgExIdLtD7MCiQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/config/clusters/callysto/support.values.yaml b/config/clusters/callysto/support.values.yaml deleted file mode 100644 index 82f9b12ede..0000000000 --- a/config/clusters/callysto/support.values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -prometheusIngressAuthSecret: - enabled: true - -prometheus: - server: - ingress: - enabled: true - hosts: - - prometheus.callysto.2i2c.cloud - tls: - - secretName: prometheus-tls - hosts: - - prometheus.callysto.2i2c.cloud - -grafana: - grafana.ini: - server: - root_url: https://grafana.callysto.2i2c.cloud/ - auth.github: - enabled: true - allowed_organizations: 2i2c-org - ingress: - hosts: - - grafana.callysto.2i2c.cloud - tls: - - secretName: grafana-tls - hosts: - - grafana.callysto.2i2c.cloud From cdc8f5482963b4366297846f0537bf36703e749f Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 27 Feb 2024 13:30:24 +0000 Subject: [PATCH 462/494] Remove cluster from workflow files --- .github/workflows/deploy-grafana-dashboards.yaml | 1 - .github/workflows/deploy-hubs.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/deploy-grafana-dashboards.yaml b/.github/workflows/deploy-grafana-dashboards.yaml index 208772c51d..d161d8bcf0 100644 --- a/.github/workflows/deploy-grafana-dashboards.yaml +++ b/.github/workflows/deploy-grafana-dashboards.yaml @@ -15,7 +15,6 @@ jobs: - cluster_name: 2i2c-aws-us - cluster_name: 2i2c-uk - cluster_name: awi-ciroh - - cluster_name: callysto - cluster_name: catalystproject-africa - cluster_name: catalystproject-latam - cluster_name: cloudbank diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml index c2ae2ff399..e32014b434 100644 --- a/.github/workflows/deploy-hubs.yaml +++ b/.github/workflows/deploy-hubs.yaml @@ -190,7 +190,6 @@ jobs: failure_utoronto: "${{ env.failure_utoronto }}" failure_linked-earth: "${{ env.failure_linked-earth }}" failure_awi-ciroh: "${{ env.failure_awi-ciroh }}" - failure_callysto: "${{ env.failure_callysto }}" failure_nasa-cryo: "${{ env.failure_nasa-cryo }}" failure_gridsst: "${{ env.failure_gridsst }}" failure_victor: "${{ env.failure_victor }}" From fd81abfb19d2768fcecd1411e65f59cc85058aae Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 27 Feb 2024 13:31:24 +0000 Subject: [PATCH 463/494] Delete the terraform project values file --- terraform/gcp/projects/callysto.tfvars | 39 -------------------------- 1 file changed, 39 deletions(-) delete mode 100644 terraform/gcp/projects/callysto.tfvars diff --git a/terraform/gcp/projects/callysto.tfvars b/terraform/gcp/projects/callysto.tfvars deleted file mode 100644 index 5a90ec389d..0000000000 --- a/terraform/gcp/projects/callysto.tfvars +++ /dev/null @@ -1,39 +0,0 @@ -prefix = "callysto" -project_id = "callysto-202316" - -zone = "northamerica-northeast1-b" -region = "northamerica-northeast1" -regional_cluster = true - -k8s_versions = { - min_master_version : "1.27.4-gke.900", - core_nodes_version : "1.27.4-gke.900", - notebook_nodes_version : "1.27.4-gke.900", -} - -core_node_machine_type = "n2-highmem-2" -enable_network_policy = true - -# Setup a filestore for in-cluster NFS -enable_filestore = true -filestore_capacity_gb = 1024 - -notebook_nodes = { - "n2-highmem-4" : { - min : 0, - max : 100, - machine_type : "n2-highmem-4", - }, - "n2-highmem-16" : { - min : 0, - max : 100, - machine_type : "n2-highmem-16", - }, - "n2-highmem-64" : { - min : 0, - max : 100, - machine_type : "n2-highmem-64", - } -} - -user_buckets = {} From 9c1656b0d8cdbf9842a9c83ba3e00e1dec300c6b Mon Sep 17 00:00:00 2001 From: Sarah Gibson Date: Tue, 27 Feb 2024 13:37:43 +0000 Subject: [PATCH 464/494] Update the hub decommission issue template --- .github/ISSUE_TEMPLATE/3_decommission-hub.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/3_decommission-hub.md b/.github/ISSUE_TEMPLATE/3_decommission-hub.md index afd0e2f2ac..6f67073dde 100644 --- a/.github/ISSUE_TEMPLATE/3_decommission-hub.md +++ b/.github/ISSUE_TEMPLATE/3_decommission-hub.md @@ -40,18 +40,19 @@ Usually, it is because it was a hub that we created for a workshop/conference an - [ ] Remove the hub deployment - `helm --namespace HUB_NAME delete HUB_NAME` - `kubectl delete namespace HUB_NAME` + - TIP: Run `deployer use-cluster-credentials ` before running the above commands #### Phase III - Cluster Removal _This phase is only necessary for single hub clusters._ - [ ] Remove the cluster's datasource from the central Grafana with: - - `deployer grafana central-ds remove CLUSTER_NAME` + - `deployer grafana central-ds remove ` - [ ] Run `terraform plan -destroy` and `terraform apply` from the [appropriate workspace](https://infrastructure.2i2c.org/en/latest/topic/terraform.html#workspaces), to destroy the cluster - [ ] Delete the terraform workspace: `terraform workspace delete ` +- [ ] Delete the terraform values file under the `projects` folder associated with the relevant cloud provider (e.g. `terraform/gcp/projects/` for GCP) - [ ] Remove the associated `config/clusters/` directory and all its contents - Remove the cluster from CI: - [ ] [`deploy-hubs.yaml`](https://github.com/2i2c-org/infrastructure/blob/HEAD/.github/workflows/deploy-hubs.yaml) - - [ ] [`validate-clusters.yaml`](https://github.com/2i2c-org/infrastructure/blob/HEAD/.github/workflows/validate-clusters.yaml) -- [ ] Remove the cluster from the list of grafana datasources at https://grafana.pilot.2i2c.cloud/datasources + - [ ] [`deploy-grafana-dashboards.yaml`](https://github.com/2i2c-org/infrastructure/blob/HEAD/.github/workflows/deploy-grafana-dashboards.yaml) - [ ] Remove A record from Namecheap account From 70eb10bdf71c97d3fe0e36f85b0a7de52677050e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 27 Feb 2024 16:13:50 +0100 Subject: [PATCH 465/494] Fix override of shared-readwrite mounting config basehub defines the list `custom.singleuserAdmin.extraVolumeMounts` and provides two entries to it. If a hub re-specifies this list with a single new entry, it will end up overriding entire list, making the two entries defined by default be lost. This is a challenge with using helm values that are list, they combine by replacing eachother rather than appending to each other. Due to that, whenever we want to add a mount, we need to re-specify the mounts that are in the list by default. This commit impacts the following cluster, hubs: - 2i2c-uk, lis - 2i2c, climatematch - leap, staging and prod --- config/clusters/2i2c-uk/lis.values.yaml | 13 +++++++++++-- config/clusters/2i2c/climatematch.values.yaml | 9 +++++++++ config/clusters/leap/common.values.yaml | 9 +++++++++ docs/topic/infrastructure/storage-layer.md | 9 +++++++++ 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/config/clusters/2i2c-uk/lis.values.yaml b/config/clusters/2i2c-uk/lis.values.yaml index 5bde916670..0d0940d02e 100644 --- a/config/clusters/2i2c-uk/lis.values.yaml +++ b/config/clusters/2i2c-uk/lis.values.yaml @@ -33,13 +33,22 @@ jupyterhub: funded_by: name: London Interdisciplinary School url: https://www.lis.ac.uk - # Extra mount point for admins to access to all users' home dirs - # Ref https://2i2c.freshdesk.com/a/tickets/228 singleuserAdmin: extraVolumeMounts: + # /allusers is an extra mount point for admins to access to all users' + # home dirs, ref: https://2i2c.freshdesk.com/a/tickets/228. - name: home mountPath: /home/jovyan/allusers readOnly: false + # mounts below are copied from basehub's values that we override by + # specifying extraVolumeMounts (lists get overridden when helm values + # are combined) + - name: home + mountPath: /home/jovyan/shared-readwrite + subPath: _shared + - name: home + mountPath: /home/rstudio/shared-readwrite + subPath: _shared singleuser: image: # https://hub.docker.com/r/lisacuk/lishub-base diff --git a/config/clusters/2i2c/climatematch.values.yaml b/config/clusters/2i2c/climatematch.values.yaml index 6c9be7e9ed..746ad3efef 100644 --- a/config/clusters/2i2c/climatematch.values.yaml +++ b/config/clusters/2i2c/climatematch.values.yaml @@ -52,6 +52,15 @@ jupyterhub: - name: home mountPath: /home/jovyan/allusers readOnly: true + # mounts below are copied from basehub's values that we override by + # specifying extraVolumeMounts (lists get overridden when helm values + # are combined) + - name: home + mountPath: /home/jovyan/shared-readwrite + subPath: _shared + - name: home + mountPath: /home/rstudio/shared-readwrite + subPath: _shared 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" diff --git a/config/clusters/leap/common.values.yaml b/config/clusters/leap/common.values.yaml index 9681aaa7a8..f2ffeeee04 100644 --- a/config/clusters/leap/common.values.yaml +++ b/config/clusters/leap/common.values.yaml @@ -18,6 +18,15 @@ basehub: - name: home mountPath: /home/jovyan/allusers readOnly: true + # mounts below are copied from basehub's values that we override by + # specifying extraVolumeMounts (lists get overridden when helm values + # are combined) + - name: home + mountPath: /home/jovyan/shared-readwrite + subPath: _shared + - name: home + mountPath: /home/rstudio/shared-readwrite + subPath: _shared 2i2c: add_staff_user_ids_to_admin_users: true add_staff_user_ids_of_type: "github" diff --git a/docs/topic/infrastructure/storage-layer.md b/docs/topic/infrastructure/storage-layer.md index 8a023924c8..ec7570357b 100644 --- a/docs/topic/infrastructure/storage-layer.md +++ b/docs/topic/infrastructure/storage-layer.md @@ -87,6 +87,15 @@ jupyterhub: mountPath: /home/jovyan/allusers # Uncomment the line below to make the directory readonly for admins # readOnly: true + # mounts below are copied from basehub's values that we override by + # specifying extraVolumeMounts (lists get overridden when helm values + # are combined) + - name: home + mountPath: /home/jovyan/shared-readwrite + subPath: _shared + - name: home + mountPath: /home/rstudio/shared-readwrite + subPath: _shared ``` #### A `shared-public` directory From e9023d7befb0ce8544a0d694ec7829b360328538 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 10:46:23 +0200 Subject: [PATCH 466/494] Rm unexistent feature docs --- docs/howto/features/buckets.md | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/docs/howto/features/buckets.md b/docs/howto/features/buckets.md index b3a8a85fbb..c7150fb67d 100644 --- a/docs/howto/features/buckets.md +++ b/docs/howto/features/buckets.md @@ -106,35 +106,6 @@ user_buckets = { } ``` -## Enabling Requester Pays flag on buckets - -Some hubs want to expose a particular bucket to the broad internet -but not be billed for the charges associated with making and executing the -requests on this bucket. - -By enabling the [Requester Pays flag](https://cloud.google.com/storage/docs/using-requester-pays#using), -the requesters are required to include a billing project in their requests, -which will mean that the billing will happen on the requester's project. - -Enabling Requester Pays is useful, for example, if the communities have a lot -of data that they want to make available to others, but don't want to be -charged for their access to that data. - -This can be enabled by setting the `requester_pays` parameter in `user_buckets` -for the appropriate bucket, and running `terraform apply`. - -Example: - -```terraform -user_buckets = { - "persistent": { - "delete_after": null, - "public_access": true, - "requester_pays": true - } -} -``` - ## Enable access logs for objects in a bucket ### GCP From df351740deadbf35e27a85e9317dcc32f89719a6 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 10:46:35 +0200 Subject: [PATCH 467/494] Reference howto docs --- docs/topic/features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/topic/features.md b/docs/topic/features.md index 8d04616eab..e121d8096b 100644 --- a/docs/topic/features.md +++ b/docs/topic/features.md @@ -39,7 +39,7 @@ on Google Cloud storage, to sustainably share costs of maintaining the data. If buckets outside the project have the `Requester Payes` flag, then we need to: - set `hub_cloud_permissions.allow_access_to_external_requester_pays_buckets` - in the terraform config of the cluster + in the terraform config of the cluster (see the guide at [](howto:features:cloud-access:access-perms)) - this will allow them to be charged on their project for access of such outside buckets From 92d1bba4fe2ca8d6009dcbfcd0e983b159cd1d0b Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 10:50:25 +0200 Subject: [PATCH 468/494] Rename var in one more place --- docs/howto/features/cloud-access.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/howto/features/cloud-access.md b/docs/howto/features/cloud-access.md index 7b50a3c273..169ac0a000 100644 --- a/docs/howto/features/cloud-access.md +++ b/docs/howto/features/cloud-access.md @@ -42,7 +42,7 @@ This AWS IAM Role is managed via terraform. ``` hub_cloud_permissions = { "": { - allow_access_to_requestor_pays_buckets : true, + "allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["bucket-1", "bucket-2"] hub_namespace : "" } @@ -55,7 +55,7 @@ This AWS IAM Role is managed via terraform. and the cluster name together can't be more than 29 characters. `terraform` will complain if you go over this limit, so in general just use the name of the hub and shorten it only if `terraform` complains. - 2. (GCP only) `allow_access_to_requestor_pays_buckets` enables permissions for user pods and dask worker + 2. (GCP only) `allow_access_to_external_requester_pays_buckets` enables permissions for user pods and dask worker pods to identify as the project while making requests to other Google Cloud Storage buckets, outside of this project, that have 'Requester Pays' enabled. More details [here](topic:features:cloud:gcp:requestor-pays). 3. `bucket_admin_access` lists bucket names (as specified in `user_buckets` From 59fc657603dae76ad9d11563b53849f1f3c96471 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 11:00:13 +0200 Subject: [PATCH 469/494] Rm quote --- docs/howto/features/cloud-access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/features/cloud-access.md b/docs/howto/features/cloud-access.md index 169ac0a000..c9efc4f048 100644 --- a/docs/howto/features/cloud-access.md +++ b/docs/howto/features/cloud-access.md @@ -42,7 +42,7 @@ This AWS IAM Role is managed via terraform. ``` hub_cloud_permissions = { "": { - "allow_access_to_external_requester_pays_buckets : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["bucket-1", "bucket-2"] hub_namespace : "" } From 60b58e89683c29345b0b2d9d36ee74827d6417a2 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 11:02:43 +0200 Subject: [PATCH 470/494] Rename docs ref --- docs/howto/features/cloud-access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/howto/features/cloud-access.md b/docs/howto/features/cloud-access.md index c9efc4f048..2a80e2d1bb 100644 --- a/docs/howto/features/cloud-access.md +++ b/docs/howto/features/cloud-access.md @@ -57,7 +57,7 @@ This AWS IAM Role is managed via terraform. of the hub and shorten it only if `terraform` complains. 2. (GCP only) `allow_access_to_external_requester_pays_buckets` enables permissions for user pods and dask worker pods to identify as the project while making requests to other Google Cloud Storage - buckets, outside of this project, that have 'Requester Pays' enabled. More details [here](topic:features:cloud:gcp:requestor-pays). + buckets, outside of this project, that have 'Requester Pays' enabled. More details [here](topic:features:cloud:gcp:requester-pays). 3. `bucket_admin_access` lists bucket names (as specified in `user_buckets` terraform variable) all users on this hub should have full read/write access to. Used along with the [user_buckets](howto:features:storage-buckets) From 2a04cbc23a01742e016b012432fbd50bf519c40e Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 11:05:07 +0200 Subject: [PATCH 471/494] Rename requester in one more terraform config --- terraform/gcp/workload-identity.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/gcp/workload-identity.tf b/terraform/gcp/workload-identity.tf index 99e907c74e..72aca9a19d 100644 --- a/terraform/gcp/workload-identity.tf +++ b/terraform/gcp/workload-identity.tf @@ -47,7 +47,7 @@ resource "google_project_iam_custom_role" "requestor_pays" { } resource "google_project_iam_member" "requestor_pays_binding" { - for_each = toset([for hub_name, permissions in var.hub_cloud_permissions : hub_name if permissions.requestor_pays]) + for_each = toset([for hub_name, permissions in var.hub_cloud_permissions : hub_name if permissions.allow_access_to_external_requester_pays_buckets]) project = var.project_id role = google_project_iam_custom_role.requestor_pays.name member = "serviceAccount:${google_service_account.workload_sa[each.value].email}" From f8c23e03d481ba2484acd3dc4a5f91047650cf35 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 13:43:37 +0200 Subject: [PATCH 472/494] Rm undifinded requestor_pays var from aws terraform config --- terraform/aws/projects/2i2c-aws-us.tfvars | 6 ------ terraform/aws/projects/catalystproject-africa.tfvars | 2 -- terraform/aws/projects/earthscope.tfvars | 2 -- terraform/aws/projects/gridsst.tfvars | 2 -- terraform/aws/projects/jupyter-meets-the-earth.tfvars | 2 -- terraform/aws/projects/nasa-cryo.tfvars | 2 -- terraform/aws/projects/nasa-esdis.tfvars | 2 -- terraform/aws/projects/nasa-ghg.tfvars | 2 -- terraform/aws/projects/nasa-veda.tfvars | 2 -- terraform/aws/projects/openscapes.tfvars | 2 -- terraform/aws/projects/smithsonian.tfvars | 2 -- terraform/aws/projects/template.tfvars | 2 -- terraform/aws/projects/ubc-eoas.tfvars | 2 -- terraform/aws/projects/victor.tfvars | 2 -- 14 files changed, 32 deletions(-) diff --git a/terraform/aws/projects/2i2c-aws-us.tfvars b/terraform/aws/projects/2i2c-aws-us.tfvars index cf56c5e671..a9a3a0cf3d 100644 --- a/terraform/aws/projects/2i2c-aws-us.tfvars +++ b/terraform/aws/projects/2i2c-aws-us.tfvars @@ -31,17 +31,14 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "dask-staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-dask-staging"], extra_iam_policy : "" }, "showcase" : { - requestor_pays : true, bucket_admin_access : [ "scratch-researchdelight", "persistent-showcase" @@ -49,17 +46,14 @@ hub_cloud_permissions = { extra_iam_policy : "" }, "ncar-cisl" : { - requestor_pays : true, bucket_admin_access : ["scratch-ncar-cisl"], extra_iam_policy : "" }, "go-bgc" : { - requestor_pays : true, bucket_admin_access : ["scratch-go-bgc"], extra_iam_policy : "" }, "itcoocean" : { - requestor_pays : true, bucket_admin_access : ["scratch-itcoocean"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/catalystproject-africa.tfvars b/terraform/aws/projects/catalystproject-africa.tfvars index 70efd99f76..728f18a381 100644 --- a/terraform/aws/projects/catalystproject-africa.tfvars +++ b/terraform/aws/projects/catalystproject-africa.tfvars @@ -16,12 +16,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/earthscope.tfvars b/terraform/aws/projects/earthscope.tfvars index 57aeb6fbf9..688977269b 100644 --- a/terraform/aws/projects/earthscope.tfvars +++ b/terraform/aws/projects/earthscope.tfvars @@ -16,12 +16,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/gridsst.tfvars b/terraform/aws/projects/gridsst.tfvars index e13b2f1a05..74680c5fcd 100644 --- a/terraform/aws/projects/gridsst.tfvars +++ b/terraform/aws/projects/gridsst.tfvars @@ -16,12 +16,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/jupyter-meets-the-earth.tfvars b/terraform/aws/projects/jupyter-meets-the-earth.tfvars index 90615a14a9..73a5a38797 100644 --- a/terraform/aws/projects/jupyter-meets-the-earth.tfvars +++ b/terraform/aws/projects/jupyter-meets-the-earth.tfvars @@ -16,7 +16,6 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], # FIXME: Previously, users were granted full S3 permissions. # Keep it the same for now @@ -34,7 +33,6 @@ hub_cloud_permissions = { EOT }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], # FIXME: Previously, users were granted full S3 permissions. # Keep it the same for now diff --git a/terraform/aws/projects/nasa-cryo.tfvars b/terraform/aws/projects/nasa-cryo.tfvars index 1f45519983..72197c009d 100644 --- a/terraform/aws/projects/nasa-cryo.tfvars +++ b/terraform/aws/projects/nasa-cryo.tfvars @@ -22,7 +22,6 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging", "persistent-staging"], # Provides readonly requestor-pays access to usgs-landsat bucket # FIXME: We should find a way to allow access to *all* requester pays @@ -57,7 +56,6 @@ hub_cloud_permissions = { EOT }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch", "persistent"], # Provides readonly requestor-pays access to usgs-landsat bucket # FIXME: We should find a way to allow access to *all* requester pays diff --git a/terraform/aws/projects/nasa-esdis.tfvars b/terraform/aws/projects/nasa-esdis.tfvars index 186632f934..d97271f449 100644 --- a/terraform/aws/projects/nasa-esdis.tfvars +++ b/terraform/aws/projects/nasa-esdis.tfvars @@ -16,12 +16,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/nasa-ghg.tfvars b/terraform/aws/projects/nasa-ghg.tfvars index bc09d26c26..831205b98e 100644 --- a/terraform/aws/projects/nasa-ghg.tfvars +++ b/terraform/aws/projects/nasa-ghg.tfvars @@ -16,7 +16,6 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : <<-EOT { @@ -70,7 +69,6 @@ hub_cloud_permissions = { EOT }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : <<-EOT { diff --git a/terraform/aws/projects/nasa-veda.tfvars b/terraform/aws/projects/nasa-veda.tfvars index a06e4796ae..e1542d44af 100644 --- a/terraform/aws/projects/nasa-veda.tfvars +++ b/terraform/aws/projects/nasa-veda.tfvars @@ -16,7 +16,6 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : <<-EOT { @@ -71,7 +70,6 @@ hub_cloud_permissions = { EOT }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : <<-EOT { diff --git a/terraform/aws/projects/openscapes.tfvars b/terraform/aws/projects/openscapes.tfvars index 80a1e287b2..77d86e6ee1 100644 --- a/terraform/aws/projects/openscapes.tfvars +++ b/terraform/aws/projects/openscapes.tfvars @@ -19,12 +19,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/smithsonian.tfvars b/terraform/aws/projects/smithsonian.tfvars index 65acdb6510..1ec655e8e7 100644 --- a/terraform/aws/projects/smithsonian.tfvars +++ b/terraform/aws/projects/smithsonian.tfvars @@ -13,12 +13,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/template.tfvars b/terraform/aws/projects/template.tfvars index bb0ff4344f..20f703b97e 100644 --- a/terraform/aws/projects/template.tfvars +++ b/terraform/aws/projects/template.tfvars @@ -16,12 +16,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/ubc-eoas.tfvars b/terraform/aws/projects/ubc-eoas.tfvars index c3cba2162d..f38abdf057 100644 --- a/terraform/aws/projects/ubc-eoas.tfvars +++ b/terraform/aws/projects/ubc-eoas.tfvars @@ -16,12 +16,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, diff --git a/terraform/aws/projects/victor.tfvars b/terraform/aws/projects/victor.tfvars index ec4b6dcffd..f6237fe892 100644 --- a/terraform/aws/projects/victor.tfvars +++ b/terraform/aws/projects/victor.tfvars @@ -16,12 +16,10 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, bucket_admin_access : ["scratch-staging"], extra_iam_policy : "" }, "prod" : { - requestor_pays : true, bucket_admin_access : ["scratch"], extra_iam_policy : "" }, From d703d8bdcc71a079542e9da87f4566055908b65b Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 13:44:02 +0200 Subject: [PATCH 473/494] Rename terraform var in projects --- terraform/gcp/projects/awi-ciroh.tfvars | 4 ++-- terraform/gcp/projects/daskhub-template.tfvars | 2 +- terraform/gcp/projects/leap.tfvars | 4 ++-- terraform/gcp/projects/linked-earth.tfvars | 4 ++-- terraform/gcp/projects/meom-ige.tfvars | 4 ++-- terraform/gcp/projects/pangeo-hubs.tfvars | 6 +++--- terraform/gcp/projects/pilot-hubs.tfvars | 8 ++++---- terraform/gcp/projects/qcl.tfvars | 4 ++-- terraform/gcp/variables.tf | 2 +- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/gcp/projects/awi-ciroh.tfvars b/terraform/gcp/projects/awi-ciroh.tfvars index 5a6a6ebe94..1a4cd55562 100644 --- a/terraform/gcp/projects/awi-ciroh.tfvars +++ b/terraform/gcp/projects/awi-ciroh.tfvars @@ -63,12 +63,12 @@ dask_nodes = { hub_cloud_permissions = { "staging" : { - requestor_pays : false, + allow_access_to_external_requester_pays_buckets : false, bucket_admin_access : ["scratch-staging", "persistent-staging"], hub_namespace : "staging" }, "prod" : { - requestor_pays : false, + allow_access_to_external_requester_pays_buckets : false, bucket_admin_access : ["scratch", "persistent"], hub_namespace : "prod" } diff --git a/terraform/gcp/projects/daskhub-template.tfvars b/terraform/gcp/projects/daskhub-template.tfvars index 1bcf3e668a..76364e6ddd 100644 --- a/terraform/gcp/projects/daskhub-template.tfvars +++ b/terraform/gcp/projects/daskhub-template.tfvars @@ -33,7 +33,7 @@ user_buckets = { hub_cloud_permissions = { "{{ hub_name }}" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["scratch-{{ hub_name }}"], hub_namespace : "{{ hub_name }}" }, diff --git a/terraform/gcp/projects/leap.tfvars b/terraform/gcp/projects/leap.tfvars index f2862cdb2e..4fca26bb32 100644 --- a/terraform/gcp/projects/leap.tfvars +++ b/terraform/gcp/projects/leap.tfvars @@ -60,13 +60,13 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["scratch-staging", "persistent-staging"], bucket_readonly_access : ["persistent-ro-staging"], hub_namespace : "staging" }, "prod" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["scratch", "persistent"], bucket_readonly_access : ["persistent-ro"], hub_namespace : "prod" diff --git a/terraform/gcp/projects/linked-earth.tfvars b/terraform/gcp/projects/linked-earth.tfvars index 4234fb37a8..86678d6f2f 100644 --- a/terraform/gcp/projects/linked-earth.tfvars +++ b/terraform/gcp/projects/linked-earth.tfvars @@ -61,12 +61,12 @@ dask_nodes = { hub_cloud_permissions = { "staging" : { - requestor_pays : false, + allow_access_to_external_requester_pays_buckets : false, bucket_admin_access : ["scratch-staging"], hub_namespace : "staging" }, "prod" : { - requestor_pays : false, + allow_access_to_external_requester_pays_buckets : false, bucket_admin_access : ["scratch"], hub_namespace : "prod" } diff --git a/terraform/gcp/projects/meom-ige.tfvars b/terraform/gcp/projects/meom-ige.tfvars index 3c25ebda9a..f76778880f 100644 --- a/terraform/gcp/projects/meom-ige.tfvars +++ b/terraform/gcp/projects/meom-ige.tfvars @@ -81,12 +81,12 @@ user_buckets = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["scratch", "data"], hub_namespace : "staging" }, "prod" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["scratch", "data"], hub_namespace : "prod" } diff --git a/terraform/gcp/projects/pangeo-hubs.tfvars b/terraform/gcp/projects/pangeo-hubs.tfvars index 9277761bbd..ddcd8bd49b 100644 --- a/terraform/gcp/projects/pangeo-hubs.tfvars +++ b/terraform/gcp/projects/pangeo-hubs.tfvars @@ -109,17 +109,17 @@ dask_nodes = { hub_cloud_permissions = { "staging" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["scratch-staging"], hub_namespace : "staging" }, "prod" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["scratch"], hub_namespace : "prod" }, "coessing" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["coessing-scratch"], hub_namespace : "coessing" }, diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 620d8119a0..02d3769aac 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -58,23 +58,23 @@ user_buckets = { hub_cloud_permissions = { "dask-staging" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : [], hub_namespace : "dask-staging" }, "ohw" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : [], hub_namespace : "ohw" }, # Can't use full name here as it violates line length restriction of service account id "catalyst-coop" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : [], hub_namespace : "catalyst-cooperative" }, "jackeddy" : { - requestor_pays : true, + allow_access_to_external_requester_pays_buckets : true, bucket_admin_access : ["jackeddy-scratch"], hub_namespace : "jackeddy" }, diff --git a/terraform/gcp/projects/qcl.tfvars b/terraform/gcp/projects/qcl.tfvars index 1433331606..a39144325e 100644 --- a/terraform/gcp/projects/qcl.tfvars +++ b/terraform/gcp/projects/qcl.tfvars @@ -66,12 +66,12 @@ notebook_nodes = { hub_cloud_permissions = { "staging" : { - requestor_pays : false, + allow_access_to_external_requester_pays_buckets : false, bucket_admin_access : ["scratch-staging"], hub_namespace : "staging" }, "prod" : { - requestor_pays : false, + allow_access_to_external_requester_pays_buckets : false, bucket_admin_access : ["scratch"], hub_namespace : "prod" } diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index f842bec480..0a514ed612 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -416,7 +416,7 @@ variable "hub_cloud_permissions" { 1. allow_access_to_external_requester_pays_buckets: Allow code running in user servers from this hub to identify as coming from this particular GCP project when accessing GCS buckets - marked as 'requestor_pays'. In this case, the egress costs will + marked as 'Requester Pays'. In this case, the egress costs will be borne by the project *containing the hub*, rather than the project *containing the bucket*. Egress costs can get quite expensive, so this is 'opt-in'. 2. bucket_admin_access: List of GCS storage buckets that users on this hub should have read From 248381336a5a35a8af6eafa5e017a8d5fc5b5e97 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 14:08:06 +0200 Subject: [PATCH 474/494] Link to issue --- docs/topic/features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/topic/features.md b/docs/topic/features.md index e121d8096b..5206241489 100644 --- a/docs/topic/features.md +++ b/docs/topic/features.md @@ -54,7 +54,7 @@ Hence, this is an opt-in feature. The buckets that we set for communities, inside their projects can also have this flag enabled on them, which means that other people outside will be charged for their usage. ```{warning} -This is not supported yet by our terraform. Follow (todo: insert issue link) for when support will be added. +This is not supported yet by our terraform. Follow https://github.com/2i2c-org/infrastructure/issues/3746 to check when support will be added. ``` (topic:features:cloud:scratch-buckets)= From 7bdb40795cb437696adf52a8dc10e57b8e233197 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 14:21:26 +0200 Subject: [PATCH 475/494] Add warning about allow_access_to_external_requester_pays_buckets not being supported on aws --- docs/howto/features/cloud-access.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/howto/features/cloud-access.md b/docs/howto/features/cloud-access.md index 2a80e2d1bb..a284e6edf2 100644 --- a/docs/howto/features/cloud-access.md +++ b/docs/howto/features/cloud-access.md @@ -39,7 +39,10 @@ This AWS IAM Role is managed via terraform. create (or modify) the `hub_cloud_permissions` variable. The config is like: - ``` + `````{tab-set} + ````{tab-item} GCP + :sync: gcp-key + ```yaml hub_cloud_permissions = { "": { allow_access_to_external_requester_pays_buckets : true, @@ -48,7 +51,24 @@ This AWS IAM Role is managed via terraform. } } ``` + ```` + + ````{tab-item} AWS + :sync: aws-key + ```bash + hub_cloud_permissions = { + "": { + bucket_admin_access : ["bucket-1", "bucket-2"] + hub_namespace : "" + } + } + ``` + ```` + ````` + ```{warning} + `allow_access_to_external_requester_pays_buckets` is not yet supported on AWS! + ``` where: 1. `` is the name of the hub, but restricted in length. This From 80143da1311ddaae9a5ffa6f7cbc42b76153b54c Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 28 Feb 2024 16:08:08 +0200 Subject: [PATCH 476/494] Move the warning higher-up --- docs/howto/features/cloud-access.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/howto/features/cloud-access.md b/docs/howto/features/cloud-access.md index a284e6edf2..7d3c07114d 100644 --- a/docs/howto/features/cloud-access.md +++ b/docs/howto/features/cloud-access.md @@ -36,8 +36,13 @@ This AWS IAM Role is managed via terraform. ## Enabling specific cloud access permissions 1. In the `.tfvars` file for the project in which this hub is based off - create (or modify) the `hub_cloud_permissions` variable. The config is - like: + create (or modify) the `hub_cloud_permissions` variable. + + ```{warning} + `allow_access_to_external_requester_pays_buckets` is not yet supported on AWS! + ``` + + The config is like: `````{tab-set} ````{tab-item} GCP @@ -66,9 +71,6 @@ This AWS IAM Role is managed via terraform. ```` ````` - ```{warning} - `allow_access_to_external_requester_pays_buckets` is not yet supported on AWS! - ``` where: 1. `` is the name of the hub, but restricted in length. This From c544d97fe1196f553aedc4fec8ab35ce72103249 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Wed, 28 Feb 2024 16:09:26 +0200 Subject: [PATCH 477/494] Rephrase for clarity Co-authored-by: Sarah Gibson <44771837+sgibson91@users.noreply.github.com> --- terraform/gcp/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index 435d85849d..530665756a 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -416,7 +416,7 @@ variable "hub_cloud_permissions" { permissions users running on those hubs should have. Currently supported are: 1. allow_access_to_external_requester_pays_buckets: Allow code running in user servers from this - hub to identify as coming from this particular GCP project when accessing GCS buckets + hub to identify as coming from this particular GCP project when accessing GCS buckets in other projects marked as 'Requester Pays'. In this case, the egress costs will be borne by the project *containing the hub*, rather than the project *containing the bucket*. Egress costs can get quite expensive, so this is 'opt-in'. From e9d5ceef3389ad66ca1dd22718c093f32681272f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 21:46:23 +0100 Subject: [PATCH 478/494] nasa smce clusters: re-generate deployer credentials --- .../enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-ghg/enc-deployer-credentials.secret.json | 14 +++++++------- .../nasa-veda/enc-deployer-credentials.secret.json | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json index 5368a3d083..9fbd8a5794 100644 --- a/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-esdis/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:qFl+zOe2m7SnHq0c9nSOap+942U=,iv:m19mljbHzK5JgN7dzTgv6HZ+ughWP1NgJixRJx87hXw=,tag:UqZcqL2l8qpn6cMkadIf9Q==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:dYcC/STqxXdamGsD2EXA0av1JhQawniFMxpwTrppUanrVxm6UEQsyQ==,iv:xmgUAqlHfgIiDK9GKV2ehGz+9eomwz76Ac+XAzghKos=,tag:O0f7rym0GLJYOWCXCAU7hA==,type:str]", - "UserName": "ENC[AES256_GCM,data:ckDpLNhDShNT10PvQAm9v+9AVx9ZSWk=,iv:PHNDSUAeoBeecRgEWLOrUjnNTd1pyyw6CzLWb/62DmU=,tag:yrl+cpujI9y0S4AQq8XkjA==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:psP/bPSRvG5KFa0IEtMRvDe1mGc=,iv:iDs1UK8XSYk0dhj61zQpOjRBKb3bu4iBJzyMOfdq1Mg=,tag:Rx1KttU/8zH5/KAnFcCTLQ==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:Re+uECrn6j2ekDmyIxL+3nrN0MqBxDgu6G0WTLFBWQKPCLpyG6VxFA==,iv:LZJl6TNA9m3brUOcqyM5ERIHAlrhuuH5kjklcpYf+5Y=,tag:xWdVeIbqJ4QyaHKJYYYIfw==,type:str]", + "UserName": "ENC[AES256_GCM,data:jhym6NDkEHaajZSuUUfiAL9yL4L6W/4=,iv:BOaMYnMv4SsEiPfFhSBsVpzNbW17b8Yo2/Iie3CHceE=,tag:uDsXiAVDeEe2KPg5cJUM6g==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-02-14T08:37:56Z", - "enc": "CiUA4OM7eI6f19C8pTp8BaZcdj00p3jDgRvefeB5v5VdgMIrmHAlEkkAXoW3JvAcx7P2IF4JUPEsq3itBPUjfKqOluTg+069G2tDwBdRUv+0lBYjv7EuSyRIbPNoLkMZHxfXCE7amiptD4jouY7UejUD" + "created_at": "2024-02-28T20:39:12Z", + "enc": "CiUA4OM7eAhtQrxUtxwRPUfj4q9kuqwS6sx7Oq2VgeruQJlzB6+qEkkAXoW3JjfBbEdZgUuuQzuS7JqLzD15Q612clR10c05wB3bTy03tOKKuStcFSo00Dlm3Z2HmZ5yvv2+rXkgt+e+viRf+DsPTEPh" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-02-14T08:37:56Z", - "mac": "ENC[AES256_GCM,data:ZcqsPCdH+dqcoEIl1PG/7t9ZWLEWdO5Ql4Li0UuffmEQ/5uDjsoemcS91z88M8WC33xm22BN3FbXzl7FlKroCg/rVbK81HS11Dnv2zuvs510rgcNXdQh8pEhXaesUQ208WTU1j0Yn614QrIs9fd+VOgqwkkUx7Hj4Fmq3x5Wz+Q=,iv:cIa4Dj5dyCAQ9ixCFn4fJo5fOrUYZY/eXUICh81a0sI=,tag:Gb4+ZGrPchM0xyRBaHUNIQ==,type:str]", + "lastmodified": "2024-02-28T20:39:13Z", + "mac": "ENC[AES256_GCM,data:rTYO5MHI5ZS9w0MelEu8OKsGtlzRvTuxQswDHHPOiz9HDlLeY2Gdrl6j20Ak7wPNfsQ7e0ThdU0tOZOb8zZ3T0bKQxJL8UwMT40zRQRu2FK2sBHm/ZOyRtsSGNXfoN/JTjzpAeHZBZ4BHh1G0MBBBQ5RkfttnCoQp8vYq//CVv0=,iv:CTMEgJi0FK4DJ2qbIpjYbBLCoq5IZEYc6GeUDm2Bs+M=,tag:Xk+Z3j1RLv4eahGLxRwnyA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json index b08974a6da..1d69d3b139 100644 --- a/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-ghg/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:Gt1qbIr5LxRbyiXAsatdrnoXKE0=,iv:anT4NC8bEs2MSCOkb3PL+j0EWteLGJz2dfSl5b30js4=,tag:0TJ8Uz29W+mrTgu8toFeDw==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:J9JP9vHVPA6FO9gpORDDdttpLmIEPO33p3YghRs7RYRuzx3jO7hghA==,iv:wdG0no8rWt2lhN+I1Sw/bJr1Fm7JLIJ/AttFhBCTy1E=,tag:mtdhCuQDDz5Dt5GscBKVaw==,type:str]", - "UserName": "ENC[AES256_GCM,data:3qXSpMQIG+hxZfTmEP18b8MbKIq9Qa8=,iv:Du4iyzxGWc92f2JIWZ2rnBxvquve28KYiKxSa3G3Nz0=,tag:U4pECdtiK5G8XMm5OzKbJQ==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:JkX9tVCub2vX0VinLhkjl2c6KeA=,iv:WFhy2SSx42q3pwZPiNeNmkF6k465lvylRB77ymi6dTE=,tag:RfZ2WXIpks6juotbdcIqcg==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:91eD31K/GzC/8BapUHdAgMZeAGPxlBbNYu99bCo0gKacL/mO17RcBQ==,iv:k6NN56F7KJ8aIel7vmV+3/RwDnJmEbNtP1laTFSWeCc=,tag:9MJpxCt/JbXlsX5dPjum9A==,type:str]", + "UserName": "ENC[AES256_GCM,data:G/+S+CnSM1+ZtM8ZFgieKnnJZ5HUAls=,iv:tYDBWoMu9Bl2H1q0+UchJq+JjCxyniAlAtb7FEEBjmI=,tag:jWVGh/6/tLu4CHzu3LoE0Q==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-02-14T08:37:35Z", - "enc": "CiUA4OM7eM5ZIXKj0JAXCpV7NLjQfnnLeUsxAoE5iX4w1HeQuaK2EkkAXoW3JuZcKpWFddOTHzGdV5hiwLyUqpsNzko+L7ydRFPPjmmc0SetkuqkeGG/chEsn7IbkDHUyUS4UAZ7qYNloZM2EA3leNG9" + "created_at": "2024-02-28T20:39:15Z", + "enc": "CiUA4OM7eDDxm3/aBXHrTXBCTmn7vg8Ps0d16T0COVBBjSAtCmn7EkkAXoW3JrXFkPG4Mo+P+hCaieWE1oDr7g72VsluhTxlJssLB8pGLhA662ugdXrOz3ai+GIGNf5MsE4EJ5pL8sdaZOjAORGp6wce" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-02-14T08:37:36Z", - "mac": "ENC[AES256_GCM,data:fBdPDUC9r04k/P1iPu36sTn6jtzaC1dRWDtxt/i9ry2Uimyt9dX7zK+hNUkgQsixrwKF2SDcw1+G7q3CYmjgt/sw/1uLoJBdkxU1teE/dommdj6hw63ZfSycDFoO4EG6SM2iieiNxl3ivN1/Kyg8lO9EAO//5uRu9hZANHtrKGw=,iv:JV+G/2NAiCd8zdM5pm9XgrOaeMk/AyVrB3ncqUAJPOw=,tag:CmWySDChnR+w5ZLU66XHJQ==,type:str]", + "lastmodified": "2024-02-28T20:39:15Z", + "mac": "ENC[AES256_GCM,data:f808UBO6BFjpVJZaqBN31bIV7Y5UkNsUyT+rLPY6vlz0kxtvU/7cWCs+zHeZIJ6S30A/3hBBB5d9n4tOAzl5WHfP+mKjuWP3m7y49+4PSwv2CHaYu7j7WydXYX3RW+oBA0nn7QILboAH0fiNeFK2R8cNX1xmaZvyTGNONpjUFCg=,iv:fvFiEWTZ0ts96yN2lj8Pwj3OJu5/ZYZaFpeIoxDhjsU=,tag:ZZT9za0Er5oIzwW/RyG1Mw==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" diff --git a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json index e50731607a..4beb65bf23 100644 --- a/config/clusters/nasa-veda/enc-deployer-credentials.secret.json +++ b/config/clusters/nasa-veda/enc-deployer-credentials.secret.json @@ -1,23 +1,23 @@ { "AccessKey": { - "AccessKeyId": "ENC[AES256_GCM,data:B//0d0fUA5I29nngWNCXIahCA0o=,iv:1FLf+0o43t45GXWx8hkpHSnHXymuSp2J4xnUepSzsWk=,tag:vFe7Y2Ox+kNgfCpaQ5l/Iw==,type:str]", - "SecretAccessKey": "ENC[AES256_GCM,data:zB5rgp05IVWbzd/ZF8zYc0PCy3hPeJO7DTtp5QzkeB9Up/zIbN6XrQ==,iv:usRkrMXk7ZuD52E6jaZJnqK9fejKFJhI7QOTAHmd1Hs=,tag:IgRRfLc2HhPCXbWpvMrVQA==,type:str]", - "UserName": "ENC[AES256_GCM,data:0ztpROiUhXLYefsxji94vPDsXU6J/M4=,iv:RHqWoHdWQdvdYzadQgbYHmkYbxPGAWPZrb7+i332jQA=,tag:k/ajOUWbKd/PZFdm13ZvXA==,type:str]" + "AccessKeyId": "ENC[AES256_GCM,data:5yk5O+FY3YJNJljPOPyZh294Hco=,iv:XetK6Ntaj94k00obidcNvOKCSs5OrJIttiwI/Tv6TNc=,tag:mNz2/fWhPOSlSJ0ZrPjS0A==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:/vumRn493v9jwHVOlFswSkOpOYjiqj+FLwoJpl2fP7sYE9YPASw2Jw==,iv:OOP1U8ICup/8pkqcnpk+17r+ZyFIZlyrJ6DO51+i9dg=,tag:V4zitB5sPN5FrrP4HcMk5A==,type:str]", + "UserName": "ENC[AES256_GCM,data:Dy0bxjbTQJcuui7QStEMNI/1kSUQ7YI=,iv:qLeUzBfOAYP230R+k59MEWo3rak+jngJwHjnWfZz9nI=,tag:2cpWcsUVDtuWpIPQksq8uA==,type:str]" }, "sops": { "kms": null, "gcp_kms": [ { "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", - "created_at": "2024-02-14T08:36:56Z", - "enc": "CiUA4OM7eDh9sk57G2y6Mib1AIKRFjkjL6sX9ZqzhXI504Uzhya6EkkAXoW3JlP/CCOgdK7FC9JBC6KXZsH9sgca8WG+T9tpjrS9CL/uROoHn9LiQNM0R/72LyDil99hbEdwWwLcLt0zf4bKk7k3QLQ7" + "created_at": "2024-02-28T20:39:18Z", + "enc": "CiUA4OM7eKgrM9YWf0ijMlp4MqI++ADksTeHayNa48wBiTCjqdmPEkkAXoW3Jocmt7VRlzbfpKVKuCP6T+NP1MPYAUCLIDq4dntM3vr07RSPx856FpVqcVv+LxL7hWlSw2jl8AIJxUyQqXO2CXCin5n4" } ], "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2024-02-14T08:36:57Z", - "mac": "ENC[AES256_GCM,data:UXLBG1lKAQl2UNb5QtBhHXZttfXpIyilC6XCVOQSN7zfO3dqPkRtZ8OKC54jp0Zs4+Fq5nGOPWhQhptCWFGDMKthFJ6uL4juVYuNOXbe6ouvSSCLKzdZKMXssgtp2GomU9MVR5SixEGXH3wrgQQvE7WCOUzDYGTdSYJkxJh9yRo=,iv:IlVFKWD4cC7nT5VGxnDbnBNctDtP1FgHKGG9sxNX/0I=,tag:0DhbeKEi84/Y1vRw5JVBWA==,type:str]", + "lastmodified": "2024-02-28T20:39:19Z", + "mac": "ENC[AES256_GCM,data:sX66V+TN1gtw2nDFxTeehhfHQpUEzK7t2923qiM4iTOQ71YmTriLfwTqIRE+FF6TvWJVxtJZOmr+R3RK9HJEhbeUfHt52g7yvYE5FXNWXsmI+95qTWARrysBm7N03pmuw29ByZdhSFNbSSAMcJkxxW3UXb4miapny6Lplk2SUFA=,iv:SDgh19N8y5P5gO9ebNCGZqXQ1Kvw0Xp1fc2+wp6wTSk=,tag:P69Yrjsq03hckp5dDTDP/g==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" From a710312bc9ae3743be664362b2080bd5e894327a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 22:10:53 +0100 Subject: [PATCH 479/494] nasa-esdis: add details to cluster.yaml --- config/clusters/nasa-esdis/cluster.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/clusters/nasa-esdis/cluster.yaml b/config/clusters/nasa-esdis/cluster.yaml index 6dd2d8407e..98d9b3ea09 100644 --- a/config/clusters/nasa-esdis/cluster.yaml +++ b/config/clusters/nasa-esdis/cluster.yaml @@ -1,5 +1,6 @@ name: nasa-esdis -provider: aws +provider: aws # https://smce-esdis-hub.signin.aws.amazon.com/console +account: smce-esdis-hub aws: key: enc-deployer-credentials.secret.json clusterType: eks From 429f9902cc973811f2009bd3a6196000d9e70820 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 22:38:09 +0100 Subject: [PATCH 480/494] basehub: add comment to prevent an issue from arising --- helm-charts/basehub/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index dde5aa20ba..888f1e2fd8 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -69,6 +69,14 @@ jupyterhub: singleuserAdmin: extraEnv: {} extraVolumeMounts: + # IMPORTANT: What is added to this list is copied to other locations + # that wants to add an element to this list. This is done + # because when Helm config files are merged, lists get + # replaced rather than appended. So, if this is to be + # updated, we should update all those copies as well. An easy + # to way find such copies is to search for "singleuserAdmin:" + # in this repo. + # - name: home mountPath: /home/jovyan/shared-readwrite subPath: _shared From e960441a65405406db7d9339ed0fdec8df975610 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Feb 2024 22:52:24 +0100 Subject: [PATCH 481/494] basehub: clarify why we don't need to chown shared-readwrite --- helm-charts/basehub/values.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index 888f1e2fd8..0a0679d1b6 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -222,6 +222,18 @@ jupyterhub: singleuser: # Need to explicitly fix ownership here, as otherwise these directories will be owned # by root on most NFS filesystems - neither EFS nor Google Filestore support anonuid + # + # This has to be done _once_ for each directory we mount _from_ the NFS + # server. We do it all the time since we don't know for sure it has been done once + # already. + # + # Note that we don't have to chown both the shared and shared-readwrite + # folder since they are both mounting the same folder on the NFS server. + # + # For details about this, see notes at: + # - https://github.com/2i2c-org/infrastructure/issues/2953#issuecomment-1672025545 + # - https://github.com/2i2c-org/infrastructure/issues/2946#issuecomment-1671691248 + # initContainers: - name: volume-mount-ownership-fix image: busybox:1.36.1 From 17243bab2b685abdaa89b5572071afb41c2d85c8 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Thu, 29 Feb 2024 18:21:32 +0200 Subject: [PATCH 482/494] Rm copy-pasted comments --- config/clusters/opensci/sciencecore.values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml index 25ea9056d3..93ababfe09 100644 --- a/config/clusters/opensci/sciencecore.values.yaml +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -108,7 +108,6 @@ jupyterhub: node.kubernetes.io/instance-type: r5.xlarge hub: - # Allows for multiple concurrent demos allowNamedServers: true services: binder: @@ -160,8 +159,6 @@ binderhub-service: BinderHub: base_url: /services/binder use_registry: true - # Re-uses the registry created for the `binderhub-staging` hub - # but pushes images under a different prefix image_prefix: quay.io/2i2c/opensci-sciencecore KubernetesBuildExecutor: # Get ourselves a newer repo2docker! From 52a47313ff147263fb698731c55a67283ac8bf82 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 29 Feb 2024 22:54:15 +0100 Subject: [PATCH 483/494] victor: fix deployer's grafana service account credentials --- config/clusters/victor/enc-grafana-token.secret.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/clusters/victor/enc-grafana-token.secret.yaml b/config/clusters/victor/enc-grafana-token.secret.yaml index 3feb7b36cb..e449050bcd 100644 --- a/config/clusters/victor/enc-grafana-token.secret.yaml +++ b/config/clusters/victor/enc-grafana-token.secret.yaml @@ -1,15 +1,15 @@ -grafana_token: ENC[AES256_GCM,data:Yu7cScQuAbZs4oKvaImqG1ESHKk7P6wWQn2EoN5A5LYOUK9VBCgApvHxk2NQl5W0LgNzWPhdOBef0BK2LmF7RwSV+1XVeIq3YTyjy4id+ukqn15CeFnu3Gq2qQM=,iv:RFAJsZqu5G4V1Cp9IrOS2f8ASJQMgHiZNRLqOadWTs4=,tag:uUpShf5F+ftdQqfhcoi5+Q==,type:str] +grafana_token: ENC[AES256_GCM,data:OTBQAgpyShzEm+eHfQJVtEr83tJf8psaFPkjqTPozEaRpMqCGG7a3hE4+h79/g==,iv:hN3AirWeW8IdHG76reiCyUl/91PgQyBWpCU8qZGiuMQ=,tag:e+QQnBwSz4sAO4bXSjJ8Wg==,type:str] sops: kms: [] gcp_kms: - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-11-07T15:23:55Z" - enc: CiQA4OM7eCbs52mBqdLkb3wr7m5ZiLV9dgZkhwwNNSBEizf4I/ASSQDuy/p8w13ge4Uz3wqQ0O7bqevUT5U0wZseugHVGpSfOT1kCuPHcvMY+Z4rsM7zEvCQSIx6E5Mynj10u4Qfn3DhiQ3DgOwbzg0= + created_at: "2024-02-29T21:51:08Z" + enc: CiUA4OM7eNjdvopHWnFtTnpID9wlVgIAwCva6LeATWpgvbD6J7VREkkAXoW3JpUHvVrB4am3g31cx/R/jYY/fzECxMnu2Q74CsSj6ZBQnogOpebaoFniyFkxFOTkoJKjC7FggJEufVHYcVOtpEwZjE3P azure_kv: [] hc_vault: [] age: [] - lastmodified: "2022-11-07T15:34:41Z" - mac: ENC[AES256_GCM,data:IjlnKN7F6A7yMFhLXEhePMhaWV9ObtWtiy2tyyHlCZWL/6SpKXmJ2pKyZgjgdvsQaOP204IpWdGnO83fQjEVybI1VpEWClah9kuCkNm4Roycr7YQo9vg6vTNXalBcVx9MszcACHo0cGf/QtSK4bd3puBkp59pC5/jIaJ+XGvx7w=,iv:TczwA2PGl/KR90BQ/pqKGCosPAbxEmYtGNl8LIHwRC0=,tag:s5Da4zddFgCjsRGEXkWsFw==,type:str] + lastmodified: "2024-02-29T21:51:08Z" + mac: ENC[AES256_GCM,data:h1MwQnXBeF6ge1BUhSfFLpicY3YLg2WK1wAVztEv6yfXf8kAVboPOFy0TBzToUXRmMqgSjcjXLOBoEIuuTjUNkseZjaZ1dRC3/z7XF8n2OzvaCaW6vR19LoKA4IrmWh4Agh8ImQ7ISFabN3MDpeJVOjx1xW83/pC4b1qYG+l88I=,iv:jqQ4U+ZZ22We+kbUFP/ZkOWEviybAZXDvou7pjEiPv0=,tag:0RK4MbWsJtUIHpxBw5BLJQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 From 660c1d0f443c28b38e64f1ed3b19ad288f861131 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 29 Feb 2024 15:52:25 -0800 Subject: [PATCH 484/494] Cleanup unused bits in the 2i2c shared cluster - Jackeddy has been decomissioned for a while - The agu binder was decomissioned but the associated GAR was not - The pilot hubs artifact registry has never been used --- .../2i2c/enc-jackeddy.secret.values.yaml | 21 ------------------- terraform/gcp/projects/pilot-hubs.tfvars | 19 +---------------- 2 files changed, 1 insertion(+), 39 deletions(-) delete mode 100644 config/clusters/2i2c/enc-jackeddy.secret.values.yaml diff --git a/config/clusters/2i2c/enc-jackeddy.secret.values.yaml b/config/clusters/2i2c/enc-jackeddy.secret.values.yaml deleted file mode 100644 index 1c4abeea5d..0000000000 --- a/config/clusters/2i2c/enc-jackeddy.secret.values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -basehub: - jupyterhub: - hub: - config: - GitHubOAuthenticator: - client_id: ENC[AES256_GCM,data:pKbFnP/2j9bmxIWDbD4XMNN1Cpo=,iv:P4YgHP1WS0a+XW7WFbHQyTYSVGPKDaPaYHwKRmID2cc=,tag:chrE50gZEijmqEeuLajU0g==,type:str] - client_secret: ENC[AES256_GCM,data:GAd2q3+beAdijK8i46h71G+ZpIxxJuSZ/NlRKi6hqgwBWwwbb6MNJg==,iv:XeMzu/XES1dxZ9BI3dPAk5nSL+JlBAhTzN/2OrVfMh4=,tag:AhQRDCZzkKmYiUTsOU4mVA==,type:str] -sops: - kms: [] - gcp_kms: - - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs - created_at: "2022-03-15T18:22:39Z" - enc: CiQA4OM7eDjl5gKH7+wzLKDVoI5KcuJ7gVfLlnQ05U9ztKRtBXISSQDm5XgWoRzJjQSuC+PEMk6t4P2YMxDK6dvnpVlojQkI4X3tlQcSPvq1m0JRKXOhcCT3EjvQiM2ZiU2hRB0u2ZbK8nRfw9cW4l8= - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-05-26T16:36:36Z" - mac: ENC[AES256_GCM,data:+cnN/SCe71LXhFQWMZrNLFRrRik0fgKkhy6iH3fe9CZTPioChPuyalx/l1WElMFx3ni9xEBul+eR6zsH2l+GKFForkAQZ85gUUl7FDZITwbtIqSFXM5idrhYKkN+yB/ky0WxflKO+6mhNRnuu9nTJ7F4/fPsniyJK/6MWO9sODs=,iv:1ACC55neHqNuhjENiNIZGnjFTSppMxYF+aE8uKZWGRY=,tag:sDUiw4Svh9B1R2z6AJKTzw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/terraform/gcp/projects/pilot-hubs.tfvars b/terraform/gcp/projects/pilot-hubs.tfvars index 02d3769aac..7473e425eb 100644 --- a/terraform/gcp/projects/pilot-hubs.tfvars +++ b/terraform/gcp/projects/pilot-hubs.tfvars @@ -49,11 +49,7 @@ dask_nodes = { }, } -user_buckets = { - "jackeddy-scratch" : { - "delete_after" : 7 - } -} +user_buckets = {} hub_cloud_permissions = { @@ -67,21 +63,8 @@ hub_cloud_permissions = { bucket_admin_access : [], hub_namespace : "ohw" }, - # Can't use full name here as it violates line length restriction of service account id - "catalyst-coop" : { - allow_access_to_external_requester_pays_buckets : true, - bucket_admin_access : [], - hub_namespace : "catalyst-cooperative" - }, - "jackeddy" : { - allow_access_to_external_requester_pays_buckets : true, - bucket_admin_access : ["jackeddy-scratch"], - hub_namespace : "jackeddy" - }, } container_repos = [ - "pilot-hubs", "binder-staging", - "agu-binder" ] From 723ca02629b06726088d3269e4d3e2034ea72739 Mon Sep 17 00:00:00 2001 From: "2i2c-token-generator-bot[bot]" <106546794+2i2c-token-generator-bot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 00:09:55 +0000 Subject: [PATCH 485/494] Bump charts ['prometheus', 'grafana', 'ingress-nginx', 'cluster-autoscaler'] to versions ['25.15.0', '7.3.3', '4.10.0', '9.35.0'], respectively --- helm-charts/support/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index 5a1891562c..e32d789408 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -15,13 +15,13 @@ dependencies: - name: prometheus # NOTE: CHECK INSTRUCTIONS UNDER prometheus.server.command IN support/values.yaml # EACH TIME THIS VERSION IS BUMPED! - version: 25.11.0 + version: 25.15.0 repository: https://prometheus-community.github.io/helm-charts # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 6.61.2 + version: 7.3.3 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from @@ -29,13 +29,13 @@ dependencies: # that references this controller. # https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx - name: ingress-nginx - version: 4.9.1 + version: 4.10.0 repository: https://kubernetes.github.io/ingress-nginx # cluster-autoscaler for k8s clusters where it doesn't come out of the box (EKS) # https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler - name: cluster-autoscaler - version: 9.34.1 + version: 9.35.0 repository: https://kubernetes.github.io/autoscaler condition: cluster-autoscaler.enabled From a34ba60780263782182b957e3ccceb0b35cf1403 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 01:37:12 +0000 Subject: [PATCH 486/494] Bump azure/setup-helm from 3 to 4 in /.github/actions/setup-deploy Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3 to 4. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/v3...v4) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/actions/setup-deploy/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml index e77402d8bb..96eddf9dc5 100644 --- a/.github/actions/setup-deploy/action.yaml +++ b/.github/actions/setup-deploy/action.yaml @@ -69,7 +69,7 @@ runs: shell: bash # This action use the github official cache mechanism internally - - uses: azure/setup-helm@v3 + - uses: azure/setup-helm@v4 with: # Manually update a pinning of helm to a minor version based on: # From 4d3c05b7a5345212f8c12986846546077998dfda Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 1 Mar 2024 07:06:40 +0100 Subject: [PATCH 487/494] Hold back grafana's major version bump --- helm-charts/support/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/support/Chart.yaml b/helm-charts/support/Chart.yaml index e32d789408..020d01ffff 100644 --- a/helm-charts/support/Chart.yaml +++ b/helm-charts/support/Chart.yaml @@ -21,7 +21,7 @@ dependencies: # Grafana for dashboarding of metrics. # https://github.com/grafana/helm-charts/tree/main/charts/grafana - name: grafana - version: 7.3.3 + version: 6.61.2 repository: https://grafana.github.io/helm-charts # ingress-nginx for a k8s Ingress resource controller that routes traffic from From fabe66edcce91a3d15a6df642ee748b47c72ed9d Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 1 Mar 2024 10:00:36 +0200 Subject: [PATCH 488/494] Move most of the binderhub-service config into the common basehub values.yaml --- .../2i2c/imagebuilding-demo.values.yaml | 30 ------------------- .../clusters/opensci/sciencecore.values.yaml | 28 ----------------- helm-charts/basehub/values.yaml | 30 +++++++++++++++++++ 3 files changed, 30 insertions(+), 58 deletions(-) diff --git a/config/clusters/2i2c/imagebuilding-demo.values.yaml b/config/clusters/2i2c/imagebuilding-demo.values.yaml index 19c42a9519..e6ac20b8e6 100644 --- a/config/clusters/2i2c/imagebuilding-demo.values.yaml +++ b/config/clusters/2i2c/imagebuilding-demo.values.yaml @@ -137,40 +137,10 @@ jupyterhub: setup_ui(c) binderhub-service: - nodeSelector: - hub.jupyter.org/node-purpose: core enabled: true - service: - port: 8090 - # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml - # will start a docker-api pod on a user node. - # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, - # that will be accessible via a unix socket, mounted by the build. - # The docker-api pod must run on the same node as the builder pods. - dockerApi: - nodeSelector: - hub.jupyter.org/node-purpose: user - tolerations: - # Tolerate tainted jupyterhub user nodes - - key: hub.jupyter.org_dedicated - value: user - effect: NoSchedule - - key: hub.jupyter.org/dedicated - value: user - effect: NoSchedule config: BinderHub: - base_url: /services/binder - use_registry: true - # Re-uses the registry created for the `binderhub-staging` hub - # but pushes images under a different prefix image_prefix: us-central1-docker.pkg.dev/two-eye-two-see/binder-staging-registry/binderhub-service- - KubernetesBuildExecutor: - # Get ourselves a newer repo2docker! - build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 - node_selector: - # Schedule builder pods to run on user nodes only - hub.jupyter.org/node-purpose: user # The password to the registry is stored encrypted in the hub's encrypted config file buildPodsRegistryCredentials: server: "https://us-central1-docker.pkg.dev" diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml index 93ababfe09..7b7422bb8c 100644 --- a/config/clusters/opensci/sciencecore.values.yaml +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -134,38 +134,10 @@ jupyterhub: setup_ui(c) binderhub-service: - nodeSelector: - hub.jupyter.org/node-purpose: core enabled: true - service: - port: 8090 - # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml - # will start a docker-api pod on a user node. - # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, - # that will be accessible via a unix socket, mounted by the build. - # The docker-api pod must run on the same node as the builder pods. - dockerApi: - nodeSelector: - hub.jupyter.org/node-purpose: user - tolerations: - # Tolerate tainted jupyterhub user nodes - - key: hub.jupyter.org_dedicated - value: user - effect: NoSchedule - - key: hub.jupyter.org/dedicated - value: user - effect: NoSchedule config: BinderHub: - base_url: /services/binder - use_registry: true image_prefix: quay.io/2i2c/opensci-sciencecore - KubernetesBuildExecutor: - # Get ourselves a newer repo2docker! - build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 - node_selector: - # Schedule builder pods to run on user nodes only - hub.jupyter.org/node-purpose: user # The password to the registry is stored encrypted in the hub's encrypted config file buildPodsRegistryCredentials: server: "https://quay.io" diff --git a/helm-charts/basehub/values.yaml b/helm-charts/basehub/values.yaml index dde5aa20ba..91fdff77f4 100644 --- a/helm-charts/basehub/values.yaml +++ b/helm-charts/basehub/values.yaml @@ -7,6 +7,36 @@ userServiceAccount: binderhub-service: enabled: false + nodeSelector: + hub.jupyter.org/node-purpose: core + service: + port: 8090 + # The DaemonSet at https://github.com/2i2c-org/binderhub-service/blob/main/binderhub-service/templates/docker-api/daemonset.yaml + # will start a docker-api pod on a user node. + # It starts the [dockerd](https://docs.docker.com/engine/reference/commandline/dockerd/) daemon, + # that will be accessible via a unix socket, mounted by the build. + # The docker-api pod must run on the same node as the builder pods. + dockerApi: + nodeSelector: + hub.jupyter.org/node-purpose: user + tolerations: + # Tolerate tainted jupyterhub user nodes + - key: hub.jupyter.org_dedicated + value: user + effect: NoSchedule + - key: hub.jupyter.org/dedicated + value: user + effect: NoSchedule + config: + BinderHub: + base_url: /services/binder + use_registry: true + KubernetesBuildExecutor: + # Get ourselves a newer repo2docker! + build_image: quay.io/jupyterhub/repo2docker:2023.06.0-8.gd414e99 + node_selector: + # Schedule builder pods to run on user nodes only + hub.jupyter.org/node-purpose: user ingressBasicAuth: enabled: false From fc78ba7428e4df93eefc08794a7a1cad3752d607 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 1 Mar 2024 11:21:14 +0200 Subject: [PATCH 489/494] Create a new quay org for the hub --- .../opensci/enc-sciencecore.secret.values.yaml | 10 +++++----- config/clusters/opensci/sciencecore.values.yaml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/clusters/opensci/enc-sciencecore.secret.values.yaml b/config/clusters/opensci/enc-sciencecore.secret.values.yaml index 94e3663e72..de65d96a18 100644 --- a/config/clusters/opensci/enc-sciencecore.secret.values.yaml +++ b/config/clusters/opensci/enc-sciencecore.secret.values.yaml @@ -1,12 +1,12 @@ binderhub-service: buildPodsRegistryCredentials: - password: ENC[AES256_GCM,data:+WZcWoVpAteJXujz9dAaEAv0tvLWgdgfEThAGDD4abuABmWoBVCBWzrmsaD1FX4OWrRRC5cPM+sBgqD/ICT4zw==,iv:OuvUqG1pf2RnAbrnVi/4fAna83t9nXM4WENMX22fluc=,tag:o6dTP6IM8h2GATDZvR45/A==,type:str] + password: ENC[AES256_GCM,data:8SoSbjJQoxjSvjiWMv2isnKD1tNWzQEijO7KGQG7L3VBFrqHTn00vE5k8kiiNfVDh1fcrnVMbTp4h414mTrtsg==,iv:s58wLbD13dRyYyg0RAKBjq4AuFNauU+MeTEP9fUYoZU=,tag:bHFEG8hRXmQ60XGe4G1n7A==,type:str] jupyterhub: imagePullSecret: create: ENC[AES256_GCM,data:aJ5t7w==,iv:mdiodKbsYFnfzFkwCBbgQ6B/myJcL/z1+f15vTgSQwQ=,tag:mmuYSMXreRi2O4nwAzaZsw==,type:bool] registry: ENC[AES256_GCM,data:iGtOHQXDhw==,iv:YXdzdemCE+6B5sA437zaUFKDhb2xj2X7gMZNzu3tTqM=,tag:Bqn2k57b6RYQJYB5v1Li2A==,type:str] - username: ENC[AES256_GCM,data:Tpi9Jr933Pdr30dJciikd5986k2qgWM+NR/uywFO25qFKYkWUTpEGpbT,iv:UQKLBLwKAqzlvBgj5QQvEwTT+M8NQ20YP1HuJ1JpNzo=,tag:PcNrqzCGRQetSslXb6IdfA==,type:str] - password: ENC[AES256_GCM,data:ykY706UePlnQ6L5swTY5e5/N1yk3Hpql8s2wy7MpYLugwmM4cr0VhKHbP1ZuL7uGrSIKYHXPQB0y7hfwgWsm9g==,iv:suZsgkz1dzBKp53XX+8QfzQ+fvWGnMIHEjIP+tVFERs=,tag:bNVbdkVD19YS5PxGMyBWfA==,type:str] + username: ENC[AES256_GCM,data:ii7f/N3KXNmkvv5Sh2wsPlqRRh0LHjjExQkm+kK+lRCVwe8FDNI=,iv:rqk6+iWqGYh/fgDPGqcRZ/fyRROM6a144PCrVWokm+o=,tag:9krQyW6n7QCiQ5vNM/wozQ==,type:str] + password: ENC[AES256_GCM,data:CjC/nUzk/7LH5oSA3cF4KRjmzLMa3QAIodKxAKTTB8ruEFHdQAUDCfm9m2zco4lLykwG6JX5JiWClI26C2O+wg==,iv:KzXdwlH0EeI79hgTEL0iRSsPxHeZTXusuRqQQe+YbG4=,tag:5xIfUhfUS2qUFLoiRYwTlw==,type:str] hub: config: GitHubOAuthenticator: @@ -21,8 +21,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-02-26T08:54:20Z" - mac: ENC[AES256_GCM,data:dFxtb2e64nSVwq310U8IyNs+PCFe4AxBLHAdlMZWtSS3alZIm79Kn/wPC6WJFX41ib+mVSGU8rPFDoqsM/pBv4Ol8Fjkz2zlvSYbYpT/DwZO7hsCR+hoUrdiGTPFx0+qd4efN+J7WZKBb3dTkxzVECgS37WJGR8tv2afBBHlhQM=,iv:gIVEDiNshqJNDg5Ktb4k9sZHPw+5k9ALR5TR2Xhuzqs=,tag:oGufX/5w/PqG1OWPZ6H+rw==,type:str] + lastmodified: "2024-03-01T09:20:50Z" + mac: ENC[AES256_GCM,data:/H85LAsXQBVCUly595+EGHmTN7jw8Mspsj1GFfyVBjUj/QYJResChPxuDfEf02PD+h0Va9UK0xQVBLVJFuO8nVKLY9WAGG5agAiTHYudhHGsPpzGSL5jkjDkQrqNhyAWunkh7euqbMIDKLU8Yn4LXVU1JaD6DrbNXQJcnJbAbAM=,iv:jDS6yvbuz57WixC/5qKrZztd0IXeLsAJXzYj8zsOBzI=,tag:O9JM6fBZuD8quswUFe7cJQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml index 7b7422bb8c..bf27e29861 100644 --- a/config/clusters/opensci/sciencecore.values.yaml +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -141,4 +141,4 @@ binderhub-service: # The password to the registry is stored encrypted in the hub's encrypted config file buildPodsRegistryCredentials: server: "https://quay.io" - username: "2i2c+opensci_sciencecore_binderhub_service" + username: "2i2c-opensci-sciencecore+image_manager" From 21c59f67f3160373401042035d0b7b4c51f0ba5d Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 1 Mar 2024 12:50:25 +0200 Subject: [PATCH 490/494] Update the image prefix name --- config/clusters/opensci/sciencecore.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml index bf27e29861..af5f003cb8 100644 --- a/config/clusters/opensci/sciencecore.values.yaml +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -137,7 +137,7 @@ binderhub-service: enabled: true config: BinderHub: - image_prefix: quay.io/2i2c/opensci-sciencecore + image_prefix: quay.io/2i2c-opensci-sciencecore # The password to the registry is stored encrypted in the hub's encrypted config file buildPodsRegistryCredentials: server: "https://quay.io" From 3b4d8b865f3f2a01f43756afb9dffea6724e468e Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Fri, 1 Mar 2024 13:34:15 +0200 Subject: [PATCH 491/494] Update the prefix --- config/clusters/opensci/sciencecore.values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/opensci/sciencecore.values.yaml b/config/clusters/opensci/sciencecore.values.yaml index af5f003cb8..60688b0691 100644 --- a/config/clusters/opensci/sciencecore.values.yaml +++ b/config/clusters/opensci/sciencecore.values.yaml @@ -137,7 +137,7 @@ binderhub-service: enabled: true config: BinderHub: - image_prefix: quay.io/2i2c-opensci-sciencecore + image_prefix: quay.io/2i2c-opensci-sciencecore/binderhub-service- # The password to the registry is stored encrypted in the hub's encrypted config file buildPodsRegistryCredentials: server: "https://quay.io" From 69bd7c89e22fe0bf8712f325262d3c31af5fe037 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Tue, 5 Mar 2024 12:19:36 +0200 Subject: [PATCH 492/494] Add comment about cluster being in the sso aws account Co-authored-by: Erik Sundell --- config/clusters/opensci/cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/clusters/opensci/cluster.yaml b/config/clusters/opensci/cluster.yaml index 3ba0308dcf..e1b7de05b8 100644 --- a/config/clusters/opensci/cluster.yaml +++ b/config/clusters/opensci/cluster.yaml @@ -1,5 +1,5 @@ name: opensci -provider: aws +provider: aws # https://2i2c.awsapps.com/start#/ aws: key: enc-deployer-credentials.secret.json clusterType: eks From dc29e643e1fb427c23fbcdec7a8ed805e7591772 Mon Sep 17 00:00:00 2001 From: Georgiana Date: Tue, 5 Mar 2024 12:20:49 +0200 Subject: [PATCH 493/494] Be explicit about nfs pv defaults Co-authored-by: Erik Sundell --- config/clusters/opensci/common.values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/clusters/opensci/common.values.yaml b/config/clusters/opensci/common.values.yaml index 9e58930e8e..5a18248077 100644 --- a/config/clusters/opensci/common.values.yaml +++ b/config/clusters/opensci/common.values.yaml @@ -1,5 +1,7 @@ nfs: + enabled: true pv: + enabled: true # from https://docs.aws.amazon.com/efs/latest/ug/mounting-fs-nfs-mount-settings.html mountOptions: - rsize=1048576 From 6fac980449f1c1f1e15897016a2330d3d191df9e Mon Sep 17 00:00:00 2001 From: Alex Mandel Date: Tue, 5 Mar 2024 10:35:04 -0800 Subject: [PATCH 494/494] feat: Add EIS-fire team to VEDA-Hub --- config/clusters/nasa-veda/common.values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/clusters/nasa-veda/common.values.yaml b/config/clusters/nasa-veda/common.values.yaml index 9ebc388e99..6127d8093c 100644 --- a/config/clusters/nasa-veda/common.values.yaml +++ b/config/clusters/nasa-veda/common.values.yaml @@ -47,6 +47,7 @@ basehub: - veda-analytics-access:collaborator-access - CYGNSS-VEDA:cygnss-iwg - veda-analytics-access:maap-biomass-team + - Earth-Information-System:eis-fire scope: - read:org Authenticator: